@kontext-dev/js-sdk 0.1.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/adapters/ai/index.cjs +135 -58
  2. package/dist/adapters/ai/index.cjs.map +1 -1
  3. package/dist/adapters/ai/index.js +135 -58
  4. package/dist/adapters/ai/index.js.map +1 -1
  5. package/dist/adapters/cloudflare/index.cjs +28 -70
  6. package/dist/adapters/cloudflare/index.cjs.map +1 -1
  7. package/dist/adapters/cloudflare/index.js +28 -70
  8. package/dist/adapters/cloudflare/index.js.map +1 -1
  9. package/dist/client/index.cjs +33 -9
  10. package/dist/client/index.cjs.map +1 -1
  11. package/dist/client/index.js +33 -9
  12. package/dist/client/index.js.map +1 -1
  13. package/dist/index.cjs +42 -9
  14. package/dist/index.cjs.map +1 -1
  15. package/dist/index.js +42 -9
  16. package/dist/index.js.map +1 -1
  17. package/dist/management/index.cjs.map +1 -1
  18. package/dist/management/index.d.cts +2 -2
  19. package/dist/management/index.d.ts +2 -2
  20. package/dist/management/index.js.map +1 -1
  21. package/dist/mcp/index.cjs +28 -8
  22. package/dist/mcp/index.cjs.map +1 -1
  23. package/dist/mcp/index.d.cts +5 -1
  24. package/dist/mcp/index.d.ts +5 -1
  25. package/dist/mcp/index.js +28 -8
  26. package/dist/mcp/index.js.map +1 -1
  27. package/dist/oauth/index.cjs.map +1 -1
  28. package/dist/oauth/index.d.cts +1 -1
  29. package/dist/oauth/index.d.ts +1 -1
  30. package/dist/oauth/index.js.map +1 -1
  31. package/dist/server/index.cjs +9 -0
  32. package/dist/server/index.cjs.map +1 -1
  33. package/dist/server/index.d.cts +1 -1
  34. package/dist/server/index.d.ts +1 -1
  35. package/dist/server/index.js +9 -0
  36. package/dist/server/index.js.map +1 -1
  37. package/dist/{types-CzhnlJHW.d.cts → types-C6ep5fVw.d.cts} +2 -0
  38. package/dist/{types-CzhnlJHW.d.ts → types-C6ep5fVw.d.ts} +2 -0
  39. package/package.json +1 -1
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/storage/memory.ts","../src/storage/types.ts","../src/errors.ts","../src/oauth/provider.ts","../src/mcp/client.ts","../src/client/tool-utils.ts","../src/client/orchestrator/internal/backends.ts","../src/client/orchestrator/internal/routes.ts","../src/client/orchestrator/internal/inventory.ts","../src/client/orchestrator/internal/policy.ts","../src/client/orchestrator/internal/state.ts","../src/client/orchestrator/token-manager.ts","../src/client/orchestrator/internal-client-registry.ts","../src/client/orchestrator/index.ts","../src/client/index.ts","../src/management/types.ts","../src/oauth/token-exchange.ts","../src/verify/errors.ts","../src/verify/jwks-client.ts","../src/verify/verifier.ts","../src/server/sessions.ts","../src/server/kontext.ts"],"names":["joseErrors","mcpHandler","issuer","sessionId","transport"],"mappings":";;;;;;;;;;;;;;AAWO,IAAM,gBAAN,MAA8C;AAAA,EAC3C,KAAA,uBAAY,GAAA,EAAqB;AAAA,EAEzC,MAAM,QAAW,GAAA,EAAqC;AACpD,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAChC,IAAA,IAAI,UAAU,MAAA,EAAW;AACvB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA;AAAA,EACzC;AAAA,EAEA,MAAM,OAAA,CAAW,GAAA,EAAa,KAAA,EAAqC;AACjE,IAAA,IAAI,UAAU,MAAA,EAAW;AACvB,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,IACvB,CAAA,MAAO;AAEL,MAAA,IAAA,CAAK,KAAA,CAAM,IAAI,GAAA,EAAK,IAAA,CAAK,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAC,CAAA;AAAA,IACvD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,MAAM,KAAA,EAAM;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,IAAA,GAAe;AACjB,IAAA,OAAO,KAAK,KAAA,CAAM,IAAA;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,GAAA,EAAsB;AACxB,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA,GAAiB;AACf,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,KAAA,CAAM,MAAM,CAAA;AAAA,EACrC;AACF,CAAA;;;AC/BO,SAAS,gBAAA,CACd,mBAAA,EACA,UAAA,EAAA,GACG,KAAA,EACK;AACR,EAAA,MAAM,SAAA,GAAY,aACd,CAAA,QAAA,EAAW,mBAAmB,IAAI,UAAU,CAAA,CAAA,GAC5C,WAAW,mBAAmB,CAAA,CAAA;AAClC,EAAA,OAAO,CAAC,SAAA,EAAW,GAAG,KAAK,CAAA,CAAE,KAAK,GAAG,CAAA;AACvC;AAKO,IAAM,WAAA,GAAc;AAAA;AAAA,EAEzB,MAAA,EAAQ,QAAA;AAAA,EACR,aAAA,EAAe,eAAA;AAAA,EACf,KAAA,EAAO,OAAA;AAAA,EACM;AAAA;AAAA,EAIb,eAAA,EAAiB,iBAAA;AAAA;AAAA,EAEjB,eAAA,EAAiB;AACnB,CAAA;AAcO,SAAS,iBAAiB,QAAA,EAA0B;AACzD,EAAA,OAAO,CAAA,EAAG,WAAA,CAAY,eAAe,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AACnD;;;ACxCO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA;AAAA,EAE7B,YAAA,GAAe,IAAA;AAAA;AAAA,EAGf,IAAA;AAAA;AAAA,EAGA,UAAA;AAAA;AAAA,EAGA,OAAA;AAAA;AAAA,EAGA,SAAA;AAAA;AAAA,EAGA,IAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,IAAA,EACA,OAAA,EAMA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,EAAE,KAAA,EAAO,OAAA,EAAS,OAAO,CAAA;AACxC,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,aAAa,OAAA,EAAS,UAAA;AAC3B,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,IAAA,GAAO,OAAA,EAAS,IAAA,IAAQ,EAAC;AAC9B,IAAA,IAAA,CAAK,OAAA,GAAU,mCAAmC,IAAI,CAAA,CAAA;AACtD,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,GAAA,CAAA,MAAA,CAAW,SAAS,CAAA;AAAA,EAClD;AAAA,EAEA,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM,OAAO,IAAA,CAAK,IAAA,CAAK,IAAI,CAAA,CAAE,MAAA,GAAS,CAAA,GAAI,IAAA,CAAK,IAAA,GAAO;AAAA,KACxD;AAAA,EACF;AAAA,EAES,QAAA,GAAmB;AAC1B,IAAA,MAAM,KAAA,GAAQ,CAAC,CAAA,CAAA,EAAI,IAAA,CAAK,IAAI,CAAA,EAAA,EAAK,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AAC/C,IAAA,IAAI,KAAK,OAAA,EAAS,KAAA,CAAM,KAAK,CAAA,MAAA,EAAS,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AACpD,IAAA,IAAI,KAAK,SAAA,EAAW,KAAA,CAAM,KAAK,CAAA,YAAA,EAAe,IAAA,CAAK,SAAS,CAAA,CAAE,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AAAA,EACxB;AACF;AAUO,SAAS,eAAe,GAAA,EAAmC;AAChE,EAAA,OACE,OAAO,GAAA,KAAQ,QAAA,IACf,GAAA,KAAQ,IAAA,IACP,IAAgC,YAAA,KAAiB,IAAA;AAEtD;AASO,IAAM,0BAAA,GAAN,cAAyC,YAAA,CAAa;AAAA,EAClD,gBAAA;AAAA,EAET,WAAA,CACE,OAAA,GAAU,8DAAA,EACV,OAAA,EAMA;AACA,IAAA,KAAA,CAAM,SAAS,gCAAA,EAAkC;AAAA,MAC/C,UAAA,EAAY,GAAA;AAAA,MACZ,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,4BAAA;AACZ,IAAA,IAAA,CAAK,mBAAmB,OAAA,EAAS,gBAAA;AAAA,EACnC;AACF;AAUO,IAAM,UAAA,GAAN,cAAyB,YAAA,CAAa;AAAA,EAClC,SAAA;AAAA,EACA,gBAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,IAAA,EACA,OAAA,EAQA;AACA,IAAA,KAAA,CAAM,SAAS,IAAA,EAAM;AAAA,MACnB,UAAA,EAAY,SAAS,UAAA,IAAc,GAAA;AAAA,MACnC,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,YAAA;AACZ,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,mBAAmB,OAAA,EAAS,gBAAA;AAAA,EACnC;AACF;AASO,IAAM,kCAAA,GAAN,cAAiD,YAAA,CAAa;AAAA,EAC1D,aAAA;AAAA,EACA,eAAA;AAAA,EACA,UAAA;AAAA,EAET,WAAA,CACE,eACA,OAAA,EAQA;AACA,IAAA,KAAA;AAAA,MACE,OAAA,EAAS,OAAA,IACP,CAAA,2BAAA,EAA8B,aAAa,CAAA,kDAAA,CAAA;AAAA,MAC7C,yCAAA;AAAA,MACA,EAAE,UAAA,EAAY,GAAA,EAAK,GAAG,OAAA;AAAQ,KAChC;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,oCAAA;AACZ,IAAA,IAAA,CAAK,aAAA,GAAgB,aAAA;AACrB,IAAA,IAAA,CAAK,kBAAkB,OAAA,EAAS,eAAA;AAChC,IAAA,IAAA,CAAK,aAAa,OAAA,EAAS,UAAA;AAAA,EAC7B;AACF;AAUO,IAAM,WAAA,GAAN,cAA0B,YAAA,CAAa;AAAA,EAC5C,WAAA,CACE,OAAA,EACA,IAAA,EACA,OAAA,EAIA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,MAAM,OAAO,CAAA;AAC5B,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AAAA,EACd;AACF;AASO,IAAM,YAAA,GAAN,cAA2B,YAAA,CAAa;AAAA,EAC7C,WAAA,CACE,OAAA,GAAU,iFAAA,EACV,OAAA,EAKA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,yBAAyB,OAAO,CAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AAAA,EACd;AACF;AAUO,IAAM,SAAA,GAAN,cAAwB,YAAA,CAAa;AAAA,EACjC,UAAA;AAAA,EACA,gBAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,IAAA,EACA,OAAA,EAQA;AACA,IAAA,KAAA,CAAM,SAAS,IAAA,EAAM;AAAA,MACnB,YAAY,OAAA,EAAS,UAAA;AAAA,MACrB,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AACZ,IAAA,IAAA,CAAK,aAAa,OAAA,EAAS,UAAA;AAC3B,IAAA,IAAA,CAAK,mBAAmB,OAAA,EAAS,gBAAA;AAAA,EACnC;AACF;AAYA,SAAS,WAAW,GAAA,EAAiC;AACnD,EAAA,OAAO,GAAA;AACT;AAEA,IAAM,mBAAA,uBAA0B,GAAA,CAAI;AAAA,EAClC,cAAA;AAAA,EACA,WAAA;AAAA,EACA,WAAA;AAAA,EACA,YAAA;AAAA,EACA,cAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF,CAAC,CAAA;AAMM,SAAS,eAAe,GAAA,EAAqB;AAClD,EAAA,IAAI,GAAA,CAAI,IAAA,KAAS,YAAA,EAAc,OAAO,IAAA;AAEtC,EAAA,MAAM,KAAA,GAAQ,WAAW,GAAG,CAAA;AAC5B,EAAA,MAAM,UAAU,KAAA,CAAM,IAAA;AACtB,EAAA,IAAI,OAAO,OAAA,KAAY,QAAA,IAAY,mBAAA,CAAoB,IAAI,OAAO,CAAA;AAChE,IAAA,OAAO,IAAA;AAIT,EAAA,IAAI,GAAA,CAAI,IAAA,KAAS,WAAA,IAAe,GAAA,CAAI,iBAAiB,KAAA,EAAO;AAC1D,IAAA,MAAM,SAAA,GAAY,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,CAAE,IAAA;AACxC,IAAA,IAAI,OAAO,SAAA,KAAc,QAAA,IAAY,mBAAA,CAAoB,IAAI,SAAS,CAAA;AACpE,MAAA,OAAO,IAAA;AAAA,EACX;AAEA,EAAA,OAAO,KAAA;AACT;AAMO,SAAS,oBAAoB,GAAA,EAAqB;AACvD,EAAA,MAAM,KAAA,GAAQ,WAAW,GAAG,CAAA;AAG5B,EAAA,IAAI,MAAM,UAAA,KAAe,GAAA,IAAO,KAAA,CAAM,MAAA,KAAW,KAAK,OAAO,IAAA;AAI7D,EAAA,IAAI,GAAA,CAAI,IAAA,KAAS,mBAAA,EAAqB,OAAO,IAAA;AAC7C,EAAA,IAAI,GAAA,CAAI,OAAA,KAAY,cAAA,EAAgB,OAAO,IAAA;AAE3C,EAAA,OAAO,KAAA;AACT;AAqBO,SAAS,cAAA,CACd,YACA,IAAA,EACc;AACd,EAAA,MAAM,OAAA,GACJ,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,IAAQ,SAAA,IAAa,IAAA,GACtD,MAAA,CAAQ,IAAA,CAA8B,OAAO,CAAA,GAC7C,QAAQ,UAAU,CAAA,CAAA;AAExB,EAAA,MAAM,SAAA,GACJ,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,IAAQ,MAAA,IAAU,IAAA,GACnD,MAAA,CAAQ,IAAA,CAA2B,IAAI,CAAA,GACvC,MAAA;AAEN,EAAA,QAAQ,UAAA;AAAY,IAClB,KAAK,GAAA;AACH,MAAA,IACE,OAAO,IAAA,KAAS,QAAA,IAChB,IAAA,KAAS,IAAA,IACT,QAAA,IAAY,IAAA,IACZ,KAAA,CAAM,OAAA,CAAS,IAAA,CAA6B,MAAM,CAAA,EAClD;AACA,QAAA,OAAO,IAAI,SAAA,CAAU,OAAA,EAAS,0BAAA,EAA4B;AAAA,UACxD,UAAA,EAAY,GAAA;AAAA,UACZ,kBACE,IAAA,CACA;AAAA,SACH,CAAA;AAAA,MACH;AACA,MAAA,OAAO,IAAI,YAAA,CAAa,OAAA,EAAS,SAAA,IAAa,qBAAA,EAAuB;AAAA,QACnE,UAAA,EAAY;AAAA,OACb,CAAA;AAAA,IAEH,KAAK,GAAA;AACH,MAAA,OAAO,IAAI,2BAA2B,OAAO,CAAA;AAAA,IAE/C,KAAK,GAAA;AACH,MAAA,IAAI,cAAc,iCAAA,EAAmC;AACnD,QAAA,MAAM,OAAA,GAAU,IAAA;AAKhB,QAAA,OAAO,IAAI,kCAAA;AAAA,UACT,QAAQ,aAAA,IAAiB,SAAA;AAAA,UACzB;AAAA,YACE,iBAAiB,OAAA,CAAQ,eAAA;AAAA,YACzB,YAAY,OAAA,CAAQ,UAAA;AAAA,YACpB;AAAA;AACF,SACF;AAAA,MACF;AACA,MAAA,OAAO,IAAI,SAAA,CAAU,OAAA,EAAS,uBAAA,EAAyB;AAAA,QACrD,UAAA,EAAY,GAAA;AAAA,QACZ,IAAA,EAAM,EAAE,MAAA,EAAS,IAAA,EAAkC,MAAA;AAAO,OAC3D,CAAA;AAAA,IAEH,KAAK,GAAA;AACH,MAAA,OAAO,IAAI,SAAA,CAAU,OAAA,EAAS,qBAAqB,EAAE,UAAA,EAAY,KAAK,CAAA;AAAA,IAExE,KAAK,GAAA,EAAK;AACR,MAAA,MAAM,UAAA,GACJ,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,IAAQ,YAAA,IAAgB,IAAA,GACzD,MAAA,CAAQ,IAAA,CAAiC,UAAU,CAAA,GACnD,MAAA;AACN,MAAA,OAAO,IAAI,SAAA;AAAA,QACT,UAAA,GACI,CAAA,iCAAA,EAAoC,UAAU,CAAA,SAAA,CAAA,GAC9C,sCAAA;AAAA,QACJ,sBAAA;AAAA,QACA,EAAE,UAAA,EAAY,GAAA,EAAK,UAAA;AAAW,OAChC;AAAA,IACF;AAAA,IAEA;AACE,MAAA,IAAI,cAAc,GAAA,EAAK;AACrB,QAAA,OAAO,IAAI,SAAA;AAAA,UACT,CAAA,mBAAA,EAAsB,UAAU,CAAA,GAAA,EAAM,OAAO,CAAA,CAAA;AAAA,UAC7C,sBAAA;AAAA,UACA,EAAE,UAAA;AAAW,SACf;AAAA,MACF;AACA,MAAA,OAAO,IAAI,YAAA,CAAa,OAAA,EAAS,SAAA,IAAa,uBAAA,EAAyB;AAAA,QACrE;AAAA,OACD,CAAA;AAAA;AAEP;;;ACnXO,IAAM,uBAAN,MAA0D;AAAA,EAC9C,MAAA;AAAA,EACA,aAAA;AAAA,EACT,YAAA,GAA8B,IAAA;AAAA,EACrB,iBAAiB,EAAA,GAAK,GAAA;AAAA,EAEvC,YAAY,MAAA,EAAoC;AAC9C,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,aAAA,GAAgB,gBAAA,CAAiB,MAAA,CAAO,QAAA,EAAU,OAAO,UAAU,CAAA;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,WAAA,GAA4B;AAC9B,IAAA,OAAO,KAAK,MAAA,CAAO,WAAA;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,cAAA,GAAsC;AACxC,IAAA,OAAO;AAAA,MACL,aAAA,EAAe,CAAC,IAAA,CAAK,MAAA,CAAO,WAAW,CAAA;AAAA,MACvC,WAAA,EAAa,KAAK,MAAA,CAAO,UAAA;AAAA,MACzB,WAAA,EAAa,CAAC,oBAAA,EAAsB,eAAe,CAAA;AAAA,MACnD,cAAA,EAAgB,CAAC,MAAM,CAAA;AAAA,MACvB,0BAAA,EAA4B;AAAA;AAAA,KAC9B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAgB;AAEd,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,IAAA,IAAI,UAAA,CAAW,QAAQ,eAAA,EAAiB;AACtC,MAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAAA,IACzC,CAAA,MAAO;AACL,MAAA,KAAA,CAAM,GAAA,CAAI,WAAA,CAAY,EAAE,CAAC,CAAA;AAAA,IAC3B;AACA,IAAA,MAAM,QAAQ,KAAA,CAAM,IAAA;AAAA,MAAK,KAAA;AAAA,MAAO,CAAC,SAC/B,IAAA,CAAK,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG;AAAA,KACnC,CAAE,KAAK,EAAE,CAAA;AACT,IAAA,IAAA,CAAK,YAAA,GAAe,KAAA;AACpB,IAAA,KAAK,IAAA,CAAK,OAAO,OAAA,CAAQ,OAAA;AAAA,MACvB,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,KAAK,CAAA;AAAA,MACpC;AAAA,KACF;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,iBAAA,GAAsE;AAC1E,IAAA,OAAO;AAAA,MACL,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAA,GAA2C;AAC/C,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAqB,GAAG,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,MAAA,EAAoC;AACnD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AACjD,IAAA,MAAM,IAAA,CAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,IAAA,CAAK,YAAA,CAAa,MAAM,CAAC,CAAA;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,wBAAwB,gBAAA,EAAsC;AAClE,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,yBAAA,CAA0B,gBAAgB,CAAA;AAAA,EAC9D;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,YAAA,EAAqC;AAC1D,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,aAAa,CAAA;AACxD,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,YAAY,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,GAAgC;AACpC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,aAAa,CAAA;AACxD,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,QAAgB,GAAG,CAAA;AAC9D,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,wHAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,sBACJ,KAAA,EACe;AACf,IAAA,IAAI,KAAA,KAAU,KAAA,IAAS,KAAA,KAAU,QAAA,EAAU;AACzC,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AACvD,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,MAAS,CAAA;AACtD,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,eAAe,CAAA;AAClE,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,aAAa,MAAS,CAAA;AAAA,IAC1D;AACA,IAAA,IAAI,KAAA,KAAU,KAAA,IAAS,KAAA,KAAU,UAAA,EAAY;AAC3C,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,aAAa,CAAA;AAChE,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,aAAa,MAAS,CAAA;AAAA,IAC1D;AACA,IAAA,IAAI,UAAU,KAAA,EAAO;AACnB,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AACpB,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,KAAK,CAAA;AACrD,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,UAAU,MAAS,CAAA;AAAA,IACvD;AAAA,EAEF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QAAA,GAA0B;AAC9B,IAAA,MAAM,IAAA,CAAK,sBAAsB,KAAK,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAA,GAAmC;AACvC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,MAAA,EAAO;AACvC,IAAA,OAAO,IAAA,CAAK,aAAa,YAAY,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,mBAAmB,MAAA,EAAoC;AAC3D,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,eAAe,CAAA;AAC1D,IAAA,MAAM,IAAA,CAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,IAAA,CAAK,YAAA,CAAa,MAAM,CAAC,CAAA;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,cAAA,GAAmD;AACvD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,eAAe,CAAA;AAC1D,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAqB,GAAG,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,kBAAA,CACJ,QAAA,EACA,MAAA,EACe;AACf,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,gBAAA,CAAiB,QAAQ,CAAC,CAAA;AACzD,IAAA,MAAM,IAAA,CAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,IAAA,CAAK,YAAA,CAAa,MAAM,CAAC,CAAA;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,eAAe,QAAA,EAAoD;AACvE,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,gBAAA,CAAiB,QAAQ,CAAC,CAAA;AACzD,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAqB,GAAG,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,QAAA,EAAiC;AACzD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,gBAAA,CAAiB,QAAQ,CAAC,CAAA;AACzD,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAS,CAAA;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,sBAAA,GAA2C;AAC/C,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,cAAA,EAAe;AACzC,IAAA,OAAO,IAAA,CAAK,aAAa,MAAM,CAAA;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,uBAAuB,QAAA,EAAoC;AAC/D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,cAAA,CAAe,QAAQ,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,aAAa,MAAM,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,cAAc,KAAA,EAAkC;AACpD,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,KAAK,CAAA;AAChD,IAAA,MAAM,WAAA,GACJ,KAAK,YAAA,IAAiB,MAAM,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAgB,GAAG,CAAA;AACrE,IAAA,MAAM,UAAU,WAAA,KAAgB,KAAA;AAEhC,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AACpB,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAS,CAAA;AAAA,IAClD;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEQ,aACN,MAAA,EACsC;AACtC,IAAA,IAAI,CAAC,OAAO,UAAA,EAAY;AACtB,MAAA,OAAO,MAAA;AAAA,IACT;AACA,IAAA,OAAO,EAAE,GAAG,MAAA,EAAQ,SAAA,EAAW,IAAA,CAAK,KAAI,EAAE;AAAA,EAC5C;AAAA,EAEQ,aAAa,MAAA,EAA+B;AAClD,IAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,CAAC,OAAO,UAAA,EAAY;AACtB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,MAAM,WAAY,MAAA,CAAgD,SAAA;AAClE,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,MAAM,SAAA,GAAY,QAAA,GAAW,MAAA,CAAO,UAAA,GAAa,GAAA;AACjD,IAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,GAAY,IAAA,CAAK,cAAA;AAAA,EACvC;AAAA,EAEQ,cAAc,GAAA,EAAqB;AACzC,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,aAAa,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA;AAAA,EACrC;AACF,CAAA;AAQO,SAAS,mBAAmB,WAAA,EAKjC;AACA,EAAA,MAAM,MACJ,OAAO,WAAA,KAAgB,WAAW,IAAI,GAAA,CAAI,WAAW,CAAA,GAAI,WAAA;AAC3D,EAAA,MAAM,SAAS,GAAA,CAAI,YAAA;AAEnB,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AAChC,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,gBAAA,EAAkB,MAAA,CAAO,GAAA,CAAI,mBAAmB,CAAA,IAAK;AAAA,KACvD;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA,IAAK,MAAA;AAAA,IAC5B,KAAA,EAAO,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,IAAK;AAAA,GAChC;AACF;;;ACpUA,IAAM,cAAA,GAAiB,yBAAA;AAEhB,SAAS,0BAA0B,MAAA,EAAwB;AAChE,EAAA,IAAI,GAAA,GAAM,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAIlC,EAAA,GAAA,GAAM,IAAI,OAAA,CAAQ,eAAA,EAAiB,EAAE,CAAA,CAAE,OAAA,CAAQ,aAAa,EAAE,CAAA;AAC9D,EAAA,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAE3B,EAAA,OAAO,GAAA;AACT;AA6GO,IAAM,aAAN,MAAiB;AAAA,EACL,MAAA;AAAA,EACA,OAAA;AAAA,EACA,aAAA;AAAA,EACT,SAAA,GAAkD,IAAA;AAAA,EAClD,MAAA,GAAwB,IAAA;AAAA,EACxB,YAAA,GAAe,KAAA;AAAA,EACf,eAAA,GAAwC,IAAA;AAAA,EACxC,gBAAA,GAAyC,IAAA;AAAA,EACzC,gBAAA,GAAwC,IAAA;AAAA,EAEhD,YAAY,MAAA,EAA0B;AACpC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,MAAA,CAAO,OAAA,IAAW,IAAI,aAAA,EAAc;AAEnD,IAAA,IAAA,CAAK,aAAA,GAAgB,IAAI,oBAAA,CAAqB;AAAA,MAC5C,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,UAAA,EAAY,OAAO,UAAA,IAAc,SAAA;AAAA,MACjC,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,yBAAA,EAA2B,OAAO,GAAA,KAAQ;AAExC,QAAA,IAAA,CAAK,gBAAA,GAAmB,IAAI,OAAA,CAAc,CAAC,OAAA,KAAY;AACrD,UAAA,IAAA,CAAK,gBAAA,GAAmB,OAAA;AAAA,QAC1B,CAAC,CAAA;AAGD,QAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AAC9C,QAAA,IAAI,MAAA,EAAQ;AAEV,UAAA,MAAM,IAAA,CAAK,eAAe,MAAM,CAAA;AAAA,QAClC;AAAA,MAEF;AAAA,KACD,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,WAAA,GAAuB;AACzB,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,SAAA,GAA2B;AAC7B,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,SAAA,GAAgC;AAClC,IAAA,OAAO,KAAK,SAAA,EAAW,SAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAY,SAAA,GAAoB;AAC9B,IAAA,OAAO,yBAAA,CAA0B,IAAA,CAAK,MAAA,CAAO,MAAA,IAAU,cAAc,CAAA;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAY,cAAA,GAAyB;AACnC,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,IAAO,CAAA,EAAG,KAAK,SAAS,CAAA,IAAA,CAAA;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,SAAA,GAA6B;AACjC,IAAA,MAAM,KAAK,eAAA,EAAgB;AAC3B,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,MAAA,CAAQ,SAAA,EAAU;AAC9C,IAAA,OAAO,QAAA,CAAS,KAAA;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAA,CACJ,IAAA,EACA,IAAA,EACyB;AACzB,IAAA,MAAM,KAAK,eAAA,EAAgB;AAC3B,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAQ,QAAA,CAAS;AAAA,QACzC,IAAA;AAAA,QACA,SAAA,EAAW;AAAA,OACZ,CAAA;AACD,MAAA,OAAO,MAAA;AAAA,IACT,SAAS,KAAA,EAAO;AAEd,MAAA,IACE,KAAA,YAAiB,2BAAA,IACjB,IAAA,CAAK,MAAA,CAAO,gBAAA,EACZ;AACA,QAAA,KAAA,MAAW,WAAA,IAAe,MAAM,YAAA,EAAc;AAC5C,UAAA,MAAM,IAAA,CAAK,OAAO,gBAAA,CAAiB;AAAA,YACjC,KAAK,WAAA,CAAY,GAAA;AAAA,YACjB,OAAA,EAAS,YAAY,OAAA,IAAW,iBAAA;AAAA,YAChC,aAAA,EAAe,YAAY,aAAA,IAAiB,EAAA;AAAA,YAC5C,eAAgB,WAAA,CACb,aAAA;AAAA,YACH,iBAAkB,WAAA,CACf;AAAA,WACJ,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,oBAAA,GAIH;AACD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,aAAA,CAAc,MAAA,EAAO;AAC/C,IAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,oBAAA,CAAA,EAAwB;AAAA,MACpE,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,CAAA,OAAA,EAAU,MAAA,CAAO,YAAY,CAAA,CAAA;AAAA,QAC5C,cAAA,EAAgB;AAAA;AAClB,KACD,CAAA;AAED,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,CAAA,uCAAA,EAA0C,SAAS,MAAM,CAAA,CAAA;AAAA,QACzD,gCAAA;AAAA,QACA,EAAE,UAAA,EAAY,QAAA,CAAS,MAAA;AAAO,OAChC;AAAA,IACF;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAK9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,uBAAA,GAA+D;AACnE,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,aAAA,CAAc,MAAA,EAAO;AAC/C,IAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,iBAAA,CAAA,EAAqB;AAAA,MACjE,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,CAAA,OAAA,EAAU,MAAA,CAAO,YAAY,CAAA;AAAA;AAC9C,KACD,CAAA;AAED,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,CAAA,0CAAA,EAA6C,SAAS,MAAM,CAAA,CAAA;AAAA,QAC5D,qCAAA;AAAA,QACA,EAAE,UAAA,EAAY,QAAA,CAAS,MAAA;AAAO,OAChC;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AAGrC,IAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,OAAA,EAAS,KAAK,CAAA,GAAI,OAAA,CAAQ,QAAQ,EAAC;AAE/D,IAAA,OAAO,KAAA,CACJ,GAAA,CAAI,CAAC,IAAA,KAA0C;AAC9C,MAAA,MAAM,KAAK,OAAO,IAAA,CAAK,EAAA,KAAO,QAAA,GAAW,KAAK,EAAA,GAAK,EAAA;AACnD,MAAA,MAAM,OAAO,OAAO,IAAA,CAAK,IAAA,KAAS,QAAA,GAAW,KAAK,IAAA,GAAO,EAAA;AACzD,MAAA,MAAM,MAAM,OAAO,IAAA,CAAK,GAAA,KAAQ,QAAA,GAAW,KAAK,GAAA,GAAM,EAAA;AACtD,MAAA,IAAI,CAAC,EAAA,IAAM,CAAC,GAAA,EAAK,OAAO,IAAA;AAExB,MAAA,MAAM,QAAA,GACJ,IAAA,CAAK,QAAA,KAAa,0BAAA,GACd,0BAAA,GACA,oBAAA;AACN,MAAA,MAAM,cACJ,IAAA,CAAK,WAAA,KAAgB,iBACrB,IAAA,CAAK,WAAA,KAAgB,WACrB,IAAA,CAAK,WAAA,KAAgB,MAAA,GACjB,IAAA,CAAK,cACL,QAAA,KAAa,0BAAA,GACX,gBACA,IAAA,CAAK,QAAA,KAAa,UAChB,OAAA,GACA,MAAA;AAEV,MAAA,MAAM,aAAA,GACJ,KAAK,UAAA,IAAc,OAAO,KAAK,UAAA,KAAe,QAAA,GACzC,KAAK,UAAA,GACN,MAAA;AACN,MAAA,MAAM,YACJ,aAAA,IAAiB,OAAO,cAAc,SAAA,KAAc,SAAA,GAChD,cAAc,SAAA,GACd,KAAA;AACN,MAAA,MAAM,MAAA,GACJ,aAAA,EAAe,MAAA,KAAW,WAAA,GAAc,WAAA,GAAc,cAAA;AAExD,MAAA,OAAO;AAAA,QACL,EAAA;AAAA,QACA,IAAA;AAAA,QACA,GAAA;AAAA,QACA,QAAA;AAAA,QACA,WAAA;AAAA,QACA,QAAA,EACE,IAAA,CAAK,QAAA,KAAa,OAAA,IAClB,KAAK,QAAA,KAAa,YAAA,IAClB,IAAA,CAAK,QAAA,KAAa,cAAA,IAClB,IAAA,CAAK,QAAA,KAAa,MAAA,GACd,KAAK,QAAA,GACL,MAAA;AAAA,QACN,kBAAkB,IAAA,CAAK,gBAAA;AAAA,QACvB,eACE,OAAO,IAAA,CAAK,aAAA,KAAkB,SAAA,GAC1B,KAAK,aAAA,GACL,MAAA;AAAA,QACN,YAAY,aAAA,GACR;AAAA,UACE,SAAA;AAAA,UACA,MAAA;AAAA,UACA,WACE,OAAO,aAAA,CAAc,SAAA,KAAc,QAAA,GAC/B,cAAc,SAAA,GACd,MAAA;AAAA,UACN,aACE,OAAO,aAAA,CAAc,WAAA,KAAgB,QAAA,GACjC,cAAc,WAAA,GACd;AAAA,SACR,GACA;AAAA,OACN;AAAA,IACF,CAAC,CAAA,CACA,MAAA,CAAO,CAAC,IAAA,KAA2C,SAAS,IAAI,CAAA;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,eAAe,WAAA,EAA0C;AAC7D,IAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAO,OAAO,gBAAA,EAAiB,GAC3C,mBAAmB,WAAW,CAAA;AAEhC,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,IAAA,CAAK,gBAAA,IAAmB;AACxB,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AACxB,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR,gBAAA,IAAoB,gBAAgB,KAAK,CAAA;AAAA,OAC3C;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,aAAA,CAAc,cAAc,KAAK,CAAA;AACjE,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,IAAA,CAAK,gBAAA,IAAmB;AACxB,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AACxB,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,iGAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,IAAA,CAAK,gBAAA,IAAmB;AACxB,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AACxB,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI;AAEF,MAAA,IAAI,CAAC,KAAK,SAAA,EAAW;AACnB,QAAA,IAAA,CAAK,YAAY,IAAI,6BAAA;AAAA,UACnB,IAAI,GAAA,CAAI,IAAA,CAAK,cAAc,CAAA;AAAA,UAC3B;AAAA,YACE,cAAc,IAAA,CAAK;AAAA;AACrB,SACF;AAAA,MACF;AAGA,MAAA,MAAM,IAAA,CAAK,SAAA,CAAU,UAAA,CAAW,IAAI,CAAA;AAKpC,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,aAAA,CAAc,MAAA,EAAO;AAC/C,MAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,QAAA,MAAM,IAAI,2BAA2B,yBAAyB,CAAA;AAAA,MAChE;AAEA,MAAA,MAAM,IAAA,CAAK,aAAA,CAAc,UAAA,CAAW,MAAM,CAAA;AAAA,IAC5C,CAAA,SAAE;AAEA,MAAA,IAAA,CAAK,gBAAA,IAAmB;AACxB,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AAAA,IAC1B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,GAA4B;AAChC,IAAA,IAAI;AACF,MAAA,IAAI,KAAK,SAAA,EAAW;AAClB,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,CAAK,UAAU,gBAAA,EAAiB;AAAA,QACxC,CAAA,CAAA,MAAQ;AAAA,QAER;AACA,QAAA,MAAM,IAAA,CAAK,UAAU,KAAA,EAAM;AAAA,MAC7B;AAAA,IACF,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,SAAA,GAAY,IAAA;AACjB,MAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,MAAA,IAAA,CAAK,YAAA,GAAe,KAAA;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAA,GAA2B;AAC/B,IAAA,MAAM,IAAA,CAAK,cAAc,QAAA,EAAS;AAClC,IAAA,MAAM,KAAK,UAAA,EAAW;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,WAAW,GAAA,EAA4B;AACrC,IAAA,MAAM,SAAS,OAAO,GAAA,KAAQ,WAAW,IAAI,GAAA,CAAI,GAAG,CAAA,GAAI,GAAA;AACxD,IAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,WAAW,CAAA;AACnD,IAAA,OACE,MAAA,CAAO,QAAA,KAAa,WAAA,CAAY,QAAA,KAC/B,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA,IAAK,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA,CAAA;AAAA,EAEvE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,eAAA,GAAiC;AAC7C,IAAA,IAAI,IAAA,CAAK,YAAA,IAAgB,IAAA,CAAK,MAAA,EAAQ;AACpC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,MAAM,IAAA,CAAK,eAAA;AACX,MAAA;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,eAAA,GAAkB,KAAK,SAAA,EAAU;AACtC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,eAAA;AAAA,IACb,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AAAA,IACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,SAAA,CAAU,cAAA,GAAiB,CAAA,EAAkB;AAKzD,IAAA,IAAI,CAAC,KAAK,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAI,6BAAA;AAAA,QACnB,IAAI,GAAA,CAAI,IAAA,CAAK,cAAc,CAAA;AAAA,QAC3B;AAAA,UACE,cAAc,IAAA,CAAK;AAAA;AACrB,OACF;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAwD;AAAA,MAC5D,OAAO;AAAC,KACV;AACA,IAAA,IAAI,IAAA,CAAK,OAAO,gBAAA,EAAkB;AAChC,MAAA,YAAA,CAAa,WAAA,GAAc,EAAE,GAAA,EAAK,EAAC,EAAE;AAAA,IACvC;AAEA,IAAA,IAAA,CAAK,SAAS,IAAI,MAAA;AAAA,MAChB;AAAA,QACE,IAAA,EAAM,IAAA,CAAK,MAAA,CAAO,UAAA,IAAc,aAAA;AAAA,QAChC,OAAA,EAAS,IAAA,CAAK,MAAA,CAAO,aAAA,IAAiB;AAAA,OACxC;AAAA,MACA,EAAE,YAAA;AAAa,KACjB;AAGA,IAAA,IAAI,IAAA,CAAK,OAAO,gBAAA,EAAkB;AAChC,MAAA,MAAM,gBAAA,GAAmB,KAAK,MAAA,CAAO,gBAAA;AAGrC,MAAA,IAAA,CAAK,MAAA,CAAO,iBAAA,CAAkB,mBAAA,EAAqB,OAAO,OAAA,KAAY;AACpE,QAAA,MAAM,SAAS,OAAA,CAAQ,MAAA;AACvB,QAAA,IAAI,MAAA,CAAO,IAAA,KAAS,KAAA,IAAS,KAAA,IAAS,MAAA,EAAQ;AAC5C,UAAA,MAAM,gBAAA,CAAiB;AAAA,YACrB,KAAK,MAAA,CAAO,GAAA;AAAA,YACZ,OAAA,EAAS,OAAO,OAAA,IAAW,iBAAA;AAAA,YAC3B,aAAA,EAAe,OAAO,aAAA,IAAiB,EAAA;AAAA,YACvC,eAAgB,MAAA,CAAmC,aAAA;AAAA,YAGnD,iBAAkB,MAAA,CACf;AAAA,WACJ,CAAA;AAAA,QACH;AACA,QAAA,OAAO,EAAE,QAAQ,QAAA,EAAkB;AAAA,MACrC,CAAC,CAAA;AAGD,MAAA,IAAA,CAAK,MAAA,CAAO,sBAAA;AAAA,QACV,qCAAA;AAAA,QACA,MAAM;AAAA,QAGN;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA;AACxC,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AAAA,IACtB,SAAS,KAAA,EAAO;AAEd,MAAA,IAAI,KAAA,YAAiB,KAAA,IAAS,mBAAA,CAAoB,KAAK,CAAA,EAAG;AACxD,QAAA,IAAI,KAAK,gBAAA,EAAkB;AAEzB,UAAA,MAAM,IAAA,CAAK,gBAAA;AACX,UAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AAIxB,UAAA,IAAA,CAAK,SAAA,GAAY,IAAA;AACjB,UAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AAEd,UAAA,IAAI,kBAAkB,CAAA,EAAG;AACvB,YAAA,MAAM,IAAI,0BAAA;AAAA,cACR,sIAAA;AAAA,cACA,EAAE,OAAO,KAAA;AAAM,aACjB;AAAA,UACF;AAGA,UAAA,OAAO,IAAA,CAAK,SAAA,CAAU,cAAA,GAAiB,CAAC,CAAA;AAAA,QAC1C;AAGA,QAAA,IAAA,CAAK,SAAA,GAAY,IAAA;AACjB,QAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,QAAA,MAAM,IAAI,0BAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAGA,MAAA,IAAA,CAAK,SAAA,GAAY,IAAA;AACjB,MAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,MAAA,IAAI,KAAA,YAAiB,cAAc,MAAM,KAAA;AACzC,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,CAAA,mCAAA,EAAsC,IAAA,CAAK,cAAc,CAAA,EAAA,EAAK,KAAA,YAAiB,QAAQ,KAAA,CAAM,OAAA,GAAU,MAAA,CAAO,KAAK,CAAC,CAAA,CAAA;AAAA,QACpH,+BAAA;AAAA,QACA,EAAE,OAAO,KAAA;AAAM,OACjB;AAAA,IACF;AAAA,EACF;AACF,CAAA;;;AChiBO,SAAS,sBAAA,CACd,KAAA,EACA,MAAA,EACA,YAAA,EAKqB;AACrB,EAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,EAAA,MAAM,SAA8B,EAAC;AAErC,EAAA,KAAA,MAAW,KAAK,KAAA,EAAO;AACrB,IAAA,MAAM,GAAA,GAAM,EAAE,MAAA,EAAQ,EAAA;AACtB,IAAA,IAAI,GAAA,IAAO,CAAC,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA,EAAG;AACzB,MAAA,IAAA,CAAK,IAAI,GAAG,CAAA;AACZ,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,EAAA,EAAI,GAAA;AAAA,QACJ,IAAA,EAAM,CAAA,CAAE,MAAA,EAAQ,IAAA,IAAQ,GAAA;AAAA,QACxB,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,KAAK,MAAA,EAAQ;AACtB,IAAA,IAAI,CAAC,IAAA,CAAK,GAAA,CAAI,CAAA,CAAE,QAAQ,CAAA,EAAG;AACzB,MAAA,IAAA,CAAK,GAAA,CAAI,EAAE,QAAQ,CAAA;AACnB,MAAA,MAAM,cAAc,YAAA,EAAc,IAAA;AAAA,QAChC,CAAC,EAAA,KAAO,EAAA,CAAG,aAAA,KAAkB,CAAA,CAAE;AAAA,OACjC;AACA,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAI,CAAA,CAAE,QAAA;AAAA,QACN,IAAA,EAAM,CAAA,CAAE,UAAA,IAAc,CAAA,CAAE,QAAA;AAAA,QACxB,SAAA,EAAW,KAAA;AAAA,QACX,YAAY,WAAA,EAAa;AAAA,OAC1B,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;;;AC5LO,SAAS,gBAAA,GAA8B;AAC5C,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,kBAAkB,aAAA,EAA+B;AAC/D,EAAA,OAAO,YAAY,aAAa,CAAA,CAAA;AAClC;AAEO,SAAS,sBACd,WAAA,EACS;AACT,EAAA,OAAO,YAAY,QAAA,KAAa,0BAAA;AAClC;AAEO,SAAS,yBACd,YAAA,EAC4B;AAC5B,EAAA,OAAO,YAAA,CACJ,MAAA,CAAO,qBAAqB,CAAA,CAC5B,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,EAAA,CAAG,aAAA,CAAc,CAAA,CAAE,EAAE,CAAC,CAAA;AAC5C;AAEO,SAAS,qBAAqB,MAAA,EAAuC;AAC1E,EAAA,OAAO;AAAA,IACL,WAAW,gBAAA,EAAiB;AAAA,IAC5B,MAAA,EAAQ,SAAA;AAAA,IACR;AAAA,GACF;AACF;AAEO,SAAS,sBAAsB,KAAA,EAGnB;AACjB,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,iBAAA,CAAkB,KAAA,CAAM,WAAA,CAAY,EAAE,CAAA;AAAA,IACjD,MAAA,EAAQ,UAAA;AAAA,IACR,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,aAAA,EAAe,MAAM,WAAA,CAAY,EAAA;AAAA,IACjC,eAAA,EAAiB,MAAM,WAAA,CAAY;AAAA,GACrC;AACF;;;ACzBO,SAAS,2BAAA,GAAsD;AACpE,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,CAAA;AAAA,IACT,OAAO,EAAC;AAAA,IACR,MAAA,sBAAY,GAAA,EAAI;AAAA,IAChB,WAAW;AAAC,GACd;AACF;AAEO,SAAS,mBAAA,CACd,OAAA,EACA,UAAA,EACA,OAAA,EAMwB;AACxB,EAAA,MAAM,QAAuB,EAAC;AAC9B,EAAA,MAAM,MAAA,uBAAa,GAAA,EAA6B;AAChD,EAAA,MAAM,YAAmC,EAAC;AAE1C,EAAA,KAAA,MAAW,aAAa,UAAA,EAAY;AAClC,IAAA,MAAM,MAAA,GAAS,UAAU,KAAA,CAAM,MAAA;AAC/B,IAAA,IAAI,CAAC,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA,EAAG;AACvB,MAAA,MAAA,CAAO,GAAA,CAAI,MAAA,EAAQ,SAAA,CAAU,KAAK,CAAA;AAClC,MAAA,KAAA,CAAM,IAAA,CAAK,UAAU,IAAI,CAAA;AACzB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA;AAClC,IAAA,MAAM,WACJ,OAAA,EAAS,UAAA,GAAa,QAAA,EAAU,SAAA,CAAU,KAAK,CAAA,IAAK,eAAA;AAEtD,IAAA,IAAI,IAAA,GAAO,QAAA;AACX,IAAA,IAAI,UAAU,SAAA,CAAU,KAAA;AACxB,IAAA,IAAI,aAAa,kBAAA,EAAoB;AACnC,MAAA,MAAM,cAAc,KAAA,CAAM,SAAA,CAAU,CAAC,IAAA,KAAS,IAAA,CAAK,OAAO,MAAM,CAAA;AAChE,MAAA,IAAI,eAAe,CAAA,EAAG;AACpB,QAAA,KAAA,CAAM,MAAA,CAAO,WAAA,EAAa,CAAA,EAAG,SAAA,CAAU,IAAI,CAAA;AAAA,MAC7C,CAAA,MAAO;AACL,QAAA,KAAA,CAAM,IAAA,CAAK,UAAU,IAAI,CAAA;AAAA,MAC3B;AACA,MAAA,MAAA,CAAO,GAAA,CAAI,MAAA,EAAQ,SAAA,CAAU,KAAK,CAAA;AAClC,MAAA,IAAA,GAAO,SAAA,CAAU,KAAA;AACjB,MAAA,OAAA,GAAU,QAAA;AAAA,IACZ;AAEA,IAAA,SAAA,CAAU,IAAA,CAAK;AAAA,MACb,MAAA;AAAA,MACA,IAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,KAAA;AAAA,IACA,MAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACnFO,IAAM,sBAAN,MAA0B;AAAA,EACvB,cAAA,GAAiB,CAAA;AAAA,EACjB,eAAA,GAAkB,CAAA;AAAA,EAClB,eAAA,GAAkB,CAAA;AAAA,EAClB,uBAAA,GAA0B,CAAA;AAAA,EAC1B,gBAAwC,2BAAA,EAA4B;AAAA,EACpE,aAAA,uBAAoB,GAAA,EAA6C;AAAA,EAEzE,IAAI,OAAA,GAAkB;AACpB,IAAA,OAAO,KAAK,aAAA,CAAc,OAAA;AAAA,EAC5B;AAAA,EAEA,IAAI,QAAA,GAAmC;AACrC,IAAA,OAAO,IAAA,CAAK,aAAA;AAAA,EACd;AAAA,EAEA,SAAS,MAAA,EAA6C;AACpD,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,KAAA,CACJ,eAAA,EACA,OAAA,EAOiC;AACjC,IAAA,MAAM,GAAA,GAAM,SAAS,GAAA,IAAO,aAAA;AAC5B,IAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,GAAG,CAAA;AAChD,IAAA,IAAI,aAAA,EAAe;AACjB,MAAA,OAAO,MAAM,aAAA;AAAA,IACf;AAEA,IAAA,MAAM,kBAAkB,IAAA,CAAK,eAAA;AAC7B,IAAA,MAAM,QAAA,GAAW,EAAE,IAAA,CAAK,eAAA;AACxB,IAAA,MAAM,kBAAkB,YAAY;AAClC,MAAA,MAAM,UAAA,GAAa,MAAM,eAAA,EAAgB;AACzC,MAAA,IAAI,IAAA,CAAK,oBAAoB,eAAA,EAAiB;AAC5C,QAAA,OAAO,IAAA,CAAK,aAAA;AAAA,MACd;AACA,MAAA,IAAI,QAAA,IAAY,KAAK,uBAAA,EAAyB;AAC5C,QAAA,IAAA,CAAK,uBAAA,GAA0B,QAAA;AAC/B,QAAA,IAAA,CAAK,cAAA,IAAkB,CAAA;AACvB,QAAA,MAAM,QAAA,GAAW,mBAAA,CAAoB,IAAA,CAAK,cAAA,EAAgB,UAAA,EAAY;AAAA,UACpE,YAAY,OAAA,EAAS;AAAA,SACtB,CAAA;AACD,QAAA,IAAA,CAAK,aAAA,GAAgB,QAAA;AACrB,QAAA,OAAO,QAAA;AAAA,MACT;AAEA,MAAA,OAAO,mBAAA,CAAoB,IAAA,CAAK,aAAA,CAAc,OAAA,EAAS,UAAA,EAAY;AAAA,QACjE,YAAY,OAAA,EAAS;AAAA,OACtB,CAAA;AAAA,IACH,CAAA,GAAG;AACH,IAAA,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,GAAA,EAAK,cAAc,CAAA;AAE1C,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,cAAA;AAAA,IACf,CAAA,SAAE;AACA,MAAA,IAAI,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,GAAG,MAAM,cAAA,EAAgB;AAClD,QAAA,IAAA,CAAK,aAAA,CAAc,OAAO,GAAG,CAAA;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,eAAA,IAAmB,CAAA;AACxB,IAAA,IAAA,CAAK,cAAA,GAAiB,CAAA;AACtB,IAAA,IAAA,CAAK,0BAA0B,IAAA,CAAK,eAAA;AACpC,IAAA,IAAA,CAAK,gBAAgB,2BAAA,EAA4B;AACjD,IAAA,IAAA,CAAK,cAAc,KAAA,EAAM;AAAA,EAC3B;AACF,CAAA;;;ACxEO,IAAM,oBAAA,GAAsC;AAAA,EACjD,eAAA,GAAkB;AAChB,IAAA,OAAO,eAAA;AAAA,EACT;AACF,CAAA;AAEO,SAAS,qBAAqB,KAAA,EAIpB;AACf,EAAA,OAAO,IAAI,YAAA;AAAA,IACT,CAAA,yBAAA,EAA4B,KAAA,CAAM,MAAM,CAAA,oBAAA,EAAuB,KAAA,CAAM,KAAK,SAAS,CAAA,gBAAA,EAAmB,KAAA,CAAM,OAAA,CAAQ,SAAS,CAAA,EAAA,CAAA;AAAA,IAC7H,6BAAA;AAAA,IACA;AAAA,MACE,IAAA,EAAM;AAAA,QACJ,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,aAAA,EAAe,MAAM,IAAA,CAAK,SAAA;AAAA,QAC1B,UAAA,EAAY,MAAM,IAAA,CAAK,MAAA;AAAA,QACvB,iBAAA,EAAmB,MAAM,IAAA,CAAK,aAAA;AAAA,QAC9B,gBAAA,EAAkB,MAAM,OAAA,CAAQ,SAAA;AAAA,QAChC,aAAA,EAAe,MAAM,OAAA,CAAQ,MAAA;AAAA,QAC7B,oBAAA,EAAsB,MAAM,OAAA,CAAQ;AAAA;AACtC;AACF,GACF;AACF;;;ACjBO,SAAS,kCAAkC,KAAA,EAGlB;AAC9B,EAAA,IAAI,KAAA,GAAkC,MAAM,YAAA,IAAgB,MAAA;AAE5D,EAAA,MAAM,SAAA,uBAAgB,GAAA,EAAsD;AAE5E,EAAA,SAAS,SAAS,IAAA,EAAsC;AACtD,IAAA,IAAI,UAAU,IAAA,EAAM;AACpB,IAAA,KAAA,GAAQ,IAAA;AAER,IAAA,IAAI;AACF,MAAA,KAAA,CAAM,gBAAgB,IAAI,CAAA;AAAA,IAC5B,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,QAAA,GAAW,SAAA,CAAU,GAAA,CAAI,aAAa,CAAA;AAC5C,IAAA,IAAI,CAAC,QAAA,EAAU;AACf,IAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,MAAA,IAAI;AACF,QAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,MACd,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,UAAU,KAAA,EAA2B;AAC5C,IAAA,MAAM,QAAA,GAAW,SAAA,CAAU,GAAA,CAAI,OAAO,CAAA;AACtC,IAAA,IAAI,CAAC,QAAA,EAAU;AACf,IAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,MAAA,IAAI;AACF,QAAA,OAAA,CAAQ,KAAK,CAAA;AAAA,MACf,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,EAAA,CACP,OAEA,OAAA,EACY;AACZ,IAAA,IAAI,CAAC,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,EAAG;AACzB,MAAA,SAAA,CAAU,GAAA,CAAI,KAAA,kBAAO,IAAI,GAAA,EAAK,CAAA;AAAA,IAChC;AACA,IAAA,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,CAAG,GAAA,CAAI,OAAO,CAAA;AACjC,IAAA,OAAO,MAAM;AACX,MAAA,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,EAAG,MAAA,CAAO,OAAO,CAAA;AAAA,IACtC,CAAA;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAI,KAAA,GAAQ;AACV,MAAA,OAAO,KAAA;AAAA,IACT,CAAA;AAAA,IACA,QAAA;AAAA,IACA,SAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACvEA,SAAS,mBAAA,CACP,MAAA,EACA,MAAA,GAAS,GAAA,EACA;AACT,EAAA,IAAI,CAAC,MAAA,EAAQ,YAAA,EAAc,OAAO,KAAA;AAClC,EAAA,MAAM,SAAA,GACJ,OAAO,MAAA,CAAO,UAAA,KAAe,WACzB,MAAA,CAAO,UAAA,GACP,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA;AAC9B,EAAA,MAAM,QAAA,GACJ,OAAO,MAAA,CAAO,SAAA,KAAc,WACxB,MAAA,CAAO,SAAA,GACP,MAAA,CAAO,MAAA,CAAO,SAAS,CAAA;AAE7B,EAAA,IAAI,CAAC,OAAO,QAAA,CAAS,SAAS,KAAK,CAAC,MAAA,CAAO,QAAA,CAAS,QAAQ,CAAA,EAAG;AAC7D,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAA,GAAY,WAAW,SAAA,GAAY,GAAA;AACzC,EAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,MAAA,GAAS,SAAA;AAC/B;AAUO,SAAS,mBAAmB,KAAA,EAMlB;AACf,EAAA,MAAM,4BAAA,uBAAmC,GAAA,EAA2B;AAEpE,EAAA,SAAS,gBAAgB,UAAA,EAA4B;AACnD,IAAA,OAAO,gBAAA,CAAiB,KAAA,CAAM,QAAA,EAAU,UAAA,EAAY,YAAY,MAAM,CAAA;AAAA,EACxE;AAEA,EAAA,eAAe,iBAAA,GAEZ;AACD,IAAA,MAAM,cAAA,GAAiB,MAAM,KAAA,CAAM,OAAA,CAAQ,OAAA;AAAA,MAGzC,gBAAA;AAAA,QACE,KAAA,CAAM,QAAA;AAAA,QACN,KAAA,CAAM,iBAAA;AAAA,QACN,WAAA,CAAY;AAAA;AACd,KACF;AACA,IAAA,MAAM,aAAA,GAAgB,MAAM,KAAA,CAAM,OAAA,CAAQ,QAEvC,eAAA,CAAgB,KAAA,CAAM,iBAAiB,CAAC,CAAA;AAE3C,IAAA,OAAO;AAAA,MACL,YAAA,EACE,cAAA,EAAgB,YAAA,IAAgB,aAAA,EAAe,YAAA,IAAgB;AAAA,KACnE;AAAA,EACF;AAEA,EAAA,eAAe,2BAAA,CACb,aACA,OAAA,EACe;AACf,IAAA,MAAM,qBAAqB,CAAA,EAAG,KAAA,CAAM,cAAc,CAAA,UAAA,EAAa,YAAY,EAAE,CAAA,CAAA;AAC7E,IAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,MAAA,MAAM,aAAA,GAAgB,MAAM,KAAA,CAAM,OAAA,CAAQ,OAAA;AAAA,QACxC,gBAAgB,kBAAkB;AAAA,OACpC;AACA,MAAA,IAAI,mBAAA,CAAoB,aAAa,CAAA,EAAG;AACtC,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAU,4BAAA,CAA6B,GAAA,CAAI,WAAA,CAAY,EAAE,CAAA;AAC/D,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,OAAO,MAAM,OAAA;AAAA,IACf;AAEA,IAAA,MAAM,mBAAmB,YAAY;AACnC,MAAA,MAAM,EAAE,YAAA,EAAc,mBAAA,EAAoB,GAAI,MAAM,iBAAA,EAAkB;AACtE,MAAA,IAAI,CAAC,mBAAA,EAAqB;AACxB,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,QAC/B,UAAA,EAAY,iDAAA;AAAA,QACZ,kBAAA,EAAoB,+CAAA;AAAA,QACpB,aAAA,EAAe,mBAAA;AAAA,QACf,UAAU,WAAA,CAAY,GAAA;AAAA,QACtB,WAAW,KAAA,CAAM;AAAA,OAClB,CAAA;AAED,MAAA,MAAM,WAAW,MAAM,KAAA,CAAM,CAAA,EAAG,KAAA,CAAM,SAAS,CAAA,aAAA,CAAA,EAAiB;AAAA,QAC9D,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,IAAA,EAAM,KAAK,QAAA;AAAS,OACrB,CAAA;AAED,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,QAAA,MAAM,IAAI,0BAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAEA,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,CAAA,wDAAA,EAA2D,WAAA,CAAY,EAAE,CAAA,QAAA,EAAW,SAAS,MAAM,CAAA,CAAA;AAAA,UACnG,+BAAA;AAAA,UACA;AAAA,YACE,YAAY,QAAA,CAAS,MAAA;AAAA,YACrB,IAAA,EAAM;AAAA,cACJ,eAAe,WAAA,CAAY,EAAA;AAAA,cAC3B,UAAU,WAAA,CAAY;AAAA;AACxB;AACF,SACF;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AAQvC,MAAA,IAAI,CAAC,SAAA,CAAU,YAAA,IAAgB,CAAC,UAAU,UAAA,EAAY;AACpD,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,CAAA,4DAAA,EAA+D,YAAY,EAAE,CAAA,EAAA,CAAA;AAAA,UAC7E,+BAAA;AAAA,UACA;AAAA,YACE,IAAA,EAAM;AAAA,cACJ,eAAe,WAAA,CAAY,EAAA;AAAA,cAC3B,UAAU,WAAA,CAAY;AAAA;AACxB;AACF,SACF;AAAA,MACF;AAEA,MAAA,MAAM,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,eAAA,CAAgB,kBAAkB,CAAA,EAAG;AAAA,QAC/D,GAAG,SAAA;AAAA,QACH,SAAA,EAAW,KAAK,GAAA;AAAI,OACrB,CAAA;AAAA,IACH,CAAA,GAAG;AAEH,IAAA,4BAAA,CAA6B,GAAA,CAAI,WAAA,CAAY,EAAA,EAAI,eAAe,CAAA;AAChE,IAAA,IAAI;AACF,MAAA,MAAM,eAAA;AAAA,IACR,CAAA,SAAE;AACA,MAAA,4BAAA,CAA6B,MAAA,CAAO,YAAY,EAAE,CAAA;AAAA,IACpD;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,eAAA;AAAA,IACA;AAAA,GACF;AACF;;;AChJO,SAAS,6BAA6B,KAAA,EAKlB;AACzB,EAAA,MAAM,eAAA,uBAAsB,GAAA,EAAiC;AAE7D,EAAA,eAAe,OAAO,aAAA,EAAsC;AAC1D,IAAA,MAAM,QAAA,GAAW,eAAA,CAAgB,GAAA,CAAI,aAAa,CAAA;AAClD,IAAA,IAAI,CAAC,QAAA,EAAU;AAEf,IAAA,QAAA,CAAS,gBAAA,EAAiB;AAC1B,IAAA,QAAA,CAAS,gBAAA,EAAiB;AAC1B,IAAA,eAAA,CAAgB,OAAO,aAAa,CAAA;AACpC,IAAA,KAAA,CAAM,QAAA,CAAS,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,CAAS,OAAO,UAAA,EAAW;AAAA,IACnC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,eAAe,KAAK,UAAA,EAAuD;AACzE,IAAA,MAAM,cAAA,GAAiB,yBAAyB,UAAU,CAAA;AAC1D,IAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,cAAA,CAAe,GAAA,CAAI,CAAC,IAAA,KAAS,CAAC,IAAA,CAAK,EAAA,EAAI,IAAI,CAAC,CAAC,CAAA;AAEzE,IAAA,KAAA,MAAW,CAAC,aAAA,EAAe,QAAQ,CAAA,IAAK,eAAA,EAAiB;AACvD,MAAA,MAAM,IAAA,GAAO,WAAA,CAAY,GAAA,CAAI,aAAa,CAAA;AAC1C,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,MAAM,OAAO,aAAa,CAAA;AAC1B,QAAA;AAAA,MACF;AAEA,MAAA,IAAI,QAAA,CAAS,WAAA,CAAY,GAAA,KAAQ,IAAA,CAAK,GAAA,EAAK;AACzC,QAAA,MAAM,OAAO,aAAa,CAAA;AAAA,MAC5B;AAAA,IACF;AAEA,IAAA,KAAA,MAAW,eAAe,cAAA,EAAgB;AACxC,MAAA,MAAM,QAAA,GAAW,eAAA,CAAgB,GAAA,CAAI,WAAA,CAAY,EAAE,CAAA;AACnD,MAAA,IAAI,QAAA,EAAU;AACZ,QAAA,QAAA,CAAS,WAAA,GAAc,WAAA;AAEvB,QAAA,MAAM,OAAA,GAAU,KAAA,CAAM,QAAA,CAAS,GAAA,CAAI,SAAS,SAAS,CAAA;AACrD,QAAA,IAAI,OAAA,EAAS;AACX,UAAA,OAAA,CAAQ,kBAAkB,WAAA,CAAY,IAAA;AAAA,QACxC;AACA,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,OAAA,GAAU,KAAA,CAAM,YAAA,CAAa,WAAW,CAAA;AAC9C,MAAA,KAAA,CAAM,SAAS,GAAA,CAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,EAAW,QAAQ,OAAO,CAAA;AAC7D,MAAA,eAAA,CAAgB,GAAA,CAAI,YAAY,EAAA,EAAI;AAAA,QAClC,WAAA;AAAA,QACA,SAAA,EAAW,QAAQ,OAAA,CAAQ,SAAA;AAAA,QAC3B,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,kBAAkB,OAAA,CAAQ,gBAAA;AAAA,QAC1B,kBAAkB,OAAA,CAAQ;AAAA,OAC3B,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,SAAS,gBAAgB,oBAAA,EAA6C;AACpE,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,KAAA,MAAW,aAAA,IAAiB,eAAA,CAAgB,IAAA,EAAK,EAAG;AAClD,MAAA,IAAI,CAAC,oBAAA,CAAqB,GAAA,CAAI,aAAa,CAAA,EAAG;AAC5C,QAAA,OAAA,CAAQ,KAAK,aAAa,CAAA;AAAA,MAC5B;AAAA,IACF;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,eAAe,QAAQ,IAAA,EAA+C;AACpE,IAAA,MAAM,OAAA,GAAU,CAAC,GAAG,eAAA,CAAgB,QAAQ,CAAA;AAC5C,IAAA,eAAA,CAAgB,KAAA,EAAM;AAEtB,IAAA,KAAA,MAAW,WAAW,CAAC,GAAG,MAAM,QAAA,CAAS,MAAA,EAAQ,CAAA,EAAG;AAClD,MAAA,IAAI,OAAA,CAAQ,WAAW,UAAA,EAAY;AACjC,QAAA,KAAA,CAAM,QAAA,CAAS,MAAA,CAAO,OAAA,CAAQ,SAAS,CAAA;AAAA,MACzC;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,CAAQ,GAAA;AAAA,MACZ,OAAA,CAAQ,GAAA,CAAI,OAAO,KAAA,KAAU;AAC3B,QAAA,KAAA,CAAM,gBAAA,EAAiB;AACvB,QAAA,KAAA,CAAM,gBAAA,EAAiB;AACvB,QAAA,IAAI;AACF,UAAA,IAAI,SAAS,SAAA,EAAW;AACtB,YAAA,MAAM,KAAA,CAAM,MAAA,CAAO,IAAA,CAAK,OAAA,EAAQ;AAAA,UAClC,CAAA,MAAO;AACL,YAAA,MAAM,KAAA,CAAM,OAAO,UAAA,EAAW;AAAA,UAChC;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF,CAAC;AAAA,KACH;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAI,IAAA,GAAO;AACT,MAAA,OAAO,eAAA,CAAgB,IAAA;AAAA,IACzB,CAAA;AAAA,IACA,OAAA,GAAU;AACR,MAAA,OAAO,gBAAgB,OAAA,EAAQ;AAAA,IACjC,CAAA;AAAA,IACA,MAAA,GAAS;AACP,MAAA,OAAO,gBAAgB,MAAA,EAAO;AAAA,IAChC,CAAA;AAAA,IACA,IAAA,GAAO;AACL,MAAA,OAAO,gBAAgB,IAAA,EAAK;AAAA,IAC9B,CAAA;AAAA,IACA,IAAI,aAAA,EAAuB;AACzB,MAAA,OAAO,eAAA,CAAgB,IAAI,aAAa,CAAA;AAAA,IAC1C,CAAA;AAAA,IACA,IAAA;AAAA,IACA,eAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACrCA,SAAS,iBAAiB,GAAA,EAAuB;AAC/C,EAAA,IAAI,GAAA,YAAe,KAAA,IAAS,cAAA,CAAe,GAAG,CAAA,EAAG;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,IAAI,GAAA,CAAI,IAAA,KAAS,uBAAA,EAAyB,OAAO,IAAA;AACjD,IAAA,IAAI,GAAA,CAAI,UAAA,KAAe,GAAA,EAAK,OAAO,IAAA;AACnC,IAAA,IAAI,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,IAAY,GAAA,CAAI,cAAc,GAAA,EAAK;AAC/D,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,KAAQ,IAAA,EAAM;AAC3C,IAAA,MAAM,MAAA,GAAS,GAAA;AACf,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,UAAA,IAAc,MAAA,CAAO,MAAA;AAChD,IAAA,MAAM,MAAA,GAAS,OAAO,WAAA,KAAgB,QAAA,GAAW,WAAA,GAAc,MAAA;AAC/D,IAAA,IAAI,WAAW,GAAA,IAAQ,OAAO,MAAA,KAAW,QAAA,IAAY,UAAU,GAAA,EAAM;AACnE,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,eAAe,kBAAA,CACb,SAAA,EACA,UAAA,GAAa,CAAA,EACD;AACZ,EAAA,MAAM,YAAA,GAAe,GAAA;AACrB,EAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,WAAW,CAAA,EAAG;AACzD,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,SAAA,EAAU;AAAA,IACzB,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,OAAA,IAAW,UAAA,IAAc,CAAC,gBAAA,CAAiB,GAAG,CAAA,EAAG;AACnD,QAAA,MAAM,GAAA;AAAA,MACR;AACA,MAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,YAAY,CAAC,CAAA;AAAA,IAClE;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,MAAM,8CAA8C,CAAA;AAChE;AAEA,SAAS,cAAA,CAAe,KAAc,OAAA,EAAsC;AAC1E,EAAA,MAAM,WAAA,GAAc,OAAA,GAAU,EAAE,GAAG,SAAQ,GAAI,MAAA;AAC/C,EAAA,MAAM,SAAA,GAAY,CAChB,IAAA,KAEA,WAAA,GAAc,EAAE,GAAI,IAAA,IAAQ,EAAC,EAAI,GAAG,WAAA,EAAY,GAAK,QAAQ,EAAC;AAEhE,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,GAAA;AAAA,IACT;AAIA,IAAA,MAAM,SAAS,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,cAAA,CAAe,GAAG,CAAC,CAAA;AACvD,IAAA,MAAA,CAAO,gBAAA,CAAiB,MAAA,EAAQ,MAAA,CAAO,yBAAA,CAA0B,GAAG,CAAC,CAAA;AACrE,IAAA,MAAA,CAAO,cAAA,CAAe,QAAQ,MAAA,EAAQ;AAAA,MACpC,KAAA,EAAO,SAAA,CAAU,GAAA,CAAI,IAAI,CAAA;AAAA,MACzB,UAAA,EAAY,IAAA;AAAA,MACZ,QAAA,EAAU,IAAA;AAAA,MACV,YAAA,EAAc;AAAA,KACf,CAAA;AACD,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,eAAe,KAAA,EAAO;AACxB,IAAA,IAAI,mBAAA,CAAoB,GAAG,CAAA,EAAG;AAC5B,MAAA,OAAO,IAAI,0BAAA,CAA2B,GAAA,CAAI,OAAA,EAAS;AAAA,QACjD,MAAM,SAAA,EAAU;AAAA,QAChB,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AACA,IAAA,OAAO,IAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,uBAAA,EAAyB;AAAA,MAC5D,MAAM,SAAA,EAAU;AAAA,MAChB,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,IAAI,YAAA,CAAa,MAAA,CAAO,GAAG,GAAG,uBAAA,EAAyB;AAAA,IAC5D,MAAM,SAAA;AAAU,GACjB,CAAA;AACH;AAEA,SAAS,wBAAwB,GAAA,EAAuB;AACtD,EAAA,IAAI,GAAA,YAAe,4BAA4B,OAAO,IAAA;AACtD,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,OAAO,IAAI,IAAA,KAAS,gCAAA;AAAA,EACtB;AACA,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,KAAQ,IAAA,EAAM;AAC3C,IAAA,OACG,IAA2B,IAAA,KAAS,gCAAA;AAAA,EAEzC;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,uBAAuB,GAAA,EAAuB;AACrD,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,OAAO,IAAI,IAAA,KAAS,+BAAA;AAAA,EACtB;AACA,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,KAAQ,IAAA,EAAM;AAC3C,IAAA,OAAQ,IAA2B,IAAA,KAAS,+BAAA;AAAA,EAC9C;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,uBAAuB,GAAA,EAAuB;AACrD,EAAA,OAAO,uBAAA,CAAwB,GAAG,CAAA,IAAK,sBAAA,CAAuB,GAAG,CAAA;AACnE;AACO,SAAS,0BACd,MAAA,EACqB;AACrB,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACpB,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,6DAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,6FAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,cAAA,EAAgB;AAC1B,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,mFAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,cAAA,GAAiB,OAAO,UAAA,IAAc,SAAA;AAC5C,EAAA,MAAM,SAAA,GAAY,yBAAA;AAAA,IAChB,OAAO,SAAA,IAAa;AAAA,GACtB;AACA,EAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,OAAA,IAAW,IAAI,aAAA,EAAc;AAC1D,EAAA,MAAM,iBAAA,GAAoB,GAAG,cAAc,CAAA,QAAA,CAAA;AAE3C,EAAA,MAAM,kBAA6C,EAAC;AACpD,EAAA,MAAM,kBAAkB,iCAAA,CAAkC;AAAA,IACxD,YAAA,EAAc,MAAA;AAAA,IACd,eAAe,MAAA,CAAO;AAAA,GACvB,CAAA;AAED,EAAA,MAAM,cAAA,GAAiB,IAAI,mBAAA,EAAoB;AAC/C,EAAA,MAAM,aAAA,GAAgB,oBAAA;AAEtB,EAAA,MAAM,mBAAA,uBAA0B,GAAA,EAAsC;AACtE,EAAA,MAAM,QAAA,uBAAe,GAAA,EAA4B;AACjD,EAAA,MAAM,kBAAA,uBAAyB,GAAA,EAAoB;AACnD,EAAA,MAAM,wBAAA,uBAA+B,GAAA,EAAY;AAEjD,EAAA,MAAM,eAAe,kBAAA,CAAmB;AAAA,IACtC,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,cAAA;AAAA,IACA,iBAAA;AAAA,IACA,SAAA;AAAA,IACA,OAAA,EAAS;AAAA,GACV,CAAA;AAED,EAAA,IAAI,yBAAA,GACF,IAAA;AAEF,EAAA,MAAM,gBAAgB,iCAAA,CAAkC;AAAA,IACtD,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,OAAA,EAAS,aAAA;AAAA,IACT,UAAA,EAAY,iBAAA;AAAA,IACZ,cAAA,EAAgB,OAAO,GAAA,KAAQ;AAC7B,MAAA,eAAA,CAAgB,KAAK,SAAS,CAAA;AAC9B,MAAA,OAAO,MAAM,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AAAA,IACxC,CAAA;AAAA,IACA,uBAAuB,MAAA,CAAO;AAAA,GAC/B,CAAA;AAED,EAAA,MAAM,cAAA,GAAiB,qBAAqB,aAAa,CAAA;AACzD,EAAA,QAAA,CAAS,GAAA,CAAI,gBAAA,EAAiB,EAAG,cAAc,CAAA;AAE/C,EAAgC,aAAA,CAAc,EAAA,CAAG,aAAA,EAAe,CAAC,KAAA,KAAU;AACzE,IAAA,IAAI,UAAU,YAAA,EAAc;AAC1B,MAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,IACvC;AAAA,EACF,CAAC;AACD,EAAgC,aAAA,CAAc,EAAA,CAAG,OAAA,EAAS,CAAC,KAAA,KAAU;AACnE,IAAA,MAAM,UAAA,GAAa,eAAe,KAAA,EAAO;AAAA,MACvC,WAAW,gBAAA,EAAiB;AAAA,MAC5B,MAAA,EAAQ,SAAA;AAAA,MACR,SAAA,EAAW;AAAA,KACZ,CAAA;AACD,IAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AACpC,IAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,MAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,IACvC;AAAA,EACF,CAAC;AAED,EAAA,MAAM,8BAA8B,YAAA,CAAa,2BAAA;AAEjD,EAAA,SAAS,oBAAoB,aAAA,EAAgC;AAC3D,IAAA,OAAA,CAAQ,kBAAA,CAAmB,GAAA,CAAI,aAAa,CAAA,IAAK,CAAA,IAAK,CAAA;AAAA,EACxD;AAEA,EAAA,eAAe,oBAAA,CACb,eACA,SAAA,EACY;AACZ,IAAA,kBAAA,CAAmB,GAAA;AAAA,MACjB,aAAA;AAAA,MAAA,CACC,kBAAA,CAAmB,GAAA,CAAI,aAAa,CAAA,IAAK,CAAA,IAAK;AAAA,KACjD;AACA,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,SAAA,EAAU;AAAA,IACzB,CAAA,SAAE;AACA,MAAA,MAAM,IAAA,GAAA,CAAQ,kBAAA,CAAmB,GAAA,CAAI,aAAa,KAAK,CAAA,IAAK,CAAA;AAC5D,MAAA,IAAI,QAAQ,CAAA,EAAG;AACb,QAAA,kBAAA,CAAmB,OAAO,aAAa,CAAA;AAAA,MACzC,CAAA,MAAO;AACL,QAAA,kBAAA,CAAmB,GAAA,CAAI,eAAe,IAAI,CAAA;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,qBAAqB,WAAA,EAK5B;AACA,IAAA,MAAM,SAAS,iCAAA,CAAkC;AAAA,MAC/C,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,KAAK,WAAA,CAAY,GAAA;AAAA,MACjB,WAAW,MAAA,CAAO,SAAA;AAAA,MAClB,OAAA,EAAS,aAAA;AAAA,MACT,UAAA,EAAY,CAAA,EAAG,cAAc,CAAA,UAAA,EAAa,YAAY,EAAE,CAAA,CAAA;AAAA,MACxD,cAAA,EAAgB,OAAO,GAAA,KAAQ;AAC7B,QAAA,eAAA,CAAgB,IAAA,CAAK,YAAY,EAAE,CAAA;AACnC,QAAA,OAAO,MAAM,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AAAA,MACxC,CAAA;AAAA,MACA,uBAAuB,MAAA,CAAO;AAAA,KAC/B,CAAA;AAED,IAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,EAAA,CAAG,aAAA,EAAe,CAAC,KAAA,KAAU;AAC3D,MAAA,IAAI,UAAU,YAAA,EAAc;AAC1B,QAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,MACvC;AAAA,IACF,CAAC,CAAA;AACD,IAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,EAAA,CAAG,OAAA,EAAS,CAAC,KAAA,KAAU;AACrD,MAAA,MAAM,UAAA,GAAa,eAAe,KAAA,EAAO;AAAA,QACvC,SAAA,EAAW,iBAAA,CAAkB,WAAA,CAAY,EAAE,CAAA;AAAA,QAC3C,MAAA,EAAQ,UAAA;AAAA,QACR,eAAe,WAAA,CAAY,EAAA;AAAA,QAC3B,SAAA,EAAW;AAAA,OACZ,CAAA;AACD,MAAA,IACE,oBAAoB,WAAA,CAAY,EAAE,CAAA,IAClC,uBAAA,CAAwB,UAAU,CAAA,EAClC;AACA,QAAA;AAAA,MACF;AACA,MAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,QAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AACrC,QAAA;AAAA,MACF;AACA,MAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,IACtC,CAAC,CAAA;AAED,IAAA,MAAM,OAAA,GAAU,qBAAA,CAAsB,EAAE,WAAA,EAAa,QAAQ,CAAA;AAE7D,IAAA,OAAO,EAAE,OAAA,EAAS,MAAA,EAAQ,gBAAA,EAAkB,gBAAA,EAAiB;AAAA,EAC/D;AAEA,EAAA,MAAM,yBAAyB,4BAAA,CAA6B;AAAA,IAC1D,QAAA;AAAA,IACA,YAAA,EAAc;AAAA,GACf,CAAA;AAED,EAAA,eAAe,2BAAA,CACb,QAAQ,KAAA,EAC6B;AACrC,IAAA,IAAI,yBAAA,EAA2B;AAC7B,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,OAAO,MAAM,yBAAA;AAAA,MACf;AAEA,MAAA,MAAM,yBAAA;AAAA,IACR;AAEA,IAAA,MAAM,kBAAkB,YAAY;AAClC,MAAA,MAAM,QAAQ,MAAM,kBAAA;AAAA,QAClB,YAAY,MAAM,aAAA,CAAc,GAAA,CAAI,uBAAA;AAAwB,OAC9D;AACA,MAAA,MAAM,yBAAyB,KAAK,CAAA;AACpC,MAAA,OAAO,KAAA;AAAA,IACT,CAAA,GAAG;AACH,IAAA,yBAAA,GAA4B,cAAA;AAE5B,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,cAAA;AAAA,IACf,CAAA,SAAE;AACA,MAAA,IAAI,8BAA8B,cAAA,EAAgB;AAChD,QAAA,yBAAA,GAA4B,IAAA;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AAEA,EAAA,eAAe,yBACb,YAAA,EACe;AACf,IAAA,mBAAA,CAAoB,KAAA,EAAM;AAC1B,IAAA,KAAA,MAAW,QAAQ,YAAA,EAAc;AAC/B,MAAA,mBAAA,CAAoB,GAAA,CAAI,IAAA,CAAK,EAAA,EAAI,IAAI,CAAA;AAAA,IACvC;AACA,IAAA,MAAM,sBAAA,CAAuB,KAAK,YAAY,CAAA;AAAA,EAChD;AAEA,EAAA,eAAe,yBAAyB,OAAA,EAGD;AACrC,IAAA,MAAM,aAAwC,EAAC;AAC/C,IAAA,wBAAA,CAAyB,KAAA,EAAM;AAC/B,IAAA,MAAM,0BAAA,uBAAiC,GAAA,EAAY;AAEnD,IAAA,MAAM,YAAA,GAAe,MAAM,aAAA,CAAc,KAAA,CAAM,KAAK,OAAO,CAAA;AAC3D,IAAA,KAAA,MAAW,QAAQ,YAAA,EAAc;AAC/B,MAAA,UAAA,CAAW,IAAA,CAAK;AAAA,QACd,IAAA;AAAA,QACA,KAAA,EAAO;AAAA,UACL,QAAQ,IAAA,CAAK,EAAA;AAAA,UACb,WAAW,gBAAA,EAAiB;AAAA,UAC5B,MAAA,EAAQ,SAAA;AAAA,UACR,eAAe,IAAA,CAAK;AAAA;AACtB,OACD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,SAAS,mBAAA,EAAqB;AAChC,MAAA,MAAM,wBAAA,CAAyB,QAAQ,mBAAmB,CAAA;AAAA,IAC5D,CAAA,MAAO;AACL,MAAA,MAAM,2BAAA,EAA4B;AAAA,IACpC;AAEA,IAAA,MAAM,wBAAwB,CAAC,GAAG,sBAAA,CAAuB,MAAA,EAAQ,CAAA,CAAE,IAAA;AAAA,MACjE,CAAC,GAAG,CAAA,KAAM,CAAA,CAAE,YAAY,EAAA,CAAG,aAAA,CAAc,CAAA,CAAE,WAAA,CAAY,EAAE;AAAA,KAC3D;AAEA,IAAA,MAAM,wBAAA,GAA2B,OAAO,KAAA,KAA+B;AACrE,MAAA,MAAM,gBAAgB,MAAM,kBAAA;AAAA,QAC1B,YACE,MAAM,oBAAA;AAAA,UAAqB,MAAM,WAAA,CAAY,EAAA;AAAA,UAAI,MAC/C,KAAA,CAAM,MAAA,CAAO,KAAA,CAAM,IAAA;AAAK;AAC1B,OACJ;AACA,MAAA,wBAAA,CAAyB,GAAA,CAAI,KAAA,CAAM,WAAA,CAAY,EAAE,CAAA;AACjD,MAAA,KAAA,MAAW,QAAQ,aAAA,EAAe;AAChC,QAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,EAAA,IAAM,IAAA,CAAK,IAAA;AACtC,QAAA,MAAM,YAAY,CAAA,EAAG,KAAA,CAAM,YAAY,EAAE,CAAA,CAAA,EAAI,KAAK,IAAI,CAAA,CAAA;AAEtD,QAAA,UAAA,CAAW,IAAA,CAAK;AAAA,UACd,IAAA,EAAM;AAAA,YACJ,EAAA,EAAI,SAAA;AAAA,YACJ,MAAM,IAAA,CAAK,IAAA;AAAA,YACX,aAAa,IAAA,CAAK,WAAA;AAAA,YAClB,aAAa,IAAA,CAAK,WAAA;AAAA,YAClB,MAAA,EAAQ;AAAA,cACN,EAAA,EAAI,MAAM,WAAA,CAAY,EAAA;AAAA,cACtB,IAAA,EAAM,MAAM,WAAA,CAAY;AAAA;AAC1B,WACF;AAAA,UACA,KAAA,EAAO;AAAA,YACL,MAAA,EAAQ,SAAA;AAAA,YACR,WAAW,KAAA,CAAM,SAAA;AAAA,YACjB,MAAA,EAAQ,UAAA;AAAA,YACR,aAAA;AAAA,YACA,aAAA,EAAe,MAAM,WAAA,CAAY;AAAA;AACnC,SACD,CAAA;AAAA,MACH;AAAA,IACF,CAAA;AAEA,IAAA,KAAA,MAAW,SAAS,qBAAA,EAAuB;AACzC,MAAA,IAAI;AACF,QAAA,MAAM,2BAAA,CAA4B,MAAM,WAAW,CAAA;AACnD,QAAA,MAAM,yBAAyB,KAAK,CAAA;AAAA,MACtC,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,UAAA,GAAa,eAAe,GAAA,EAAK;AAAA,UACrC,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,MAAA,EAAQ,UAAA;AAAA,UACR,aAAA,EAAe,MAAM,WAAA,CAAY,EAAA;AAAA,UACjC,SAAA,EAAW;AAAA,SACZ,CAAA;AACD,QAAA,IAAI,uBAAA,CAAwB,UAAU,CAAA,EAAG;AACvC,UAAA,0BAAA,CAA2B,GAAA,CAAI,KAAA,CAAM,WAAA,CAAY,EAAE,CAAA;AACnD,UAAA;AAAA,QACF;AACA,QAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,UAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,QACvC;AACA,QAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,MACtC;AAAA,IACF;AAEA,IAAA,IAAI,0BAAA,CAA2B,OAAO,CAAA,EAAG;AACvC,MAAA,IAAI,iBAAA,GAAoB,KAAA;AACxB,MAAA,KAAA,MAAW,iBAAiB,0BAAA,EAA4B;AACtD,QAAA,MAAM,KAAA,GAAQ,sBAAA,CAAuB,GAAA,CAAI,aAAa,CAAA;AACtD,QAAA,IAAI,CAAC,KAAA,EAAO;AAEZ,QAAA,IAAI;AACF,UAAA,MAAM,2BAAA,CAA4B,MAAM,WAAA,EAAa;AAAA,YACnD,aAAA,EAAe;AAAA,WAChB,CAAA;AACD,UAAA,MAAM,oBAAA,CAAqB,eAAe,YAAY;AACpD,YAAA,MAAM,KAAA,CAAM,OAAO,UAAA,EAAW;AAC9B,YAAA,MAAM,KAAA,CAAM,OAAO,OAAA,EAAQ;AAAA,UAC7B,CAAC,CAAA;AACD,UAAA,MAAM,yBAAyB,KAAK,CAAA;AAAA,QACtC,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,UAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,YAAA,iBAAA,GAAoB,IAAA;AACpB,YAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,cAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,YACtC;AACA,YAAA;AAAA,UACF;AACA,UAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,QACtC;AAAA,MACF;AAEA,MAAA,IAAI,iBAAA,EAAmB;AACrB,QAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,MACvC,WACE,eAAA,CAAgB,KAAA,KAAU,YAAA,IAC1B,aAAA,CAAc,UAAU,OAAA,EACxB;AACA,QAAA,eAAA,CAAgB,SAAS,OAAO,CAAA;AAAA,MAClC;AAAA,IACF;AAEA,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,eAAe,mBAAmB,OAAA,EAM/B;AACD,IAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,MAClC,KAAA,EAAO,SAAS,KAAA,IAAS,IAAA;AAAA,MACzB,mBAAA,EACE,OAAA,EAAS,mBAAA,EACL,GAAA,CAAI,CAAC,gBAAgB,WAAA,CAAY,EAAE,CAAA,CACpC,IAAA,EAAK,IAAK;AAAA,KAChB,CAAA;AACD,IAAA,MAAM,QAAA,GAAW,MAAM,cAAA,CAAe,KAAA;AAAA,MACpC,YAAY,MAAM,wBAAA,CAAyB,OAAO,CAAA;AAAA,MAClD;AAAA,QACE,GAAA,EAAK,YAAA;AAAA,QACL,UAAA,EAAY,CAAC,QAAA,EAAU,QAAA,KACrB,cAAc,eAAA,CAAgB;AAAA,UAC5B,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,QAAA;AAAA,UACA;AAAA,SACD;AAAA;AACL,KACF;AACA,IAAA,OAAO;AAAA,MACL,OAAO,QAAA,CAAS,KAAA;AAAA,MAChB,WAAW,QAAA,CAAS;AAAA,KACtB;AAAA,EACF;AAEA,EAAA,SAAS,mBAAmB,SAAA,EAAwC;AAClE,IAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,MAAA,eAAA,CAAgB,SAAA;AAAA,QACd,oBAAA,CAAqB;AAAA,UACnB,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,MAAM,QAAA,CAAS,IAAA;AAAA,UACf,SAAS,QAAA,CAAS;AAAA,SACnB;AAAA,OACH;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,mCAAA,GAAgD;AACvD,IAAA,OAAO,sBAAA,CAAuB,gBAAgB,wBAAwB,CAAA;AAAA,EACxE;AAEA,EAAA,eAAe,uBACb,IAAA,EACe;AACf,IAAA,MAAM,sBAAA,CAAuB,QAAQ,IAAI,CAAA;AAAA,EAC3C;AAEA,EAAA,eAAe,eAAA,GAAiC;AAC9C,IAAA,IAAI,eAAA,CAAgB,UAAU,OAAA,EAAS;AACvC,IAAA,IACE,eAAA,CAAgB,KAAA,KAAU,YAAA,IAC1B,aAAA,CAAc,UAAU,OAAA,EACxB;AACA,MAAA;AAAA,IACF;AAEA,IAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAErC,IAAA,IAAI;AACF,MAAA,MAAM,cAAc,OAAA,EAAQ;AAC5B,MAAA,MAAM,4BAA4B,IAAI,CAAA;AACtC,MAAA,eAAA,CAAgB,SAAS,OAAO,CAAA;AAAA,IAClC,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,UAAA,GAAa,eAAe,GAAA,EAAK;AAAA,QACrC,WAAW,gBAAA,EAAiB;AAAA,QAC5B,MAAA,EAAQ,SAAA;AAAA,QACR,SAAA,EAAW;AAAA,OACZ,CAAA;AACD,MAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,QAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,MACvC,CAAA,MAAO;AACL,QAAA,eAAA,CAAgB,SAAS,QAAQ,CAAA;AAAA,MACnC;AACA,MAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AACpC,MAAA,MAAM,UAAA;AAAA,IACR;AAAA,EACF;AAEA,EAAA,eAAe,kBAAkB,MAAA,EAA0C;AACzE,IAAA,IAAI,KAAA,GAAQ,cAAA,CAAe,QAAA,CAAS,MAAM,CAAA;AAC1C,IAAA,IAAI,OAAO,OAAO,KAAA;AAElB,IAAA,MAAM,SAAA,GAAY,MAAM,kBAAA,EAAmB;AAC3C,IAAA,kBAAA,CAAmB,UAAU,SAAS,CAAA;AACtC,IAAA,KAAA,GAAQ,cAAA,CAAe,SAAS,MAAM,CAAA;AACtC,IAAA,IAAI,OAAO,OAAO,KAAA;AAElB,IAAA,MAAM,IAAI,YAAA;AAAA,MACR,iBAAiB,MAAM,CAAA,gDAAA,CAAA;AAAA,MACvB,wBAAA;AAAA,MACA,EAAE,IAAA,EAAM,EAAE,MAAA,EAAO;AAAE,KACrB;AAAA,EACF;AAEA,EAAA,MAAM,YAAA,GAAoC;AAAA,IACxC,IAAI,KAAA,GAAQ;AACV,MAAA,OAAO,eAAA,CAAgB,KAAA;AAAA,IACzB,CAAA;AAAA,IAEA,MAAM,OAAA,GAAU;AACd,MAAA,MAAM,eAAA,EAAgB;AAAA,IACxB,CAAA;AAAA,IAEA,MAAM,UAAA,GAAa;AACjB,MAAA,MAAM,uBAAuB,YAAY,CAAA;AACzC,MAAA,mBAAA,CAAoB,KAAA,EAAM;AAC1B,MAAA,cAAA,CAAe,KAAA,EAAM;AACrB,MAAA,eAAA,CAAgB,MAAA,GAAS,CAAA;AACzB,MAAA,MAAM,cAAc,UAAA,EAAW;AAC/B,MAAA,eAAA,CAAgB,SAAS,MAAM,CAAA;AAAA,IACjC,CAAA;AAAA,IAEA,MAAM,iBAAA,GAAmD;AACvD,MAAA,MAAM,eAAA,EAAgB;AACtB,MAAA,OAAO,MAAM,cAAc,iBAAA,EAAkB;AAAA,IAC/C,CAAA;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,MAAA,GAAS;AACb,QAAA,IACE,eAAA,CAAgB,KAAA,KAAU,YAAA,IAC1B,aAAA,CAAc,UAAU,OAAA,EACxB;AACA,UAAA,MAAM,4BAA4B,IAAI,CAAA;AAEtC,UAAA,IAAI,sBAAA,GAAyB,KAAA;AAC7B,UAAA,KAAA,MAAW;AAAA,YACT,aAAA;AAAA,YACA;AAAA,WACF,IAAK,sBAAA,CAAuB,OAAA,EAAQ,EAAG;AACrC,YAAA,IAAI;AACF,cAAA,MAAM,oBAAA;AAAA,gBAAqB,aAAA;AAAA,gBAAe,MACxC,KAAA,CAAM,MAAA,CAAO,IAAA,CAAK,MAAA;AAAO,eAC3B;AAAA,YACF,SAAS,GAAA,EAAK;AACZ,cAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,cAAA,IAAI,uBAAA,CAAwB,UAAU,CAAA,EAAG;AACvC,gBAAA,sBAAA,GAAyB,IAAA;AACzB,gBAAA;AAAA,cACF;AACA,cAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,YACtC;AAAA,UACF;AAEA,UAAA,MAAM,SAAA,GAAY,MAAM,kBAAA,EAAmB;AAC3C,UAAA,kBAAA,CAAmB,UAAU,SAAS,CAAA;AACtC,UAAA,MAAM,kBAAkB,mCAAA,EAAoC;AAC5D,UAAA,IAAI,CAAC,sBAAA,IAA0B,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AAC3D,YAAA,eAAA,CAAgB,SAAS,OAAO,CAAA;AAAA,UAClC;AACA,UAAA;AAAA,QACF;AAEA,QAAA,MAAM,eAAA,EAAgB;AAAA,MACxB,CAAA;AAAA,MAEA,MAAM,OAAA,GAAU;AACd,QAAA,MAAM,uBAAuB,SAAS,CAAA;AACtC,QAAA,mBAAA,CAAoB,KAAA,EAAM;AAC1B,QAAA,cAAA,CAAe,KAAA,EAAM;AACrB,QAAA,eAAA,CAAgB,MAAA,GAAS,CAAA;AACzB,QAAA,MAAM,aAAA,CAAc,KAAK,OAAA,EAAQ;AACjC,QAAA,eAAA,CAAgB,SAAS,MAAM,CAAA;AAAA,MACjC,CAAA;AAAA,MAEA,MAAM,eAAe,GAAA,EAAmB;AACtC,QAAA,IAAI,sBAAA,CAAuB,SAAS,CAAA,EAAG;AACrC,UAAA,IAAI;AACF,YAAA,MAAM,4BAA4B,IAAI,CAAA;AAAA,UACxC,SAAS,GAAA,EAAK;AACZ,YAAA,eAAA,CAAgB,SAAA;AAAA,cACd,eAAe,GAAA,EAAK;AAAA,gBAClB,WAAW,gBAAA,EAAiB;AAAA,gBAC5B,MAAA,EAAQ,SAAA;AAAA,gBACR,SAAA,EAAW;AAAA,eACZ;AAAA,aACH;AAAA,UACF;AAAA,QACF;AAEA,QAAA,MAAM,UAGD,EAAC;AAEN,QAAA,KAAA,MAAW,YAAY,eAAA,EAAiB;AACtC,UAAA,IAAI,aAAa,SAAA,EAAW;AAC1B,YAAA,OAAA,CAAQ,IAAA,CAAK,EAAE,MAAA,EAAQ,aAAA,EAAe,UAAU,CAAA;AAChD,YAAA;AAAA,UACF;AACA,UAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,GAAA,CAAI,QAAQ,CAAA;AAClD,UAAA,IAAI,MAAA,EAAQ;AACV,YAAA,OAAA,CAAQ,KAAK,EAAE,MAAA,EAAQ,MAAA,CAAO,MAAA,EAAQ,UAAU,CAAA;AAAA,UAClD;AAAA,QACF;AAEA,QAAA,IAAI,aAAA,CAAc,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG;AACtC,UAAA,OAAA,CAAQ,IAAA,CAAK,EAAE,MAAA,EAAQ,aAAA,EAAe,CAAA;AAAA,QACxC;AAEA,QAAA,KAAA,MAAW,KAAA,IAAS,sBAAA,CAAuB,MAAA,EAAO,EAAG;AACnD,UAAA,IAAI,KAAA,CAAM,MAAA,CAAO,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG;AACrC,YAAA,OAAA,CAAQ,IAAA,CAAK,EAAE,MAAA,EAAQ,KAAA,CAAM,QAAQ,CAAA;AAAA,UACvC;AAAA,QACF;AAEA,QAAA,OAAA,CAAQ,IAAA,CAAK,EAAE,MAAA,EAAQ,aAAA,EAAe,CAAA;AACtC,QAAA,OAAA,CAAQ,IAAA;AAAA,UACN,GAAG,CAAC,GAAG,sBAAA,CAAuB,MAAA,EAAQ,CAAA,CACnC,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,WAAA,CAAY,EAAA,CAAG,aAAA,CAAc,CAAA,CAAE,WAAA,CAAY,EAAE,CAAC,CAAA,CAC/D,GAAA,CAAI,CAAC,KAAA,MAAW,EAAE,MAAA,EAAQ,KAAA,CAAM,MAAA,EAAO,CAAE;AAAA,SAC9C;AAEA,QAAA,MAAM,SAGD,EAAC;AACN,QAAA,MAAM,IAAA,uBAAW,GAAA,EAAmB;AACpC,QAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,UAAA,IAAI,IAAA,CAAK,GAAA,CAAI,KAAA,CAAM,MAAM,CAAA,EAAG;AAC5B,UAAA,IAAA,CAAK,GAAA,CAAI,MAAM,MAAM,CAAA;AACrB,UAAA,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QACnB;AAEA,QAAA,IAAI,SAAA;AAMJ,QAAA,IAAI,SAAA,GAAqB,MAAA;AAEzB,QAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,UAAA,IAAI;AACF,YAAA,MAAM,KAAA,CAAM,MAAA,CAAO,IAAA,CAAK,cAAA,CAAe,GAAG,CAAA;AAC1C,YAAA,SAAA,GAAY,KAAA;AACZ,YAAA;AAAA,UACF,SAAS,GAAA,EAAK;AACZ,YAAA,SAAA,GAAY,GAAA;AAAA,UACd;AAAA,QACF;AAEA,QAAA,IAAI,SAAA,EAAW;AACb,UAAA,KAAA,IAAS,MAAM,eAAA,CAAgB,MAAA,GAAS,GAAG,GAAA,IAAO,CAAA,EAAG,OAAO,CAAA,EAAG;AAC7D,YAAA,MAAM,QAAA,GAAW,gBAAgB,GAAG,CAAA;AACpC,YAAA,MAAM,eACJ,QAAA,KAAa,SAAA,GACT,gBACA,sBAAA,CAAuB,GAAA,CAAI,QAAQ,CAAA,EAAG,MAAA;AAC5C,YAAA,IAAI,YAAA,KAAiB,UAAU,MAAA,EAAQ;AACrC,cAAA,eAAA,CAAgB,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,YAC/B;AAAA,UACF;AAAA,QACF;AAEA,QAAA,IAAI,CAAC,aAAa,SAAA,EAAW;AAC3B,UAAA,MAAM,eAAe,SAAA,EAAW;AAAA,YAC9B,WAAW,gBAAA,EAAiB;AAAA,YAC5B,MAAA,EAAQ,SAAA;AAAA,YACR,SAAA,EAAW;AAAA,WACZ,CAAA;AAAA,QACH;AAEA,QAAA,IAAI;AACF,UAAA,MAAM,eAAA,EAAgB;AAAA,QACxB,SAAS,GAAA,EAAK;AACZ,UAAA,eAAA,CAAgB,SAAA;AAAA,YACd,eAAe,GAAA,EAAK;AAAA,cAClB,WAAW,gBAAA,EAAiB;AAAA,cAC5B,MAAA,EAAQ,SAAA;AAAA,cACR,SAAA,EAAW;AAAA,aACZ;AAAA,WACH;AAAA,QACF;AAAA,MACF,CAAA;AAAA,MAEA,WAAW,GAAA,EAA4B;AACrC,QAAA,IAAI,aAAA,CAAc,IAAA,CAAK,UAAA,CAAW,GAAG,GAAG,OAAO,IAAA;AAC/C,QAAA,KAAA,MAAW,KAAA,IAAS,sBAAA,CAAuB,MAAA,EAAO,EAAG;AACnD,UAAA,IAAI,MAAM,MAAA,CAAO,IAAA,CAAK,UAAA,CAAW,GAAG,GAAG,OAAO,IAAA;AAAA,QAChD;AACA,QAAA,OAAO,KAAA;AAAA,MACT,CAAA;AAAA,MAEA,IAAI,eAAA,GAA2B;AAC7B,QAAA,OACE,eAAA,CAAgB,KAAA,KAAU,OAAA,IAC1B,aAAA,CAAc,IAAA,CAAK,eAAA;AAAA,MAEvB;AAAA,KACF;AAAA,IAEA,YAAA,EAAc;AAAA,MACZ,MAAM,IAAA,GAAmC;AACvC,QAAA,MAAM,eAAA,EAAgB;AACtB,QAAA,MAAM,UAAA,GAAa,MAAM,2BAAA,CAA4B,IAAI,CAAA;AAEzD,QAAA,IAAI,kBAAqC,EAAC;AAC1C,QAAA,IAAI;AACF,UAAA,eAAA,GAAkB,MAAM,aAAA,CAAc,YAAA,CAAa,IAAA,EAAK;AAAA,QAC1D,SAAS,GAAA,EAAK;AACZ,UAAA,eAAA,CAAgB,SAAA;AAAA,YACd,eAAe,GAAA,EAAK;AAAA,cAClB,WAAW,gBAAA,EAAiB;AAAA,cAC5B,MAAA,EAAQ,SAAA;AAAA,cACR,SAAA,EAAW;AAAA,aACZ;AAAA,WACH;AAAA,QACF;AACA,QAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,eAAA,CAAgB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAC,CAAA,CAAE,EAAA,EAAI,CAAC,CAAC,CAAC,CAAA;AAEjE,QAAA,MAAM,2BAA2B,UAAA,CAAW,IAAA;AAAA,UAC1C,CAAC,CAAA,KACC,CAAA,CAAE,aAAa,0BAAA,IACf,CAAC,EAAE,UAAA,EAAY;AAAA,SACnB;AAEA,QAAA,IAAI,gBAAA;AACJ,QAAA,IAAI,wBAAA,EAA0B;AAC5B,UAAA,IAAI;AACF,YAAA,gBAAA,GAAA,CAAoB,MAAM,aAAA,CAAc,iBAAA,EAAkB,EACvD,UAAA;AAAA,UACL,CAAA,CAAA,MAAQ;AACN,YAAA,gBAAA,GAAmB,MAAA;AAAA,UACrB;AAAA,QACF;AAEA,QAAA,OAAO,UAAA,CAAW,GAAA,CAAI,CAAC,WAAA,KAAgB;AACrC,UAAA,MAAM,aAAA,GAAgB,WAAA,CAAY,GAAA,CAAI,WAAA,CAAY,EAAE,CAAA;AACpD,UAAA,MAAM,SAAA,GACJ,aAAA,EAAe,SAAA,IACf,WAAA,CAAY,YAAY,SAAA,IACxB,KAAA;AACF,UAAA,MAAM,UAAA,GACJ,eAAe,UAAA,KACd,CAAC,aAAa,WAAA,CAAY,QAAA,KAAa,6BACpC,gBAAA,GACA,MAAA,CAAA;AACN,UAAA,MAAM,MAAA,GACJ,eAAe,MAAA,KACd,CAAC,aAAa,WAAA,CAAY,QAAA,KAAa,6BACpC,sBAAA,GACA,MAAA,CAAA;AAEN,UAAA,OAAO;AAAA,YACL,IAAI,WAAA,CAAY,EAAA;AAAA,YAChB,MAAM,WAAA,CAAY,IAAA;AAAA,YAClB,SAAA;AAAA,YACA,UAAA;AAAA,YACA;AAAA,WACF;AAAA,QACF,CAAC,CAAA;AAAA,MACH;AAAA,KACF;AAAA,IAEA,KAAA,EAAO;AAAA,MACL,MAAM,KAAK,OAAA,EAAsD;AAC/D,QAAA,MAAM,eAAA,EAAgB;AACtB,QAAA,IAAI,SAAA,GAAY,MAAM,kBAAA,CAAmB,OAAO,CAAA;AAEhD,QAAA,MAAM,kBAAkB,mCAAA,EAAoC;AAC5D,QAAA,IAAI,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC9B,UAAA,MAAM,SAAA,GAAY,MAAM,2BAAA,CAA4B,IAAI,CAAA;AACxD,UAAA,SAAA,GAAY,MAAM,kBAAA,CAAmB;AAAA,YACnC,GAAG,OAAA;AAAA,YACH,mBAAA,EAAqB;AAAA,WACtB,CAAA;AAAA,QACH;AACA,QAAA,kBAAA,CAAmB,UAAU,SAAS,CAAA;AAEtC,QAAA,MAAM,qBAAqB,mCAAA,EAAoC;AAC/D,QAAA,IACE,eAAA,CAAgB,UAAU,YAAA,IAC1B,aAAA,CAAc,UAAU,OAAA,IACxB,kBAAA,CAAmB,WAAW,CAAA,EAC9B;AACA,UAAA,eAAA,CAAgB,SAAS,OAAO,CAAA;AAAA,QAClC;AAEA,QAAA,OAAO,SAAA,CAAU,KAAA;AAAA,MACnB,CAAA;AAAA,MAEA,MAAM,OAAA,CACJ,MAAA,EACA,IAAA,EACqB;AACrB,QAAA,MAAM,eAAA,EAAgB;AAEtB,QAAA,MAAM,KAAA,GAAQ,MAAM,iBAAA,CAAkB,MAAM,CAAA;AAE5C,QAAA,IAAI;AACF,UAAA,IAAI,KAAA,CAAM,WAAW,SAAA,EAAW;AAC9B,YAAA,OAAO,MAAM,aAAA,CAAc,KAAA,CAAM,OAAA,CAAQ,KAAA,CAAM,eAAe,IAAI,CAAA;AAAA,UACpE;AAEA,UAAA,MAAM,gBAAgB,KAAA,CAAM,aAAA;AAC5B,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,MAAM,IAAI,YAAA;AAAA,cACR,mBAAmB,MAAM,CAAA,kCAAA,CAAA;AAAA,cACzB,wBAAA;AAAA,cACA,EAAE,IAAA,EAAM,EAAE,MAAA,EAAQ,OAAM;AAAE,aAC5B;AAAA,UACF;AAEA,UAAA,IAAI,KAAA,GAAQ,sBAAA,CAAuB,GAAA,CAAI,aAAa,CAAA;AACpD,UAAA,IAAI,CAAC,KAAA,EAAO;AACV,YAAA,MAAM,4BAA4B,IAAI,CAAA;AACtC,YAAA,KAAA,GAAQ,sBAAA,CAAuB,IAAI,aAAa,CAAA;AAAA,UAClD;AACA,UAAA,IAAI,CAAC,KAAA,EAAO;AACV,YAAA,MAAM,IAAI,YAAA;AAAA,cACR,yBAAyB,aAAa,CAAA,wBAAA,CAAA;AAAA,cACtC,wBAAA;AAAA,cACA,EAAE,IAAA,EAAM,EAAE,aAAA,EAAc;AAAE,aAC5B;AAAA,UACF;AAEA,UAAA,MAAM,2BAAA,CAA4B,MAAM,WAAW,CAAA;AACnD,UAAA,IAAI;AACF,YAAA,MAAM,eAAA,GAAkB,YACtB,MAAM,kBAAA;AAAA,cACJ,YACE,MAAM,oBAAA;AAAA,gBAAqB,aAAA;AAAA,gBAAe,MACxC,KAAA,CAAM,MAAA,CAAO,MAAM,OAAA,CAAQ,KAAA,CAAM,eAAe,IAAI;AAAA;AACtD,aACJ;AACF,YAAA,OAAO,MAAM,eAAA,EAAgB;AAAA,UAC/B,SAAS,QAAA,EAAU;AACjB,YAAA,MAAM,eAAA,GAAkB,eAAe,QAAA,EAAU;AAAA,cAC/C,WAAW,KAAA,CAAM,SAAA;AAAA,cACjB,QAAQ,KAAA,CAAM,MAAA;AAAA,cACd,eAAe,KAAA,CAAM,aAAA;AAAA,cACrB,SAAA,EAAW,eAAA;AAAA,cACX;AAAA,aACD,CAAA;AACD,YAAA,MAAM,eAAA;AAAA,UACR;AAAA,QACF,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAA,EAAK;AAAA,YACrC,WAAW,KAAA,CAAM,SAAA;AAAA,YACjB,QAAQ,KAAA,CAAM,MAAA;AAAA,YACd,eAAe,KAAA,CAAM,aAAA;AAAA,YACrB,SAAA,EAAW,eAAA;AAAA,YACX;AAAA,WACD,CAAA;AACD,UAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,YAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,UACvC;AACA,UAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AACpC,UAAA,MAAM,UAAA;AAAA,QACR;AAAA,MACF;AAAA,KACF;AAAA,IAEA,EAAA,CACE,OAEA,OAAA,EACY;AACZ,MAAA,IAAI,UAAU,aAAA,EAAe;AAC3B,QAAA,OAAO,eAAA,CAAgB,EAAA,CAAG,aAAA,EAAe,OAAO,CAAA;AAAA,MAClD;AACA,MAAA,OAAO,eAAA,CAAgB,EAAA,CAAG,OAAA,EAAS,OAAO,CAAA;AAAA,IAC5C,CAAA;AAAA,IAEA,IAAI,GAAA,GAAM;AACR,MAAA,OAAO,aAAA,CAAc,GAAA;AAAA,IACvB;AAAA,GACF;AAMA,EAAA,OAAO,YAAA;AACT;;;ACn4BA,IAAM,kCAAkB,IAAI,GAAA,CAAI,CAAC,cAAA,EAAgB,cAAc,CAAC,CAAA;AAEhE,SAAS,aAAa,KAAA,EAAyC;AAC7D,EAAA,IAAI,SAAA,GAAY,KAAA;AAChB,EAAA,IAAI,UAAA,GAAa,KAAA;AACjB,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,IAAI,IAAA,CAAK,IAAA,KAAS,cAAA,EAAgB,SAAA,GAAY,IAAA;AAC9C,IAAA,IAAI,IAAA,CAAK,IAAA,KAAS,cAAA,EAAgB,UAAA,GAAa,IAAA;AAAA,EACjD;AACA,EAAA,OAAO,SAAA,IAAa,UAAA;AACtB;AAsBA,SAAS,wBAAwB,MAAA,EAAgC;AAC/D,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,UAAU,OAAO,IAAA;AAClD,EAAA,MAAM,UAAW,MAAA,CAA0C,OAAA;AAC3D,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,GAAG,OAAO,IAAA;AACpC,EAAA,KAAA,MAAW,QAAQ,OAAA,EAAS;AAC1B,IAAA,IACE,IAAA,CAAK,SAAS,UAAA,IACd,IAAA,CAAK,UAAU,QAAA,KAAa,kBAAA,IAC5B,IAAA,CAAK,QAAA,CAAS,IAAA,EACd;AACA,MAAA,OAAO,KAAK,QAAA,CAAS,IAAA;AAAA,IACvB;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,mBAAmB,MAAA,EAAyB;AACnD,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA,KAAW,UAAU,OAAO,MAAA,CAAO,UAAU,EAAE,CAAA;AACrE,EAAA,MAAM,CAAA,GAAI,MAAA;AACV,EAAA,IAAI,EAAE,OAAA,IAAW,KAAA,CAAM,OAAA,CAAQ,CAAA,CAAE,OAAO,CAAA,EAAG;AACzC,IAAA,MAAM,QAAQ,CAAA,CAAE,OAAA,CACb,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,IAAA,KAAS,MAAA,IAAU,CAAA,CAAE,IAAI,CAAA,CACzC,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,IAAK,CAAA;AACrB,IAAA,IAAI,MAAM,MAAA,GAAS,CAAA,EAAG,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AAG5C,IAAA,MAAM,gBAAgB,CAAA,CAAE,OAAA,CACrB,OAAO,CAAC,CAAA,KAAM,EAAE,IAAA,KAAS,UAAA,IAAc,CAAA,CAAE,QAAA,EAAU,IAAI,CAAA,CACvD,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,SAAU,IAAK,CAAA;AAC/B,IAAA,IAAI,aAAA,CAAc,SAAS,CAAA,EAAG;AAC5B,MAAA,OAAO,aAAA,CACJ,GAAA,CAAI,CAAC,IAAA,KAAS;AACb,QAAA,IAAI;AACF,UAAA,OAAO,kBAAA,CAAmB,IAAA,CAAK,KAAA,CAAM,IAAI,CAAC,CAAA;AAAA,QAC5C,CAAA,CAAA,MAAQ;AACN,UAAA,OAAO,IAAA;AAAA,QACT;AAAA,MACF,CAAC,CAAA,CACA,IAAA,CAAK,IAAI,CAAA;AAAA,IACd;AAEA,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,CAAA,CAAE,OAAO,CAAA;AAAA,EACjC;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,MAAM,CAAA;AAC9B;AAWA,SAAS,eAAe,GAAA,EAA4B;AAClD,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG,OAAO,GAAA;AAEhC,EAAA,IAAI,EAAE,eAAe,KAAA,CAAA,EAAQ;AAC3B,IAAA,OAAO,IAAI,YAAA,CAAa,MAAA,CAAO,GAAG,GAAG,uBAAuB,CAAA;AAAA,EAC9D;AAGA,EAAA,MAAM,KAAA,GAA6B,GAAA;AAGnC,EAAA,IAAI,KAAA,CAAM,SAAS,MAAA,EAAQ;AACzB,IAAA,MAAM,YAAA,GAAgB,KAAA,CAAM,YAAA,IAAgB,KAAA,CAAM,IAAA,EAAM,YAAA;AAGxD,IAAA,MAAM,WAAA,GAAc,eAAe,CAAC,CAAA;AACpC,IAAA,OAAO,IAAI,kCAAA;AAAA,MACT,aAAa,aAAA,IAAiB,SAAA;AAAA,MAC9B;AAAA,QACE,iBAAiB,WAAA,EAAa,eAAA;AAAA,QAC9B,YAAY,WAAA,EAAa,GAAA;AAAA,QACzB,SAAS,WAAA,EAAa,OAAA;AAAA,QACtB,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAGA,EAAA,MAAM,UAAA,GAAc,KAAA,CAAM,UAAA,IAAc,KAAA,CAAM,MAAA;AAC9C,EAAA,IAAI,OAAO,UAAA,KAAe,QAAA,IAAY,UAAA,IAAc,GAAA,EAAK;AACvD,IAAA,IAAI,eAAe,GAAA,EAAK;AACtB,MAAA,OAAO,IAAI,0BAAA,CAA2B,GAAA,CAAI,SAAS,EAAE,KAAA,EAAO,KAAK,CAAA;AAAA,IACnE;AACA,IAAA,OAAO,IAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,sBAAA,EAAwB;AAAA,MAC3D,UAAA;AAAA,MACA,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,mBAAA,CAAoB,GAAG,CAAA,EAAG;AAC5B,IAAA,OAAO,IAAI,0BAAA,CAA2B,GAAA,CAAI,SAAS,EAAE,KAAA,EAAO,KAAK,CAAA;AAAA,EACnE;AAGA,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,OAAO,IAAI,YAAA,CAAa,GAAA,CAAI,SAAS,EAAE,KAAA,EAAO,KAAK,CAAA;AAAA,EACrD;AAGA,EAAA,OAAO,IAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,uBAAA,EAAyB;AAAA,IAC5D,KAAA,EAAO;AAAA,GACR,CAAA;AACH;AAMO,SAAS,kCACd,MAAA,EACe;AACf,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACpB,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,gFAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,6FAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,cAAA,EAAgB;AAC1B,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,mFAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,GAAsB,MAAA;AAE1B,EAAA,MAAM,UAAA,uBAAiB,GAAA,EAA2C;AAClE,EAAA,IAAI,aAAA,GAAgC,IAAA;AAGpC,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW;AAAA,IACzB,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,QAAQ,MAAA,CAAO,SAAA;AAAA,IACf,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,gBAAgB,MAAA,CAAO,cAAA;AAAA;AAAA;AAAA;AAAA,IAIvB,gBAAA,EAAkB,MAAA,CAAO,qBAAA,GACrB,CAAC,KAAA,KAAU;AACT,MAAA,MAAA,CAAO,qBAAA,CAAuB,MAAM,GAAA,EAAK;AAAA,QACvC,EAAA,EAAI,MAAM,aAAA,IAAiB,SAAA;AAAA,QAC3B,IAAA,EAAM,KAAA,CAAM,eAAA,IAAmB,KAAA,CAAM;AAAA,OACtC,CAAA;AAAA,IACH,CAAA,GACA;AAAA,GACL,CAAA;AAID,EAAA,SAAS,SAAS,QAAA,EAAuB;AACvC,IAAA,IAAI,WAAW,QAAA,EAAU;AACzB,IAAA,MAAA,GAAS,QAAA;AACT,IAAA,IAAI;AACF,MAAA,MAAA,CAAO,gBAAgB,QAAQ,CAAA;AAAA,IACjC,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,QAAA,GAAW,UAAA,CAAW,GAAA,CAAI,aAAa,CAAA;AAC7C,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,QAAA,IAAI;AACF,UAAA,OAAA,CAAQ,QAAQ,CAAA;AAAA,QAClB,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,UAAU,KAAA,EAAqB;AACtC,IAAA,MAAM,QAAA,GAAW,UAAA,CAAW,GAAA,CAAI,OAAO,CAAA;AACvC,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,QAAA,IAAI;AACF,UAAA,OAAA,CAAQ,KAAK,CAAA;AAAA,QACf,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAIA,EAAA,eAAe,iBAAA,CAAkB,QAAQ,GAAA,EAStC;AACD,IAAA,MAAM,SAAS,MAAM,GAAA,CAAI,SAAS,cAAA,EAAgB,EAAE,OAAO,CAAA;AAC3D,IAAA,MAAM,QAAA,GAAW,wBAAwB,MAAM,CAAA;AAC/C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,qGAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI;AACF,MAAA,MAAA,GAAS,IAAA,CAAK,MAAM,QAAQ,CAAA;AAAA,IAC9B,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,uCAAuC,CAAA,YAAa,KAAA,GAAQ,EAAE,OAAA,GAAU,MAAA,CAAO,CAAC,CAAC,CAAA,CAAA;AAAA,QACjF;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,MAAA,OAAO,EAAE,KAAA,EAAO,MAAA,EAAgC,MAAA,EAAQ,EAAC,EAAE;AAAA,IAC7D;AACA,IAAA,IAAI,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACxC,MAAA,MAAM,GAAA,GAAM,MAAA;AACZ,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,MAAM,OAAA,CAAQ,GAAA,CAAI,KAAK,CAAA,GAAI,GAAA,CAAI,QAAQ,EAAC;AAAA,QAC/C,MAAA,EAAQ,MAAM,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA,GAAI,GAAA,CAAI,SAAS,EAAC;AAAA,QAClD,cAAc,KAAA,CAAM,OAAA,CAAQ,IAAI,YAAY,CAAA,GACxC,IAAI,YAAA,GACJ;AAAA,OACN;AAAA,IACF;AACA,IAAA,MAAM,IAAI,YAAA;AAAA,MACR,iFAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,SAAS,cAAc,IAAA,EAAuC;AAC5D,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,MAAA,EAAQ,IAAA,CAAK,MAAA,GACT,EAAE,EAAA,EAAI,IAAA,CAAK,MAAA,CAAO,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,IAAA,CAAK,MAAA,CAAO,MAAK,GACnD;AAAA,KACN;AAAA,EACF;AAEA,EAAA,eAAe,eAAA,GAAiC;AAC9C,IAAA,IAAI,MAAA,KAAW,OAAA,IAAW,GAAA,CAAI,WAAA,EAAa;AAC3C,IAAA,QAAA,CAAS,YAAY,CAAA;AACrB,IAAA,IAAI;AAEF,MAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,SAAA,EAAU;AACrC,MAAA,aAAA,GAAgB,aAAa,QAAQ,CAAA;AACrC,MAAA,QAAA,CAAS,OAAO,CAAA;AAAA,IAClB,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,MAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,QAAA,QAAA,CAAS,YAAY,CAAA;AAAA,MACvB,CAAA,MAAO;AACL,QAAA,QAAA,CAAS,QAAQ,CAAA;AAAA,MACnB;AACA,MAAA,SAAA,CAAU,UAAU,CAAA;AACpB,MAAA,MAAM,UAAA;AAAA,IACR;AAAA,EACF;AAIA,EAAA,MAAM,MAAA,GAAwB;AAAA,IAC5B,IAAI,KAAA,GAAQ;AACV,MAAA,OAAO,MAAA;AAAA,IACT,CAAA;AAAA,IAEA,MAAM,OAAA,GAAU;AACd,MAAA,MAAM,eAAA,EAAgB;AAAA,IACxB,CAAA;AAAA,IAEA,MAAM,UAAA,GAAa;AACjB,MAAA,MAAM,IAAI,UAAA,EAAW;AACrB,MAAA,aAAA,GAAgB,IAAA;AAChB,MAAA,QAAA,CAAS,MAAM,CAAA;AAAA,IACjB,CAAA;AAAA,IAEA,MAAM,iBAAA,GAAmD;AACvD,MAAA,MAAM,eAAA,EAAgB;AACtB,MAAA,IAAI;AACF,QAAA,OAAO,MAAM,IAAI,oBAAA,EAAqB;AAAA,MACxC,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,QAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,UAAA,QAAA,CAAS,YAAY,CAAA;AAAA,QACvB;AACA,QAAA,MAAM,UAAA;AAAA,MACR;AAAA,IACF,CAAA;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,MAAA,GAAS;AACb,QAAA,MAAM,eAAA,EAAgB;AAAA,MACxB,CAAA;AAAA,MAEA,MAAM,OAAA,GAAU;AACd,QAAA,MAAM,IAAI,SAAA,EAAU;AACpB,QAAA,aAAA,GAAgB,IAAA;AAChB,QAAA,QAAA,CAAS,MAAM,CAAA;AAAA,MACjB,CAAA;AAAA,MAEA,MAAM,eAAe,GAAA,EAAmB;AACtC,QAAA,MAAM,GAAA,CAAI,eAAe,GAAG,CAAA;AAC5B,QAAA,IAAI;AACF,UAAA,MAAM,eAAA,EAAgB;AAAA,QACxB,SAAS,GAAA,EAAK;AAGZ,UAAA,SAAA,CAAU,cAAA,CAAe,GAAG,CAAC,CAAA;AAAA,QAC/B;AAAA,MACF,CAAA;AAAA,MAEA,WAAW,GAAA,EAA4B;AACrC,QAAA,OAAO,GAAA,CAAI,WAAW,GAAG,CAAA;AAAA,MAC3B,CAAA;AAAA,MAEA,IAAI,eAAA,GAA2B;AAC7B,QAAA,OAAO,MAAA,KAAW,WAAW,GAAA,CAAI,WAAA;AAAA,MACnC;AAAA,KACF;AAAA,IAEA,YAAA,EAAc;AAAA,MACZ,MAAM,IAAA,GAAmC;AACvC,QAAA,MAAM,eAAA,EAAgB;AACtB,QAAA,IAAI;AACF,UAAA,MAAM,EAAE,KAAA,EAAO,MAAA,EAAQ,YAAA,EAAa,GAAI,MAAM,iBAAA,EAAkB;AAEhE,UAAA,MAAM,QAAA,GAAW,sBAAA,CAAuB,KAAA,EAAO,MAAA,EAAQ,YAAY,CAAA;AAGnE,UAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAC,CAAA,CAAE,QAAA,EAAU,CAAA,CAAE,MAAM,CAAC,CAAC,CAAA;AAClE,UAAA,OAAO,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,KAAM;AACzB,YAAA,MAAM,MAAA,GAAS,QAAA,CAAS,GAAA,CAAI,CAAA,CAAE,EAAE,CAAA;AAChC,YAAA,OAAO,MAAA,GAAS,EAAE,GAAG,CAAA,EAAG,QAAO,GAAI,CAAA;AAAA,UACrC,CAAC,CAAA;AAAA,QACH,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,UAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,YAAA,QAAA,CAAS,YAAY,CAAA;AAAA,UACvB;AACA,UAAA,MAAM,UAAA;AAAA,QACR;AAAA,MACF;AAAA,KACF;AAAA,IAEA,KAAA,EAAO;AAAA,MACL,MAAM,KAAK,OAAA,EAAsD;AAC/D,QAAA,MAAM,eAAA,EAAgB;AACtB,QAAA,IAAI;AACF,UAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,SAAA,EAAU;AACrC,UAAA,MAAM,eAAe,QAAA,CAAS,MAAA;AAAA,YAC5B,CAAC,CAAA,KAAM,CAAC,eAAA,CAAgB,GAAA,CAAI,EAAE,IAAI;AAAA,WACpC;AAEA,UAAA,IAAI,aAAa,MAAA,GAAS,CAAA,IAAK,CAAC,YAAA,CAAa,QAAQ,CAAA,EAAG;AACtD,YAAA,aAAA,GAAgB,KAAA;AAChB,YAAA,OAAO,YAAA,CAAa,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,cAC9B,IAAI,CAAA,CAAE,IAAA;AAAA,cACN,MAAM,CAAA,CAAE,IAAA;AAAA,cACR,aAAa,CAAA,CAAE,WAAA;AAAA,cACf,aAAa,CAAA,CAAE;AAAA,aACjB,CAAE,CAAA;AAAA,UACJ;AAEA,UAAA,aAAA,GAAgB,IAAA;AAChB,UAAA,MAAM,EAAE,KAAA,EAAO,YAAA,EAAa,GAAI,MAAM,iBAAA;AAAA,YACpC,OAAA,EAAS;AAAA,WACX;AAKA,UAAA,IAAI,YAAA,EAAc,MAAA,IAAU,MAAA,CAAO,qBAAA,EAAuB;AACxD,YAAA,KAAA,MAAW,KAAK,YAAA,EAAc;AAC5B,cAAA,IAAI,EAAE,GAAA,EAAK;AACT,gBAAA,MAAA,CAAO,qBAAA,CAAsB,EAAE,GAAA,EAAK;AAAA,kBAClC,EAAA,EAAI,EAAE,aAAA,IAAiB,EAAA;AAAA,kBACvB,IAAA,EAAM,CAAA,CAAE,eAAA,IAAmB,CAAA,CAAE;AAAA,iBAC9B,CAAA;AAAA,cACH;AAAA,YACF;AAAA,UACF;AAEA,UAAA,OAAO,KAAA,CAAM,IAAI,aAAa,CAAA;AAAA,QAChC,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,UAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,YAAA,QAAA,CAAS,YAAY,CAAA;AAAA,UACvB;AACA,UAAA,MAAM,UAAA;AAAA,QACR;AAAA,MACF,CAAA;AAAA,MAEA,MAAM,OAAA,CACJ,MAAA,EACA,IAAA,EACqB;AACrB,QAAA,MAAM,eAAA,EAAgB;AAGtB,QAAA,IAAI,kBAAkB,IAAA,EAAM;AAC1B,UAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,SAAA,EAAU;AACrC,UAAA,aAAA,GAAgB,aAAa,QAAQ,CAAA;AAAA,QACvC;AAEA,QAAA,IAAI;AACF,UAAA,MAAM,MAAA,GAAS,aAAA,GACX,MAAM,GAAA,CAAI,SAAS,cAAA,EAAgB;AAAA,YACjC,OAAA,EAAS,MAAA;AAAA,YACT,cAAA,EAAgB,QAAQ;AAAC,WAC1B,CAAA,GACD,MAAM,GAAA,CAAI,QAAA,CAAS,QAAQ,IAAI,CAAA;AAEnC,UAAA,OAAO,EAAE,OAAA,EAAS,kBAAA,CAAmB,MAAM,CAAA,EAAG,KAAK,MAAA,EAAO;AAAA,QAC5D,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,UAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,YAAA,QAAA,CAAS,YAAY,CAAA;AAAA,UACvB;AACA,UAAA,MAAM,UAAA;AAAA,QACR;AAAA,MACF;AAAA,KACF;AAAA,IAEA,EAAA,CACE,OAEA,OAAA,EACY;AACZ,MAAA,IAAI,CAAC,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,EAAG;AAC1B,QAAA,UAAA,CAAW,GAAA,CAAI,KAAA,kBAAO,IAAI,GAAA,EAAK,CAAA;AAAA,MACjC;AACA,MAAA,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,CAAG,GAAA,CAAI,OAAO,CAAA;AAClC,MAAA,OAAO,MAAM;AACX,QAAA,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,EAAG,MAAA,CAAO,OAAO,CAAA;AAAA,MACvC,CAAA;AAAA,IACF,CAAA;AAAA,IAEA,IAAI,GAAA,GAAM;AACR,MAAA,OAAO,GAAA;AAAA,IACT;AAAA,GACF;AAEA,EAAA,OAAO,MAAA;AACT;AAcO,SAAS,oBACd,MAAA,EACe;AACf,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IAAI,OAAO,OAAO,GAAA,KAAQ,QAAA,IAAY,OAAO,GAAA,CAAI,IAAA,EAAK,CAAE,MAAA,KAAW,CAAA,EAAG;AACpE,MAAA,MAAM,IAAI,WAAA;AAAA,QACR,+FAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,kCAAkC,MAAM,CAAA;AAAA,EACjD;AAEA,EAAA,OAAO,0BAA0B,MAAM,CAAA;AACzC;;;ACrQO,IAAM,yBAAA,GACX,iDAAA;AAKK,IAAM,uBAAA,GACX,+CAAA;;;AClWF,eAAsB,cACpB,MAAA,EACA,YAAA,EACA,QAAA,EACA,KAAA,EACA,mBAA2B,uBAAA,EACK;AAEhC,EAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,EAAA,IAAA,CAAK,GAAA,CAAI,cAAc,yBAAyB,CAAA;AAChD,EAAA,IAAA,CAAK,GAAA,CAAI,iBAAiB,YAAY,CAAA;AACtC,EAAA,IAAA,CAAK,GAAA,CAAI,sBAAsB,gBAAgB,CAAA;AAC/C,EAAA,IAAA,CAAK,GAAA,CAAI,YAAY,QAAQ,CAAA;AAQ7B,EAAA,MAAM,OAAA,GAAkC;AAAA,IACtC,cAAA,EAAgB;AAAA,GAClB;AAEA,EAAA,IAAI,OAAO,YAAA,EAAc;AAEvB,IAAA,MAAM,cAAc,MAAA,CAAO,IAAA;AAAA,MACzB,CAAA,EAAG,MAAA,CAAO,QAAQ,CAAA,CAAA,EAAI,OAAO,YAAY,CAAA;AAAA,KAC3C,CAAE,SAAS,QAAQ,CAAA;AACnB,IAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,CAAA,MAAA,EAAS,WAAW,CAAA,CAAA;AAAA,EACjD,CAAA,MAAO;AAEL,IAAA,IAAA,CAAK,GAAA,CAAI,WAAA,EAAa,MAAA,CAAO,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,MAAA,CAAO,QAAA,EAAU;AAAA,IAC5C,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA;AAAA,IACA,IAAA,EAAM,KAAK,QAAA;AAAS,GACrB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,IAAI,eAAe,CAAA,uBAAA,EAA0B,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,SAAS,UAAU,CAAA,CAAA;AACnF,IAAA,IAAI,SAAA;AACJ,IAAA,IAAI,eAAA;AACJ,IAAA,IAAI,aAAA;AAEJ,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,SAAA,GAAY,SAAA,CAAU,KAAA;AACtB,MAAA,IAAI,UAAU,iBAAA,EAAmB;AAC/B,QAAA,YAAA,GAAe,SAAA,CAAU,iBAAA;AAAA,MAC3B,CAAA,MAAA,IAAW,UAAU,KAAA,EAAO;AAC1B,QAAA,YAAA,GAAe,CAAA,uBAAA,EAA0B,UAAU,KAAK,CAAA,CAAA;AAAA,MAC1D;AAGA,MAAA,IAAI,SAAA,CAAU,gBAAA,IAAoB,SAAA,CAAU,cAAA,EAAgB;AAC1D,QAAA,eAAA,GAAkB,SAAA,CAAU,gBAAA;AAC5B,QAAA,aAAA,GAAgB,SAAA,CAAU,cAAA;AAAA,MAC5B;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,IAAI,UAAA,CAAW,YAAA,EAAc,qCAAA,EAAuC;AAAA,MACxE,SAAA;AAAA,MACA,IAAA,EAAM;AAAA,QACJ,eAAA;AAAA,QACA;AAAA;AACF,KACD,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,aAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAG3C,EAAA,IAAI,CAAC,cAAc,YAAA,EAAc;AAC/B,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,+CAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,cAAc,iBAAA,EAAmB;AACpC,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,oDAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,cAAc,UAAA,EAAY;AAC7B,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,6CAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,aAAA;AACT;;;AC9IO,IAAM,sBAAA,GAAN,MAAM,uBAAA,SAA+B,KAAA,CAAM;AAAA,EACvC,IAAA;AAAA,EAET,WAAA,CAAY,MAAkC,OAAA,EAAiB;AAC7D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,wBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,uBAAA,CAAuB,SAAS,CAAA;AAAA,EAC9D;AACF,CAAA;;;ACVA,IAAM,oBAAA,GAAuB,IAAI,EAAA,GAAK,GAAA;AACtC,IAAM,8BAA8B,EAAA,GAAK,GAAA;AAQlC,IAAM,aAAN,MAAiB;AAAA,EACL,OAAA;AAAA,EACA,UAAA;AAAA,EACA,iBAAA;AAAA,EACA,WAAA;AAAA,EAET,IAAA,GAA+B,IAAA;AAAA,EAC/B,WAAA,GAAc,CAAA;AAAA,EACd,aAAA,GAAgB,CAAA;AAAA,EAExB,YAAY,OAAA,EAA4B;AACtC,IAAA,IAAA,CAAK,OAAA,GAAU,IAAI,GAAA,CAAI,OAAA,CAAQ,OAAO,CAAA;AACtC,IAAA,IAAA,CAAK,UAAA,GAAa,QAAQ,UAAA,IAAc,oBAAA;AACxC,IAAA,IAAA,CAAK,iBAAA,GACH,QAAQ,iBAAA,IAAqB,2BAAA;AAC/B,IAAA,IAAA,CAAK,cAAc,OAAA,CAAQ,KAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,cAAA,GAAkC;AAChC,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,IAAA,IAAI,KAAK,IAAA,IAAQ,GAAA,GAAM,IAAA,CAAK,WAAA,GAAc,KAAK,UAAA,EAAY;AACzD,MAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,IACd;AAEA,IAAA,IAAI,CAAC,KAAK,IAAA,EAAM;AACd,MAAA,IAAA,CAAK,IAAA,GAAO,kBAAA,CAAmB,IAAA,CAAK,OAAA,EAAS;AAAA;AAAA,QAE3C,GAAI,KAAK,WAAA,IAAe;AAAA,UACtB,iBAAC,MAAA,CAAO,GAAA,CAAI,OAAO,CAAC,GAAG,IAAA,CAAK;AAAA;AAC9B,OACD,CAAA;AACD,MAAA,IAAA,CAAK,WAAA,GAAc,GAAA;AAAA,IACrB;AAEA,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAA,GAAmB;AACjB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAErB,IAAA,IAAI,CAAC,IAAA,CAAK,UAAA,EAAW,EAAG;AACtB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,aAAA,GAAgB,GAAA;AACrB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAAsB;AACpB,IAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,iBAAiB,IAAA,CAAK,iBAAA;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,iBAAiB,GAAA,EAA4C;AAC3D,IAAA,IAAI,IAAA,CAAK,SAAQ,EAAG;AAElB,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,OAAO,IAAI,sBAAA;AAAA,MACT,aAAA;AAAA,MACA,mBAAmB,GAAG,CAAA,2BAAA;AAAA,KACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAAmB;AACjB,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,WAAA,GAAc,CAAA;AAAA,EAErB;AACF,CAAA;;;ACnHA,IAAM,2BAAA,GAA8B,EAAA;AACpC,IAAM,oBAAA,GAAuB,CAAC,OAAA,EAAS,OAAO,CAAA;AA0CvC,IAAM,uBAAN,MAA2B;AAAA,EACf,MAAA;AAAA,EACA,UAAA;AAAA,EACA,SAAA;AAAA,EAEjB,YAAY,MAAA,EAAoC;AAC9C,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,cAAA,EAAgB,MAAA,CAAO,cAAA,IAAkB,EAAC;AAAA,MAC1C,UAAA,EAAY,MAAA,CAAO,UAAA,IAAc,CAAA,GAAI,EAAA,GAAK,GAAA;AAAA,MAC1C,iBAAA,EAAmB,MAAA,CAAO,iBAAA,IAAqB,EAAA,GAAK,GAAA;AAAA,MACpD,iBAAA,EACE,OAAO,iBAAA,IAAqB,2BAAA;AAAA,MAC9B,OAAO,MAAA,CAAO;AAAA,KAChB;AAEA,IAAA,IAAA,CAAK,SAAA,GAAY,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,QAAQ,IAC1C,MAAA,CAAO,QAAA,GACP,CAAC,MAAA,CAAO,QAAQ,CAAA;AAEpB,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,UAAA,CAAW;AAAA,MAC/B,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,UAAA,EAAY,KAAK,MAAA,CAAO,UAAA;AAAA,MACxB,iBAAA,EAAmB,KAAK,MAAA,CAAO,iBAAA;AAAA,MAC/B,OAAO,MAAA,CAAO;AAAA,KACf,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,OAAO,KAAA,EAAsC;AACjD,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAA,CAAK,cAAA,CAAe,KAAA,EAAO,KAAK,CAAA;AAAA,IAC/C,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,sBAAA,EAAwB;AAC3C,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAM;AAAA,MACjC;AAGA,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,OAAO,IAAI,sBAAA;AAAA,UACT,sBAAA;AAAA,UACA,CAAA,+BAAA,EAAmC,MAAgB,OAAO,CAAA;AAAA;AAC5D,OACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,aAAa,KAAA,EAAoD;AACrE,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AACtC,IAAA,OAAO,MAAA,CAAO,OAAA,GAAU,MAAA,CAAO,MAAA,GAAS,IAAA;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAAmB;AACjB,IAAA,IAAA,CAAK,WAAW,UAAA,EAAW;AAAA,EAC7B;AAAA,EAEA,MAAc,cAAA,CACZ,KAAA,EACA,OAAA,EACuB;AACvB,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,UAAA,CAAW,cAAA,EAAe;AAE5C,IAAA,IAAI;AAEF,MAAA,MAAM,EAAE,OAAA,EAAS,eAAA,KAAoB,MAAM,SAAA,CAAU,OAAO,IAAA,EAAM;AAAA,QAChE,MAAA,EAAQ,KAAK,MAAA,CAAO,MAAA;AAAA,QACpB,UAAU,IAAA,CAAK,SAAA;AAAA,QACf,cAAA,EAAgB,KAAK,MAAA,CAAO,iBAAA;AAAA,QAC5B,UAAA,EAAY;AAAA,OACb,CAAA;AAGD,MAAA,MAAM,MAAM,eAAA,CAAgB,GAAA;AAC5B,MAAA,IAAI,CAAC,oBAAA,CAAqB,QAAA,CAAS,GAAG,CAAA,EAAG;AACvC,QAAA,MAAM,IAAI,sBAAA;AAAA,UACR,uBAAA;AAAA,UACA,0BAA0B,GAAG,CAAA,mBAAA,EAAsB,oBAAA,CAAqB,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,SACpF;AAAA,MACF;AAGA,MAAA,MAAM,UAAA,GAAa,OAAA;AACnB,MAAA,IACE,OAAO,UAAA,CAAW,GAAA,KAAQ,QAAA,IAC1B,CAAC,MAAA,CAAO,QAAA,CAAS,UAAA,CAAW,GAAG,CAAA,IAC/B,UAAA,CAAW,GAAA,IAAO,CAAA,EAClB;AACA,QAAA,MAAM,IAAI,sBAAA;AAAA,UACR,gBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF;AAGA,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,WAAA,CAAY,UAAA,CAAW,KAAK,CAAA;AAChD,MAAA,KAAA,MAAW,QAAA,IAAY,IAAA,CAAK,MAAA,CAAO,cAAA,EAAgB;AACjD,QAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,QAAQ,CAAA,EAAG;AAC9B,UAAA,MAAM,IAAI,sBAAA;AAAA,YACR,eAAA;AAAA,YACA,2BAA2B,QAAQ,CAAA;AAAA,WACrC;AAAA,QACF;AAAA,MACF;AAGA,MAAA,MAAM,QAAA,GAAW,UAAA,CAAW,SAAA,IAAa,UAAA,CAAW,GAAA;AACpD,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,MAAM,IAAI,sBAAA;AAAA,UACR,gBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF;AAGA,MAAA,MAAM,MAAA,GAA8B;AAAA,QAClC,GAAA,EAAK,WAAW,GAAA,IAAO,EAAA;AAAA,QACvB,QAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA,EAAW,IAAI,IAAA,CAAK,UAAA,CAAW,MAAM,GAAI,CAAA;AAAA,QACzC,KAAK,UAAA,CAAW,GAAA;AAAA,QAChB,OAAA,EAAS;AAAA,OACX;AAEA,MAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,MAAA,EAAO;AAAA,IACjC,SAAS,KAAA,EAAO;AAEd,MAAA,IAAI,KAAA,YAAiBA,OAAW,iBAAA,EAAmB;AAEjD,QAAA,IAAI,CAAC,OAAA,EAAS;AACZ,UAAA,MAAM,GAAA,GAAM,IAAA,CAAK,UAAA,CAAW,KAAK,CAAA;AACjC,UAAA,MAAM,YAAA,GAAe,KAAK,UAAA,CAAW,gBAAA;AAAA,YACnC,GAAA,IAAO;AAAA,WACT;AACA,UAAA,IAAI,CAAC,YAAA,EAAc;AAEjB,YAAA,OAAO,IAAA,CAAK,cAAA,CAAe,KAAA,EAAO,IAAI,CAAA;AAAA,UACxC;AACA,UAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,YAAA,EAAa;AAAA,QAC/C;AAEA,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,IAAI,sBAAA;AAAA,YACT,aAAA;AAAA,YACA;AAAA;AACF,SACF;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,YAAiBA,OAAW,UAAA,EAAY;AAC1C,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,IAAI,sBAAA;AAAA,YACT,eAAA;AAAA,YACA;AAAA;AACF,SACF;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,YAAiBA,OAAW,wBAAA,EAA0B;AACxD,QAAA,MAAM,UAAU,KAAA,CAAM,OAAA;AACtB,QAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,KAAK,CAAA,EAAG;AAC3B,UAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,OAAO,MAAM,CAAA,GAC7C,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,MAAM,CAAA,GAC9B,KAAK,MAAA,CAAO,MAAA;AAChB,UAAA,OAAO;AAAA,YACL,OAAA,EAAS,KAAA;AAAA,YACT,OAAO,IAAI,sBAAA;AAAA,cACT,gBAAA;AAAA,cACA,4BAA4B,QAAQ,CAAA;AAAA;AACtC,WACF;AAAA,QACF;AACA,QAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,KAAK,CAAA,EAAG;AAC3B,UAAA,OAAO;AAAA,YACL,OAAA,EAAS,KAAA;AAAA,YACT,OAAO,IAAI,sBAAA;AAAA,cACT,kBAAA;AAAA,cACA,CAAA,kCAAA,EAAqC,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA;AAChE,WACF;AAAA,QACF;AACA,QAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,KAAK,CAAA,EAAG;AAC3B,UAAA,OAAO;AAAA,YACL,OAAA,EAAS,KAAA;AAAA,YACT,OAAO,IAAI,sBAAA;AAAA,cACT,qBAAA;AAAA,cACA;AAAA;AACF,WACF;AAAA,QACF;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,YAAiBA,OAAW,8BAAA,EAAgC;AAC9D,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,IAAI,sBAAA;AAAA,YACT,mBAAA;AAAA,YACA;AAAA;AACF,SACF;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,YAAiBA,OAAW,UAAA,EAAY;AAC1C,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,IAAI,sBAAA;AAAA,YACT,sBAAA;AAAA,YACA,CAAA,aAAA,EAAgB,MAAM,OAAO,CAAA;AAAA;AAC/B,SACF;AAAA,MACF;AAGA,MAAA,IAAI,iBAAiB,sBAAA,EAAwB;AAC3C,QAAA,MAAM,KAAA;AAAA,MACR;AAGA,MAAA,MAAM,IAAI,sBAAA;AAAA,QACR,sBAAA;AAAA,QACA,CAAA,qBAAA,EAAyB,MAAgB,OAAO,CAAA;AAAA,OAClD;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,YAAY,KAAA,EAAqC;AACvD,IAAA,IAAI,CAAC,KAAA,EAAO,OAAO,EAAC;AACpB,IAAA,OAAO,KAAA,CACJ,KAAA,CAAM,GAAG,CAAA,CACT,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,IAAA,EAAM,CAAA,CACnB,MAAA,CAAO,OAAO,CAAA;AAAA,EACnB;AAAA,EAEQ,WAAW,KAAA,EAA8B;AAC/C,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,sBAAsB,KAAK,CAAA;AAC1C,MAAA,OAAO,OAAO,GAAA,IAAO,IAAA;AAAA,IACvB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AACF;;;AC3SO,IAAM,cAAA,GAAN,MAAM,eAAA,CAAe;AAAA,EACT,UAAA,uBAAiB,GAAA,EAGhC;AAAA,EACe,YAAA,uBAAmB,GAAA,EAAoB;AAAA,EACvC,SAAA,uBAAgB,GAAA,EAAoB;AAAA,EACpC,eAAA;AAAA,EAEjB,OAAwB,gBAAA,GAAmB,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA;AAAA,EACrD,OAAwB,mBAAA,GAAsB,CAAA,GAAI,EAAA,GAAK,GAAA;AAAA;AAAA,EAEvD,WAAA,GAAc;AACZ,IAAA,IAAA,CAAK,eAAA,GAAkB,WAAA;AAAA,MACrB,MAAM,KAAK,oBAAA,EAAqB;AAAA,MAChC,eAAA,CAAe;AAAA,KACjB;AAEA,IAAA,IAAI,IAAA,CAAK,gBAAgB,KAAA,EAAO;AAC9B,MAAA,IAAA,CAAK,gBAAgB,KAAA,EAAM;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,aAAa,SAAA,EAA8D;AACzE,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,SAAS,CAAA;AAAA,EACtC;AAAA,EAEA,eAAA,CACE,SAAA,EACA,SAAA,EACA,SAAA,EACA,SAAA,EACM;AACN,IAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,SAAA,EAAW,SAAS,CAAA;AACxC,IAAA,IAAA,CAAK,YAAA,CAAa,GAAA,CAAI,SAAA,EAAW,IAAA,CAAK,KAAK,CAAA;AAC3C,IAAA,IAAI,cAAc,MAAA,EAAW;AAC3B,MAAA,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,SAAA,EAAW,SAAS,CAAA;AAAA,IACzC;AAEA,IAAA,SAAA,CAAU,UAAU,MAAM;AACxB,MAAA,IAAA,CAAK,cAAc,SAAS,CAAA;AAC5B,MAAA,SAAA,EAAW,kBAAkB,SAAS,CAAA;AAAA,IACxC,CAAA;AAAA,EACF;AAAA,EAEA,aAAa,SAAA,EAAyB;AACpC,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,SAAS,CAAA,EAAG;AAClC,MAAA,IAAA,CAAK,YAAA,CAAa,GAAA,CAAI,SAAA,EAAW,IAAA,CAAK,KAAK,CAAA;AAAA,IAC7C;AAAA,EACF;AAAA,EAEA,cAAc,SAAA,EAAyB;AACrC,IAAA,IAAA,CAAK,UAAA,CAAW,OAAO,SAAS,CAAA;AAChC,IAAA,IAAA,CAAK,YAAA,CAAa,OAAO,SAAS,CAAA;AAClC,IAAA,IAAA,CAAK,SAAA,CAAU,OAAO,SAAS,CAAA;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,iBAAiB,SAAA,EAA4B;AAC3C,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,SAAS,CAAA;AACxC,IAAA,OAAO,GAAA,KAAQ,MAAA,IAAa,IAAA,CAAK,GAAA,KAAQ,GAAA,IAAQ,GAAA;AAAA,EACnD;AAAA,EAEQ,oBAAA,GAA6B;AACnC,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,QAAQ,KAAK,IAAA,CAAK,YAAA,CAAa,SAAQ,EAAG;AACzD,MAAA,IAAI,GAAA,GAAM,QAAA,GAAW,eAAA,CAAe,gBAAA,EAAkB;AACpD,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,GAAG,CAAA;AACzC,QAAA,IAAI,SAAA,EAAW;AACb,UAAA,KAAK,UAAU,KAAA,IAAQ;AAAA,QACzB;AACA,QAAA,IAAA,CAAK,cAAc,GAAG,CAAA;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAA,GAAgB;AACd,IAAA,aAAA,CAAc,KAAK,eAAe,CAAA;AAClC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,SAAS,KAAK,IAAA,CAAK,UAAA,CAAW,SAAQ,EAAG;AACxD,MAAA,KAAK,UAAU,KAAA,IAAQ;AACvB,MAAA,IAAA,CAAK,cAAc,GAAG,CAAA;AAAA,IACxB;AAAA,EACF;AACF,CAAA;;;ACnCA,IAAM,eAAA,GAAkB,yBAAA;AACxB,IAAM,qBAAA,GAAwB,KAAK,EAAA,GAAK,GAAA;AACxC,IAAM,4BAAA,GAA+B,GAAA;AACrC,IAAM,8BAAA,GAAiC,CAAA;AACvC,IAAM,mCAAmC,EAAA,GAAK,GAAA;AAE9C,IAAM,eAAe,MAAM;AACzB,EAAA,IAAI;AACF,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,MAAA,CAAA,IAAA,CAAY,GAAG,CAAA;AAChD,IAAA,MAAM,GAAA,GAAM,WAAW,oBAAoB,CAAA;AAC3C,IAAA,OAAO,IAAI,OAAA,IAAW,SAAA;AAAA,EACxB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,SAAA;AAAA,EACT;AACF,CAAA,GAAG;AA0BI,IAAM,OAAA,GAAN,MAAM,QAAA,CAAQ;AAAA,EACnB,OAAwB,iBAAA,mBAAoB,IAAI,GAAA,EAAa;AAAA,EAC7D,OAAe,0BAAA,GAA6B,KAAA;AAAA,EAE3B,QAAA;AAAA,EACA,YAAA;AAAA,EACA,MAAA;AAAA,EACA,YAAA;AAAA;AAAA,EAGT,aAAA,GAAsC,IAAA;AAAA,EACtC,iBAAA,GAAoB,CAAA;AAAA,EACpB,eAAA,GAAiD,IAAA;AAAA;AAAA,EAGxC,eAAA,uBAAsB,GAAA,EAA8B;AAAA,EACpD,uBAAA,uBAA8B,GAAA,EAG7C;AAAA,EACe,gBAAA,uBAAuB,GAAA,EAAgC;AAAA,EACvD,kBAAA,uBAAyB,OAAA,EAGxC;AAAA,EACM,wBAAA,GAA2B,CAAA;AAAA;AAAA,EAG3B,YAAA,GAA8B,IAAA;AAAA,EAC9B,eAAA,GAAkB,CAAA;AAAA,EAClB,mBAAA,GAA8C,IAAA;AAAA;AAAA,EAGrC,eAAA,uBAAsB,GAAA,EAAoB;AAAA,EAC1C,yBAAA,uBAAgC,GAAA,EAAY;AAAA,EAE7D,YAAY,OAAA,EAAyB;AACnC,IAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AACxB,IAAA,IAAA,CAAK,YAAA,GACH,OAAA,CAAQ,YAAA,IAAgB,OAAA,CAAQ,GAAA,CAAI,qBAAA;AACtC,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,MAAA,IAAU,eAAA,EAAiB,OAAA,CAAQ,OAAO,EAAE,CAAA;AACnE,IAAA,MAAM,kBAAkB,KAAA,CAAM,OAAA,CAAQ,QAAQ,WAAW,CAAA,GACrD,QAAQ,WAAA,GACR,OAAA,CAAQ,cACN,OAAA,CAAQ,WAAA,CAAY,MAAM,GAAG,CAAA,GAC7B,QAAQ,GAAA,CAAI,oBAAA,EAAsB,MAAM,GAAG,CAAA;AACjD,IAAA,IAAA,CAAK,eAAe,KAAA,CAAM,IAAA;AAAA,MACxB,IAAI,GAAA,CAAI,eAAA,EAAiB,GAAA,CAAI,CAAC,MAAA,KAAW,MAAA,CAAO,IAAA,EAAM,CAAA,CAAE,MAAA,CAAO,OAAO,CAAC;AAAA,KACzE;AAEA,IAAA,QAAA,CAAQ,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAClC,IAAA,QAAA,CAAQ,sBAAA,EAAuB;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAA,GAAyB;AAC7B,IAAA,MAAM,KAAK,qBAAA,EAAsB;AACjC,IAAA,QAAA,CAAQ,iBAAA,CAAkB,OAAO,IAAI,CAAA;AACrC,IAAA,IAAA,CAAK,gBAAgB,KAAA,EAAM;AAC3B,IAAA,IAAA,CAAK,wBAAwB,KAAA,EAAM;AACnC,IAAA,IAAA,CAAK,aAAA,GAAgB,IAAA;AACrB,IAAA,IAAA,CAAK,iBAAA,GAAoB,CAAA;AACzB,IAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AACvB,IAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AACpB,IAAA,IAAA,CAAK,eAAA,GAAkB,CAAA;AACvB,IAAA,IAAA,CAAK,mBAAA,GAAsB,IAAA;AAC3B,IAAA,IAAA,CAAK,gBAAgB,KAAA,EAAM;AAC3B,IAAA,IAAA,CAAK,0BAA0B,KAAA,EAAM;AAAA,EACvC;AAAA,EAEA,OAAe,sBAAA,GAA+B;AAC5C,IAAA,IAAI,SAAQ,0BAAA,EAA4B;AAExC,IAAA,MAAM,aAAa,MAAM;AACvB,MAAA,KAAA,MAAW,QAAA,IAAY,SAAQ,iBAAA,EAAmB;AAChD,QAAA,KAAK,SAAS,qBAAA,EAAsB;AAAA,MACtC;AAAA,IACF,CAAA;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK,UAAU,UAAU,CAAA;AACjC,IAAA,OAAA,CAAQ,IAAA,CAAK,WAAW,UAAU,CAAA;AAClC,IAAA,QAAA,CAAQ,0BAAA,GAA6B,IAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiCA,UAAA,CAAW,QAA4B,OAAA,EAAqC;AAE1E,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,MAAA,CAAA,IAAA,CAAY,GAAG,CAAA;AAChD,IAAA,MAAM,OAAA,GAAU,WAAW,SAAS,CAAA;AACpC,IAAA,MAAM,MAAA,GAAS,QAAQ,MAAA,EAAO;AAE9B,IAAA,MAAM,OAAA,GAAU,SAAS,OAAA,IAAW,MAAA;AACpC,IAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,EAAe;AAC1C,IAAA,MAAM,QAAA,GAAW,SAAS,mBAAA,IAAuB,KAAA;AAIjD,IAAA,MAAA,CAAO,GAAA,CAAI,CAAC,IAAA,EAAe,GAAA,EAAe,IAAA,KAAuB;AAC/D,MAAA,GAAA,CAAI,MAAA,CAAO,+BAA+B,GAAG,CAAA;AAC7C,MAAA,GAAA,CAAI,MAAA;AAAA,QACF,8BAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,GAAA,CAAI,MAAA,CAAO,iCAAiC,gBAAgB,CAAA;AAC5D,MAAA,GAAA,CAAI,MAAA,CAAO,gCAAgC,4BAA4B,CAAA;AACvE,MAAA,IAAI,IAAA,CAAK,WAAW,SAAA,EAAW;AAC7B,QAAA,GAAA,CAAI,WAAW,GAAG,CAAA;AAClB,QAAA;AAAA,MACF;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAC,CAAA;AAED,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OACF;AAGA,MAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,IAAA,CAAK,EAAE,OAAO,OAAA,EAAS,SAAA,IAAa,KAAA,EAAO,CAAC,CAAA;AACxE,MAAA,MAAMC,cAAa,IAAA,CAAK,gBAAA;AAAA,QACtB,MAAA;AAAA,QACA,cAAA;AAAA,QACA,IAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,MAAA,CAAO,IAAA,CAAK,OAAA,EAASA,WAAAA,CAAW,IAAI,CAAA;AACpC,MAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAASA,WAAAA,CAAW,GAAG,CAAA;AAClC,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,EAASA,WAAAA,CAAW,MAAM,CAAA;AAExC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,cAAA,GAAiB,OACrB,GAAA,KACgC;AAChC,MAAA,MAAM,WAAW,IAAA,CAAK,sBAAA;AAAA,QACpB,MAAM,KAAK,gBAAA,EAAiB;AAAA,QAC5B,OAAA,EAAS;AAAA,OACX;AACA,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,wBAAA,CAAyB,GAAA,EAAK,SAAS,OAAO,CAAA;AACjE,MAAA,OAAO,IAAA,CAAK,6BAAA;AAAA,QACV,QAAA;AAAA,QACA,KAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAAA,IACF,CAAA;AAKA,IAAA,MAAA,CAAO,GAAA,CAAI,OAAO,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AACpE,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,IAAA,IAAQ,GAAA,CAAI,GAAA,IAAO,EAAA;AACpC,MAAA,MAAM,oBACJ,IAAA,CAAK,UAAA,CAAW,yCAAyC,CAAA,IACzD,IAAA,CAAK,WAAW,uCAAuC,CAAA;AAEzD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,IAAA,EAAK;AACL,QAAA;AAAA,MACF;AAEA,MAAA,IAAI;AACF,QAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,QAAA,WAAA,CAAY,cAAA,CAAe,GAAA,EAAK,GAAA,EAAK,IAAI,CAAA;AAAA,MAC3C,SAAS,KAAA,EAAO;AACd,QAAA,IAAA,CAAK,wBAAA,CAAyB,KAAK,KAAK,CAAA;AAAA,MAC1C;AAAA,IACF,CAAC,CAAA;AAGD,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,IAAA,CAAK,EAAE,OAAO,OAAA,EAAS,SAAA,IAAa,KAAA,EAAO,CAAC,CAAA;AAExE,IAAA,MAAM,aAAa,IAAA,CAAK,gBAAA;AAAA,MACtB,MAAA;AAAA,MACA,cAAA;AAAA,MACA,cAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAA,CAAO,IAAA,CAAK,OAAA,EAAS,UAAA,CAAW,IAAI,CAAA;AACpC,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,UAAA,CAAW,GAAG,CAAA;AAClC,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,EAAS,UAAA,CAAW,MAAM,CAAA;AAExC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,OAAA,CACJ,WAAA,EACA,KAAA,EACgC;AAChC,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,IAAA,CAAK,wBAAwB,GAAG,CAAA;AAGhC,IAAA,MAAM,QAAA,GAAW,CAAA,EAAG,WAAW,CAAA,EAAA,EAAK,KAAK,CAAA,CAAA;AACzC,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,QAAQ,CAAA;AAChD,IAAA,IAAI,MAAA,IAAU,GAAA,GAAM,MAAA,CAAO,SAAA,EAAW;AAEpC,MAAA,IAAA,CAAK,eAAA,CAAgB,OAAO,QAAQ,CAAA;AACpC,MAAA,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,QAAA,EAAU,MAAM,CAAA;AACzC,MAAA,OAAO,MAAA,CAAO,UAAA;AAAA,IAChB;AACA,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAA,CAAK,eAAA,CAAgB,OAAO,QAAQ,CAAA;AAAA,IACtC;AAGA,IAAA,MAAM,cAAA,GAAsC;AAAA,MAC1C,QAAA,EAAU,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,aAAA,CAAA;AAAA,MACxB,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,cAAc,IAAA,CAAK;AAAA,KACrB;AAEA,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,aAAA,CAAc,cAAA,EAAgB,KAAA,EAAO,WAAW,CAAA;AAAA,IACnE,SAAS,GAAA,EAAK;AAIZ,MAAA,IAAI,eAAe,UAAA,EAAY;AAC7B,QAAA,IACE,IAAI,SAAA,KAAc,sBAAA,IAClB,GAAA,CAAI,OAAA,CAAQ,SAAS,eAAe,CAAA,IACnC,GAAA,CAAI,OAAA,CAAQ,SAAS,SAAS,CAAA,IAAK,IAAI,OAAA,CAAQ,QAAA,CAAS,WAAW,CAAA,EACpE;AACA,UAAA,MAAM,aAAA,GACH,GAAA,CAAI,IAAA,CAAK,aAAA,IAA4B,WAAA;AACxC,UAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,eAAA;AAAA,YAC5B,KAAA;AAAA,YACA,aAAA;AAAA,YACA;AAAA,WACF;AACA,UAAA,MAAM,IAAI,mCAAmC,aAAA,EAAe;AAAA,YAC1D,eAAA,EAAiB,IAAI,IAAA,CAAK,eAAA;AAAA,YAC1B,UAAA;AAAA,YACA,SAAS,GAAA,CAAI;AAAA,WACd,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA,MAAM,GAAA;AAAA,IACR;AAEA,IAAA,MAAM,UAAA,GAAoC;AAAA,MACxC,aAAa,QAAA,CAAS,YAAA;AAAA,MACtB,WAAW,QAAA,CAAS,UAAA;AAAA,MACpB,eAAe,CAAA,EAAG,QAAA,CAAS,UAAU,CAAA,CAAA,EAAI,SAAS,YAAY,CAAA,CAAA;AAAA,MAC9D,WAAW,QAAA,CAAS,UAAA;AAAA,MACpB,OAAO,QAAA,CAAS,KAAA;AAAA,MAChB;AAAA,KACF;AAGA,IAAA,IAAI,SAAS,UAAA,EAAY;AACvB,MAAA,MAAM,KAAA,GAAQ,KAAK,GAAA,CAAI,QAAA,CAAS,aAAa,EAAA,EAAI,CAAA,GAAI,EAAE,CAAA,GAAI,GAAA;AAC3D,MAAA,IAAI,QAAQ,CAAA,EAAG;AACb,QAAA,IAAA,CAAK,cAAA,CAAe,IAAA,CAAK,eAAA,EAAiB,4BAA4B,CAAA;AACtE,QAAA,IAAA,CAAK,eAAA,CAAgB,IAAI,QAAA,EAAU;AAAA,UACjC,UAAA;AAAA,UACA,WAAW,GAAA,GAAM;AAAA,SAClB,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,OAAO,UAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,kBAAA,CACJ,WAAA,EACA,KAAA,EACyC;AACzC,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,IAAA,CAAK,gCAAgC,GAAG,CAAA;AAExC,IAAA,MAAM,QAAA,GAAW,CAAA,EAAG,WAAW,CAAA,EAAA,EAAK,KAAK,CAAA,sBAAA,CAAA;AACzC,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,uBAAA,CAAwB,GAAA,CAAI,QAAQ,CAAA;AACxD,IAAA,IAAI,MAAA,IAAU,GAAA,GAAM,MAAA,CAAO,SAAA,EAAW;AACpC,MAAA,IAAA,CAAK,uBAAA,CAAwB,OAAO,QAAQ,CAAA;AAC5C,MAAA,IAAA,CAAK,uBAAA,CAAwB,GAAA,CAAI,QAAA,EAAU,MAAM,CAAA;AACjD,MAAA,OAAO,MAAA,CAAO,UAAA;AAAA,IAChB;AACA,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAA,CAAK,uBAAA,CAAwB,OAAO,QAAQ,CAAA;AAAA,IAC9C;AAEA,IAAA,MAAM,cAAA,GAAsC;AAAA,MAC1C,QAAA,EAAU,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,aAAA,CAAA;AAAA,MACxB,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,cAAc,IAAA,CAAK;AAAA,KACrB;AAEA,IAAA,IAAI,kBAAA,GAAqB,KAAA;AACzB,IAAA,IAAI,CAAC,IAAA,CAAK,oBAAA,CAAqB,KAAK,CAAA,EAAG;AACrC,MAAA,IAAI;AACF,QAAA,MAAM,YAAY,MAAM,aAAA;AAAA,UACtB,cAAA;AAAA,UACA,KAAA;AAAA,UACA;AAAA,SACF;AACA,QAAA,kBAAA,GAAqB,SAAA,CAAU,YAAA;AAAA,MACjC,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,IAAI,UAAA;AAAA,UACR,8CAAA;AAAA,UACA,qCAAA;AAAA,UACA;AAAA,YACE,SAAA,EAAW,6BAAA;AAAA,YACX,kBACE,GAAA,YAAe,KAAA,GACX,IAAI,OAAA,GACJ,MAAA,CAAO,OAAO,eAAe;AAAA;AACrC,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,aAAA,GAAgB,MAAM,IAAA,CAAK,2BAAA;AAAA,MAC/B,WAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,MAAM,MAAM,KAAA;AAAA,MAChB,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,kBAAA,EAAqB,aAAa,CAAA,oBAAA,CAAA;AAAA,MAChD;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,aAAA,EAAe,UAAU,kBAAkB,CAAA,CAAA;AAAA,UAC3C,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,IAAA,EAAM;AAAA;AACR,KACF;AAEA,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,MAAA,MAAM,OAAA,GACJ,IAAA,IAAQ,IAAA,CAAK,IAAA,EAAK,CAAE,SAAS,CAAA,GACzB,IAAA,GACA,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,4BAAA,CAAA;AAExB,MAAA,IACE,GAAA,CAAI,WAAW,GAAA,IACf,OAAA,CAAQ,aAAY,CAAE,QAAA,CAAS,sBAAsB,CAAA,EACrD;AACA,QAAA,MAAM,IAAI,mCAAmC,aAAA,EAAe;AAAA,UAC1D,eAAA,EAAiB,OAAO,WAAW,CAAA;AAAA,UACnC;AAAA,SACD,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,iDAAiD,aAAa,CAAA,CAAA;AAAA,QAC9D,oCAAA;AAAA,QACA;AAAA,UACE,SAAA,EAAW,4BAAA;AAAA,UACX,gBAAA,EAAkB;AAAA;AACpB,OACF;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAW,MAAM,GAAA,CAAI,IAAA,EAAK;AAKhC,IAAA,IACE,CAAC,OAAA,CAAQ,WAAA,IACT,OAAO,OAAA,CAAQ,WAAA,KAAgB,QAAA,IAC/B,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EACjC;AACA,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,6CAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,cAAsC,EAAC;AAC7C,IAAA,KAAA,MAAW,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EAAG;AAC9D,MAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,QAAA,WAAA,CAAY,GAAG,CAAA,GAAI,KAAA;AAAA,MACrB;AAAA,IACF;AAEA,IAAA,IAAI,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA,CAAE,WAAW,CAAA,EAAG;AACzC,MAAA,MAAM,IAAI,mCAAmC,aAAA,EAAe;AAAA,QAC1D,eAAA,EAAiB,OAAO,WAAW,CAAA;AAAA,QACnC,OAAA,EAAS;AAAA,OACV,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,QAAA,GAA2C;AAAA,MAC/C,WAAA;AAAA,MACA,aAAA,EAAe,QAAQ,aAAA,IAAiB,aAAA;AAAA,MACxC;AAAA,KACF;AAEA,IAAA,IAAA,CAAK,cAAA;AAAA,MACH,IAAA,CAAK,uBAAA;AAAA,MACL;AAAA,KACF;AACA,IAAA,IAAA,CAAK,uBAAA,CAAwB,IAAI,QAAA,EAAU;AAAA,MACzC,UAAA,EAAY,QAAA;AAAA,MACZ,WAAW,GAAA,GAAM;AAAA,KAClB,CAAA;AAED,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEQ,mBAAA,GAAmC;AACzC,IAAA,uBAAO,IAAI,GAAA,CAAI,CAAC,CAAA,EAAG,IAAI,GAAA,CAAI,IAAA,CAAK,MAAM,CAAA,CAAE,MAAM,CAAA,IAAA,CAAA,EAAQ,aAAa,CAAC,CAAA;AAAA,EACtE;AAAA,EAEQ,qBAAqB,KAAA,EAAwB;AACnD,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,qBAAA,CAAsB,KAAK,CAAA;AAClD,IAAA,IAAI,SAAA,CAAU,WAAW,CAAA,EAAG;AAC1B,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,MAAM,gBAAA,GAAmB,KAAK,mBAAA,EAAoB;AAClD,IAAA,OAAO,UAAU,IAAA,CAAK,CAAC,aAAa,gBAAA,CAAiB,GAAA,CAAI,QAAQ,CAAC,CAAA;AAAA,EACpE;AAAA,EAEQ,sBAAsB,KAAA,EAAyB;AACrD,IAAA,MAAM,GAAG,WAAW,CAAA,GAAI,KAAA,CAAM,MAAM,GAAG,CAAA;AACvC,IAAA,IAAI,CAAC,WAAA,EAAa,OAAO,EAAC;AAC1B,IAAA,IAAI;AACF,MAAA,MAAM,UAAU,IAAA,CAAK,KAAA;AAAA,QACnB,OAAO,IAAA,CAAK,WAAA,EAAa,WAAW,CAAA,CAAE,SAAS,MAAM;AAAA,OACvD;AACA,MAAA,IAAI,OAAO,OAAA,CAAQ,GAAA,KAAQ,QAAA,EAAU;AACnC,QAAA,OAAO,CAAC,QAAQ,GAAG,CAAA;AAAA,MACrB;AACA,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA,EAAG;AAC9B,QAAA,OAAO,QAAQ,GAAA,CAAI,MAAA;AAAA,UACjB,CAAC,KAAA,KAA2B,OAAO,KAAA,KAAU;AAAA,SAC/C;AAAA,MACF;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,OAAO,EAAC;AAAA,EACV;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,2BAAA,CACZ,WAAA,EACA,YAAA,EACiB;AACjB,IAAA,MAAM,GAAA,GAAM,OAAO,WAAW,CAAA;AAC9B,IAAA,IAAI,IAAA,CAAK,MAAA,CAAO,GAAG,CAAA,EAAG;AACpB,MAAA,OAAO,GAAA;AAAA,IACT;AAEA,IAAA,MAAM,MAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,iBAAA,CAAA,EAAqB;AAAA,MACzD,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,UAAU,YAAY,CAAA;AAAA;AACvC,KACD,CAAA;AACD,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,0CAAA;AAAA,QACA,mCAAA;AAAA,QACA;AAAA,UACE,SAAA,EAAW,2BAAA;AAAA,UACX,gBAAA,EAAkB,IAAA,IAAQ,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA;AAAA;AAC9C,OACF;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAW,MAAM,GAAA,CAAI,IAAA,EAAK;AAGhC,IAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,OAAA,CAAQ,KAAK,CAAA,GAAI,OAAA,CAAQ,QAAQ,EAAC;AAC9D,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,KAAK,EAAA,KAAO,GAAA,IAAO,IAAA,CAAK,IAAA,KAAS,GAAG,CAAA;AACvE,IAAA,MAAM,gBAAgB,KAAA,EAAO,EAAA;AAC7B,IAAA,IAAI,CAAC,aAAA,EAAe;AAClB,MAAA,MAAM,IAAI,mCAAmC,GAAA,EAAK;AAAA,QAChD,eAAA,EAAiB,GAAA;AAAA,QACjB,OAAA,EAAS,eAAe,GAAG,CAAA,oCAAA;AAAA,OAC5B,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,aAAA;AAAA,EACT;AAAA,EAEQ,OAAO,KAAA,EAAwB;AACrC,IAAA,OAAO,4EAAA,CAA6E,IAAA;AAAA,MAClF;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAc,eAAA,CACZ,YAAA,EACA,aAAA,EACA,cAAA,EAC6B;AAC7B,IAAA,IAAI;AAEF,MAAA,MAAM,eAAe,MAAM,aAAA;AAAA,QACzB,cAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACF;AAGA,MAAA,MAAM,OAAA,GAAU,CAAA,EAAG,IAAA,CAAK,MAAM,qBAAqB,aAAa,CAAA,WAAA,CAAA;AAChE,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,OAAA,EAAS;AAAA,QAC/B,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,aAAA,EAAe,CAAA,OAAA,EAAU,YAAA,CAAa,YAAY,CAAA,CAAA;AAAA,UAClD,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE;AAAA,OACxB,CAAA;AAED,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,QAAA,OAAA,CAAQ,IAAA;AAAA,UACN,CAAA,kDAAA,EAAqD,GAAA,CAAI,MAAM,CAAA,EAAA,EAAK,IAAI,CAAA;AAAA,SAC1E;AACA,QAAA,OAAO,KAAA,CAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAM7B,MAAA,OAAO,IAAA,CAAK,cAAc,IAAA,CAAK,gBAAA;AAAA,IACjC,SAAS,GAAA,EAAK;AAIZ,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN,CAAA,iCAAA,CAAA;AAAA,QACA,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,OACjD;AACA,MAAA,OAAO,MAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,gBAAA,GAA2C;AACvD,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,IACE,IAAA,CAAK,aAAA,IACL,GAAA,GAAM,IAAA,CAAK,oBAAoB,qBAAA,EAC/B;AACA,MAAA,OAAO,IAAA,CAAK,aAAA;AAAA,IACd;AAEA,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,OAAO,IAAA,CAAK,eAAA;AAAA,IACd;AAEA,IAAA,IAAA,CAAK,eAAA,GAAkB,KAAK,kBAAA,EAAmB;AAC/C,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,eAAA;AAC5B,MAAA,IAAA,CAAK,aAAA,GAAgB,QAAA;AACrB,MAAA,IAAA,CAAK,iBAAA,GAAoB,KAAK,GAAA,EAAI;AAClC,MAAA,OAAO,QAAA;AAAA,IACT,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AAAA,IACzB;AAAA,EACF;AAAA,EAEQ,sBAAA,CACN,UACA,iBAAA,EACe;AACf,IAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,MAAA,OAAO,QAAA;AAAA,IACT;AAGA,IAAA,OAAO,iBAAA,CAAkB,IAAA,CAAK,kBAAA,CAAmB,QAAQ,CAAC,CAAA;AAAA,EAC5D;AAAA,EAEQ,mBAAmB,QAAA,EAAwC;AACjE,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAc,kBAAA,GAA6C;AAEzD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,CAAA,EAAG,KAAK,MAAM,CAAA,uCAAA,CAAA;AAAA,MACd,CAAA,EAAG,KAAK,MAAM,CAAA,iCAAA;AAAA,KAChB;AAEA,IAAA,IAAI,SAAA;AACJ,IAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAG,CAAA;AAC3B,QAAA,IAAI,IAAI,EAAA,EAAI;AACV,UAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,QACzB;AAAA,MACF,SAAS,GAAA,EAAK;AACZ,QAAA,SAAA,GAAY,eAAe,KAAA,GAAQ,GAAA,GAAM,IAAI,KAAA,CAAM,MAAA,CAAO,GAAG,CAAC,CAAA;AAAA,MAChE;AAAA,IACF;AAEA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,oCAAoC,IAAA,CAAK,MAAM,CAAA,EAAA,EAAK,SAAA,EAAW,WAAW,eAAe,CAAA;AAAA,KAC3F;AAAA,EACF;AAAA,EAEQ,wBAAA,CACN,GAAA,EACA,OAAA,EACA,OAAA,EACK;AACL,IAAA,IAAI,SAAS,iBAAA,EAAmB;AAC9B,MAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,iBAAiB,CAAA;AAAA,IAC1C;AACA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,GAAA,CAAI,MAAM,CAAA;AAC3B,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,IAAI,IAAI,CAAA,EAAG,GAAA,CAAI,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,OAAO,CAAA,CAAE,CAAA;AAAA,EACtD;AAAA,EAEQ,6BAAA,CACN,QAAA,EACA,KAAA,EACA,cAAA,EACoB;AACpB,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,sBAAA,CAAuB,KAAA,EAAO,cAAc,CAAA;AAC7D,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,gBAAA,CAAiB,GAAA,CAAI,GAAG,CAAA;AAC5C,IAAA,IAAI,MAAA,EAAQ;AAEV,MAAA,IAAA,CAAK,gBAAA,CAAiB,OAAO,GAAG,CAAA;AAChC,MAAA,IAAA,CAAK,gBAAA,CAAiB,GAAA,CAAI,GAAA,EAAK,MAAM,CAAA;AACrC,MAAA,OAAO,MAAA;AAAA,IACT;AAIA,IAAA,MAAM,eAAA,GAAkB,EAAE,GAAG,QAAA,EAAU,QAAQ,CAAA,EAAG,KAAA,CAAM,MAAM,CAAA,CAAA,CAAA,EAAI;AAClE,IAAA,MAAM,iBAAiB,qBAAA,CAAsB;AAAA,MAC3C,aAAA,EAAe,eAAA;AAAA,MACf,iBAAA,EAAmB;AAAA,KACpB,CAAA;AACD,IAAA,MAAM,mBAAA,GAAsB,qCAAqC,KAAK,CAAA;AACtE,IAAA,MAAM,QAAA,GACJ,cAAA,IAAkB,IAAA,CAAK,mBAAA,CAAoB,UAAU,KAAK,CAAA;AAC5D,IAAA,MAAM,WAAA,GAAkC;AAAA,MACtC,cAAA;AAAA,MACA,YAAY,iBAAA,CAAkB;AAAA,QAC5B,QAAA;AAAA,QACA;AAAA,OACD;AAAA,KACH;AAEA,IAAA,IAAA,CAAK,cAAA,CAAe,IAAA,CAAK,gBAAA,EAAkB,8BAA8B,CAAA;AACzE,IAAA,IAAA,CAAK,gBAAA,CAAiB,GAAA,CAAI,GAAA,EAAK,WAAW,CAAA;AAC1C,IAAA,OAAO,WAAA;AAAA,EACT;AAAA,EAEQ,sBAAA,CACN,OACA,cAAA,EACQ;AACR,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,OAAO,CAAA,EAAG,MAAM,IAAI,CAAA,SAAA,CAAA;AAAA,IACtB;AAEA,IAAA,IAAI,UAAA,GAAa,IAAA,CAAK,kBAAA,CAAmB,GAAA,CAAI,cAAc,CAAA;AAC3D,IAAA,IAAI,eAAe,MAAA,EAAW;AAC5B,MAAA,UAAA,GAAa,EAAE,IAAA,CAAK,wBAAA;AACpB,MAAA,IAAA,CAAK,kBAAA,CAAmB,GAAA,CAAI,cAAA,EAAgB,UAAU,CAAA;AAAA,IACxD;AAEA,IAAA,OAAO,CAAA,EAAG,KAAA,CAAM,IAAI,CAAA,SAAA,EAAY,UAAU,CAAA,CAAA;AAAA,EAC5C;AAAA,EAEQ,wBAAA,CAAyB,KAAe,KAAA,EAAsB;AACpE,IAAA,MAAM,UAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AACrE,IAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,uCAAA,EAA0C,OAAO,CAAA,CAAE,CAAA;AACjE,IAAA,IAAI,IAAI,WAAA,EAAa;AACrB,IAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,MACnB,KAAA,EAAO,qBAAA;AAAA,MACP,iBAAA,EACE;AAAA,KACH,CAAA;AAAA,EACH;AAAA,EAEQ,wBAAwB,GAAA,EAAmB;AACjD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,IAAA,CAAK,eAAA,CAAgB,SAAQ,EAAG;AACzD,MAAA,IAAI,KAAA,CAAM,aAAa,GAAA,EAAK;AAC1B,QAAA,IAAA,CAAK,eAAA,CAAgB,OAAO,GAAG,CAAA;AAAA,MACjC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,gCAAgC,GAAA,EAAmB;AACzD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,IAAA,CAAK,uBAAA,CAAwB,SAAQ,EAAG;AACjE,MAAA,IAAI,KAAA,CAAM,aAAa,GAAA,EAAK;AAC1B,QAAA,IAAA,CAAK,uBAAA,CAAwB,OAAO,GAAG,CAAA;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,cAAA,CAAkB,OAAuB,UAAA,EAA0B;AACzE,IAAA,OAAO,KAAA,CAAM,QAAQ,UAAA,EAAY;AAC/B,MAAA,MAAM,SAAA,GAAY,KAAA,CAAM,IAAA,EAAK,CAAE,MAAK,CAAE,KAAA;AACtC,MAAA,IAAI,CAAC,SAAA,EAAW;AAChB,MAAA,KAAA,CAAM,OAAO,SAAS,CAAA;AAAA,IACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMQ,mBAAA,CACN,UACA,WAAA,EACoB;AACpB,IAAA,MAAM,WAAA,GAAc,QAAA;AACpB,IAAA,MAAM,OAAA,GACH,WAAA,CAAY,QAAA,IACb,CAAA,EAAG,KAAK,MAAM,CAAA,sBAAA,CAAA;AAChB,IAAA,MAAM,WAAW,IAAA,CAAK,QAAA;AAEtB,IAAA,MAAM,UAAU,KAAA,CAAM,IAAA;AAAA,MACpB,IAAI,GAAA;AAAA,QACF,CAAC,QAAA,CAAS,MAAA,EAAQ,GAAG,IAAA,CAAK,YAAY,CAAA,CAAE,MAAA;AAAA,UACtC,CAACC,OAAAA,KAA6B,OAAOA,OAAAA,KAAW,QAAA,IAAY,CAAC,CAACA;AAAA;AAChE;AACF,KACF;AACA,IAAA,IAAI,CAAC,QAAQ,MAAA,EAAQ;AACnB,MAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,IACjD;AACA,IAAA,MAAM,SACJ,OAAA,CAAQ,MAAA,KAAW,CAAA,GAAI,OAAA,CAAQ,CAAC,CAAA,GAAK,OAAA;AAEvC,IAAA,MAAM,QAAA,GAAW,IAAI,oBAAA,CAAqB;AAAA,MACxC,OAAA,EAAS,OAAA;AAAA,MACT,MAAA;AAAA,MACA,UAAU,WAAA,CAAY;AAAA,KACvB,CAAA;AAED,IAAA,OAAO;AAAA,MACL,MAAM,kBAAkB,KAAA,EAAkC;AACxD,QAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,MAAA,CAAO,KAAK,CAAA;AAE1C,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,iBAAA;AAAA,YACR,CAAA,2BAAA,EAA8B,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA;AAAA,WACpD;AAAA,QACF;AAEA,QAAA,MAAM,EAAE,QAAO,GAAI,MAAA;AACnB,QAAA,MAAM,UAAU,MAAA,CAAO,OAAA;AACvB,QAAA,MAAM,GAAA,GAAO,OAAA,CAAQ,GAAA,IAA+C,EAAC;AAErE,QAAA,OAAO;AAAA,UACL,KAAA;AAAA,UACA,QAAA,EAAU,OAAO,QAAA,IAAY,QAAA;AAAA,UAC7B,QAAQ,MAAA,CAAO,MAAA;AAAA,UACf,WAAW,IAAA,CAAK,KAAA,CAAM,OAAO,SAAA,CAAU,OAAA,KAAY,GAAI,CAAA;AAAA,UACvD,KAAA,EAAO;AAAA,YACL,GAAG,GAAA;AAAA,YACH,KAAK,MAAA,CAAO,GAAA;AAAA,YACZ,KAAA,EAAO,OAAA,CAAQ,KAAA,IAAS,GAAA,CAAI;AAAA;AAC9B,SACF;AAAA,MACF;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,eAAA,GAAmC;AAC/C,IAAA,IAAI,KAAK,YAAA,IAAgB,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,kBAAkB,GAAA,EAAQ;AACnE,MAAA,OAAO,IAAA,CAAK,YAAA;AAAA,IACd;AAEA,IAAA,IAAI,KAAK,mBAAA,EAAqB;AAC5B,MAAA,OAAO,IAAA,CAAK,mBAAA;AAAA,IACd;AAEA,IAAA,IAAA,CAAK,uBAAuB,YAAY;AACtC,MAAA,MAAM,MAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,aAAA,CAAA,EAAiB;AAAA,QACrD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,mCAAA;AAAA,UAChB,aAAA,EAAe,CAAA,MAAA,EAAS,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,QAAA,GAAW,GAAA,GAAM,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAC,CAAA;AAAA,SACjG;AAAA,QACA,IAAA,EAAM;AAAA,OACP,CAAA;AACD,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,CAAA,0DAAA,EAA6D,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA;AAAA,SACjF;AAAA,MACF;AACA,MAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAI7B,MAAA,IAAA,CAAK,eAAe,IAAA,CAAK,YAAA;AACzB,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA,CAAK,GAAA,EAAI,GAAI,KAAK,UAAA,GAAa,GAAA;AACtD,MAAA,OAAO,IAAA,CAAK,YAAA;AAAA,IACd,CAAA,GAAG;AAEH,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAA,CAAK,mBAAA;AAAA,IACpB,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,mBAAA,GAAsB,IAAA;AAAA,IAC7B;AAAA,EACF;AAAA,EAEQ,YACN,KAAA,EAKM;AACN,IAAA,IAAI,CAAC,IAAA,CAAK,YAAA,IAAgB,CAAC,MAAM,SAAA,EAAW;AAC5C,IAAA,IAAA,CAAK,iBAAgB,CAClB,IAAA;AAAA,MAAK,CAAC,KAAA,KACL,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,kBAAA,CAAA,EAAsB;AAAA,QACxC,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,aAAA,EAAe,UAAU,KAAK,CAAA;AAAA,SAChC;AAAA,QACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,GAAG,KAAA;AAAA,UACH,SAAS,IAAA,CAAK,QAAA;AAAA,UACd,UAAU,IAAA,CAAK,QAAA;AAAA,UACf,aAAA,EAAe;AAAA,SAChB;AAAA,OACF,CAAA,CAAE,IAAA,CAAK,CAAC,GAAA,KAAQ;AACf,QAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,UAAA,OAAA,CAAQ,IAAA;AAAA,YACN,CAAA,8CAAA,EAAiD,IAAI,MAAM,CAAA;AAAA,WAC7D;AAAA,QACF;AAAA,MACF,CAAC;AAAA,KACH,CACC,KAAA,CAAM,CAAC,GAAA,KAAQ;AACd,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN,CAAA,0BAAA,CAAA;AAAA,QACA,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,OACjD;AAAA,IACF,CAAC,CAAA;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAMQ,kBAAA,CACN,SAAA,EACA,YAAA,EACA,QAAA,EAMM;AACN,IAAA,IAAI,CAAC,IAAA,CAAK,YAAA,IAAgB,CAAC,SAAA,EAAW;AACtC,IAAA,MAAM,eAAA,GAAkB,WAAW,QAAQ,CAAA,CACxC,OAAO,SAAS,CAAA,CAChB,OAAO,KAAK,CAAA;AAEf,IAAA,IAAA,CAAK,iBAAgB,CAClB,IAAA;AAAA,MAAK,CAAC,KAAA,KACL,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,sBAAA,CAAA,EAA0B;AAAA,QAC5C,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,aAAA,EAAe,UAAU,KAAK,CAAA;AAAA,SAChC;AAAA,QACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,eAAA;AAAA,UACA,UAAU,QAAA,EAAU,QAAA;AAAA,UACpB,WAAW,QAAA,EAAU,SAAA;AAAA,UACrB,YAAY,QAAA,EAAU,UAAA;AAAA,UACtB,cAAA,EAAgB,QAAA,EAAU,cAAA,GACtB,IAAI,IAAA,CAAK,SAAS,cAAA,GAAiB,GAAI,CAAA,CAAE,WAAA,EAAY,GACrD;AAAA,SACL;AAAA,OACF,CAAA,CAAE,IAAA,CAAK,OAAO,GAAA,KAAQ;AACrB,QAAA,IAAI,IAAI,EAAA,EAAI;AACV,UAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAI7B,UAAA,IAAI,IAAA,CAAK,yBAAA,CAA0B,MAAA,CAAO,YAAY,CAAA,EAAG;AACvD,YAAA,IAAA,CAAK,sCAAA;AAAA,cACH,IAAA,CAAK,SAAA;AAAA,cACL;AAAA,aACF;AACA,YAAA;AAAA,UACF;AAEA,UAAA,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,YAAA,EAAc,IAAA,CAAK,SAAS,CAAA;AAAA,QACvD,CAAA,MAAO;AACL,UAAA,IAAA,CAAK,yBAAA,CAA0B,OAAO,YAAY,CAAA;AAClD,UAAA,OAAA,CAAQ,IAAA;AAAA,YACN,CAAA,uCAAA,EAA0C,IAAI,MAAM,CAAA;AAAA,WACtD;AAAA,QACF;AAAA,MACF,CAAC;AAAA,KACH,CACC,KAAA,CAAM,CAAC,GAAA,KAAQ;AACd,MAAA,IAAA,CAAK,yBAAA,CAA0B,OAAO,YAAY,CAAA;AAClD,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN,CAAA,yBAAA,CAAA;AAAA,QACA,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,OACjD;AAAA,IACF,CAAC,CAAA;AAAA,EACL;AAAA,EAEQ,sCAAA,CACN,gBACA,YAAA,EACM;AACN,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AAExB,IAAA,MAAM,eAAe,YAAA,GACjB,OAAA,CAAQ,QAAQ,YAAY,CAAA,GAC5B,KAAK,eAAA,EAAgB;AAEzB,IAAA,YAAA,CACG,IAAA;AAAA,MAAK,CAAC,KAAA,KACL,KAAA;AAAA,QACE,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,uBAAA,EAA0B,cAAc,CAAA,WAAA,CAAA;AAAA,QACtD;AAAA,UACE,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA;AAAG;AAC9C;AACF,KACF,CACC,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACnB;AAAA,EAEQ,uBAAuB,YAAA,EAA4B;AACzD,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AAExB,IAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,YAAY,CAAA;AAC5D,IAAA,IAAA,CAAK,eAAA,CAAgB,OAAO,YAAY,CAAA;AACxC,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,IAAA,CAAK,yBAAA,CAA0B,IAAI,YAAY,CAAA;AAC/C,MAAA;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,yBAAA,CAA0B,OAAO,YAAY,CAAA;AAClD,IAAA,IAAA,CAAK,uCAAuC,cAAc,CAAA;AAAA,EAC5D;AAAA,EAEA,MAAc,qBAAA,GAAuC;AACnD,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AACxB,IAAA,IAAI,IAAA,CAAK,eAAA,CAAgB,IAAA,KAAS,CAAA,EAAG;AACnC,MAAA,IAAA,CAAK,0BAA0B,KAAA,EAAM;AACrC,MAAA;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,eAAA,EAAgB;AACzC,MAAA,MAAM,OAAA,CAAQ,UAAA;AAAA,QACZ,CAAC,GAAG,IAAA,CAAK,eAAA,CAAgB,MAAA,EAAQ,CAAA,CAAE,GAAA;AAAA,UAAI,CAAC,cAAA,KACtC,KAAA;AAAA,YACE,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,uBAAA,EAA0B,cAAc,CAAA,WAAA,CAAA;AAAA,YACtD;AAAA,cACE,MAAA,EAAQ,MAAA;AAAA,cACR,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA;AAAG;AAC9C;AACF;AACF,OACF;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,IAAA,CAAK,gBAAgB,KAAA,EAAM;AAC3B,IAAA,IAAA,CAAK,0BAA0B,KAAA,EAAM;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,aAAA,CACZ,UAAA,EACA,GAAA,EACA,GAAA,EACe;AACf,IAAA,MAAM,IAAI,OAAA,CAAc,CAAC,OAAA,EAAS,MAAA,KAAW;AAC3C,MAAA,IAAI,OAAA,GAAU,KAAA;AACd,MAAA,IAAI,UAAA,GAAa,KAAA;AAEjB,MAAA,MAAM,UAAU,MAAM;AACpB,QAAA,GAAA,CAAI,cAAA,CAAe,UAAU,cAAc,CAAA;AAC3C,QAAA,GAAA,CAAI,cAAA,CAAe,SAAS,cAAc,CAAA;AAAA,MAC5C,CAAA;AAEA,MAAA,MAAM,gBAAgB,MAAM;AAC1B,QAAA,IAAI,OAAA,EAAS;AACb,QAAA,OAAA,GAAU,IAAA;AACV,QAAA,OAAA,EAAQ;AACR,QAAA,OAAA,EAAQ;AAAA,MACV,CAAA;AAEA,MAAA,MAAM,YAAA,GAAe,CAAC,GAAA,KAAiB;AACrC,QAAA,IAAI,OAAA,EAAS;AACb,QAAA,OAAA,GAAU,IAAA;AACV,QAAA,OAAA,EAAQ;AACR,QAAA,MAAA,CAAO,GAAA,YAAe,QAAQ,GAAA,GAAM,IAAI,MAAM,MAAA,CAAO,GAAG,CAAC,CAAC,CAAA;AAAA,MAC5D,CAAA;AAEA,MAAA,MAAM,iBAAiB,MAAM;AAG3B,QAAA,aAAA,EAAc;AAAA,MAChB,CAAA;AAEA,MAAA,GAAA,CAAI,IAAA,CAAK,UAAU,cAAc,CAAA;AACjC,MAAA,GAAA,CAAI,IAAA,CAAK,SAAS,cAAc,CAAA;AAEhC,MAAA,IAAI,gBAAA;AACJ,MAAA,IAAI;AACF,QAAA,gBAAA,GAAmB,UAAA,CAAW,GAAA,EAAK,GAAA,EAAK,CAAC,GAAA,KAAkB;AACzD,UAAA,UAAA,GAAa,IAAA;AACb,UAAA,IAAI,GAAA,EAAK;AACP,YAAA,YAAA,CAAa,GAAG,CAAA;AAChB,YAAA;AAAA,UACF;AACA,UAAA,aAAA,EAAc;AAAA,QAChB,CAAC,CAAA;AAAA,MACH,SAAS,GAAA,EAAK;AACZ,QAAA,YAAA,CAAa,GAAG,CAAA;AAChB,QAAA;AAAA,MACF;AAEA,MAAA,KAAK,OAAA,CAAQ,OAAA,CAAQ,gBAAgB,CAAA,CAAE,IAAA;AAAA,QACrC,MAAM;AACJ,UAAA,IAAI,CAAC,UAAA,IAAc,GAAA,CAAI,WAAA,EAAa;AAClC,YAAA,aAAA,EAAc;AAAA,UAChB;AAAA,QACF,CAAA;AAAA,QACA,CAAC,GAAA,KAAiB;AAChB,UAAA,YAAA,CAAa,GAAG,CAAA;AAAA,QAClB;AAAA,OACF;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA,EAEQ,gBAAA,CACN,MAAA,EACA,cAAA,EACA,cAAA,EACA,OAAA,EACA;AACA,IAAA,MAAM,SAAA,GAA8B;AAAA,MAClC,eAAA,EAAiB,CAAC,SAAA,KAAsB;AACtC,QAAA,OAAA,EAAS,kBAAkB,SAAS,CAAA;AACpC,QAAA,IAAA,CAAK,uBAAuB,SAAS,CAAA;AAAA,MACvC;AAAA,KACF;AAEA,IAAA,MAAM,IAAA,GAAO,OAAO,GAAA,EAAc,GAAA,KAAkB;AAClD,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,OAAA,GAAU,GAAA;AAIhB,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,IAAI,UAAA;AACJ,QAAA,IAAI;AACF,UAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,UAAA,UAAA,GAAa,WAAA,CAAY,UAAA;AAAA,QAC3B,SAAS,KAAA,EAAO;AACd,UAAA,IAAA,CAAK,wBAAA,CAAyB,KAAK,KAAK,CAAA;AACxC,UAAA;AAAA,QACF;AAEA,QAAA,MAAM,IAAA,CAAK,aAAA,CAAc,UAAA,EAAY,GAAA,EAAK,GAAG,CAAA;AAE7C,QAAA,MAAMC,UAAAA,GAAY,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA;AAK9C,QAAA,IAAIA,UAAAA,EAAW;AACb,UAAA,IAAI,IAAI,WAAA,EAAa;AACnB,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,YAAA;AAAA,cACX,OAAA;AAAA,cACA,SAAA,EAAAA,UAAAA;AAAA,cACA,UAAA,EAAY,CAAA;AAAA,cACZ,MAAA,EAAQ;AAAA,aACT,CAAA;AACD,YAAA;AAAA,UACF;AAEA,UAAA,IAAI,QAAQ,IAAA,EAAM;AAChB,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,SAAA;AAAA,cACX,OAAA;AAAA,cACA,WAAA,EAAa,OAAA,CAAQ,IAAA,CAAK,KAAA,EAAO,GAAA;AAAA,cACjC,SAAA,EAAAA,UAAAA;AAAA,cACA,UAAA,EAAY,CAAA;AAAA,cACZ,MAAA,EAAQ;AAAA,aACT,CAAA;AAAA,UACH;AAAA,QACF,CAAA,MAAA,IAAW,IAAI,WAAA,EAAa;AAE1B,UAAA;AAAA,QACF;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAY,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA;AAG9C,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,MAAMC,UAAAA,GAAY,cAAA,CAAe,YAAA,CAAa,SAAS,CAAA;AACvD,QAAA,IAAIA,UAAAA,EAAW;AACb,UAAA,cAAA,CAAe,aAAa,SAAS,CAAA;AACrC,UAAA,MAAMA,UAAAA,CAAU,aAAA,CAAc,GAAA,EAAK,GAAA,EAAK,IAAI,IAAI,CAAA;AAChD,UAAA;AAAA,QACF;AAAA,MACF;AAGA,MAAA,IAAI,CAAC,mBAAA,CAAoB,GAAA,CAAI,IAAI,CAAA,EAAG;AAClC,QAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,UACnB,OAAA,EAAS,KAAA;AAAA,UACT,KAAA,EAAO;AAAA,YACL,IAAA,EAAM,KAAA;AAAA,YACN,OAAA,EAAS,SAAA,GACL,CAAA,QAAA,EAAW,SAAS,CAAA,UAAA,CAAA,GACpB;AAAA,WACN;AAAA,UACA,EAAA,EAAI;AAAA,SACL,CAAA;AACD,QAAA;AAAA,MACF;AAGA,MAAA,MAAM,WAAW,OAAA,CAAQ,IAAA;AACzB,MAAA,MAAM,SAAA,GAAY,IAAI,6BAAA,CAA8B;AAAA,QAClD,kBAAA,EAAoB,MAAM,MAAA,CAAO,UAAA,EAAW;AAAA,QAC5C,oBAAA,EAAsB,CAAC,GAAA,KAAgB;AACrC,UAAA,cAAA,CAAe,eAAA;AAAA,YACb,GAAA;AAAA,YACA,SAAA;AAAA,YACA,SAAA;AAAA,YACA,QAAA,EAAU;AAAA,WACZ;AACA,UAAA,OAAA,EAAS,oBAAA,GAAuB,GAAA,EAAK,QAAA,EAAU,SAAS,CAAA;AACxD,UAAA,IAAA,CAAK,WAAA,CAAY;AAAA,YACf,SAAA,EAAW,YAAA;AAAA,YACX,OAAA;AAAA,YACA,SAAA,EAAW,GAAA;AAAA,YACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,YAC9B,UAAA,EAAY,CAAA;AAAA,YACZ,MAAA,EAAQ;AAAA,WACT,CAAA;AACD,UAAA,IAAA,CAAK,kBAAA,CAAmB,QAAA,EAAU,KAAA,EAAO,GAAA,EAAK;AAAA,YAC5C,QAAA,EAAU,GAAA,CAAI,OAAA,CAAQ,iBAAiB,CAAA;AAAA,YACvC,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,YAAY,CAAA;AAAA,YACnC,gBAAgB,QAAA,EAAU;AAAA,WAC3B,CAAA;AAAA,QACH;AAAA,OACD,CAAA;AAGD,MAAA,MAAM,cAAA,GAAiB,SAAA,CAAU,aAAA,CAAc,IAAA,CAAK,SAAS,CAAA;AAC7D,MAAA,SAAA,CAAU,aAAA,GAAgB,OACxB,UAAA,EACA,UAAA,EACA,UAAA,KACG;AACH,QAAA,MAAM,UAAA,GAAa,UAAA,KAAe,GAAA,GAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AACpE,QAAA,MAAM,GAAA,GACH,UAAA,CAAW,OAAA,CAAQ,gBAAgB,KACpC,SAAA,CAAU,SAAA;AACZ,QAAA,MAAM,KAAA,GAAQ,KAAK,GAAA,EAAI;AACvB,QAAA,IAAI;AACF,UAAA,MAAM,cAAA,CAAe,UAAA,EAAY,UAAA,EAAY,UAAU,CAAA;AACvD,UAAA,IAAI,UAAA,EAAY,WAAW,YAAA,EAAc;AACvC,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,cAAA;AAAA,cACX,OAAA,EAAS,UAAA;AAAA,cACT,QAAA,EACE,WAAW,MAAA,EACV,IAAA;AAAA,cACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAAA,cACzB,SAAA,EAAW,GAAA;AAAA,cACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,cAC9B,MAAA,EAAQ,IAAA;AAAA,cACR,aAAa,UAAA,CAAW;AAAA,aACzB,CAAA;AAAA,UACH,CAAA,MAAA,IAAW,UAAA,EAAY,MAAA,KAAW,YAAA,EAAc;AAC9C,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,cAAA;AAAA,cACX,OAAA,EAAS,UAAA;AAAA,cACT,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAAA,cACzB,SAAA,EAAW,GAAA;AAAA,cACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,cAC9B,MAAA,EAAQ;AAAA,aACT,CAAA;AAAA,UACH;AAAA,QACF,SAAS,GAAA,EAAK;AACZ,UAAA,IAAI,UAAA,EAAY,WAAW,YAAA,EAAc;AACvC,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,cAAA;AAAA,cACX,OAAA,EAAS,UAAA;AAAA,cACT,QAAA,EACE,WAAW,MAAA,EACV,IAAA;AAAA,cACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAAA,cACzB,SAAA,EAAW,GAAA;AAAA,cACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,cAC9B,MAAA,EAAQ,cAAA;AAAA,cACR,cAAc,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,aAC9D,CAAA;AAAA,UACH,CAAA,MAAA,IAAW,UAAA,EAAY,MAAA,KAAW,YAAA,EAAc;AAC9C,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,cAAA;AAAA,cACX,OAAA,EAAS,UAAA;AAAA,cACT,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAAA,cACzB,SAAA,EAAW,GAAA;AAAA,cACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,cAC9B,MAAA,EAAQ,cAAA;AAAA,cACR,cAAc,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,aAC9D,CAAA;AAAA,UACH;AACA,UAAA,MAAM,GAAA;AAAA,QACR;AAAA,MACF,CAAA;AAEA,MAAA,MAAM,SAAA,GAAY,OAAO,MAAA,KAAW,UAAA,GAAa,QAAO,GAAI,MAAA;AAC5D,MAAA,MAAM,SAAA,CAAU,QAAQ,SAAS,CAAA;AACjC,MAAA,MAAM,SAAA,CAAU,aAAA,CAAc,GAAA,EAAK,GAAA,EAAK,IAAI,IAAI,CAAA;AAAA,IAClD,CAAA;AAEA,IAAA,MAAM,GAAA,GAAM,OAAO,GAAA,EAAc,GAAA,KAAkB;AACjD,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,IAAI,UAAA;AACJ,QAAA,IAAI;AACF,UAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,UAAA,UAAA,GAAa,WAAA,CAAY,UAAA;AAAA,QAC3B,SAAS,KAAA,EAAO;AACd,UAAA,IAAA,CAAK,wBAAA,CAAyB,KAAK,KAAK,CAAA;AACxC,UAAA;AAAA,QACF;AAEA,QAAA,MAAM,IAAA,CAAK,aAAA,CAAc,UAAA,EAAY,GAAA,EAAK,GAAG,CAAA;AAC7C,QAAA,IAAI,IAAI,WAAA,EAAa;AACnB,UAAA;AAAA,QACF;AAAA,MACF;AAEA,MAAA,MAAM,YACH,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA,IAC5B,GAAA,CAAI,QAAQ,gBAAgB,CAAA;AAC/B,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iCAAiC,CAAA;AAC/D,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAY,cAAA,CAAe,YAAA,CAAa,SAAS,CAAA;AACvD,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AACnD,QAAA;AAAA,MACF;AAEA,MAAA,cAAA,CAAe,aAAa,SAAS,CAAA;AACrC,MAAA,MAAM,SAAA,CAAU,aAAA,CAAc,GAAA,EAAK,GAAG,CAAA;AAAA,IACxC,CAAA;AAEA,IAAA,MAAM,GAAA,GAAM,OAAO,GAAA,EAAc,GAAA,KAAkB;AACjD,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,IAAI,UAAA;AACJ,QAAA,IAAI;AACF,UAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,UAAA,UAAA,GAAa,WAAA,CAAY,UAAA;AAAA,QAC3B,SAAS,KAAA,EAAO;AACd,UAAA,IAAA,CAAK,wBAAA,CAAyB,KAAK,KAAK,CAAA;AACxC,UAAA;AAAA,QACF;AAEA,QAAA,MAAM,IAAA,CAAK,aAAA,CAAc,UAAA,EAAY,GAAA,EAAK,GAAG,CAAA;AAC7C,QAAA,IAAI,IAAI,WAAA,EAAa;AACnB,UAAA;AAAA,QACF;AAAA,MACF;AAEA,MAAA,MAAM,YACH,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA,IAC5B,GAAA,CAAI,QAAQ,gBAAgB,CAAA;AAC/B,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iCAAiC,CAAA;AAC/D,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAY,cAAA,CAAe,YAAA,CAAa,SAAS,CAAA;AACvD,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AACnD,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,CAAU,aAAA,CAAc,GAAA,EAAK,GAAG,CAAA;AAAA,IACxC,CAAA;AAEA,IAAA,OAAO,EAAE,IAAA,EAAM,GAAA,EAAK,MAAA,EAAQ,GAAA,EAAI;AAAA,EAClC;AACF","file":"index.js","sourcesContent":["/**\n * In-memory storage implementation\n * Useful for tests, examples, and ephemeral sessions\n */\n\nimport type { KontextStorage } from \"./types.js\";\n\n/**\n * Simple in-memory storage implementation\n * Data is lost when the process exits\n */\nexport class MemoryStorage implements KontextStorage {\n private store = new Map<string, unknown>();\n\n async getJson<T>(key: string): Promise<T | undefined> {\n const value = this.store.get(key);\n if (value === undefined) {\n return undefined;\n }\n // Return a deep copy to prevent mutation\n return JSON.parse(JSON.stringify(value)) as T;\n }\n\n async setJson<T>(key: string, value: T | undefined): Promise<void> {\n if (value === undefined) {\n this.store.delete(key);\n } else {\n // Store a deep copy to prevent mutation\n this.store.set(key, JSON.parse(JSON.stringify(value)));\n }\n }\n\n /**\n * Clear all stored data\n */\n clear(): void {\n this.store.clear();\n }\n\n /**\n * Get the number of stored items\n */\n get size(): number {\n return this.store.size;\n }\n\n /**\n * Check if a key exists\n */\n has(key: string): boolean {\n return this.store.has(key);\n }\n\n /**\n * Get all keys (useful for debugging)\n */\n keys(): string[] {\n return Array.from(this.store.keys());\n }\n}\n","/**\n * Storage interface for persisting SDK state\n */\n\n/**\n * Generic storage interface for the Kontext SDK\n * Implementations can store data in memory, file system, or external services\n */\nexport interface KontextStorage {\n /**\n * Retrieve a JSON value by key\n * @param key Storage key\n * @returns The stored value or undefined if not found\n */\n getJson<T>(key: string): Promise<T | undefined>;\n\n /**\n * Store a JSON value by key\n * @param key Storage key\n * @param value The value to store, or undefined to delete\n */\n setJson<T>(key: string, value: T | undefined): Promise<void>;\n}\n\n/**\n * Storage key namespacing helper\n * Creates namespaced keys based on application client ID and optional session key\n */\nexport function createStorageKey(\n applicationClientId: string,\n sessionKey: string | undefined,\n ...parts: string[]\n): string {\n const namespace = sessionKey\n ? `kontext:${applicationClientId}:${sessionKey}`\n : `kontext:${applicationClientId}`;\n return [namespace, ...parts].join(\":\");\n}\n\n/**\n * Storage keys used by the SDK\n */\nexport const StorageKeys = {\n // Existing keys\n TOKENS: \"tokens\",\n CODE_VERIFIER: \"code_verifier\",\n STATE: \"state\",\n CLIENT_INFO: \"client_info\",\n\n // Pattern B (RFC 8693 Token Exchange) keys\n /** Identity tokens (no audience) */\n IDENTITY_TOKENS: \"identity_tokens\",\n /** Prefix for resource-scoped tokens */\n RESOURCE_TOKENS: \"resource_tokens\",\n} as const;\n\n/**\n * Create a storage key for a resource-scoped token\n *\n * @param resource The resource identifier (e.g., \"mcp-gateway\")\n * @returns Storage key for the resource token\n *\n * @example\n * ```typescript\n * const key = resourceTokenKey('mcp-gateway');\n * // Returns: 'resource_tokens:mcp-gateway'\n * ```\n */\nexport function resourceTokenKey(resource: string): string {\n return `${StorageKeys.RESOURCE_TOKENS}:${resource}`;\n}\n","/**\n * Typed error classes for the Kontext SDK.\n *\n * Every error has a `kontext_` prefixed code, an auto-generated docsUrl,\n * and a `kontextError` brand for type narrowing without instanceof.\n *\n * @packageDocumentation\n */\n\n// ============================================================================\n// Base\n// ============================================================================\n\n/**\n * Base error class for all Kontext SDK errors.\n *\n * @example\n * ```typescript\n * import { isKontextError } from '@kontext-dev/js-sdk';\n *\n * try {\n * await client.connect();\n * } catch (err) {\n * if (isKontextError(err)) {\n * console.log(err.code); // \"kontext_authorization_required\"\n * console.log(err.docsUrl); // \"https://docs.kontext.dev/errors/kontext_authorization_required\"\n * }\n * }\n * ```\n */\nexport class KontextError extends Error {\n /** Brand field for type narrowing without instanceof */\n readonly kontextError = true as const;\n\n /** Machine-readable error code, always prefixed with `kontext_` */\n readonly code: string;\n\n /** HTTP status code when applicable */\n readonly statusCode?: number;\n\n /** Auto-generated link to error documentation */\n readonly docsUrl: string;\n\n /** Server request ID for debugging / support escalation */\n readonly requestId?: string;\n\n /** Contextual metadata bag (integration IDs, param names, etc.) */\n readonly meta: Record<string, unknown>;\n\n constructor(\n message: string,\n code: string,\n options?: {\n statusCode?: number;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, { cause: options?.cause });\n this.name = \"KontextError\";\n this.code = code;\n this.statusCode = options?.statusCode;\n this.requestId = options?.requestId;\n this.meta = options?.meta ?? {};\n this.docsUrl = `https://docs.kontext.dev/errors/${code}`;\n Object.setPrototypeOf(this, new.target.prototype);\n }\n\n toJSON(): Record<string, unknown> {\n return {\n name: this.name,\n code: this.code,\n message: this.message,\n statusCode: this.statusCode,\n docsUrl: this.docsUrl,\n requestId: this.requestId,\n meta: Object.keys(this.meta).length > 0 ? this.meta : undefined,\n };\n }\n\n override toString(): string {\n const parts = [`[${this.code}] ${this.message}`];\n if (this.docsUrl) parts.push(`Docs: ${this.docsUrl}`);\n if (this.requestId) parts.push(`Request ID: ${this.requestId}`);\n return parts.join(\"\\n\");\n }\n}\n\n// ============================================================================\n// Type guard\n// ============================================================================\n\n/**\n * Check if an error is a KontextError without instanceof.\n * Works across package versions and bundler deduplication.\n */\nexport function isKontextError(err: unknown): err is KontextError {\n return (\n typeof err === \"object\" &&\n err !== null &&\n (err as Record<string, unknown>).kontextError === true\n );\n}\n\n// ============================================================================\n// Auth errors\n// ============================================================================\n\n/**\n * Thrown when authentication is required but no valid credentials are available.\n */\nexport class AuthorizationRequiredError extends KontextError {\n readonly authorizationUrl?: string;\n\n constructor(\n message = \"Authorization required. Complete the OAuth flow to continue.\",\n options?: {\n authorizationUrl?: string;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, \"kontext_authorization_required\", {\n statusCode: 401,\n ...options,\n });\n this.name = \"AuthorizationRequiredError\";\n this.authorizationUrl = options?.authorizationUrl;\n }\n}\n\n// ============================================================================\n// OAuth errors\n// ============================================================================\n\n/**\n * Thrown when an OAuth flow fails — state validation, token exchange,\n * missing code verifier, or provider errors.\n */\nexport class OAuthError extends KontextError {\n readonly errorCode?: string;\n readonly errorDescription?: string;\n\n constructor(\n message: string,\n code: string,\n options?: {\n statusCode?: number;\n errorCode?: string;\n errorDescription?: string;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, code, {\n statusCode: options?.statusCode ?? 400,\n ...options,\n });\n this.name = \"OAuthError\";\n this.errorCode = options?.errorCode;\n this.errorDescription = options?.errorDescription;\n }\n}\n\n// ============================================================================\n// Integration errors\n// ============================================================================\n\n/**\n * Thrown when an integration connection is required before a tool can be used.\n */\nexport class IntegrationConnectionRequiredError extends KontextError {\n readonly integrationId: string;\n readonly integrationName?: string;\n readonly connectUrl?: string;\n\n constructor(\n integrationId: string,\n options?: {\n integrationName?: string;\n connectUrl?: string;\n message?: string;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(\n options?.message ??\n `Connection to integration \"${integrationId}\" is required. Visit the connect URL to authorize.`,\n \"kontext_integration_connection_required\",\n { statusCode: 403, ...options },\n );\n this.name = \"IntegrationConnectionRequiredError\";\n this.integrationId = integrationId;\n this.integrationName = options?.integrationName;\n this.connectUrl = options?.connectUrl;\n }\n}\n\n// ============================================================================\n// Config errors (NEW — replaces all plain Error config throws)\n// ============================================================================\n\n/**\n * Thrown when SDK configuration is invalid or missing.\n * These are deterministic errors caught at initialization time.\n */\nexport class ConfigError extends KontextError {\n constructor(\n message: string,\n code: string,\n options?: {\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, code, options);\n this.name = \"ConfigError\";\n }\n}\n\n// ============================================================================\n// Network errors\n// ============================================================================\n\n/**\n * Thrown when there is a network or connection error.\n */\nexport class NetworkError extends KontextError {\n constructor(\n message = \"Network error. Check your internet connection and that the server is reachable.\",\n options?: {\n cause?: unknown;\n requestId?: string;\n meta?: Record<string, unknown>;\n },\n ) {\n super(message, \"kontext_network_error\", options);\n this.name = \"NetworkError\";\n }\n}\n\n// ============================================================================\n// HTTP response errors (differentiated by code)\n// ============================================================================\n\n/**\n * Thrown when the server returns an HTTP error.\n * Use `error.code` to distinguish between specific error types.\n */\nexport class HttpError extends KontextError {\n readonly retryAfter?: number;\n readonly validationErrors?: Array<{ field: string; message: string }>;\n\n constructor(\n message: string,\n code: string,\n options?: {\n statusCode?: number;\n retryAfter?: number;\n validationErrors?: Array<{ field: string; message: string }>;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, code, {\n statusCode: options?.statusCode,\n ...options,\n });\n this.name = \"HttpError\";\n this.retryAfter = options?.retryAfter;\n this.validationErrors = options?.validationErrors;\n }\n}\n\n// ============================================================================\n// Network error detection (used by translateError)\n// ============================================================================\n\n/**\n * Safely access arbitrary properties on an error object.\n * Errors in JS frequently carry extra properties (code, statusCode, etc.)\n * that aren't part of the Error interface. This avoids `as unknown as` casts.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction errorProps(err: Error): Record<string, any> {\n return err;\n}\n\nconst NETWORK_ERROR_CODES = new Set([\n \"ECONNREFUSED\",\n \"ENOTFOUND\",\n \"ETIMEDOUT\",\n \"ECONNRESET\",\n \"ECONNABORTED\",\n \"EPIPE\",\n \"UND_ERR_CONNECT_TIMEOUT\",\n]);\n\n/**\n * Detect network errors structurally rather than by string matching.\n * Checks Node.js system error codes on the error and its cause.\n */\nexport function isNetworkError(err: Error): boolean {\n if (err.name === \"AbortError\") return true;\n\n const props = errorProps(err);\n const sysCode = props.code as string | undefined;\n if (typeof sysCode === \"string\" && NETWORK_ERROR_CODES.has(sysCode))\n return true;\n\n // fetch() throws TypeError — only classify as network error when cause\n // indicates a system-level failure\n if (err.name === \"TypeError\" && err.cause instanceof Error) {\n const causeCode = errorProps(err.cause).code;\n if (typeof causeCode === \"string\" && NETWORK_ERROR_CODES.has(causeCode))\n return true;\n }\n\n return false;\n}\n\n/**\n * Detect unauthorized errors structurally.\n * Checks status code and numeric code rather than string matching on name.\n */\nexport function isUnauthorizedError(err: Error): boolean {\n const props = errorProps(err);\n\n // Check HTTP status code (most reliable)\n if (props.statusCode === 401 || props.status === 401) return true;\n\n // Check MCP SDK UnauthorizedError by name (last resort, but needed for\n // MCP SDK errors which don't set statusCode)\n if (err.name === \"UnauthorizedError\") return true;\n if (err.message === \"Unauthorized\") return true;\n\n return false;\n}\n\n// ============================================================================\n// Elicitation types\n// ============================================================================\n\nexport interface ElicitationEntry {\n readonly url: string;\n readonly message: string;\n readonly elicitationId: string;\n readonly integrationId?: string;\n readonly integrationName?: string;\n}\n\n// ============================================================================\n// HTTP error parsing\n// ============================================================================\n\n/**\n * Parse an HTTP response into an appropriate error.\n */\nexport function parseHttpError(\n statusCode: number,\n body?: unknown,\n): KontextError {\n const message =\n typeof body === \"object\" && body !== null && \"message\" in body\n ? String((body as { message: unknown }).message)\n : `HTTP ${statusCode}`;\n\n const errorCode =\n typeof body === \"object\" && body !== null && \"code\" in body\n ? String((body as { code: unknown }).code)\n : undefined;\n\n switch (statusCode) {\n case 400:\n if (\n typeof body === \"object\" &&\n body !== null &&\n \"errors\" in body &&\n Array.isArray((body as { errors: unknown }).errors)\n ) {\n return new HttpError(message, \"kontext_validation_error\", {\n statusCode: 400,\n validationErrors: (\n body as { errors: Array<{ field: string; message: string }> }\n ).errors,\n });\n }\n return new KontextError(message, errorCode ?? \"kontext_bad_request\", {\n statusCode: 400,\n });\n\n case 401:\n return new AuthorizationRequiredError(message);\n\n case 403:\n if (errorCode === \"INTEGRATION_CONNECTION_REQUIRED\") {\n const details = body as {\n integrationId?: string;\n integrationName?: string;\n connectUrl?: string;\n };\n return new IntegrationConnectionRequiredError(\n details.integrationId ?? \"unknown\",\n {\n integrationName: details.integrationName,\n connectUrl: details.connectUrl,\n message,\n },\n );\n }\n return new HttpError(message, \"kontext_policy_denied\", {\n statusCode: 403,\n meta: { policy: (body as Record<string, unknown>)?.policy },\n });\n\n case 404:\n return new HttpError(message, \"kontext_not_found\", { statusCode: 404 });\n\n case 429: {\n const retryAfter =\n typeof body === \"object\" && body !== null && \"retryAfter\" in body\n ? Number((body as { retryAfter: unknown }).retryAfter)\n : undefined;\n return new HttpError(\n retryAfter\n ? `Rate limit exceeded. Retry after ${retryAfter} seconds.`\n : \"Rate limit exceeded. Wait and retry.\",\n \"kontext_rate_limited\",\n { statusCode: 429, retryAfter },\n );\n }\n\n default:\n if (statusCode >= 500) {\n return new HttpError(\n `Server error (HTTP ${statusCode}): ${message}`,\n \"kontext_server_error\",\n { statusCode },\n );\n }\n return new KontextError(message, errorCode ?? \"kontext_unknown_error\", {\n statusCode,\n });\n }\n}\n","/**\n * KontextOAuthProvider - Implements OAuthClientProvider from @modelcontextprotocol/sdk\n *\n * This provider handles the OAuth 2.0 Authorization Code + PKCE flow\n * for authenticating MCP clients with the Kontext Gateway.\n */\n\nimport type { OAuthClientProvider } from \"@modelcontextprotocol/sdk/client/auth.js\";\nimport type {\n OAuthClientMetadata,\n OAuthClientInformationMixed,\n OAuthTokens,\n} from \"@modelcontextprotocol/sdk/shared/auth.js\";\nimport { randomBytes } from \"node:crypto\";\nimport type { KontextStorage } from \"../storage/types.js\";\nimport {\n createStorageKey,\n StorageKeys,\n resourceTokenKey,\n} from \"../storage/types.js\";\nimport { OAuthError } from \"../errors.js\";\n\nexport interface KontextOAuthProviderConfig {\n /**\n * Application OAuth client ID from Kontext\n */\n clientId: string;\n\n /**\n * Redirect URI for OAuth callback\n * Must match one of the registered redirect URIs for the application\n */\n redirectUri: string;\n\n /**\n * Storage implementation for persisting tokens and PKCE state\n */\n storage: KontextStorage;\n\n /**\n * Optional session key for namespacing storage\n * Useful when multiple users/sessions share the same storage\n */\n sessionKey?: string;\n\n /**\n * Optional client name for OAuth metadata\n */\n clientName?: string;\n\n /**\n * Callback to redirect the user agent to the authorization URL\n * This is called when authorization is required\n *\n * @param url The authorization URL to redirect to\n */\n onRedirectToAuthorization: (url: URL) => void | Promise<void>;\n}\n\n/**\n * OAuth provider implementation for Kontext MCP clients\n *\n * Implements the OAuthClientProvider interface from @modelcontextprotocol/sdk\n * to handle Authorization Code + PKCE authentication flow.\n *\n * @example\n * ```typescript\n * const storage = new MemoryStorage();\n * const provider = new KontextOAuthProvider({\n * clientId: 'your-client-id',\n * redirectUri: 'http://localhost:3000/callback',\n * storage,\n * onRedirectToAuthorization: (url) => {\n * // Open browser or redirect\n * window.location.href = url.toString();\n * },\n * });\n * ```\n */\nexport class KontextOAuthProvider implements OAuthClientProvider {\n private readonly config: KontextOAuthProviderConfig;\n private readonly storagePrefix: string;\n private pendingState: string | null = null;\n private readonly expiryBufferMs = 60 * 1000;\n\n constructor(config: KontextOAuthProviderConfig) {\n this.config = config;\n this.storagePrefix = createStorageKey(config.clientId, config.sessionKey);\n }\n\n /**\n * The redirect URL for OAuth callbacks\n */\n get redirectUrl(): string | URL {\n return this.config.redirectUri;\n }\n\n /**\n * OAuth client metadata\n */\n get clientMetadata(): OAuthClientMetadata {\n return {\n redirect_uris: [this.config.redirectUri],\n client_name: this.config.clientName,\n grant_types: [\"authorization_code\", \"refresh_token\"],\n response_types: [\"code\"],\n token_endpoint_auth_method: \"none\", // Public client\n };\n }\n\n /**\n * Generate a random state parameter for OAuth CSRF protection\n */\n state(): string {\n // Generate a cryptographically secure random string\n const array = new Uint8Array(32);\n if (globalThis.crypto?.getRandomValues) {\n globalThis.crypto.getRandomValues(array);\n } else {\n array.set(randomBytes(32));\n }\n const state = Array.from(array, (byte) =>\n byte.toString(16).padStart(2, \"0\"),\n ).join(\"\");\n this.pendingState = state;\n void this.config.storage.setJson(\n this.getStorageKey(StorageKeys.STATE),\n state,\n );\n return state;\n }\n\n /**\n * Returns the client information (client_id)\n * Since we're a public client with pre-registered credentials,\n * we don't use dynamic client registration.\n */\n async clientInformation(): Promise<OAuthClientInformationMixed | undefined> {\n return {\n client_id: this.config.clientId,\n };\n }\n\n /**\n * Load stored OAuth tokens\n */\n async tokens(): Promise<OAuthTokens | undefined> {\n const key = this.getStorageKey(StorageKeys.TOKENS);\n return this.config.storage.getJson<OAuthTokens>(key);\n }\n\n /**\n * Save OAuth tokens after successful authorization\n */\n async saveTokens(tokens: OAuthTokens): Promise<void> {\n const key = this.getStorageKey(StorageKeys.TOKENS);\n await this.config.storage.setJson(key, this.withIssuedAt(tokens));\n }\n\n /**\n * Redirect the user agent to the authorization URL\n */\n async redirectToAuthorization(authorizationUrl: URL): Promise<void> {\n await this.config.onRedirectToAuthorization(authorizationUrl);\n }\n\n /**\n * Save the PKCE code verifier before redirecting to authorization\n */\n async saveCodeVerifier(codeVerifier: string): Promise<void> {\n const key = this.getStorageKey(StorageKeys.CODE_VERIFIER);\n await this.config.storage.setJson(key, codeVerifier);\n }\n\n /**\n * Load the PKCE code verifier for token exchange\n */\n async codeVerifier(): Promise<string> {\n const key = this.getStorageKey(StorageKeys.CODE_VERIFIER);\n const verifier = await this.config.storage.getJson<string>(key);\n if (!verifier) {\n throw new OAuthError(\n \"No PKCE code verifier found in storage. The OAuth flow may have expired or storage was cleared. Restart the auth flow.\",\n \"kontext_oauth_code_verifier_missing\",\n );\n }\n return verifier;\n }\n\n /**\n * Invalidate stored credentials\n */\n async invalidateCredentials(\n scope: \"all\" | \"client\" | \"tokens\" | \"verifier\",\n ): Promise<void> {\n if (scope === \"all\" || scope === \"tokens\") {\n const tokensKey = this.getStorageKey(StorageKeys.TOKENS);\n await this.config.storage.setJson(tokensKey, undefined);\n const identityKey = this.getStorageKey(StorageKeys.IDENTITY_TOKENS);\n await this.config.storage.setJson(identityKey, undefined);\n }\n if (scope === \"all\" || scope === \"verifier\") {\n const verifierKey = this.getStorageKey(StorageKeys.CODE_VERIFIER);\n await this.config.storage.setJson(verifierKey, undefined);\n }\n if (scope === \"all\") {\n this.pendingState = null;\n const stateKey = this.getStorageKey(StorageKeys.STATE);\n await this.config.storage.setJson(stateKey, undefined);\n }\n // 'client' scope is a no-op since we use pre-registered client info\n }\n\n /**\n * Clear all stored state (tokens, verifier, etc.)\n * Call this to force re-authentication\n */\n async clearAll(): Promise<void> {\n await this.invalidateCredentials(\"all\");\n }\n\n /**\n * Check if we have valid (non-expired) tokens\n */\n async hasValidTokens(): Promise<boolean> {\n const storedTokens = await this.tokens();\n return this.isTokenValid(storedTokens);\n }\n\n // ==========================================================================\n // Pattern B: Identity and Resource Token Management (RFC 8693)\n // ==========================================================================\n\n /**\n * Save identity tokens (no audience)\n * These are the tokens obtained from the initial OAuth flow before token exchange.\n */\n async saveIdentityTokens(tokens: OAuthTokens): Promise<void> {\n const key = this.getStorageKey(StorageKeys.IDENTITY_TOKENS);\n await this.config.storage.setJson(key, this.withIssuedAt(tokens));\n }\n\n /**\n * Load identity tokens\n * Returns the identity tokens obtained from the initial OAuth flow.\n */\n async identityTokens(): Promise<OAuthTokens | undefined> {\n const key = this.getStorageKey(StorageKeys.IDENTITY_TOKENS);\n return this.config.storage.getJson<OAuthTokens>(key);\n }\n\n /**\n * Save resource-scoped tokens for a specific resource\n *\n * @param resource The resource identifier (e.g., \"mcp-gateway\")\n * @param tokens The resource-scoped tokens\n */\n async saveResourceTokens(\n resource: string,\n tokens: OAuthTokens,\n ): Promise<void> {\n const key = this.getStorageKey(resourceTokenKey(resource));\n await this.config.storage.setJson(key, this.withIssuedAt(tokens));\n }\n\n /**\n * Load resource-scoped tokens for a specific resource\n *\n * @param resource The resource identifier (e.g., \"mcp-gateway\")\n * @returns The resource-scoped tokens, or undefined if not found\n */\n async resourceTokens(resource: string): Promise<OAuthTokens | undefined> {\n const key = this.getStorageKey(resourceTokenKey(resource));\n return this.config.storage.getJson<OAuthTokens>(key);\n }\n\n /**\n * Clear resource tokens for a specific resource\n *\n * @param resource The resource identifier (e.g., \"mcp-gateway\")\n */\n async clearResourceTokens(resource: string): Promise<void> {\n const key = this.getStorageKey(resourceTokenKey(resource));\n await this.config.storage.setJson(key, undefined);\n }\n\n /**\n * Check if we have valid identity tokens\n */\n async hasValidIdentityTokens(): Promise<boolean> {\n const tokens = await this.identityTokens();\n return this.isTokenValid(tokens);\n }\n\n /**\n * Check if we have valid resource tokens for a specific resource\n *\n * @param resource The resource identifier\n */\n async hasValidResourceTokens(resource: string): Promise<boolean> {\n const tokens = await this.resourceTokens(resource);\n return this.isTokenValid(tokens);\n }\n\n async validateState(state?: string): Promise<boolean> {\n if (!state) {\n return false;\n }\n\n const key = this.getStorageKey(StorageKeys.STATE);\n const storedState =\n this.pendingState ?? (await this.config.storage.getJson<string>(key));\n const isValid = storedState === state;\n\n if (isValid) {\n this.pendingState = null;\n await this.config.storage.setJson(key, undefined);\n }\n\n return isValid;\n }\n\n private withIssuedAt(\n tokens: OAuthTokens,\n ): OAuthTokens & { issued_at?: number } {\n if (!tokens.expires_in) {\n return tokens;\n }\n return { ...tokens, issued_at: Date.now() };\n }\n\n private isTokenValid(tokens?: OAuthTokens): boolean {\n if (!tokens?.access_token) {\n return false;\n }\n\n if (!tokens.expires_in) {\n return true;\n }\n\n const issuedAt = (tokens as OAuthTokens & { issued_at?: number }).issued_at;\n if (!issuedAt) {\n return true;\n }\n\n const expiresAt = issuedAt + tokens.expires_in * 1000;\n return Date.now() < expiresAt - this.expiryBufferMs;\n }\n\n private getStorageKey(key: string): string {\n return `${this.storagePrefix}:${key}`;\n }\n}\n\n/**\n * Parse an OAuth callback URL and extract the authorization code and state\n *\n * @param callbackUrl The full callback URL with query parameters\n * @returns The authorization code and state, or error details\n */\nexport function parseOAuthCallback(callbackUrl: string | URL): {\n code?: string;\n state?: string;\n error?: string;\n errorDescription?: string;\n} {\n const url =\n typeof callbackUrl === \"string\" ? new URL(callbackUrl) : callbackUrl;\n const params = url.searchParams;\n\n const error = params.get(\"error\");\n if (error) {\n return {\n error,\n errorDescription: params.get(\"error_description\") ?? undefined,\n };\n }\n\n return {\n code: params.get(\"code\") ?? undefined,\n state: params.get(\"state\") ?? undefined,\n };\n}\n","/**\n * KontextMcp - Runtime client for MCP connections via Kontext\n *\n * This is the main entrypoint for MCP clients using Kontext.\n * It wraps the MCP SDK's Client and StreamableHTTPClientTransport\n * with Kontext-specific OAuth handling.\n *\n * Authentication is handled transparently:\n * 1. First API call triggers OAuth if needed\n * 2. Connection is established lazily\n *\n * All MCP servers (gateway and custom) are treated identically —\n * the auth code flow produces resource-scoped tokens directly.\n *\n * @example\n * ```typescript\n * import { KontextMcp } from '@kontext-dev/js-sdk';\n *\n * const kontext = new KontextMcp({\n * clientId: 'your-client-id',\n * redirectUri: 'http://localhost:3000/callback',\n * onAuthRequired: async (url) => {\n * // CLI: open browser, wait for callback, return URL\n * // Web: redirect (return nothing, handle callback separately)\n * open(url.toString());\n * return await waitForCallback();\n * },\n * });\n *\n * // Just use it - auth happens automatically\n * const tools = await kontext.listTools();\n * const result = await kontext.callTool('tool_name', { arg: 'value' });\n * ```\n */\n\nimport { Client } from \"@modelcontextprotocol/sdk/client/index.js\";\nimport { StreamableHTTPClientTransport } from \"@modelcontextprotocol/sdk/client/streamableHttp.js\";\nimport {\n type Tool,\n type CallToolResult,\n UrlElicitationRequiredError,\n ElicitRequestSchema,\n ElicitationCompleteNotificationSchema,\n} from \"@modelcontextprotocol/sdk/types.js\";\nimport type { KontextStorage } from \"../storage/types.js\";\nimport { MemoryStorage } from \"../storage/memory.js\";\nimport { KontextOAuthProvider, parseOAuthCallback } from \"../oauth/provider.js\";\nimport {\n AuthorizationRequiredError,\n OAuthError,\n KontextError,\n isUnauthorizedError,\n} from \"../errors.js\";\nimport type { ElicitationEntry } from \"../errors.js\";\n\n/**\n * Default Kontext API server URL\n */\nconst DEFAULT_SERVER = \"https://api.kontext.dev\";\n\nexport function normalizeKontextServerUrl(server: string): string {\n let url = server.replace(/\\/$/, \"\");\n\n // Be forgiving if callers pass a versioned API URL or MCP URL instead of the root origin.\n // Data-plane routes (/mcp, /oauth2, /.well-known) are intentionally outside /api/v1.\n url = url.replace(/\\/api\\/v1\\/?$/, \"\").replace(/\\/mcp\\/?$/, \"\");\n url = url.replace(/\\/$/, \"\");\n\n return url;\n}\n\nexport interface KontextMcpConfig {\n /**\n * Application OAuth client ID\n */\n clientId: string;\n\n /**\n * Full URL of the MCP server endpoint.\n * When provided, the client connects directly to this URL.\n *\n * @example \"https://my-server.com/mcp\"\n */\n url?: string;\n\n /**\n * Base URL for the Kontext server.\n * Defaults to \"https://api.kontext.dev\".\n * Only override for local development or self-hosted instances.\n */\n server?: string;\n\n /**\n * Redirect URI for OAuth callback\n * Must match one of the registered redirect URIs for the application\n */\n redirectUri: string;\n\n /**\n * Storage implementation for persisting tokens\n * Defaults to MemoryStorage if not provided\n */\n storage?: KontextStorage;\n\n /**\n * Optional session key for namespacing storage\n * Useful when multiple users/sessions share the same storage\n * Defaults to \"default\"\n */\n sessionKey?: string;\n\n /**\n * Client name for identification in MCP protocol\n */\n clientName?: string;\n\n /**\n * Client version for identification in MCP protocol\n */\n clientVersion?: string;\n\n /**\n * Callback invoked when OAuth authorization is required.\n *\n * For CLI/Desktop apps:\n * Open the browser, wait for the callback, and return the callback URL.\n * The SDK will extract the code and complete the flow.\n *\n * For Web apps:\n * Redirect to the URL (return nothing). After redirect back,\n * call `handleCallback(url)` on a fresh instance.\n *\n * @param url The authorization URL to open/redirect to\n * @returns The callback URL (CLI/Desktop) or void/Promise<void> (Web)\n */\n onAuthRequired: (\n url: URL,\n ) => string | URL | void | Promise<string | URL | void>;\n\n /**\n * Callback invoked when the server requests URL elicitation (MCP spec -32042).\n * This is the protocol-native way for servers to ask the user to visit a URL\n * (e.g., to connect an OAuth integration).\n *\n * When provided, the client declares `elicitation: { url: {} }` capability.\n */\n onElicitationUrl?: (entry: ElicitationEntry) => void | Promise<void>;\n}\n\nexport type RuntimeIntegrationCategory =\n | \"gateway_remote_mcp\"\n | \"internal_mcp_credentials\";\n\nexport type RuntimeIntegrationConnectType = \"oauth\" | \"credentials\" | \"none\";\n\nexport interface RuntimeIntegrationRecord {\n id: string;\n name: string;\n url: string;\n category: RuntimeIntegrationCategory;\n connectType: RuntimeIntegrationConnectType;\n authMode?: \"oauth\" | \"user_token\" | \"server_token\" | \"none\";\n credentialSchema?: unknown;\n requiresOauth?: boolean;\n connection?: {\n connected: boolean;\n status: \"connected\" | \"disconnected\";\n expiresAt?: string;\n displayName?: string;\n };\n}\n\n/**\n * Kontext MCP runtime client\n *\n * Provides a simplified interface for connecting to any MCP server\n * and interacting with tools. Authentication is handled automatically.\n */\nexport class KontextMcp {\n private readonly config: KontextMcpConfig;\n private readonly storage: KontextStorage;\n private readonly oauthProvider: KontextOAuthProvider;\n private transport: StreamableHTTPClientTransport | null = null;\n private client: Client | null = null;\n private _isConnected = false;\n private _pendingConnect: Promise<void> | null = null;\n private _pendingAuthFlow: Promise<void> | null = null;\n private _authFlowResolve: (() => void) | null = null;\n\n constructor(config: KontextMcpConfig) {\n this.config = config;\n this.storage = config.storage ?? new MemoryStorage();\n\n this.oauthProvider = new KontextOAuthProvider({\n clientId: config.clientId,\n redirectUri: config.redirectUri,\n storage: this.storage,\n sessionKey: config.sessionKey ?? \"default\",\n clientName: config.clientName,\n onRedirectToAuthorization: async (url) => {\n // Create a promise that resolves when auth completes\n this._pendingAuthFlow = new Promise<void>((resolve) => {\n this._authFlowResolve = resolve;\n });\n\n // Delegate to user's callback\n const result = await config.onAuthRequired(url);\n if (result) {\n // User returned a callback URL - complete the flow\n await this.handleCallback(result);\n }\n // If no result, user redirected (web app) - they'll call handleCallback separately\n },\n });\n }\n\n /**\n * Check if we're currently connected\n */\n get isConnected(): boolean {\n return this._isConnected;\n }\n\n /**\n * Get the underlying MCP client for advanced usage\n */\n get mcpClient(): Client | null {\n return this.client;\n }\n\n /**\n * Get the session ID from the transport\n */\n get sessionId(): string | undefined {\n return this.transport?.sessionId;\n }\n\n /**\n * Get the server base URL\n */\n private get serverUrl(): string {\n return normalizeKontextServerUrl(this.config.server ?? DEFAULT_SERVER);\n }\n\n /**\n * Get the MCP endpoint URL.\n * When `url` is provided, use it directly. Otherwise derive from server.\n */\n private get mcpEndpointUrl(): string {\n return this.config.url ?? `${this.serverUrl}/mcp`;\n }\n\n /**\n * List available tools from the server\n *\n * This will automatically handle authentication if needed.\n */\n async listTools(): Promise<Tool[]> {\n await this.ensureConnected();\n const response = await this.client!.listTools();\n return response.tools;\n }\n\n /**\n * Call a tool\n *\n * This will automatically handle authentication if needed.\n *\n * @param name The tool name\n * @param args The tool arguments\n */\n async callTool(\n name: string,\n args?: Record<string, unknown>,\n ): Promise<CallToolResult> {\n await this.ensureConnected();\n try {\n const result = await this.client!.callTool({\n name,\n arguments: args,\n });\n return result as CallToolResult;\n } catch (error) {\n // Handle error-based URL elicitation (MCP -32042)\n if (\n error instanceof UrlElicitationRequiredError &&\n this.config.onElicitationUrl\n ) {\n for (const elicitation of error.elicitations) {\n await this.config.onElicitationUrl({\n url: elicitation.url,\n message: elicitation.message ?? \"Action required\",\n elicitationId: elicitation.elicitationId ?? \"\",\n integrationId: (elicitation as Record<string, unknown>)\n .integrationId as string | undefined,\n integrationName: (elicitation as Record<string, unknown>)\n .integrationName as string | undefined,\n });\n }\n }\n throw error;\n }\n }\n\n /**\n * Create a connect session for the hosted connect UI.\n *\n * Returns a URL that can be opened in a browser to let the user\n * connect integrations proactively (before hitting -32042 errors).\n */\n async createConnectSession(): Promise<{\n connectUrl: string;\n sessionId: string;\n expiresAt: string;\n }> {\n const tokens = await this.oauthProvider.tokens();\n if (!tokens?.access_token) {\n throw new AuthorizationRequiredError(\n \"Authorization required. Complete the OAuth flow first.\",\n );\n }\n\n const response = await fetch(`${this.serverUrl}/mcp/connect-session`, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${tokens.access_token}`,\n \"Content-Type\": \"application/json\",\n },\n });\n\n if (response.status === 401) {\n throw new AuthorizationRequiredError(\n \"Access token expired or invalid. Re-authenticate and retry.\",\n );\n }\n\n if (!response.ok) {\n throw new KontextError(\n `Failed to create connect session: HTTP ${response.status}`,\n \"kontext_connect_session_failed\",\n { statusCode: response.status },\n );\n }\n\n return (await response.json()) as {\n connectUrl: string;\n sessionId: string;\n expiresAt: string;\n };\n }\n\n /**\n * List integrations attached to the current application/runtime identity.\n *\n * This is used by higher-level orchestrators to discover mixed integration\n * topologies (gateway + internal credential integrations).\n */\n async listRuntimeIntegrations(): Promise<RuntimeIntegrationRecord[]> {\n const tokens = await this.oauthProvider.tokens();\n if (!tokens?.access_token) {\n throw new AuthorizationRequiredError(\n \"Authorization required. Complete the OAuth flow first.\",\n );\n }\n\n const response = await fetch(`${this.serverUrl}/mcp/integrations`, {\n method: \"GET\",\n headers: {\n Authorization: `Bearer ${tokens.access_token}`,\n },\n });\n\n if (response.status === 401) {\n throw new AuthorizationRequiredError(\n \"Access token expired or invalid. Re-authenticate and retry.\",\n );\n }\n\n if (!response.ok) {\n throw new KontextError(\n `Failed to list runtime integrations: HTTP ${response.status}`,\n \"kontext_runtime_integrations_failed\",\n { statusCode: response.status },\n );\n }\n\n const payload = (await response.json()) as {\n items?: Array<Record<string, unknown>>;\n };\n const items = Array.isArray(payload?.items) ? payload.items : [];\n\n return items\n .map((item): RuntimeIntegrationRecord | null => {\n const id = typeof item.id === \"string\" ? item.id : \"\";\n const name = typeof item.name === \"string\" ? item.name : id;\n const url = typeof item.url === \"string\" ? item.url : \"\";\n if (!id || !url) return null;\n\n const category =\n item.category === \"internal_mcp_credentials\"\n ? \"internal_mcp_credentials\"\n : \"gateway_remote_mcp\";\n const connectType =\n item.connectType === \"credentials\" ||\n item.connectType === \"oauth\" ||\n item.connectType === \"none\"\n ? item.connectType\n : category === \"internal_mcp_credentials\"\n ? \"credentials\"\n : item.authMode === \"oauth\"\n ? \"oauth\"\n : \"none\";\n\n const rawConnection =\n item.connection && typeof item.connection === \"object\"\n ? (item.connection as Record<string, unknown>)\n : undefined;\n const connected =\n rawConnection && typeof rawConnection.connected === \"boolean\"\n ? rawConnection.connected\n : false;\n const status =\n rawConnection?.status === \"connected\" ? \"connected\" : \"disconnected\";\n\n return {\n id,\n name,\n url,\n category,\n connectType,\n authMode:\n item.authMode === \"oauth\" ||\n item.authMode === \"user_token\" ||\n item.authMode === \"server_token\" ||\n item.authMode === \"none\"\n ? item.authMode\n : undefined,\n credentialSchema: item.credentialSchema,\n requiresOauth:\n typeof item.requiresOauth === \"boolean\"\n ? item.requiresOauth\n : undefined,\n connection: rawConnection\n ? {\n connected,\n status,\n expiresAt:\n typeof rawConnection.expiresAt === \"string\"\n ? rawConnection.expiresAt\n : undefined,\n displayName:\n typeof rawConnection.displayName === \"string\"\n ? rawConnection.displayName\n : undefined,\n }\n : undefined,\n };\n })\n .filter((item): item is RuntimeIntegrationRecord => item !== null);\n }\n\n /**\n * Handle an OAuth callback URL\n *\n * Call this after the user has been redirected back from authorization.\n * This is required for web apps where `onAuthRequired` redirects instead of waiting.\n *\n * @param callbackUrl The full callback URL with query parameters\n */\n async handleCallback(callbackUrl: string | URL): Promise<void> {\n const { code, state, error, errorDescription } =\n parseOAuthCallback(callbackUrl);\n\n if (error) {\n this._authFlowResolve?.();\n this._authFlowResolve = null;\n throw new AuthorizationRequiredError(\n errorDescription ?? `OAuth error: ${error}`,\n );\n }\n\n const isValidState = await this.oauthProvider.validateState(state);\n if (!isValidState) {\n this._authFlowResolve?.();\n this._authFlowResolve = null;\n throw new OAuthError(\n \"OAuth state validation failed. The state parameter did not match. Retry the authorization flow.\",\n \"kontext_oauth_state_invalid\",\n );\n }\n\n if (!code) {\n this._authFlowResolve?.();\n this._authFlowResolve = null;\n throw new AuthorizationRequiredError(\n \"No authorization code in callback URL\",\n );\n }\n\n try {\n // Create transport if needed\n if (!this.transport) {\n this.transport = new StreamableHTTPClientTransport(\n new URL(this.mcpEndpointUrl),\n {\n authProvider: this.oauthProvider,\n },\n );\n }\n\n // Exchange code for tokens (via MCP SDK)\n await this.transport.finishAuth(code);\n\n // Get the tokens from the auth code flow.\n // The backend auto-exchange produces resource-scoped tokens directly —\n // no client-side token exchange needed.\n const tokens = await this.oauthProvider.tokens();\n if (!tokens?.access_token) {\n throw new AuthorizationRequiredError(\"Failed to obtain tokens\");\n }\n\n await this.oauthProvider.saveTokens(tokens);\n } finally {\n // Signal that auth flow completed\n this._authFlowResolve?.();\n this._authFlowResolve = null;\n }\n }\n\n /**\n * Disconnect from the server\n */\n async disconnect(): Promise<void> {\n try {\n if (this.transport) {\n try {\n await this.transport.terminateSession();\n } catch {\n // Ignore termination errors\n }\n await this.transport.close();\n }\n } finally {\n this.transport = null;\n this.client = null;\n this._isConnected = false;\n }\n }\n\n /**\n * Clear stored tokens and require re-authentication\n */\n async clearAuth(): Promise<void> {\n await this.oauthProvider.clearAll();\n await this.disconnect();\n }\n\n /**\n * Check if this URL is an OAuth callback\n *\n * Useful for web apps to detect if the current URL is a callback.\n *\n * @param url The URL to check\n */\n isCallback(url: string | URL): boolean {\n const urlObj = typeof url === \"string\" ? new URL(url) : url;\n const redirectUri = new URL(this.config.redirectUri);\n return (\n urlObj.pathname === redirectUri.pathname &&\n (urlObj.searchParams.has(\"code\") || urlObj.searchParams.has(\"error\"))\n );\n }\n\n /**\n * Ensure we're connected, handling auth if needed\n */\n private async ensureConnected(): Promise<void> {\n if (this._isConnected && this.client) {\n return;\n }\n\n // Prevent concurrent connection attempts\n if (this._pendingConnect) {\n await this._pendingConnect;\n return;\n }\n\n this._pendingConnect = this.doConnect();\n try {\n await this._pendingConnect;\n } finally {\n this._pendingConnect = null;\n }\n }\n\n /**\n * Internal connection logic\n */\n private async doConnect(authRetryCount = 0): Promise<void> {\n // Tokens from auth code flow are already resource-scoped —\n // no client-side exchange needed.\n\n // Create transport if needed (may already exist from auth flow)\n if (!this.transport) {\n this.transport = new StreamableHTTPClientTransport(\n new URL(this.mcpEndpointUrl),\n {\n authProvider: this.oauthProvider,\n },\n );\n }\n\n const capabilities: Record<string, Record<string, unknown>> = {\n tools: {},\n };\n if (this.config.onElicitationUrl) {\n capabilities.elicitation = { url: {} };\n }\n\n this.client = new Client(\n {\n name: this.config.clientName ?? \"kontext-sdk\",\n version: this.config.clientVersion ?? \"0.0.1\",\n },\n { capabilities },\n );\n\n // Register elicitation handlers when callback is provided\n if (this.config.onElicitationUrl) {\n const onElicitationUrl = this.config.onElicitationUrl;\n\n // Handle server-initiated elicitation requests (request-based)\n this.client.setRequestHandler(ElicitRequestSchema, async (request) => {\n const params = request.params;\n if (params.mode === \"url\" && \"url\" in params) {\n await onElicitationUrl({\n url: params.url,\n message: params.message ?? \"Action required\",\n elicitationId: params.elicitationId ?? \"\",\n integrationId: (params as Record<string, unknown>).integrationId as\n | string\n | undefined,\n integrationName: (params as Record<string, unknown>)\n .integrationName as string | undefined,\n });\n }\n return { action: \"accept\" as const };\n });\n\n // Handle elicitation completion notifications\n this.client.setNotificationHandler(\n ElicitationCompleteNotificationSchema,\n () => {\n // Completion notification received — no action needed from the client.\n // The server will retry the tool call automatically.\n },\n );\n }\n\n try {\n await this.client.connect(this.transport);\n this._isConnected = true;\n } catch (error) {\n // If UnauthorizedError, wait for pending auth flow to complete and retry\n if (error instanceof Error && isUnauthorizedError(error)) {\n if (this._pendingAuthFlow) {\n // Auth flow was triggered - wait for it to complete\n await this._pendingAuthFlow;\n this._pendingAuthFlow = null;\n\n // Clean up both - we need fresh instances for retry\n // The transport was already started and can't be reused\n this.transport = null;\n this.client = null;\n\n if (authRetryCount >= 1) {\n throw new AuthorizationRequiredError(\n \"Authorization completed, but the MCP server still rejected the token. Verify OAuth resource audience and token issuer configuration.\",\n { cause: error },\n );\n }\n\n // Retry connection after auth completed\n return this.doConnect(authRetryCount + 1);\n }\n\n // No pending auth flow - clean up and throw error\n this.transport = null;\n this.client = null;\n throw new AuthorizationRequiredError(\n \"Authorization required. Complete the OAuth flow and retry.\",\n );\n }\n\n // Other errors - clean up and wrap in KontextError\n this.transport = null;\n this.client = null;\n if (error instanceof KontextError) throw error;\n throw new KontextError(\n `Failed to connect to MCP server at ${this.mcpEndpointUrl}. ${error instanceof Error ? error.message : String(error)}`,\n \"kontext_mcp_connection_failed\",\n { cause: error },\n );\n }\n }\n}\n\n// Re-export types\nexport type { Tool, CallToolResult } from \"@modelcontextprotocol/sdk/types.js\";\n","/**\n * Shared utilities for Kontext tool handling.\n * Used by both KontextClient (core) and withKontext (Cloudflare adapter).\n */\n\nimport {\n IntegrationConnectionRequiredError,\n type ElicitationEntry,\n} from \"../errors.js\";\n\n// Re-export for backward compatibility\nexport type { ElicitationEntry } from \"../errors.js\";\n\n// ============================================================================\n// Shared types\n// ============================================================================\n\nexport interface IntegrationStatus {\n readonly id: string;\n readonly name: string;\n readonly connected: boolean;\n readonly connectUrl?: string;\n}\n\n// ============================================================================\n// System prompt\n// ============================================================================\n\n/**\n * Build an LLM system prompt based on available tool names and integration status.\n * Detects `*_SEARCH_TOOLS` / `*_EXECUTE_TOOL` suffixed names from the\n * Cloudflare Agents MCP proxy and generates appropriate guidance.\n */\nexport function buildKontextSystemPrompt(\n toolNames: readonly string[],\n integrations: readonly IntegrationStatus[],\n): string {\n if (toolNames.length === 0) return \"\";\n\n const searchTool = toolNames.find((n) => n.endsWith(\"_SEARCH_TOOLS\"));\n const executeTool = toolNames.find((n) => n.endsWith(\"_EXECUTE_TOOL\"));\n const requestCapabilityTool = toolNames.find((n) =>\n n.endsWith(\"_REQUEST_CAPABILITY\"),\n );\n\n let prompt =\n \"You are a helpful assistant with access to various tools and integrations through Kontext.\\n\" +\n \"You can help users with tasks across their connected services (GitHub, Linear, Slack, etc.).\\n\" +\n \"When a user asks about their services, use the available MCP tools to help them.\\n\" +\n \"The user has already authenticated — tools run as the user with their permissions, including access to private repositories and org resources.\";\n\n if (searchTool && executeTool) {\n prompt +=\n `\\n\\nYou have access to external integrations through Kontext MCP tools:\\n` +\n `- Call \\`${searchTool}\\` first to discover what tools/integrations are available.\\n` +\n `- Then call \\`${executeTool}\\` with the tool_id and arguments to run a specific tool.\\n` +\n `- When the user asks about \"my repos\", \"my issues\", etc., use the appropriate tool to look up their data directly. Do not ask for their username — the tools already know who they are.\\n` +\n `Always start by searching for tools when the user asks about their connected services.`;\n }\n\n // Append integration status section when there are integrations to report\n if (integrations.length > 0) {\n const connected = integrations.filter((i) => i.connected);\n const disconnected = integrations.filter((i) => !i.connected);\n\n if (disconnected.length > 0) {\n prompt += \"\\n\\n## Integration Status\";\n\n if (connected.length > 0) {\n prompt += `\\n\\nYou already have access to: ${connected.map((i) => i.name).join(\", \")}`;\n }\n\n prompt += `\\n\\nThe following services require user authorization: ${disconnected.map((i) => i.name).join(\", \")}`;\n\n if (requestCapabilityTool) {\n const example = disconnected[0]?.name ?? \"GitHub\";\n prompt +=\n `\\n\\n**IMPORTANT:** When the user requests an action that requires one of these services:` +\n `\\n1. Call the \\`${requestCapabilityTool}\\` tool with \\`capability_name\\` set to the service name (e.g. \"${example}\")` +\n `\\n2. The tool will return an authorization link` +\n `\\n3. Include the link in your response so the user can click it to connect` +\n `\\n4. After the user authorizes, the service will be available on their next message`;\n } else {\n prompt +=\n \"\\n\\nWhen the user asks about a disconnected integration, let them know it needs to be connected first. Do not attempt to use tools from disconnected integrations without informing the user.\";\n }\n }\n }\n\n return prompt;\n}\n\n// ============================================================================\n// Auth-aware toolset orchestrator\n// ============================================================================\n\nexport interface AuthAwareToolset {\n /** System prompt with integration status and REQUEST_CAPABILITY instructions. */\n readonly systemPrompt: string;\n /** REQUEST_CAPABILITY tool to inject, or null if all integrations are connected. */\n readonly requestCapabilityTool: {\n readonly name: string;\n readonly description: string;\n readonly parameters: Record<string, unknown>;\n readonly execute: (...args: unknown[]) => Promise<string>;\n } | null;\n}\n\n/**\n * Enrich a tool set with auth awareness.\n *\n * Given tool names and integration status, produces:\n * - A system prompt that tells the LLM about connected/disconnected integrations\n * - A REQUEST_CAPABILITY tool (if needed) that returns auth URLs as text\n *\n * Both `ai/` and `cloudflare/` adapters use this as their core auth layer.\n */\nexport function enrichToolsWithAuthAwareness(\n toolNames: readonly string[],\n integrations: readonly IntegrationStatus[],\n options?: { prefix?: string },\n): AuthAwareToolset {\n const hasDisconnected = integrations.some(\n (i) => !i.connected && i.connectUrl,\n );\n\n if (!hasDisconnected) {\n return {\n systemPrompt: buildKontextSystemPrompt(toolNames, integrations),\n requestCapabilityTool: null,\n };\n }\n\n // Determine prefix from existing tool names or option\n const prefix =\n options?.prefix ??\n toolNames\n .find((n) => n.endsWith(\"_SEARCH_TOOLS\"))\n ?.replace(/_SEARCH_TOOLS$/, \"\") ??\n \"kontext\";\n\n const toolName = `${prefix}_REQUEST_CAPABILITY`;\n const tool = buildRequestCapabilityTool(integrations);\n\n // Include REQUEST_CAPABILITY in tool names so the system prompt references it\n const allToolNames = [...toolNames, toolName];\n\n return {\n systemPrompt: buildKontextSystemPrompt(allToolNames, integrations),\n requestCapabilityTool: { name: toolName, ...tool },\n };\n}\n\n// ============================================================================\n// Integration status parsing\n// ============================================================================\n\n/**\n * Parse integration status from gateway tool search results.\n * Extracts connected integrations from tools and disconnected from errors.\n */\nexport function parseIntegrationStatus(\n tools: ReadonlyArray<{ server?: { id?: string; name?: string } }>,\n errors: ReadonlyArray<{ serverId: string; serverName?: string }>,\n elicitations?: ReadonlyArray<{\n url: string;\n integrationId?: string;\n integrationName?: string;\n }>,\n): IntegrationStatus[] {\n const seen = new Set<string>();\n const result: IntegrationStatus[] = [];\n\n for (const t of tools) {\n const sid = t.server?.id;\n if (sid && !seen.has(sid)) {\n seen.add(sid);\n result.push({\n id: sid,\n name: t.server?.name ?? sid,\n connected: true,\n });\n }\n }\n\n for (const e of errors) {\n if (!seen.has(e.serverId)) {\n seen.add(e.serverId);\n const elicitation = elicitations?.find(\n (el) => el.integrationId === e.serverId,\n );\n result.push({\n id: e.serverId,\n name: e.serverName ?? e.serverId,\n connected: false,\n connectUrl: elicitation?.url,\n });\n }\n }\n\n return result;\n}\n\n// ============================================================================\n// Request capability tool\n// ============================================================================\n\n/**\n * Build a tool that lets the LLM request connection of a disconnected capability.\n * Returns the connect URL as text so the LLM can present it to the user.\n * No popups — the user clicks the link in the chat to authorize.\n */\nexport function buildRequestCapabilityTool(\n capabilities: readonly IntegrationStatus[],\n): {\n description: string;\n parameters: Record<string, unknown>;\n execute: (...args: unknown[]) => Promise<string>;\n} {\n const disconnected = capabilities.filter((c) => !c.connected && c.connectUrl);\n\n const capabilityList =\n disconnected.length > 0\n ? disconnected.map((c) => c.name).join(\", \")\n : \"none\";\n\n return {\n description:\n `Request connection to a capability that is not yet connected. ` +\n `Currently disconnected capabilities: ${capabilityList}. ` +\n `Call this tool with the capability name to initiate the connection flow.`,\n parameters: {\n type: \"object\",\n properties: {\n capability_name: {\n type: \"string\",\n description: \"The name of the capability to connect\",\n },\n },\n required: [\"capability_name\"],\n },\n execute: async (...args: unknown[]): Promise<string> => {\n const input = (args[0] ?? {}) as { capability_name?: string };\n const name = input.capability_name ?? \"\";\n\n // Auto-select when called without a name and there's only one option\n if (!name && disconnected.length === 1 && disconnected[0]) {\n return (\n `${disconnected[0].name} requires authorization. ` +\n `Please visit the following link to connect: ${disconnected[0].connectUrl}`\n );\n }\n\n const match = disconnected.find(\n (c) => c.name.toLowerCase() === name.toLowerCase(),\n );\n\n if (!match) {\n const isConnected = capabilities.find(\n (c) => c.connected && c.name.toLowerCase() === name.toLowerCase(),\n );\n if (isConnected) {\n return `${isConnected.name} is already connected and ready to use.`;\n }\n return `Unknown capability \"${name}\". Available disconnected capabilities: ${capabilityList}.`;\n }\n\n return (\n `${match.name} requires authorization. ` +\n `Please visit the following link to connect: ${match.connectUrl}`\n );\n },\n };\n}\n\n/**\n * Pre-flight integration status detection.\n * Calls SEARCH_TOOLS on raw (unwrapped) tools to detect connected/disconnected\n * integrations without triggering any popups or broadcasts.\n */\nexport async function preflightIntegrationStatus(\n tools: ToolSetLike,\n): Promise<IntegrationStatus[]> {\n const searchToolKey = Object.keys(tools).find((k) =>\n k.endsWith(\"_SEARCH_TOOLS\"),\n );\n if (!searchToolKey || !tools[searchToolKey]?.execute) return [];\n\n try {\n const result = await tools[searchToolKey].execute!({ limit: 100 });\n\n // Cloudflare getAITools() returns MCP CallToolResult objects, not strings.\n // Extract JSON text from either a plain string or a CallToolResult shape.\n let json: string | undefined;\n if (typeof result === \"string\") {\n json = result;\n } else if (result && typeof result === \"object\") {\n const content = (\n result as {\n content?: Array<{\n type: string;\n resource?: { text?: string };\n text?: string;\n }>;\n }\n ).content;\n const first = content?.[0];\n json = first?.resource?.text ?? first?.text;\n }\n\n if (typeof json === \"string\") {\n const parsed = JSON.parse(json);\n if (parsed && typeof parsed === \"object\") {\n return parseIntegrationStatus(\n Array.isArray(parsed.items) ? parsed.items : [],\n Array.isArray(parsed.errors) ? parsed.errors : [],\n Array.isArray(parsed.elicitations) ? parsed.elicitations : [],\n );\n }\n }\n } catch (err: unknown) {\n // All integrations disconnected: -32042 error contains elicitations\n const elicitations = extractElicitations(err);\n if (elicitations?.length) {\n return elicitations\n .filter(\n (e): e is ElicitationEntry & { integrationId: string } =>\n !!e.integrationId,\n )\n .map((e) => ({\n id: e.integrationId,\n name: e.integrationName ?? e.integrationId,\n connected: false,\n connectUrl: e.url,\n }));\n }\n }\n\n return [];\n}\n\n// ============================================================================\n// Tool wrapping\n// ============================================================================\n\n/** A tool with an optional async execute method */\nexport interface ToolLike {\n execute?: (...args: unknown[]) => Promise<unknown>;\n [key: string]: unknown;\n}\n\n/** Record of named tools */\nexport type ToolSetLike = Record<string, ToolLike>;\n\n/**\n * Extract elicitation entries from an error thrown by the MCP SDK.\n * Handles two shapes: direct code/data and nested cause.\n */\nexport function extractElicitations(\n err: unknown,\n): ElicitationEntry[] | undefined {\n const error = err as {\n code?: number;\n data?: { elicitations?: ElicitationEntry[] };\n cause?: {\n code?: number;\n data?: { elicitations?: ElicitationEntry[] };\n };\n };\n\n // Primary: structured McpError with code -32042\n if (error?.code === -32042 && error?.data?.elicitations?.length) {\n return error.data.elicitations;\n }\n\n // Nested cause (some SDK wrappers nest the original error)\n if (\n error?.cause?.code === -32042 &&\n error?.cause?.data?.elicitations?.length\n ) {\n return error.cause.data.elicitations;\n }\n\n return undefined;\n}\n\n/**\n * Wrap tools to catch MCP error code -32042 (URL elicitation required)\n * and convert to IntegrationConnectionRequiredError.\n */\nexport function wrapToolsWithElicitation<T extends ToolSetLike>(tools: T): T {\n return Object.fromEntries(\n Object.entries(tools).map(([name, tool]) => [\n name,\n {\n ...tool,\n execute: tool.execute\n ? async (...args: unknown[]) => {\n try {\n return await tool.execute!(...args);\n } catch (err: unknown) {\n const elicitations = extractElicitations(err);\n const elicitation = elicitations?.[0];\n if (elicitation?.url) {\n const integrationId = elicitation.integrationId ?? \"unknown\";\n throw new IntegrationConnectionRequiredError(integrationId, {\n integrationName: elicitation.integrationName,\n connectUrl: elicitation.url,\n message: elicitation.message,\n });\n }\n throw err;\n }\n }\n : undefined,\n },\n ]),\n ) as T;\n}\n","import type { KontextClient } from \"../../index.js\";\nimport type { RuntimeIntegrationRecord } from \"../../../mcp/client.js\";\n\nexport type BackendSource = \"gateway\" | \"internal\";\n\nexport interface RoutingBackend {\n backendId: string;\n source: BackendSource;\n client: KontextClient;\n integrationId?: string;\n integrationName?: string;\n}\n\nexport function gatewayBackendId(): \"gateway\" {\n return \"gateway\";\n}\n\nexport function internalBackendId(integrationId: string): string {\n return `internal:${integrationId}`;\n}\n\nexport function isInternalIntegration(\n integration: RuntimeIntegrationRecord,\n): boolean {\n return integration.category === \"internal_mcp_credentials\";\n}\n\nexport function sortInternalIntegrations(\n integrations: RuntimeIntegrationRecord[],\n): RuntimeIntegrationRecord[] {\n return integrations\n .filter(isInternalIntegration)\n .sort((a, b) => a.id.localeCompare(b.id));\n}\n\nexport function createGatewayBackend(client: KontextClient): RoutingBackend {\n return {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n client,\n };\n}\n\nexport function createInternalBackend(input: {\n integration: RuntimeIntegrationRecord;\n client: KontextClient;\n}): RoutingBackend {\n return {\n backendId: internalBackendId(input.integration.id),\n source: \"internal\",\n client: input.client,\n integrationId: input.integration.id,\n integrationName: input.integration.name,\n };\n}\n","import type { KontextTool } from \"../../index.js\";\nimport type { BackendSource } from \"./backends.js\";\n\nexport interface ToolRouteRecord {\n toolId: string;\n backendId: string;\n source: BackendSource;\n backendToolId: string;\n integrationId?: string;\n}\n\nexport interface RouteInventoryCandidate {\n tool: KontextTool;\n route: ToolRouteRecord;\n}\n\nexport interface RouteConflictRecord {\n toolId: string;\n kept: ToolRouteRecord;\n dropped: ToolRouteRecord;\n}\n\nexport interface RouteInventorySnapshot {\n version: number;\n tools: KontextTool[];\n routes: Map<string, ToolRouteRecord>;\n conflicts: RouteConflictRecord[];\n}\n\nexport function emptyRouteInventorySnapshot(): RouteInventorySnapshot {\n return {\n version: 0,\n tools: [],\n routes: new Map(),\n conflicts: [],\n };\n}\n\nexport function buildRouteInventory(\n version: number,\n candidates: RouteInventoryCandidate[],\n options?: {\n onConflict?: (\n existing: ToolRouteRecord,\n incoming: ToolRouteRecord,\n ) => \"keep_existing\" | \"replace_existing\";\n },\n): RouteInventorySnapshot {\n const tools: KontextTool[] = [];\n const routes = new Map<string, ToolRouteRecord>();\n const conflicts: RouteConflictRecord[] = [];\n\n for (const candidate of candidates) {\n const toolId = candidate.route.toolId;\n if (!routes.has(toolId)) {\n routes.set(toolId, candidate.route);\n tools.push(candidate.tool);\n continue;\n }\n\n const existing = routes.get(toolId)!;\n const decision =\n options?.onConflict?.(existing, candidate.route) ?? \"keep_existing\";\n\n let kept = existing;\n let dropped = candidate.route;\n if (decision === \"replace_existing\") {\n const existingIdx = tools.findIndex((tool) => tool.id === toolId);\n if (existingIdx >= 0) {\n tools.splice(existingIdx, 1, candidate.tool);\n } else {\n tools.push(candidate.tool);\n }\n routes.set(toolId, candidate.route);\n kept = candidate.route;\n dropped = existing;\n }\n\n conflicts.push({\n toolId,\n kept,\n dropped,\n });\n }\n\n return {\n version,\n tools,\n routes,\n conflicts,\n };\n}\n","import {\n buildRouteInventory,\n emptyRouteInventorySnapshot,\n type RouteInventoryCandidate,\n type RouteInventorySnapshot,\n type ToolRouteRecord,\n} from \"./routes.js\";\n\nexport class RouteInventoryStore {\n private versionCounter = 0;\n private resetGeneration = 0;\n private buildRunCounter = 0;\n private latestCommittedBuildRun = 0;\n private snapshotState: RouteInventorySnapshot = emptyRouteInventorySnapshot();\n private pendingBuilds = new Map<string, Promise<RouteInventorySnapshot>>();\n\n get version(): number {\n return this.snapshotState.version;\n }\n\n get snapshot(): RouteInventorySnapshot {\n return this.snapshotState;\n }\n\n routeFor(toolId: string): ToolRouteRecord | undefined {\n return this.snapshotState.routes.get(toolId);\n }\n\n async build(\n buildCandidates: () => Promise<RouteInventoryCandidate[]>,\n options?: {\n key?: string;\n onConflict?: (\n existing: ToolRouteRecord,\n incoming: ToolRouteRecord,\n ) => \"keep_existing\" | \"replace_existing\";\n },\n ): Promise<RouteInventorySnapshot> {\n const key = options?.key ?? \"__default__\";\n const existingBuild = this.pendingBuilds.get(key);\n if (existingBuild) {\n return await existingBuild;\n }\n\n const buildGeneration = this.resetGeneration;\n const buildRun = ++this.buildRunCounter;\n const pendingPromise = (async () => {\n const candidates = await buildCandidates();\n if (this.resetGeneration !== buildGeneration) {\n return this.snapshotState;\n }\n if (buildRun >= this.latestCommittedBuildRun) {\n this.latestCommittedBuildRun = buildRun;\n this.versionCounter += 1;\n const snapshot = buildRouteInventory(this.versionCounter, candidates, {\n onConflict: options?.onConflict,\n });\n this.snapshotState = snapshot;\n return snapshot;\n }\n\n return buildRouteInventory(this.snapshotState.version, candidates, {\n onConflict: options?.onConflict,\n });\n })();\n this.pendingBuilds.set(key, pendingPromise);\n\n try {\n return await pendingPromise;\n } finally {\n if (this.pendingBuilds.get(key) === pendingPromise) {\n this.pendingBuilds.delete(key);\n }\n }\n }\n\n reset(): void {\n this.resetGeneration += 1;\n this.versionCounter = 0;\n this.latestCommittedBuildRun = this.buildRunCounter;\n this.snapshotState = emptyRouteInventorySnapshot();\n this.pendingBuilds.clear();\n }\n}\n","import { KontextError } from \"../../../errors.js\";\nimport type { ToolRouteRecord } from \"./routes.js\";\n\nexport interface RoutingPolicy {\n onRouteConflict(input: {\n toolId: string;\n existing: ToolRouteRecord;\n incoming: ToolRouteRecord;\n }): \"keep_existing\" | \"replace_existing\";\n}\n\nexport const defaultRoutingPolicy: RoutingPolicy = {\n onRouteConflict() {\n return \"keep_existing\";\n },\n};\n\nexport function toRouteConflictError(input: {\n toolId: string;\n kept: ToolRouteRecord;\n dropped: ToolRouteRecord;\n}): KontextError {\n return new KontextError(\n `Route conflict for tool \"${input.toolId}\". Keeping backend \"${input.kept.backendId}\" and dropping \"${input.dropped.backendId}\".`,\n \"kontext_tool_route_conflict\",\n {\n meta: {\n toolId: input.toolId,\n keptBackendId: input.kept.backendId,\n keptSource: input.kept.source,\n keptIntegrationId: input.kept.integrationId,\n droppedBackendId: input.dropped.backendId,\n droppedSource: input.dropped.source,\n droppedIntegrationId: input.dropped.integrationId,\n },\n },\n );\n}\n","import type { ClientState } from \"../../index.js\";\nimport type { KontextError } from \"../../../errors.js\";\n\nexport type KontextOrchestratorState = ClientState;\n\ntype OrchestratorEvent = \"stateChange\" | \"error\";\n\ntype ListenerMap = {\n stateChange: (state: KontextOrchestratorState) => void;\n error: (error: KontextError) => void;\n};\n\nexport interface OrchestratorStateController {\n readonly state: KontextOrchestratorState;\n setState(next: KontextOrchestratorState): void;\n emitError(error: KontextError): void;\n on(event: \"stateChange\", handler: ListenerMap[\"stateChange\"]): () => void;\n on(event: \"error\", handler: ListenerMap[\"error\"]): () => void;\n}\n\nexport function createOrchestratorStateController(input: {\n initialState?: KontextOrchestratorState;\n onStateChange?: (state: KontextOrchestratorState) => void;\n}): OrchestratorStateController {\n let state: KontextOrchestratorState = input.initialState ?? \"idle\";\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const listeners = new Map<OrchestratorEvent, Set<(...args: any[]) => void>>();\n\n function setState(next: KontextOrchestratorState): void {\n if (state === next) return;\n state = next;\n\n try {\n input.onStateChange?.(next);\n } catch {\n // Ignore user callback failures.\n }\n\n const handlers = listeners.get(\"stateChange\");\n if (!handlers) return;\n for (const handler of handlers) {\n try {\n handler(next);\n } catch {\n // Ignore listener failures.\n }\n }\n }\n\n function emitError(error: KontextError): void {\n const handlers = listeners.get(\"error\");\n if (!handlers) return;\n for (const handler of handlers) {\n try {\n handler(error);\n } catch {\n // Ignore listener failures.\n }\n }\n }\n\n function on(\n event: \"stateChange\" | \"error\",\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n handler: (...args: any[]) => void,\n ): () => void {\n if (!listeners.has(event)) {\n listeners.set(event, new Set());\n }\n listeners.get(event)!.add(handler);\n return () => {\n listeners.get(event)?.delete(handler);\n };\n }\n\n return {\n get state() {\n return state;\n },\n setState,\n emitError,\n on,\n };\n}\n","import { AuthorizationRequiredError, KontextError } from \"../../errors.js\";\nimport type { RuntimeIntegrationRecord } from \"../../mcp/client.js\";\nimport type { KontextStorage } from \"../../storage/types.js\";\nimport { createStorageKey, StorageKeys } from \"../../storage/types.js\";\n\ntype StoredAccessToken = {\n access_token?: string;\n expires_in?: number | string;\n issued_at?: number | string;\n token_type?: string;\n};\n\nfunction hasFreshStoredToken(\n tokens: StoredAccessToken | undefined,\n skewMs = 30_000,\n): boolean {\n if (!tokens?.access_token) return false;\n const expiresIn =\n typeof tokens.expires_in === \"number\"\n ? tokens.expires_in\n : Number(tokens.expires_in);\n const issuedAt =\n typeof tokens.issued_at === \"number\"\n ? tokens.issued_at\n : Number(tokens.issued_at);\n\n if (!Number.isFinite(expiresIn) || !Number.isFinite(issuedAt)) {\n return false;\n }\n\n const expiresAt = issuedAt + expiresIn * 1000;\n return Date.now() + skewMs < expiresAt;\n}\n\nexport interface TokenManager {\n tokenStorageKey(sessionKey: string): string;\n ensureInternalResourceToken(\n integration: RuntimeIntegrationRecord,\n options?: { forceExchange?: boolean },\n ): Promise<void>;\n}\n\nexport function createTokenManager(input: {\n clientId: string;\n baseSessionKey: string;\n gatewaySessionKey: string;\n serverUrl: string;\n storage: KontextStorage;\n}): TokenManager {\n const pendingInternalTokenExchange = new Map<string, Promise<void>>();\n\n function tokenStorageKey(sessionKey: string): string {\n return createStorageKey(input.clientId, sessionKey, StorageKeys.TOKENS);\n }\n\n async function readGatewayTokens(): Promise<{\n subjectToken: string | null;\n }> {\n const identityTokens = await input.storage.getJson<{\n access_token?: string;\n }>(\n createStorageKey(\n input.clientId,\n input.gatewaySessionKey,\n StorageKeys.IDENTITY_TOKENS,\n ),\n );\n const gatewayTokens = await input.storage.getJson<{\n access_token?: string;\n }>(tokenStorageKey(input.gatewaySessionKey));\n\n return {\n subjectToken:\n identityTokens?.access_token ?? gatewayTokens?.access_token ?? null,\n };\n }\n\n async function ensureInternalResourceToken(\n integration: RuntimeIntegrationRecord,\n options?: { forceExchange?: boolean },\n ): Promise<void> {\n const internalSessionKey = `${input.baseSessionKey}:internal:${integration.id}`;\n if (!options?.forceExchange) {\n const existingToken = await input.storage.getJson<StoredAccessToken>(\n tokenStorageKey(internalSessionKey),\n );\n if (hasFreshStoredToken(existingToken)) {\n return;\n }\n }\n\n const pending = pendingInternalTokenExchange.get(integration.id);\n if (pending) {\n return await pending;\n }\n\n const exchangePromise = (async () => {\n const { subjectToken: gatewaySubjectToken } = await readGatewayTokens();\n if (!gatewaySubjectToken) {\n return;\n }\n\n const body = new URLSearchParams({\n grant_type: \"urn:ietf:params:oauth:grant-type:token-exchange\",\n subject_token_type: \"urn:ietf:params:oauth:token-type:access_token\",\n subject_token: gatewaySubjectToken,\n resource: integration.url,\n client_id: input.clientId,\n });\n\n const response = await fetch(`${input.serverUrl}/oauth2/token`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n },\n body: body.toString(),\n });\n\n if (response.status === 401) {\n throw new AuthorizationRequiredError(\n \"Access token expired or invalid. Re-authenticate and retry.\",\n );\n }\n\n if (!response.ok) {\n throw new KontextError(\n `Failed to exchange gateway token for internal resource \"${integration.id}\": HTTP ${response.status}`,\n \"kontext_token_exchange_failed\",\n {\n statusCode: response.status,\n meta: {\n integrationId: integration.id,\n resource: integration.url,\n },\n },\n );\n }\n\n const exchanged = (await response.json()) as {\n access_token?: string;\n token_type?: string;\n expires_in?: number;\n refresh_token?: string;\n scope?: string;\n };\n\n if (!exchanged.access_token || !exchanged.token_type) {\n throw new KontextError(\n `Token exchange returned an invalid payload for integration \"${integration.id}\".`,\n \"kontext_token_exchange_failed\",\n {\n meta: {\n integrationId: integration.id,\n resource: integration.url,\n },\n },\n );\n }\n\n await input.storage.setJson(tokenStorageKey(internalSessionKey), {\n ...exchanged,\n issued_at: Date.now(),\n });\n })();\n\n pendingInternalTokenExchange.set(integration.id, exchangePromise);\n try {\n await exchangePromise;\n } finally {\n pendingInternalTokenExchange.delete(integration.id);\n }\n }\n\n return {\n tokenStorageKey,\n ensureInternalResourceToken,\n };\n}\n","import type { KontextClient } from \"../index.js\";\nimport type { RuntimeIntegrationRecord } from \"../../mcp/client.js\";\nimport {\n sortInternalIntegrations,\n type RoutingBackend,\n} from \"./internal/backends.js\";\n\nexport type InternalClientEntry = {\n integration: RuntimeIntegrationRecord;\n backendId: string;\n client: KontextClient;\n unsubscribeState: () => void;\n unsubscribeError: () => void;\n};\n\ntype InternalClientFactoryResult = {\n backend: RoutingBackend;\n client: KontextClient;\n unsubscribeState: () => void;\n unsubscribeError: () => void;\n};\n\nexport interface InternalClientRegistry {\n readonly size: number;\n entries(): IterableIterator<[string, InternalClientEntry]>;\n values(): IterableIterator<InternalClientEntry>;\n keys(): IterableIterator<string>;\n get(integrationId: string): InternalClientEntry | undefined;\n sync(discovered: RuntimeIntegrationRecord[]): Promise<void>;\n missingResolved(resolvedIntegrations: Set<string>): string[];\n dispose(mode: \"disconnect\" | \"signOut\"): Promise<void>;\n}\n\nexport function createInternalClientRegistry(input: {\n backends: Map<string, RoutingBackend>;\n createClient: (\n integration: RuntimeIntegrationRecord,\n ) => InternalClientFactoryResult;\n}): InternalClientRegistry {\n const internalClients = new Map<string, InternalClientEntry>();\n\n async function remove(integrationId: string): Promise<void> {\n const existing = internalClients.get(integrationId);\n if (!existing) return;\n\n existing.unsubscribeState();\n existing.unsubscribeError();\n internalClients.delete(integrationId);\n input.backends.delete(existing.backendId);\n\n try {\n await existing.client.disconnect();\n } catch {\n // Best effort disconnect.\n }\n }\n\n async function sync(discovered: RuntimeIntegrationRecord[]): Promise<void> {\n const sortedInternal = sortInternalIntegrations(discovered);\n const desiredById = new Map(sortedInternal.map((item) => [item.id, item]));\n\n for (const [integrationId, existing] of internalClients) {\n const next = desiredById.get(integrationId);\n if (!next) {\n await remove(integrationId);\n continue;\n }\n\n if (existing.integration.url !== next.url) {\n await remove(integrationId);\n }\n }\n\n for (const integration of sortedInternal) {\n const existing = internalClients.get(integration.id);\n if (existing) {\n existing.integration = integration;\n\n const backend = input.backends.get(existing.backendId);\n if (backend) {\n backend.integrationName = integration.name;\n }\n continue;\n }\n\n const created = input.createClient(integration);\n input.backends.set(created.backend.backendId, created.backend);\n internalClients.set(integration.id, {\n integration,\n backendId: created.backend.backendId,\n client: created.client,\n unsubscribeState: created.unsubscribeState,\n unsubscribeError: created.unsubscribeError,\n });\n }\n }\n\n function missingResolved(resolvedIntegrations: Set<string>): string[] {\n const missing: string[] = [];\n for (const integrationId of internalClients.keys()) {\n if (!resolvedIntegrations.has(integrationId)) {\n missing.push(integrationId);\n }\n }\n return missing;\n }\n\n async function dispose(mode: \"disconnect\" | \"signOut\"): Promise<void> {\n const entries = [...internalClients.values()];\n internalClients.clear();\n\n for (const backend of [...input.backends.values()]) {\n if (backend.source === \"internal\") {\n input.backends.delete(backend.backendId);\n }\n }\n\n await Promise.all(\n entries.map(async (entry) => {\n entry.unsubscribeState();\n entry.unsubscribeError();\n try {\n if (mode === \"signOut\") {\n await entry.client.auth.signOut();\n } else {\n await entry.client.disconnect();\n }\n } catch {\n // Best effort shutdown.\n }\n }),\n );\n }\n\n return {\n get size() {\n return internalClients.size;\n },\n entries() {\n return internalClients.entries();\n },\n values() {\n return internalClients.values();\n },\n keys() {\n return internalClients.keys();\n },\n get(integrationId: string) {\n return internalClients.get(integrationId);\n },\n sync,\n missingResolved,\n dispose,\n };\n}\n","/**\n * KontextOrchestrator — unified mixed-mode client facade.\n *\n * Combines:\n * - Gateway-routed tools (gateway_remote_mcp)\n * - Direct internal MCP tools (internal_mcp_credentials)\n *\n * into a single tool listing/execution surface.\n */\n\nimport {\n createSingleEndpointKontextClient,\n type ConnectSessionResult,\n type IntegrationInfo,\n type KontextClient,\n type KontextClientConfig,\n type KontextTool,\n type ToolResult,\n} from \"../index.js\";\nimport {\n normalizeKontextServerUrl,\n type RuntimeIntegrationRecord,\n} from \"../../mcp/client.js\";\nimport { MemoryStorage } from \"../../storage/memory.js\";\nimport type { KontextStorage } from \"../../storage/types.js\";\nimport {\n AuthorizationRequiredError,\n ConfigError,\n KontextError,\n isKontextError,\n isNetworkError,\n isUnauthorizedError,\n} from \"../../errors.js\";\nimport {\n createGatewayBackend,\n createInternalBackend,\n gatewayBackendId,\n internalBackendId,\n type RoutingBackend,\n} from \"./internal/backends.js\";\nimport { RouteInventoryStore } from \"./internal/inventory.js\";\nimport type {\n RouteConflictRecord,\n RouteInventoryCandidate,\n ToolRouteRecord,\n} from \"./internal/routes.js\";\nimport {\n defaultRoutingPolicy,\n toRouteConflictError,\n} from \"./internal/policy.js\";\nimport {\n createOrchestratorStateController,\n type KontextOrchestratorState,\n} from \"./internal/state.js\";\nimport { createTokenManager } from \"./token-manager.js\";\nimport {\n createInternalClientRegistry,\n type InternalClientEntry,\n} from \"./internal-client-registry.js\";\n\nexport type { KontextOrchestratorState };\n\nexport interface KontextOrchestratorConfig {\n clientId: string;\n redirectUri: string;\n serverUrl?: string;\n storage?: KontextStorage;\n sessionKey?: string;\n onAuthRequired: KontextClientConfig[\"onAuthRequired\"];\n onIntegrationRequired?: KontextClientConfig[\"onIntegrationRequired\"];\n onStateChange?: (state: KontextOrchestratorState) => void;\n}\n\nexport interface KontextOrchestrator {\n readonly state: KontextOrchestratorState;\n\n connect(): Promise<void>;\n disconnect(): Promise<void>;\n getConnectPageUrl(): Promise<ConnectSessionResult>;\n\n readonly auth: {\n signIn(): Promise<void>;\n signOut(): Promise<void>;\n handleCallback(url: string | URL): Promise<void>;\n isCallback(url: string | URL): boolean;\n readonly isAuthenticated: boolean;\n };\n\n readonly integrations: {\n list(): Promise<IntegrationInfo[]>;\n };\n\n readonly tools: {\n list(options?: { limit?: number }): Promise<KontextTool[]>;\n execute(\n toolId: string,\n args?: Record<string, unknown>,\n ): Promise<ToolResult>;\n };\n\n on(\n event: \"stateChange\",\n handler: (state: KontextOrchestratorState) => void,\n ): () => void;\n on(event: \"error\", handler: (error: KontextError) => void): () => void;\n\n readonly mcp: KontextClient[\"mcp\"];\n}\n\ntype ErrorContext = {\n backendId?: string;\n source?: \"gateway\" | \"internal\";\n integrationId?: string;\n operation: string;\n toolId?: string;\n};\n\nfunction isTransientError(err: unknown): boolean {\n if (err instanceof Error && isNetworkError(err)) {\n return true;\n }\n\n if (isKontextError(err)) {\n if (err.code === \"kontext_network_error\") return true;\n if (err.statusCode === 429) return true;\n if (typeof err.statusCode === \"number\" && err.statusCode >= 500) {\n return true;\n }\n return false;\n }\n\n if (typeof err === \"object\" && err !== null) {\n const errObj = err as { status?: unknown; statusCode?: unknown };\n const maybeStatus = errObj.statusCode ?? errObj.status;\n const status = typeof maybeStatus === \"number\" ? maybeStatus : undefined;\n if (status === 429 || (typeof status === \"number\" && status >= 500)) {\n return true;\n }\n }\n\n return false;\n}\n\nasync function withTransientRetry<T>(\n operation: () => Promise<T>,\n maxRetries = 1,\n): Promise<T> {\n const retryDelayMs = 250;\n for (let attempt = 0; attempt <= maxRetries; attempt += 1) {\n try {\n return await operation();\n } catch (err) {\n if (attempt >= maxRetries || !isTransientError(err)) {\n throw err;\n }\n await new Promise((resolve) => setTimeout(resolve, retryDelayMs));\n }\n }\n\n throw new Error(\"Transient retry loop exhausted unexpectedly.\");\n}\n\nfunction toKontextError(err: unknown, context?: ErrorContext): KontextError {\n const contextMeta = context ? { ...context } : undefined;\n const mergeMeta = (\n base?: Record<string, unknown>,\n ): Record<string, unknown> =>\n contextMeta ? { ...(base ?? {}), ...contextMeta } : (base ?? {});\n\n if (isKontextError(err)) {\n if (!contextMeta) {\n return err;\n }\n\n // Preserve subclass identity and specialized fields while avoiding\n // in-place mutation of shared error instances.\n const cloned = Object.create(Object.getPrototypeOf(err)) as KontextError;\n Object.defineProperties(cloned, Object.getOwnPropertyDescriptors(err));\n Object.defineProperty(cloned, \"meta\", {\n value: mergeMeta(err.meta),\n enumerable: true,\n writable: true,\n configurable: true,\n });\n return cloned;\n }\n\n if (err instanceof Error) {\n if (isUnauthorizedError(err)) {\n return new AuthorizationRequiredError(err.message, {\n meta: mergeMeta(),\n cause: err,\n });\n }\n return new KontextError(err.message, \"kontext_unknown_error\", {\n meta: mergeMeta(),\n cause: err,\n });\n }\n\n return new KontextError(String(err), \"kontext_unknown_error\", {\n meta: mergeMeta(),\n });\n}\n\nfunction isAuthorizationRequired(err: unknown): boolean {\n if (err instanceof AuthorizationRequiredError) return true;\n if (isKontextError(err)) {\n return err.code === \"kontext_authorization_required\";\n }\n if (typeof err === \"object\" && err !== null) {\n return (\n (err as { code?: unknown }).code === \"kontext_authorization_required\"\n );\n }\n return false;\n}\n\nfunction isTokenExchangeFailure(err: unknown): boolean {\n if (isKontextError(err)) {\n return err.code === \"kontext_token_exchange_failed\";\n }\n if (typeof err === \"object\" && err !== null) {\n return (err as { code?: unknown }).code === \"kontext_token_exchange_failed\";\n }\n return false;\n}\n\nfunction isAuthRecoveryRequired(err: unknown): boolean {\n return isAuthorizationRequired(err) || isTokenExchangeFailure(err);\n}\nexport function createKontextOrchestrator(\n config: KontextOrchestratorConfig,\n): KontextOrchestrator {\n if (!config.clientId) {\n throw new ConfigError(\n \"clientId is required. Pass it in KontextOrchestratorConfig.\",\n \"kontext_config_missing_client_id\",\n );\n }\n if (!config.redirectUri) {\n throw new ConfigError(\n \"redirectUri is required. Set it to the URL where OAuth should redirect after authorization.\",\n \"kontext_config_missing_redirect_uri\",\n );\n }\n if (!config.onAuthRequired) {\n throw new ConfigError(\n \"onAuthRequired callback is required. Provide a function that opens the OAuth URL.\",\n \"kontext_config_missing_auth_handler\",\n );\n }\n\n const baseSessionKey = config.sessionKey ?? \"default\";\n const serverUrl = normalizeKontextServerUrl(\n config.serverUrl ?? \"https://api.kontext.dev\",\n );\n const sharedStorage = config.storage ?? new MemoryStorage();\n const gatewaySessionKey = `${baseSessionKey}:gateway`;\n\n const authSourceQueue: Array<\"gateway\" | string> = [];\n const stateController = createOrchestratorStateController({\n initialState: \"idle\",\n onStateChange: config.onStateChange,\n });\n\n const routeInventory = new RouteInventoryStore();\n const routingPolicy = defaultRoutingPolicy;\n\n const runtimeIntegrations = new Map<string, RuntimeIntegrationRecord>();\n const backends = new Map<string, RoutingBackend>();\n const managedInternalOps = new Map<string, number>();\n const resolvedInternalListings = new Set<string>();\n\n const tokenManager = createTokenManager({\n clientId: config.clientId,\n baseSessionKey,\n gatewaySessionKey,\n serverUrl,\n storage: sharedStorage,\n });\n\n let pendingIntegrationRefresh: Promise<RuntimeIntegrationRecord[]> | null =\n null;\n\n const gatewayClient = createSingleEndpointKontextClient({\n clientId: config.clientId,\n redirectUri: config.redirectUri,\n serverUrl: config.serverUrl,\n storage: sharedStorage,\n sessionKey: gatewaySessionKey,\n onAuthRequired: async (url) => {\n authSourceQueue.push(\"gateway\");\n return await config.onAuthRequired(url);\n },\n onIntegrationRequired: config.onIntegrationRequired,\n });\n\n const gatewayBackend = createGatewayBackend(gatewayClient);\n backends.set(gatewayBackendId(), gatewayBackend);\n\n const gatewayStateUnsubscribe = gatewayClient.on(\"stateChange\", (state) => {\n if (state === \"needs_auth\") {\n stateController.setState(\"needs_auth\");\n }\n });\n const gatewayErrorUnsubscribe = gatewayClient.on(\"error\", (error) => {\n const translated = toKontextError(error, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"client_error_event\",\n });\n stateController.emitError(translated);\n if (isAuthRecoveryRequired(translated)) {\n stateController.setState(\"needs_auth\");\n }\n });\n\n const ensureInternalResourceToken = tokenManager.ensureInternalResourceToken;\n\n function isInternalOpManaged(integrationId: string): boolean {\n return (managedInternalOps.get(integrationId) ?? 0) > 0;\n }\n\n async function runManagedInternalOp<T>(\n integrationId: string,\n operation: () => Promise<T>,\n ): Promise<T> {\n managedInternalOps.set(\n integrationId,\n (managedInternalOps.get(integrationId) ?? 0) + 1,\n );\n try {\n return await operation();\n } finally {\n const next = (managedInternalOps.get(integrationId) ?? 1) - 1;\n if (next <= 0) {\n managedInternalOps.delete(integrationId);\n } else {\n managedInternalOps.set(integrationId, next);\n }\n }\n }\n\n function createInternalClient(integration: RuntimeIntegrationRecord): {\n backend: RoutingBackend;\n client: KontextClient;\n unsubscribeState: () => void;\n unsubscribeError: () => void;\n } {\n const client = createSingleEndpointKontextClient({\n clientId: config.clientId,\n redirectUri: config.redirectUri,\n url: integration.url,\n serverUrl: config.serverUrl,\n storage: sharedStorage,\n sessionKey: `${baseSessionKey}:internal:${integration.id}`,\n onAuthRequired: async (url) => {\n authSourceQueue.push(integration.id);\n return await config.onAuthRequired(url);\n },\n onIntegrationRequired: config.onIntegrationRequired,\n });\n\n const unsubscribeState = client.on(\"stateChange\", (state) => {\n if (state === \"needs_auth\") {\n stateController.setState(\"needs_auth\");\n }\n });\n const unsubscribeError = client.on(\"error\", (error) => {\n const translated = toKontextError(error, {\n backendId: internalBackendId(integration.id),\n source: \"internal\",\n integrationId: integration.id,\n operation: \"client_error_event\",\n });\n if (\n isInternalOpManaged(integration.id) &&\n isAuthorizationRequired(translated)\n ) {\n return;\n }\n if (isAuthRecoveryRequired(translated)) {\n stateController.setState(\"needs_auth\");\n return;\n }\n stateController.emitError(translated);\n });\n\n const backend = createInternalBackend({ integration, client });\n\n return { backend, client, unsubscribeState, unsubscribeError };\n }\n\n const internalClientRegistry = createInternalClientRegistry({\n backends,\n createClient: createInternalClient,\n });\n\n async function refreshIntegrationInventory(\n force = false,\n ): Promise<RuntimeIntegrationRecord[]> {\n if (pendingIntegrationRefresh) {\n if (!force) {\n return await pendingIntegrationRefresh;\n }\n // Serialize forced refreshes to avoid concurrent shared-state updates.\n await pendingIntegrationRefresh;\n }\n\n const refreshPromise = (async () => {\n const items = await withTransientRetry(\n async () => await gatewayClient.mcp.listRuntimeIntegrations(),\n );\n await applyRuntimeIntegrations(items);\n return items;\n })();\n pendingIntegrationRefresh = refreshPromise;\n\n try {\n return await refreshPromise;\n } finally {\n if (pendingIntegrationRefresh === refreshPromise) {\n pendingIntegrationRefresh = null;\n }\n }\n }\n\n async function applyRuntimeIntegrations(\n integrations: RuntimeIntegrationRecord[],\n ): Promise<void> {\n runtimeIntegrations.clear();\n for (const item of integrations) {\n runtimeIntegrations.set(item.id, item);\n }\n await internalClientRegistry.sync(integrations);\n }\n\n async function buildInventoryCandidates(options?: {\n limit?: number;\n runtimeIntegrations?: RuntimeIntegrationRecord[];\n }): Promise<RouteInventoryCandidate[]> {\n const candidates: RouteInventoryCandidate[] = [];\n resolvedInternalListings.clear();\n const pendingInternalAuthRetries = new Set<string>();\n\n const gatewayTools = await gatewayClient.tools.list(options);\n for (const tool of gatewayTools) {\n candidates.push({\n tool,\n route: {\n toolId: tool.id,\n backendId: gatewayBackendId(),\n source: \"gateway\",\n backendToolId: tool.id,\n },\n });\n }\n\n if (options?.runtimeIntegrations) {\n await applyRuntimeIntegrations(options.runtimeIntegrations);\n } else {\n await refreshIntegrationInventory();\n }\n\n const sortedInternalEntries = [...internalClientRegistry.values()].sort(\n (a, b) => a.integration.id.localeCompare(b.integration.id),\n );\n\n const addInternalToolsForEntry = async (entry: InternalClientEntry) => {\n const internalTools = await withTransientRetry(\n async () =>\n await runManagedInternalOp(entry.integration.id, () =>\n entry.client.tools.list(),\n ),\n );\n resolvedInternalListings.add(entry.integration.id);\n for (const tool of internalTools) {\n const backendToolId = tool.id || tool.name;\n const unifiedId = `${entry.integration.id}:${tool.name}`;\n\n candidates.push({\n tool: {\n id: unifiedId,\n name: tool.name,\n description: tool.description,\n inputSchema: tool.inputSchema,\n server: {\n id: entry.integration.id,\n name: entry.integration.name,\n },\n },\n route: {\n toolId: unifiedId,\n backendId: entry.backendId,\n source: \"internal\",\n backendToolId,\n integrationId: entry.integration.id,\n },\n });\n }\n };\n\n for (const entry of sortedInternalEntries) {\n try {\n await ensureInternalResourceToken(entry.integration);\n await addInternalToolsForEntry(entry);\n } catch (err) {\n const translated = toKontextError(err, {\n backendId: entry.backendId,\n source: \"internal\",\n integrationId: entry.integration.id,\n operation: \"tools.list\",\n });\n if (isAuthorizationRequired(translated)) {\n pendingInternalAuthRetries.add(entry.integration.id);\n continue;\n }\n if (isTokenExchangeFailure(translated)) {\n stateController.setState(\"needs_auth\");\n }\n stateController.emitError(translated);\n }\n }\n\n if (pendingInternalAuthRetries.size > 0) {\n let hasUnresolvedAuth = false;\n for (const integrationId of pendingInternalAuthRetries) {\n const entry = internalClientRegistry.get(integrationId);\n if (!entry) continue;\n\n try {\n await ensureInternalResourceToken(entry.integration, {\n forceExchange: true,\n });\n await runManagedInternalOp(integrationId, async () => {\n await entry.client.disconnect();\n await entry.client.connect();\n });\n await addInternalToolsForEntry(entry);\n } catch (err) {\n const translated = toKontextError(err);\n if (isAuthRecoveryRequired(translated)) {\n hasUnresolvedAuth = true;\n if (isTokenExchangeFailure(translated)) {\n stateController.emitError(translated);\n }\n continue;\n }\n stateController.emitError(translated);\n }\n }\n\n if (hasUnresolvedAuth) {\n stateController.setState(\"needs_auth\");\n } else if (\n stateController.state === \"needs_auth\" &&\n gatewayClient.state === \"ready\"\n ) {\n stateController.setState(\"ready\");\n }\n }\n\n return candidates;\n }\n\n async function buildToolInventory(options?: {\n limit?: number;\n runtimeIntegrations?: RuntimeIntegrationRecord[];\n }): Promise<{\n tools: KontextTool[];\n conflicts: RouteConflictRecord[];\n }> {\n const inventoryKey = JSON.stringify({\n limit: options?.limit ?? null,\n runtimeIntegrations:\n options?.runtimeIntegrations\n ?.map((integration) => integration.id)\n .sort() ?? null,\n });\n const snapshot = await routeInventory.build(\n async () => await buildInventoryCandidates(options),\n {\n key: inventoryKey,\n onConflict: (existing, incoming) =>\n routingPolicy.onRouteConflict({\n toolId: existing.toolId,\n existing,\n incoming,\n }),\n },\n );\n return {\n tools: snapshot.tools,\n conflicts: snapshot.conflicts,\n };\n }\n\n function emitRouteConflicts(conflicts: RouteConflictRecord[]): void {\n for (const conflict of conflicts) {\n stateController.emitError(\n toRouteConflictError({\n toolId: conflict.toolId,\n kept: conflict.kept,\n dropped: conflict.dropped,\n }),\n );\n }\n }\n\n function getInternalIntegrationsMissingTools(): string[] {\n return internalClientRegistry.missingResolved(resolvedInternalListings);\n }\n\n async function disposeInternalClients(\n mode: \"disconnect\" | \"signOut\",\n ): Promise<void> {\n await internalClientRegistry.dispose(mode);\n }\n\n async function ensureConnected(): Promise<void> {\n if (stateController.state === \"ready\") return;\n if (\n stateController.state === \"needs_auth\" &&\n gatewayClient.state === \"ready\"\n ) {\n return;\n }\n\n stateController.setState(\"connecting\");\n\n try {\n await gatewayClient.connect();\n await refreshIntegrationInventory(true);\n stateController.setState(\"ready\");\n } catch (err) {\n const translated = toKontextError(err, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"connect\",\n });\n if (isAuthRecoveryRequired(translated)) {\n stateController.setState(\"needs_auth\");\n } else {\n stateController.setState(\"failed\");\n }\n stateController.emitError(translated);\n throw translated;\n }\n }\n\n async function routeForExecution(toolId: string): Promise<ToolRouteRecord> {\n let route = routeInventory.routeFor(toolId);\n if (route) return route;\n\n const inventory = await buildToolInventory();\n emitRouteConflicts(inventory.conflicts);\n route = routeInventory.routeFor(toolId);\n if (route) return route;\n\n throw new KontextError(\n `Unknown tool \"${toolId}\". Call tools.list() to refresh available tools.`,\n \"kontext_tool_not_found\",\n { meta: { toolId } },\n );\n }\n\n const orchestrator: KontextOrchestrator = {\n get state() {\n return stateController.state;\n },\n\n async connect() {\n await ensureConnected();\n },\n\n async disconnect() {\n await disposeInternalClients(\"disconnect\");\n runtimeIntegrations.clear();\n routeInventory.reset();\n authSourceQueue.length = 0;\n await gatewayClient.disconnect();\n stateController.setState(\"idle\");\n },\n\n async getConnectPageUrl(): Promise<ConnectSessionResult> {\n await ensureConnected();\n return await gatewayClient.getConnectPageUrl();\n },\n\n auth: {\n async signIn() {\n if (\n stateController.state === \"needs_auth\" &&\n gatewayClient.state === \"ready\"\n ) {\n await refreshIntegrationInventory(true);\n\n let unresolvedInternalAuth = false;\n for (const [\n integrationId,\n entry,\n ] of internalClientRegistry.entries()) {\n try {\n await runManagedInternalOp(integrationId, () =>\n entry.client.auth.signIn(),\n );\n } catch (err) {\n const translated = toKontextError(err);\n if (isAuthorizationRequired(translated)) {\n unresolvedInternalAuth = true;\n continue;\n }\n stateController.emitError(translated);\n }\n }\n\n const inventory = await buildToolInventory();\n emitRouteConflicts(inventory.conflicts);\n const missingInternal = getInternalIntegrationsMissingTools();\n if (!unresolvedInternalAuth && missingInternal.length === 0) {\n stateController.setState(\"ready\");\n }\n return;\n }\n\n await ensureConnected();\n },\n\n async signOut() {\n await disposeInternalClients(\"signOut\");\n runtimeIntegrations.clear();\n routeInventory.reset();\n authSourceQueue.length = 0;\n await gatewayClient.auth.signOut();\n stateController.setState(\"idle\");\n },\n\n async handleCallback(url: string | URL) {\n if (internalClientRegistry.size === 0) {\n try {\n await refreshIntegrationInventory(true);\n } catch (err) {\n stateController.emitError(\n toKontextError(err, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"auth.handleCallback.preload\",\n }),\n );\n }\n }\n\n const ordered: Array<{\n client: KontextClient;\n sourceId?: \"gateway\" | string;\n }> = [];\n\n for (const sourceId of authSourceQueue) {\n if (sourceId === \"gateway\") {\n ordered.push({ client: gatewayClient, sourceId });\n continue;\n }\n const active = internalClientRegistry.get(sourceId);\n if (active) {\n ordered.push({ client: active.client, sourceId });\n }\n }\n\n if (gatewayClient.auth.isCallback(url)) {\n ordered.push({ client: gatewayClient });\n }\n\n for (const entry of internalClientRegistry.values()) {\n if (entry.client.auth.isCallback(url)) {\n ordered.push({ client: entry.client });\n }\n }\n\n ordered.push({ client: gatewayClient });\n ordered.push(\n ...[...internalClientRegistry.values()]\n .sort((a, b) => a.integration.id.localeCompare(b.integration.id))\n .map((entry) => ({ client: entry.client })),\n );\n\n const unique: Array<{\n client: KontextClient;\n sourceId?: \"gateway\" | string;\n }> = [];\n const seen = new Set<KontextClient>();\n for (const entry of ordered) {\n if (seen.has(entry.client)) continue;\n seen.add(entry.client);\n unique.push(entry);\n }\n\n let handledBy:\n | {\n client: KontextClient;\n sourceId?: \"gateway\" | string;\n }\n | undefined;\n let lastError: unknown = undefined;\n\n for (const entry of unique) {\n try {\n await entry.client.auth.handleCallback(url);\n handledBy = entry;\n break;\n } catch (err) {\n lastError = err;\n }\n }\n\n if (handledBy) {\n for (let idx = authSourceQueue.length - 1; idx >= 0; idx -= 1) {\n const sourceId = authSourceQueue[idx]!;\n const sourceClient =\n sourceId === \"gateway\"\n ? gatewayClient\n : internalClientRegistry.get(sourceId)?.client;\n if (sourceClient === handledBy.client) {\n authSourceQueue.splice(idx, 1);\n }\n }\n }\n\n if (!handledBy && lastError) {\n throw toKontextError(lastError, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"auth.handleCallback\",\n });\n }\n\n try {\n await ensureConnected();\n } catch (err) {\n stateController.emitError(\n toKontextError(err, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"post_callback_connect\",\n }),\n );\n }\n },\n\n isCallback(url: string | URL): boolean {\n if (gatewayClient.auth.isCallback(url)) return true;\n for (const entry of internalClientRegistry.values()) {\n if (entry.client.auth.isCallback(url)) return true;\n }\n return false;\n },\n\n get isAuthenticated(): boolean {\n return (\n stateController.state === \"ready\" ||\n gatewayClient.auth.isAuthenticated\n );\n },\n },\n\n integrations: {\n async list(): Promise<IntegrationInfo[]> {\n await ensureConnected();\n const discovered = await refreshIntegrationInventory(true);\n\n let gatewayStatuses: IntegrationInfo[] = [];\n try {\n gatewayStatuses = await gatewayClient.integrations.list();\n } catch (err) {\n stateController.emitError(\n toKontextError(err, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"integrations.list\",\n }),\n );\n }\n const gatewayById = new Map(gatewayStatuses.map((i) => [i.id, i]));\n\n const needsInternalConnectLink = discovered.some(\n (i) =>\n i.category === \"internal_mcp_credentials\" &&\n !i.connection?.connected,\n );\n\n let sharedConnectUrl: string | undefined;\n if (needsInternalConnectLink) {\n try {\n sharedConnectUrl = (await gatewayClient.getConnectPageUrl())\n .connectUrl;\n } catch {\n sharedConnectUrl = undefined;\n }\n }\n\n return discovered.map((integration) => {\n const gatewayStatus = gatewayById.get(integration.id);\n const connected =\n gatewayStatus?.connected ??\n integration.connection?.connected ??\n false;\n const connectUrl =\n gatewayStatus?.connectUrl ??\n (!connected && integration.category === \"internal_mcp_credentials\"\n ? sharedConnectUrl\n : undefined);\n const reason =\n gatewayStatus?.reason ??\n (!connected && integration.category === \"internal_mcp_credentials\"\n ? \"credentials_required\"\n : undefined);\n\n return {\n id: integration.id,\n name: integration.name,\n connected,\n connectUrl,\n reason,\n };\n });\n },\n },\n\n tools: {\n async list(options?: { limit?: number }): Promise<KontextTool[]> {\n await ensureConnected();\n let inventory = await buildToolInventory(options);\n\n const missingInternal = getInternalIntegrationsMissingTools();\n if (missingInternal.length > 0) {\n const refreshed = await refreshIntegrationInventory(true);\n inventory = await buildToolInventory({\n ...options,\n runtimeIntegrations: refreshed,\n });\n }\n emitRouteConflicts(inventory.conflicts);\n\n const unresolvedInternal = getInternalIntegrationsMissingTools();\n if (\n stateController.state === \"needs_auth\" &&\n gatewayClient.state === \"ready\" &&\n unresolvedInternal.length === 0\n ) {\n stateController.setState(\"ready\");\n }\n\n return inventory.tools;\n },\n\n async execute(\n toolId: string,\n args?: Record<string, unknown>,\n ): Promise<ToolResult> {\n await ensureConnected();\n\n const route = await routeForExecution(toolId);\n\n try {\n if (route.source === \"gateway\") {\n return await gatewayClient.tools.execute(route.backendToolId, args);\n }\n\n const integrationId = route.integrationId;\n if (!integrationId) {\n throw new KontextError(\n `Route for tool \"${toolId}\" is missing integration metadata.`,\n \"kontext_tool_not_found\",\n { meta: { toolId, route } },\n );\n }\n\n let entry = internalClientRegistry.get(integrationId);\n if (!entry) {\n await refreshIntegrationInventory(true);\n entry = internalClientRegistry.get(integrationId);\n }\n if (!entry) {\n throw new KontextError(\n `Internal integration \"${integrationId}\" is no longer attached.`,\n \"kontext_tool_not_found\",\n { meta: { integrationId } },\n );\n }\n\n await ensureInternalResourceToken(entry.integration);\n try {\n const executeInternal = async () =>\n await withTransientRetry(\n async () =>\n await runManagedInternalOp(integrationId, () =>\n entry.client.tools.execute(route.backendToolId, args),\n ),\n );\n return await executeInternal();\n } catch (innerErr) {\n const innerTranslated = toKontextError(innerErr, {\n backendId: route.backendId,\n source: route.source,\n integrationId: route.integrationId,\n operation: \"tools.execute\",\n toolId,\n });\n throw innerTranslated;\n }\n } catch (err) {\n const translated = toKontextError(err, {\n backendId: route.backendId,\n source: route.source,\n integrationId: route.integrationId,\n operation: \"tools.execute\",\n toolId,\n });\n if (isAuthRecoveryRequired(translated)) {\n stateController.setState(\"needs_auth\");\n }\n stateController.emitError(translated);\n throw translated;\n }\n },\n },\n\n on(\n event: \"stateChange\" | \"error\",\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n handler: (...args: any[]) => void,\n ): () => void {\n if (event === \"stateChange\") {\n return stateController.on(\"stateChange\", handler);\n }\n return stateController.on(\"error\", handler);\n },\n\n get mcp() {\n return gatewayClient.mcp;\n },\n };\n\n // Preserve lifecycle subscriptions.\n void gatewayStateUnsubscribe;\n void gatewayErrorUnsubscribe;\n\n return orchestrator;\n}\n","/**\n * KontextClient — protocol-agnostic facade over KontextMcp.\n *\n * Hides all MCP internals (SEARCH_TOOLS, EXECUTE_TOOL, -32042) behind a\n * clean, typed API. Advanced users can access the underlying KontextMcp\n * via `client.mcp`.\n *\n * @example\n * ```typescript\n * import { createKontextClient } from '@kontext-dev/js-sdk';\n *\n * const client = createKontextClient({\n * clientId: 'your-client-id',\n * redirectUri: 'http://localhost:3000/callback',\n * onAuthRequired: (url) => open(url.toString()),\n * });\n *\n * await client.connect();\n * const tools = await client.tools.list();\n * const result = await client.tools.execute('github:repos', { query: 'mcp' });\n * ```\n *\n * @packageDocumentation\n */\n\nimport { KontextMcp } from \"../mcp/client.js\";\nimport type { KontextStorage } from \"../storage/types.js\";\nimport { parseIntegrationStatus } from \"./tool-utils.js\";\nimport { createKontextOrchestrator } from \"./orchestrator/index.js\";\nimport type { ElicitationEntry } from \"../errors.js\";\nimport {\n AuthorizationRequiredError,\n IntegrationConnectionRequiredError,\n NetworkError,\n KontextError,\n ConfigError,\n isKontextError,\n isNetworkError,\n isUnauthorizedError,\n} from \"../errors.js\";\n\n// ============================================================================\n// Public types\n// ============================================================================\n\nexport type ClientState =\n | \"idle\"\n | \"connecting\"\n | \"ready\"\n | \"needs_auth\"\n | \"failed\";\n\nexport interface KontextClientConfig {\n clientId: string;\n redirectUri: string;\n\n /**\n * Full URL of the MCP server endpoint.\n * When provided, the client connects directly to this URL.\n *\n * @example \"https://my-server.com/mcp\"\n */\n url?: string;\n\n serverUrl?: string;\n storage?: KontextStorage;\n sessionKey?: string;\n\n onAuthRequired: (\n url: URL,\n ) => string | URL | void | Promise<string | URL | void>;\n onIntegrationRequired?: (\n url: string,\n info: { id: string; name?: string },\n ) => void | Promise<void>;\n onStateChange?: (state: ClientState) => void;\n}\n\nexport interface KontextTool {\n id: string;\n name: string;\n description?: string;\n inputSchema?: object;\n server?: { id: string; name?: string };\n}\n\nexport interface IntegrationInfo {\n id: string;\n name: string;\n connected: boolean;\n connectUrl?: string;\n reason?: string;\n}\n\nexport interface ToolResult {\n content: string;\n raw: unknown;\n}\n\nexport interface ConnectSessionResult {\n connectUrl: string;\n sessionId: string;\n expiresAt: string;\n}\n\nexport interface KontextClient {\n readonly state: ClientState;\n\n connect(): Promise<void>;\n disconnect(): Promise<void>;\n getConnectPageUrl(): Promise<ConnectSessionResult>;\n\n readonly auth: {\n signIn(): Promise<void>;\n signOut(): Promise<void>;\n handleCallback(url: string | URL): Promise<void>;\n isCallback(url: string | URL): boolean;\n readonly isAuthenticated: boolean;\n };\n\n readonly integrations: {\n list(): Promise<IntegrationInfo[]>;\n };\n\n readonly tools: {\n list(options?: { limit?: number }): Promise<KontextTool[]>;\n execute(\n toolId: string,\n args?: Record<string, unknown>,\n ): Promise<ToolResult>;\n };\n\n on(event: \"stateChange\", handler: (state: ClientState) => void): () => void;\n on(event: \"error\", handler: (error: KontextError) => void): () => void;\n\n /**\n * Advanced escape hatch to the raw MCP client.\n *\n * Note: In hybrid/orchestrator mode (`createKontextClient` called without\n * `url`), this is the gateway MCP client only. Tools from direct internal\n * integrations are exposed through `client.tools`, not through this property.\n */\n readonly mcp: KontextMcp;\n}\n\n// ============================================================================\n// Internal helpers — meta-tool detection & gateway parsing\n// ============================================================================\n\nconst META_TOOL_NAMES = new Set([\"SEARCH_TOOLS\", \"EXECUTE_TOOL\"]);\n\nfunction hasMetaTools(tools: Array<{ name: string }>): boolean {\n let hasSearch = false;\n let hasExecute = false;\n for (const tool of tools) {\n if (tool.name === \"SEARCH_TOOLS\") hasSearch = true;\n if (tool.name === \"EXECUTE_TOOL\") hasExecute = true;\n }\n return hasSearch && hasExecute;\n}\n\ntype GatewayToolSummary = {\n id: string;\n name: string;\n description?: string;\n inputSchema?: unknown;\n server?: { id?: string; name?: string; url?: string };\n};\n\ntype GatewayToolError = {\n serverId: string;\n reason: string;\n serverName?: string;\n};\n\ntype McpContentItem = {\n type?: string;\n text?: string;\n resource?: { mimeType?: string; text?: string };\n};\n\nfunction extractJsonResourceText(result: unknown): string | null {\n if (!result || typeof result !== \"object\") return null;\n const content = (result as { content?: McpContentItem[] }).content;\n if (!Array.isArray(content)) return null;\n for (const item of content) {\n if (\n item.type === \"resource\" &&\n item.resource?.mimeType === \"application/json\" &&\n item.resource.text\n ) {\n return item.resource.text;\n }\n }\n return null;\n}\n\nfunction extractTextContent(result: unknown): string {\n if (!result || typeof result !== \"object\") return String(result ?? \"\");\n const r = result as { content?: McpContentItem[] };\n if (r.content && Array.isArray(r.content)) {\n const texts = r.content\n .filter((c) => c.type === \"text\" && c.text)\n .map((c) => c.text!);\n if (texts.length > 0) return texts.join(\"\\n\");\n\n // Meta-tool EXECUTE_TOOL responses are wrapped as resource JSON payloads.\n const resourceTexts = r.content\n .filter((c) => c.type === \"resource\" && c.resource?.text)\n .map((c) => c.resource!.text!);\n if (resourceTexts.length > 0) {\n return resourceTexts\n .map((text) => {\n try {\n return extractTextContent(JSON.parse(text));\n } catch {\n return text;\n }\n })\n .join(\"\\n\");\n }\n\n return JSON.stringify(r.content);\n }\n return JSON.stringify(result);\n}\n\n// ============================================================================\n// Error translation\n// ============================================================================\n\n/**\n * Translate external errors into KontextError instances.\n * Uses structural checks (numeric codes, status codes, system error codes)\n * rather than fragile string matching.\n */\nfunction translateError(err: unknown): KontextError {\n if (isKontextError(err)) return err as KontextError;\n\n if (!(err instanceof Error)) {\n return new KontextError(String(err), \"kontext_unknown_error\");\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const props: Record<string, any> = err;\n\n // 1. MCP protocol -32042 (URL elicitation required) — check numeric code\n if (props.code === -32042) {\n const elicitations = (props.elicitations ?? props.data?.elicitations) as\n | ElicitationEntry[]\n | undefined;\n const elicitation = elicitations?.[0];\n return new IntegrationConnectionRequiredError(\n elicitation?.integrationId ?? \"unknown\",\n {\n integrationName: elicitation?.integrationName,\n connectUrl: elicitation?.url,\n message: elicitation?.message,\n cause: err,\n },\n );\n }\n\n // 2. HTTP status on the error (from MCP SDK or fetch wrappers)\n const statusCode = (props.statusCode ?? props.status) as number | undefined;\n if (typeof statusCode === \"number\" && statusCode >= 400) {\n if (statusCode === 401) {\n return new AuthorizationRequiredError(err.message, { cause: err });\n }\n return new KontextError(err.message, \"kontext_server_error\", {\n statusCode,\n cause: err,\n });\n }\n\n // 3. Auth errors — structural check\n if (isUnauthorizedError(err)) {\n return new AuthorizationRequiredError(err.message, { cause: err });\n }\n\n // 4. Network errors — structural check (system error codes, not string matching)\n if (isNetworkError(err)) {\n return new NetworkError(err.message, { cause: err });\n }\n\n // 5. Fallback\n return new KontextError(err.message, \"kontext_unknown_error\", {\n cause: err,\n });\n}\n\n// ============================================================================\n// Factory\n// ============================================================================\n\nexport function createSingleEndpointKontextClient(\n config: KontextClientConfig,\n): KontextClient {\n if (!config.clientId) {\n throw new ConfigError(\n \"clientId is required. Pass it in KontextClientConfig or set KONTEXT_CLIENT_ID.\",\n \"kontext_config_missing_client_id\",\n );\n }\n if (!config.redirectUri) {\n throw new ConfigError(\n \"redirectUri is required. Set it to the URL where OAuth should redirect after authorization.\",\n \"kontext_config_missing_redirect_uri\",\n );\n }\n if (!config.onAuthRequired) {\n throw new ConfigError(\n \"onAuthRequired callback is required. Provide a function that opens the OAuth URL.\",\n \"kontext_config_missing_auth_handler\",\n );\n }\n\n let _state: ClientState = \"idle\";\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const _listeners = new Map<string, Set<(...args: any[]) => void>>();\n let _metaToolMode: boolean | null = null;\n\n // Build KontextMcp config — route elicitation to onIntegrationRequired\n const mcp = new KontextMcp({\n clientId: config.clientId,\n url: config.url,\n server: config.serverUrl,\n redirectUri: config.redirectUri,\n storage: config.storage,\n sessionKey: config.sessionKey,\n onAuthRequired: config.onAuthRequired,\n // Route MCP elicitation to the high-level callback.\n // KontextMcp calls this then re-throws; client.tools.execute() catches\n // the re-thrown error and handles translation.\n onElicitationUrl: config.onIntegrationRequired\n ? (entry) => {\n config.onIntegrationRequired!(entry.url, {\n id: entry.integrationId ?? \"unknown\",\n name: entry.integrationName ?? entry.message,\n });\n }\n : undefined,\n });\n\n // -- State machine helpers --\n\n function setState(newState: ClientState) {\n if (_state === newState) return;\n _state = newState;\n try {\n config.onStateChange?.(newState);\n } catch {\n // Don't let listener errors break state transitions\n }\n const handlers = _listeners.get(\"stateChange\");\n if (handlers) {\n for (const handler of handlers) {\n try {\n handler(newState);\n } catch {\n // Don't let listener errors break state transitions\n }\n }\n }\n }\n\n function emitError(error: KontextError) {\n const handlers = _listeners.get(\"error\");\n if (handlers) {\n for (const handler of handlers) {\n try {\n handler(error);\n } catch {\n // Don't let listener errors mask the original error\n }\n }\n }\n }\n\n // -- Gateway tool helpers --\n\n async function fetchGatewayTools(limit = 100): Promise<{\n tools: GatewayToolSummary[];\n errors: GatewayToolError[];\n elicitations?: Array<{\n url: string;\n message?: string;\n integrationId?: string;\n integrationName?: string;\n }>;\n }> {\n const result = await mcp.callTool(\"SEARCH_TOOLS\", { limit });\n const jsonText = extractJsonResourceText(result);\n if (!jsonText) {\n throw new KontextError(\n \"SEARCH_TOOLS did not return JSON resource content. The server may not support the gateway protocol.\",\n \"kontext_tool_response_empty\",\n );\n }\n\n let parsed: unknown;\n try {\n parsed = JSON.parse(jsonText);\n } catch (e) {\n throw new KontextError(\n `SEARCH_TOOLS returned invalid JSON: ${e instanceof Error ? e.message : String(e)}`,\n \"kontext_tool_response_invalid_json\",\n );\n }\n if (Array.isArray(parsed)) {\n return { tools: parsed as GatewayToolSummary[], errors: [] };\n }\n if (parsed && typeof parsed === \"object\") {\n const obj = parsed as Record<string, unknown>;\n return {\n tools: Array.isArray(obj.items) ? obj.items : [],\n errors: Array.isArray(obj.errors) ? obj.errors : [],\n elicitations: Array.isArray(obj.elicitations)\n ? obj.elicitations\n : undefined,\n };\n }\n throw new KontextError(\n \"SEARCH_TOOLS response was not a JSON array or object. Check the server version.\",\n \"kontext_tool_response_unexpected\",\n );\n }\n\n function toKontextTool(tool: GatewayToolSummary): KontextTool {\n return {\n id: tool.id,\n name: tool.name,\n description: tool.description,\n inputSchema: tool.inputSchema as object | undefined,\n server: tool.server\n ? { id: tool.server.id ?? \"\", name: tool.server.name }\n : undefined,\n };\n }\n\n async function ensureConnected(): Promise<void> {\n if (_state === \"ready\" && mcp.isConnected) return;\n setState(\"connecting\");\n try {\n // listTools() triggers lazy connection inside KontextMcp\n const mcpTools = await mcp.listTools();\n _metaToolMode = hasMetaTools(mcpTools);\n setState(\"ready\");\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n } else {\n setState(\"failed\");\n }\n emitError(translated);\n throw translated;\n }\n }\n\n // -- Public interface --\n\n const client: KontextClient = {\n get state() {\n return _state;\n },\n\n async connect() {\n await ensureConnected();\n },\n\n async disconnect() {\n await mcp.disconnect();\n _metaToolMode = null;\n setState(\"idle\");\n },\n\n async getConnectPageUrl(): Promise<ConnectSessionResult> {\n await ensureConnected();\n try {\n return await mcp.createConnectSession();\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n }\n throw translated;\n }\n },\n\n auth: {\n async signIn() {\n await ensureConnected();\n },\n\n async signOut() {\n await mcp.clearAuth();\n _metaToolMode = null;\n setState(\"idle\");\n },\n\n async handleCallback(url: string | URL) {\n await mcp.handleCallback(url);\n try {\n await ensureConnected();\n } catch (err) {\n // Connection may not succeed yet — emit error but don't throw\n // since the callback itself was handled successfully\n emitError(translateError(err));\n }\n },\n\n isCallback(url: string | URL): boolean {\n return mcp.isCallback(url);\n },\n\n get isAuthenticated(): boolean {\n return _state === \"ready\" || mcp.isConnected;\n },\n },\n\n integrations: {\n async list(): Promise<IntegrationInfo[]> {\n await ensureConnected();\n try {\n const { tools, errors, elicitations } = await fetchGatewayTools();\n\n const statuses = parseIntegrationStatus(tools, errors, elicitations);\n\n // Enrich with reason from errors\n const errorMap = new Map(errors.map((e) => [e.serverId, e.reason]));\n return statuses.map((s) => {\n const reason = errorMap.get(s.id);\n return reason ? { ...s, reason } : s;\n });\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n }\n throw translated;\n }\n },\n },\n\n tools: {\n async list(options?: { limit?: number }): Promise<KontextTool[]> {\n await ensureConnected();\n try {\n const mcpTools = await mcp.listTools();\n const nonMetaTools = mcpTools.filter(\n (t) => !META_TOOL_NAMES.has(t.name),\n );\n\n if (nonMetaTools.length > 0 || !hasMetaTools(mcpTools)) {\n _metaToolMode = false;\n return nonMetaTools.map((t) => ({\n id: t.name,\n name: t.name,\n description: t.description,\n inputSchema: t.inputSchema as object | undefined,\n }));\n }\n\n _metaToolMode = true;\n const { tools, elicitations } = await fetchGatewayTools(\n options?.limit,\n );\n\n // If the server returned embedded elicitations (partial result with\n // some servers needing OAuth), invoke the onIntegrationRequired callback\n // so the user can connect the missing integrations.\n if (elicitations?.length && config.onIntegrationRequired) {\n for (const e of elicitations) {\n if (e.url) {\n config.onIntegrationRequired(e.url, {\n id: e.integrationId ?? \"\",\n name: e.integrationName ?? e.message,\n });\n }\n }\n }\n\n return tools.map(toKontextTool);\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n }\n throw translated;\n }\n },\n\n async execute(\n toolId: string,\n args?: Record<string, unknown>,\n ): Promise<ToolResult> {\n await ensureConnected();\n\n // Determine meta-tool mode if not yet known\n if (_metaToolMode === null) {\n const mcpTools = await mcp.listTools();\n _metaToolMode = hasMetaTools(mcpTools);\n }\n\n try {\n const result = _metaToolMode\n ? await mcp.callTool(\"EXECUTE_TOOL\", {\n tool_id: toolId,\n tool_arguments: args ?? {},\n })\n : await mcp.callTool(toolId, args);\n\n return { content: extractTextContent(result), raw: result };\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n }\n throw translated;\n }\n },\n },\n\n on(\n event: \"stateChange\" | \"error\",\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n handler: (...args: any[]) => void,\n ): () => void {\n if (!_listeners.has(event)) {\n _listeners.set(event, new Set());\n }\n _listeners.get(event)!.add(handler);\n return () => {\n _listeners.get(event)?.delete(handler);\n };\n },\n\n get mcp() {\n return mcp;\n },\n };\n\n return client;\n}\n\n/**\n * Primary SDK client entrypoint.\n *\n * - `config.url` set: single-endpoint mode.\n * - `config.url` omitted: hybrid orchestrated mode.\n */\nexport function createKontextClient(\n config: KontextClientConfig & { url: string },\n): KontextClient;\nexport function createKontextClient(\n config: Omit<KontextClientConfig, \"url\"> & { url?: undefined },\n): KontextClient;\nexport function createKontextClient(\n config: KontextClientConfig,\n): KontextClient {\n if (config.url !== undefined) {\n if (typeof config.url !== \"string\" || config.url.trim().length === 0) {\n throw new ConfigError(\n \"url must be a non-empty string. Omit url for hybrid mode, or provide a full MCP endpoint URL.\",\n \"kontext_config_invalid_url\",\n );\n }\n return createSingleEndpointKontextClient(config);\n }\n\n return createKontextOrchestrator(config);\n}\n","/**\n * Core types for the Kontext SDK\n * These mirror the API DTOs for type-safe interactions\n */\n\n// ============================================================================\n// Applications\n// ============================================================================\n\nexport interface Application {\n id: string;\n name: string;\n canModify?: boolean;\n activeSessionCount?: number;\n idleSessionCount?: number;\n liveSessionCount?: number;\n totalSessionCount?: number;\n oauth?: ApplicationOAuth;\n archivedAt?: string;\n createdAt: string;\n updatedAt: string;\n}\n\nexport interface ApplicationOAuth {\n type: \"public\" | \"confidential\";\n clientId: string;\n clientSecret?: string;\n pkceRequired: boolean;\n scopes: string[];\n authorizationUrl: string;\n tokenUrl: string;\n gatewayUrl: string;\n redirectUris: string[];\n}\n\nexport interface CreateApplicationOAuthInput {\n type?: \"public\" | \"confidential\";\n redirectUris: string[];\n pkceRequired?: boolean;\n scopes?: string[];\n}\n\nexport interface CreateApplicationInput {\n name: string;\n oauth: CreateApplicationOAuthInput;\n}\n\nexport interface UpdateApplicationInput {\n name?: string;\n}\n\nexport interface UpdateApplicationOAuthInput {\n pkceRequired?: boolean;\n scopes?: string[];\n redirectUris?: string[];\n}\n\nexport interface CreateApplicationResponse {\n application: Application;\n oauth: ApplicationOAuth;\n}\n\nexport interface ApplicationResponse {\n application: Application;\n}\n\nexport interface ApplicationOAuthResponse {\n oauth: ApplicationOAuth;\n}\n\nexport interface ListApplicationsResponse {\n items: Application[];\n nextCursor?: string;\n}\n\nexport interface RotateApplicationSecretResponse {\n oauth: ApplicationOAuth;\n}\n\nexport interface UpdateApplicationIntegrationsInput {\n integrationIds: string[];\n}\n\nexport interface ApplicationIntegrationsResponse {\n integrationIds: string[];\n}\n\n// ============================================================================\n// Integrations\n// ============================================================================\n\nexport type IntegrationAuthMode =\n | \"oauth\"\n | \"user_token\"\n | \"server_token\"\n | \"none\";\n\nexport type IntegrationValidationStatus = \"pending\" | \"valid\" | \"invalid\";\n\nexport interface IntegrationOAuthSummary {\n provider?: string;\n issuer?: string;\n scopes?: string[];\n metadata?: Record<string, unknown>;\n}\n\nexport interface IntegrationCapabilities {\n tools?: boolean;\n resources?: boolean;\n prompts?: boolean;\n}\n\nexport interface Integration {\n id: string;\n name: string;\n url: string;\n authMode: IntegrationAuthMode;\n oauth?: IntegrationOAuthSummary;\n capabilities?: IntegrationCapabilities;\n serverTokenConfigured: boolean;\n validationStatus: IntegrationValidationStatus;\n validationMessage?: string;\n lastValidatedAt?: string;\n userConnection?: ConnectionStatusResponse;\n createdAt: string;\n updatedAt: string;\n archivedAt?: string;\n}\n\nexport interface IntegrationOAuthConfigInput {\n provider?: string;\n issuer?: string;\n scopes?: string[];\n}\n\nexport interface CreateIntegrationInput {\n name: string;\n url: string;\n authMode?: IntegrationAuthMode;\n oauth?: IntegrationOAuthConfigInput;\n capabilities?: IntegrationCapabilities;\n serverToken?: string;\n}\n\nexport interface UpdateIntegrationInput {\n name?: string;\n url?: string;\n authMode?: IntegrationAuthMode;\n oauth?: IntegrationOAuthConfigInput;\n capabilities?: IntegrationCapabilities;\n serverToken?: string;\n}\n\nexport interface CreateIntegrationResponse {\n integration: Integration;\n}\n\nexport interface IntegrationResponse {\n integration: Integration;\n}\n\nexport interface ListIntegrationsResponse {\n items: Integration[];\n nextCursor?: string;\n}\n\nexport interface ValidateIntegrationResponse {\n status: IntegrationValidationStatus;\n message?: string;\n}\n\n// ============================================================================\n// Integration Connections\n// ============================================================================\n\nexport type ConnectionStatus = \"connected\" | \"disconnected\";\n\nexport interface ConnectionStatusResponse {\n connected: boolean;\n status?: ConnectionStatus;\n expiresAt?: string;\n displayName?: string;\n}\n\nexport interface ConnectionResponse {\n connection: ConnectionStatusResponse;\n}\n\nexport interface AddUserTokenInput {\n token: string;\n}\n\n// ============================================================================\n// Service Accounts\n// ============================================================================\n\nexport interface ServiceAccount {\n id: string;\n name: string;\n description: string | null;\n createdAt: string;\n}\n\nexport interface ServiceAccountCredentials {\n clientId: string;\n clientSecret: string;\n}\n\nexport interface CreateServiceAccountInput {\n name: string;\n description?: string;\n}\n\nexport interface CreateServiceAccountResponse {\n serviceAccount: ServiceAccount;\n credentials: ServiceAccountCredentials;\n}\n\nexport interface RotateSecretResponse {\n credentials: ServiceAccountCredentials;\n}\n\nexport interface ListServiceAccountsResponse {\n items: ServiceAccount[];\n nextCursor: string | null;\n}\n\nexport interface ServiceAccountResponse {\n serviceAccount: ServiceAccount;\n}\n\n// ============================================================================\n// Agent Sessions\n// ============================================================================\n\nexport type AgentSessionStatus = \"active\" | \"disconnected\";\nexport type AgentSessionDerivedStatus =\n | \"active\"\n | \"idle\"\n | \"expired\"\n | \"disconnected\";\n\nexport interface AgentSession {\n id: string;\n agentId: string;\n organizationId: string;\n name: string;\n hostname?: string | null;\n userAgent?: string | null;\n clientInfo?: Record<string, unknown> | null;\n status: AgentSessionStatus;\n derivedStatus: AgentSessionDerivedStatus;\n connectedAt?: string;\n lastActiveAt?: string;\n disconnectedAt?: string;\n tokenExpiresAt?: string;\n createdAt: string;\n}\n\nexport interface AgentSessionResponse {\n session: AgentSession;\n}\n\nexport interface ListAgentSessionsResponse {\n items: AgentSession[];\n}\n\nexport interface RevokeAllSessionsResponse {\n success: boolean;\n disconnectedCount: number;\n}\n\n// ============================================================================\n// Traces & Events\n// ============================================================================\n\nexport interface Trace {\n traceId: string | null;\n sessionId: string;\n startedAt: string | null;\n endedAt: string | null;\n eventCount: number;\n okCount?: number;\n warnCount?: number;\n errorCount?: number;\n agentId?: string;\n ownerUserId?: string;\n ownerEmail?: string;\n agentName?: string;\n agentSessionId?: string;\n agentSessionName?: string;\n}\n\nexport interface TraceEvent {\n id: string;\n createdAt: string;\n sessionId: string;\n agentId: string;\n traceId?: string | null;\n apiKeyId?: string | null;\n eventType: string;\n status: string;\n durationMs?: number | null;\n integrationId?: string | null;\n toolName?: string | null;\n errorMessage?: string | null;\n bytesIn?: number | null;\n bytesOut?: number | null;\n requestJson?: unknown;\n responseJson?: unknown;\n parentEventId?: string | null;\n agentSessionId?: string | null;\n /** @deprecated Use createdAt */\n timestamp?: string;\n /** @deprecated Use status */\n level?: \"ok\" | \"warn\" | \"error\";\n /** @deprecated Use eventType */\n type?: string;\n /** @deprecated May be encoded in requestJson/responseJson */\n method?: string;\n /** @deprecated Use toolName */\n tool?: string;\n /** @deprecated Use durationMs */\n duration?: number;\n /** @deprecated Use status/errorMessage fields */\n errorType?: string;\n /** @deprecated May be encoded in requestJson/responseJson */\n metadata?: Record<string, unknown>;\n}\n\nexport interface ListTracesResponse {\n items: Trace[];\n nextCursor?: string;\n}\n\nexport interface TraceResponse {\n trace: Trace;\n events: TraceEvent[];\n}\n\nexport interface McpEvent {\n id: string;\n createdAt: string;\n agentId: string;\n integrationId: string | null;\n toolName: string | null;\n eventType: string;\n status: string;\n}\n\nexport interface McpEventListResponse {\n items: McpEvent[];\n}\n\n/**\n * @deprecated Use McpEventListResponse instead.\n */\nexport type ListEventsResponse = McpEventListResponse;\n\nexport interface TraceStats {\n totalTraces: number;\n totalEvents: number;\n eventCounts: { ok: number; warn: number; error: number };\n errorRate: number;\n latency: { avg: number; p50: number; p95: number; p99: number };\n bytesTransferred: { in: number; out: number };\n errorsByType: Array<{ type: string; count: number; percentage: number }>;\n topTools: Array<{ name: string; count: number; avgDuration: number }>;\n timeline: Array<{\n date: string;\n traceCount: number;\n eventCount: number;\n warnCount: number;\n errorCount: number;\n bytesIn: number;\n bytesOut: number;\n }>;\n}\n\nexport interface TraceStatsResponse {\n stats: TraceStats;\n}\n\n// ============================================================================\n// Pagination\n// ============================================================================\n\nexport interface PaginationParams {\n cursor?: string;\n limit?: number;\n}\n\n// ============================================================================\n// OAuth Tokens (for storage)\n// ============================================================================\n\nexport interface OAuthTokens {\n accessToken: string;\n refreshToken?: string;\n tokenType: string;\n scope?: string;\n expiresAt?: string;\n}\n\n// ============================================================================\n// Token Exchange (RFC 8693)\n// ============================================================================\n\n/**\n * RFC 8693 Token Exchange grant type\n */\nexport const TOKEN_EXCHANGE_GRANT_TYPE =\n \"urn:ietf:params:oauth:grant-type:token-exchange\";\n\n/**\n * RFC 8693 token type identifier for access tokens\n */\nexport const TOKEN_TYPE_ACCESS_TOKEN =\n \"urn:ietf:params:oauth:token-type:access_token\";\n\n/**\n * Request body for RFC 8693 token exchange\n */\nexport interface TokenExchangeRequest {\n grant_type: typeof TOKEN_EXCHANGE_GRANT_TYPE;\n subject_token: string;\n subject_token_type?: string;\n resource: string;\n scope?: string;\n audience?: string;\n}\n\n/**\n * Response from RFC 8693 token exchange\n */\nexport interface TokenExchangeResponse {\n access_token: string;\n issued_token_type: string;\n token_type: string;\n expires_in?: number;\n scope?: string;\n refresh_token?: string;\n}\n\n// ============================================================================\n// Client Configuration\n// ============================================================================\n\nexport interface KontextManagementClientConfig {\n /**\n * Base URL for the Kontext API (e.g., \"https://api.kontext.dev\")\n */\n baseUrl: string;\n\n /**\n * API version to use (default: \"v1\")\n */\n apiVersion?: string;\n\n /**\n * OAuth token endpoint URL (optional)\n * If not specified, defaults to `${baseUrl}/oauth2/token`\n * Useful for local development where Hydra runs on a different port\n */\n tokenUrl?: string;\n\n /**\n * OAuth scopes to request (optional)\n * Defaults to [\"management:all\"]\n */\n scopes?: string[];\n\n /**\n * OAuth audience for token requests (optional)\n * If not specified, defaults to `${baseUrl}/api/${apiVersion}`\n * Required for Hydra token introspection\n */\n audience?: string;\n\n /**\n * Service account credentials for authentication\n */\n credentials: {\n clientId: string;\n clientSecret: string;\n };\n}\n","/**\n * RFC 8693 Token Exchange\n *\n * Generic token exchange function for exchanging identity tokens\n * for resource-scoped tokens.\n *\n * @see https://datatracker.ietf.org/doc/html/rfc8693\n */\n\nimport {\n TOKEN_EXCHANGE_GRANT_TYPE,\n TOKEN_TYPE_ACCESS_TOKEN,\n type TokenExchangeResponse,\n} from \"../management/types.js\";\nimport { OAuthError } from \"../errors.js\";\n\n/**\n * Configuration for token exchange\n */\nexport interface TokenExchangeConfig {\n /**\n * Token endpoint URL (e.g., https://api.kontext.dev/oauth2/token)\n */\n tokenUrl: string;\n\n /**\n * OAuth client ID\n */\n clientId: string;\n\n /**\n * OAuth client secret (for confidential clients)\n */\n clientSecret?: string;\n}\n\n/**\n * Exchange a subject token for a resource-scoped token (RFC 8693).\n *\n * This function implements the OAuth 2.0 Token Exchange grant type,\n * allowing an identity token to be exchanged for an access token\n * scoped to a specific resource.\n *\n * @param config - Token exchange configuration\n * @param subjectToken - The subject token to exchange (typically an access token)\n * @param resource - The target resource identifier (e.g., \"mcp-gateway\", \"my-mcp-server\")\n * @param scope - Optional scope restriction (must be subset of subject token scopes)\n * @param subjectTokenType - Optional subject token type (defaults to access token)\n * @returns Resource-scoped token response\n * @throws {OAuthError} If the token exchange fails\n *\n * @example\n * ```typescript\n * const response = await exchangeToken(\n * {\n * tokenUrl: 'https://api.kontext.dev/oauth2/token',\n * clientId: 'my-client-id',\n * },\n * identityToken,\n * 'mcp-gateway'\n * );\n * console.log(response.access_token);\n * ```\n */\nexport async function exchangeToken(\n config: TokenExchangeConfig,\n subjectToken: string,\n resource: string,\n scope?: string,\n subjectTokenType: string = TOKEN_TYPE_ACCESS_TOKEN,\n): Promise<TokenExchangeResponse> {\n // Build the request body as form-urlencoded\n const body = new URLSearchParams();\n body.set(\"grant_type\", TOKEN_EXCHANGE_GRANT_TYPE);\n body.set(\"subject_token\", subjectToken);\n body.set(\"subject_token_type\", subjectTokenType);\n body.set(\"resource\", resource);\n\n if (scope) {\n body.set(\"scope\", scope);\n }\n\n // For public clients, include client_id in the body\n // For confidential clients, use Basic auth\n const headers: Record<string, string> = {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n };\n\n if (config.clientSecret) {\n // Confidential client: use Basic authentication\n const credentials = Buffer.from(\n `${config.clientId}:${config.clientSecret}`,\n ).toString(\"base64\");\n headers[\"Authorization\"] = `Basic ${credentials}`;\n } else {\n // Public client: include client_id in body\n body.set(\"client_id\", config.clientId);\n }\n\n const response = await fetch(config.tokenUrl, {\n method: \"POST\",\n headers,\n body: body.toString(),\n });\n\n if (!response.ok) {\n let errorMessage = `Token exchange failed: ${response.status} ${response.statusText}`;\n let errorCode: string | undefined;\n let integrationName: string | undefined;\n let integrationId: string | undefined;\n\n try {\n const errorBody = await response.json();\n errorCode = errorBody.error;\n if (errorBody.error_description) {\n errorMessage = errorBody.error_description;\n } else if (errorBody.error) {\n errorMessage = `Token exchange failed: ${errorBody.error}`;\n }\n // Extract integration-specific fields when present (e.g., integration_required,\n // or any error that includes integration metadata for reconnection flows)\n if (errorBody.integration_name || errorBody.integration_id) {\n integrationName = errorBody.integration_name;\n integrationId = errorBody.integration_id;\n }\n } catch {\n // Ignore JSON parse errors, use default message\n }\n\n throw new OAuthError(errorMessage, \"kontext_oauth_token_exchange_failed\", {\n errorCode,\n meta: {\n integrationName,\n integrationId,\n },\n });\n }\n\n const tokenResponse = (await response.json()) as TokenExchangeResponse;\n\n // Validate required fields\n if (!tokenResponse.access_token) {\n throw new OAuthError(\n \"Token exchange response missing access_token.\",\n \"kontext_oauth_token_exchange_failed\",\n );\n }\n\n if (!tokenResponse.issued_token_type) {\n throw new OAuthError(\n \"Token exchange response missing issued_token_type.\",\n \"kontext_oauth_token_exchange_failed\",\n );\n }\n\n if (!tokenResponse.token_type) {\n throw new OAuthError(\n \"Token exchange response missing token_type.\",\n \"kontext_oauth_token_exchange_failed\",\n );\n }\n\n return tokenResponse;\n}\n","/**\n * Token verification error codes.\n * These provide structured error information for debugging and error handling.\n */\nexport type TokenVerificationErrorCode =\n | \"INVALID_TOKEN_FORMAT\"\n | \"INVALID_SIGNATURE\"\n | \"TOKEN_EXPIRED\"\n | \"TOKEN_NOT_YET_VALID\"\n | \"INVALID_ISSUER\"\n | \"INVALID_AUDIENCE\"\n | \"MISSING_SCOPE\"\n | \"MISSING_CLAIMS\"\n | \"JWKS_FETCH_FAILED\"\n | \"UNKNOWN_KID\"\n | \"UNSUPPORTED_ALGORITHM\";\n\n/**\n * Error thrown when token verification fails.\n * Contains a structured error code for programmatic handling.\n */\nexport class TokenVerificationError extends Error {\n readonly code: TokenVerificationErrorCode;\n\n constructor(code: TokenVerificationErrorCode, message: string) {\n super(message);\n this.name = \"TokenVerificationError\";\n this.code = code;\n Object.setPrototypeOf(this, TokenVerificationError.prototype);\n }\n}\n","import { createRemoteJWKSet, type JWTVerifyGetKey } from \"jose\";\nimport { TokenVerificationError } from \"./errors.js\";\n\n/**\n * Options for the JWKS client.\n */\nexport interface JwksClientOptions {\n /** JWKS endpoint URL */\n jwksUrl: string;\n\n /** Cache TTL in milliseconds (default: 5 minutes) */\n cacheTtlMs?: number;\n\n /** Minimum time between refetches in milliseconds (default: 30 seconds) */\n refetchCooldownMs?: number;\n\n /** Custom fetch function for testing */\n fetch?: typeof globalThis.fetch;\n}\n\nconst DEFAULT_CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes\nconst DEFAULT_REFETCH_COOLDOWN_MS = 30 * 1000; // 30 seconds\n\n/**\n * JWKS client with caching and rate-limited refetching.\n *\n * Uses jose's createRemoteJWKSet for JWKS fetching and caching,\n * but adds rate limiting to prevent DoS via rapid refetch requests.\n */\nexport class JwksClient {\n private readonly jwksUrl: URL;\n private readonly cacheTtlMs: number;\n private readonly refetchCooldownMs: number;\n private readonly customFetch?: typeof globalThis.fetch;\n\n private jwks: JWTVerifyGetKey | null = null;\n private lastFetchAt = 0;\n private lastRefreshAt = 0;\n\n constructor(options: JwksClientOptions) {\n this.jwksUrl = new URL(options.jwksUrl);\n this.cacheTtlMs = options.cacheTtlMs ?? DEFAULT_CACHE_TTL_MS;\n this.refetchCooldownMs =\n options.refetchCooldownMs ?? DEFAULT_REFETCH_COOLDOWN_MS;\n this.customFetch = options.fetch;\n }\n\n /**\n * Get the JWKS key resolver for use with jose's jwtVerify.\n *\n * Creates the remote JWKS on first call and caches it.\n * The jose library handles internal caching and key lookup.\n */\n getKeyResolver(): JWTVerifyGetKey {\n const now = Date.now();\n\n // Check if we need to refresh (cache expired)\n if (this.jwks && now - this.lastFetchAt > this.cacheTtlMs) {\n this.jwks = null;\n }\n\n if (!this.jwks) {\n this.jwks = createRemoteJWKSet(this.jwksUrl, {\n // jose handles caching internally, we just track our own refresh timing\n ...(this.customFetch && {\n [Symbol.for(\"fetch\")]: this.customFetch,\n }),\n });\n this.lastFetchAt = now;\n }\n\n return this.jwks;\n }\n\n /**\n * Force refresh the JWKS cache.\n *\n * Respects the refetch cooldown to prevent rapid refetching.\n * Returns true if refresh was performed, false if cooldown not elapsed.\n */\n refresh(): boolean {\n const now = Date.now();\n\n if (!this.canRefresh()) {\n return false;\n }\n\n this.jwks = null;\n this.lastRefreshAt = now;\n return true;\n }\n\n /**\n * Check if a refresh is allowed (cooldown elapsed).\n */\n canRefresh(): boolean {\n return Date.now() - this.lastRefreshAt >= this.refetchCooldownMs;\n }\n\n /**\n * Handle unknown kid errors by attempting refresh.\n *\n * @returns TokenVerificationError if refresh not allowed or already attempted\n */\n handleUnknownKid(kid: string): TokenVerificationError | null {\n if (this.refresh()) {\n // Refresh performed, caller should retry verification\n return null;\n }\n\n // Cooldown not elapsed, return error\n return new TokenVerificationError(\n \"UNKNOWN_KID\",\n `Unknown key ID: ${kid}. JWKS refresh on cooldown.`,\n );\n }\n\n /**\n * Clear the cache, forcing a fresh fetch on next access.\n */\n clearCache(): void {\n this.jwks = null;\n this.lastFetchAt = 0;\n // Don't reset lastRefreshAt to maintain cooldown protection\n }\n}\n","import { jwtVerify, decodeProtectedHeader, errors as joseErrors } from \"jose\";\nimport { JwksClient } from \"./jwks-client.js\";\nimport { TokenVerificationError } from \"./errors.js\";\nimport type {\n KontextTokenVerifierConfig,\n VerifiedTokenClaims,\n VerifyResult,\n JwtPayload,\n} from \"./types.js\";\n\nconst DEFAULT_CLOCK_TOLERANCE_SEC = 30;\nconst SUPPORTED_ALGORITHMS = [\"ES256\", \"RS256\"];\n\n/**\n * Token verifier for Kontext-issued JWTs using JWKS discovery.\n *\n * Uses the jose library for robust JWT verification with support for:\n * - ES256 and RS256 algorithms\n * - JWKS-based key discovery with caching\n * - Key rotation support with rate-limited refetching\n * - Configurable clock tolerance\n * - Typed error responses\n *\n * @example\n * ```typescript\n * import { KontextTokenVerifier } from '@kontext-dev/js-sdk';\n *\n * const verifier = new KontextTokenVerifier({\n * jwksUrl: 'https://api.kontext.dev/.well-known/jwks.json',\n * issuer: 'kontext-token-exchange',\n * audience: 'mcp-gateway',\n * requiredScopes: ['mcp:invoke'],\n * });\n *\n * const result = await verifier.verify(bearerToken);\n * if (result.success) {\n * console.log(`Verified token for client: ${result.claims.clientId}`);\n * } else {\n * console.error(`Verification failed: ${result.error.code}`);\n * }\n * ```\n */\ninterface ResolvedConfig {\n jwksUrl: string;\n issuer: string | string[];\n audience: string | string[];\n requiredScopes: string[];\n cacheTtlMs: number;\n refetchCooldownMs: number;\n clockToleranceSec: number;\n fetch?: typeof globalThis.fetch;\n}\n\nexport class KontextTokenVerifier {\n private readonly config: ResolvedConfig;\n private readonly jwksClient: JwksClient;\n private readonly audiences: string[];\n\n constructor(config: KontextTokenVerifierConfig) {\n this.config = {\n jwksUrl: config.jwksUrl,\n issuer: config.issuer,\n audience: config.audience,\n requiredScopes: config.requiredScopes ?? [],\n cacheTtlMs: config.cacheTtlMs ?? 5 * 60 * 1000,\n refetchCooldownMs: config.refetchCooldownMs ?? 30 * 1000,\n clockToleranceSec:\n config.clockToleranceSec ?? DEFAULT_CLOCK_TOLERANCE_SEC,\n fetch: config.fetch,\n };\n\n this.audiences = Array.isArray(config.audience)\n ? config.audience\n : [config.audience];\n\n this.jwksClient = new JwksClient({\n jwksUrl: config.jwksUrl,\n cacheTtlMs: this.config.cacheTtlMs,\n refetchCooldownMs: this.config.refetchCooldownMs,\n fetch: config.fetch,\n });\n }\n\n /**\n * Verify a JWT token.\n *\n * @param token - The JWT token string (without \"Bearer \" prefix)\n * @returns VerifyResult with success=true and claims, or success=false and error\n */\n async verify(token: string): Promise<VerifyResult> {\n try {\n return await this.verifyInternal(token, false);\n } catch (error) {\n if (error instanceof TokenVerificationError) {\n return { success: false, error };\n }\n\n // Unexpected error\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_TOKEN_FORMAT\",\n `Unexpected verification error: ${(error as Error).message}`,\n ),\n };\n }\n }\n\n /**\n * Verify a JWT token and return claims or null.\n * Simpler API for cases where you don't need error details.\n *\n * @param token - The JWT token string (without \"Bearer \" prefix)\n * @returns VerifiedTokenClaims if valid, null if invalid\n */\n async verifyOrNull(token: string): Promise<VerifiedTokenClaims | null> {\n const result = await this.verify(token);\n return result.success ? result.claims : null;\n }\n\n /**\n * Clear the JWKS cache, forcing a fresh fetch on next verification.\n */\n clearCache(): void {\n this.jwksClient.clearCache();\n }\n\n private async verifyInternal(\n token: string,\n isRetry: boolean,\n ): Promise<VerifyResult> {\n const JWKS = this.jwksClient.getKeyResolver();\n\n try {\n // Use jose's jwtVerify for robust verification\n const { payload, protectedHeader } = await jwtVerify(token, JWKS, {\n issuer: this.config.issuer,\n audience: this.audiences,\n clockTolerance: this.config.clockToleranceSec,\n algorithms: SUPPORTED_ALGORITHMS,\n });\n\n // Check algorithm is supported\n const alg = protectedHeader.alg;\n if (!SUPPORTED_ALGORITHMS.includes(alg)) {\n throw new TokenVerificationError(\n \"UNSUPPORTED_ALGORITHM\",\n `Unsupported algorithm: ${alg}. Expected one of: ${SUPPORTED_ALGORITHMS.join(\", \")}`,\n );\n }\n\n // Validate required claims\n const jwtPayload = payload as JwtPayload;\n if (\n typeof jwtPayload.exp !== \"number\" ||\n !Number.isFinite(jwtPayload.exp) ||\n jwtPayload.exp <= 0\n ) {\n throw new TokenVerificationError(\n \"MISSING_CLAIMS\",\n \"Token missing required exp claim\",\n );\n }\n\n // Extract and validate scopes\n const scopes = this.parseScopes(jwtPayload.scope);\n for (const required of this.config.requiredScopes) {\n if (!scopes.includes(required)) {\n throw new TokenVerificationError(\n \"MISSING_SCOPE\",\n `Missing required scope: ${required}`,\n );\n }\n }\n\n // Extract client ID\n const clientId = jwtPayload.client_id || jwtPayload.sub;\n if (!clientId) {\n throw new TokenVerificationError(\n \"MISSING_CLAIMS\",\n \"Token missing client_id and sub claims\",\n );\n }\n\n // Build verified claims\n const claims: VerifiedTokenClaims = {\n sub: jwtPayload.sub || \"\",\n clientId,\n scopes,\n expiresAt: new Date(jwtPayload.exp * 1000),\n jti: jwtPayload.jti,\n payload: jwtPayload,\n };\n\n return { success: true, claims };\n } catch (error) {\n // Handle jose-specific errors\n if (error instanceof joseErrors.JWKSNoMatchingKey) {\n // Unknown kid - try refreshing JWKS once\n if (!isRetry) {\n const kid = this.extractKid(token);\n const refreshError = this.jwksClient.handleUnknownKid(\n kid || \"unknown\",\n );\n if (!refreshError) {\n // Refresh performed, retry verification\n return this.verifyInternal(token, true);\n }\n return { success: false, error: refreshError };\n }\n\n return {\n success: false,\n error: new TokenVerificationError(\n \"UNKNOWN_KID\",\n \"No matching key found in JWKS\",\n ),\n };\n }\n\n if (error instanceof joseErrors.JWTExpired) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"TOKEN_EXPIRED\",\n \"Token has expired\",\n ),\n };\n }\n\n if (error instanceof joseErrors.JWTClaimValidationFailed) {\n const message = error.message;\n if (message.includes(\"iss\")) {\n const expected = Array.isArray(this.config.issuer)\n ? this.config.issuer.join(\" or \")\n : this.config.issuer;\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_ISSUER\",\n `Invalid issuer: expected ${expected}`,\n ),\n };\n }\n if (message.includes(\"aud\")) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_AUDIENCE\",\n `Invalid audience: expected one of ${this.audiences.join(\", \")}`,\n ),\n };\n }\n if (message.includes(\"nbf\")) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"TOKEN_NOT_YET_VALID\",\n \"Token is not yet valid (nbf claim)\",\n ),\n };\n }\n }\n\n if (error instanceof joseErrors.JWSSignatureVerificationFailed) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_SIGNATURE\",\n \"Signature verification failed\",\n ),\n };\n }\n\n if (error instanceof joseErrors.JWSInvalid) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_TOKEN_FORMAT\",\n `Invalid JWS: ${error.message}`,\n ),\n };\n }\n\n // Re-throw TokenVerificationError\n if (error instanceof TokenVerificationError) {\n throw error;\n }\n\n // Unknown error\n throw new TokenVerificationError(\n \"INVALID_TOKEN_FORMAT\",\n `Verification failed: ${(error as Error).message}`,\n );\n }\n }\n\n private parseScopes(scope: string | undefined): string[] {\n if (!scope) return [];\n return scope\n .split(\" \")\n .map((s) => s.trim())\n .filter(Boolean);\n }\n\n private extractKid(token: string): string | null {\n try {\n const header = decodeProtectedHeader(token);\n return header.kid ?? null;\n } catch {\n return null;\n }\n }\n}\n","/**\n * Session and transport management for the Kontext server SDK.\n *\n * Tracks StreamableHTTPServerTransport instances by session ID,\n * handles cleanup of stale sessions, and provides the session lifecycle\n * hooks used by `kontext.middleware()`.\n */\n\nimport { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\n\nexport interface SessionCallbacks {\n onSessionClosed?: (sessionId: string) => void;\n}\n\nexport class SessionManager {\n private readonly transports = new Map<\n string,\n StreamableHTTPServerTransport\n >();\n private readonly lastAccessed = new Map<string, number>();\n private readonly expiresAt = new Map<string, number>();\n private readonly cleanupInterval: ReturnType<typeof setInterval>;\n\n private static readonly STALE_TIMEOUT_MS = 60 * 60 * 1000; // 1 hour\n private static readonly CLEANUP_INTERVAL_MS = 5 * 60 * 1000; // 5 minutes\n\n constructor() {\n this.cleanupInterval = setInterval(\n () => this.cleanupStaleSessions(),\n SessionManager.CLEANUP_INTERVAL_MS,\n );\n // Allow the timer to not block process exit\n if (this.cleanupInterval.unref) {\n this.cleanupInterval.unref();\n }\n }\n\n getTransport(sessionId: string): StreamableHTTPServerTransport | undefined {\n return this.transports.get(sessionId);\n }\n\n registerSession(\n sessionId: string,\n transport: StreamableHTTPServerTransport,\n callbacks?: SessionCallbacks,\n expiresAt?: number,\n ): void {\n this.transports.set(sessionId, transport);\n this.lastAccessed.set(sessionId, Date.now());\n if (expiresAt !== undefined) {\n this.expiresAt.set(sessionId, expiresAt);\n }\n\n transport.onclose = () => {\n this.removeSession(sessionId);\n callbacks?.onSessionClosed?.(sessionId);\n };\n }\n\n touchSession(sessionId: string): void {\n if (this.transports.has(sessionId)) {\n this.lastAccessed.set(sessionId, Date.now());\n }\n }\n\n removeSession(sessionId: string): void {\n this.transports.delete(sessionId);\n this.lastAccessed.delete(sessionId);\n this.expiresAt.delete(sessionId);\n }\n\n /**\n * Check if a session's token has expired.\n * Returns true if the token's `expiresAt` has passed.\n */\n isSessionExpired(sessionId: string): boolean {\n const exp = this.expiresAt.get(sessionId);\n return exp !== undefined && Date.now() / 1000 >= exp;\n }\n\n private cleanupStaleSessions(): void {\n const now = Date.now();\n for (const [sid, lastTime] of this.lastAccessed.entries()) {\n if (now - lastTime > SessionManager.STALE_TIMEOUT_MS) {\n const transport = this.transports.get(sid);\n if (transport) {\n void transport.close?.();\n }\n this.removeSession(sid);\n }\n }\n }\n\n destroy(): void {\n clearInterval(this.cleanupInterval);\n for (const [sid, transport] of this.transports.entries()) {\n void transport.close?.();\n this.removeSession(sid);\n }\n }\n}\n","/**\n * Kontext — the v3 server SDK entry point.\n *\n * Two methods:\n * kontext.middleware(server) — Express middleware (auth + metadata + transport + sessions)\n * kontext.require(integration, token) — RFC 8693 token exchange with caching\n * kontext.requireCredentials(integration, token) — Resolve per-user internal credentials\n *\n * @example Factory pattern (recommended for production — supports concurrent sessions)\n * ```typescript\n * import { Kontext } from \"@kontext-dev/js-sdk/server\";\n * import { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\n * import express from \"express\";\n *\n * const kontext = new Kontext({ clientId: \"mcp_my-server\" });\n *\n * function createServer() {\n * const server = new McpServer({ name: \"my-server\", version: \"1.0.0\" });\n * server.tool(\"list_repos\", {}, async (args, { authInfo }) => {\n * const github = await kontext.require(\"github\", authInfo!.token);\n * const res = await fetch(\"https://api.github.com/user/repos\", {\n * headers: { Authorization: github.authorization },\n * });\n * return { content: [{ type: \"text\", text: JSON.stringify(await res.json()) }] };\n * });\n * return server;\n * }\n *\n * const app = express();\n * app.use(kontext.middleware(createServer)); // /mcp endpoint + /.well-known/* metadata\n * app.listen(3000);\n * ```\n */\n\nimport { createHash } from \"node:crypto\";\nimport { createRequire } from \"node:module\";\nimport type { Router, Request, Response, NextFunction } from \"express\";\nimport type { McpServerOrFactory } from \"./types.js\";\nimport { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\nimport { isInitializeRequest } from \"@modelcontextprotocol/sdk/types.js\";\nimport {\n mcpAuthMetadataRouter,\n getOAuthProtectedResourceMetadataUrl,\n} from \"@modelcontextprotocol/sdk/server/auth/router.js\";\nimport { requireBearerAuth } from \"@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js\";\nimport type { OAuthMetadata } from \"@modelcontextprotocol/sdk/shared/auth.js\";\nimport type { OAuthTokenVerifier } from \"@modelcontextprotocol/sdk/server/auth/provider.js\";\nimport type { AuthInfo } from \"@modelcontextprotocol/sdk/server/auth/types.js\";\nimport { InvalidTokenError } from \"@modelcontextprotocol/sdk/server/auth/errors.js\";\n\nimport {\n exchangeToken,\n type TokenExchangeConfig,\n} from \"../oauth/token-exchange.js\";\nimport { OAuthError, IntegrationConnectionRequiredError } from \"../errors.js\";\nimport { KontextTokenVerifier } from \"../verify/verifier.js\";\nimport { SessionManager, type SessionCallbacks } from \"./sessions.js\";\nimport type {\n KontextOptions,\n MiddlewareOptions,\n IntegrationCredential,\n IntegrationResolvedCredentials,\n IntegrationName,\n} from \"./types.js\";\n\nconst DEFAULT_API_URL = \"https://api.kontext.dev\";\nconst METADATA_CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour\nconst CREDENTIAL_CACHE_MAX_ENTRIES = 500;\nconst RUNTIME_AUTH_CACHE_MAX_ENTRIES = 8;\nconst RESOLVED_CREDENTIAL_CACHE_TTL_MS = 30 * 1000;\n\nconst SDK_VERSION = (() => {\n try {\n const esmRequire = createRequire(import.meta.url);\n const pkg = esmRequire(\"../../package.json\") as { version?: string };\n return pkg.version ?? \"unknown\";\n } catch {\n return \"unknown\";\n }\n})();\n\ninterface CachedCredential {\n credential: IntegrationCredential;\n expiresAt: number;\n}\n\ninterface CachedResolvedCredential {\n credential: IntegrationResolvedCredentials;\n expiresAt: number;\n}\n\ninterface RuntimeAuthContext {\n metadataRouter: Router;\n bearerAuth: ReturnType<typeof requireBearerAuth>;\n}\n\n/**\n * The v3 Kontext server SDK.\n *\n * Provides two methods:\n * - `middleware(server)` — Express Router with auth metadata, bearer validation, and MCP transport.\n * Accepts an `McpServer` instance (single-session) or a factory `() => McpServer` (concurrent sessions).\n * - `require(integration, token)` — RFC 8693 token exchange with in-memory caching\n * - `requireCredentials(integration, token)` — Resolve per-user credential maps for internal integrations\n */\nexport class Kontext {\n private static readonly shutdownInstances = new Set<Kontext>();\n private static shutdownHandlersRegistered = false;\n\n private readonly clientId: string;\n private readonly clientSecret: string | undefined;\n private readonly apiUrl: string;\n private readonly tokenIssuers: string[];\n\n // AS metadata: fetched lazily, cached with TTL\n private oauthMetadata: OAuthMetadata | null = null;\n private metadataFetchedAt = 0;\n private metadataPromise: Promise<OAuthMetadata> | null = null;\n\n // Token exchange caching: keyed by `${integration}\\0${subjectToken}`\n private readonly credentialCache = new Map<string, CachedCredential>();\n private readonly resolvedCredentialCache = new Map<\n string,\n CachedResolvedCredential\n >();\n private readonly runtimeAuthCache = new Map<string, RuntimeAuthContext>();\n private readonly runtimeVerifierIds = new WeakMap<\n OAuthTokenVerifier,\n number\n >();\n private runtimeVerifierIdCounter = 0;\n\n // Telemetry: cached service token for event reporting\n private serviceToken: string | null = null;\n private serviceTokenExp = 0;\n private serviceTokenPromise: Promise<string> | null = null;\n\n // Session tracking: MCP sessionId → API agentSessionId\n private readonly agentSessionIds = new Map<string, string>();\n private readonly pendingSessionDisconnects = new Set<string>();\n\n constructor(options: KontextOptions) {\n this.clientId = options.clientId;\n this.clientSecret =\n options.clientSecret ?? process.env.KONTEXT_CLIENT_SECRET;\n this.apiUrl = (options.apiUrl ?? DEFAULT_API_URL).replace(/\\/$/, \"\");\n const rawTokenIssuers = Array.isArray(options.tokenIssuer)\n ? options.tokenIssuer\n : options.tokenIssuer\n ? options.tokenIssuer.split(\",\")\n : process.env.KONTEXT_TOKEN_ISSUER?.split(\",\");\n this.tokenIssuers = Array.from(\n new Set(rawTokenIssuers?.map((issuer) => issuer.trim()).filter(Boolean)),\n );\n\n Kontext.shutdownInstances.add(this);\n Kontext.ensureShutdownHandlers();\n }\n\n /**\n * Cleanup method for runtimes that create/dispose SDK instances dynamically.\n * Ensures this instance can be garbage-collected by removing static references.\n */\n async destroy(): Promise<void> {\n await this.disconnectAllSessions();\n Kontext.shutdownInstances.delete(this);\n this.credentialCache.clear();\n this.resolvedCredentialCache.clear();\n this.oauthMetadata = null;\n this.metadataFetchedAt = 0;\n this.metadataPromise = null;\n this.serviceToken = null;\n this.serviceTokenExp = 0;\n this.serviceTokenPromise = null;\n this.agentSessionIds.clear();\n this.pendingSessionDisconnects.clear();\n }\n\n private static ensureShutdownHandlers(): void {\n if (Kontext.shutdownHandlersRegistered) return;\n\n const onShutdown = () => {\n for (const instance of Kontext.shutdownInstances) {\n void instance.disconnectAllSessions();\n }\n };\n\n process.once(\"SIGINT\", onShutdown);\n process.once(\"SIGTERM\", onShutdown);\n Kontext.shutdownHandlersRegistered = true;\n }\n\n // ===========================================================================\n // middleware()\n // ===========================================================================\n\n /**\n * Express middleware: `.well-known` metadata + bearer auth + MCP transport + sessions.\n *\n * Must be mounted at the app root (not a sub-path) because RFC 9728 requires\n * `/.well-known/oauth-protected-resource` at the root. Use `mcpPath` to set\n * the transport endpoint path.\n *\n * @param server - An `McpServer` instance for single-session use, or a\n * `() => McpServer` factory for concurrent sessions (recommended in production).\n * `McpServer.connect()` is 1:1 per the MCP spec — passing a factory ensures\n * each session gets its own instance.\n *\n * @example Factory pattern (recommended for concurrent sessions)\n * ```typescript\n * app.use(kontext.middleware(() => createServer()));\n * ```\n *\n * @example Single instance (local dev / single session)\n * ```typescript\n * app.use(kontext.middleware(server));\n * ```\n *\n * @example Custom path\n * ```typescript\n * app.use(kontext.middleware(createServer, { mcpPath: \"/api/mcp\" }));\n * ```\n */\n middleware(server: McpServerOrFactory, options?: MiddlewareOptions): Router {\n // Dynamic require for express (works in both ESM and CJS)\n const esmRequire = createRequire(import.meta.url);\n const express = esmRequire(\"express\") as typeof import(\"express\");\n const router = express.Router();\n\n const mcpPath = options?.mcpPath ?? \"/mcp\";\n const sessionManager = new SessionManager();\n const omitAuth = options?.dangerouslyOmitAuth ?? false;\n\n // CORS: MCP clients (Inspector, browser-based) connect directly and need\n // CORS to perform OAuth discovery and token exchange from the browser.\n router.use((_req: Request, res: Response, next: NextFunction) => {\n res.header(\"Access-Control-Allow-Origin\", \"*\");\n res.header(\n \"Access-Control-Allow-Headers\",\n \"Content-Type, Authorization, Mcp-Session-Id, Mcp-Protocol-Version, Accept\",\n );\n res.header(\"Access-Control-Expose-Headers\", \"Mcp-Session-Id\");\n res.header(\"Access-Control-Allow-Methods\", \"GET, POST, DELETE, OPTIONS\");\n if (_req.method === \"OPTIONS\") {\n res.sendStatus(204);\n return;\n }\n next();\n });\n\n if (omitAuth) {\n console.warn(\n \"[kontext] ⚠️ Auth is disabled (dangerouslyOmitAuth). Do NOT use in production.\",\n );\n\n // JSON body parsing + unauthenticated MCP transport — no metadata, no bearer auth\n router.use(mcpPath, express.json({ limit: options?.bodyLimit ?? \"1mb\" }));\n const mcpHandler = this.createMcpHandler(\n server,\n sessionManager,\n null,\n options,\n );\n router.post(mcpPath, mcpHandler.post);\n router.get(mcpPath, mcpHandler.get);\n router.delete(mcpPath, mcpHandler.delete);\n\n return router;\n }\n\n const getRuntimeAuth = async (\n req: Request,\n ): Promise<RuntimeAuthContext> => {\n const metadata = this.applyMetadataTransform(\n await this.getOAuthMetadata(),\n options?.metadataTransform,\n );\n const rsUrl = this.resolveResourceServerUrl(req, mcpPath, options);\n return this.getOrCreateRuntimeAuthContext(\n metadata,\n rsUrl,\n options?.verifier,\n );\n };\n\n // Intentionally use a catch-all middleware here. Metadata responses depend\n // on request-derived runtime auth context (host/protocol/mount path), so we\n // guard by path and build that context lazily per request.\n router.use(async (req: Request, res: Response, next: NextFunction) => {\n const path = req.path || req.url || \"\";\n const isMetadataRequest =\n path.startsWith(\"/.well-known/oauth-authorization-server\") ||\n path.startsWith(\"/.well-known/oauth-protected-resource\");\n\n if (!isMetadataRequest) {\n next();\n return;\n }\n\n try {\n const runtimeAuth = await getRuntimeAuth(req);\n runtimeAuth.metadataRouter(req, res, next);\n } catch (error) {\n this.respondMetadataInitError(res, error);\n }\n });\n\n // JSON body parsing for MCP POST requests\n router.use(mcpPath, express.json({ limit: options?.bodyLimit ?? \"1mb\" }));\n\n const mcpHandler = this.createMcpHandler(\n server,\n sessionManager,\n getRuntimeAuth,\n options,\n );\n router.post(mcpPath, mcpHandler.post);\n router.get(mcpPath, mcpHandler.get);\n router.delete(mcpPath, mcpHandler.delete);\n\n return router;\n }\n\n // ===========================================================================\n // require()\n // ===========================================================================\n\n /**\n * Exchange a user's access token for an integration credential.\n *\n * @param integration - Integration name (e.g., \"github\")\n * @param token - The user's Bearer token (from `authInfo.token`)\n * @returns Integration credential with `accessToken` and `authorization` header\n *\n * @throws {IntegrationConnectionRequiredError} User hasn't connected this integration\n * @throws {OAuthError} Token exchange failed\n */\n async require(\n integration: IntegrationName,\n token: string,\n ): Promise<IntegrationCredential> {\n const now = Date.now();\n this.evictExpiredCredentials(now);\n\n // Check cache first\n const cacheKey = `${integration}\\0${token}`;\n const cached = this.credentialCache.get(cacheKey);\n if (cached && now < cached.expiresAt) {\n // LRU touch\n this.credentialCache.delete(cacheKey);\n this.credentialCache.set(cacheKey, cached);\n return cached.credential;\n }\n if (cached) {\n this.credentialCache.delete(cacheKey);\n }\n\n // Perform token exchange\n const exchangeConfig: TokenExchangeConfig = {\n tokenUrl: `${this.apiUrl}/oauth2/token`,\n clientId: this.clientId,\n clientSecret: this.clientSecret,\n };\n\n let response;\n try {\n response = await exchangeToken(exchangeConfig, token, integration);\n } catch (err) {\n // Map \"integration not connected\" errors.\n // Per the spec, when the token exchange returns integration_required\n // the SDK fetches a connect URL via a second API call.\n if (err instanceof OAuthError) {\n if (\n err.errorCode === \"integration_required\" ||\n err.message.includes(\"not connected\") ||\n (err.message.includes(\"expired\") && err.message.includes(\"reconnect\"))\n ) {\n const integrationId =\n (err.meta.integrationId as string) || integration;\n const connectUrl = await this.fetchConnectUrl(\n token,\n integrationId,\n exchangeConfig,\n );\n throw new IntegrationConnectionRequiredError(integrationId, {\n integrationName: err.meta.integrationName as string | undefined,\n connectUrl,\n message: err.message,\n });\n }\n }\n throw err;\n }\n\n const credential: IntegrationCredential = {\n accessToken: response.access_token,\n tokenType: response.token_type,\n authorization: `${response.token_type} ${response.access_token}`,\n expiresIn: response.expires_in,\n scope: response.scope,\n integration,\n };\n\n // Cache with TTL = min(expiresIn - 60s, 5 minutes)\n if (response.expires_in) {\n const ttlMs = Math.min(response.expires_in - 60, 5 * 60) * 1000;\n if (ttlMs > 0) {\n this.trimCacheToFit(this.credentialCache, CREDENTIAL_CACHE_MAX_ENTRIES);\n this.credentialCache.set(cacheKey, {\n credential,\n expiresAt: now + ttlMs,\n });\n }\n }\n\n return credential;\n }\n\n /**\n * Resolve per-user credential key/value pairs for an internal MCP integration.\n *\n * @param integration - Integration UUID or name\n * @param token - The user's Bearer token (from `authInfo.token`)\n * @returns Decrypted credential map for the current user and integration\n *\n * @throws {IntegrationConnectionRequiredError} User has not provided required credentials\n * @throws {OAuthError} Runtime credential resolution failed\n */\n async requireCredentials(\n integration: IntegrationName,\n token: string,\n ): Promise<IntegrationResolvedCredentials> {\n const now = Date.now();\n this.evictExpiredResolvedCredentials(now);\n\n const cacheKey = `${integration}\\0${token}\\0internal_credentials`;\n const cached = this.resolvedCredentialCache.get(cacheKey);\n if (cached && now < cached.expiresAt) {\n this.resolvedCredentialCache.delete(cacheKey);\n this.resolvedCredentialCache.set(cacheKey, cached);\n return cached.credential;\n }\n if (cached) {\n this.resolvedCredentialCache.delete(cacheKey);\n }\n\n const exchangeConfig: TokenExchangeConfig = {\n tokenUrl: `${this.apiUrl}/oauth2/token`,\n clientId: this.clientId,\n clientSecret: this.clientSecret,\n };\n\n let gatewayAccessToken = token;\n if (!this.isGatewayScopedToken(token)) {\n try {\n const exchanged = await exchangeToken(\n exchangeConfig,\n token,\n \"mcp-gateway\",\n );\n gatewayAccessToken = exchanged.access_token;\n } catch (err) {\n throw new OAuthError(\n \"Failed to exchange subject token for runtime\",\n \"kontext_credentials_exchange_failed\",\n {\n errorCode: \"credentials_exchange_failed\",\n errorDescription:\n err instanceof Error\n ? err.message\n : String(err ?? \"unknown error\"),\n },\n );\n }\n }\n\n const integrationId = await this.resolveRuntimeIntegrationId(\n integration,\n gatewayAccessToken,\n );\n\n const res = await fetch(\n `${this.apiUrl}/mcp/integrations/${integrationId}/credentials/resolve`,\n {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${gatewayAccessToken}`,\n \"Content-Type\": \"application/json\",\n },\n body: \"{}\",\n },\n );\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n const message =\n text && text.trim().length > 0\n ? text\n : `HTTP ${res.status} while resolving credentials`;\n\n if (\n res.status === 400 &&\n message.toLowerCase().includes(\"credentials required\")\n ) {\n throw new IntegrationConnectionRequiredError(integrationId, {\n integrationName: String(integration),\n message,\n });\n }\n\n throw new OAuthError(\n `Failed to resolve credentials for integration ${integrationId}`,\n \"kontext_credentials_resolve_failed\",\n {\n errorCode: \"credentials_resolve_failed\",\n errorDescription: message,\n },\n );\n }\n\n const payload = (await res.json()) as {\n integrationId?: string;\n credentials?: Record<string, unknown>;\n };\n\n if (\n !payload.credentials ||\n typeof payload.credentials !== \"object\" ||\n Array.isArray(payload.credentials)\n ) {\n throw new OAuthError(\n \"Credential resolve returned invalid payload\",\n \"kontext_credentials_invalid_payload\",\n );\n }\n\n const credentials: Record<string, string> = {};\n for (const [key, value] of Object.entries(payload.credentials)) {\n if (typeof value === \"string\") {\n credentials[key] = value;\n }\n }\n\n if (Object.keys(credentials).length === 0) {\n throw new IntegrationConnectionRequiredError(integrationId, {\n integrationName: String(integration),\n message: \"No credentials configured for this integration\",\n });\n }\n\n const resolved: IntegrationResolvedCredentials = {\n integration,\n integrationId: payload.integrationId ?? integrationId,\n credentials,\n };\n\n this.trimCacheToFit(\n this.resolvedCredentialCache,\n CREDENTIAL_CACHE_MAX_ENTRIES,\n );\n this.resolvedCredentialCache.set(cacheKey, {\n credential: resolved,\n expiresAt: now + RESOLVED_CREDENTIAL_CACHE_TTL_MS,\n });\n\n return resolved;\n }\n\n private getGatewayAudiences(): Set<string> {\n return new Set([`${new URL(this.apiUrl).origin}/mcp`, \"mcp-gateway\"]);\n }\n\n private isGatewayScopedToken(token: string): boolean {\n const audiences = this.extractTokenAudiences(token);\n if (audiences.length === 0) {\n return false;\n }\n const gatewayAudiences = this.getGatewayAudiences();\n return audiences.some((audience) => gatewayAudiences.has(audience));\n }\n\n private extractTokenAudiences(token: string): string[] {\n const [, payloadPart] = token.split(\".\");\n if (!payloadPart) return [];\n try {\n const payload = JSON.parse(\n Buffer.from(payloadPart, \"base64url\").toString(\"utf8\"),\n ) as { aud?: unknown };\n if (typeof payload.aud === \"string\") {\n return [payload.aud];\n }\n if (Array.isArray(payload.aud)) {\n return payload.aud.filter(\n (value): value is string => typeof value === \"string\",\n );\n }\n } catch {\n // Non-JWT or malformed payload — treat as unknown audience.\n }\n return [];\n }\n\n // ===========================================================================\n // Private: fetch connect URL (spec §2 — two-step init)\n // ===========================================================================\n\n private async resolveRuntimeIntegrationId(\n integration: IntegrationName,\n runtimeToken: string,\n ): Promise<string> {\n const raw = String(integration);\n if (this.isUuid(raw)) {\n return raw;\n }\n\n const res = await fetch(`${this.apiUrl}/mcp/integrations`, {\n headers: {\n Authorization: `Bearer ${runtimeToken}`,\n },\n });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new OAuthError(\n \"Failed to resolve integration identifier\",\n \"kontext_integration_lookup_failed\",\n {\n errorCode: \"integration_lookup_failed\",\n errorDescription: text || `HTTP ${res.status}`,\n },\n );\n }\n\n const payload = (await res.json()) as {\n items?: Array<{ id?: string; name?: string }>;\n };\n const items = Array.isArray(payload.items) ? payload.items : [];\n const match = items.find((item) => item.id === raw || item.name === raw);\n const integrationId = match?.id;\n if (!integrationId) {\n throw new IntegrationConnectionRequiredError(raw, {\n integrationName: raw,\n message: `Integration ${raw} is not attached to this application`,\n });\n }\n\n return integrationId;\n }\n\n private isUuid(value: string): boolean {\n return /^[0-9a-f]{8}-[0-9a-f]{4}-[1-8][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(\n value,\n );\n }\n\n /**\n * Fetch a browser-openable connect URL for a missing integration.\n *\n * Per the integration-interrupt-flow spec, the SDK:\n * 1. Exchanges the user's token for a resource-scoped mcp-gateway JWT\n * 2. Calls POST /mcp/integrations/:id/oauth/init with that JWT\n * 3. Returns the `connectUrl` (intermediate endpoint with one-time token)\n *\n * The connect URL points to our own server (ticket pattern), which\n * validates the ticket, sets a browser session cookie, then redirects\n * to the actual OAuth provider.\n */\n private async fetchConnectUrl(\n subjectToken: string,\n integrationId: string,\n exchangeConfig: TokenExchangeConfig,\n ): Promise<string | undefined> {\n try {\n // Step 1: Exchange for mcp-gateway to get a resource-scoped JWT\n const gatewayToken = await exchangeToken(\n exchangeConfig,\n subjectToken,\n \"mcp-gateway\",\n );\n\n // Step 2: Call the init endpoint with the resource-scoped JWT\n const initUrl = `${this.apiUrl}/mcp/integrations/${integrationId}/oauth/init`;\n const res = await fetch(initUrl, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${gatewayToken.access_token}`,\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({}),\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n console.warn(\n `[kontext] fetchConnectUrl: init endpoint returned ${res.status}: ${text}`,\n );\n return undefined;\n }\n\n const data = (await res.json()) as {\n connectUrl?: string;\n authorizationUrl?: string;\n };\n\n // Prefer connectUrl (intermediate endpoint) over raw authorizationUrl\n return data.connectUrl ?? data.authorizationUrl;\n } catch (err) {\n // If we can't get the connect URL, return undefined — the error\n // still propagates as IntegrationConnectionRequiredError, just\n // without a connect URL.\n console.warn(\n `[kontext] fetchConnectUrl failed:`,\n err instanceof Error ? err.message : String(err),\n );\n return undefined;\n }\n }\n\n // ===========================================================================\n // Private: AS metadata\n // ===========================================================================\n\n private async getOAuthMetadata(): Promise<OAuthMetadata> {\n const now = Date.now();\n if (\n this.oauthMetadata &&\n now - this.metadataFetchedAt < METADATA_CACHE_TTL_MS\n ) {\n return this.oauthMetadata;\n }\n\n if (this.metadataPromise) {\n return this.metadataPromise;\n }\n\n this.metadataPromise = this.fetchOAuthMetadata();\n try {\n const metadata = await this.metadataPromise;\n this.oauthMetadata = metadata;\n this.metadataFetchedAt = Date.now();\n return metadata;\n } finally {\n this.metadataPromise = null;\n }\n }\n\n private applyMetadataTransform(\n metadata: OAuthMetadata,\n metadataTransform?: MiddlewareOptions[\"metadataTransform\"],\n ): OAuthMetadata {\n if (!metadataTransform) {\n return metadata;\n }\n\n // Keep cached discovery metadata immutable from user-provided transforms.\n return metadataTransform(this.cloneOAuthMetadata(metadata));\n }\n\n private cloneOAuthMetadata(metadata: OAuthMetadata): OAuthMetadata {\n return JSON.parse(JSON.stringify(metadata)) as OAuthMetadata;\n }\n\n private async fetchOAuthMetadata(): Promise<OAuthMetadata> {\n // Try RFC 8414 first, then OIDC discovery\n const urls = [\n `${this.apiUrl}/.well-known/oauth-authorization-server`,\n `${this.apiUrl}/.well-known/openid-configuration`,\n ];\n\n let lastError: Error | undefined;\n for (const url of urls) {\n try {\n const res = await fetch(url);\n if (res.ok) {\n return (await res.json()) as OAuthMetadata;\n }\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n throw new Error(\n `Failed to fetch AS metadata from ${this.apiUrl}: ${lastError?.message ?? \"unknown error\"}`,\n );\n }\n\n private resolveResourceServerUrl(\n req: Request,\n mcpPath: string,\n options?: MiddlewareOptions,\n ): URL {\n if (options?.resourceServerUrl) {\n return new URL(options.resourceServerUrl);\n }\n const host = req.get(\"host\");\n if (!host) {\n throw new Error(\n \"Missing Host header. Set middleware({ resourceServerUrl }) to a trusted public URL.\",\n );\n }\n return new URL(`${req.protocol}://${host}${mcpPath}`);\n }\n\n private getOrCreateRuntimeAuthContext(\n metadata: OAuthMetadata,\n rsUrl: URL,\n customVerifier?: OAuthTokenVerifier,\n ): RuntimeAuthContext {\n const key = this.getRuntimeAuthCacheKey(rsUrl, customVerifier);\n const cached = this.runtimeAuthCache.get(key);\n if (cached) {\n // LRU touch\n this.runtimeAuthCache.delete(key);\n this.runtimeAuthCache.set(key, cached);\n return cached;\n }\n\n // mcpAuthMetadataRouter uses issuer for authorization_servers.\n // Keep issuer aligned with the request's resource server origin.\n const proxiedMetadata = { ...metadata, issuer: `${rsUrl.origin}/` };\n const metadataRouter = mcpAuthMetadataRouter({\n oauthMetadata: proxiedMetadata,\n resourceServerUrl: rsUrl,\n });\n const resourceMetadataUrl = getOAuthProtectedResourceMetadataUrl(rsUrl);\n const verifier =\n customVerifier ?? this.createTokenVerifier(metadata, rsUrl);\n const runtimeAuth: RuntimeAuthContext = {\n metadataRouter,\n bearerAuth: requireBearerAuth({\n verifier,\n resourceMetadataUrl,\n }),\n };\n\n this.trimCacheToFit(this.runtimeAuthCache, RUNTIME_AUTH_CACHE_MAX_ENTRIES);\n this.runtimeAuthCache.set(key, runtimeAuth);\n return runtimeAuth;\n }\n\n private getRuntimeAuthCacheKey(\n rsUrl: URL,\n customVerifier?: OAuthTokenVerifier,\n ): string {\n if (!customVerifier) {\n return `${rsUrl.href}\\0default`;\n }\n\n let verifierId = this.runtimeVerifierIds.get(customVerifier);\n if (verifierId === undefined) {\n verifierId = ++this.runtimeVerifierIdCounter;\n this.runtimeVerifierIds.set(customVerifier, verifierId);\n }\n\n return `${rsUrl.href}\\0custom:${verifierId}`;\n }\n\n private respondMetadataInitError(res: Response, error: unknown): void {\n const message = error instanceof Error ? error.message : String(error);\n console.error(`[kontext] Failed to fetch AS metadata: ${message}`);\n if (res.headersSent) return;\n res.status(503).json({\n error: \"service_unavailable\",\n error_description:\n \"Failed to fetch authorization server metadata. Retry later.\",\n });\n }\n\n private evictExpiredCredentials(now: number): void {\n for (const [key, value] of this.credentialCache.entries()) {\n if (value.expiresAt <= now) {\n this.credentialCache.delete(key);\n }\n }\n }\n\n private evictExpiredResolvedCredentials(now: number): void {\n for (const [key, value] of this.resolvedCredentialCache.entries()) {\n if (value.expiresAt <= now) {\n this.resolvedCredentialCache.delete(key);\n }\n }\n }\n\n private trimCacheToFit<T>(cache: Map<string, T>, maxEntries: number): void {\n while (cache.size >= maxEntries) {\n const oldestKey = cache.keys().next().value as string | undefined;\n if (!oldestKey) break;\n cache.delete(oldestKey);\n }\n }\n\n // ===========================================================================\n // Private: token verifier\n // ===========================================================================\n\n private createTokenVerifier(\n metadata: OAuthMetadata,\n resourceUrl: URL,\n ): OAuthTokenVerifier {\n const metadataRaw = metadata as Record<string, unknown>;\n const jwksUri =\n (metadataRaw.jwks_uri as string | undefined) ??\n `${this.apiUrl}/.well-known/jwks.json`;\n const clientId = this.clientId;\n\n const issuers = Array.from(\n new Set(\n [metadata.issuer, ...this.tokenIssuers].filter(\n (issuer): issuer is string => typeof issuer === \"string\" && !!issuer,\n ),\n ),\n );\n if (!issuers.length) {\n throw new Error(\"OAuth metadata missing issuer\");\n }\n const issuer: string | string[] =\n issuers.length === 1 ? issuers[0]! : issuers;\n\n const verifier = new KontextTokenVerifier({\n jwksUrl: jwksUri,\n issuer,\n audience: resourceUrl.href,\n });\n\n return {\n async verifyAccessToken(token: string): Promise<AuthInfo> {\n const result = await verifier.verify(token);\n\n if (!result.success) {\n throw new InvalidTokenError(\n `Token verification failed: ${result.error.message}`,\n );\n }\n\n const { claims } = result;\n const payload = claims.payload as Record<string, unknown>;\n const ext = (payload.ext as Record<string, unknown> | undefined) ?? {};\n\n return {\n token,\n clientId: claims.clientId ?? clientId,\n scopes: claims.scopes,\n expiresAt: Math.floor(claims.expiresAt.getTime() / 1000),\n extra: {\n ...ext,\n sub: claims.sub,\n email: payload.email ?? ext.email,\n },\n };\n },\n };\n }\n\n // ===========================================================================\n // Private: telemetry\n // ===========================================================================\n\n private async getServiceToken(): Promise<string> {\n if (this.serviceToken && Date.now() < this.serviceTokenExp - 30_000) {\n return this.serviceToken;\n }\n\n if (this.serviceTokenPromise) {\n return this.serviceTokenPromise;\n }\n\n this.serviceTokenPromise = (async () => {\n const res = await fetch(`${this.apiUrl}/oauth2/token`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Authorization: `Basic ${Buffer.from(this.clientId + \":\" + this.clientSecret).toString(\"base64\")}`,\n },\n body: \"grant_type=client_credentials\",\n });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new Error(\n `[kontext:telemetry] client_credentials grant failed: HTTP ${res.status} ${text}`,\n );\n }\n const data = (await res.json()) as {\n access_token: string;\n expires_in: number;\n };\n this.serviceToken = data.access_token;\n this.serviceTokenExp = Date.now() + data.expires_in * 1000;\n return data.access_token;\n })();\n\n try {\n return await this.serviceTokenPromise;\n } finally {\n this.serviceTokenPromise = null;\n }\n }\n\n private reportEvent(\n event: Record<string, unknown> & {\n sessionId?: string;\n ownerUserId?: unknown;\n durationMs: number;\n },\n ): void {\n if (!this.clientSecret || !event.sessionId) return;\n this.getServiceToken()\n .then((token) =>\n fetch(`${this.apiUrl}/api/v1/mcp-events`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n ...event,\n agentId: this.clientId,\n clientId: this.clientId,\n clientVersion: SDK_VERSION,\n }),\n }).then((res) => {\n if (!res.ok) {\n console.warn(\n `[kontext:telemetry] event report failed: HTTP ${res.status}`,\n );\n }\n }),\n )\n .catch((err) => {\n console.warn(\n `[kontext:telemetry] error:`,\n err instanceof Error ? err.message : String(err),\n );\n });\n }\n\n // ===========================================================================\n // Private: session lifecycle\n // ===========================================================================\n\n private createAgentSession(\n userToken: string | undefined,\n mcpSessionId: string,\n metadata?: {\n hostname?: string;\n userAgent?: string;\n clientInfo?: Record<string, unknown>;\n tokenExpiresAt?: number;\n },\n ): void {\n if (!this.clientSecret || !userToken) return;\n const tokenIdentifier = createHash(\"sha256\")\n .update(userToken)\n .digest(\"hex\");\n\n this.getServiceToken()\n .then((token) =>\n fetch(`${this.apiUrl}/api/v1/agent-sessions`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n tokenIdentifier,\n hostname: metadata?.hostname,\n userAgent: metadata?.userAgent,\n clientInfo: metadata?.clientInfo,\n tokenExpiresAt: metadata?.tokenExpiresAt\n ? new Date(metadata.tokenExpiresAt * 1000).toISOString()\n : undefined,\n }),\n }).then(async (res) => {\n if (res.ok) {\n const data = (await res.json()) as {\n sessionId: string;\n name: string;\n };\n if (this.pendingSessionDisconnects.delete(mcpSessionId)) {\n this.disconnectAgentSessionByAgentSessionId(\n data.sessionId,\n token,\n );\n return;\n }\n\n this.agentSessionIds.set(mcpSessionId, data.sessionId);\n } else {\n this.pendingSessionDisconnects.delete(mcpSessionId);\n console.warn(\n `[kontext:sessions] create failed: HTTP ${res.status}`,\n );\n }\n }),\n )\n .catch((err) => {\n this.pendingSessionDisconnects.delete(mcpSessionId);\n console.warn(\n `[kontext:sessions] error:`,\n err instanceof Error ? err.message : String(err),\n );\n });\n }\n\n private disconnectAgentSessionByAgentSessionId(\n agentSessionId: string,\n serviceToken?: string,\n ): void {\n if (!this.clientSecret) return;\n\n const tokenPromise = serviceToken\n ? Promise.resolve(serviceToken)\n : this.getServiceToken();\n\n tokenPromise\n .then((token) =>\n fetch(\n `${this.apiUrl}/api/v1/agent-sessions/${agentSessionId}/disconnect`,\n {\n method: \"POST\",\n headers: { Authorization: `Bearer ${token}` },\n },\n ),\n )\n .catch(() => {});\n }\n\n private disconnectAgentSession(mcpSessionId: string): void {\n if (!this.clientSecret) return;\n\n const agentSessionId = this.agentSessionIds.get(mcpSessionId);\n this.agentSessionIds.delete(mcpSessionId);\n if (!agentSessionId) {\n this.pendingSessionDisconnects.add(mcpSessionId);\n return;\n }\n\n this.pendingSessionDisconnects.delete(mcpSessionId);\n this.disconnectAgentSessionByAgentSessionId(agentSessionId);\n }\n\n private async disconnectAllSessions(): Promise<void> {\n if (!this.clientSecret) return;\n if (this.agentSessionIds.size === 0) {\n this.pendingSessionDisconnects.clear();\n return;\n }\n\n try {\n const token = await this.getServiceToken();\n await Promise.allSettled(\n [...this.agentSessionIds.values()].map((agentSessionId) =>\n fetch(\n `${this.apiUrl}/api/v1/agent-sessions/${agentSessionId}/disconnect`,\n {\n method: \"POST\",\n headers: { Authorization: `Bearer ${token}` },\n },\n ),\n ),\n );\n } catch {\n // Best-effort on shutdown — swallow errors\n }\n this.agentSessionIds.clear();\n this.pendingSessionDisconnects.clear();\n }\n\n // ===========================================================================\n // Private: MCP transport handlers\n // ===========================================================================\n\n private async runBearerAuth(\n bearerAuth: ReturnType<typeof requireBearerAuth>,\n req: Request,\n res: Response,\n ): Promise<void> {\n await new Promise<void>((resolve, reject) => {\n let settled = false;\n let nextCalled = false;\n\n const cleanup = () => {\n res.removeListener(\"finish\", onResponseDone);\n res.removeListener(\"close\", onResponseDone);\n };\n\n const settleResolve = () => {\n if (settled) return;\n settled = true;\n cleanup();\n resolve();\n };\n\n const settleReject = (err: unknown) => {\n if (settled) return;\n settled = true;\n cleanup();\n reject(err instanceof Error ? err : new Error(String(err)));\n };\n\n const onResponseDone = () => {\n // Auth middleware can terminate the response (401/403) without\n // calling next(). Treat response completion as terminal.\n settleResolve();\n };\n\n res.once(\"finish\", onResponseDone);\n res.once(\"close\", onResponseDone);\n\n let middlewareResult: unknown;\n try {\n middlewareResult = bearerAuth(req, res, (err?: unknown) => {\n nextCalled = true;\n if (err) {\n settleReject(err);\n return;\n }\n settleResolve();\n });\n } catch (err) {\n settleReject(err);\n return;\n }\n\n void Promise.resolve(middlewareResult).then(\n () => {\n if (!nextCalled && res.headersSent) {\n settleResolve();\n }\n },\n (err: unknown) => {\n settleReject(err);\n },\n );\n });\n }\n\n private createMcpHandler(\n server: McpServerOrFactory,\n sessionManager: SessionManager,\n getRuntimeAuth: ((req: Request) => Promise<RuntimeAuthContext>) | null,\n options?: MiddlewareOptions,\n ) {\n const callbacks: SessionCallbacks = {\n onSessionClosed: (sessionId: string) => {\n options?.onSessionClosed?.(sessionId);\n this.disconnectAgentSession(sessionId);\n },\n };\n\n const post = async (req: Request, res: Response) => {\n const traceId = crypto.randomUUID();\n const authReq = req as Request & { auth?: AuthInfo };\n\n // Authenticate every request (not just initialize) so authInfo\n // is available in tool handlers on subsequent calls.\n if (getRuntimeAuth) {\n let bearerAuth: ReturnType<typeof requireBearerAuth>;\n try {\n const runtimeAuth = await getRuntimeAuth(req);\n bearerAuth = runtimeAuth.bearerAuth;\n } catch (error) {\n this.respondMetadataInitError(res, error);\n return;\n }\n\n await this.runBearerAuth(bearerAuth, req, res);\n\n const sessionId = req.headers[\"mcp-session-id\"] as string | undefined;\n\n // Only report auth events for established sessions — the\n // initial request has no session ID yet and is covered by\n // the \"initialize\" event instead.\n if (sessionId) {\n if (res.headersSent) {\n this.reportEvent({\n eventType: \"auth_error\",\n traceId,\n sessionId,\n durationMs: 0,\n status: \"error_auth\",\n });\n return;\n }\n\n if (authReq.auth) {\n this.reportEvent({\n eventType: \"auth_ok\",\n traceId,\n ownerUserId: authReq.auth.extra?.sub,\n sessionId,\n durationMs: 0,\n status: \"ok\",\n });\n }\n } else if (res.headersSent) {\n // Auth failed on initial request — nothing more to do\n return;\n }\n }\n\n const sessionId = req.headers[\"mcp-session-id\"] as string | undefined;\n\n // If there's an existing session, route to its transport\n if (sessionId) {\n const transport = sessionManager.getTransport(sessionId);\n if (transport) {\n sessionManager.touchSession(sessionId);\n await transport.handleRequest(req, res, req.body);\n return;\n }\n }\n\n // New session: must be an initialize request\n if (!isInitializeRequest(req.body)) {\n res.status(400).json({\n jsonrpc: \"2.0\",\n error: {\n code: -32000,\n message: sessionId\n ? `Session ${sessionId} not found`\n : \"No valid session ID provided\",\n },\n id: null,\n });\n return;\n }\n\n // Create transport and connect\n const authInfo = authReq.auth;\n const transport = new StreamableHTTPServerTransport({\n sessionIdGenerator: () => crypto.randomUUID(),\n onsessioninitialized: (sid: string) => {\n sessionManager.registerSession(\n sid,\n transport,\n callbacks,\n authInfo?.expiresAt,\n );\n options?.onSessionInitialized?.(sid, authInfo, transport);\n this.reportEvent({\n eventType: \"initialize\",\n traceId,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n durationMs: 0,\n status: \"ok\",\n });\n this.createAgentSession(authInfo?.token, sid, {\n hostname: req.headers[\"x-forwarded-for\"] as string | undefined,\n userAgent: req.headers[\"user-agent\"] as string | undefined,\n tokenExpiresAt: authInfo?.expiresAt,\n });\n },\n });\n\n // Wrap handleRequest to intercept tool calls with telemetry\n const originalHandle = transport.handleRequest.bind(transport);\n transport.handleRequest = async (\n wrappedReq: Request,\n wrappedRes: Response,\n parsedBody?: Record<string, unknown>,\n ) => {\n const reqTraceId = wrappedReq === req ? traceId : crypto.randomUUID();\n const sid =\n (wrappedReq.headers[\"mcp-session-id\"] as string | undefined) ??\n transport.sessionId;\n const start = Date.now();\n try {\n await originalHandle(wrappedReq, wrappedRes, parsedBody);\n if (parsedBody?.method === \"tools/call\") {\n this.reportEvent({\n eventType: \"execute_tool\",\n traceId: reqTraceId,\n toolName: (\n parsedBody.params as Record<string, unknown> | undefined\n )?.name,\n durationMs: Date.now() - start,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n status: \"ok\",\n requestJson: parsedBody.params,\n });\n } else if (parsedBody?.method === \"tools/list\") {\n this.reportEvent({\n eventType: \"search_tools\",\n traceId: reqTraceId,\n durationMs: Date.now() - start,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n status: \"ok\",\n });\n }\n } catch (err) {\n if (parsedBody?.method === \"tools/call\") {\n this.reportEvent({\n eventType: \"execute_tool\",\n traceId: reqTraceId,\n toolName: (\n parsedBody.params as Record<string, unknown> | undefined\n )?.name,\n durationMs: Date.now() - start,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n status: \"error_remote\",\n errorMessage: err instanceof Error ? err.message : String(err),\n });\n } else if (parsedBody?.method === \"tools/list\") {\n this.reportEvent({\n eventType: \"search_tools\",\n traceId: reqTraceId,\n durationMs: Date.now() - start,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n status: \"error_remote\",\n errorMessage: err instanceof Error ? err.message : String(err),\n });\n }\n throw err;\n }\n };\n\n const mcpServer = typeof server === \"function\" ? server() : server;\n await mcpServer.connect(transport);\n await transport.handleRequest(req, res, req.body);\n };\n\n const get = async (req: Request, res: Response) => {\n if (getRuntimeAuth) {\n let bearerAuth: ReturnType<typeof requireBearerAuth>;\n try {\n const runtimeAuth = await getRuntimeAuth(req);\n bearerAuth = runtimeAuth.bearerAuth;\n } catch (error) {\n this.respondMetadataInitError(res, error);\n return;\n }\n\n await this.runBearerAuth(bearerAuth, req, res);\n if (res.headersSent) {\n return;\n }\n }\n\n const sessionId =\n (req.headers[\"mcp-session-id\"] as string | undefined) ||\n (req.headers[\"Mcp-Session-Id\"] as string | undefined);\n if (!sessionId) {\n res.status(400).json({ error: \"Missing Mcp-Session-Id header\" });\n return;\n }\n\n const transport = sessionManager.getTransport(sessionId);\n if (!transport) {\n res.status(400).json({ error: \"Session not found\" });\n return;\n }\n\n sessionManager.touchSession(sessionId);\n await transport.handleRequest(req, res);\n };\n\n const del = async (req: Request, res: Response) => {\n if (getRuntimeAuth) {\n let bearerAuth: ReturnType<typeof requireBearerAuth>;\n try {\n const runtimeAuth = await getRuntimeAuth(req);\n bearerAuth = runtimeAuth.bearerAuth;\n } catch (error) {\n this.respondMetadataInitError(res, error);\n return;\n }\n\n await this.runBearerAuth(bearerAuth, req, res);\n if (res.headersSent) {\n return;\n }\n }\n\n const sessionId =\n (req.headers[\"mcp-session-id\"] as string | undefined) ||\n (req.headers[\"Mcp-Session-Id\"] as string | undefined);\n if (!sessionId) {\n res.status(400).json({ error: \"Missing Mcp-Session-Id header\" });\n return;\n }\n\n const transport = sessionManager.getTransport(sessionId);\n if (!transport) {\n res.status(400).json({ error: \"Session not found\" });\n return;\n }\n\n await transport.handleRequest(req, res);\n };\n\n return { post, get, delete: del };\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/storage/memory.ts","../src/storage/types.ts","../src/errors.ts","../src/oauth/provider.ts","../src/mcp/client.ts","../src/client/tool-utils.ts","../src/client/orchestrator/internal/backends.ts","../src/client/orchestrator/internal/routes.ts","../src/client/orchestrator/internal/inventory.ts","../src/client/orchestrator/internal/policy.ts","../src/client/orchestrator/internal/state.ts","../src/client/orchestrator/token-manager.ts","../src/client/orchestrator/internal-client-registry.ts","../src/client/orchestrator/index.ts","../src/client/index.ts","../src/management/types.ts","../src/oauth/token-exchange.ts","../src/verify/errors.ts","../src/verify/jwks-client.ts","../src/verify/verifier.ts","../src/server/sessions.ts","../src/server/kontext.ts"],"names":["joseErrors","mcpHandler","issuer","sessionId","transport"],"mappings":";;;;;;;;;;;;;;AAWO,IAAM,gBAAN,MAA8C;AAAA,EAC3C,KAAA,uBAAY,GAAA,EAAqB;AAAA,EAEzC,MAAM,QAAW,GAAA,EAAqC;AACpD,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAChC,IAAA,IAAI,UAAU,MAAA,EAAW;AACvB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA;AAAA,EACzC;AAAA,EAEA,MAAM,OAAA,CAAW,GAAA,EAAa,KAAA,EAAqC;AACjE,IAAA,IAAI,UAAU,MAAA,EAAW;AACvB,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,IACvB,CAAA,MAAO;AAEL,MAAA,IAAA,CAAK,KAAA,CAAM,IAAI,GAAA,EAAK,IAAA,CAAK,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAC,CAAA;AAAA,IACvD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,MAAM,KAAA,EAAM;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,IAAA,GAAe;AACjB,IAAA,OAAO,KAAK,KAAA,CAAM,IAAA;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,GAAA,EAAsB;AACxB,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA,GAAiB;AACf,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,KAAA,CAAM,MAAM,CAAA;AAAA,EACrC;AACF,CAAA;;;AC/BO,SAAS,gBAAA,CACd,mBAAA,EACA,UAAA,EAAA,GACG,KAAA,EACK;AACR,EAAA,MAAM,SAAA,GAAY,aACd,CAAA,QAAA,EAAW,mBAAmB,IAAI,UAAU,CAAA,CAAA,GAC5C,WAAW,mBAAmB,CAAA,CAAA;AAClC,EAAA,OAAO,CAAC,SAAA,EAAW,GAAG,KAAK,CAAA,CAAE,KAAK,GAAG,CAAA;AACvC;AAKO,IAAM,WAAA,GAAc;AAAA;AAAA,EAEzB,MAAA,EAAQ,QAAA;AAAA,EACR,aAAA,EAAe,eAAA;AAAA,EACf,KAAA,EAAO,OAAA;AAAA,EACM;AAAA;AAAA,EAIb,eAAA,EAAiB,iBAAA;AAAA;AAAA,EAEjB,eAAA,EAAiB;AACnB,CAAA;AAcO,SAAS,iBAAiB,QAAA,EAA0B;AACzD,EAAA,OAAO,CAAA,EAAG,WAAA,CAAY,eAAe,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AACnD;;;ACxCO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA;AAAA,EAE7B,YAAA,GAAe,IAAA;AAAA;AAAA,EAGf,IAAA;AAAA;AAAA,EAGA,UAAA;AAAA;AAAA,EAGA,OAAA;AAAA;AAAA,EAGA,SAAA;AAAA;AAAA,EAGA,IAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,IAAA,EACA,OAAA,EAMA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,EAAE,KAAA,EAAO,OAAA,EAAS,OAAO,CAAA;AACxC,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,aAAa,OAAA,EAAS,UAAA;AAC3B,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,IAAA,GAAO,OAAA,EAAS,IAAA,IAAQ,EAAC;AAC9B,IAAA,IAAA,CAAK,OAAA,GAAU,mCAAmC,IAAI,CAAA,CAAA;AACtD,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,GAAA,CAAA,MAAA,CAAW,SAAS,CAAA;AAAA,EAClD;AAAA,EAEA,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM,OAAO,IAAA,CAAK,IAAA,CAAK,IAAI,CAAA,CAAE,MAAA,GAAS,CAAA,GAAI,IAAA,CAAK,IAAA,GAAO;AAAA,KACxD;AAAA,EACF;AAAA,EAES,QAAA,GAAmB;AAC1B,IAAA,MAAM,KAAA,GAAQ,CAAC,CAAA,CAAA,EAAI,IAAA,CAAK,IAAI,CAAA,EAAA,EAAK,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AAC/C,IAAA,IAAI,KAAK,OAAA,EAAS,KAAA,CAAM,KAAK,CAAA,MAAA,EAAS,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AACpD,IAAA,IAAI,KAAK,SAAA,EAAW,KAAA,CAAM,KAAK,CAAA,YAAA,EAAe,IAAA,CAAK,SAAS,CAAA,CAAE,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AAAA,EACxB;AACF;AAUO,SAAS,eAAe,GAAA,EAAmC;AAChE,EAAA,OACE,OAAO,GAAA,KAAQ,QAAA,IACf,GAAA,KAAQ,IAAA,IACP,IAAgC,YAAA,KAAiB,IAAA;AAEtD;AASO,IAAM,0BAAA,GAAN,cAAyC,YAAA,CAAa;AAAA,EAClD,gBAAA;AAAA,EAET,WAAA,CACE,OAAA,GAAU,8DAAA,EACV,OAAA,EAMA;AACA,IAAA,KAAA,CAAM,SAAS,gCAAA,EAAkC;AAAA,MAC/C,UAAA,EAAY,GAAA;AAAA,MACZ,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,4BAAA;AACZ,IAAA,IAAA,CAAK,mBAAmB,OAAA,EAAS,gBAAA;AAAA,EACnC;AACF;AAUO,IAAM,UAAA,GAAN,cAAyB,YAAA,CAAa;AAAA,EAClC,SAAA;AAAA,EACA,gBAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,IAAA,EACA,OAAA,EAQA;AACA,IAAA,KAAA,CAAM,SAAS,IAAA,EAAM;AAAA,MACnB,UAAA,EAAY,SAAS,UAAA,IAAc,GAAA;AAAA,MACnC,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,YAAA;AACZ,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,mBAAmB,OAAA,EAAS,gBAAA;AAAA,EACnC;AACF;AASO,IAAM,kCAAA,GAAN,cAAiD,YAAA,CAAa;AAAA,EAC1D,aAAA;AAAA,EACA,eAAA;AAAA,EACA,UAAA;AAAA,EAET,WAAA,CACE,eACA,OAAA,EAQA;AACA,IAAA,KAAA;AAAA,MACE,OAAA,EAAS,OAAA,IACP,CAAA,2BAAA,EAA8B,aAAa,CAAA,kDAAA,CAAA;AAAA,MAC7C,yCAAA;AAAA,MACA,EAAE,UAAA,EAAY,GAAA,EAAK,GAAG,OAAA;AAAQ,KAChC;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,oCAAA;AACZ,IAAA,IAAA,CAAK,aAAA,GAAgB,aAAA;AACrB,IAAA,IAAA,CAAK,kBAAkB,OAAA,EAAS,eAAA;AAChC,IAAA,IAAA,CAAK,aAAa,OAAA,EAAS,UAAA;AAAA,EAC7B;AACF;AAUO,IAAM,WAAA,GAAN,cAA0B,YAAA,CAAa;AAAA,EAC5C,WAAA,CACE,OAAA,EACA,IAAA,EACA,OAAA,EAIA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,MAAM,OAAO,CAAA;AAC5B,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AAAA,EACd;AACF;AASO,IAAM,YAAA,GAAN,cAA2B,YAAA,CAAa;AAAA,EAC7C,WAAA,CACE,OAAA,GAAU,iFAAA,EACV,OAAA,EAKA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,yBAAyB,OAAO,CAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AAAA,EACd;AACF;AAUO,IAAM,SAAA,GAAN,cAAwB,YAAA,CAAa;AAAA,EACjC,UAAA;AAAA,EACA,gBAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,IAAA,EACA,OAAA,EAQA;AACA,IAAA,KAAA,CAAM,SAAS,IAAA,EAAM;AAAA,MACnB,YAAY,OAAA,EAAS,UAAA;AAAA,MACrB,GAAG;AAAA,KACJ,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AACZ,IAAA,IAAA,CAAK,aAAa,OAAA,EAAS,UAAA;AAC3B,IAAA,IAAA,CAAK,mBAAmB,OAAA,EAAS,gBAAA;AAAA,EACnC;AACF;AAYA,SAAS,WAAW,GAAA,EAAiC;AACnD,EAAA,OAAO,GAAA;AACT;AAEA,IAAM,mBAAA,uBAA0B,GAAA,CAAI;AAAA,EAClC,cAAA;AAAA,EACA,WAAA;AAAA,EACA,WAAA;AAAA,EACA,YAAA;AAAA,EACA,cAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF,CAAC,CAAA;AAMM,SAAS,eAAe,GAAA,EAAqB;AAClD,EAAA,IAAI,GAAA,CAAI,IAAA,KAAS,YAAA,EAAc,OAAO,IAAA;AAEtC,EAAA,MAAM,KAAA,GAAQ,WAAW,GAAG,CAAA;AAC5B,EAAA,MAAM,UAAU,KAAA,CAAM,IAAA;AACtB,EAAA,IAAI,OAAO,OAAA,KAAY,QAAA,IAAY,mBAAA,CAAoB,IAAI,OAAO,CAAA;AAChE,IAAA,OAAO,IAAA;AAIT,EAAA,IAAI,GAAA,CAAI,IAAA,KAAS,WAAA,IAAe,GAAA,CAAI,iBAAiB,KAAA,EAAO;AAC1D,IAAA,MAAM,SAAA,GAAY,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,CAAE,IAAA;AACxC,IAAA,IAAI,OAAO,SAAA,KAAc,QAAA,IAAY,mBAAA,CAAoB,IAAI,SAAS,CAAA;AACpE,MAAA,OAAO,IAAA;AAAA,EACX;AAEA,EAAA,OAAO,KAAA;AACT;AAMO,SAAS,oBAAoB,GAAA,EAAqB;AACvD,EAAA,MAAM,KAAA,GAAQ,WAAW,GAAG,CAAA;AAG5B,EAAA,IAAI,MAAM,UAAA,KAAe,GAAA,IAAO,KAAA,CAAM,MAAA,KAAW,KAAK,OAAO,IAAA;AAI7D,EAAA,IAAI,GAAA,CAAI,IAAA,KAAS,mBAAA,EAAqB,OAAO,IAAA;AAC7C,EAAA,IAAI,GAAA,CAAI,OAAA,KAAY,cAAA,EAAgB,OAAO,IAAA;AAE3C,EAAA,OAAO,KAAA;AACT;AAqBO,SAAS,cAAA,CACd,YACA,IAAA,EACc;AACd,EAAA,MAAM,OAAA,GACJ,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,IAAQ,SAAA,IAAa,IAAA,GACtD,MAAA,CAAQ,IAAA,CAA8B,OAAO,CAAA,GAC7C,QAAQ,UAAU,CAAA,CAAA;AAExB,EAAA,MAAM,SAAA,GACJ,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,IAAQ,MAAA,IAAU,IAAA,GACnD,MAAA,CAAQ,IAAA,CAA2B,IAAI,CAAA,GACvC,MAAA;AAEN,EAAA,QAAQ,UAAA;AAAY,IAClB,KAAK,GAAA;AACH,MAAA,IACE,OAAO,IAAA,KAAS,QAAA,IAChB,IAAA,KAAS,IAAA,IACT,QAAA,IAAY,IAAA,IACZ,KAAA,CAAM,OAAA,CAAS,IAAA,CAA6B,MAAM,CAAA,EAClD;AACA,QAAA,OAAO,IAAI,SAAA,CAAU,OAAA,EAAS,0BAAA,EAA4B;AAAA,UACxD,UAAA,EAAY,GAAA;AAAA,UACZ,kBACE,IAAA,CACA;AAAA,SACH,CAAA;AAAA,MACH;AACA,MAAA,OAAO,IAAI,YAAA,CAAa,OAAA,EAAS,SAAA,IAAa,qBAAA,EAAuB;AAAA,QACnE,UAAA,EAAY;AAAA,OACb,CAAA;AAAA,IAEH,KAAK,GAAA;AACH,MAAA,OAAO,IAAI,2BAA2B,OAAO,CAAA;AAAA,IAE/C,KAAK,GAAA;AACH,MAAA,IAAI,cAAc,iCAAA,EAAmC;AACnD,QAAA,MAAM,OAAA,GAAU,IAAA;AAKhB,QAAA,OAAO,IAAI,kCAAA;AAAA,UACT,QAAQ,aAAA,IAAiB,SAAA;AAAA,UACzB;AAAA,YACE,iBAAiB,OAAA,CAAQ,eAAA;AAAA,YACzB,YAAY,OAAA,CAAQ,UAAA;AAAA,YACpB;AAAA;AACF,SACF;AAAA,MACF;AACA,MAAA,OAAO,IAAI,SAAA,CAAU,OAAA,EAAS,uBAAA,EAAyB;AAAA,QACrD,UAAA,EAAY,GAAA;AAAA,QACZ,IAAA,EAAM,EAAE,MAAA,EAAS,IAAA,EAAkC,MAAA;AAAO,OAC3D,CAAA;AAAA,IAEH,KAAK,GAAA;AACH,MAAA,OAAO,IAAI,SAAA,CAAU,OAAA,EAAS,qBAAqB,EAAE,UAAA,EAAY,KAAK,CAAA;AAAA,IAExE,KAAK,GAAA,EAAK;AACR,MAAA,MAAM,UAAA,GACJ,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,IAAQ,YAAA,IAAgB,IAAA,GACzD,MAAA,CAAQ,IAAA,CAAiC,UAAU,CAAA,GACnD,MAAA;AACN,MAAA,OAAO,IAAI,SAAA;AAAA,QACT,UAAA,GACI,CAAA,iCAAA,EAAoC,UAAU,CAAA,SAAA,CAAA,GAC9C,sCAAA;AAAA,QACJ,sBAAA;AAAA,QACA,EAAE,UAAA,EAAY,GAAA,EAAK,UAAA;AAAW,OAChC;AAAA,IACF;AAAA,IAEA;AACE,MAAA,IAAI,cAAc,GAAA,EAAK;AACrB,QAAA,OAAO,IAAI,SAAA;AAAA,UACT,CAAA,mBAAA,EAAsB,UAAU,CAAA,GAAA,EAAM,OAAO,CAAA,CAAA;AAAA,UAC7C,sBAAA;AAAA,UACA,EAAE,UAAA;AAAW,SACf;AAAA,MACF;AACA,MAAA,OAAO,IAAI,YAAA,CAAa,OAAA,EAAS,SAAA,IAAa,uBAAA,EAAyB;AAAA,QACrE;AAAA,OACD,CAAA;AAAA;AAEP;;;ACnXO,IAAM,uBAAN,MAA0D;AAAA,EAC9C,MAAA;AAAA,EACA,aAAA;AAAA,EACT,YAAA,GAA8B,IAAA;AAAA,EACrB,iBAAiB,EAAA,GAAK,GAAA;AAAA,EAEvC,YAAY,MAAA,EAAoC;AAC9C,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,aAAA,GAAgB,gBAAA,CAAiB,MAAA,CAAO,QAAA,EAAU,OAAO,UAAU,CAAA;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,WAAA,GAA4B;AAC9B,IAAA,OAAO,KAAK,MAAA,CAAO,WAAA;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,cAAA,GAAsC;AACxC,IAAA,OAAO;AAAA,MACL,aAAA,EAAe,CAAC,IAAA,CAAK,MAAA,CAAO,WAAW,CAAA;AAAA,MACvC,WAAA,EAAa,KAAK,MAAA,CAAO,UAAA;AAAA,MACzB,WAAA,EAAa,CAAC,oBAAA,EAAsB,eAAe,CAAA;AAAA,MACnD,cAAA,EAAgB,CAAC,MAAM,CAAA;AAAA,MACvB,0BAAA,EAA4B;AAAA;AAAA,KAC9B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAgB;AAEd,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,IAAA,IAAI,UAAA,CAAW,QAAQ,eAAA,EAAiB;AACtC,MAAA,UAAA,CAAW,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAAA,IACzC,CAAA,MAAO;AACL,MAAA,KAAA,CAAM,GAAA,CAAI,WAAA,CAAY,EAAE,CAAC,CAAA;AAAA,IAC3B;AACA,IAAA,MAAM,QAAQ,KAAA,CAAM,IAAA;AAAA,MAAK,KAAA;AAAA,MAAO,CAAC,SAC/B,IAAA,CAAK,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG;AAAA,KACnC,CAAE,KAAK,EAAE,CAAA;AACT,IAAA,IAAA,CAAK,YAAA,GAAe,KAAA;AACpB,IAAA,KAAK,IAAA,CAAK,OAAO,OAAA,CAAQ,OAAA;AAAA,MACvB,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,KAAK,CAAA;AAAA,MACpC;AAAA,KACF;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,iBAAA,GAAsE;AAC1E,IAAA,OAAO;AAAA,MACL,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAA,GAA2C;AAC/C,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAqB,GAAG,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,MAAA,EAAoC;AACnD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AACjD,IAAA,MAAM,IAAA,CAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,IAAA,CAAK,YAAA,CAAa,MAAM,CAAC,CAAA;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,wBAAwB,gBAAA,EAAsC;AAClE,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,yBAAA,CAA0B,gBAAgB,CAAA;AAAA,EAC9D;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,YAAA,EAAqC;AAC1D,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,aAAa,CAAA;AACxD,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,YAAY,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,GAAgC;AACpC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,aAAa,CAAA;AACxD,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,QAAgB,GAAG,CAAA;AAC9D,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,wHAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,sBACJ,KAAA,EACe;AACf,IAAA,IAAI,KAAA,KAAU,KAAA,IAAS,KAAA,KAAU,QAAA,EAAU;AACzC,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AACvD,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,MAAS,CAAA;AACtD,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,eAAe,CAAA;AAClE,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,aAAa,MAAS,CAAA;AAAA,IAC1D;AACA,IAAA,IAAI,KAAA,KAAU,KAAA,IAAS,KAAA,KAAU,UAAA,EAAY;AAC3C,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,aAAa,CAAA;AAChE,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,aAAa,MAAS,CAAA;AAAA,IAC1D;AACA,IAAA,IAAI,UAAU,KAAA,EAAO;AACnB,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AACpB,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,KAAK,CAAA;AACrD,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,UAAU,MAAS,CAAA;AAAA,IACvD;AAAA,EAEF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QAAA,GAA0B;AAC9B,IAAA,MAAM,IAAA,CAAK,sBAAsB,KAAK,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAA,GAAmC;AACvC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,MAAA,EAAO;AACvC,IAAA,OAAO,IAAA,CAAK,aAAa,YAAY,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,mBAAmB,MAAA,EAAoC;AAC3D,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,eAAe,CAAA;AAC1D,IAAA,MAAM,IAAA,CAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,IAAA,CAAK,YAAA,CAAa,MAAM,CAAC,CAAA;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,cAAA,GAAmD;AACvD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,eAAe,CAAA;AAC1D,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAqB,GAAG,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,kBAAA,CACJ,QAAA,EACA,MAAA,EACe;AACf,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,gBAAA,CAAiB,QAAQ,CAAC,CAAA;AACzD,IAAA,MAAM,IAAA,CAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,IAAA,CAAK,YAAA,CAAa,MAAM,CAAC,CAAA;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,eAAe,QAAA,EAAoD;AACvE,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,gBAAA,CAAiB,QAAQ,CAAC,CAAA;AACzD,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAqB,GAAG,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,QAAA,EAAiC;AACzD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,gBAAA,CAAiB,QAAQ,CAAC,CAAA;AACzD,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAS,CAAA;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,sBAAA,GAA2C;AAC/C,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,cAAA,EAAe;AACzC,IAAA,OAAO,IAAA,CAAK,aAAa,MAAM,CAAA;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,uBAAuB,QAAA,EAAoC;AAC/D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,cAAA,CAAe,QAAQ,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,aAAa,MAAM,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,cAAc,KAAA,EAAkC;AACpD,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,aAAA,CAAc,WAAA,CAAY,KAAK,CAAA;AAChD,IAAA,MAAM,WAAA,GACJ,KAAK,YAAA,IAAiB,MAAM,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAgB,GAAG,CAAA;AACrE,IAAA,MAAM,UAAU,WAAA,KAAgB,KAAA;AAEhC,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AACpB,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAS,CAAA;AAAA,IAClD;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEQ,aACN,MAAA,EACsC;AACtC,IAAA,IAAI,CAAC,OAAO,UAAA,EAAY;AACtB,MAAA,OAAO,MAAA;AAAA,IACT;AACA,IAAA,OAAO,EAAE,GAAG,MAAA,EAAQ,SAAA,EAAW,IAAA,CAAK,KAAI,EAAE;AAAA,EAC5C;AAAA,EAEQ,aAAa,MAAA,EAA+B;AAClD,IAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,CAAC,OAAO,UAAA,EAAY;AACtB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,MAAM,WAAY,MAAA,CAAgD,SAAA;AAClE,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,MAAM,SAAA,GAAY,QAAA,GAAW,MAAA,CAAO,UAAA,GAAa,GAAA;AACjD,IAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,GAAY,IAAA,CAAK,cAAA;AAAA,EACvC;AAAA,EAEQ,cAAc,GAAA,EAAqB;AACzC,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,aAAa,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA;AAAA,EACrC;AACF,CAAA;AAQO,SAAS,mBAAmB,WAAA,EAKjC;AACA,EAAA,MAAM,MACJ,OAAO,WAAA,KAAgB,WAAW,IAAI,GAAA,CAAI,WAAW,CAAA,GAAI,WAAA;AAC3D,EAAA,MAAM,SAAS,GAAA,CAAI,YAAA;AAEnB,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AAChC,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,gBAAA,EAAkB,MAAA,CAAO,GAAA,CAAI,mBAAmB,CAAA,IAAK;AAAA,KACvD;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA,IAAK,MAAA;AAAA,IAC5B,KAAA,EAAO,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA,IAAK;AAAA,GAChC;AACF;;;ACnUA,IAAM,cAAA,GAAiB,yBAAA;AAEhB,SAAS,0BAA0B,MAAA,EAAwB;AAChE,EAAA,IAAI,GAAA,GAAM,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAIlC,EAAA,GAAA,GAAM,IAAI,OAAA,CAAQ,eAAA,EAAiB,EAAE,CAAA,CAAE,OAAA,CAAQ,aAAa,EAAE,CAAA;AAC9D,EAAA,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAE3B,EAAA,OAAO,GAAA;AACT;AAoHO,IAAM,aAAN,MAAiB;AAAA,EACL,MAAA;AAAA,EACA,OAAA;AAAA,EACA,aAAA;AAAA,EACA,eAAA,GACf,OAAO,UAAA,CAAW,MAAA,EAAQ,UAAA,KAAe,UAAA,GACrC,UAAA,CAAW,MAAA,CAAO,UAAA,EAAW,GAC7B,CAAA,YAAA,EAAe,IAAA,CAAK,GAAA,GAAM,QAAA,CAAS,EAAE,CAAC,CAAA,CAAA,EAAI,IAAA,CAAK,MAAA,EAAO,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,KAAA,CAAM,CAAC,CAAC,CAAA,CAAA;AAAA,EAC3E,SAAA,GAAkD,IAAA;AAAA,EAClD,MAAA,GAAwB,IAAA;AAAA,EACxB,YAAA,GAAe,KAAA;AAAA,EACf,eAAA,GAAwC,IAAA;AAAA,EACxC,gBAAA,GAAyC,IAAA;AAAA,EACzC,gBAAA,GAAwC,IAAA;AAAA,EAEhD,YAAY,MAAA,EAA0B;AACpC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,MAAA,CAAO,OAAA,IAAW,IAAI,aAAA,EAAc;AAEnD,IAAA,IAAA,CAAK,aAAA,GAAgB,IAAI,oBAAA,CAAqB;AAAA,MAC5C,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,UAAA,EAAY,OAAO,UAAA,IAAc,SAAA;AAAA,MACjC,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,yBAAA,EAA2B,OAAO,GAAA,KAAQ;AAExC,QAAA,IAAA,CAAK,gBAAA,GAAmB,IAAI,OAAA,CAAc,CAAC,OAAA,KAAY;AACrD,UAAA,IAAA,CAAK,gBAAA,GAAmB,OAAA;AAAA,QAC1B,CAAC,CAAA;AAGD,QAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AAC9C,QAAA,IAAI,MAAA,EAAQ;AAEV,UAAA,MAAM,IAAA,CAAK,eAAe,MAAM,CAAA;AAAA,QAClC;AAAA,MAEF;AAAA,KACD,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,WAAA,GAAuB;AACzB,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,SAAA,GAA2B;AAC7B,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,SAAA,GAAgC;AAClC,IAAA,OAAO,KAAK,SAAA,EAAW,SAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAY,SAAA,GAAoB;AAC9B,IAAA,OAAO,yBAAA,CAA0B,IAAA,CAAK,MAAA,CAAO,MAAA,IAAU,cAAc,CAAA;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAY,cAAA,GAAyB;AACnC,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,IAAO,CAAA,EAAG,KAAK,SAAS,CAAA,IAAA,CAAA;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,SAAA,GAA6B;AACjC,IAAA,MAAM,KAAK,eAAA,EAAgB;AAC3B,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,MAAA,CAAQ,SAAA,EAAU;AAC9C,IAAA,OAAO,QAAA,CAAS,KAAA;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAA,CACJ,IAAA,EACA,IAAA,EACyB;AACzB,IAAA,MAAM,KAAK,eAAA,EAAgB;AAC3B,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAQ,QAAA,CAAS;AAAA,QACzC,IAAA;AAAA,QACA,SAAA,EAAW;AAAA,OACZ,CAAA;AACD,MAAA,OAAO,MAAA;AAAA,IACT,SAAS,KAAA,EAAO;AAEd,MAAA,IACE,KAAA,YAAiB,2BAAA,IACjB,IAAA,CAAK,MAAA,CAAO,gBAAA,EACZ;AACA,QAAA,KAAA,MAAW,WAAA,IAAe,MAAM,YAAA,EAAc;AAC5C,UAAA,MAAM,IAAA,CAAK,OAAO,gBAAA,CAAiB;AAAA,YACjC,KAAK,WAAA,CAAY,GAAA;AAAA,YACjB,OAAA,EAAS,YAAY,OAAA,IAAW,iBAAA;AAAA,YAChC,aAAA,EAAe,YAAY,aAAA,IAAiB,EAAA;AAAA,YAC5C,eAAgB,WAAA,CACb,aAAA;AAAA,YACH,iBAAkB,WAAA,CACf;AAAA,WACJ,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,oBAAA,GAIH;AACD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,aAAA,CAAc,MAAA,EAAO;AAC/C,IAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,oBAAA,CAAA,EAAwB;AAAA,MACpE,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,CAAA,OAAA,EAAU,MAAA,CAAO,YAAY,CAAA,CAAA;AAAA,QAC5C,cAAA,EAAgB;AAAA;AAClB,KACD,CAAA;AAED,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,CAAA,uCAAA,EAA0C,SAAS,MAAM,CAAA,CAAA;AAAA,QACzD,gCAAA;AAAA,QACA,EAAE,UAAA,EAAY,QAAA,CAAS,MAAA;AAAO,OAChC;AAAA,IACF;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAK9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,uBAAA,GAA+D;AACnE,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,aAAA,CAAc,MAAA,EAAO;AAC/C,IAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,iBAAA,CAAA,EAAqB;AAAA,MACjE,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,CAAA,OAAA,EAAU,MAAA,CAAO,YAAY,CAAA;AAAA;AAC9C,KACD,CAAA;AAED,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,CAAA,0CAAA,EAA6C,SAAS,MAAM,CAAA,CAAA;AAAA,QAC5D,qCAAA;AAAA,QACA,EAAE,UAAA,EAAY,QAAA,CAAS,MAAA;AAAO,OAChC;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AAGrC,IAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,OAAA,EAAS,KAAK,CAAA,GAAI,OAAA,CAAQ,QAAQ,EAAC;AAE/D,IAAA,OAAO,KAAA,CACJ,GAAA,CAAI,CAAC,IAAA,KAA0C;AAC9C,MAAA,MAAM,KAAK,OAAO,IAAA,CAAK,EAAA,KAAO,QAAA,GAAW,KAAK,EAAA,GAAK,EAAA;AACnD,MAAA,MAAM,OAAO,OAAO,IAAA,CAAK,IAAA,KAAS,QAAA,GAAW,KAAK,IAAA,GAAO,EAAA;AACzD,MAAA,MAAM,MAAM,OAAO,IAAA,CAAK,GAAA,KAAQ,QAAA,GAAW,KAAK,GAAA,GAAM,EAAA;AACtD,MAAA,IAAI,CAAC,EAAA,IAAM,CAAC,GAAA,EAAK,OAAO,IAAA;AAExB,MAAA,MAAM,QAAA,GACJ,IAAA,CAAK,QAAA,KAAa,0BAAA,GACd,0BAAA,GACA,oBAAA;AACN,MAAA,MAAM,iBAAiB,IAAA,CAAK,WAAA;AAC5B,MAAA,IAAI,OAAO,mBAAmB,QAAA,EAAU;AACtC,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,8DAAA;AAAA,UACA,+CAAA;AAAA,UACA,EAAE,IAAA,EAAM,EAAE,eAAe,EAAA,EAAI,WAAA,EAAa,gBAAe;AAAE,SAC7D;AAAA,MACF;AAEA,MAAA,MAAM,WAAA,GACJ,mBAAmB,aAAA,IACnB,cAAA,KAAmB,WACnB,cAAA,KAAmB,YAAA,IACnB,cAAA,KAAmB,MAAA,GACf,cAAA,GACA,IAAA;AAEN,MAAA,IAAI,CAAC,WAAA,EAAa;AAChB,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,4CAA4C,cAAc,CAAA,EAAA,CAAA;AAAA,UAC1D,+CAAA;AAAA,UACA,EAAE,IAAA,EAAM,EAAE,eAAe,EAAA,EAAI,WAAA,EAAa,gBAAe;AAAE,SAC7D;AAAA,MACF;AAEA,MAAA,MAAM,aAAA,GACJ,KAAK,UAAA,IAAc,OAAO,KAAK,UAAA,KAAe,QAAA,GACzC,KAAK,UAAA,GACN,MAAA;AACN,MAAA,MAAM,YACJ,aAAA,IAAiB,OAAO,cAAc,SAAA,KAAc,SAAA,GAChD,cAAc,SAAA,GACd,KAAA;AACN,MAAA,MAAM,MAAA,GACJ,aAAA,EAAe,MAAA,KAAW,WAAA,GAAc,WAAA,GAAc,cAAA;AAExD,MAAA,OAAO;AAAA,QACL,EAAA;AAAA,QACA,IAAA;AAAA,QACA,GAAA;AAAA,QACA,QAAA;AAAA,QACA,WAAA;AAAA,QACA,QAAA,EACE,IAAA,CAAK,QAAA,KAAa,OAAA,IAClB,KAAK,QAAA,KAAa,YAAA,IAClB,IAAA,CAAK,QAAA,KAAa,cAAA,IAClB,IAAA,CAAK,QAAA,KAAa,MAAA,GACd,KAAK,QAAA,GACL,MAAA;AAAA,QACN,YACE,OAAO,IAAA,CAAK,UAAA,KAAe,QAAA,GAAW,KAAK,UAAA,GAAa,MAAA;AAAA,QAC1D,cACE,OAAO,IAAA,CAAK,YAAA,KAAiB,QAAA,GACzB,KAAK,YAAA,GACL,MAAA;AAAA,QACN,kBACE,OAAO,IAAA,CAAK,gBAAA,KAAqB,QAAA,GAC7B,KAAK,gBAAA,GACL,MAAA;AAAA,QACN,kBAAkB,IAAA,CAAK,gBAAA;AAAA,QACvB,eACE,OAAO,IAAA,CAAK,aAAA,KAAkB,SAAA,GAC1B,KAAK,aAAA,GACL,MAAA;AAAA,QACN,YAAY,aAAA,GACR;AAAA,UACE,SAAA;AAAA,UACA,MAAA;AAAA,UACA,WACE,OAAO,aAAA,CAAc,SAAA,KAAc,QAAA,GAC/B,cAAc,SAAA,GACd,MAAA;AAAA,UACN,aACE,OAAO,aAAA,CAAc,WAAA,KAAgB,QAAA,GACjC,cAAc,WAAA,GACd;AAAA,SACR,GACA;AAAA,OACN;AAAA,IACF,CAAC,CAAA,CACA,MAAA,CAAO,CAAC,IAAA,KAA2C,SAAS,IAAI,CAAA;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,eAAe,WAAA,EAA0C;AAC7D,IAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAO,OAAO,gBAAA,EAAiB,GAC3C,mBAAmB,WAAW,CAAA;AAEhC,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,IAAA,CAAK,gBAAA,IAAmB;AACxB,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AACxB,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR,gBAAA,IAAoB,gBAAgB,KAAK,CAAA;AAAA,OAC3C;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,aAAA,CAAc,cAAc,KAAK,CAAA;AACjE,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,IAAA,CAAK,gBAAA,IAAmB;AACxB,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AACxB,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,iGAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,IAAA,CAAK,gBAAA,IAAmB;AACxB,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AACxB,MAAA,MAAM,IAAI,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI;AAEF,MAAA,IAAI,CAAC,KAAK,SAAA,EAAW;AACnB,QAAA,IAAA,CAAK,YAAY,IAAI,6BAAA;AAAA,UACnB,IAAI,GAAA,CAAI,IAAA,CAAK,cAAc,CAAA;AAAA,UAC3B;AAAA,YACE,cAAc,IAAA,CAAK;AAAA;AACrB,SACF;AAAA,MACF;AAGA,MAAA,MAAM,IAAA,CAAK,SAAA,CAAU,UAAA,CAAW,IAAI,CAAA;AAKpC,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,aAAA,CAAc,MAAA,EAAO;AAC/C,MAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,QAAA,MAAM,IAAI,2BAA2B,yBAAyB,CAAA;AAAA,MAChE;AAEA,MAAA,MAAM,IAAA,CAAK,aAAA,CAAc,UAAA,CAAW,MAAM,CAAA;AAAA,IAC5C,CAAA,SAAE;AAEA,MAAA,IAAA,CAAK,gBAAA,IAAmB;AACxB,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AAAA,IAC1B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,GAA4B;AAChC,IAAA,IAAI;AACF,MAAA,IAAI,KAAK,SAAA,EAAW;AAClB,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,CAAK,UAAU,gBAAA,EAAiB;AAAA,QACxC,CAAA,CAAA,MAAQ;AAAA,QAER;AACA,QAAA,MAAM,IAAA,CAAK,UAAU,KAAA,EAAM;AAAA,MAC7B;AAAA,IACF,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,SAAA,GAAY,IAAA;AACjB,MAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,MAAA,IAAA,CAAK,YAAA,GAAe,KAAA;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAA,GAA2B;AAC/B,IAAA,MAAM,IAAA,CAAK,cAAc,QAAA,EAAS;AAClC,IAAA,MAAM,KAAK,UAAA,EAAW;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,WAAW,GAAA,EAA4B;AACrC,IAAA,MAAM,SAAS,OAAO,GAAA,KAAQ,WAAW,IAAI,GAAA,CAAI,GAAG,CAAA,GAAI,GAAA;AACxD,IAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,WAAW,CAAA;AACnD,IAAA,OACE,MAAA,CAAO,QAAA,KAAa,WAAA,CAAY,QAAA,KAC/B,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA,IAAK,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA,CAAA;AAAA,EAEvE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,eAAA,GAAiC;AAC7C,IAAA,IAAI,IAAA,CAAK,YAAA,IAAgB,IAAA,CAAK,MAAA,EAAQ;AACpC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,MAAM,IAAA,CAAK,eAAA;AACX,MAAA;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,eAAA,GAAkB,KAAK,SAAA,EAAU;AACtC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,eAAA;AAAA,IACb,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AAAA,IACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,SAAA,CAAU,cAAA,GAAiB,CAAA,EAAkB;AAKzD,IAAA,IAAI,CAAC,KAAK,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAI,6BAAA;AAAA,QACnB,IAAI,GAAA,CAAI,IAAA,CAAK,cAAc,CAAA;AAAA,QAC3B;AAAA,UACE,cAAc,IAAA,CAAK;AAAA;AACrB,OACF;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAwD;AAAA,MAC5D,OAAO;AAAC,KACV;AACA,IAAA,IAAI,IAAA,CAAK,OAAO,gBAAA,EAAkB;AAChC,MAAA,YAAA,CAAa,WAAA,GAAc,EAAE,GAAA,EAAK,EAAC,EAAE;AAAA,IACvC;AAEA,IAAA,MAAM,UAAA,GAAa;AAAA,MACjB,IAAA,EAAM,IAAA,CAAK,MAAA,CAAO,UAAA,IAAc,aAAA;AAAA,MAChC,OAAA,EAAS,IAAA,CAAK,MAAA,CAAO,aAAA,IAAiB,OAAA;AAAA,MACtC,WAAW,IAAA,CAAK;AAAA,KAClB;AAEA,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,MAAA,CAAO,UAAA,EAAyC;AAAA,MAChE;AAAA,KACD,CAAA;AAGD,IAAA,IAAI,IAAA,CAAK,OAAO,gBAAA,EAAkB;AAChC,MAAA,MAAM,gBAAA,GAAmB,KAAK,MAAA,CAAO,gBAAA;AAGrC,MAAA,IAAA,CAAK,MAAA,CAAO,iBAAA,CAAkB,mBAAA,EAAqB,OAAO,OAAA,KAAY;AACpE,QAAA,MAAM,SAAS,OAAA,CAAQ,MAAA;AACvB,QAAA,IAAI,MAAA,CAAO,IAAA,KAAS,KAAA,IAAS,KAAA,IAAS,MAAA,EAAQ;AAC5C,UAAA,MAAM,gBAAA,CAAiB;AAAA,YACrB,KAAK,MAAA,CAAO,GAAA;AAAA,YACZ,OAAA,EAAS,OAAO,OAAA,IAAW,iBAAA;AAAA,YAC3B,aAAA,EAAe,OAAO,aAAA,IAAiB,EAAA;AAAA,YACvC,eAAgB,MAAA,CAAmC,aAAA;AAAA,YAGnD,iBAAkB,MAAA,CACf;AAAA,WACJ,CAAA;AAAA,QACH;AACA,QAAA,OAAO,EAAE,QAAQ,QAAA,EAAkB;AAAA,MACrC,CAAC,CAAA;AAGD,MAAA,IAAA,CAAK,MAAA,CAAO,sBAAA;AAAA,QACV,qCAAA;AAAA,QACA,MAAM;AAAA,QAGN;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA;AACxC,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AAAA,IACtB,SAAS,KAAA,EAAO;AAEd,MAAA,IAAI,KAAA,YAAiB,KAAA,IAAS,mBAAA,CAAoB,KAAK,CAAA,EAAG;AACxD,QAAA,IAAI,KAAK,gBAAA,EAAkB;AAEzB,UAAA,MAAM,IAAA,CAAK,gBAAA;AACX,UAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AAIxB,UAAA,IAAA,CAAK,SAAA,GAAY,IAAA;AACjB,UAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AAEd,UAAA,IAAI,kBAAkB,CAAA,EAAG;AACvB,YAAA,MAAM,IAAI,0BAAA;AAAA,cACR,sIAAA;AAAA,cACA,EAAE,OAAO,KAAA;AAAM,aACjB;AAAA,UACF;AAGA,UAAA,OAAO,IAAA,CAAK,SAAA,CAAU,cAAA,GAAiB,CAAC,CAAA;AAAA,QAC1C;AAGA,QAAA,IAAA,CAAK,SAAA,GAAY,IAAA;AACjB,QAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,QAAA,MAAM,IAAI,0BAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAGA,MAAA,IAAA,CAAK,SAAA,GAAY,IAAA;AACjB,MAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,MAAA,IAAI,KAAA,YAAiB,cAAc,MAAM,KAAA;AACzC,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,CAAA,mCAAA,EAAsC,IAAA,CAAK,cAAc,CAAA,EAAA,EAAK,KAAA,YAAiB,QAAQ,KAAA,CAAM,OAAA,GAAU,MAAA,CAAO,KAAK,CAAC,CAAA,CAAA;AAAA,QACpH,+BAAA;AAAA,QACA,EAAE,OAAO,KAAA;AAAM,OACjB;AAAA,IACF;AAAA,EACF;AACF,CAAA;;;ACljBO,SAAS,sBAAA,CACd,KAAA,EACA,MAAA,EACA,YAAA,EAKqB;AACrB,EAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,EAAA,MAAM,SAA8B,EAAC;AAErC,EAAA,KAAA,MAAW,KAAK,KAAA,EAAO;AACrB,IAAA,MAAM,GAAA,GAAM,EAAE,MAAA,EAAQ,EAAA;AACtB,IAAA,IAAI,GAAA,IAAO,CAAC,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA,EAAG;AACzB,MAAA,IAAA,CAAK,IAAI,GAAG,CAAA;AACZ,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,EAAA,EAAI,GAAA;AAAA,QACJ,IAAA,EAAM,CAAA,CAAE,MAAA,EAAQ,IAAA,IAAQ,GAAA;AAAA,QACxB,SAAA,EAAW;AAAA,OACZ,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,KAAK,MAAA,EAAQ;AACtB,IAAA,IAAI,CAAC,IAAA,CAAK,GAAA,CAAI,CAAA,CAAE,QAAQ,CAAA,EAAG;AACzB,MAAA,IAAA,CAAK,GAAA,CAAI,EAAE,QAAQ,CAAA;AACnB,MAAA,MAAM,cAAc,YAAA,EAAc,IAAA;AAAA,QAChC,CAAC,EAAA,KAAO,EAAA,CAAG,aAAA,KAAkB,CAAA,CAAE;AAAA,OACjC;AACA,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAI,CAAA,CAAE,QAAA;AAAA,QACN,IAAA,EAAM,CAAA,CAAE,UAAA,IAAc,CAAA,CAAE,QAAA;AAAA,QACxB,SAAA,EAAW,KAAA;AAAA,QACX,YAAY,WAAA,EAAa;AAAA,OAC1B,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;;;AChNO,SAAS,gBAAA,GAA8B;AAC5C,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,kBAAkB,aAAA,EAA+B;AAC/D,EAAA,OAAO,YAAY,aAAa,CAAA,CAAA;AAClC;AAEO,SAAS,sBACd,WAAA,EACS;AACT,EAAA,OAAO,YAAY,QAAA,KAAa,0BAAA;AAClC;AAEO,SAAS,yBACd,YAAA,EAC4B;AAC5B,EAAA,OAAO,YAAA,CACJ,MAAA,CAAO,qBAAqB,CAAA,CAC5B,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,EAAA,CAAG,aAAA,CAAc,CAAA,CAAE,EAAE,CAAC,CAAA;AAC5C;AAEO,SAAS,qBAAqB,MAAA,EAAuC;AAC1E,EAAA,OAAO;AAAA,IACL,WAAW,gBAAA,EAAiB;AAAA,IAC5B,MAAA,EAAQ,SAAA;AAAA,IACR;AAAA,GACF;AACF;AAEO,SAAS,sBAAsB,KAAA,EAGnB;AACjB,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,iBAAA,CAAkB,KAAA,CAAM,WAAA,CAAY,EAAE,CAAA;AAAA,IACjD,MAAA,EAAQ,UAAA;AAAA,IACR,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,aAAA,EAAe,MAAM,WAAA,CAAY,EAAA;AAAA,IACjC,eAAA,EAAiB,MAAM,WAAA,CAAY;AAAA,GACrC;AACF;;;ACzBO,SAAS,2BAAA,GAAsD;AACpE,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,CAAA;AAAA,IACT,OAAO,EAAC;AAAA,IACR,MAAA,sBAAY,GAAA,EAAI;AAAA,IAChB,WAAW;AAAC,GACd;AACF;AAEO,SAAS,mBAAA,CACd,OAAA,EACA,UAAA,EACA,OAAA,EAMwB;AACxB,EAAA,MAAM,QAAuB,EAAC;AAC9B,EAAA,MAAM,MAAA,uBAAa,GAAA,EAA6B;AAChD,EAAA,MAAM,YAAmC,EAAC;AAE1C,EAAA,KAAA,MAAW,aAAa,UAAA,EAAY;AAClC,IAAA,MAAM,MAAA,GAAS,UAAU,KAAA,CAAM,MAAA;AAC/B,IAAA,IAAI,CAAC,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA,EAAG;AACvB,MAAA,MAAA,CAAO,GAAA,CAAI,MAAA,EAAQ,SAAA,CAAU,KAAK,CAAA;AAClC,MAAA,KAAA,CAAM,IAAA,CAAK,UAAU,IAAI,CAAA;AACzB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA;AAClC,IAAA,MAAM,WACJ,OAAA,EAAS,UAAA,GAAa,QAAA,EAAU,SAAA,CAAU,KAAK,CAAA,IAAK,eAAA;AAEtD,IAAA,IAAI,IAAA,GAAO,QAAA;AACX,IAAA,IAAI,UAAU,SAAA,CAAU,KAAA;AACxB,IAAA,IAAI,aAAa,kBAAA,EAAoB;AACnC,MAAA,MAAM,cAAc,KAAA,CAAM,SAAA,CAAU,CAAC,IAAA,KAAS,IAAA,CAAK,OAAO,MAAM,CAAA;AAChE,MAAA,IAAI,eAAe,CAAA,EAAG;AACpB,QAAA,KAAA,CAAM,MAAA,CAAO,WAAA,EAAa,CAAA,EAAG,SAAA,CAAU,IAAI,CAAA;AAAA,MAC7C,CAAA,MAAO;AACL,QAAA,KAAA,CAAM,IAAA,CAAK,UAAU,IAAI,CAAA;AAAA,MAC3B;AACA,MAAA,MAAA,CAAO,GAAA,CAAI,MAAA,EAAQ,SAAA,CAAU,KAAK,CAAA;AAClC,MAAA,IAAA,GAAO,SAAA,CAAU,KAAA;AACjB,MAAA,OAAA,GAAU,QAAA;AAAA,IACZ;AAEA,IAAA,SAAA,CAAU,IAAA,CAAK;AAAA,MACb,MAAA;AAAA,MACA,IAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,KAAA;AAAA,IACA,MAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACnFO,IAAM,sBAAN,MAA0B;AAAA,EACvB,cAAA,GAAiB,CAAA;AAAA,EACjB,eAAA,GAAkB,CAAA;AAAA,EAClB,eAAA,GAAkB,CAAA;AAAA,EAClB,uBAAA,GAA0B,CAAA;AAAA,EAC1B,gBAAwC,2BAAA,EAA4B;AAAA,EACpE,aAAA,uBAAoB,GAAA,EAA6C;AAAA,EAEzE,IAAI,OAAA,GAAkB;AACpB,IAAA,OAAO,KAAK,aAAA,CAAc,OAAA;AAAA,EAC5B;AAAA,EAEA,IAAI,QAAA,GAAmC;AACrC,IAAA,OAAO,IAAA,CAAK,aAAA;AAAA,EACd;AAAA,EAEA,SAAS,MAAA,EAA6C;AACpD,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,KAAA,CACJ,eAAA,EACA,OAAA,EAOiC;AACjC,IAAA,MAAM,GAAA,GAAM,SAAS,GAAA,IAAO,aAAA;AAC5B,IAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,GAAG,CAAA;AAChD,IAAA,IAAI,aAAA,EAAe;AACjB,MAAA,OAAO,MAAM,aAAA;AAAA,IACf;AAEA,IAAA,MAAM,kBAAkB,IAAA,CAAK,eAAA;AAC7B,IAAA,MAAM,QAAA,GAAW,EAAE,IAAA,CAAK,eAAA;AACxB,IAAA,MAAM,kBAAkB,YAAY;AAClC,MAAA,MAAM,UAAA,GAAa,MAAM,eAAA,EAAgB;AACzC,MAAA,IAAI,IAAA,CAAK,oBAAoB,eAAA,EAAiB;AAC5C,QAAA,OAAO,IAAA,CAAK,aAAA;AAAA,MACd;AACA,MAAA,IAAI,QAAA,IAAY,KAAK,uBAAA,EAAyB;AAC5C,QAAA,IAAA,CAAK,uBAAA,GAA0B,QAAA;AAC/B,QAAA,IAAA,CAAK,cAAA,IAAkB,CAAA;AACvB,QAAA,MAAM,QAAA,GAAW,mBAAA,CAAoB,IAAA,CAAK,cAAA,EAAgB,UAAA,EAAY;AAAA,UACpE,YAAY,OAAA,EAAS;AAAA,SACtB,CAAA;AACD,QAAA,IAAA,CAAK,aAAA,GAAgB,QAAA;AACrB,QAAA,OAAO,QAAA;AAAA,MACT;AAEA,MAAA,OAAO,mBAAA,CAAoB,IAAA,CAAK,aAAA,CAAc,OAAA,EAAS,UAAA,EAAY;AAAA,QACjE,YAAY,OAAA,EAAS;AAAA,OACtB,CAAA;AAAA,IACH,CAAA,GAAG;AACH,IAAA,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,GAAA,EAAK,cAAc,CAAA;AAE1C,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,cAAA;AAAA,IACf,CAAA,SAAE;AACA,MAAA,IAAI,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,GAAG,MAAM,cAAA,EAAgB;AAClD,QAAA,IAAA,CAAK,aAAA,CAAc,OAAO,GAAG,CAAA;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,eAAA,IAAmB,CAAA;AACxB,IAAA,IAAA,CAAK,cAAA,GAAiB,CAAA;AACtB,IAAA,IAAA,CAAK,0BAA0B,IAAA,CAAK,eAAA;AACpC,IAAA,IAAA,CAAK,gBAAgB,2BAAA,EAA4B;AACjD,IAAA,IAAA,CAAK,cAAc,KAAA,EAAM;AAAA,EAC3B;AACF,CAAA;;;ACxEO,IAAM,oBAAA,GAAsC;AAAA,EACjD,eAAA,GAAkB;AAChB,IAAA,OAAO,eAAA;AAAA,EACT;AACF,CAAA;AAEO,SAAS,qBAAqB,KAAA,EAIpB;AACf,EAAA,OAAO,IAAI,YAAA;AAAA,IACT,CAAA,yBAAA,EAA4B,KAAA,CAAM,MAAM,CAAA,oBAAA,EAAuB,KAAA,CAAM,KAAK,SAAS,CAAA,gBAAA,EAAmB,KAAA,CAAM,OAAA,CAAQ,SAAS,CAAA,EAAA,CAAA;AAAA,IAC7H,6BAAA;AAAA,IACA;AAAA,MACE,IAAA,EAAM;AAAA,QACJ,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,aAAA,EAAe,MAAM,IAAA,CAAK,SAAA;AAAA,QAC1B,UAAA,EAAY,MAAM,IAAA,CAAK,MAAA;AAAA,QACvB,iBAAA,EAAmB,MAAM,IAAA,CAAK,aAAA;AAAA,QAC9B,gBAAA,EAAkB,MAAM,OAAA,CAAQ,SAAA;AAAA,QAChC,aAAA,EAAe,MAAM,OAAA,CAAQ,MAAA;AAAA,QAC7B,oBAAA,EAAsB,MAAM,OAAA,CAAQ;AAAA;AACtC;AACF,GACF;AACF;;;ACjBO,SAAS,kCAAkC,KAAA,EAGlB;AAC9B,EAAA,IAAI,KAAA,GAAkC,MAAM,YAAA,IAAgB,MAAA;AAE5D,EAAA,MAAM,SAAA,uBAAgB,GAAA,EAAsD;AAE5E,EAAA,SAAS,SAAS,IAAA,EAAsC;AACtD,IAAA,IAAI,UAAU,IAAA,EAAM;AACpB,IAAA,KAAA,GAAQ,IAAA;AAER,IAAA,IAAI;AACF,MAAA,KAAA,CAAM,gBAAgB,IAAI,CAAA;AAAA,IAC5B,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,QAAA,GAAW,SAAA,CAAU,GAAA,CAAI,aAAa,CAAA;AAC5C,IAAA,IAAI,CAAC,QAAA,EAAU;AACf,IAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,MAAA,IAAI;AACF,QAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,MACd,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,UAAU,KAAA,EAA2B;AAC5C,IAAA,MAAM,QAAA,GAAW,SAAA,CAAU,GAAA,CAAI,OAAO,CAAA;AACtC,IAAA,IAAI,CAAC,QAAA,EAAU;AACf,IAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,MAAA,IAAI;AACF,QAAA,OAAA,CAAQ,KAAK,CAAA;AAAA,MACf,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,EAAA,CACP,OAEA,OAAA,EACY;AACZ,IAAA,IAAI,CAAC,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,EAAG;AACzB,MAAA,SAAA,CAAU,GAAA,CAAI,KAAA,kBAAO,IAAI,GAAA,EAAK,CAAA;AAAA,IAChC;AACA,IAAA,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,CAAG,GAAA,CAAI,OAAO,CAAA;AACjC,IAAA,OAAO,MAAM;AACX,MAAA,SAAA,CAAU,GAAA,CAAI,KAAK,CAAA,EAAG,MAAA,CAAO,OAAO,CAAA;AAAA,IACtC,CAAA;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAI,KAAA,GAAQ;AACV,MAAA,OAAO,KAAA;AAAA,IACT,CAAA;AAAA,IACA,QAAA;AAAA,IACA,SAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACvEA,SAAS,mBAAA,CACP,MAAA,EACA,MAAA,GAAS,GAAA,EACA;AACT,EAAA,IAAI,CAAC,MAAA,EAAQ,YAAA,EAAc,OAAO,KAAA;AAClC,EAAA,MAAM,SAAA,GACJ,OAAO,MAAA,CAAO,UAAA,KAAe,WACzB,MAAA,CAAO,UAAA,GACP,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA;AAC9B,EAAA,MAAM,QAAA,GACJ,OAAO,MAAA,CAAO,SAAA,KAAc,WACxB,MAAA,CAAO,SAAA,GACP,MAAA,CAAO,MAAA,CAAO,SAAS,CAAA;AAE7B,EAAA,IAAI,CAAC,OAAO,QAAA,CAAS,SAAS,KAAK,CAAC,MAAA,CAAO,QAAA,CAAS,QAAQ,CAAA,EAAG;AAC7D,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAA,GAAY,WAAW,SAAA,GAAY,GAAA;AACzC,EAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,MAAA,GAAS,SAAA;AAC/B;AAUO,SAAS,mBAAmB,KAAA,EAMlB;AACf,EAAA,MAAM,4BAAA,uBAAmC,GAAA,EAA2B;AAEpE,EAAA,SAAS,gBAAgB,UAAA,EAA4B;AACnD,IAAA,OAAO,gBAAA,CAAiB,KAAA,CAAM,QAAA,EAAU,UAAA,EAAY,YAAY,MAAM,CAAA;AAAA,EACxE;AAEA,EAAA,eAAe,iBAAA,GAEZ;AACD,IAAA,MAAM,cAAA,GAAiB,MAAM,KAAA,CAAM,OAAA,CAAQ,OAAA;AAAA,MAGzC,gBAAA;AAAA,QACE,KAAA,CAAM,QAAA;AAAA,QACN,KAAA,CAAM,iBAAA;AAAA,QACN,WAAA,CAAY;AAAA;AACd,KACF;AACA,IAAA,MAAM,aAAA,GAAgB,MAAM,KAAA,CAAM,OAAA,CAAQ,QAEvC,eAAA,CAAgB,KAAA,CAAM,iBAAiB,CAAC,CAAA;AAE3C,IAAA,OAAO;AAAA,MACL,YAAA,EACE,cAAA,EAAgB,YAAA,IAAgB,aAAA,EAAe,YAAA,IAAgB;AAAA,KACnE;AAAA,EACF;AAEA,EAAA,eAAe,2BAAA,CACb,aACA,OAAA,EACe;AACf,IAAA,MAAM,qBAAqB,CAAA,EAAG,KAAA,CAAM,cAAc,CAAA,UAAA,EAAa,YAAY,EAAE,CAAA,CAAA;AAC7E,IAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,MAAA,MAAM,aAAA,GAAgB,MAAM,KAAA,CAAM,OAAA,CAAQ,OAAA;AAAA,QACxC,gBAAgB,kBAAkB;AAAA,OACpC;AACA,MAAA,IAAI,mBAAA,CAAoB,aAAa,CAAA,EAAG;AACtC,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAU,4BAAA,CAA6B,GAAA,CAAI,WAAA,CAAY,EAAE,CAAA;AAC/D,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,OAAO,MAAM,OAAA;AAAA,IACf;AAEA,IAAA,MAAM,mBAAmB,YAAY;AACnC,MAAA,MAAM,EAAE,YAAA,EAAc,mBAAA,EAAoB,GAAI,MAAM,iBAAA,EAAkB;AACtE,MAAA,IAAI,CAAC,mBAAA,EAAqB;AACxB,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,QAC/B,UAAA,EAAY,iDAAA;AAAA,QACZ,kBAAA,EAAoB,+CAAA;AAAA,QACpB,aAAA,EAAe,mBAAA;AAAA,QACf,UAAU,WAAA,CAAY,GAAA;AAAA,QACtB,WAAW,KAAA,CAAM;AAAA,OAClB,CAAA;AAED,MAAA,MAAM,WAAW,MAAM,KAAA,CAAM,CAAA,EAAG,KAAA,CAAM,SAAS,CAAA,aAAA,CAAA,EAAiB;AAAA,QAC9D,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,IAAA,EAAM,KAAK,QAAA;AAAS,OACrB,CAAA;AAED,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,QAAA,MAAM,IAAI,0BAAA;AAAA,UACR;AAAA,SACF;AAAA,MACF;AAEA,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,CAAA,wDAAA,EAA2D,WAAA,CAAY,EAAE,CAAA,QAAA,EAAW,SAAS,MAAM,CAAA,CAAA;AAAA,UACnG,+BAAA;AAAA,UACA;AAAA,YACE,YAAY,QAAA,CAAS,MAAA;AAAA,YACrB,IAAA,EAAM;AAAA,cACJ,eAAe,WAAA,CAAY,EAAA;AAAA,cAC3B,UAAU,WAAA,CAAY;AAAA;AACxB;AACF,SACF;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AAQvC,MAAA,IAAI,CAAC,SAAA,CAAU,YAAA,IAAgB,CAAC,UAAU,UAAA,EAAY;AACpD,QAAA,MAAM,IAAI,YAAA;AAAA,UACR,CAAA,4DAAA,EAA+D,YAAY,EAAE,CAAA,EAAA,CAAA;AAAA,UAC7E,+BAAA;AAAA,UACA;AAAA,YACE,IAAA,EAAM;AAAA,cACJ,eAAe,WAAA,CAAY,EAAA;AAAA,cAC3B,UAAU,WAAA,CAAY;AAAA;AACxB;AACF,SACF;AAAA,MACF;AAEA,MAAA,MAAM,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,eAAA,CAAgB,kBAAkB,CAAA,EAAG;AAAA,QAC/D,GAAG,SAAA;AAAA,QACH,SAAA,EAAW,KAAK,GAAA;AAAI,OACrB,CAAA;AAAA,IACH,CAAA,GAAG;AAEH,IAAA,4BAAA,CAA6B,GAAA,CAAI,WAAA,CAAY,EAAA,EAAI,eAAe,CAAA;AAChE,IAAA,IAAI;AACF,MAAA,MAAM,eAAA;AAAA,IACR,CAAA,SAAE;AACA,MAAA,4BAAA,CAA6B,MAAA,CAAO,YAAY,EAAE,CAAA;AAAA,IACpD;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,eAAA;AAAA,IACA;AAAA,GACF;AACF;;;AChJO,SAAS,6BAA6B,KAAA,EAKlB;AACzB,EAAA,MAAM,eAAA,uBAAsB,GAAA,EAAiC;AAE7D,EAAA,eAAe,OAAO,aAAA,EAAsC;AAC1D,IAAA,MAAM,QAAA,GAAW,eAAA,CAAgB,GAAA,CAAI,aAAa,CAAA;AAClD,IAAA,IAAI,CAAC,QAAA,EAAU;AAEf,IAAA,QAAA,CAAS,gBAAA,EAAiB;AAC1B,IAAA,QAAA,CAAS,gBAAA,EAAiB;AAC1B,IAAA,eAAA,CAAgB,OAAO,aAAa,CAAA;AACpC,IAAA,KAAA,CAAM,QAAA,CAAS,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,CAAS,OAAO,UAAA,EAAW;AAAA,IACnC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,eAAe,KAAK,UAAA,EAAuD;AACzE,IAAA,MAAM,cAAA,GAAiB,yBAAyB,UAAU,CAAA;AAC1D,IAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,cAAA,CAAe,GAAA,CAAI,CAAC,IAAA,KAAS,CAAC,IAAA,CAAK,EAAA,EAAI,IAAI,CAAC,CAAC,CAAA;AAEzE,IAAA,KAAA,MAAW,CAAC,aAAA,EAAe,QAAQ,CAAA,IAAK,eAAA,EAAiB;AACvD,MAAA,MAAM,IAAA,GAAO,WAAA,CAAY,GAAA,CAAI,aAAa,CAAA;AAC1C,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,MAAM,OAAO,aAAa,CAAA;AAC1B,QAAA;AAAA,MACF;AAEA,MAAA,IAAI,QAAA,CAAS,WAAA,CAAY,GAAA,KAAQ,IAAA,CAAK,GAAA,EAAK;AACzC,QAAA,MAAM,OAAO,aAAa,CAAA;AAAA,MAC5B;AAAA,IACF;AAEA,IAAA,KAAA,MAAW,eAAe,cAAA,EAAgB;AACxC,MAAA,MAAM,QAAA,GAAW,eAAA,CAAgB,GAAA,CAAI,WAAA,CAAY,EAAE,CAAA;AACnD,MAAA,IAAI,QAAA,EAAU;AACZ,QAAA,QAAA,CAAS,WAAA,GAAc,WAAA;AAEvB,QAAA,MAAM,OAAA,GAAU,KAAA,CAAM,QAAA,CAAS,GAAA,CAAI,SAAS,SAAS,CAAA;AACrD,QAAA,IAAI,OAAA,EAAS;AACX,UAAA,OAAA,CAAQ,kBAAkB,WAAA,CAAY,IAAA;AAAA,QACxC;AACA,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,OAAA,GAAU,KAAA,CAAM,YAAA,CAAa,WAAW,CAAA;AAC9C,MAAA,KAAA,CAAM,SAAS,GAAA,CAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,EAAW,QAAQ,OAAO,CAAA;AAC7D,MAAA,eAAA,CAAgB,GAAA,CAAI,YAAY,EAAA,EAAI;AAAA,QAClC,WAAA;AAAA,QACA,SAAA,EAAW,QAAQ,OAAA,CAAQ,SAAA;AAAA,QAC3B,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,kBAAkB,OAAA,CAAQ,gBAAA;AAAA,QAC1B,kBAAkB,OAAA,CAAQ;AAAA,OAC3B,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,SAAS,gBAAgB,oBAAA,EAA6C;AACpE,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,KAAA,MAAW,aAAA,IAAiB,eAAA,CAAgB,IAAA,EAAK,EAAG;AAClD,MAAA,IAAI,CAAC,oBAAA,CAAqB,GAAA,CAAI,aAAa,CAAA,EAAG;AAC5C,QAAA,OAAA,CAAQ,KAAK,aAAa,CAAA;AAAA,MAC5B;AAAA,IACF;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,eAAe,QAAQ,IAAA,EAA+C;AACpE,IAAA,MAAM,OAAA,GAAU,CAAC,GAAG,eAAA,CAAgB,QAAQ,CAAA;AAC5C,IAAA,eAAA,CAAgB,KAAA,EAAM;AAEtB,IAAA,KAAA,MAAW,WAAW,CAAC,GAAG,MAAM,QAAA,CAAS,MAAA,EAAQ,CAAA,EAAG;AAClD,MAAA,IAAI,OAAA,CAAQ,WAAW,UAAA,EAAY;AACjC,QAAA,KAAA,CAAM,QAAA,CAAS,MAAA,CAAO,OAAA,CAAQ,SAAS,CAAA;AAAA,MACzC;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,CAAQ,GAAA;AAAA,MACZ,OAAA,CAAQ,GAAA,CAAI,OAAO,KAAA,KAAU;AAC3B,QAAA,KAAA,CAAM,gBAAA,EAAiB;AACvB,QAAA,KAAA,CAAM,gBAAA,EAAiB;AACvB,QAAA,IAAI;AACF,UAAA,IAAI,SAAS,SAAA,EAAW;AACtB,YAAA,MAAM,KAAA,CAAM,MAAA,CAAO,IAAA,CAAK,OAAA,EAAQ;AAAA,UAClC,CAAA,MAAO;AACL,YAAA,MAAM,KAAA,CAAM,OAAO,UAAA,EAAW;AAAA,UAChC;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF,CAAC;AAAA,KACH;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAI,IAAA,GAAO;AACT,MAAA,OAAO,eAAA,CAAgB,IAAA;AAAA,IACzB,CAAA;AAAA,IACA,OAAA,GAAU;AACR,MAAA,OAAO,gBAAgB,OAAA,EAAQ;AAAA,IACjC,CAAA;AAAA,IACA,MAAA,GAAS;AACP,MAAA,OAAO,gBAAgB,MAAA,EAAO;AAAA,IAChC,CAAA;AAAA,IACA,IAAA,GAAO;AACL,MAAA,OAAO,gBAAgB,IAAA,EAAK;AAAA,IAC9B,CAAA;AAAA,IACA,IAAI,aAAA,EAAuB;AACzB,MAAA,OAAO,eAAA,CAAgB,IAAI,aAAa,CAAA;AAAA,IAC1C,CAAA;AAAA,IACA,IAAA;AAAA,IACA,eAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACrCA,SAAS,iBAAiB,GAAA,EAAuB;AAC/C,EAAA,IAAI,GAAA,YAAe,KAAA,IAAS,cAAA,CAAe,GAAG,CAAA,EAAG;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,IAAI,GAAA,CAAI,IAAA,KAAS,uBAAA,EAAyB,OAAO,IAAA;AACjD,IAAA,IAAI,GAAA,CAAI,UAAA,KAAe,GAAA,EAAK,OAAO,IAAA;AACnC,IAAA,IAAI,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,IAAY,GAAA,CAAI,cAAc,GAAA,EAAK;AAC/D,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,KAAQ,IAAA,EAAM;AAC3C,IAAA,MAAM,MAAA,GAAS,GAAA;AACf,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,UAAA,IAAc,MAAA,CAAO,MAAA;AAChD,IAAA,MAAM,MAAA,GAAS,OAAO,WAAA,KAAgB,QAAA,GAAW,WAAA,GAAc,MAAA;AAC/D,IAAA,IAAI,WAAW,GAAA,IAAQ,OAAO,MAAA,KAAW,QAAA,IAAY,UAAU,GAAA,EAAM;AACnE,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,eAAe,kBAAA,CACb,SAAA,EACA,UAAA,GAAa,CAAA,EACD;AACZ,EAAA,MAAM,YAAA,GAAe,GAAA;AACrB,EAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,WAAW,CAAA,EAAG;AACzD,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,SAAA,EAAU;AAAA,IACzB,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,OAAA,IAAW,UAAA,IAAc,CAAC,gBAAA,CAAiB,GAAG,CAAA,EAAG;AACnD,QAAA,MAAM,GAAA;AAAA,MACR;AACA,MAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,YAAY,CAAC,CAAA;AAAA,IAClE;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,MAAM,8CAA8C,CAAA;AAChE;AAEA,SAAS,cAAA,CAAe,KAAc,OAAA,EAAsC;AAC1E,EAAA,MAAM,WAAA,GAAc,OAAA,GAAU,EAAE,GAAG,SAAQ,GAAI,MAAA;AAC/C,EAAA,MAAM,SAAA,GAAY,CAChB,IAAA,KAEA,WAAA,GAAc,EAAE,GAAI,IAAA,IAAQ,EAAC,EAAI,GAAG,WAAA,EAAY,GAAK,QAAQ,EAAC;AAEhE,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,GAAA;AAAA,IACT;AAIA,IAAA,MAAM,SAAS,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,cAAA,CAAe,GAAG,CAAC,CAAA;AACvD,IAAA,MAAA,CAAO,gBAAA,CAAiB,MAAA,EAAQ,MAAA,CAAO,yBAAA,CAA0B,GAAG,CAAC,CAAA;AACrE,IAAA,MAAA,CAAO,cAAA,CAAe,QAAQ,MAAA,EAAQ;AAAA,MACpC,KAAA,EAAO,SAAA,CAAU,GAAA,CAAI,IAAI,CAAA;AAAA,MACzB,UAAA,EAAY,IAAA;AAAA,MACZ,QAAA,EAAU,IAAA;AAAA,MACV,YAAA,EAAc;AAAA,KACf,CAAA;AACD,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,eAAe,KAAA,EAAO;AACxB,IAAA,IAAI,mBAAA,CAAoB,GAAG,CAAA,EAAG;AAC5B,MAAA,OAAO,IAAI,0BAAA,CAA2B,GAAA,CAAI,OAAA,EAAS;AAAA,QACjD,MAAM,SAAA,EAAU;AAAA,QAChB,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AACA,IAAA,OAAO,IAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,uBAAA,EAAyB;AAAA,MAC5D,MAAM,SAAA,EAAU;AAAA,MAChB,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,IAAI,YAAA,CAAa,MAAA,CAAO,GAAG,GAAG,uBAAA,EAAyB;AAAA,IAC5D,MAAM,SAAA;AAAU,GACjB,CAAA;AACH;AAEA,SAAS,wBAAwB,GAAA,EAAuB;AACtD,EAAA,IAAI,GAAA,YAAe,4BAA4B,OAAO,IAAA;AACtD,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,OAAO,IAAI,IAAA,KAAS,gCAAA;AAAA,EACtB;AACA,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,KAAQ,IAAA,EAAM;AAC3C,IAAA,OACG,IAA2B,IAAA,KAAS,gCAAA;AAAA,EAEzC;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,uBAAuB,GAAA,EAAuB;AACrD,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,OAAO,IAAI,IAAA,KAAS,+BAAA;AAAA,EACtB;AACA,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,KAAQ,IAAA,EAAM;AAC3C,IAAA,OAAQ,IAA2B,IAAA,KAAS,+BAAA;AAAA,EAC9C;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,uBAAuB,GAAA,EAAuB;AACrD,EAAA,OAAO,uBAAA,CAAwB,GAAG,CAAA,IAAK,sBAAA,CAAuB,GAAG,CAAA;AACnE;AACO,SAAS,0BACd,MAAA,EACqB;AACrB,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACpB,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,6DAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,6FAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,cAAA,EAAgB;AAC1B,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,mFAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,cAAA,GAAiB,OAAO,UAAA,IAAc,SAAA;AAC5C,EAAA,MAAM,SAAA,GAAY,yBAAA;AAAA,IAChB,OAAO,SAAA,IAAa;AAAA,GACtB;AACA,EAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,OAAA,IAAW,IAAI,aAAA,EAAc;AAC1D,EAAA,MAAM,iBAAA,GAAoB,GAAG,cAAc,CAAA,QAAA,CAAA;AAE3C,EAAA,MAAM,kBAA6C,EAAC;AACpD,EAAA,MAAM,kBAAkB,iCAAA,CAAkC;AAAA,IACxD,YAAA,EAAc,MAAA;AAAA,IACd,eAAe,MAAA,CAAO;AAAA,GACvB,CAAA;AAED,EAAA,MAAM,cAAA,GAAiB,IAAI,mBAAA,EAAoB;AAC/C,EAAA,MAAM,aAAA,GAAgB,oBAAA;AAEtB,EAAA,MAAM,mBAAA,uBAA0B,GAAA,EAAsC;AACtE,EAAA,MAAM,QAAA,uBAAe,GAAA,EAA4B;AACjD,EAAA,MAAM,kBAAA,uBAAyB,GAAA,EAAoB;AACnD,EAAA,MAAM,wBAAA,uBAA+B,GAAA,EAAY;AAEjD,EAAA,MAAM,eAAe,kBAAA,CAAmB;AAAA,IACtC,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,cAAA;AAAA,IACA,iBAAA;AAAA,IACA,SAAA;AAAA,IACA,OAAA,EAAS;AAAA,GACV,CAAA;AAED,EAAA,IAAI,yBAAA,GACF,IAAA;AAEF,EAAA,MAAM,gBAAgB,iCAAA,CAAkC;AAAA,IACtD,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,OAAA,EAAS,aAAA;AAAA,IACT,UAAA,EAAY,iBAAA;AAAA,IACZ,cAAA,EAAgB,OAAO,GAAA,KAAQ;AAC7B,MAAA,eAAA,CAAgB,KAAK,SAAS,CAAA;AAC9B,MAAA,OAAO,MAAM,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AAAA,IACxC,CAAA;AAAA,IACA,uBAAuB,MAAA,CAAO;AAAA,GAC/B,CAAA;AAED,EAAA,MAAM,cAAA,GAAiB,qBAAqB,aAAa,CAAA;AACzD,EAAA,QAAA,CAAS,GAAA,CAAI,gBAAA,EAAiB,EAAG,cAAc,CAAA;AAE/C,EAAgC,aAAA,CAAc,EAAA,CAAG,aAAA,EAAe,CAAC,KAAA,KAAU;AACzE,IAAA,IAAI,UAAU,YAAA,EAAc;AAC1B,MAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,IACvC;AAAA,EACF,CAAC;AACD,EAAgC,aAAA,CAAc,EAAA,CAAG,OAAA,EAAS,CAAC,KAAA,KAAU;AACnE,IAAA,MAAM,UAAA,GAAa,eAAe,KAAA,EAAO;AAAA,MACvC,WAAW,gBAAA,EAAiB;AAAA,MAC5B,MAAA,EAAQ,SAAA;AAAA,MACR,SAAA,EAAW;AAAA,KACZ,CAAA;AACD,IAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AACpC,IAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,MAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,IACvC;AAAA,EACF,CAAC;AAED,EAAA,MAAM,8BAA8B,YAAA,CAAa,2BAAA;AAEjD,EAAA,SAAS,oBAAoB,aAAA,EAAgC;AAC3D,IAAA,OAAA,CAAQ,kBAAA,CAAmB,GAAA,CAAI,aAAa,CAAA,IAAK,CAAA,IAAK,CAAA;AAAA,EACxD;AAEA,EAAA,eAAe,oBAAA,CACb,eACA,SAAA,EACY;AACZ,IAAA,kBAAA,CAAmB,GAAA;AAAA,MACjB,aAAA;AAAA,MAAA,CACC,kBAAA,CAAmB,GAAA,CAAI,aAAa,CAAA,IAAK,CAAA,IAAK;AAAA,KACjD;AACA,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,SAAA,EAAU;AAAA,IACzB,CAAA,SAAE;AACA,MAAA,MAAM,IAAA,GAAA,CAAQ,kBAAA,CAAmB,GAAA,CAAI,aAAa,KAAK,CAAA,IAAK,CAAA;AAC5D,MAAA,IAAI,QAAQ,CAAA,EAAG;AACb,QAAA,kBAAA,CAAmB,OAAO,aAAa,CAAA;AAAA,MACzC,CAAA,MAAO;AACL,QAAA,kBAAA,CAAmB,GAAA,CAAI,eAAe,IAAI,CAAA;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,qBAAqB,WAAA,EAK5B;AACA,IAAA,MAAM,SAAS,iCAAA,CAAkC;AAAA,MAC/C,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,KAAK,WAAA,CAAY,GAAA;AAAA,MACjB,WAAW,MAAA,CAAO,SAAA;AAAA,MAClB,OAAA,EAAS,aAAA;AAAA,MACT,UAAA,EAAY,CAAA,EAAG,cAAc,CAAA,UAAA,EAAa,YAAY,EAAE,CAAA,CAAA;AAAA,MACxD,cAAA,EAAgB,OAAO,GAAA,KAAQ;AAC7B,QAAA,eAAA,CAAgB,IAAA,CAAK,YAAY,EAAE,CAAA;AACnC,QAAA,OAAO,MAAM,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AAAA,MACxC,CAAA;AAAA,MACA,uBAAuB,MAAA,CAAO;AAAA,KAC/B,CAAA;AAED,IAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,EAAA,CAAG,aAAA,EAAe,CAAC,KAAA,KAAU;AAC3D,MAAA,IAAI,UAAU,YAAA,EAAc;AAC1B,QAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,MACvC;AAAA,IACF,CAAC,CAAA;AACD,IAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,EAAA,CAAG,OAAA,EAAS,CAAC,KAAA,KAAU;AACrD,MAAA,MAAM,UAAA,GAAa,eAAe,KAAA,EAAO;AAAA,QACvC,SAAA,EAAW,iBAAA,CAAkB,WAAA,CAAY,EAAE,CAAA;AAAA,QAC3C,MAAA,EAAQ,UAAA;AAAA,QACR,eAAe,WAAA,CAAY,EAAA;AAAA,QAC3B,SAAA,EAAW;AAAA,OACZ,CAAA;AACD,MAAA,IACE,oBAAoB,WAAA,CAAY,EAAE,CAAA,IAClC,uBAAA,CAAwB,UAAU,CAAA,EAClC;AACA,QAAA;AAAA,MACF;AACA,MAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,QAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AACrC,QAAA;AAAA,MACF;AACA,MAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,IACtC,CAAC,CAAA;AAED,IAAA,MAAM,OAAA,GAAU,qBAAA,CAAsB,EAAE,WAAA,EAAa,QAAQ,CAAA;AAE7D,IAAA,OAAO,EAAE,OAAA,EAAS,MAAA,EAAQ,gBAAA,EAAkB,gBAAA,EAAiB;AAAA,EAC/D;AAEA,EAAA,MAAM,yBAAyB,4BAAA,CAA6B;AAAA,IAC1D,QAAA;AAAA,IACA,YAAA,EAAc;AAAA,GACf,CAAA;AAED,EAAA,eAAe,2BAAA,CACb,QAAQ,KAAA,EAC6B;AACrC,IAAA,IAAI,yBAAA,EAA2B;AAC7B,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,OAAO,MAAM,yBAAA;AAAA,MACf;AAEA,MAAA,MAAM,yBAAA;AAAA,IACR;AAEA,IAAA,MAAM,kBAAkB,YAAY;AAClC,MAAA,MAAM,QAAQ,MAAM,kBAAA;AAAA,QAClB,YAAY,MAAM,aAAA,CAAc,GAAA,CAAI,uBAAA;AAAwB,OAC9D;AACA,MAAA,MAAM,yBAAyB,KAAK,CAAA;AACpC,MAAA,OAAO,KAAA;AAAA,IACT,CAAA,GAAG;AACH,IAAA,yBAAA,GAA4B,cAAA;AAE5B,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,cAAA;AAAA,IACf,CAAA,SAAE;AACA,MAAA,IAAI,8BAA8B,cAAA,EAAgB;AAChD,QAAA,yBAAA,GAA4B,IAAA;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AAEA,EAAA,eAAe,yBACb,YAAA,EACe;AACf,IAAA,mBAAA,CAAoB,KAAA,EAAM;AAC1B,IAAA,KAAA,MAAW,QAAQ,YAAA,EAAc;AAC/B,MAAA,mBAAA,CAAoB,GAAA,CAAI,IAAA,CAAK,EAAA,EAAI,IAAI,CAAA;AAAA,IACvC;AACA,IAAA,MAAM,sBAAA,CAAuB,KAAK,YAAY,CAAA;AAAA,EAChD;AAEA,EAAA,eAAe,yBAAyB,OAAA,EAGD;AACrC,IAAA,MAAM,aAAwC,EAAC;AAC/C,IAAA,wBAAA,CAAyB,KAAA,EAAM;AAC/B,IAAA,MAAM,0BAAA,uBAAiC,GAAA,EAAY;AAEnD,IAAA,MAAM,YAAA,GAAe,MAAM,aAAA,CAAc,KAAA,CAAM,KAAK,OAAO,CAAA;AAC3D,IAAA,KAAA,MAAW,QAAQ,YAAA,EAAc;AAC/B,MAAA,UAAA,CAAW,IAAA,CAAK;AAAA,QACd,IAAA;AAAA,QACA,KAAA,EAAO;AAAA,UACL,QAAQ,IAAA,CAAK,EAAA;AAAA,UACb,WAAW,gBAAA,EAAiB;AAAA,UAC5B,MAAA,EAAQ,SAAA;AAAA,UACR,eAAe,IAAA,CAAK;AAAA;AACtB,OACD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,SAAS,mBAAA,EAAqB;AAChC,MAAA,MAAM,wBAAA,CAAyB,QAAQ,mBAAmB,CAAA;AAAA,IAC5D,CAAA,MAAO;AACL,MAAA,MAAM,2BAAA,EAA4B;AAAA,IACpC;AAEA,IAAA,MAAM,wBAAwB,CAAC,GAAG,sBAAA,CAAuB,MAAA,EAAQ,CAAA,CAAE,IAAA;AAAA,MACjE,CAAC,GAAG,CAAA,KAAM,CAAA,CAAE,YAAY,EAAA,CAAG,aAAA,CAAc,CAAA,CAAE,WAAA,CAAY,EAAE;AAAA,KAC3D;AAEA,IAAA,MAAM,wBAAA,GAA2B,OAAO,KAAA,KAA+B;AACrE,MAAA,MAAM,gBAAgB,MAAM,kBAAA;AAAA,QAC1B,YACE,MAAM,oBAAA;AAAA,UAAqB,MAAM,WAAA,CAAY,EAAA;AAAA,UAAI,MAC/C,KAAA,CAAM,MAAA,CAAO,KAAA,CAAM,IAAA;AAAK;AAC1B,OACJ;AACA,MAAA,wBAAA,CAAyB,GAAA,CAAI,KAAA,CAAM,WAAA,CAAY,EAAE,CAAA;AACjD,MAAA,KAAA,MAAW,QAAQ,aAAA,EAAe;AAChC,QAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,EAAA,IAAM,IAAA,CAAK,IAAA;AACtC,QAAA,MAAM,YAAY,CAAA,EAAG,KAAA,CAAM,YAAY,EAAE,CAAA,CAAA,EAAI,KAAK,IAAI,CAAA,CAAA;AAEtD,QAAA,UAAA,CAAW,IAAA,CAAK;AAAA,UACd,IAAA,EAAM;AAAA,YACJ,EAAA,EAAI,SAAA;AAAA,YACJ,MAAM,IAAA,CAAK,IAAA;AAAA,YACX,aAAa,IAAA,CAAK,WAAA;AAAA,YAClB,aAAa,IAAA,CAAK,WAAA;AAAA,YAClB,MAAA,EAAQ;AAAA,cACN,EAAA,EAAI,MAAM,WAAA,CAAY,EAAA;AAAA,cACtB,IAAA,EAAM,MAAM,WAAA,CAAY;AAAA;AAC1B,WACF;AAAA,UACA,KAAA,EAAO;AAAA,YACL,MAAA,EAAQ,SAAA;AAAA,YACR,WAAW,KAAA,CAAM,SAAA;AAAA,YACjB,MAAA,EAAQ,UAAA;AAAA,YACR,aAAA;AAAA,YACA,aAAA,EAAe,MAAM,WAAA,CAAY;AAAA;AACnC,SACD,CAAA;AAAA,MACH;AAAA,IACF,CAAA;AAEA,IAAA,KAAA,MAAW,SAAS,qBAAA,EAAuB;AACzC,MAAA,IAAI;AACF,QAAA,MAAM,2BAAA,CAA4B,MAAM,WAAW,CAAA;AACnD,QAAA,MAAM,yBAAyB,KAAK,CAAA;AAAA,MACtC,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,UAAA,GAAa,eAAe,GAAA,EAAK;AAAA,UACrC,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,MAAA,EAAQ,UAAA;AAAA,UACR,aAAA,EAAe,MAAM,WAAA,CAAY,EAAA;AAAA,UACjC,SAAA,EAAW;AAAA,SACZ,CAAA;AACD,QAAA,IAAI,uBAAA,CAAwB,UAAU,CAAA,EAAG;AACvC,UAAA,0BAAA,CAA2B,GAAA,CAAI,KAAA,CAAM,WAAA,CAAY,EAAE,CAAA;AACnD,UAAA;AAAA,QACF;AACA,QAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,UAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,QACvC;AACA,QAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,MACtC;AAAA,IACF;AAEA,IAAA,IAAI,0BAAA,CAA2B,OAAO,CAAA,EAAG;AACvC,MAAA,IAAI,iBAAA,GAAoB,KAAA;AACxB,MAAA,KAAA,MAAW,iBAAiB,0BAAA,EAA4B;AACtD,QAAA,MAAM,KAAA,GAAQ,sBAAA,CAAuB,GAAA,CAAI,aAAa,CAAA;AACtD,QAAA,IAAI,CAAC,KAAA,EAAO;AAEZ,QAAA,IAAI;AACF,UAAA,MAAM,2BAAA,CAA4B,MAAM,WAAA,EAAa;AAAA,YACnD,aAAA,EAAe;AAAA,WAChB,CAAA;AACD,UAAA,MAAM,oBAAA,CAAqB,eAAe,YAAY;AACpD,YAAA,MAAM,KAAA,CAAM,OAAO,UAAA,EAAW;AAC9B,YAAA,MAAM,KAAA,CAAM,OAAO,OAAA,EAAQ;AAAA,UAC7B,CAAC,CAAA;AACD,UAAA,MAAM,yBAAyB,KAAK,CAAA;AAAA,QACtC,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,UAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,YAAA,iBAAA,GAAoB,IAAA;AACpB,YAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,cAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,YACtC;AACA,YAAA;AAAA,UACF;AACA,UAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,QACtC;AAAA,MACF;AAEA,MAAA,IAAI,iBAAA,EAAmB;AACrB,QAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,MACvC,WACE,eAAA,CAAgB,KAAA,KAAU,YAAA,IAC1B,aAAA,CAAc,UAAU,OAAA,EACxB;AACA,QAAA,eAAA,CAAgB,SAAS,OAAO,CAAA;AAAA,MAClC;AAAA,IACF;AAEA,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,eAAe,mBAAmB,OAAA,EAM/B;AACD,IAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,MAClC,KAAA,EAAO,SAAS,KAAA,IAAS,IAAA;AAAA,MACzB,mBAAA,EACE,OAAA,EAAS,mBAAA,EACL,GAAA,CAAI,CAAC,gBAAgB,WAAA,CAAY,EAAE,CAAA,CACpC,IAAA,EAAK,IAAK;AAAA,KAChB,CAAA;AACD,IAAA,MAAM,QAAA,GAAW,MAAM,cAAA,CAAe,KAAA;AAAA,MACpC,YAAY,MAAM,wBAAA,CAAyB,OAAO,CAAA;AAAA,MAClD;AAAA,QACE,GAAA,EAAK,YAAA;AAAA,QACL,UAAA,EAAY,CAAC,QAAA,EAAU,QAAA,KACrB,cAAc,eAAA,CAAgB;AAAA,UAC5B,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,QAAA;AAAA,UACA;AAAA,SACD;AAAA;AACL,KACF;AACA,IAAA,OAAO;AAAA,MACL,OAAO,QAAA,CAAS,KAAA;AAAA,MAChB,WAAW,QAAA,CAAS;AAAA,KACtB;AAAA,EACF;AAEA,EAAA,SAAS,mBAAmB,SAAA,EAAwC;AAClE,IAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,MAAA,eAAA,CAAgB,SAAA;AAAA,QACd,oBAAA,CAAqB;AAAA,UACnB,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,MAAM,QAAA,CAAS,IAAA;AAAA,UACf,SAAS,QAAA,CAAS;AAAA,SACnB;AAAA,OACH;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,mCAAA,GAAgD;AACvD,IAAA,OAAO,sBAAA,CAAuB,gBAAgB,wBAAwB,CAAA;AAAA,EACxE;AAEA,EAAA,eAAe,uBACb,IAAA,EACe;AACf,IAAA,MAAM,sBAAA,CAAuB,QAAQ,IAAI,CAAA;AAAA,EAC3C;AAEA,EAAA,eAAe,eAAA,GAAiC;AAC9C,IAAA,IAAI,eAAA,CAAgB,UAAU,OAAA,EAAS;AACvC,IAAA,IACE,eAAA,CAAgB,KAAA,KAAU,YAAA,IAC1B,aAAA,CAAc,UAAU,OAAA,EACxB;AACA,MAAA;AAAA,IACF;AAEA,IAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAErC,IAAA,IAAI;AACF,MAAA,MAAM,cAAc,OAAA,EAAQ;AAC5B,MAAA,MAAM,4BAA4B,IAAI,CAAA;AACtC,MAAA,eAAA,CAAgB,SAAS,OAAO,CAAA;AAAA,IAClC,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,UAAA,GAAa,eAAe,GAAA,EAAK;AAAA,QACrC,WAAW,gBAAA,EAAiB;AAAA,QAC5B,MAAA,EAAQ,SAAA;AAAA,QACR,SAAA,EAAW;AAAA,OACZ,CAAA;AACD,MAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,QAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,MACvC,CAAA,MAAO;AACL,QAAA,eAAA,CAAgB,SAAS,QAAQ,CAAA;AAAA,MACnC;AACA,MAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AACpC,MAAA,MAAM,UAAA;AAAA,IACR;AAAA,EACF;AAEA,EAAA,eAAe,kBAAkB,MAAA,EAA0C;AACzE,IAAA,IAAI,KAAA,GAAQ,cAAA,CAAe,QAAA,CAAS,MAAM,CAAA;AAC1C,IAAA,IAAI,OAAO,OAAO,KAAA;AAElB,IAAA,MAAM,SAAA,GAAY,MAAM,kBAAA,EAAmB;AAC3C,IAAA,kBAAA,CAAmB,UAAU,SAAS,CAAA;AACtC,IAAA,KAAA,GAAQ,cAAA,CAAe,SAAS,MAAM,CAAA;AACtC,IAAA,IAAI,OAAO,OAAO,KAAA;AAElB,IAAA,MAAM,IAAI,YAAA;AAAA,MACR,iBAAiB,MAAM,CAAA,gDAAA,CAAA;AAAA,MACvB,wBAAA;AAAA,MACA,EAAE,IAAA,EAAM,EAAE,MAAA,EAAO;AAAE,KACrB;AAAA,EACF;AAEA,EAAA,MAAM,YAAA,GAAoC;AAAA,IACxC,IAAI,KAAA,GAAQ;AACV,MAAA,OAAO,eAAA,CAAgB,KAAA;AAAA,IACzB,CAAA;AAAA,IAEA,MAAM,OAAA,GAAU;AACd,MAAA,MAAM,eAAA,EAAgB;AAAA,IACxB,CAAA;AAAA,IAEA,MAAM,UAAA,GAAa;AACjB,MAAA,MAAM,uBAAuB,YAAY,CAAA;AACzC,MAAA,mBAAA,CAAoB,KAAA,EAAM;AAC1B,MAAA,cAAA,CAAe,KAAA,EAAM;AACrB,MAAA,eAAA,CAAgB,MAAA,GAAS,CAAA;AACzB,MAAA,MAAM,cAAc,UAAA,EAAW;AAC/B,MAAA,eAAA,CAAgB,SAAS,MAAM,CAAA;AAAA,IACjC,CAAA;AAAA,IAEA,MAAM,iBAAA,GAAmD;AACvD,MAAA,MAAM,eAAA,EAAgB;AACtB,MAAA,OAAO,MAAM,cAAc,iBAAA,EAAkB;AAAA,IAC/C,CAAA;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,MAAA,GAAS;AACb,QAAA,IACE,eAAA,CAAgB,KAAA,KAAU,YAAA,IAC1B,aAAA,CAAc,UAAU,OAAA,EACxB;AACA,UAAA,MAAM,4BAA4B,IAAI,CAAA;AAEtC,UAAA,IAAI,sBAAA,GAAyB,KAAA;AAC7B,UAAA,KAAA,MAAW;AAAA,YACT,aAAA;AAAA,YACA;AAAA,WACF,IAAK,sBAAA,CAAuB,OAAA,EAAQ,EAAG;AACrC,YAAA,IAAI;AACF,cAAA,MAAM,oBAAA;AAAA,gBAAqB,aAAA;AAAA,gBAAe,MACxC,KAAA,CAAM,MAAA,CAAO,IAAA,CAAK,MAAA;AAAO,eAC3B;AAAA,YACF,SAAS,GAAA,EAAK;AACZ,cAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,cAAA,IAAI,uBAAA,CAAwB,UAAU,CAAA,EAAG;AACvC,gBAAA,sBAAA,GAAyB,IAAA;AACzB,gBAAA;AAAA,cACF;AACA,cAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AAAA,YACtC;AAAA,UACF;AAEA,UAAA,MAAM,SAAA,GAAY,MAAM,kBAAA,EAAmB;AAC3C,UAAA,kBAAA,CAAmB,UAAU,SAAS,CAAA;AACtC,UAAA,MAAM,kBAAkB,mCAAA,EAAoC;AAC5D,UAAA,IAAI,CAAC,sBAAA,IAA0B,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AAC3D,YAAA,eAAA,CAAgB,SAAS,OAAO,CAAA;AAAA,UAClC;AACA,UAAA;AAAA,QACF;AAEA,QAAA,MAAM,eAAA,EAAgB;AAAA,MACxB,CAAA;AAAA,MAEA,MAAM,OAAA,GAAU;AACd,QAAA,MAAM,uBAAuB,SAAS,CAAA;AACtC,QAAA,mBAAA,CAAoB,KAAA,EAAM;AAC1B,QAAA,cAAA,CAAe,KAAA,EAAM;AACrB,QAAA,eAAA,CAAgB,MAAA,GAAS,CAAA;AACzB,QAAA,MAAM,aAAA,CAAc,KAAK,OAAA,EAAQ;AACjC,QAAA,eAAA,CAAgB,SAAS,MAAM,CAAA;AAAA,MACjC,CAAA;AAAA,MAEA,MAAM,eAAe,GAAA,EAAmB;AACtC,QAAA,IAAI,sBAAA,CAAuB,SAAS,CAAA,EAAG;AACrC,UAAA,IAAI;AACF,YAAA,MAAM,4BAA4B,IAAI,CAAA;AAAA,UACxC,SAAS,GAAA,EAAK;AACZ,YAAA,eAAA,CAAgB,SAAA;AAAA,cACd,eAAe,GAAA,EAAK;AAAA,gBAClB,WAAW,gBAAA,EAAiB;AAAA,gBAC5B,MAAA,EAAQ,SAAA;AAAA,gBACR,SAAA,EAAW;AAAA,eACZ;AAAA,aACH;AAAA,UACF;AAAA,QACF;AAEA,QAAA,MAAM,UAGD,EAAC;AAEN,QAAA,KAAA,MAAW,YAAY,eAAA,EAAiB;AACtC,UAAA,IAAI,aAAa,SAAA,EAAW;AAC1B,YAAA,OAAA,CAAQ,IAAA,CAAK,EAAE,MAAA,EAAQ,aAAA,EAAe,UAAU,CAAA;AAChD,YAAA;AAAA,UACF;AACA,UAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,GAAA,CAAI,QAAQ,CAAA;AAClD,UAAA,IAAI,MAAA,EAAQ;AACV,YAAA,OAAA,CAAQ,KAAK,EAAE,MAAA,EAAQ,MAAA,CAAO,MAAA,EAAQ,UAAU,CAAA;AAAA,UAClD;AAAA,QACF;AAEA,QAAA,IAAI,aAAA,CAAc,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG;AACtC,UAAA,OAAA,CAAQ,IAAA,CAAK,EAAE,MAAA,EAAQ,aAAA,EAAe,CAAA;AAAA,QACxC;AAEA,QAAA,KAAA,MAAW,KAAA,IAAS,sBAAA,CAAuB,MAAA,EAAO,EAAG;AACnD,UAAA,IAAI,KAAA,CAAM,MAAA,CAAO,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG;AACrC,YAAA,OAAA,CAAQ,IAAA,CAAK,EAAE,MAAA,EAAQ,KAAA,CAAM,QAAQ,CAAA;AAAA,UACvC;AAAA,QACF;AAEA,QAAA,OAAA,CAAQ,IAAA,CAAK,EAAE,MAAA,EAAQ,aAAA,EAAe,CAAA;AACtC,QAAA,OAAA,CAAQ,IAAA;AAAA,UACN,GAAG,CAAC,GAAG,sBAAA,CAAuB,MAAA,EAAQ,CAAA,CACnC,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,WAAA,CAAY,EAAA,CAAG,aAAA,CAAc,CAAA,CAAE,WAAA,CAAY,EAAE,CAAC,CAAA,CAC/D,GAAA,CAAI,CAAC,KAAA,MAAW,EAAE,MAAA,EAAQ,KAAA,CAAM,MAAA,EAAO,CAAE;AAAA,SAC9C;AAEA,QAAA,MAAM,SAGD,EAAC;AACN,QAAA,MAAM,IAAA,uBAAW,GAAA,EAAmB;AACpC,QAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,UAAA,IAAI,IAAA,CAAK,GAAA,CAAI,KAAA,CAAM,MAAM,CAAA,EAAG;AAC5B,UAAA,IAAA,CAAK,GAAA,CAAI,MAAM,MAAM,CAAA;AACrB,UAAA,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QACnB;AAEA,QAAA,IAAI,SAAA;AAMJ,QAAA,IAAI,SAAA,GAAqB,MAAA;AAEzB,QAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,UAAA,IAAI;AACF,YAAA,MAAM,KAAA,CAAM,MAAA,CAAO,IAAA,CAAK,cAAA,CAAe,GAAG,CAAA;AAC1C,YAAA,SAAA,GAAY,KAAA;AACZ,YAAA;AAAA,UACF,SAAS,GAAA,EAAK;AACZ,YAAA,SAAA,GAAY,GAAA;AAAA,UACd;AAAA,QACF;AAEA,QAAA,IAAI,SAAA,EAAW;AACb,UAAA,KAAA,IAAS,MAAM,eAAA,CAAgB,MAAA,GAAS,GAAG,GAAA,IAAO,CAAA,EAAG,OAAO,CAAA,EAAG;AAC7D,YAAA,MAAM,QAAA,GAAW,gBAAgB,GAAG,CAAA;AACpC,YAAA,MAAM,eACJ,QAAA,KAAa,SAAA,GACT,gBACA,sBAAA,CAAuB,GAAA,CAAI,QAAQ,CAAA,EAAG,MAAA;AAC5C,YAAA,IAAI,YAAA,KAAiB,UAAU,MAAA,EAAQ;AACrC,cAAA,eAAA,CAAgB,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,YAC/B;AAAA,UACF;AAAA,QACF;AAEA,QAAA,IAAI,CAAC,aAAa,SAAA,EAAW;AAC3B,UAAA,MAAM,eAAe,SAAA,EAAW;AAAA,YAC9B,WAAW,gBAAA,EAAiB;AAAA,YAC5B,MAAA,EAAQ,SAAA;AAAA,YACR,SAAA,EAAW;AAAA,WACZ,CAAA;AAAA,QACH;AAEA,QAAA,IAAI;AACF,UAAA,MAAM,eAAA,EAAgB;AAAA,QACxB,SAAS,GAAA,EAAK;AACZ,UAAA,eAAA,CAAgB,SAAA;AAAA,YACd,eAAe,GAAA,EAAK;AAAA,cAClB,WAAW,gBAAA,EAAiB;AAAA,cAC5B,MAAA,EAAQ,SAAA;AAAA,cACR,SAAA,EAAW;AAAA,aACZ;AAAA,WACH;AAAA,QACF;AAAA,MACF,CAAA;AAAA,MAEA,WAAW,GAAA,EAA4B;AACrC,QAAA,IAAI,aAAA,CAAc,IAAA,CAAK,UAAA,CAAW,GAAG,GAAG,OAAO,IAAA;AAC/C,QAAA,KAAA,MAAW,KAAA,IAAS,sBAAA,CAAuB,MAAA,EAAO,EAAG;AACnD,UAAA,IAAI,MAAM,MAAA,CAAO,IAAA,CAAK,UAAA,CAAW,GAAG,GAAG,OAAO,IAAA;AAAA,QAChD;AACA,QAAA,OAAO,KAAA;AAAA,MACT,CAAA;AAAA,MAEA,IAAI,eAAA,GAA2B;AAC7B,QAAA,OACE,eAAA,CAAgB,KAAA,KAAU,OAAA,IAC1B,aAAA,CAAc,IAAA,CAAK,eAAA;AAAA,MAEvB;AAAA,KACF;AAAA,IAEA,YAAA,EAAc;AAAA,MACZ,MAAM,IAAA,GAAmC;AACvC,QAAA,MAAM,eAAA,EAAgB;AACtB,QAAA,MAAM,UAAA,GAAa,MAAM,2BAAA,CAA4B,IAAI,CAAA;AAEzD,QAAA,IAAI,kBAAqC,EAAC;AAC1C,QAAA,IAAI;AACF,UAAA,eAAA,GAAkB,MAAM,aAAA,CAAc,YAAA,CAAa,IAAA,EAAK;AAAA,QAC1D,SAAS,GAAA,EAAK;AACZ,UAAA,eAAA,CAAgB,SAAA;AAAA,YACd,eAAe,GAAA,EAAK;AAAA,cAClB,WAAW,gBAAA,EAAiB;AAAA,cAC5B,MAAA,EAAQ,SAAA;AAAA,cACR,SAAA,EAAW;AAAA,aACZ;AAAA,WACH;AAAA,QACF;AACA,QAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,eAAA,CAAgB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAC,CAAA,CAAE,EAAA,EAAI,CAAC,CAAC,CAAC,CAAA;AAEjE,QAAA,MAAM,2BAA2B,UAAA,CAAW,IAAA;AAAA,UAC1C,CAAC,CAAA,KACC,CAAA,CAAE,aAAa,0BAAA,IACf,CAAC,EAAE,UAAA,EAAY;AAAA,SACnB;AAEA,QAAA,IAAI,gBAAA;AACJ,QAAA,IAAI,wBAAA,EAA0B;AAC5B,UAAA,IAAI;AACF,YAAA,gBAAA,GAAA,CAAoB,MAAM,aAAA,CAAc,iBAAA,EAAkB,EACvD,UAAA;AAAA,UACL,CAAA,CAAA,MAAQ;AACN,YAAA,gBAAA,GAAmB,MAAA;AAAA,UACrB;AAAA,QACF;AAEA,QAAA,OAAO,UAAA,CAAW,GAAA,CAAI,CAAC,WAAA,KAAgB;AACrC,UAAA,MAAM,aAAA,GAAgB,WAAA,CAAY,GAAA,CAAI,WAAA,CAAY,EAAE,CAAA;AACpD,UAAA,MAAM,SAAA,GACJ,aAAA,EAAe,SAAA,IACf,WAAA,CAAY,YAAY,SAAA,IACxB,KAAA;AACF,UAAA,MAAM,UAAA,GACJ,eAAe,UAAA,KACd,CAAC,aAAa,WAAA,CAAY,QAAA,KAAa,6BACpC,gBAAA,GACA,MAAA,CAAA;AACN,UAAA,MAAM,MAAA,GACJ,eAAe,MAAA,KACd,CAAC,aAAa,WAAA,CAAY,QAAA,KAAa,6BACpC,sBAAA,GACA,MAAA,CAAA;AAEN,UAAA,OAAO;AAAA,YACL,IAAI,WAAA,CAAY,EAAA;AAAA,YAChB,MAAM,WAAA,CAAY,IAAA;AAAA,YAClB,SAAA;AAAA,YACA,UAAA;AAAA,YACA;AAAA,WACF;AAAA,QACF,CAAC,CAAA;AAAA,MACH;AAAA,KACF;AAAA,IAEA,KAAA,EAAO;AAAA,MACL,MAAM,KAAK,OAAA,EAAsD;AAC/D,QAAA,MAAM,eAAA,EAAgB;AACtB,QAAA,IAAI,SAAA,GAAY,MAAM,kBAAA,CAAmB,OAAO,CAAA;AAEhD,QAAA,MAAM,kBAAkB,mCAAA,EAAoC;AAC5D,QAAA,IAAI,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC9B,UAAA,MAAM,SAAA,GAAY,MAAM,2BAAA,CAA4B,IAAI,CAAA;AACxD,UAAA,SAAA,GAAY,MAAM,kBAAA,CAAmB;AAAA,YACnC,GAAG,OAAA;AAAA,YACH,mBAAA,EAAqB;AAAA,WACtB,CAAA;AAAA,QACH;AACA,QAAA,kBAAA,CAAmB,UAAU,SAAS,CAAA;AAEtC,QAAA,MAAM,qBAAqB,mCAAA,EAAoC;AAC/D,QAAA,IACE,eAAA,CAAgB,UAAU,YAAA,IAC1B,aAAA,CAAc,UAAU,OAAA,IACxB,kBAAA,CAAmB,WAAW,CAAA,EAC9B;AACA,UAAA,eAAA,CAAgB,SAAS,OAAO,CAAA;AAAA,QAClC;AAEA,QAAA,OAAO,SAAA,CAAU,KAAA;AAAA,MACnB,CAAA;AAAA,MAEA,MAAM,OAAA,CACJ,MAAA,EACA,IAAA,EACqB;AACrB,QAAA,MAAM,eAAA,EAAgB;AAEtB,QAAA,MAAM,KAAA,GAAQ,MAAM,iBAAA,CAAkB,MAAM,CAAA;AAE5C,QAAA,IAAI;AACF,UAAA,IAAI,KAAA,CAAM,WAAW,SAAA,EAAW;AAC9B,YAAA,OAAO,MAAM,aAAA,CAAc,KAAA,CAAM,OAAA,CAAQ,KAAA,CAAM,eAAe,IAAI,CAAA;AAAA,UACpE;AAEA,UAAA,MAAM,gBAAgB,KAAA,CAAM,aAAA;AAC5B,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,MAAM,IAAI,YAAA;AAAA,cACR,mBAAmB,MAAM,CAAA,kCAAA,CAAA;AAAA,cACzB,wBAAA;AAAA,cACA,EAAE,IAAA,EAAM,EAAE,MAAA,EAAQ,OAAM;AAAE,aAC5B;AAAA,UACF;AAEA,UAAA,IAAI,KAAA,GAAQ,sBAAA,CAAuB,GAAA,CAAI,aAAa,CAAA;AACpD,UAAA,IAAI,CAAC,KAAA,EAAO;AACV,YAAA,MAAM,4BAA4B,IAAI,CAAA;AACtC,YAAA,KAAA,GAAQ,sBAAA,CAAuB,IAAI,aAAa,CAAA;AAAA,UAClD;AACA,UAAA,IAAI,CAAC,KAAA,EAAO;AACV,YAAA,MAAM,IAAI,YAAA;AAAA,cACR,yBAAyB,aAAa,CAAA,wBAAA,CAAA;AAAA,cACtC,wBAAA;AAAA,cACA,EAAE,IAAA,EAAM,EAAE,aAAA,EAAc;AAAE,aAC5B;AAAA,UACF;AAEA,UAAA,MAAM,2BAAA,CAA4B,MAAM,WAAW,CAAA;AACnD,UAAA,IAAI;AACF,YAAA,MAAM,eAAA,GAAkB,YACtB,MAAM,kBAAA;AAAA,cACJ,YACE,MAAM,oBAAA;AAAA,gBAAqB,aAAA;AAAA,gBAAe,MACxC,KAAA,CAAM,MAAA,CAAO,MAAM,OAAA,CAAQ,KAAA,CAAM,eAAe,IAAI;AAAA;AACtD,aACJ;AACF,YAAA,OAAO,MAAM,eAAA,EAAgB;AAAA,UAC/B,SAAS,QAAA,EAAU;AACjB,YAAA,MAAM,eAAA,GAAkB,eAAe,QAAA,EAAU;AAAA,cAC/C,WAAW,KAAA,CAAM,SAAA;AAAA,cACjB,QAAQ,KAAA,CAAM,MAAA;AAAA,cACd,eAAe,KAAA,CAAM,aAAA;AAAA,cACrB,SAAA,EAAW,eAAA;AAAA,cACX;AAAA,aACD,CAAA;AACD,YAAA,MAAM,eAAA;AAAA,UACR;AAAA,QACF,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAA,EAAK;AAAA,YACrC,WAAW,KAAA,CAAM,SAAA;AAAA,YACjB,QAAQ,KAAA,CAAM,MAAA;AAAA,YACd,eAAe,KAAA,CAAM,aAAA;AAAA,YACrB,SAAA,EAAW,eAAA;AAAA,YACX;AAAA,WACD,CAAA;AACD,UAAA,IAAI,sBAAA,CAAuB,UAAU,CAAA,EAAG;AACtC,YAAA,eAAA,CAAgB,SAAS,YAAY,CAAA;AAAA,UACvC;AACA,UAAA,eAAA,CAAgB,UAAU,UAAU,CAAA;AACpC,UAAA,MAAM,UAAA;AAAA,QACR;AAAA,MACF;AAAA,KACF;AAAA,IAEA,EAAA,CACE,OAEA,OAAA,EACY;AACZ,MAAA,IAAI,UAAU,aAAA,EAAe;AAC3B,QAAA,OAAO,eAAA,CAAgB,EAAA,CAAG,aAAA,EAAe,OAAO,CAAA;AAAA,MAClD;AACA,MAAA,OAAO,eAAA,CAAgB,EAAA,CAAG,OAAA,EAAS,OAAO,CAAA;AAAA,IAC5C,CAAA;AAAA,IAEA,IAAI,GAAA,GAAM;AACR,MAAA,OAAO,aAAA,CAAc,GAAA;AAAA,IACvB;AAAA,GACF;AAMA,EAAA,OAAO,YAAA;AACT;;;ACn4BA,IAAM,eAAA,uBAAsB,GAAA,CAAI;AAAA,EAC9B,cAAA;AAAA,EACA,cAAA;AAAA,EACA;AACF,CAAC,CAAA;AAED,SAAS,aAAa,KAAA,EAAyC;AAC7D,EAAA,IAAI,SAAA,GAAY,KAAA;AAChB,EAAA,IAAI,UAAA,GAAa,KAAA;AACjB,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,IAAI,IAAA,CAAK,IAAA,KAAS,cAAA,EAAgB,SAAA,GAAY,IAAA;AAC9C,IAAA,IAAI,IAAA,CAAK,IAAA,KAAS,cAAA,EAAgB,UAAA,GAAa,IAAA;AAAA,EACjD;AACA,EAAA,OAAO,SAAA,IAAa,UAAA;AACtB;AAsBA,SAAS,wBAAwB,MAAA,EAAgC;AAC/D,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,UAAU,OAAO,IAAA;AAClD,EAAA,MAAM,UAAW,MAAA,CAA0C,OAAA;AAC3D,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,GAAG,OAAO,IAAA;AACpC,EAAA,KAAA,MAAW,QAAQ,OAAA,EAAS;AAC1B,IAAA,IACE,IAAA,CAAK,SAAS,UAAA,IACd,IAAA,CAAK,UAAU,QAAA,KAAa,kBAAA,IAC5B,IAAA,CAAK,QAAA,CAAS,IAAA,EACd;AACA,MAAA,OAAO,KAAK,QAAA,CAAS,IAAA;AAAA,IACvB;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,mBAAmB,MAAA,EAAyB;AACnD,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA,KAAW,UAAU,OAAO,MAAA,CAAO,UAAU,EAAE,CAAA;AACrE,EAAA,MAAM,CAAA,GAAI,MAAA;AACV,EAAA,IAAI,EAAE,OAAA,IAAW,KAAA,CAAM,OAAA,CAAQ,CAAA,CAAE,OAAO,CAAA,EAAG;AACzC,IAAA,MAAM,QAAQ,CAAA,CAAE,OAAA,CACb,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,IAAA,KAAS,MAAA,IAAU,CAAA,CAAE,IAAI,CAAA,CACzC,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,IAAK,CAAA;AACrB,IAAA,IAAI,MAAM,MAAA,GAAS,CAAA,EAAG,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AAG5C,IAAA,MAAM,gBAAgB,CAAA,CAAE,OAAA,CACrB,OAAO,CAAC,CAAA,KAAM,EAAE,IAAA,KAAS,UAAA,IAAc,CAAA,CAAE,QAAA,EAAU,IAAI,CAAA,CACvD,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,SAAU,IAAK,CAAA;AAC/B,IAAA,IAAI,aAAA,CAAc,SAAS,CAAA,EAAG;AAC5B,MAAA,OAAO,aAAA,CACJ,GAAA,CAAI,CAAC,IAAA,KAAS;AACb,QAAA,IAAI;AACF,UAAA,OAAO,kBAAA,CAAmB,IAAA,CAAK,KAAA,CAAM,IAAI,CAAC,CAAA;AAAA,QAC5C,CAAA,CAAA,MAAQ;AACN,UAAA,OAAO,IAAA;AAAA,QACT;AAAA,MACF,CAAC,CAAA,CACA,IAAA,CAAK,IAAI,CAAA;AAAA,IACd;AAEA,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,CAAA,CAAE,OAAO,CAAA;AAAA,EACjC;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,MAAM,CAAA;AAC9B;AAWA,SAAS,eAAe,GAAA,EAA4B;AAClD,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG,OAAO,GAAA;AAEhC,EAAA,IAAI,EAAE,eAAe,KAAA,CAAA,EAAQ;AAC3B,IAAA,OAAO,IAAI,YAAA,CAAa,MAAA,CAAO,GAAG,GAAG,uBAAuB,CAAA;AAAA,EAC9D;AAGA,EAAA,MAAM,KAAA,GAA6B,GAAA;AAGnC,EAAA,IAAI,KAAA,CAAM,SAAS,MAAA,EAAQ;AACzB,IAAA,MAAM,YAAA,GAAgB,KAAA,CAAM,YAAA,IAAgB,KAAA,CAAM,IAAA,EAAM,YAAA;AAGxD,IAAA,MAAM,WAAA,GAAc,eAAe,CAAC,CAAA;AACpC,IAAA,OAAO,IAAI,kCAAA;AAAA,MACT,aAAa,aAAA,IAAiB,SAAA;AAAA,MAC9B;AAAA,QACE,iBAAiB,WAAA,EAAa,eAAA;AAAA,QAC9B,YAAY,WAAA,EAAa,GAAA;AAAA,QACzB,SAAS,WAAA,EAAa,OAAA;AAAA,QACtB,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAGA,EAAA,MAAM,UAAA,GAAc,KAAA,CAAM,UAAA,IAAc,KAAA,CAAM,MAAA;AAC9C,EAAA,IAAI,OAAO,UAAA,KAAe,QAAA,IAAY,UAAA,IAAc,GAAA,EAAK;AACvD,IAAA,IAAI,eAAe,GAAA,EAAK;AACtB,MAAA,OAAO,IAAI,0BAAA,CAA2B,GAAA,CAAI,SAAS,EAAE,KAAA,EAAO,KAAK,CAAA;AAAA,IACnE;AACA,IAAA,OAAO,IAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,sBAAA,EAAwB;AAAA,MAC3D,UAAA;AAAA,MACA,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,mBAAA,CAAoB,GAAG,CAAA,EAAG;AAC5B,IAAA,OAAO,IAAI,0BAAA,CAA2B,GAAA,CAAI,SAAS,EAAE,KAAA,EAAO,KAAK,CAAA;AAAA,EACnE;AAGA,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,EAAG;AACvB,IAAA,OAAO,IAAI,YAAA,CAAa,GAAA,CAAI,SAAS,EAAE,KAAA,EAAO,KAAK,CAAA;AAAA,EACrD;AAGA,EAAA,OAAO,IAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,uBAAA,EAAyB;AAAA,IAC5D,KAAA,EAAO;AAAA,GACR,CAAA;AACH;AAMO,SAAS,kCACd,MAAA,EACe;AACf,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACpB,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,gFAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,6FAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,cAAA,EAAgB;AAC1B,IAAA,MAAM,IAAI,WAAA;AAAA,MACR,mFAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,GAAsB,MAAA;AAE1B,EAAA,MAAM,UAAA,uBAAiB,GAAA,EAA2C;AAClE,EAAA,IAAI,aAAA,GAAgC,IAAA;AAGpC,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW;AAAA,IACzB,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,QAAQ,MAAA,CAAO,SAAA;AAAA,IACf,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,gBAAgB,MAAA,CAAO,cAAA;AAAA;AAAA;AAAA;AAAA,IAIvB,gBAAA,EAAkB,MAAA,CAAO,qBAAA,GACrB,CAAC,KAAA,KAAU;AACT,MAAA,MAAA,CAAO,qBAAA,CAAuB,MAAM,GAAA,EAAK;AAAA,QACvC,EAAA,EAAI,MAAM,aAAA,IAAiB,SAAA;AAAA,QAC3B,IAAA,EAAM,KAAA,CAAM,eAAA,IAAmB,KAAA,CAAM;AAAA,OACtC,CAAA;AAAA,IACH,CAAA,GACA;AAAA,GACL,CAAA;AAID,EAAA,SAAS,SAAS,QAAA,EAAuB;AACvC,IAAA,IAAI,WAAW,QAAA,EAAU;AACzB,IAAA,MAAA,GAAS,QAAA;AACT,IAAA,IAAI;AACF,MAAA,MAAA,CAAO,gBAAgB,QAAQ,CAAA;AAAA,IACjC,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,QAAA,GAAW,UAAA,CAAW,GAAA,CAAI,aAAa,CAAA;AAC7C,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,QAAA,IAAI;AACF,UAAA,OAAA,CAAQ,QAAQ,CAAA;AAAA,QAClB,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,SAAS,UAAU,KAAA,EAAqB;AACtC,IAAA,MAAM,QAAA,GAAW,UAAA,CAAW,GAAA,CAAI,OAAO,CAAA;AACvC,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,QAAA,IAAI;AACF,UAAA,OAAA,CAAQ,KAAK,CAAA;AAAA,QACf,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAIA,EAAA,eAAe,iBAAA,CAAkB,QAAQ,GAAA,EAStC;AACD,IAAA,MAAM,SAAS,MAAM,GAAA,CAAI,SAAS,cAAA,EAAgB,EAAE,OAAO,CAAA;AAC3D,IAAA,MAAM,QAAA,GAAW,wBAAwB,MAAM,CAAA;AAC/C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,qGAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI;AACF,MAAA,MAAA,GAAS,IAAA,CAAK,MAAM,QAAQ,CAAA;AAAA,IAC9B,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,uCAAuC,CAAA,YAAa,KAAA,GAAQ,EAAE,OAAA,GAAU,MAAA,CAAO,CAAC,CAAC,CAAA,CAAA;AAAA,QACjF;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,MAAA,OAAO,EAAE,KAAA,EAAO,MAAA,EAAgC,MAAA,EAAQ,EAAC,EAAE;AAAA,IAC7D;AACA,IAAA,IAAI,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACxC,MAAA,MAAM,GAAA,GAAM,MAAA;AACZ,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,MAAM,OAAA,CAAQ,GAAA,CAAI,KAAK,CAAA,GAAI,GAAA,CAAI,QAAQ,EAAC;AAAA,QAC/C,MAAA,EAAQ,MAAM,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA,GAAI,GAAA,CAAI,SAAS,EAAC;AAAA,QAClD,cAAc,KAAA,CAAM,OAAA,CAAQ,IAAI,YAAY,CAAA,GACxC,IAAI,YAAA,GACJ;AAAA,OACN;AAAA,IACF;AACA,IAAA,MAAM,IAAI,YAAA;AAAA,MACR,iFAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,SAAS,cAAc,IAAA,EAAuC;AAC5D,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,MAAA,EAAQ,IAAA,CAAK,MAAA,GACT,EAAE,EAAA,EAAI,IAAA,CAAK,MAAA,CAAO,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,IAAA,CAAK,MAAA,CAAO,MAAK,GACnD;AAAA,KACN;AAAA,EACF;AAEA,EAAA,eAAe,eAAA,GAAiC;AAC9C,IAAA,IAAI,MAAA,KAAW,OAAA,IAAW,GAAA,CAAI,WAAA,EAAa;AAC3C,IAAA,QAAA,CAAS,YAAY,CAAA;AACrB,IAAA,IAAI;AAEF,MAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,SAAA,EAAU;AACrC,MAAA,aAAA,GAAgB,aAAa,QAAQ,CAAA;AACrC,MAAA,QAAA,CAAS,OAAO,CAAA;AAAA,IAClB,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,MAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,QAAA,QAAA,CAAS,YAAY,CAAA;AAAA,MACvB,CAAA,MAAO;AACL,QAAA,QAAA,CAAS,QAAQ,CAAA;AAAA,MACnB;AACA,MAAA,SAAA,CAAU,UAAU,CAAA;AACpB,MAAA,MAAM,UAAA;AAAA,IACR;AAAA,EACF;AAIA,EAAA,MAAM,MAAA,GAAwB;AAAA,IAC5B,IAAI,KAAA,GAAQ;AACV,MAAA,OAAO,MAAA;AAAA,IACT,CAAA;AAAA,IAEA,MAAM,OAAA,GAAU;AACd,MAAA,MAAM,eAAA,EAAgB;AAAA,IACxB,CAAA;AAAA,IAEA,MAAM,UAAA,GAAa;AACjB,MAAA,MAAM,IAAI,UAAA,EAAW;AACrB,MAAA,aAAA,GAAgB,IAAA;AAChB,MAAA,QAAA,CAAS,MAAM,CAAA;AAAA,IACjB,CAAA;AAAA,IAEA,MAAM,iBAAA,GAAmD;AACvD,MAAA,MAAM,eAAA,EAAgB;AACtB,MAAA,IAAI;AACF,QAAA,OAAO,MAAM,IAAI,oBAAA,EAAqB;AAAA,MACxC,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,QAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,UAAA,QAAA,CAAS,YAAY,CAAA;AAAA,QACvB;AACA,QAAA,MAAM,UAAA;AAAA,MACR;AAAA,IACF,CAAA;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,MAAA,GAAS;AACb,QAAA,MAAM,eAAA,EAAgB;AAAA,MACxB,CAAA;AAAA,MAEA,MAAM,OAAA,GAAU;AACd,QAAA,MAAM,IAAI,SAAA,EAAU;AACpB,QAAA,aAAA,GAAgB,IAAA;AAChB,QAAA,QAAA,CAAS,MAAM,CAAA;AAAA,MACjB,CAAA;AAAA,MAEA,MAAM,eAAe,GAAA,EAAmB;AACtC,QAAA,MAAM,GAAA,CAAI,eAAe,GAAG,CAAA;AAC5B,QAAA,IAAI;AACF,UAAA,MAAM,eAAA,EAAgB;AAAA,QACxB,SAAS,GAAA,EAAK;AAGZ,UAAA,SAAA,CAAU,cAAA,CAAe,GAAG,CAAC,CAAA;AAAA,QAC/B;AAAA,MACF,CAAA;AAAA,MAEA,WAAW,GAAA,EAA4B;AACrC,QAAA,OAAO,GAAA,CAAI,WAAW,GAAG,CAAA;AAAA,MAC3B,CAAA;AAAA,MAEA,IAAI,eAAA,GAA2B;AAC7B,QAAA,OAAO,MAAA,KAAW,WAAW,GAAA,CAAI,WAAA;AAAA,MACnC;AAAA,KACF;AAAA,IAEA,YAAA,EAAc;AAAA,MACZ,MAAM,IAAA,GAAmC;AACvC,QAAA,MAAM,eAAA,EAAgB;AACtB,QAAA,IAAI;AACF,UAAA,MAAM,EAAE,KAAA,EAAO,MAAA,EAAQ,YAAA,EAAa,GAAI,MAAM,iBAAA,EAAkB;AAEhE,UAAA,MAAM,QAAA,GAAW,sBAAA,CAAuB,KAAA,EAAO,MAAA,EAAQ,YAAY,CAAA;AAGnE,UAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAC,CAAA,CAAE,QAAA,EAAU,CAAA,CAAE,MAAM,CAAC,CAAC,CAAA;AAClE,UAAA,OAAO,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,KAAM;AACzB,YAAA,MAAM,MAAA,GAAS,QAAA,CAAS,GAAA,CAAI,CAAA,CAAE,EAAE,CAAA;AAChC,YAAA,OAAO,MAAA,GAAS,EAAE,GAAG,CAAA,EAAG,QAAO,GAAI,CAAA;AAAA,UACrC,CAAC,CAAA;AAAA,QACH,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,UAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,YAAA,QAAA,CAAS,YAAY,CAAA;AAAA,UACvB;AACA,UAAA,MAAM,UAAA;AAAA,QACR;AAAA,MACF;AAAA,KACF;AAAA,IAEA,KAAA,EAAO;AAAA,MACL,MAAM,KAAK,OAAA,EAAsD;AAC/D,QAAA,MAAM,eAAA,EAAgB;AACtB,QAAA,IAAI;AACF,UAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,SAAA,EAAU;AACrC,UAAA,MAAM,eAAe,QAAA,CAAS,MAAA;AAAA,YAC5B,CAAC,CAAA,KAAM,CAAC,eAAA,CAAgB,GAAA,CAAI,EAAE,IAAI;AAAA,WACpC;AAEA,UAAA,IAAI,aAAa,MAAA,GAAS,CAAA,IAAK,CAAC,YAAA,CAAa,QAAQ,CAAA,EAAG;AACtD,YAAA,aAAA,GAAgB,KAAA;AAChB,YAAA,OAAO,YAAA,CAAa,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,cAC9B,IAAI,CAAA,CAAE,IAAA;AAAA,cACN,MAAM,CAAA,CAAE,IAAA;AAAA,cACR,aAAa,CAAA,CAAE,WAAA;AAAA,cACf,aAAa,CAAA,CAAE;AAAA,aACjB,CAAE,CAAA;AAAA,UACJ;AAEA,UAAA,aAAA,GAAgB,IAAA;AAChB,UAAA,MAAM,EAAE,KAAA,EAAO,YAAA,EAAa,GAAI,MAAM,iBAAA;AAAA,YACpC,OAAA,EAAS;AAAA,WACX;AAKA,UAAA,IAAI,YAAA,EAAc,MAAA,IAAU,MAAA,CAAO,qBAAA,EAAuB;AACxD,YAAA,KAAA,MAAW,KAAK,YAAA,EAAc;AAC5B,cAAA,IAAI,EAAE,GAAA,EAAK;AACT,gBAAA,MAAA,CAAO,qBAAA,CAAsB,EAAE,GAAA,EAAK;AAAA,kBAClC,EAAA,EAAI,EAAE,aAAA,IAAiB,EAAA;AAAA,kBACvB,IAAA,EAAM,CAAA,CAAE,eAAA,IAAmB,CAAA,CAAE;AAAA,iBAC9B,CAAA;AAAA,cACH;AAAA,YACF;AAAA,UACF;AAEA,UAAA,OAAO,KAAA,CAAM,IAAI,aAAa,CAAA;AAAA,QAChC,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,UAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,YAAA,QAAA,CAAS,YAAY,CAAA;AAAA,UACvB;AACA,UAAA,MAAM,UAAA;AAAA,QACR;AAAA,MACF,CAAA;AAAA,MAEA,MAAM,OAAA,CACJ,MAAA,EACA,IAAA,EACqB;AACrB,QAAA,MAAM,eAAA,EAAgB;AAGtB,QAAA,IAAI,kBAAkB,IAAA,EAAM;AAC1B,UAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,SAAA,EAAU;AACrC,UAAA,aAAA,GAAgB,aAAa,QAAQ,CAAA;AAAA,QACvC;AAEA,QAAA,IAAI;AACF,UAAA,MAAM,MAAA,GAAS,aAAA,GACX,MAAM,GAAA,CAAI,SAAS,cAAA,EAAgB;AAAA,YACjC,OAAA,EAAS,MAAA;AAAA,YACT,cAAA,EAAgB,QAAQ;AAAC,WAC1B,CAAA,GACD,MAAM,GAAA,CAAI,QAAA,CAAS,QAAQ,IAAI,CAAA;AAEnC,UAAA,OAAO,EAAE,OAAA,EAAS,kBAAA,CAAmB,MAAM,CAAA,EAAG,KAAK,MAAA,EAAO;AAAA,QAC5D,SAAS,GAAA,EAAK;AACZ,UAAA,MAAM,UAAA,GAAa,eAAe,GAAG,CAAA;AACrC,UAAA,IAAI,sBAAsB,0BAAA,EAA4B;AACpD,YAAA,QAAA,CAAS,YAAY,CAAA;AAAA,UACvB;AACA,UAAA,MAAM,UAAA;AAAA,QACR;AAAA,MACF;AAAA,KACF;AAAA,IAEA,EAAA,CACE,OAEA,OAAA,EACY;AACZ,MAAA,IAAI,CAAC,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,EAAG;AAC1B,QAAA,UAAA,CAAW,GAAA,CAAI,KAAA,kBAAO,IAAI,GAAA,EAAK,CAAA;AAAA,MACjC;AACA,MAAA,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,CAAG,GAAA,CAAI,OAAO,CAAA;AAClC,MAAA,OAAO,MAAM;AACX,QAAA,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA,EAAG,MAAA,CAAO,OAAO,CAAA;AAAA,MACvC,CAAA;AAAA,IACF,CAAA;AAAA,IAEA,IAAI,GAAA,GAAM;AACR,MAAA,OAAO,GAAA;AAAA,IACT;AAAA,GACF;AAEA,EAAA,OAAO,MAAA;AACT;AAcO,SAAS,oBACd,MAAA,EACe;AACf,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,IAAI,OAAO,OAAO,GAAA,KAAQ,QAAA,IAAY,OAAO,GAAA,CAAI,IAAA,EAAK,CAAE,MAAA,KAAW,CAAA,EAAG;AACpE,MAAA,MAAM,IAAI,WAAA;AAAA,QACR,+FAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,kCAAkC,MAAM,CAAA;AAAA,EACjD;AAEA,EAAA,OAAO,0BAA0B,MAAM,CAAA;AACzC;;;ACvQO,IAAM,yBAAA,GACX,iDAAA;AAKK,IAAM,uBAAA,GACX,+CAAA;;;ACpWF,eAAsB,cACpB,MAAA,EACA,YAAA,EACA,QAAA,EACA,KAAA,EACA,mBAA2B,uBAAA,EACK;AAEhC,EAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,EAAA,IAAA,CAAK,GAAA,CAAI,cAAc,yBAAyB,CAAA;AAChD,EAAA,IAAA,CAAK,GAAA,CAAI,iBAAiB,YAAY,CAAA;AACtC,EAAA,IAAA,CAAK,GAAA,CAAI,sBAAsB,gBAAgB,CAAA;AAC/C,EAAA,IAAA,CAAK,GAAA,CAAI,YAAY,QAAQ,CAAA;AAQ7B,EAAA,MAAM,OAAA,GAAkC;AAAA,IACtC,cAAA,EAAgB;AAAA,GAClB;AAEA,EAAA,IAAI,OAAO,YAAA,EAAc;AAEvB,IAAA,MAAM,cAAc,MAAA,CAAO,IAAA;AAAA,MACzB,CAAA,EAAG,MAAA,CAAO,QAAQ,CAAA,CAAA,EAAI,OAAO,YAAY,CAAA;AAAA,KAC3C,CAAE,SAAS,QAAQ,CAAA;AACnB,IAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,CAAA,MAAA,EAAS,WAAW,CAAA,CAAA;AAAA,EACjD,CAAA,MAAO;AAEL,IAAA,IAAA,CAAK,GAAA,CAAI,WAAA,EAAa,MAAA,CAAO,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,MAAA,CAAO,QAAA,EAAU;AAAA,IAC5C,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA;AAAA,IACA,IAAA,EAAM,KAAK,QAAA;AAAS,GACrB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,IAAI,eAAe,CAAA,uBAAA,EAA0B,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,SAAS,UAAU,CAAA,CAAA;AACnF,IAAA,IAAI,SAAA;AACJ,IAAA,IAAI,eAAA;AACJ,IAAA,IAAI,aAAA;AAEJ,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,SAAA,GAAY,SAAA,CAAU,KAAA;AACtB,MAAA,IAAI,UAAU,iBAAA,EAAmB;AAC/B,QAAA,YAAA,GAAe,SAAA,CAAU,iBAAA;AAAA,MAC3B,CAAA,MAAA,IAAW,UAAU,KAAA,EAAO;AAC1B,QAAA,YAAA,GAAe,CAAA,uBAAA,EAA0B,UAAU,KAAK,CAAA,CAAA;AAAA,MAC1D;AAGA,MAAA,IAAI,SAAA,CAAU,gBAAA,IAAoB,SAAA,CAAU,cAAA,EAAgB;AAC1D,QAAA,eAAA,GAAkB,SAAA,CAAU,gBAAA;AAC5B,QAAA,aAAA,GAAgB,SAAA,CAAU,cAAA;AAAA,MAC5B;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,IAAI,UAAA,CAAW,YAAA,EAAc,qCAAA,EAAuC;AAAA,MACxE,SAAA;AAAA,MACA,IAAA,EAAM;AAAA,QACJ,eAAA;AAAA,QACA;AAAA;AACF,KACD,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,aAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAG3C,EAAA,IAAI,CAAC,cAAc,YAAA,EAAc;AAC/B,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,+CAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,cAAc,iBAAA,EAAmB;AACpC,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,oDAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,cAAc,UAAA,EAAY;AAC7B,IAAA,MAAM,IAAI,UAAA;AAAA,MACR,6CAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,aAAA;AACT;;;AC9IO,IAAM,sBAAA,GAAN,MAAM,uBAAA,SAA+B,KAAA,CAAM;AAAA,EACvC,IAAA;AAAA,EAET,WAAA,CAAY,MAAkC,OAAA,EAAiB;AAC7D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,wBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,uBAAA,CAAuB,SAAS,CAAA;AAAA,EAC9D;AACF,CAAA;;;ACVA,IAAM,oBAAA,GAAuB,IAAI,EAAA,GAAK,GAAA;AACtC,IAAM,8BAA8B,EAAA,GAAK,GAAA;AAQlC,IAAM,aAAN,MAAiB;AAAA,EACL,OAAA;AAAA,EACA,UAAA;AAAA,EACA,iBAAA;AAAA,EACA,WAAA;AAAA,EAET,IAAA,GAA+B,IAAA;AAAA,EAC/B,WAAA,GAAc,CAAA;AAAA,EACd,aAAA,GAAgB,CAAA;AAAA,EAExB,YAAY,OAAA,EAA4B;AACtC,IAAA,IAAA,CAAK,OAAA,GAAU,IAAI,GAAA,CAAI,OAAA,CAAQ,OAAO,CAAA;AACtC,IAAA,IAAA,CAAK,UAAA,GAAa,QAAQ,UAAA,IAAc,oBAAA;AACxC,IAAA,IAAA,CAAK,iBAAA,GACH,QAAQ,iBAAA,IAAqB,2BAAA;AAC/B,IAAA,IAAA,CAAK,cAAc,OAAA,CAAQ,KAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,cAAA,GAAkC;AAChC,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,IAAA,IAAI,KAAK,IAAA,IAAQ,GAAA,GAAM,IAAA,CAAK,WAAA,GAAc,KAAK,UAAA,EAAY;AACzD,MAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,IACd;AAEA,IAAA,IAAI,CAAC,KAAK,IAAA,EAAM;AACd,MAAA,IAAA,CAAK,IAAA,GAAO,kBAAA,CAAmB,IAAA,CAAK,OAAA,EAAS;AAAA;AAAA,QAE3C,GAAI,KAAK,WAAA,IAAe;AAAA,UACtB,iBAAC,MAAA,CAAO,GAAA,CAAI,OAAO,CAAC,GAAG,IAAA,CAAK;AAAA;AAC9B,OACD,CAAA;AACD,MAAA,IAAA,CAAK,WAAA,GAAc,GAAA;AAAA,IACrB;AAEA,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAA,GAAmB;AACjB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAErB,IAAA,IAAI,CAAC,IAAA,CAAK,UAAA,EAAW,EAAG;AACtB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,aAAA,GAAgB,GAAA;AACrB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAAsB;AACpB,IAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,iBAAiB,IAAA,CAAK,iBAAA;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,iBAAiB,GAAA,EAA4C;AAC3D,IAAA,IAAI,IAAA,CAAK,SAAQ,EAAG;AAElB,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,OAAO,IAAI,sBAAA;AAAA,MACT,aAAA;AAAA,MACA,mBAAmB,GAAG,CAAA,2BAAA;AAAA,KACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAAmB;AACjB,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,WAAA,GAAc,CAAA;AAAA,EAErB;AACF,CAAA;;;ACnHA,IAAM,2BAAA,GAA8B,EAAA;AACpC,IAAM,oBAAA,GAAuB,CAAC,OAAA,EAAS,OAAO,CAAA;AA0CvC,IAAM,uBAAN,MAA2B;AAAA,EACf,MAAA;AAAA,EACA,UAAA;AAAA,EACA,SAAA;AAAA,EAEjB,YAAY,MAAA,EAAoC;AAC9C,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,cAAA,EAAgB,MAAA,CAAO,cAAA,IAAkB,EAAC;AAAA,MAC1C,UAAA,EAAY,MAAA,CAAO,UAAA,IAAc,CAAA,GAAI,EAAA,GAAK,GAAA;AAAA,MAC1C,iBAAA,EAAmB,MAAA,CAAO,iBAAA,IAAqB,EAAA,GAAK,GAAA;AAAA,MACpD,iBAAA,EACE,OAAO,iBAAA,IAAqB,2BAAA;AAAA,MAC9B,OAAO,MAAA,CAAO;AAAA,KAChB;AAEA,IAAA,IAAA,CAAK,SAAA,GAAY,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,QAAQ,IAC1C,MAAA,CAAO,QAAA,GACP,CAAC,MAAA,CAAO,QAAQ,CAAA;AAEpB,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,UAAA,CAAW;AAAA,MAC/B,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,UAAA,EAAY,KAAK,MAAA,CAAO,UAAA;AAAA,MACxB,iBAAA,EAAmB,KAAK,MAAA,CAAO,iBAAA;AAAA,MAC/B,OAAO,MAAA,CAAO;AAAA,KACf,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,OAAO,KAAA,EAAsC;AACjD,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAA,CAAK,cAAA,CAAe,KAAA,EAAO,KAAK,CAAA;AAAA,IAC/C,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,sBAAA,EAAwB;AAC3C,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAM;AAAA,MACjC;AAGA,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,OAAO,IAAI,sBAAA;AAAA,UACT,sBAAA;AAAA,UACA,CAAA,+BAAA,EAAmC,MAAgB,OAAO,CAAA;AAAA;AAC5D,OACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,aAAa,KAAA,EAAoD;AACrE,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AACtC,IAAA,OAAO,MAAA,CAAO,OAAA,GAAU,MAAA,CAAO,MAAA,GAAS,IAAA;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAAmB;AACjB,IAAA,IAAA,CAAK,WAAW,UAAA,EAAW;AAAA,EAC7B;AAAA,EAEA,MAAc,cAAA,CACZ,KAAA,EACA,OAAA,EACuB;AACvB,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,UAAA,CAAW,cAAA,EAAe;AAE5C,IAAA,IAAI;AAEF,MAAA,MAAM,EAAE,OAAA,EAAS,eAAA,KAAoB,MAAM,SAAA,CAAU,OAAO,IAAA,EAAM;AAAA,QAChE,MAAA,EAAQ,KAAK,MAAA,CAAO,MAAA;AAAA,QACpB,UAAU,IAAA,CAAK,SAAA;AAAA,QACf,cAAA,EAAgB,KAAK,MAAA,CAAO,iBAAA;AAAA,QAC5B,UAAA,EAAY;AAAA,OACb,CAAA;AAGD,MAAA,MAAM,MAAM,eAAA,CAAgB,GAAA;AAC5B,MAAA,IAAI,CAAC,oBAAA,CAAqB,QAAA,CAAS,GAAG,CAAA,EAAG;AACvC,QAAA,MAAM,IAAI,sBAAA;AAAA,UACR,uBAAA;AAAA,UACA,0BAA0B,GAAG,CAAA,mBAAA,EAAsB,oBAAA,CAAqB,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,SACpF;AAAA,MACF;AAGA,MAAA,MAAM,UAAA,GAAa,OAAA;AACnB,MAAA,IACE,OAAO,UAAA,CAAW,GAAA,KAAQ,QAAA,IAC1B,CAAC,MAAA,CAAO,QAAA,CAAS,UAAA,CAAW,GAAG,CAAA,IAC/B,UAAA,CAAW,GAAA,IAAO,CAAA,EAClB;AACA,QAAA,MAAM,IAAI,sBAAA;AAAA,UACR,gBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF;AAGA,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,WAAA,CAAY,UAAA,CAAW,KAAK,CAAA;AAChD,MAAA,KAAA,MAAW,QAAA,IAAY,IAAA,CAAK,MAAA,CAAO,cAAA,EAAgB;AACjD,QAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,QAAQ,CAAA,EAAG;AAC9B,UAAA,MAAM,IAAI,sBAAA;AAAA,YACR,eAAA;AAAA,YACA,2BAA2B,QAAQ,CAAA;AAAA,WACrC;AAAA,QACF;AAAA,MACF;AAGA,MAAA,MAAM,QAAA,GAAW,UAAA,CAAW,SAAA,IAAa,UAAA,CAAW,GAAA;AACpD,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,MAAM,IAAI,sBAAA;AAAA,UACR,gBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF;AAGA,MAAA,MAAM,MAAA,GAA8B;AAAA,QAClC,GAAA,EAAK,WAAW,GAAA,IAAO,EAAA;AAAA,QACvB,QAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA,EAAW,IAAI,IAAA,CAAK,UAAA,CAAW,MAAM,GAAI,CAAA;AAAA,QACzC,KAAK,UAAA,CAAW,GAAA;AAAA,QAChB,OAAA,EAAS;AAAA,OACX;AAEA,MAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,MAAA,EAAO;AAAA,IACjC,SAAS,KAAA,EAAO;AAEd,MAAA,IAAI,KAAA,YAAiBA,OAAW,iBAAA,EAAmB;AAEjD,QAAA,IAAI,CAAC,OAAA,EAAS;AACZ,UAAA,MAAM,GAAA,GAAM,IAAA,CAAK,UAAA,CAAW,KAAK,CAAA;AACjC,UAAA,MAAM,YAAA,GAAe,KAAK,UAAA,CAAW,gBAAA;AAAA,YACnC,GAAA,IAAO;AAAA,WACT;AACA,UAAA,IAAI,CAAC,YAAA,EAAc;AAEjB,YAAA,OAAO,IAAA,CAAK,cAAA,CAAe,KAAA,EAAO,IAAI,CAAA;AAAA,UACxC;AACA,UAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,YAAA,EAAa;AAAA,QAC/C;AAEA,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,IAAI,sBAAA;AAAA,YACT,aAAA;AAAA,YACA;AAAA;AACF,SACF;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,YAAiBA,OAAW,UAAA,EAAY;AAC1C,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,IAAI,sBAAA;AAAA,YACT,eAAA;AAAA,YACA;AAAA;AACF,SACF;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,YAAiBA,OAAW,wBAAA,EAA0B;AACxD,QAAA,MAAM,UAAU,KAAA,CAAM,OAAA;AACtB,QAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,KAAK,CAAA,EAAG;AAC3B,UAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,OAAO,MAAM,CAAA,GAC7C,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,MAAM,CAAA,GAC9B,KAAK,MAAA,CAAO,MAAA;AAChB,UAAA,OAAO;AAAA,YACL,OAAA,EAAS,KAAA;AAAA,YACT,OAAO,IAAI,sBAAA;AAAA,cACT,gBAAA;AAAA,cACA,4BAA4B,QAAQ,CAAA;AAAA;AACtC,WACF;AAAA,QACF;AACA,QAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,KAAK,CAAA,EAAG;AAC3B,UAAA,OAAO;AAAA,YACL,OAAA,EAAS,KAAA;AAAA,YACT,OAAO,IAAI,sBAAA;AAAA,cACT,kBAAA;AAAA,cACA,CAAA,kCAAA,EAAqC,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA;AAChE,WACF;AAAA,QACF;AACA,QAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,KAAK,CAAA,EAAG;AAC3B,UAAA,OAAO;AAAA,YACL,OAAA,EAAS,KAAA;AAAA,YACT,OAAO,IAAI,sBAAA;AAAA,cACT,qBAAA;AAAA,cACA;AAAA;AACF,WACF;AAAA,QACF;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,YAAiBA,OAAW,8BAAA,EAAgC;AAC9D,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,IAAI,sBAAA;AAAA,YACT,mBAAA;AAAA,YACA;AAAA;AACF,SACF;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,YAAiBA,OAAW,UAAA,EAAY;AAC1C,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,IAAI,sBAAA;AAAA,YACT,sBAAA;AAAA,YACA,CAAA,aAAA,EAAgB,MAAM,OAAO,CAAA;AAAA;AAC/B,SACF;AAAA,MACF;AAGA,MAAA,IAAI,iBAAiB,sBAAA,EAAwB;AAC3C,QAAA,MAAM,KAAA;AAAA,MACR;AAGA,MAAA,MAAM,IAAI,sBAAA;AAAA,QACR,sBAAA;AAAA,QACA,CAAA,qBAAA,EAAyB,MAAgB,OAAO,CAAA;AAAA,OAClD;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,YAAY,KAAA,EAAqC;AACvD,IAAA,IAAI,CAAC,KAAA,EAAO,OAAO,EAAC;AACpB,IAAA,OAAO,KAAA,CACJ,KAAA,CAAM,GAAG,CAAA,CACT,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,IAAA,EAAM,CAAA,CACnB,MAAA,CAAO,OAAO,CAAA;AAAA,EACnB;AAAA,EAEQ,WAAW,KAAA,EAA8B;AAC/C,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,sBAAsB,KAAK,CAAA;AAC1C,MAAA,OAAO,OAAO,GAAA,IAAO,IAAA;AAAA,IACvB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AACF;;;AC3SO,IAAM,cAAA,GAAN,MAAM,eAAA,CAAe;AAAA,EACT,UAAA,uBAAiB,GAAA,EAGhC;AAAA,EACe,YAAA,uBAAmB,GAAA,EAAoB;AAAA,EACvC,SAAA,uBAAgB,GAAA,EAAoB;AAAA,EACpC,eAAA;AAAA,EAEjB,OAAwB,gBAAA,GAAmB,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA;AAAA,EACrD,OAAwB,mBAAA,GAAsB,CAAA,GAAI,EAAA,GAAK,GAAA;AAAA;AAAA,EAEvD,WAAA,GAAc;AACZ,IAAA,IAAA,CAAK,eAAA,GAAkB,WAAA;AAAA,MACrB,MAAM,KAAK,oBAAA,EAAqB;AAAA,MAChC,eAAA,CAAe;AAAA,KACjB;AAEA,IAAA,IAAI,IAAA,CAAK,gBAAgB,KAAA,EAAO;AAC9B,MAAA,IAAA,CAAK,gBAAgB,KAAA,EAAM;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,aAAa,SAAA,EAA8D;AACzE,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,SAAS,CAAA;AAAA,EACtC;AAAA,EAEA,eAAA,CACE,SAAA,EACA,SAAA,EACA,SAAA,EACA,SAAA,EACM;AACN,IAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,SAAA,EAAW,SAAS,CAAA;AACxC,IAAA,IAAA,CAAK,YAAA,CAAa,GAAA,CAAI,SAAA,EAAW,IAAA,CAAK,KAAK,CAAA;AAC3C,IAAA,IAAI,cAAc,MAAA,EAAW;AAC3B,MAAA,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,SAAA,EAAW,SAAS,CAAA;AAAA,IACzC;AAEA,IAAA,SAAA,CAAU,UAAU,MAAM;AACxB,MAAA,IAAA,CAAK,cAAc,SAAS,CAAA;AAC5B,MAAA,SAAA,EAAW,kBAAkB,SAAS,CAAA;AAAA,IACxC,CAAA;AAAA,EACF;AAAA,EAEA,aAAa,SAAA,EAAyB;AACpC,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,SAAS,CAAA,EAAG;AAClC,MAAA,IAAA,CAAK,YAAA,CAAa,GAAA,CAAI,SAAA,EAAW,IAAA,CAAK,KAAK,CAAA;AAAA,IAC7C;AAAA,EACF;AAAA,EAEA,cAAc,SAAA,EAAyB;AACrC,IAAA,IAAA,CAAK,UAAA,CAAW,OAAO,SAAS,CAAA;AAChC,IAAA,IAAA,CAAK,YAAA,CAAa,OAAO,SAAS,CAAA;AAClC,IAAA,IAAA,CAAK,SAAA,CAAU,OAAO,SAAS,CAAA;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,iBAAiB,SAAA,EAA4B;AAC3C,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,SAAS,CAAA;AACxC,IAAA,OAAO,GAAA,KAAQ,MAAA,IAAa,IAAA,CAAK,GAAA,KAAQ,GAAA,IAAQ,GAAA;AAAA,EACnD;AAAA,EAEQ,oBAAA,GAA6B;AACnC,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,QAAQ,KAAK,IAAA,CAAK,YAAA,CAAa,SAAQ,EAAG;AACzD,MAAA,IAAI,GAAA,GAAM,QAAA,GAAW,eAAA,CAAe,gBAAA,EAAkB;AACpD,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,GAAG,CAAA;AACzC,QAAA,IAAI,SAAA,EAAW;AACb,UAAA,KAAK,UAAU,KAAA,IAAQ;AAAA,QACzB;AACA,QAAA,IAAA,CAAK,cAAc,GAAG,CAAA;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAA,GAAgB;AACd,IAAA,aAAA,CAAc,KAAK,eAAe,CAAA;AAClC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,SAAS,KAAK,IAAA,CAAK,UAAA,CAAW,SAAQ,EAAG;AACxD,MAAA,KAAK,UAAU,KAAA,IAAQ;AACvB,MAAA,IAAA,CAAK,cAAc,GAAG,CAAA;AAAA,IACxB;AAAA,EACF;AACF,CAAA;;;ACnCA,IAAM,eAAA,GAAkB,yBAAA;AACxB,IAAM,qBAAA,GAAwB,KAAK,EAAA,GAAK,GAAA;AACxC,IAAM,4BAAA,GAA+B,GAAA;AACrC,IAAM,8BAAA,GAAiC,CAAA;AACvC,IAAM,mCAAmC,EAAA,GAAK,GAAA;AAE9C,IAAM,eAAe,MAAM;AACzB,EAAA,IAAI;AACF,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,MAAA,CAAA,IAAA,CAAY,GAAG,CAAA;AAChD,IAAA,MAAM,GAAA,GAAM,WAAW,oBAAoB,CAAA;AAC3C,IAAA,OAAO,IAAI,OAAA,IAAW,SAAA;AAAA,EACxB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,SAAA;AAAA,EACT;AACF,CAAA,GAAG;AA0BI,IAAM,OAAA,GAAN,MAAM,QAAA,CAAQ;AAAA,EACnB,OAAwB,iBAAA,mBAAoB,IAAI,GAAA,EAAa;AAAA,EAC7D,OAAe,0BAAA,GAA6B,KAAA;AAAA,EAE3B,QAAA;AAAA,EACA,YAAA;AAAA,EACA,MAAA;AAAA,EACA,YAAA;AAAA;AAAA,EAGT,aAAA,GAAsC,IAAA;AAAA,EACtC,iBAAA,GAAoB,CAAA;AAAA,EACpB,eAAA,GAAiD,IAAA;AAAA;AAAA,EAGxC,eAAA,uBAAsB,GAAA,EAA8B;AAAA,EACpD,uBAAA,uBAA8B,GAAA,EAG7C;AAAA,EACe,gBAAA,uBAAuB,GAAA,EAAgC;AAAA,EACvD,kBAAA,uBAAyB,OAAA,EAGxC;AAAA,EACM,wBAAA,GAA2B,CAAA;AAAA;AAAA,EAG3B,YAAA,GAA8B,IAAA;AAAA,EAC9B,eAAA,GAAkB,CAAA;AAAA,EAClB,mBAAA,GAA8C,IAAA;AAAA;AAAA,EAGrC,eAAA,uBAAsB,GAAA,EAAoB;AAAA,EAC1C,yBAAA,uBAAgC,GAAA,EAAY;AAAA,EAE7D,YAAY,OAAA,EAAyB;AACnC,IAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AACxB,IAAA,IAAA,CAAK,YAAA,GACH,OAAA,CAAQ,YAAA,IAAgB,OAAA,CAAQ,GAAA,CAAI,qBAAA;AACtC,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,MAAA,IAAU,eAAA,EAAiB,OAAA,CAAQ,OAAO,EAAE,CAAA;AACnE,IAAA,MAAM,kBAAkB,KAAA,CAAM,OAAA,CAAQ,QAAQ,WAAW,CAAA,GACrD,QAAQ,WAAA,GACR,OAAA,CAAQ,cACN,OAAA,CAAQ,WAAA,CAAY,MAAM,GAAG,CAAA,GAC7B,QAAQ,GAAA,CAAI,oBAAA,EAAsB,MAAM,GAAG,CAAA;AACjD,IAAA,IAAA,CAAK,eAAe,KAAA,CAAM,IAAA;AAAA,MACxB,IAAI,GAAA,CAAI,eAAA,EAAiB,GAAA,CAAI,CAAC,MAAA,KAAW,MAAA,CAAO,IAAA,EAAM,CAAA,CAAE,MAAA,CAAO,OAAO,CAAC;AAAA,KACzE;AAEA,IAAA,QAAA,CAAQ,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAClC,IAAA,QAAA,CAAQ,sBAAA,EAAuB;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAA,GAAyB;AAC7B,IAAA,MAAM,KAAK,qBAAA,EAAsB;AACjC,IAAA,QAAA,CAAQ,iBAAA,CAAkB,OAAO,IAAI,CAAA;AACrC,IAAA,IAAA,CAAK,gBAAgB,KAAA,EAAM;AAC3B,IAAA,IAAA,CAAK,wBAAwB,KAAA,EAAM;AACnC,IAAA,IAAA,CAAK,aAAA,GAAgB,IAAA;AACrB,IAAA,IAAA,CAAK,iBAAA,GAAoB,CAAA;AACzB,IAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AACvB,IAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AACpB,IAAA,IAAA,CAAK,eAAA,GAAkB,CAAA;AACvB,IAAA,IAAA,CAAK,mBAAA,GAAsB,IAAA;AAC3B,IAAA,IAAA,CAAK,gBAAgB,KAAA,EAAM;AAC3B,IAAA,IAAA,CAAK,0BAA0B,KAAA,EAAM;AAAA,EACvC;AAAA,EAEA,OAAe,sBAAA,GAA+B;AAC5C,IAAA,IAAI,SAAQ,0BAAA,EAA4B;AAExC,IAAA,MAAM,aAAa,MAAM;AACvB,MAAA,KAAA,MAAW,QAAA,IAAY,SAAQ,iBAAA,EAAmB;AAChD,QAAA,KAAK,SAAS,qBAAA,EAAsB;AAAA,MACtC;AAAA,IACF,CAAA;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK,UAAU,UAAU,CAAA;AACjC,IAAA,OAAA,CAAQ,IAAA,CAAK,WAAW,UAAU,CAAA;AAClC,IAAA,QAAA,CAAQ,0BAAA,GAA6B,IAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiCA,UAAA,CAAW,QAA4B,OAAA,EAAqC;AAE1E,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,MAAA,CAAA,IAAA,CAAY,GAAG,CAAA;AAChD,IAAA,MAAM,OAAA,GAAU,WAAW,SAAS,CAAA;AACpC,IAAA,MAAM,MAAA,GAAS,QAAQ,MAAA,EAAO;AAE9B,IAAA,MAAM,OAAA,GAAU,SAAS,OAAA,IAAW,MAAA;AACpC,IAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,EAAe;AAC1C,IAAA,MAAM,QAAA,GAAW,SAAS,mBAAA,IAAuB,KAAA;AAIjD,IAAA,MAAA,CAAO,GAAA,CAAI,CAAC,IAAA,EAAe,GAAA,EAAe,IAAA,KAAuB;AAC/D,MAAA,GAAA,CAAI,MAAA,CAAO,+BAA+B,GAAG,CAAA;AAC7C,MAAA,GAAA,CAAI,MAAA;AAAA,QACF,8BAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,GAAA,CAAI,MAAA,CAAO,iCAAiC,gBAAgB,CAAA;AAC5D,MAAA,GAAA,CAAI,MAAA,CAAO,gCAAgC,4BAA4B,CAAA;AACvE,MAAA,IAAI,IAAA,CAAK,WAAW,SAAA,EAAW;AAC7B,QAAA,GAAA,CAAI,WAAW,GAAG,CAAA;AAClB,QAAA;AAAA,MACF;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAC,CAAA;AAED,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OACF;AAGA,MAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,IAAA,CAAK,EAAE,OAAO,OAAA,EAAS,SAAA,IAAa,KAAA,EAAO,CAAC,CAAA;AACxE,MAAA,MAAMC,cAAa,IAAA,CAAK,gBAAA;AAAA,QACtB,MAAA;AAAA,QACA,cAAA;AAAA,QACA,IAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,MAAA,CAAO,IAAA,CAAK,OAAA,EAASA,WAAAA,CAAW,IAAI,CAAA;AACpC,MAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAASA,WAAAA,CAAW,GAAG,CAAA;AAClC,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,EAASA,WAAAA,CAAW,MAAM,CAAA;AAExC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,cAAA,GAAiB,OACrB,GAAA,KACgC;AAChC,MAAA,MAAM,WAAW,IAAA,CAAK,sBAAA;AAAA,QACpB,MAAM,KAAK,gBAAA,EAAiB;AAAA,QAC5B,OAAA,EAAS;AAAA,OACX;AACA,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,wBAAA,CAAyB,GAAA,EAAK,SAAS,OAAO,CAAA;AACjE,MAAA,OAAO,IAAA,CAAK,6BAAA;AAAA,QACV,QAAA;AAAA,QACA,KAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAAA,IACF,CAAA;AAKA,IAAA,MAAA,CAAO,GAAA,CAAI,OAAO,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AACpE,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,IAAA,IAAQ,GAAA,CAAI,GAAA,IAAO,EAAA;AACpC,MAAA,MAAM,oBACJ,IAAA,CAAK,UAAA,CAAW,yCAAyC,CAAA,IACzD,IAAA,CAAK,WAAW,uCAAuC,CAAA;AAEzD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,IAAA,EAAK;AACL,QAAA;AAAA,MACF;AAEA,MAAA,IAAI;AACF,QAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,QAAA,WAAA,CAAY,cAAA,CAAe,GAAA,EAAK,GAAA,EAAK,IAAI,CAAA;AAAA,MAC3C,SAAS,KAAA,EAAO;AACd,QAAA,IAAA,CAAK,wBAAA,CAAyB,KAAK,KAAK,CAAA;AAAA,MAC1C;AAAA,IACF,CAAC,CAAA;AAGD,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,IAAA,CAAK,EAAE,OAAO,OAAA,EAAS,SAAA,IAAa,KAAA,EAAO,CAAC,CAAA;AAExE,IAAA,MAAM,aAAa,IAAA,CAAK,gBAAA;AAAA,MACtB,MAAA;AAAA,MACA,cAAA;AAAA,MACA,cAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAA,CAAO,IAAA,CAAK,OAAA,EAAS,UAAA,CAAW,IAAI,CAAA;AACpC,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,UAAA,CAAW,GAAG,CAAA;AAClC,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,EAAS,UAAA,CAAW,MAAM,CAAA;AAExC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,OAAA,CACJ,WAAA,EACA,KAAA,EACgC;AAChC,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,IAAA,CAAK,wBAAwB,GAAG,CAAA;AAGhC,IAAA,MAAM,QAAA,GAAW,CAAA,EAAG,WAAW,CAAA,EAAA,EAAK,KAAK,CAAA,CAAA;AACzC,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,QAAQ,CAAA;AAChD,IAAA,IAAI,MAAA,IAAU,GAAA,GAAM,MAAA,CAAO,SAAA,EAAW;AAEpC,MAAA,IAAA,CAAK,eAAA,CAAgB,OAAO,QAAQ,CAAA;AACpC,MAAA,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,QAAA,EAAU,MAAM,CAAA;AACzC,MAAA,OAAO,MAAA,CAAO,UAAA;AAAA,IAChB;AACA,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAA,CAAK,eAAA,CAAgB,OAAO,QAAQ,CAAA;AAAA,IACtC;AAGA,IAAA,MAAM,cAAA,GAAsC;AAAA,MAC1C,QAAA,EAAU,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,aAAA,CAAA;AAAA,MACxB,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,cAAc,IAAA,CAAK;AAAA,KACrB;AAEA,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,aAAA,CAAc,cAAA,EAAgB,KAAA,EAAO,WAAW,CAAA;AAAA,IACnE,SAAS,GAAA,EAAK;AAIZ,MAAA,IAAI,eAAe,UAAA,EAAY;AAC7B,QAAA,IACE,IAAI,SAAA,KAAc,sBAAA,IAClB,GAAA,CAAI,OAAA,CAAQ,SAAS,eAAe,CAAA,IACnC,GAAA,CAAI,OAAA,CAAQ,SAAS,SAAS,CAAA,IAAK,IAAI,OAAA,CAAQ,QAAA,CAAS,WAAW,CAAA,EACpE;AACA,UAAA,MAAM,aAAA,GACH,GAAA,CAAI,IAAA,CAAK,aAAA,IAA4B,WAAA;AACxC,UAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,eAAA;AAAA,YAC5B,KAAA;AAAA,YACA,aAAA;AAAA,YACA;AAAA,WACF;AACA,UAAA,MAAM,IAAI,mCAAmC,aAAA,EAAe;AAAA,YAC1D,eAAA,EAAiB,IAAI,IAAA,CAAK,eAAA;AAAA,YAC1B,UAAA;AAAA,YACA,SAAS,GAAA,CAAI;AAAA,WACd,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA,MAAM,GAAA;AAAA,IACR;AAEA,IAAA,MAAM,UAAA,GAAoC;AAAA,MACxC,aAAa,QAAA,CAAS,YAAA;AAAA,MACtB,WAAW,QAAA,CAAS,UAAA;AAAA,MACpB,eAAe,CAAA,EAAG,QAAA,CAAS,UAAU,CAAA,CAAA,EAAI,SAAS,YAAY,CAAA,CAAA;AAAA,MAC9D,WAAW,QAAA,CAAS,UAAA;AAAA,MACpB,OAAO,QAAA,CAAS,KAAA;AAAA,MAChB;AAAA,KACF;AAGA,IAAA,IAAI,SAAS,UAAA,EAAY;AACvB,MAAA,MAAM,KAAA,GAAQ,KAAK,GAAA,CAAI,QAAA,CAAS,aAAa,EAAA,EAAI,CAAA,GAAI,EAAE,CAAA,GAAI,GAAA;AAC3D,MAAA,IAAI,QAAQ,CAAA,EAAG;AACb,QAAA,IAAA,CAAK,cAAA,CAAe,IAAA,CAAK,eAAA,EAAiB,4BAA4B,CAAA;AACtE,QAAA,IAAA,CAAK,eAAA,CAAgB,IAAI,QAAA,EAAU;AAAA,UACjC,UAAA;AAAA,UACA,WAAW,GAAA,GAAM;AAAA,SAClB,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,OAAO,UAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,kBAAA,CACJ,WAAA,EACA,KAAA,EACyC;AACzC,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,IAAA,CAAK,gCAAgC,GAAG,CAAA;AAExC,IAAA,MAAM,QAAA,GAAW,CAAA,EAAG,WAAW,CAAA,EAAA,EAAK,KAAK,CAAA,sBAAA,CAAA;AACzC,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,uBAAA,CAAwB,GAAA,CAAI,QAAQ,CAAA;AACxD,IAAA,IAAI,MAAA,IAAU,GAAA,GAAM,MAAA,CAAO,SAAA,EAAW;AACpC,MAAA,IAAA,CAAK,uBAAA,CAAwB,OAAO,QAAQ,CAAA;AAC5C,MAAA,IAAA,CAAK,uBAAA,CAAwB,GAAA,CAAI,QAAA,EAAU,MAAM,CAAA;AACjD,MAAA,OAAO,MAAA,CAAO,UAAA;AAAA,IAChB;AACA,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAA,CAAK,uBAAA,CAAwB,OAAO,QAAQ,CAAA;AAAA,IAC9C;AAEA,IAAA,MAAM,cAAA,GAAsC;AAAA,MAC1C,QAAA,EAAU,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,aAAA,CAAA;AAAA,MACxB,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,cAAc,IAAA,CAAK;AAAA,KACrB;AAEA,IAAA,IAAI,kBAAA,GAAqB,KAAA;AACzB,IAAA,IAAI,CAAC,IAAA,CAAK,oBAAA,CAAqB,KAAK,CAAA,EAAG;AACrC,MAAA,IAAI;AACF,QAAA,MAAM,YAAY,MAAM,aAAA;AAAA,UACtB,cAAA;AAAA,UACA,KAAA;AAAA,UACA;AAAA,SACF;AACA,QAAA,kBAAA,GAAqB,SAAA,CAAU,YAAA;AAAA,MACjC,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,IAAI,UAAA;AAAA,UACR,8CAAA;AAAA,UACA,qCAAA;AAAA,UACA;AAAA,YACE,SAAA,EAAW,6BAAA;AAAA,YACX,kBACE,GAAA,YAAe,KAAA,GACX,IAAI,OAAA,GACJ,MAAA,CAAO,OAAO,eAAe;AAAA;AACrC,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,aAAA,GAAgB,MAAM,IAAA,CAAK,2BAAA;AAAA,MAC/B,WAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,MAAM,MAAM,KAAA;AAAA,MAChB,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,kBAAA,EAAqB,aAAa,CAAA,oBAAA,CAAA;AAAA,MAChD;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,aAAA,EAAe,UAAU,kBAAkB,CAAA,CAAA;AAAA,UAC3C,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,IAAA,EAAM;AAAA;AACR,KACF;AAEA,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,MAAA,MAAM,OAAA,GACJ,IAAA,IAAQ,IAAA,CAAK,IAAA,EAAK,CAAE,SAAS,CAAA,GACzB,IAAA,GACA,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,4BAAA,CAAA;AAExB,MAAA,IACE,GAAA,CAAI,WAAW,GAAA,IACf,OAAA,CAAQ,aAAY,CAAE,QAAA,CAAS,sBAAsB,CAAA,EACrD;AACA,QAAA,MAAM,IAAI,mCAAmC,aAAA,EAAe;AAAA,UAC1D,eAAA,EAAiB,OAAO,WAAW,CAAA;AAAA,UACnC;AAAA,SACD,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,iDAAiD,aAAa,CAAA,CAAA;AAAA,QAC9D,oCAAA;AAAA,QACA;AAAA,UACE,SAAA,EAAW,4BAAA;AAAA,UACX,gBAAA,EAAkB;AAAA;AACpB,OACF;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAW,MAAM,GAAA,CAAI,IAAA,EAAK;AAKhC,IAAA,IACE,CAAC,OAAA,CAAQ,WAAA,IACT,OAAO,OAAA,CAAQ,WAAA,KAAgB,QAAA,IAC/B,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EACjC;AACA,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,6CAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,cAAsC,EAAC;AAC7C,IAAA,KAAA,MAAW,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EAAG;AAC9D,MAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,QAAA,WAAA,CAAY,GAAG,CAAA,GAAI,KAAA;AAAA,MACrB;AAAA,IACF;AAEA,IAAA,IAAI,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA,CAAE,WAAW,CAAA,EAAG;AACzC,MAAA,MAAM,IAAI,mCAAmC,aAAA,EAAe;AAAA,QAC1D,eAAA,EAAiB,OAAO,WAAW,CAAA;AAAA,QACnC,OAAA,EAAS;AAAA,OACV,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,QAAA,GAA2C;AAAA,MAC/C,WAAA;AAAA,MACA,aAAA,EAAe,QAAQ,aAAA,IAAiB,aAAA;AAAA,MACxC;AAAA,KACF;AAEA,IAAA,IAAA,CAAK,cAAA;AAAA,MACH,IAAA,CAAK,uBAAA;AAAA,MACL;AAAA,KACF;AACA,IAAA,IAAA,CAAK,uBAAA,CAAwB,IAAI,QAAA,EAAU;AAAA,MACzC,UAAA,EAAY,QAAA;AAAA,MACZ,WAAW,GAAA,GAAM;AAAA,KAClB,CAAA;AAED,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEQ,mBAAA,GAAmC;AACzC,IAAA,uBAAO,IAAI,GAAA,CAAI,CAAC,CAAA,EAAG,IAAI,GAAA,CAAI,IAAA,CAAK,MAAM,CAAA,CAAE,MAAM,CAAA,IAAA,CAAA,EAAQ,aAAa,CAAC,CAAA;AAAA,EACtE;AAAA,EAEQ,qBAAqB,KAAA,EAAwB;AACnD,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,qBAAA,CAAsB,KAAK,CAAA;AAClD,IAAA,IAAI,SAAA,CAAU,WAAW,CAAA,EAAG;AAC1B,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,MAAM,gBAAA,GAAmB,KAAK,mBAAA,EAAoB;AAClD,IAAA,OAAO,UAAU,IAAA,CAAK,CAAC,aAAa,gBAAA,CAAiB,GAAA,CAAI,QAAQ,CAAC,CAAA;AAAA,EACpE;AAAA,EAEQ,sBAAsB,KAAA,EAAyB;AACrD,IAAA,MAAM,GAAG,WAAW,CAAA,GAAI,KAAA,CAAM,MAAM,GAAG,CAAA;AACvC,IAAA,IAAI,CAAC,WAAA,EAAa,OAAO,EAAC;AAC1B,IAAA,IAAI;AACF,MAAA,MAAM,UAAU,IAAA,CAAK,KAAA;AAAA,QACnB,OAAO,IAAA,CAAK,WAAA,EAAa,WAAW,CAAA,CAAE,SAAS,MAAM;AAAA,OACvD;AACA,MAAA,IAAI,OAAO,OAAA,CAAQ,GAAA,KAAQ,QAAA,EAAU;AACnC,QAAA,OAAO,CAAC,QAAQ,GAAG,CAAA;AAAA,MACrB;AACA,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA,EAAG;AAC9B,QAAA,OAAO,QAAQ,GAAA,CAAI,MAAA;AAAA,UACjB,CAAC,KAAA,KAA2B,OAAO,KAAA,KAAU;AAAA,SAC/C;AAAA,MACF;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,OAAO,EAAC;AAAA,EACV;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,2BAAA,CACZ,WAAA,EACA,YAAA,EACiB;AACjB,IAAA,MAAM,GAAA,GAAM,OAAO,WAAW,CAAA;AAC9B,IAAA,IAAI,IAAA,CAAK,MAAA,CAAO,GAAG,CAAA,EAAG;AACpB,MAAA,OAAO,GAAA;AAAA,IACT;AAEA,IAAA,MAAM,MAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,iBAAA,CAAA,EAAqB;AAAA,MACzD,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,UAAU,YAAY,CAAA;AAAA;AACvC,KACD,CAAA;AACD,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,MAAA,MAAM,IAAI,UAAA;AAAA,QACR,0CAAA;AAAA,QACA,mCAAA;AAAA,QACA;AAAA,UACE,SAAA,EAAW,2BAAA;AAAA,UACX,gBAAA,EAAkB,IAAA,IAAQ,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA;AAAA;AAC9C,OACF;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAW,MAAM,GAAA,CAAI,IAAA,EAAK;AAGhC,IAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,OAAA,CAAQ,KAAK,CAAA,GAAI,OAAA,CAAQ,QAAQ,EAAC;AAC9D,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,KAAK,EAAA,KAAO,GAAA,IAAO,IAAA,CAAK,IAAA,KAAS,GAAG,CAAA;AACvE,IAAA,MAAM,gBAAgB,KAAA,EAAO,EAAA;AAC7B,IAAA,IAAI,CAAC,aAAA,EAAe;AAClB,MAAA,MAAM,IAAI,mCAAmC,GAAA,EAAK;AAAA,QAChD,eAAA,EAAiB,GAAA;AAAA,QACjB,OAAA,EAAS,eAAe,GAAG,CAAA,oCAAA;AAAA,OAC5B,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,aAAA;AAAA,EACT;AAAA,EAEQ,OAAO,KAAA,EAAwB;AACrC,IAAA,OAAO,4EAAA,CAA6E,IAAA;AAAA,MAClF;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAc,eAAA,CACZ,YAAA,EACA,aAAA,EACA,cAAA,EAC6B;AAC7B,IAAA,IAAI;AAEF,MAAA,MAAM,eAAe,MAAM,aAAA;AAAA,QACzB,cAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACF;AAGA,MAAA,MAAM,OAAA,GAAU,CAAA,EAAG,IAAA,CAAK,MAAM,qBAAqB,aAAa,CAAA,WAAA,CAAA;AAChE,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,OAAA,EAAS;AAAA,QAC/B,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,aAAA,EAAe,CAAA,OAAA,EAAU,YAAA,CAAa,YAAY,CAAA,CAAA;AAAA,UAClD,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE;AAAA,OACxB,CAAA;AAED,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,QAAA,OAAA,CAAQ,IAAA;AAAA,UACN,CAAA,kDAAA,EAAqD,GAAA,CAAI,MAAM,CAAA,EAAA,EAAK,IAAI,CAAA;AAAA,SAC1E;AACA,QAAA,OAAO,KAAA,CAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAM7B,MAAA,OAAO,IAAA,CAAK,cAAc,IAAA,CAAK,gBAAA;AAAA,IACjC,SAAS,GAAA,EAAK;AAIZ,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN,CAAA,iCAAA,CAAA;AAAA,QACA,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,OACjD;AACA,MAAA,OAAO,MAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,gBAAA,GAA2C;AACvD,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,IACE,IAAA,CAAK,aAAA,IACL,GAAA,GAAM,IAAA,CAAK,oBAAoB,qBAAA,EAC/B;AACA,MAAA,OAAO,IAAA,CAAK,aAAA;AAAA,IACd;AAEA,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,OAAO,IAAA,CAAK,eAAA;AAAA,IACd;AAEA,IAAA,IAAA,CAAK,eAAA,GAAkB,KAAK,kBAAA,EAAmB;AAC/C,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,eAAA;AAC5B,MAAA,IAAA,CAAK,aAAA,GAAgB,QAAA;AACrB,MAAA,IAAA,CAAK,iBAAA,GAAoB,KAAK,GAAA,EAAI;AAClC,MAAA,OAAO,QAAA;AAAA,IACT,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AAAA,IACzB;AAAA,EACF;AAAA,EAEQ,sBAAA,CACN,UACA,iBAAA,EACe;AACf,IAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,MAAA,OAAO,QAAA;AAAA,IACT;AAGA,IAAA,OAAO,iBAAA,CAAkB,IAAA,CAAK,kBAAA,CAAmB,QAAQ,CAAC,CAAA;AAAA,EAC5D;AAAA,EAEQ,mBAAmB,QAAA,EAAwC;AACjE,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAc,kBAAA,GAA6C;AAEzD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,CAAA,EAAG,KAAK,MAAM,CAAA,uCAAA,CAAA;AAAA,MACd,CAAA,EAAG,KAAK,MAAM,CAAA,iCAAA;AAAA,KAChB;AAEA,IAAA,IAAI,SAAA;AACJ,IAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,MAAA,IAAI;AACF,QAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAG,CAAA;AAC3B,QAAA,IAAI,IAAI,EAAA,EAAI;AACV,UAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,QACzB;AAAA,MACF,SAAS,GAAA,EAAK;AACZ,QAAA,SAAA,GAAY,eAAe,KAAA,GAAQ,GAAA,GAAM,IAAI,KAAA,CAAM,MAAA,CAAO,GAAG,CAAC,CAAA;AAAA,MAChE;AAAA,IACF;AAEA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,oCAAoC,IAAA,CAAK,MAAM,CAAA,EAAA,EAAK,SAAA,EAAW,WAAW,eAAe,CAAA;AAAA,KAC3F;AAAA,EACF;AAAA,EAEQ,wBAAA,CACN,GAAA,EACA,OAAA,EACA,OAAA,EACK;AACL,IAAA,IAAI,SAAS,iBAAA,EAAmB;AAC9B,MAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,iBAAiB,CAAA;AAAA,IAC1C;AACA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,GAAA,CAAI,MAAM,CAAA;AAC3B,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,IAAI,IAAI,CAAA,EAAG,GAAA,CAAI,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,OAAO,CAAA,CAAE,CAAA;AAAA,EACtD;AAAA,EAEQ,6BAAA,CACN,QAAA,EACA,KAAA,EACA,cAAA,EACoB;AACpB,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,sBAAA,CAAuB,KAAA,EAAO,cAAc,CAAA;AAC7D,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,gBAAA,CAAiB,GAAA,CAAI,GAAG,CAAA;AAC5C,IAAA,IAAI,MAAA,EAAQ;AAEV,MAAA,IAAA,CAAK,gBAAA,CAAiB,OAAO,GAAG,CAAA;AAChC,MAAA,IAAA,CAAK,gBAAA,CAAiB,GAAA,CAAI,GAAA,EAAK,MAAM,CAAA;AACrC,MAAA,OAAO,MAAA;AAAA,IACT;AAIA,IAAA,MAAM,eAAA,GAAkB,EAAE,GAAG,QAAA,EAAU,QAAQ,CAAA,EAAG,KAAA,CAAM,MAAM,CAAA,CAAA,CAAA,EAAI;AAClE,IAAA,MAAM,iBAAiB,qBAAA,CAAsB;AAAA,MAC3C,aAAA,EAAe,eAAA;AAAA,MACf,iBAAA,EAAmB;AAAA,KACpB,CAAA;AACD,IAAA,MAAM,mBAAA,GAAsB,qCAAqC,KAAK,CAAA;AACtE,IAAA,MAAM,QAAA,GACJ,cAAA,IAAkB,IAAA,CAAK,mBAAA,CAAoB,UAAU,KAAK,CAAA;AAC5D,IAAA,MAAM,WAAA,GAAkC;AAAA,MACtC,cAAA;AAAA,MACA,YAAY,iBAAA,CAAkB;AAAA,QAC5B,QAAA;AAAA,QACA;AAAA,OACD;AAAA,KACH;AAEA,IAAA,IAAA,CAAK,cAAA,CAAe,IAAA,CAAK,gBAAA,EAAkB,8BAA8B,CAAA;AACzE,IAAA,IAAA,CAAK,gBAAA,CAAiB,GAAA,CAAI,GAAA,EAAK,WAAW,CAAA;AAC1C,IAAA,OAAO,WAAA;AAAA,EACT;AAAA,EAEQ,sBAAA,CACN,OACA,cAAA,EACQ;AACR,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,OAAO,CAAA,EAAG,MAAM,IAAI,CAAA,SAAA,CAAA;AAAA,IACtB;AAEA,IAAA,IAAI,UAAA,GAAa,IAAA,CAAK,kBAAA,CAAmB,GAAA,CAAI,cAAc,CAAA;AAC3D,IAAA,IAAI,eAAe,MAAA,EAAW;AAC5B,MAAA,UAAA,GAAa,EAAE,IAAA,CAAK,wBAAA;AACpB,MAAA,IAAA,CAAK,kBAAA,CAAmB,GAAA,CAAI,cAAA,EAAgB,UAAU,CAAA;AAAA,IACxD;AAEA,IAAA,OAAO,CAAA,EAAG,KAAA,CAAM,IAAI,CAAA,SAAA,EAAY,UAAU,CAAA,CAAA;AAAA,EAC5C;AAAA,EAEQ,wBAAA,CAAyB,KAAe,KAAA,EAAsB;AACpE,IAAA,MAAM,UAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AACrE,IAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,uCAAA,EAA0C,OAAO,CAAA,CAAE,CAAA;AACjE,IAAA,IAAI,IAAI,WAAA,EAAa;AACrB,IAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,MACnB,KAAA,EAAO,qBAAA;AAAA,MACP,iBAAA,EACE;AAAA,KACH,CAAA;AAAA,EACH;AAAA,EAEQ,wBAAwB,GAAA,EAAmB;AACjD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,IAAA,CAAK,eAAA,CAAgB,SAAQ,EAAG;AACzD,MAAA,IAAI,KAAA,CAAM,aAAa,GAAA,EAAK;AAC1B,QAAA,IAAA,CAAK,eAAA,CAAgB,OAAO,GAAG,CAAA;AAAA,MACjC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,gCAAgC,GAAA,EAAmB;AACzD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,IAAA,CAAK,uBAAA,CAAwB,SAAQ,EAAG;AACjE,MAAA,IAAI,KAAA,CAAM,aAAa,GAAA,EAAK;AAC1B,QAAA,IAAA,CAAK,uBAAA,CAAwB,OAAO,GAAG,CAAA;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,cAAA,CAAkB,OAAuB,UAAA,EAA0B;AACzE,IAAA,OAAO,KAAA,CAAM,QAAQ,UAAA,EAAY;AAC/B,MAAA,MAAM,SAAA,GAAY,KAAA,CAAM,IAAA,EAAK,CAAE,MAAK,CAAE,KAAA;AACtC,MAAA,IAAI,CAAC,SAAA,EAAW;AAChB,MAAA,KAAA,CAAM,OAAO,SAAS,CAAA;AAAA,IACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMQ,mBAAA,CACN,UACA,WAAA,EACoB;AACpB,IAAA,MAAM,WAAA,GAAc,QAAA;AACpB,IAAA,MAAM,OAAA,GACH,WAAA,CAAY,QAAA,IACb,CAAA,EAAG,KAAK,MAAM,CAAA,sBAAA,CAAA;AAChB,IAAA,MAAM,WAAW,IAAA,CAAK,QAAA;AAEtB,IAAA,MAAM,UAAU,KAAA,CAAM,IAAA;AAAA,MACpB,IAAI,GAAA;AAAA,QACF,CAAC,QAAA,CAAS,MAAA,EAAQ,GAAG,IAAA,CAAK,YAAY,CAAA,CAAE,MAAA;AAAA,UACtC,CAACC,OAAAA,KAA6B,OAAOA,OAAAA,KAAW,QAAA,IAAY,CAAC,CAACA;AAAA;AAChE;AACF,KACF;AACA,IAAA,IAAI,CAAC,QAAQ,MAAA,EAAQ;AACnB,MAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,IACjD;AACA,IAAA,MAAM,SACJ,OAAA,CAAQ,MAAA,KAAW,CAAA,GAAI,OAAA,CAAQ,CAAC,CAAA,GAAK,OAAA;AAEvC,IAAA,MAAM,QAAA,GAAW,IAAI,oBAAA,CAAqB;AAAA,MACxC,OAAA,EAAS,OAAA;AAAA,MACT,MAAA;AAAA,MACA,UAAU,WAAA,CAAY;AAAA,KACvB,CAAA;AAED,IAAA,OAAO;AAAA,MACL,MAAM,kBAAkB,KAAA,EAAkC;AACxD,QAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,MAAA,CAAO,KAAK,CAAA;AAE1C,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,iBAAA;AAAA,YACR,CAAA,2BAAA,EAA8B,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA;AAAA,WACpD;AAAA,QACF;AAEA,QAAA,MAAM,EAAE,QAAO,GAAI,MAAA;AACnB,QAAA,MAAM,UAAU,MAAA,CAAO,OAAA;AACvB,QAAA,MAAM,GAAA,GAAO,OAAA,CAAQ,GAAA,IAA+C,EAAC;AAErE,QAAA,OAAO;AAAA,UACL,KAAA;AAAA,UACA,QAAA,EAAU,OAAO,QAAA,IAAY,QAAA;AAAA,UAC7B,QAAQ,MAAA,CAAO,MAAA;AAAA,UACf,WAAW,IAAA,CAAK,KAAA,CAAM,OAAO,SAAA,CAAU,OAAA,KAAY,GAAI,CAAA;AAAA,UACvD,KAAA,EAAO;AAAA,YACL,GAAG,GAAA;AAAA,YACH,KAAK,MAAA,CAAO,GAAA;AAAA,YACZ,KAAA,EAAO,OAAA,CAAQ,KAAA,IAAS,GAAA,CAAI;AAAA;AAC9B,SACF;AAAA,MACF;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,eAAA,GAAmC;AAC/C,IAAA,IAAI,KAAK,YAAA,IAAgB,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,kBAAkB,GAAA,EAAQ;AACnE,MAAA,OAAO,IAAA,CAAK,YAAA;AAAA,IACd;AAEA,IAAA,IAAI,KAAK,mBAAA,EAAqB;AAC5B,MAAA,OAAO,IAAA,CAAK,mBAAA;AAAA,IACd;AAEA,IAAA,IAAA,CAAK,uBAAuB,YAAY;AACtC,MAAA,MAAM,MAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,aAAA,CAAA,EAAiB;AAAA,QACrD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,mCAAA;AAAA,UAChB,aAAA,EAAe,CAAA,MAAA,EAAS,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,QAAA,GAAW,GAAA,GAAM,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAC,CAAA;AAAA,SACjG;AAAA,QACA,IAAA,EAAM;AAAA,OACP,CAAA;AACD,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,CAAA,0DAAA,EAA6D,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA;AAAA,SACjF;AAAA,MACF;AACA,MAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAI7B,MAAA,IAAA,CAAK,eAAe,IAAA,CAAK,YAAA;AACzB,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA,CAAK,GAAA,EAAI,GAAI,KAAK,UAAA,GAAa,GAAA;AACtD,MAAA,OAAO,IAAA,CAAK,YAAA;AAAA,IACd,CAAA,GAAG;AAEH,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAA,CAAK,mBAAA;AAAA,IACpB,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,mBAAA,GAAsB,IAAA;AAAA,IAC7B;AAAA,EACF;AAAA,EAEQ,YACN,KAAA,EAKM;AACN,IAAA,IAAI,CAAC,IAAA,CAAK,YAAA,IAAgB,CAAC,MAAM,SAAA,EAAW;AAC5C,IAAA,IAAA,CAAK,iBAAgB,CAClB,IAAA;AAAA,MAAK,CAAC,KAAA,KACL,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,kBAAA,CAAA,EAAsB;AAAA,QACxC,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,aAAA,EAAe,UAAU,KAAK,CAAA;AAAA,SAChC;AAAA,QACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,GAAG,KAAA;AAAA,UACH,SAAS,IAAA,CAAK,QAAA;AAAA,UACd,UAAU,IAAA,CAAK,QAAA;AAAA,UACf,aAAA,EAAe;AAAA,SAChB;AAAA,OACF,CAAA,CAAE,IAAA,CAAK,CAAC,GAAA,KAAQ;AACf,QAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,UAAA,OAAA,CAAQ,IAAA;AAAA,YACN,CAAA,8CAAA,EAAiD,IAAI,MAAM,CAAA;AAAA,WAC7D;AAAA,QACF;AAAA,MACF,CAAC;AAAA,KACH,CACC,KAAA,CAAM,CAAC,GAAA,KAAQ;AACd,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN,CAAA,0BAAA,CAAA;AAAA,QACA,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,OACjD;AAAA,IACF,CAAC,CAAA;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAMQ,kBAAA,CACN,SAAA,EACA,YAAA,EACA,QAAA,EAOM;AACN,IAAA,IAAI,CAAC,IAAA,CAAK,YAAA,IAAgB,CAAC,SAAA,EAAW;AACtC,IAAA,IAAI,CAAC,UAAU,mBAAA,EAAqB;AAClC,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA;AAAA,IACF;AACA,IAAA,MAAM,eAAA,GAAkB,WAAW,QAAQ,CAAA,CACxC,OAAO,SAAS,CAAA,CAChB,OAAO,KAAK,CAAA;AAEf,IAAA,IAAA,CAAK,iBAAgB,CAClB,IAAA;AAAA,MAAK,CAAC,KAAA,KACL,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,sBAAA,CAAA,EAA0B;AAAA,QAC5C,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,aAAA,EAAe,UAAU,KAAK,CAAA;AAAA,SAChC;AAAA,QACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,eAAA;AAAA,UACA,qBAAqB,QAAA,CAAS,mBAAA;AAAA,UAC9B,eAAA,EAAiB,YAAA;AAAA,UACjB,UAAU,QAAA,EAAU,QAAA;AAAA,UACpB,WAAW,QAAA,EAAU,SAAA;AAAA,UACrB,YAAY,QAAA,EAAU,UAAA;AAAA,UACtB,cAAA,EAAgB,QAAA,EAAU,cAAA,GACtB,IAAI,IAAA,CAAK,SAAS,cAAA,GAAiB,GAAI,CAAA,CAAE,WAAA,EAAY,GACrD;AAAA,SACL;AAAA,OACF,CAAA,CAAE,IAAA,CAAK,OAAO,GAAA,KAAQ;AACrB,QAAA,IAAI,IAAI,EAAA,EAAI;AACV,UAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAI7B,UAAA,IAAI,IAAA,CAAK,yBAAA,CAA0B,MAAA,CAAO,YAAY,CAAA,EAAG;AACvD,YAAA,IAAA,CAAK,sCAAA;AAAA,cACH,IAAA,CAAK,SAAA;AAAA,cACL;AAAA,aACF;AACA,YAAA;AAAA,UACF;AAEA,UAAA,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,YAAA,EAAc,IAAA,CAAK,SAAS,CAAA;AAAA,QACvD,CAAA,MAAO;AACL,UAAA,IAAA,CAAK,yBAAA,CAA0B,OAAO,YAAY,CAAA;AAClD,UAAA,OAAA,CAAQ,IAAA;AAAA,YACN,CAAA,uCAAA,EAA0C,IAAI,MAAM,CAAA;AAAA,WACtD;AAAA,QACF;AAAA,MACF,CAAC;AAAA,KACH,CACC,KAAA,CAAM,CAAC,GAAA,KAAQ;AACd,MAAA,IAAA,CAAK,yBAAA,CAA0B,OAAO,YAAY,CAAA;AAClD,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN,CAAA,yBAAA,CAAA;AAAA,QACA,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,OACjD;AAAA,IACF,CAAC,CAAA;AAAA,EACL;AAAA,EAEQ,sCAAA,CACN,gBACA,YAAA,EACM;AACN,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AAExB,IAAA,MAAM,eAAe,YAAA,GACjB,OAAA,CAAQ,QAAQ,YAAY,CAAA,GAC5B,KAAK,eAAA,EAAgB;AAEzB,IAAA,YAAA,CACG,IAAA;AAAA,MAAK,CAAC,KAAA,KACL,KAAA;AAAA,QACE,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,uBAAA,EAA0B,cAAc,CAAA,WAAA,CAAA;AAAA,QACtD;AAAA,UACE,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA;AAAG;AAC9C;AACF,KACF,CACC,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAAA,EACnB;AAAA,EAEQ,uBAAuB,YAAA,EAA4B;AACzD,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AAExB,IAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,eAAA,CAAgB,GAAA,CAAI,YAAY,CAAA;AAC5D,IAAA,IAAA,CAAK,eAAA,CAAgB,OAAO,YAAY,CAAA;AACxC,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,IAAA,CAAK,yBAAA,CAA0B,IAAI,YAAY,CAAA;AAC/C,MAAA;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,yBAAA,CAA0B,OAAO,YAAY,CAAA;AAClD,IAAA,IAAA,CAAK,uCAAuC,cAAc,CAAA;AAAA,EAC5D;AAAA,EAEA,MAAc,qBAAA,GAAuC;AACnD,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AACxB,IAAA,IAAI,IAAA,CAAK,eAAA,CAAgB,IAAA,KAAS,CAAA,EAAG;AACnC,MAAA,IAAA,CAAK,0BAA0B,KAAA,EAAM;AACrC,MAAA;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,eAAA,EAAgB;AACzC,MAAA,MAAM,OAAA,CAAQ,UAAA;AAAA,QACZ,CAAC,GAAG,IAAA,CAAK,eAAA,CAAgB,MAAA,EAAQ,CAAA,CAAE,GAAA;AAAA,UAAI,CAAC,cAAA,KACtC,KAAA;AAAA,YACE,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,uBAAA,EAA0B,cAAc,CAAA,WAAA,CAAA;AAAA,YACtD;AAAA,cACE,MAAA,EAAQ,MAAA;AAAA,cACR,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA;AAAG;AAC9C;AACF;AACF,OACF;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,IAAA,CAAK,gBAAgB,KAAA,EAAM;AAC3B,IAAA,IAAA,CAAK,0BAA0B,KAAA,EAAM;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,aAAA,CACZ,UAAA,EACA,GAAA,EACA,GAAA,EACe;AACf,IAAA,MAAM,IAAI,OAAA,CAAc,CAAC,OAAA,EAAS,MAAA,KAAW;AAC3C,MAAA,IAAI,OAAA,GAAU,KAAA;AACd,MAAA,IAAI,UAAA,GAAa,KAAA;AAEjB,MAAA,MAAM,UAAU,MAAM;AACpB,QAAA,GAAA,CAAI,cAAA,CAAe,UAAU,cAAc,CAAA;AAC3C,QAAA,GAAA,CAAI,cAAA,CAAe,SAAS,cAAc,CAAA;AAAA,MAC5C,CAAA;AAEA,MAAA,MAAM,gBAAgB,MAAM;AAC1B,QAAA,IAAI,OAAA,EAAS;AACb,QAAA,OAAA,GAAU,IAAA;AACV,QAAA,OAAA,EAAQ;AACR,QAAA,OAAA,EAAQ;AAAA,MACV,CAAA;AAEA,MAAA,MAAM,YAAA,GAAe,CAAC,GAAA,KAAiB;AACrC,QAAA,IAAI,OAAA,EAAS;AACb,QAAA,OAAA,GAAU,IAAA;AACV,QAAA,OAAA,EAAQ;AACR,QAAA,MAAA,CAAO,GAAA,YAAe,QAAQ,GAAA,GAAM,IAAI,MAAM,MAAA,CAAO,GAAG,CAAC,CAAC,CAAA;AAAA,MAC5D,CAAA;AAEA,MAAA,MAAM,iBAAiB,MAAM;AAG3B,QAAA,aAAA,EAAc;AAAA,MAChB,CAAA;AAEA,MAAA,GAAA,CAAI,IAAA,CAAK,UAAU,cAAc,CAAA;AACjC,MAAA,GAAA,CAAI,IAAA,CAAK,SAAS,cAAc,CAAA;AAEhC,MAAA,IAAI,gBAAA;AACJ,MAAA,IAAI;AACF,QAAA,gBAAA,GAAmB,UAAA,CAAW,GAAA,EAAK,GAAA,EAAK,CAAC,GAAA,KAAkB;AACzD,UAAA,UAAA,GAAa,IAAA;AACb,UAAA,IAAI,GAAA,EAAK;AACP,YAAA,YAAA,CAAa,GAAG,CAAA;AAChB,YAAA;AAAA,UACF;AACA,UAAA,aAAA,EAAc;AAAA,QAChB,CAAC,CAAA;AAAA,MACH,SAAS,GAAA,EAAK;AACZ,QAAA,YAAA,CAAa,GAAG,CAAA;AAChB,QAAA;AAAA,MACF;AAEA,MAAA,KAAK,OAAA,CAAQ,OAAA,CAAQ,gBAAgB,CAAA,CAAE,IAAA;AAAA,QACrC,MAAM;AACJ,UAAA,IAAI,CAAC,UAAA,IAAc,GAAA,CAAI,WAAA,EAAa;AAClC,YAAA,aAAA,EAAc;AAAA,UAChB;AAAA,QACF,CAAA;AAAA,QACA,CAAC,GAAA,KAAiB;AAChB,UAAA,YAAA,CAAa,GAAG,CAAA;AAAA,QAClB;AAAA,OACF;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA,EAEQ,gBAAA,CACN,MAAA,EACA,cAAA,EACA,cAAA,EACA,OAAA,EACA;AACA,IAAA,MAAM,SAAA,GAA8B;AAAA,MAClC,eAAA,EAAiB,CAAC,SAAA,KAAsB;AACtC,QAAA,OAAA,EAAS,kBAAkB,SAAS,CAAA;AACpC,QAAA,IAAA,CAAK,uBAAuB,SAAS,CAAA;AAAA,MACvC;AAAA,KACF;AAEA,IAAA,MAAM,IAAA,GAAO,OAAO,GAAA,EAAc,GAAA,KAAkB;AAClD,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,OAAA,GAAU,GAAA;AAIhB,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,IAAI,UAAA;AACJ,QAAA,IAAI;AACF,UAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,UAAA,UAAA,GAAa,WAAA,CAAY,UAAA;AAAA,QAC3B,SAAS,KAAA,EAAO;AACd,UAAA,IAAA,CAAK,wBAAA,CAAyB,KAAK,KAAK,CAAA;AACxC,UAAA;AAAA,QACF;AAEA,QAAA,MAAM,IAAA,CAAK,aAAA,CAAc,UAAA,EAAY,GAAA,EAAK,GAAG,CAAA;AAE7C,QAAA,MAAMC,UAAAA,GAAY,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA;AAK9C,QAAA,IAAIA,UAAAA,EAAW;AACb,UAAA,IAAI,IAAI,WAAA,EAAa;AACnB,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,YAAA;AAAA,cACX,OAAA;AAAA,cACA,SAAA,EAAAA,UAAAA;AAAA,cACA,UAAA,EAAY,CAAA;AAAA,cACZ,MAAA,EAAQ;AAAA,aACT,CAAA;AACD,YAAA;AAAA,UACF;AAEA,UAAA,IAAI,QAAQ,IAAA,EAAM;AAChB,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,SAAA;AAAA,cACX,OAAA;AAAA,cACA,WAAA,EAAa,OAAA,CAAQ,IAAA,CAAK,KAAA,EAAO,GAAA;AAAA,cACjC,SAAA,EAAAA,UAAAA;AAAA,cACA,UAAA,EAAY,CAAA;AAAA,cACZ,MAAA,EAAQ;AAAA,aACT,CAAA;AAAA,UACH;AAAA,QACF,CAAA,MAAA,IAAW,IAAI,WAAA,EAAa;AAE1B,UAAA;AAAA,QACF;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAY,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA;AAG9C,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,MAAMC,UAAAA,GAAY,cAAA,CAAe,YAAA,CAAa,SAAS,CAAA;AACvD,QAAA,IAAIA,UAAAA,EAAW;AACb,UAAA,cAAA,CAAe,aAAa,SAAS,CAAA;AACrC,UAAA,MAAMA,UAAAA,CAAU,aAAA,CAAc,GAAA,EAAK,GAAA,EAAK,IAAI,IAAI,CAAA;AAChD,UAAA;AAAA,QACF;AAAA,MACF;AAGA,MAAA,IAAI,CAAC,mBAAA,CAAoB,GAAA,CAAI,IAAI,CAAA,EAAG;AAClC,QAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,UACnB,OAAA,EAAS,KAAA;AAAA,UACT,KAAA,EAAO;AAAA,YACL,IAAA,EAAM,KAAA;AAAA,YACN,OAAA,EAAS,SAAA,GACL,CAAA,QAAA,EAAW,SAAS,CAAA,UAAA,CAAA,GACpB;AAAA,WACN;AAAA,UACA,EAAA,EAAI;AAAA,SACL,CAAA;AACD,QAAA;AAAA,MACF;AAGA,MAAA,MAAM,WAAW,OAAA,CAAQ,IAAA;AACzB,MAAA,MAAM,SAAA,GAAY,IAAI,6BAAA,CAA8B;AAAA,QAClD,kBAAA,EAAoB,MAAM,MAAA,CAAO,UAAA,EAAW;AAAA,QAC5C,oBAAA,EAAsB,CAAC,GAAA,KAAgB;AACrC,UAAA,cAAA,CAAe,eAAA;AAAA,YACb,GAAA;AAAA,YACA,SAAA;AAAA,YACA,SAAA;AAAA,YACA,QAAA,EAAU;AAAA,WACZ;AACA,UAAA,OAAA,EAAS,oBAAA,GAAuB,GAAA,EAAK,QAAA,EAAU,SAAS,CAAA;AACxD,UAAA,IAAA,CAAK,WAAA,CAAY;AAAA,YACf,SAAA,EAAW,YAAA;AAAA,YACX,OAAA;AAAA,YACA,SAAA,EAAW,GAAA;AAAA,YACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,YAC9B,UAAA,EAAY,CAAA;AAAA,YACZ,MAAA,EAAQ;AAAA,WACT,CAAA;AACD,UAAA,IAAA,CAAK,kBAAA,CAAmB,QAAA,EAAU,KAAA,EAAO,GAAA,EAAK;AAAA,YAC5C,mBAAA,EACE,OAAO,QAAA,EAAU,KAAA,EAAO,QAAQ,QAAA,GAC5B,QAAA,CAAS,MAAM,GAAA,GACf,MAAA;AAAA,YACN,QAAA,EAAU,GAAA,CAAI,OAAA,CAAQ,iBAAiB,CAAA;AAAA,YACvC,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,YAAY,CAAA;AAAA,YACnC,gBAAgB,QAAA,EAAU;AAAA,WAC3B,CAAA;AAAA,QACH;AAAA,OACD,CAAA;AAGD,MAAA,MAAM,cAAA,GAAiB,SAAA,CAAU,aAAA,CAAc,IAAA,CAAK,SAAS,CAAA;AAC7D,MAAA,SAAA,CAAU,aAAA,GAAgB,OACxB,UAAA,EACA,UAAA,EACA,UAAA,KACG;AACH,QAAA,MAAM,UAAA,GAAa,UAAA,KAAe,GAAA,GAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AACpE,QAAA,MAAM,GAAA,GACH,UAAA,CAAW,OAAA,CAAQ,gBAAgB,KACpC,SAAA,CAAU,SAAA;AACZ,QAAA,MAAM,KAAA,GAAQ,KAAK,GAAA,EAAI;AACvB,QAAA,IAAI;AACF,UAAA,MAAM,cAAA,CAAe,UAAA,EAAY,UAAA,EAAY,UAAU,CAAA;AACvD,UAAA,IAAI,UAAA,EAAY,WAAW,YAAA,EAAc;AACvC,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,cAAA;AAAA,cACX,OAAA,EAAS,UAAA;AAAA,cACT,QAAA,EACE,WAAW,MAAA,EACV,IAAA;AAAA,cACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAAA,cACzB,SAAA,EAAW,GAAA;AAAA,cACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,cAC9B,MAAA,EAAQ,IAAA;AAAA,cACR,aAAa,UAAA,CAAW;AAAA,aACzB,CAAA;AAAA,UACH,CAAA,MAAA,IAAW,UAAA,EAAY,MAAA,KAAW,YAAA,EAAc;AAC9C,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,cAAA;AAAA,cACX,OAAA,EAAS,UAAA;AAAA,cACT,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAAA,cACzB,SAAA,EAAW,GAAA;AAAA,cACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,cAC9B,MAAA,EAAQ;AAAA,aACT,CAAA;AAAA,UACH;AAAA,QACF,SAAS,GAAA,EAAK;AACZ,UAAA,IAAI,UAAA,EAAY,WAAW,YAAA,EAAc;AACvC,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,cAAA;AAAA,cACX,OAAA,EAAS,UAAA;AAAA,cACT,QAAA,EACE,WAAW,MAAA,EACV,IAAA;AAAA,cACH,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAAA,cACzB,SAAA,EAAW,GAAA;AAAA,cACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,cAC9B,MAAA,EAAQ,cAAA;AAAA,cACR,cAAc,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,aAC9D,CAAA;AAAA,UACH,CAAA,MAAA,IAAW,UAAA,EAAY,MAAA,KAAW,YAAA,EAAc;AAC9C,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,SAAA,EAAW,cAAA;AAAA,cACX,OAAA,EAAS,UAAA;AAAA,cACT,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAAA,cACzB,SAAA,EAAW,GAAA;AAAA,cACX,WAAA,EAAa,UAAU,KAAA,EAAO,GAAA;AAAA,cAC9B,MAAA,EAAQ,cAAA;AAAA,cACR,cAAc,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,aAC9D,CAAA;AAAA,UACH;AACA,UAAA,MAAM,GAAA;AAAA,QACR;AAAA,MACF,CAAA;AAEA,MAAA,MAAM,SAAA,GAAY,OAAO,MAAA,KAAW,UAAA,GAAa,QAAO,GAAI,MAAA;AAC5D,MAAA,MAAM,SAAA,CAAU,QAAQ,SAAS,CAAA;AACjC,MAAA,MAAM,SAAA,CAAU,aAAA,CAAc,GAAA,EAAK,GAAA,EAAK,IAAI,IAAI,CAAA;AAAA,IAClD,CAAA;AAEA,IAAA,MAAM,GAAA,GAAM,OAAO,GAAA,EAAc,GAAA,KAAkB;AACjD,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,IAAI,UAAA;AACJ,QAAA,IAAI;AACF,UAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,UAAA,UAAA,GAAa,WAAA,CAAY,UAAA;AAAA,QAC3B,SAAS,KAAA,EAAO;AACd,UAAA,IAAA,CAAK,wBAAA,CAAyB,KAAK,KAAK,CAAA;AACxC,UAAA;AAAA,QACF;AAEA,QAAA,MAAM,IAAA,CAAK,aAAA,CAAc,UAAA,EAAY,GAAA,EAAK,GAAG,CAAA;AAC7C,QAAA,IAAI,IAAI,WAAA,EAAa;AACnB,UAAA;AAAA,QACF;AAAA,MACF;AAEA,MAAA,MAAM,YACH,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA,IAC5B,GAAA,CAAI,QAAQ,gBAAgB,CAAA;AAC/B,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iCAAiC,CAAA;AAC/D,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAY,cAAA,CAAe,YAAA,CAAa,SAAS,CAAA;AACvD,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AACnD,QAAA;AAAA,MACF;AAEA,MAAA,cAAA,CAAe,aAAa,SAAS,CAAA;AACrC,MAAA,MAAM,SAAA,CAAU,aAAA,CAAc,GAAA,EAAK,GAAG,CAAA;AAAA,IACxC,CAAA;AAEA,IAAA,MAAM,GAAA,GAAM,OAAO,GAAA,EAAc,GAAA,KAAkB;AACjD,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,IAAI,UAAA;AACJ,QAAA,IAAI;AACF,UAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,UAAA,UAAA,GAAa,WAAA,CAAY,UAAA;AAAA,QAC3B,SAAS,KAAA,EAAO;AACd,UAAA,IAAA,CAAK,wBAAA,CAAyB,KAAK,KAAK,CAAA;AACxC,UAAA;AAAA,QACF;AAEA,QAAA,MAAM,IAAA,CAAK,aAAA,CAAc,UAAA,EAAY,GAAA,EAAK,GAAG,CAAA;AAC7C,QAAA,IAAI,IAAI,WAAA,EAAa;AACnB,UAAA;AAAA,QACF;AAAA,MACF;AAEA,MAAA,MAAM,YACH,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA,IAC5B,GAAA,CAAI,QAAQ,gBAAgB,CAAA;AAC/B,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iCAAiC,CAAA;AAC/D,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAY,cAAA,CAAe,YAAA,CAAa,SAAS,CAAA;AACvD,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AACnD,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,CAAU,aAAA,CAAc,GAAA,EAAK,GAAG,CAAA;AAAA,IACxC,CAAA;AAEA,IAAA,OAAO,EAAE,IAAA,EAAM,GAAA,EAAK,MAAA,EAAQ,GAAA,EAAI;AAAA,EAClC;AACF","file":"index.js","sourcesContent":["/**\n * In-memory storage implementation\n * Useful for tests, examples, and ephemeral sessions\n */\n\nimport type { KontextStorage } from \"./types.js\";\n\n/**\n * Simple in-memory storage implementation\n * Data is lost when the process exits\n */\nexport class MemoryStorage implements KontextStorage {\n private store = new Map<string, unknown>();\n\n async getJson<T>(key: string): Promise<T | undefined> {\n const value = this.store.get(key);\n if (value === undefined) {\n return undefined;\n }\n // Return a deep copy to prevent mutation\n return JSON.parse(JSON.stringify(value)) as T;\n }\n\n async setJson<T>(key: string, value: T | undefined): Promise<void> {\n if (value === undefined) {\n this.store.delete(key);\n } else {\n // Store a deep copy to prevent mutation\n this.store.set(key, JSON.parse(JSON.stringify(value)));\n }\n }\n\n /**\n * Clear all stored data\n */\n clear(): void {\n this.store.clear();\n }\n\n /**\n * Get the number of stored items\n */\n get size(): number {\n return this.store.size;\n }\n\n /**\n * Check if a key exists\n */\n has(key: string): boolean {\n return this.store.has(key);\n }\n\n /**\n * Get all keys (useful for debugging)\n */\n keys(): string[] {\n return Array.from(this.store.keys());\n }\n}\n","/**\n * Storage interface for persisting SDK state\n */\n\n/**\n * Generic storage interface for the Kontext SDK\n * Implementations can store data in memory, file system, or external services\n */\nexport interface KontextStorage {\n /**\n * Retrieve a JSON value by key\n * @param key Storage key\n * @returns The stored value or undefined if not found\n */\n getJson<T>(key: string): Promise<T | undefined>;\n\n /**\n * Store a JSON value by key\n * @param key Storage key\n * @param value The value to store, or undefined to delete\n */\n setJson<T>(key: string, value: T | undefined): Promise<void>;\n}\n\n/**\n * Storage key namespacing helper\n * Creates namespaced keys based on application client ID and optional session key\n */\nexport function createStorageKey(\n applicationClientId: string,\n sessionKey: string | undefined,\n ...parts: string[]\n): string {\n const namespace = sessionKey\n ? `kontext:${applicationClientId}:${sessionKey}`\n : `kontext:${applicationClientId}`;\n return [namespace, ...parts].join(\":\");\n}\n\n/**\n * Storage keys used by the SDK\n */\nexport const StorageKeys = {\n // Existing keys\n TOKENS: \"tokens\",\n CODE_VERIFIER: \"code_verifier\",\n STATE: \"state\",\n CLIENT_INFO: \"client_info\",\n\n // Pattern B (RFC 8693 Token Exchange) keys\n /** Identity tokens (no audience) */\n IDENTITY_TOKENS: \"identity_tokens\",\n /** Prefix for resource-scoped tokens */\n RESOURCE_TOKENS: \"resource_tokens\",\n} as const;\n\n/**\n * Create a storage key for a resource-scoped token\n *\n * @param resource The resource identifier (e.g., \"mcp-gateway\")\n * @returns Storage key for the resource token\n *\n * @example\n * ```typescript\n * const key = resourceTokenKey('mcp-gateway');\n * // Returns: 'resource_tokens:mcp-gateway'\n * ```\n */\nexport function resourceTokenKey(resource: string): string {\n return `${StorageKeys.RESOURCE_TOKENS}:${resource}`;\n}\n","/**\n * Typed error classes for the Kontext SDK.\n *\n * Every error has a `kontext_` prefixed code, an auto-generated docsUrl,\n * and a `kontextError` brand for type narrowing without instanceof.\n *\n * @packageDocumentation\n */\n\n// ============================================================================\n// Base\n// ============================================================================\n\n/**\n * Base error class for all Kontext SDK errors.\n *\n * @example\n * ```typescript\n * import { isKontextError } from '@kontext-dev/js-sdk';\n *\n * try {\n * await client.connect();\n * } catch (err) {\n * if (isKontextError(err)) {\n * console.log(err.code); // \"kontext_authorization_required\"\n * console.log(err.docsUrl); // \"https://docs.kontext.dev/errors/kontext_authorization_required\"\n * }\n * }\n * ```\n */\nexport class KontextError extends Error {\n /** Brand field for type narrowing without instanceof */\n readonly kontextError = true as const;\n\n /** Machine-readable error code, always prefixed with `kontext_` */\n readonly code: string;\n\n /** HTTP status code when applicable */\n readonly statusCode?: number;\n\n /** Auto-generated link to error documentation */\n readonly docsUrl: string;\n\n /** Server request ID for debugging / support escalation */\n readonly requestId?: string;\n\n /** Contextual metadata bag (integration IDs, param names, etc.) */\n readonly meta: Record<string, unknown>;\n\n constructor(\n message: string,\n code: string,\n options?: {\n statusCode?: number;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, { cause: options?.cause });\n this.name = \"KontextError\";\n this.code = code;\n this.statusCode = options?.statusCode;\n this.requestId = options?.requestId;\n this.meta = options?.meta ?? {};\n this.docsUrl = `https://docs.kontext.dev/errors/${code}`;\n Object.setPrototypeOf(this, new.target.prototype);\n }\n\n toJSON(): Record<string, unknown> {\n return {\n name: this.name,\n code: this.code,\n message: this.message,\n statusCode: this.statusCode,\n docsUrl: this.docsUrl,\n requestId: this.requestId,\n meta: Object.keys(this.meta).length > 0 ? this.meta : undefined,\n };\n }\n\n override toString(): string {\n const parts = [`[${this.code}] ${this.message}`];\n if (this.docsUrl) parts.push(`Docs: ${this.docsUrl}`);\n if (this.requestId) parts.push(`Request ID: ${this.requestId}`);\n return parts.join(\"\\n\");\n }\n}\n\n// ============================================================================\n// Type guard\n// ============================================================================\n\n/**\n * Check if an error is a KontextError without instanceof.\n * Works across package versions and bundler deduplication.\n */\nexport function isKontextError(err: unknown): err is KontextError {\n return (\n typeof err === \"object\" &&\n err !== null &&\n (err as Record<string, unknown>).kontextError === true\n );\n}\n\n// ============================================================================\n// Auth errors\n// ============================================================================\n\n/**\n * Thrown when authentication is required but no valid credentials are available.\n */\nexport class AuthorizationRequiredError extends KontextError {\n readonly authorizationUrl?: string;\n\n constructor(\n message = \"Authorization required. Complete the OAuth flow to continue.\",\n options?: {\n authorizationUrl?: string;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, \"kontext_authorization_required\", {\n statusCode: 401,\n ...options,\n });\n this.name = \"AuthorizationRequiredError\";\n this.authorizationUrl = options?.authorizationUrl;\n }\n}\n\n// ============================================================================\n// OAuth errors\n// ============================================================================\n\n/**\n * Thrown when an OAuth flow fails — state validation, token exchange,\n * missing code verifier, or provider errors.\n */\nexport class OAuthError extends KontextError {\n readonly errorCode?: string;\n readonly errorDescription?: string;\n\n constructor(\n message: string,\n code: string,\n options?: {\n statusCode?: number;\n errorCode?: string;\n errorDescription?: string;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, code, {\n statusCode: options?.statusCode ?? 400,\n ...options,\n });\n this.name = \"OAuthError\";\n this.errorCode = options?.errorCode;\n this.errorDescription = options?.errorDescription;\n }\n}\n\n// ============================================================================\n// Integration errors\n// ============================================================================\n\n/**\n * Thrown when an integration connection is required before a tool can be used.\n */\nexport class IntegrationConnectionRequiredError extends KontextError {\n readonly integrationId: string;\n readonly integrationName?: string;\n readonly connectUrl?: string;\n\n constructor(\n integrationId: string,\n options?: {\n integrationName?: string;\n connectUrl?: string;\n message?: string;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(\n options?.message ??\n `Connection to integration \"${integrationId}\" is required. Visit the connect URL to authorize.`,\n \"kontext_integration_connection_required\",\n { statusCode: 403, ...options },\n );\n this.name = \"IntegrationConnectionRequiredError\";\n this.integrationId = integrationId;\n this.integrationName = options?.integrationName;\n this.connectUrl = options?.connectUrl;\n }\n}\n\n// ============================================================================\n// Config errors (NEW — replaces all plain Error config throws)\n// ============================================================================\n\n/**\n * Thrown when SDK configuration is invalid or missing.\n * These are deterministic errors caught at initialization time.\n */\nexport class ConfigError extends KontextError {\n constructor(\n message: string,\n code: string,\n options?: {\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, code, options);\n this.name = \"ConfigError\";\n }\n}\n\n// ============================================================================\n// Network errors\n// ============================================================================\n\n/**\n * Thrown when there is a network or connection error.\n */\nexport class NetworkError extends KontextError {\n constructor(\n message = \"Network error. Check your internet connection and that the server is reachable.\",\n options?: {\n cause?: unknown;\n requestId?: string;\n meta?: Record<string, unknown>;\n },\n ) {\n super(message, \"kontext_network_error\", options);\n this.name = \"NetworkError\";\n }\n}\n\n// ============================================================================\n// HTTP response errors (differentiated by code)\n// ============================================================================\n\n/**\n * Thrown when the server returns an HTTP error.\n * Use `error.code` to distinguish between specific error types.\n */\nexport class HttpError extends KontextError {\n readonly retryAfter?: number;\n readonly validationErrors?: Array<{ field: string; message: string }>;\n\n constructor(\n message: string,\n code: string,\n options?: {\n statusCode?: number;\n retryAfter?: number;\n validationErrors?: Array<{ field: string; message: string }>;\n requestId?: string;\n meta?: Record<string, unknown>;\n cause?: unknown;\n },\n ) {\n super(message, code, {\n statusCode: options?.statusCode,\n ...options,\n });\n this.name = \"HttpError\";\n this.retryAfter = options?.retryAfter;\n this.validationErrors = options?.validationErrors;\n }\n}\n\n// ============================================================================\n// Network error detection (used by translateError)\n// ============================================================================\n\n/**\n * Safely access arbitrary properties on an error object.\n * Errors in JS frequently carry extra properties (code, statusCode, etc.)\n * that aren't part of the Error interface. This avoids `as unknown as` casts.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction errorProps(err: Error): Record<string, any> {\n return err;\n}\n\nconst NETWORK_ERROR_CODES = new Set([\n \"ECONNREFUSED\",\n \"ENOTFOUND\",\n \"ETIMEDOUT\",\n \"ECONNRESET\",\n \"ECONNABORTED\",\n \"EPIPE\",\n \"UND_ERR_CONNECT_TIMEOUT\",\n]);\n\n/**\n * Detect network errors structurally rather than by string matching.\n * Checks Node.js system error codes on the error and its cause.\n */\nexport function isNetworkError(err: Error): boolean {\n if (err.name === \"AbortError\") return true;\n\n const props = errorProps(err);\n const sysCode = props.code as string | undefined;\n if (typeof sysCode === \"string\" && NETWORK_ERROR_CODES.has(sysCode))\n return true;\n\n // fetch() throws TypeError — only classify as network error when cause\n // indicates a system-level failure\n if (err.name === \"TypeError\" && err.cause instanceof Error) {\n const causeCode = errorProps(err.cause).code;\n if (typeof causeCode === \"string\" && NETWORK_ERROR_CODES.has(causeCode))\n return true;\n }\n\n return false;\n}\n\n/**\n * Detect unauthorized errors structurally.\n * Checks status code and numeric code rather than string matching on name.\n */\nexport function isUnauthorizedError(err: Error): boolean {\n const props = errorProps(err);\n\n // Check HTTP status code (most reliable)\n if (props.statusCode === 401 || props.status === 401) return true;\n\n // Check MCP SDK UnauthorizedError by name (last resort, but needed for\n // MCP SDK errors which don't set statusCode)\n if (err.name === \"UnauthorizedError\") return true;\n if (err.message === \"Unauthorized\") return true;\n\n return false;\n}\n\n// ============================================================================\n// Elicitation types\n// ============================================================================\n\nexport interface ElicitationEntry {\n readonly url: string;\n readonly message: string;\n readonly elicitationId: string;\n readonly integrationId?: string;\n readonly integrationName?: string;\n}\n\n// ============================================================================\n// HTTP error parsing\n// ============================================================================\n\n/**\n * Parse an HTTP response into an appropriate error.\n */\nexport function parseHttpError(\n statusCode: number,\n body?: unknown,\n): KontextError {\n const message =\n typeof body === \"object\" && body !== null && \"message\" in body\n ? String((body as { message: unknown }).message)\n : `HTTP ${statusCode}`;\n\n const errorCode =\n typeof body === \"object\" && body !== null && \"code\" in body\n ? String((body as { code: unknown }).code)\n : undefined;\n\n switch (statusCode) {\n case 400:\n if (\n typeof body === \"object\" &&\n body !== null &&\n \"errors\" in body &&\n Array.isArray((body as { errors: unknown }).errors)\n ) {\n return new HttpError(message, \"kontext_validation_error\", {\n statusCode: 400,\n validationErrors: (\n body as { errors: Array<{ field: string; message: string }> }\n ).errors,\n });\n }\n return new KontextError(message, errorCode ?? \"kontext_bad_request\", {\n statusCode: 400,\n });\n\n case 401:\n return new AuthorizationRequiredError(message);\n\n case 403:\n if (errorCode === \"INTEGRATION_CONNECTION_REQUIRED\") {\n const details = body as {\n integrationId?: string;\n integrationName?: string;\n connectUrl?: string;\n };\n return new IntegrationConnectionRequiredError(\n details.integrationId ?? \"unknown\",\n {\n integrationName: details.integrationName,\n connectUrl: details.connectUrl,\n message,\n },\n );\n }\n return new HttpError(message, \"kontext_policy_denied\", {\n statusCode: 403,\n meta: { policy: (body as Record<string, unknown>)?.policy },\n });\n\n case 404:\n return new HttpError(message, \"kontext_not_found\", { statusCode: 404 });\n\n case 429: {\n const retryAfter =\n typeof body === \"object\" && body !== null && \"retryAfter\" in body\n ? Number((body as { retryAfter: unknown }).retryAfter)\n : undefined;\n return new HttpError(\n retryAfter\n ? `Rate limit exceeded. Retry after ${retryAfter} seconds.`\n : \"Rate limit exceeded. Wait and retry.\",\n \"kontext_rate_limited\",\n { statusCode: 429, retryAfter },\n );\n }\n\n default:\n if (statusCode >= 500) {\n return new HttpError(\n `Server error (HTTP ${statusCode}): ${message}`,\n \"kontext_server_error\",\n { statusCode },\n );\n }\n return new KontextError(message, errorCode ?? \"kontext_unknown_error\", {\n statusCode,\n });\n }\n}\n","/**\n * KontextOAuthProvider - Implements OAuthClientProvider from @modelcontextprotocol/sdk\n *\n * This provider handles the OAuth 2.0 Authorization Code + PKCE flow\n * for authenticating MCP clients with the Kontext Gateway.\n */\n\nimport type { OAuthClientProvider } from \"@modelcontextprotocol/sdk/client/auth.js\";\nimport type {\n OAuthClientMetadata,\n OAuthClientInformationMixed,\n OAuthTokens,\n} from \"@modelcontextprotocol/sdk/shared/auth.js\";\nimport { randomBytes } from \"node:crypto\";\nimport type { KontextStorage } from \"../storage/types.js\";\nimport {\n createStorageKey,\n StorageKeys,\n resourceTokenKey,\n} from \"../storage/types.js\";\nimport { OAuthError } from \"../errors.js\";\n\nexport interface KontextOAuthProviderConfig {\n /**\n * Application OAuth client ID from Kontext\n */\n clientId: string;\n\n /**\n * Redirect URI for OAuth callback\n * Must match one of the registered redirect URIs for the application\n */\n redirectUri: string;\n\n /**\n * Storage implementation for persisting tokens and PKCE state\n */\n storage: KontextStorage;\n\n /**\n * Optional session key for namespacing storage\n * Useful when multiple users/sessions share the same storage\n */\n sessionKey?: string;\n\n /**\n * Optional client name for OAuth metadata\n */\n clientName?: string;\n\n /**\n * Callback to redirect the user agent to the authorization URL\n * This is called when authorization is required\n *\n * @param url The authorization URL to redirect to\n */\n onRedirectToAuthorization: (url: URL) => void | Promise<void>;\n}\n\n/**\n * OAuth provider implementation for Kontext MCP clients\n *\n * Implements the OAuthClientProvider interface from @modelcontextprotocol/sdk\n * to handle Authorization Code + PKCE authentication flow.\n *\n * @example\n * ```typescript\n * const storage = new MemoryStorage();\n * const provider = new KontextOAuthProvider({\n * clientId: 'your-client-id',\n * redirectUri: 'http://localhost:3000/callback',\n * storage,\n * onRedirectToAuthorization: (url) => {\n * // Open browser or redirect\n * window.location.href = url.toString();\n * },\n * });\n * ```\n */\nexport class KontextOAuthProvider implements OAuthClientProvider {\n private readonly config: KontextOAuthProviderConfig;\n private readonly storagePrefix: string;\n private pendingState: string | null = null;\n private readonly expiryBufferMs = 60 * 1000;\n\n constructor(config: KontextOAuthProviderConfig) {\n this.config = config;\n this.storagePrefix = createStorageKey(config.clientId, config.sessionKey);\n }\n\n /**\n * The redirect URL for OAuth callbacks\n */\n get redirectUrl(): string | URL {\n return this.config.redirectUri;\n }\n\n /**\n * OAuth client metadata\n */\n get clientMetadata(): OAuthClientMetadata {\n return {\n redirect_uris: [this.config.redirectUri],\n client_name: this.config.clientName,\n grant_types: [\"authorization_code\", \"refresh_token\"],\n response_types: [\"code\"],\n token_endpoint_auth_method: \"none\", // Public client\n };\n }\n\n /**\n * Generate a random state parameter for OAuth CSRF protection\n */\n state(): string {\n // Generate a cryptographically secure random string\n const array = new Uint8Array(32);\n if (globalThis.crypto?.getRandomValues) {\n globalThis.crypto.getRandomValues(array);\n } else {\n array.set(randomBytes(32));\n }\n const state = Array.from(array, (byte) =>\n byte.toString(16).padStart(2, \"0\"),\n ).join(\"\");\n this.pendingState = state;\n void this.config.storage.setJson(\n this.getStorageKey(StorageKeys.STATE),\n state,\n );\n return state;\n }\n\n /**\n * Returns the client information (client_id)\n * Since we're a public client with pre-registered credentials,\n * we don't use dynamic client registration.\n */\n async clientInformation(): Promise<OAuthClientInformationMixed | undefined> {\n return {\n client_id: this.config.clientId,\n };\n }\n\n /**\n * Load stored OAuth tokens\n */\n async tokens(): Promise<OAuthTokens | undefined> {\n const key = this.getStorageKey(StorageKeys.TOKENS);\n return this.config.storage.getJson<OAuthTokens>(key);\n }\n\n /**\n * Save OAuth tokens after successful authorization\n */\n async saveTokens(tokens: OAuthTokens): Promise<void> {\n const key = this.getStorageKey(StorageKeys.TOKENS);\n await this.config.storage.setJson(key, this.withIssuedAt(tokens));\n }\n\n /**\n * Redirect the user agent to the authorization URL\n */\n async redirectToAuthorization(authorizationUrl: URL): Promise<void> {\n await this.config.onRedirectToAuthorization(authorizationUrl);\n }\n\n /**\n * Save the PKCE code verifier before redirecting to authorization\n */\n async saveCodeVerifier(codeVerifier: string): Promise<void> {\n const key = this.getStorageKey(StorageKeys.CODE_VERIFIER);\n await this.config.storage.setJson(key, codeVerifier);\n }\n\n /**\n * Load the PKCE code verifier for token exchange\n */\n async codeVerifier(): Promise<string> {\n const key = this.getStorageKey(StorageKeys.CODE_VERIFIER);\n const verifier = await this.config.storage.getJson<string>(key);\n if (!verifier) {\n throw new OAuthError(\n \"No PKCE code verifier found in storage. The OAuth flow may have expired or storage was cleared. Restart the auth flow.\",\n \"kontext_oauth_code_verifier_missing\",\n );\n }\n return verifier;\n }\n\n /**\n * Invalidate stored credentials\n */\n async invalidateCredentials(\n scope: \"all\" | \"client\" | \"tokens\" | \"verifier\",\n ): Promise<void> {\n if (scope === \"all\" || scope === \"tokens\") {\n const tokensKey = this.getStorageKey(StorageKeys.TOKENS);\n await this.config.storage.setJson(tokensKey, undefined);\n const identityKey = this.getStorageKey(StorageKeys.IDENTITY_TOKENS);\n await this.config.storage.setJson(identityKey, undefined);\n }\n if (scope === \"all\" || scope === \"verifier\") {\n const verifierKey = this.getStorageKey(StorageKeys.CODE_VERIFIER);\n await this.config.storage.setJson(verifierKey, undefined);\n }\n if (scope === \"all\") {\n this.pendingState = null;\n const stateKey = this.getStorageKey(StorageKeys.STATE);\n await this.config.storage.setJson(stateKey, undefined);\n }\n // 'client' scope is a no-op since we use pre-registered client info\n }\n\n /**\n * Clear all stored state (tokens, verifier, etc.)\n * Call this to force re-authentication\n */\n async clearAll(): Promise<void> {\n await this.invalidateCredentials(\"all\");\n }\n\n /**\n * Check if we have valid (non-expired) tokens\n */\n async hasValidTokens(): Promise<boolean> {\n const storedTokens = await this.tokens();\n return this.isTokenValid(storedTokens);\n }\n\n // ==========================================================================\n // Pattern B: Identity and Resource Token Management (RFC 8693)\n // ==========================================================================\n\n /**\n * Save identity tokens (no audience)\n * These are the tokens obtained from the initial OAuth flow before token exchange.\n */\n async saveIdentityTokens(tokens: OAuthTokens): Promise<void> {\n const key = this.getStorageKey(StorageKeys.IDENTITY_TOKENS);\n await this.config.storage.setJson(key, this.withIssuedAt(tokens));\n }\n\n /**\n * Load identity tokens\n * Returns the identity tokens obtained from the initial OAuth flow.\n */\n async identityTokens(): Promise<OAuthTokens | undefined> {\n const key = this.getStorageKey(StorageKeys.IDENTITY_TOKENS);\n return this.config.storage.getJson<OAuthTokens>(key);\n }\n\n /**\n * Save resource-scoped tokens for a specific resource\n *\n * @param resource The resource identifier (e.g., \"mcp-gateway\")\n * @param tokens The resource-scoped tokens\n */\n async saveResourceTokens(\n resource: string,\n tokens: OAuthTokens,\n ): Promise<void> {\n const key = this.getStorageKey(resourceTokenKey(resource));\n await this.config.storage.setJson(key, this.withIssuedAt(tokens));\n }\n\n /**\n * Load resource-scoped tokens for a specific resource\n *\n * @param resource The resource identifier (e.g., \"mcp-gateway\")\n * @returns The resource-scoped tokens, or undefined if not found\n */\n async resourceTokens(resource: string): Promise<OAuthTokens | undefined> {\n const key = this.getStorageKey(resourceTokenKey(resource));\n return this.config.storage.getJson<OAuthTokens>(key);\n }\n\n /**\n * Clear resource tokens for a specific resource\n *\n * @param resource The resource identifier (e.g., \"mcp-gateway\")\n */\n async clearResourceTokens(resource: string): Promise<void> {\n const key = this.getStorageKey(resourceTokenKey(resource));\n await this.config.storage.setJson(key, undefined);\n }\n\n /**\n * Check if we have valid identity tokens\n */\n async hasValidIdentityTokens(): Promise<boolean> {\n const tokens = await this.identityTokens();\n return this.isTokenValid(tokens);\n }\n\n /**\n * Check if we have valid resource tokens for a specific resource\n *\n * @param resource The resource identifier\n */\n async hasValidResourceTokens(resource: string): Promise<boolean> {\n const tokens = await this.resourceTokens(resource);\n return this.isTokenValid(tokens);\n }\n\n async validateState(state?: string): Promise<boolean> {\n if (!state) {\n return false;\n }\n\n const key = this.getStorageKey(StorageKeys.STATE);\n const storedState =\n this.pendingState ?? (await this.config.storage.getJson<string>(key));\n const isValid = storedState === state;\n\n if (isValid) {\n this.pendingState = null;\n await this.config.storage.setJson(key, undefined);\n }\n\n return isValid;\n }\n\n private withIssuedAt(\n tokens: OAuthTokens,\n ): OAuthTokens & { issued_at?: number } {\n if (!tokens.expires_in) {\n return tokens;\n }\n return { ...tokens, issued_at: Date.now() };\n }\n\n private isTokenValid(tokens?: OAuthTokens): boolean {\n if (!tokens?.access_token) {\n return false;\n }\n\n if (!tokens.expires_in) {\n return true;\n }\n\n const issuedAt = (tokens as OAuthTokens & { issued_at?: number }).issued_at;\n if (!issuedAt) {\n return true;\n }\n\n const expiresAt = issuedAt + tokens.expires_in * 1000;\n return Date.now() < expiresAt - this.expiryBufferMs;\n }\n\n private getStorageKey(key: string): string {\n return `${this.storagePrefix}:${key}`;\n }\n}\n\n/**\n * Parse an OAuth callback URL and extract the authorization code and state\n *\n * @param callbackUrl The full callback URL with query parameters\n * @returns The authorization code and state, or error details\n */\nexport function parseOAuthCallback(callbackUrl: string | URL): {\n code?: string;\n state?: string;\n error?: string;\n errorDescription?: string;\n} {\n const url =\n typeof callbackUrl === \"string\" ? new URL(callbackUrl) : callbackUrl;\n const params = url.searchParams;\n\n const error = params.get(\"error\");\n if (error) {\n return {\n error,\n errorDescription: params.get(\"error_description\") ?? undefined,\n };\n }\n\n return {\n code: params.get(\"code\") ?? undefined,\n state: params.get(\"state\") ?? undefined,\n };\n}\n","/**\n * KontextMcp - Runtime client for MCP connections via Kontext\n *\n * This is the main entrypoint for MCP clients using Kontext.\n * It wraps the MCP SDK's Client and StreamableHTTPClientTransport\n * with Kontext-specific OAuth handling.\n *\n * Authentication is handled transparently:\n * 1. First API call triggers OAuth if needed\n * 2. Connection is established lazily\n *\n * All MCP servers (gateway and custom) are treated identically —\n * the auth code flow produces resource-scoped tokens directly.\n *\n * @example\n * ```typescript\n * import { KontextMcp } from '@kontext-dev/js-sdk';\n *\n * const kontext = new KontextMcp({\n * clientId: 'your-client-id',\n * redirectUri: 'http://localhost:3000/callback',\n * onAuthRequired: async (url) => {\n * // CLI: open browser, wait for callback, return URL\n * // Web: redirect (return nothing, handle callback separately)\n * open(url.toString());\n * return await waitForCallback();\n * },\n * });\n *\n * // Just use it - auth happens automatically\n * const tools = await kontext.listTools();\n * const result = await kontext.callTool('tool_name', { arg: 'value' });\n * ```\n */\n\nimport { Client } from \"@modelcontextprotocol/sdk/client/index.js\";\nimport { StreamableHTTPClientTransport } from \"@modelcontextprotocol/sdk/client/streamableHttp.js\";\nimport {\n type Tool,\n type CallToolResult,\n type Implementation,\n UrlElicitationRequiredError,\n ElicitRequestSchema,\n ElicitationCompleteNotificationSchema,\n} from \"@modelcontextprotocol/sdk/types.js\";\nimport type { KontextStorage } from \"../storage/types.js\";\nimport { MemoryStorage } from \"../storage/memory.js\";\nimport { KontextOAuthProvider, parseOAuthCallback } from \"../oauth/provider.js\";\nimport {\n AuthorizationRequiredError,\n OAuthError,\n KontextError,\n isUnauthorizedError,\n} from \"../errors.js\";\nimport type { ElicitationEntry } from \"../errors.js\";\n\n/**\n * Default Kontext API server URL\n */\nconst DEFAULT_SERVER = \"https://api.kontext.dev\";\n\nexport function normalizeKontextServerUrl(server: string): string {\n let url = server.replace(/\\/$/, \"\");\n\n // Be forgiving if callers pass a versioned API URL or MCP URL instead of the root origin.\n // Data-plane routes (/mcp, /oauth2, /.well-known) are intentionally outside /api/v1.\n url = url.replace(/\\/api\\/v1\\/?$/, \"\").replace(/\\/mcp\\/?$/, \"\");\n url = url.replace(/\\/$/, \"\");\n\n return url;\n}\n\nexport interface KontextMcpConfig {\n /**\n * Application OAuth client ID\n */\n clientId: string;\n\n /**\n * Full URL of the MCP server endpoint.\n * When provided, the client connects directly to this URL.\n *\n * @example \"https://my-server.com/mcp\"\n */\n url?: string;\n\n /**\n * Base URL for the Kontext server.\n * Defaults to \"https://api.kontext.dev\".\n * Only override for local development or self-hosted instances.\n */\n server?: string;\n\n /**\n * Redirect URI for OAuth callback\n * Must match one of the registered redirect URIs for the application\n */\n redirectUri: string;\n\n /**\n * Storage implementation for persisting tokens\n * Defaults to MemoryStorage if not provided\n */\n storage?: KontextStorage;\n\n /**\n * Optional session key for namespacing storage\n * Useful when multiple users/sessions share the same storage\n * Defaults to \"default\"\n */\n sessionKey?: string;\n\n /**\n * Client name for identification in MCP protocol\n */\n clientName?: string;\n\n /**\n * Client version for identification in MCP protocol\n */\n clientVersion?: string;\n\n /**\n * Callback invoked when OAuth authorization is required.\n *\n * For CLI/Desktop apps:\n * Open the browser, wait for the callback, and return the callback URL.\n * The SDK will extract the code and complete the flow.\n *\n * For Web apps:\n * Redirect to the URL (return nothing). After redirect back,\n * call `handleCallback(url)` on a fresh instance.\n *\n * @param url The authorization URL to open/redirect to\n * @returns The callback URL (CLI/Desktop) or void/Promise<void> (Web)\n */\n onAuthRequired: (\n url: URL,\n ) => string | URL | void | Promise<string | URL | void>;\n\n /**\n * Callback invoked when the server requests URL elicitation (MCP spec -32042).\n * This is the protocol-native way for servers to ask the user to visit a URL\n * (e.g., to connect an OAuth integration).\n *\n * When provided, the client declares `elicitation: { url: {} }` capability.\n */\n onElicitationUrl?: (entry: ElicitationEntry) => void | Promise<void>;\n}\n\nexport type RuntimeIntegrationCategory =\n | \"gateway_remote_mcp\"\n | \"internal_mcp_credentials\";\n\nexport type RuntimeIntegrationConnectType =\n | \"oauth\"\n | \"user_token\"\n | \"credentials\"\n | \"none\";\n\nexport interface RuntimeIntegrationRecord {\n id: string;\n name: string;\n url: string;\n category: RuntimeIntegrationCategory;\n connectType: RuntimeIntegrationConnectType;\n authMode?: \"oauth\" | \"user_token\" | \"server_token\" | \"none\";\n tokenLabel?: string;\n tokenHelpUrl?: string;\n tokenPlaceholder?: string;\n credentialSchema?: unknown;\n requiresOauth?: boolean;\n connection?: {\n connected: boolean;\n status: \"connected\" | \"disconnected\";\n expiresAt?: string;\n displayName?: string;\n };\n}\n\n/**\n * Kontext MCP runtime client\n *\n * Provides a simplified interface for connecting to any MCP server\n * and interacting with tools. Authentication is handled automatically.\n */\nexport class KontextMcp {\n private readonly config: KontextMcpConfig;\n private readonly storage: KontextStorage;\n private readonly oauthProvider: KontextOAuthProvider;\n private readonly clientSessionId =\n typeof globalThis.crypto?.randomUUID === \"function\"\n ? globalThis.crypto.randomUUID()\n : `kontext-sdk-${Date.now().toString(36)}-${Math.random().toString(36).slice(2)}`;\n private transport: StreamableHTTPClientTransport | null = null;\n private client: Client | null = null;\n private _isConnected = false;\n private _pendingConnect: Promise<void> | null = null;\n private _pendingAuthFlow: Promise<void> | null = null;\n private _authFlowResolve: (() => void) | null = null;\n\n constructor(config: KontextMcpConfig) {\n this.config = config;\n this.storage = config.storage ?? new MemoryStorage();\n\n this.oauthProvider = new KontextOAuthProvider({\n clientId: config.clientId,\n redirectUri: config.redirectUri,\n storage: this.storage,\n sessionKey: config.sessionKey ?? \"default\",\n clientName: config.clientName,\n onRedirectToAuthorization: async (url) => {\n // Create a promise that resolves when auth completes\n this._pendingAuthFlow = new Promise<void>((resolve) => {\n this._authFlowResolve = resolve;\n });\n\n // Delegate to user's callback\n const result = await config.onAuthRequired(url);\n if (result) {\n // User returned a callback URL - complete the flow\n await this.handleCallback(result);\n }\n // If no result, user redirected (web app) - they'll call handleCallback separately\n },\n });\n }\n\n /**\n * Check if we're currently connected\n */\n get isConnected(): boolean {\n return this._isConnected;\n }\n\n /**\n * Get the underlying MCP client for advanced usage\n */\n get mcpClient(): Client | null {\n return this.client;\n }\n\n /**\n * Get the session ID from the transport\n */\n get sessionId(): string | undefined {\n return this.transport?.sessionId;\n }\n\n /**\n * Get the server base URL\n */\n private get serverUrl(): string {\n return normalizeKontextServerUrl(this.config.server ?? DEFAULT_SERVER);\n }\n\n /**\n * Get the MCP endpoint URL.\n * When `url` is provided, use it directly. Otherwise derive from server.\n */\n private get mcpEndpointUrl(): string {\n return this.config.url ?? `${this.serverUrl}/mcp`;\n }\n\n /**\n * List available tools from the server\n *\n * This will automatically handle authentication if needed.\n */\n async listTools(): Promise<Tool[]> {\n await this.ensureConnected();\n const response = await this.client!.listTools();\n return response.tools;\n }\n\n /**\n * Call a tool\n *\n * This will automatically handle authentication if needed.\n *\n * @param name The tool name\n * @param args The tool arguments\n */\n async callTool(\n name: string,\n args?: Record<string, unknown>,\n ): Promise<CallToolResult> {\n await this.ensureConnected();\n try {\n const result = await this.client!.callTool({\n name,\n arguments: args,\n });\n return result as CallToolResult;\n } catch (error) {\n // Handle error-based URL elicitation (MCP -32042)\n if (\n error instanceof UrlElicitationRequiredError &&\n this.config.onElicitationUrl\n ) {\n for (const elicitation of error.elicitations) {\n await this.config.onElicitationUrl({\n url: elicitation.url,\n message: elicitation.message ?? \"Action required\",\n elicitationId: elicitation.elicitationId ?? \"\",\n integrationId: (elicitation as Record<string, unknown>)\n .integrationId as string | undefined,\n integrationName: (elicitation as Record<string, unknown>)\n .integrationName as string | undefined,\n });\n }\n }\n throw error;\n }\n }\n\n /**\n * Create a connect session for the hosted connect UI.\n *\n * Returns a URL that can be opened in a browser to let the user\n * connect integrations proactively (before hitting -32042 errors).\n */\n async createConnectSession(): Promise<{\n connectUrl: string;\n sessionId: string;\n expiresAt: string;\n }> {\n const tokens = await this.oauthProvider.tokens();\n if (!tokens?.access_token) {\n throw new AuthorizationRequiredError(\n \"Authorization required. Complete the OAuth flow first.\",\n );\n }\n\n const response = await fetch(`${this.serverUrl}/mcp/connect-session`, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${tokens.access_token}`,\n \"Content-Type\": \"application/json\",\n },\n });\n\n if (response.status === 401) {\n throw new AuthorizationRequiredError(\n \"Access token expired or invalid. Re-authenticate and retry.\",\n );\n }\n\n if (!response.ok) {\n throw new KontextError(\n `Failed to create connect session: HTTP ${response.status}`,\n \"kontext_connect_session_failed\",\n { statusCode: response.status },\n );\n }\n\n return (await response.json()) as {\n connectUrl: string;\n sessionId: string;\n expiresAt: string;\n };\n }\n\n /**\n * List integrations attached to the current application/runtime identity.\n *\n * This is used by higher-level orchestrators to discover mixed integration\n * topologies (gateway + internal credential integrations).\n */\n async listRuntimeIntegrations(): Promise<RuntimeIntegrationRecord[]> {\n const tokens = await this.oauthProvider.tokens();\n if (!tokens?.access_token) {\n throw new AuthorizationRequiredError(\n \"Authorization required. Complete the OAuth flow first.\",\n );\n }\n\n const response = await fetch(`${this.serverUrl}/mcp/integrations`, {\n method: \"GET\",\n headers: {\n Authorization: `Bearer ${tokens.access_token}`,\n },\n });\n\n if (response.status === 401) {\n throw new AuthorizationRequiredError(\n \"Access token expired or invalid. Re-authenticate and retry.\",\n );\n }\n\n if (!response.ok) {\n throw new KontextError(\n `Failed to list runtime integrations: HTTP ${response.status}`,\n \"kontext_runtime_integrations_failed\",\n { statusCode: response.status },\n );\n }\n\n const payload = (await response.json()) as {\n items?: Array<Record<string, unknown>>;\n };\n const items = Array.isArray(payload?.items) ? payload.items : [];\n\n return items\n .map((item): RuntimeIntegrationRecord | null => {\n const id = typeof item.id === \"string\" ? item.id : \"\";\n const name = typeof item.name === \"string\" ? item.name : id;\n const url = typeof item.url === \"string\" ? item.url : \"\";\n if (!id || !url) return null;\n\n const category =\n item.category === \"internal_mcp_credentials\"\n ? \"internal_mcp_credentials\"\n : \"gateway_remote_mcp\";\n const rawConnectType = item.connectType;\n if (typeof rawConnectType !== \"string\") {\n throw new KontextError(\n \"Runtime integration connectType is required in API response.\",\n \"kontext_runtime_integrations_invalid_response\",\n { meta: { integrationId: id, connectType: rawConnectType } },\n );\n }\n\n const connectType =\n rawConnectType === \"credentials\" ||\n rawConnectType === \"oauth\" ||\n rawConnectType === \"user_token\" ||\n rawConnectType === \"none\"\n ? rawConnectType\n : null;\n\n if (!connectType) {\n throw new KontextError(\n `Unknown runtime integration connectType \"${rawConnectType}\".`,\n \"kontext_runtime_integrations_invalid_response\",\n { meta: { integrationId: id, connectType: rawConnectType } },\n );\n }\n\n const rawConnection =\n item.connection && typeof item.connection === \"object\"\n ? (item.connection as Record<string, unknown>)\n : undefined;\n const connected =\n rawConnection && typeof rawConnection.connected === \"boolean\"\n ? rawConnection.connected\n : false;\n const status =\n rawConnection?.status === \"connected\" ? \"connected\" : \"disconnected\";\n\n return {\n id,\n name,\n url,\n category,\n connectType,\n authMode:\n item.authMode === \"oauth\" ||\n item.authMode === \"user_token\" ||\n item.authMode === \"server_token\" ||\n item.authMode === \"none\"\n ? item.authMode\n : undefined,\n tokenLabel:\n typeof item.tokenLabel === \"string\" ? item.tokenLabel : undefined,\n tokenHelpUrl:\n typeof item.tokenHelpUrl === \"string\"\n ? item.tokenHelpUrl\n : undefined,\n tokenPlaceholder:\n typeof item.tokenPlaceholder === \"string\"\n ? item.tokenPlaceholder\n : undefined,\n credentialSchema: item.credentialSchema,\n requiresOauth:\n typeof item.requiresOauth === \"boolean\"\n ? item.requiresOauth\n : undefined,\n connection: rawConnection\n ? {\n connected,\n status,\n expiresAt:\n typeof rawConnection.expiresAt === \"string\"\n ? rawConnection.expiresAt\n : undefined,\n displayName:\n typeof rawConnection.displayName === \"string\"\n ? rawConnection.displayName\n : undefined,\n }\n : undefined,\n };\n })\n .filter((item): item is RuntimeIntegrationRecord => item !== null);\n }\n\n /**\n * Handle an OAuth callback URL\n *\n * Call this after the user has been redirected back from authorization.\n * This is required for web apps where `onAuthRequired` redirects instead of waiting.\n *\n * @param callbackUrl The full callback URL with query parameters\n */\n async handleCallback(callbackUrl: string | URL): Promise<void> {\n const { code, state, error, errorDescription } =\n parseOAuthCallback(callbackUrl);\n\n if (error) {\n this._authFlowResolve?.();\n this._authFlowResolve = null;\n throw new AuthorizationRequiredError(\n errorDescription ?? `OAuth error: ${error}`,\n );\n }\n\n const isValidState = await this.oauthProvider.validateState(state);\n if (!isValidState) {\n this._authFlowResolve?.();\n this._authFlowResolve = null;\n throw new OAuthError(\n \"OAuth state validation failed. The state parameter did not match. Retry the authorization flow.\",\n \"kontext_oauth_state_invalid\",\n );\n }\n\n if (!code) {\n this._authFlowResolve?.();\n this._authFlowResolve = null;\n throw new AuthorizationRequiredError(\n \"No authorization code in callback URL\",\n );\n }\n\n try {\n // Create transport if needed\n if (!this.transport) {\n this.transport = new StreamableHTTPClientTransport(\n new URL(this.mcpEndpointUrl),\n {\n authProvider: this.oauthProvider,\n },\n );\n }\n\n // Exchange code for tokens (via MCP SDK)\n await this.transport.finishAuth(code);\n\n // Get the tokens from the auth code flow.\n // The backend auto-exchange produces resource-scoped tokens directly —\n // no client-side token exchange needed.\n const tokens = await this.oauthProvider.tokens();\n if (!tokens?.access_token) {\n throw new AuthorizationRequiredError(\"Failed to obtain tokens\");\n }\n\n await this.oauthProvider.saveTokens(tokens);\n } finally {\n // Signal that auth flow completed\n this._authFlowResolve?.();\n this._authFlowResolve = null;\n }\n }\n\n /**\n * Disconnect from the server\n */\n async disconnect(): Promise<void> {\n try {\n if (this.transport) {\n try {\n await this.transport.terminateSession();\n } catch {\n // Ignore termination errors\n }\n await this.transport.close();\n }\n } finally {\n this.transport = null;\n this.client = null;\n this._isConnected = false;\n }\n }\n\n /**\n * Clear stored tokens and require re-authentication\n */\n async clearAuth(): Promise<void> {\n await this.oauthProvider.clearAll();\n await this.disconnect();\n }\n\n /**\n * Check if this URL is an OAuth callback\n *\n * Useful for web apps to detect if the current URL is a callback.\n *\n * @param url The URL to check\n */\n isCallback(url: string | URL): boolean {\n const urlObj = typeof url === \"string\" ? new URL(url) : url;\n const redirectUri = new URL(this.config.redirectUri);\n return (\n urlObj.pathname === redirectUri.pathname &&\n (urlObj.searchParams.has(\"code\") || urlObj.searchParams.has(\"error\"))\n );\n }\n\n /**\n * Ensure we're connected, handling auth if needed\n */\n private async ensureConnected(): Promise<void> {\n if (this._isConnected && this.client) {\n return;\n }\n\n // Prevent concurrent connection attempts\n if (this._pendingConnect) {\n await this._pendingConnect;\n return;\n }\n\n this._pendingConnect = this.doConnect();\n try {\n await this._pendingConnect;\n } finally {\n this._pendingConnect = null;\n }\n }\n\n /**\n * Internal connection logic\n */\n private async doConnect(authRetryCount = 0): Promise<void> {\n // Tokens from auth code flow are already resource-scoped —\n // no client-side exchange needed.\n\n // Create transport if needed (may already exist from auth flow)\n if (!this.transport) {\n this.transport = new StreamableHTTPClientTransport(\n new URL(this.mcpEndpointUrl),\n {\n authProvider: this.oauthProvider,\n },\n );\n }\n\n const capabilities: Record<string, Record<string, unknown>> = {\n tools: {},\n };\n if (this.config.onElicitationUrl) {\n capabilities.elicitation = { url: {} };\n }\n\n const clientInfo = {\n name: this.config.clientName ?? \"kontext-sdk\",\n version: this.config.clientVersion ?? \"0.0.1\",\n sessionId: this.clientSessionId,\n };\n\n this.client = new Client(clientInfo as unknown as Implementation, {\n capabilities,\n });\n\n // Register elicitation handlers when callback is provided\n if (this.config.onElicitationUrl) {\n const onElicitationUrl = this.config.onElicitationUrl;\n\n // Handle server-initiated elicitation requests (request-based)\n this.client.setRequestHandler(ElicitRequestSchema, async (request) => {\n const params = request.params;\n if (params.mode === \"url\" && \"url\" in params) {\n await onElicitationUrl({\n url: params.url,\n message: params.message ?? \"Action required\",\n elicitationId: params.elicitationId ?? \"\",\n integrationId: (params as Record<string, unknown>).integrationId as\n | string\n | undefined,\n integrationName: (params as Record<string, unknown>)\n .integrationName as string | undefined,\n });\n }\n return { action: \"accept\" as const };\n });\n\n // Handle elicitation completion notifications\n this.client.setNotificationHandler(\n ElicitationCompleteNotificationSchema,\n () => {\n // Completion notification received — no action needed from the client.\n // The server will retry the tool call automatically.\n },\n );\n }\n\n try {\n await this.client.connect(this.transport);\n this._isConnected = true;\n } catch (error) {\n // If UnauthorizedError, wait for pending auth flow to complete and retry\n if (error instanceof Error && isUnauthorizedError(error)) {\n if (this._pendingAuthFlow) {\n // Auth flow was triggered - wait for it to complete\n await this._pendingAuthFlow;\n this._pendingAuthFlow = null;\n\n // Clean up both - we need fresh instances for retry\n // The transport was already started and can't be reused\n this.transport = null;\n this.client = null;\n\n if (authRetryCount >= 1) {\n throw new AuthorizationRequiredError(\n \"Authorization completed, but the MCP server still rejected the token. Verify OAuth resource audience and token issuer configuration.\",\n { cause: error },\n );\n }\n\n // Retry connection after auth completed\n return this.doConnect(authRetryCount + 1);\n }\n\n // No pending auth flow - clean up and throw error\n this.transport = null;\n this.client = null;\n throw new AuthorizationRequiredError(\n \"Authorization required. Complete the OAuth flow and retry.\",\n );\n }\n\n // Other errors - clean up and wrap in KontextError\n this.transport = null;\n this.client = null;\n if (error instanceof KontextError) throw error;\n throw new KontextError(\n `Failed to connect to MCP server at ${this.mcpEndpointUrl}. ${error instanceof Error ? error.message : String(error)}`,\n \"kontext_mcp_connection_failed\",\n { cause: error },\n );\n }\n }\n}\n\n// Re-export types\nexport type { Tool, CallToolResult } from \"@modelcontextprotocol/sdk/types.js\";\n","/**\n * Shared utilities for Kontext tool handling.\n * Used by both KontextClient (core) and withKontext (Cloudflare adapter).\n */\n\nimport {\n ConfigError,\n IntegrationConnectionRequiredError,\n type ElicitationEntry,\n} from \"../errors.js\";\n\n// Re-export for consumers that import this type from tool-utils.\nexport type { ElicitationEntry } from \"../errors.js\";\n\n// ============================================================================\n// Shared types\n// ============================================================================\n\nexport interface IntegrationStatus {\n readonly id: string;\n readonly name: string;\n readonly connected: boolean;\n readonly connectUrl?: string;\n}\n\n// ============================================================================\n// System prompt\n// ============================================================================\n\n/**\n * Build an LLM system prompt based on available tool names and integration status.\n * Detects `*_SEARCH_TOOLS` / `*_EXECUTE_TOOL` suffixed names from the\n * Cloudflare Agents MCP proxy and generates appropriate guidance.\n */\nexport function buildKontextSystemPrompt(\n toolNames: readonly string[],\n integrations: readonly IntegrationStatus[],\n): string {\n if (toolNames.length === 0) return \"\";\n\n const searchTool = toolNames.find(\n (n) => n.endsWith(\"_SEARCH_TOOLS\") || n === \"SEARCH_TOOLS\",\n );\n const executeTool = toolNames.find(\n (n) => n.endsWith(\"_EXECUTE_TOOL\") || n === \"EXECUTE_TOOL\",\n );\n const requestCapabilityTool = toolNames.find(\n (n) => n.endsWith(\"_REQUEST_CAPABILITY\") || n === \"REQUEST_CAPABILITY\",\n );\n\n let prompt =\n \"You are a helpful assistant with access to various tools and integrations through Kontext.\\n\" +\n \"You can help users with tasks across their connected services (GitHub, Linear, Slack, etc.).\\n\" +\n \"When a user asks about their services, use the available MCP tools to help them.\\n\" +\n \"The user has already authenticated — tools run as the user with their permissions, including access to private repositories and org resources.\\n\" +\n \"If a Kontext tool can satisfy an integration-related request, use the Kontext tool and do not use shell or CLI commands for that request.\\n\" +\n \"Use shell or CLI only when no relevant Kontext tool exists or when the user explicitly requests local shell actions.\";\n\n if (searchTool && executeTool) {\n prompt +=\n `\\n\\nYou have access to external integrations through Kontext MCP tools:\\n` +\n `- Call \\`${searchTool}\\` first to discover what tools/integrations are available.\\n` +\n `- Then call \\`${executeTool}\\` with the tool_id and arguments to run a specific tool.\\n` +\n `- When the user asks about \"my repos\", \"my issues\", etc., use the appropriate tool to look up their data directly. Do not ask for their username — the tools already know who they are.\\n` +\n `Always start by searching for tools when the user asks about their connected services.`;\n }\n\n // Append integration status section when there are integrations to report\n if (integrations.length > 0) {\n const connected = integrations.filter((i) => i.connected);\n const disconnected = integrations.filter((i) => !i.connected);\n\n if (disconnected.length > 0) {\n prompt += \"\\n\\n## Integration Status\";\n\n if (connected.length > 0) {\n prompt += `\\n\\nYou already have access to: ${connected.map((i) => i.name).join(\", \")}`;\n }\n\n prompt += `\\n\\nThe following services require user authorization: ${disconnected.map((i) => i.name).join(\", \")}`;\n\n if (requestCapabilityTool) {\n prompt +=\n `\\n\\n**IMPORTANT:** When the user requests an action that requires one of these services:` +\n `\\n1. Call the \\`${requestCapabilityTool}\\` tool` +\n `\\n2. The tool returns a fresh integrations management link` +\n `\\n3. Include the link in your response so the user can connect or manage integrations` +\n `\\n4. Always call the tool for a fresh link and never reuse a previously returned URL`;\n } else {\n prompt +=\n \"\\n\\nWhen the user asks about a disconnected integration, let them know it needs to be connected first. Do not attempt to use tools from disconnected integrations without informing the user.\";\n }\n } else if (requestCapabilityTool && connected.length > 0) {\n prompt +=\n \"\\n\\n## Integration Management\" +\n `\\n\\nIf the user asks to manage, reconnect, or verify integrations, call \\`${requestCapabilityTool}\\` to get a fresh integrations management link.`;\n }\n }\n\n return prompt;\n}\n\n// ============================================================================\n// Auth-aware toolset orchestrator\n// ============================================================================\n\nexport interface AuthAwareToolset {\n /** System prompt with integration status and REQUEST_CAPABILITY instructions. */\n readonly systemPrompt: string;\n /** REQUEST_CAPABILITY tool to inject, or null if all integrations are connected. */\n readonly requestCapabilityTool: {\n readonly name: string;\n readonly description: string;\n readonly parameters: Record<string, unknown>;\n readonly execute: () => Promise<string>;\n } | null;\n}\n\n/**\n * Enrich a tool set with auth awareness.\n *\n * Given tool names and integration status, produces:\n * - A system prompt that tells the LLM about connected/disconnected integrations\n * - A REQUEST_CAPABILITY tool (if needed) that returns a fresh management URL as text\n *\n * Both `ai/` and `cloudflare/` adapters use this as their core auth layer.\n */\nexport function enrichToolsWithAuthAwareness(\n toolNames: readonly string[],\n integrations: readonly IntegrationStatus[],\n options?: {\n prefix?: string;\n requireServerRequestCapability?: boolean;\n requestCapabilityProxy?: () => Promise<string>;\n },\n): AuthAwareToolset {\n const serverRequestCapability = toolNames.find(\n (name) =>\n name.endsWith(\"_REQUEST_CAPABILITY\") || name === \"REQUEST_CAPABILITY\",\n );\n\n if (options?.requireServerRequestCapability && !serverRequestCapability) {\n throw new ConfigError(\n \"REQUEST_CAPABILITY tool is required but not exposed by the MCP server. Deploy API and SDK in lockstep.\",\n \"kontext_config_missing_request_capability_tool\",\n );\n }\n\n let requestCapabilityTool: AuthAwareToolset[\"requestCapabilityTool\"] = null;\n let effectiveToolNames = [...toolNames];\n\n if (options?.requestCapabilityProxy) {\n const prefix =\n options.prefix ??\n toolNames\n .find((n) => n.endsWith(\"_SEARCH_TOOLS\"))\n ?.replace(/_SEARCH_TOOLS$/, \"\") ??\n \"kontext\";\n const toolName = `${prefix}_REQUEST_CAPABILITY`;\n const tool = buildRequestCapabilityTool(\n integrations,\n options.requestCapabilityProxy!,\n );\n requestCapabilityTool = { name: toolName, ...tool };\n effectiveToolNames = [...effectiveToolNames, toolName];\n }\n\n return {\n systemPrompt: buildKontextSystemPrompt(effectiveToolNames, integrations),\n requestCapabilityTool,\n };\n}\n\n// ============================================================================\n// Integration status parsing\n// ============================================================================\n\n/**\n * Parse integration status from gateway tool search results.\n * Extracts connected integrations from tools and disconnected from errors.\n */\nexport function parseIntegrationStatus(\n tools: ReadonlyArray<{ server?: { id?: string; name?: string } }>,\n errors: ReadonlyArray<{ serverId: string; serverName?: string }>,\n elicitations?: ReadonlyArray<{\n url: string;\n integrationId?: string;\n integrationName?: string;\n }>,\n): IntegrationStatus[] {\n const seen = new Set<string>();\n const result: IntegrationStatus[] = [];\n\n for (const t of tools) {\n const sid = t.server?.id;\n if (sid && !seen.has(sid)) {\n seen.add(sid);\n result.push({\n id: sid,\n name: t.server?.name ?? sid,\n connected: true,\n });\n }\n }\n\n for (const e of errors) {\n if (!seen.has(e.serverId)) {\n seen.add(e.serverId);\n const elicitation = elicitations?.find(\n (el) => el.integrationId === e.serverId,\n );\n result.push({\n id: e.serverId,\n name: e.serverName ?? e.serverId,\n connected: false,\n connectUrl: elicitation?.url,\n });\n }\n }\n\n return result;\n}\n\n// ============================================================================\n// Request capability tool\n// ============================================================================\n\n/**\n * Build a tool that lets the LLM request a fresh integrations management URL.\n * Returns the URL as text so the LLM can present it to the user.\n * No popups — the user clicks the link in the chat.\n */\nexport function buildRequestCapabilityTool(\n capabilities: readonly IntegrationStatus[],\n executeRequestCapability: () => Promise<string>,\n): {\n description: string;\n parameters: Record<string, unknown>;\n execute: () => Promise<string>;\n} {\n const connected = capabilities.filter((c) => c.connected);\n const disconnected = capabilities.filter((c) => !c.connected);\n const connectedList =\n connected.length > 0 ? connected.map((c) => c.name).join(\", \") : \"none\";\n const disconnectedList =\n disconnected.length > 0\n ? disconnected.map((c) => c.name).join(\", \")\n : \"none\";\n\n return {\n description:\n \"Request a fresh integrations management link from the Kontext server. \" +\n `Connected integrations: ${connectedList}. ` +\n `Disconnected integrations: ${disconnectedList}. ` +\n \"Always call this tool for a fresh link and never reuse an older link.\",\n parameters: {\n type: \"object\",\n properties: {},\n },\n execute: async (): Promise<string> => {\n return executeRequestCapability();\n },\n };\n}\n\n/**\n * Pre-flight integration status detection.\n * Calls SEARCH_TOOLS on raw (unwrapped) tools to detect connected/disconnected\n * integrations without triggering any popups or broadcasts.\n */\nexport async function preflightIntegrationStatus(\n tools: ToolSetLike,\n): Promise<IntegrationStatus[]> {\n const searchToolKey = Object.keys(tools).find((k) =>\n k.endsWith(\"_SEARCH_TOOLS\"),\n );\n if (!searchToolKey || !tools[searchToolKey]?.execute) return [];\n\n try {\n const result = await tools[searchToolKey].execute!({ limit: 100 });\n\n // Cloudflare getAITools() returns MCP CallToolResult objects, not strings.\n // Extract JSON text from either a plain string or a CallToolResult shape.\n let json: string | undefined;\n if (typeof result === \"string\") {\n json = result;\n } else if (result && typeof result === \"object\") {\n const content = (\n result as {\n content?: Array<{\n type: string;\n resource?: { text?: string };\n text?: string;\n }>;\n }\n ).content;\n const first = content?.[0];\n json = first?.resource?.text ?? first?.text;\n }\n\n if (typeof json === \"string\") {\n const parsed = JSON.parse(json);\n if (parsed && typeof parsed === \"object\") {\n return parseIntegrationStatus(\n Array.isArray(parsed.items) ? parsed.items : [],\n Array.isArray(parsed.errors) ? parsed.errors : [],\n Array.isArray(parsed.elicitations) ? parsed.elicitations : [],\n );\n }\n }\n } catch (err: unknown) {\n // All integrations disconnected: -32042 error contains elicitations\n const elicitations = extractElicitations(err);\n if (elicitations?.length) {\n return elicitations\n .filter(\n (e): e is ElicitationEntry & { integrationId: string } =>\n !!e.integrationId,\n )\n .map((e) => ({\n id: e.integrationId,\n name: e.integrationName ?? e.integrationId,\n connected: false,\n connectUrl: e.url,\n }));\n }\n }\n\n return [];\n}\n\n// ============================================================================\n// Tool wrapping\n// ============================================================================\n\n/** A tool with an optional async execute method */\nexport interface ToolLike {\n execute?: (...args: unknown[]) => Promise<unknown>;\n [key: string]: unknown;\n}\n\n/** Record of named tools */\nexport type ToolSetLike = Record<string, ToolLike>;\n\n/**\n * Extract elicitation entries from an error thrown by the MCP SDK.\n * Handles two shapes: direct code/data and nested cause.\n */\nexport function extractElicitations(\n err: unknown,\n): ElicitationEntry[] | undefined {\n const error = err as {\n code?: number;\n data?: { elicitations?: ElicitationEntry[] };\n cause?: {\n code?: number;\n data?: { elicitations?: ElicitationEntry[] };\n };\n };\n\n // Primary: structured McpError with code -32042\n if (error?.code === -32042 && error?.data?.elicitations?.length) {\n return error.data.elicitations;\n }\n\n // Nested cause (some SDK wrappers nest the original error)\n if (\n error?.cause?.code === -32042 &&\n error?.cause?.data?.elicitations?.length\n ) {\n return error.cause.data.elicitations;\n }\n\n return undefined;\n}\n\n/**\n * Wrap tools to catch MCP error code -32042 (URL elicitation required)\n * and convert to IntegrationConnectionRequiredError.\n */\nexport function wrapToolsWithElicitation<T extends ToolSetLike>(tools: T): T {\n return Object.fromEntries(\n Object.entries(tools).map(([name, tool]) => [\n name,\n {\n ...tool,\n execute: tool.execute\n ? async (...args: unknown[]) => {\n try {\n return await tool.execute!(...args);\n } catch (err: unknown) {\n const elicitations = extractElicitations(err);\n const elicitation = elicitations?.[0];\n if (elicitation?.url) {\n const integrationId = elicitation.integrationId ?? \"unknown\";\n throw new IntegrationConnectionRequiredError(integrationId, {\n integrationName: elicitation.integrationName,\n connectUrl: elicitation.url,\n message: elicitation.message,\n });\n }\n throw err;\n }\n }\n : undefined,\n },\n ]),\n ) as T;\n}\n","import type { KontextClient } from \"../../index.js\";\nimport type { RuntimeIntegrationRecord } from \"../../../mcp/client.js\";\n\nexport type BackendSource = \"gateway\" | \"internal\";\n\nexport interface RoutingBackend {\n backendId: string;\n source: BackendSource;\n client: KontextClient;\n integrationId?: string;\n integrationName?: string;\n}\n\nexport function gatewayBackendId(): \"gateway\" {\n return \"gateway\";\n}\n\nexport function internalBackendId(integrationId: string): string {\n return `internal:${integrationId}`;\n}\n\nexport function isInternalIntegration(\n integration: RuntimeIntegrationRecord,\n): boolean {\n return integration.category === \"internal_mcp_credentials\";\n}\n\nexport function sortInternalIntegrations(\n integrations: RuntimeIntegrationRecord[],\n): RuntimeIntegrationRecord[] {\n return integrations\n .filter(isInternalIntegration)\n .sort((a, b) => a.id.localeCompare(b.id));\n}\n\nexport function createGatewayBackend(client: KontextClient): RoutingBackend {\n return {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n client,\n };\n}\n\nexport function createInternalBackend(input: {\n integration: RuntimeIntegrationRecord;\n client: KontextClient;\n}): RoutingBackend {\n return {\n backendId: internalBackendId(input.integration.id),\n source: \"internal\",\n client: input.client,\n integrationId: input.integration.id,\n integrationName: input.integration.name,\n };\n}\n","import type { KontextTool } from \"../../index.js\";\nimport type { BackendSource } from \"./backends.js\";\n\nexport interface ToolRouteRecord {\n toolId: string;\n backendId: string;\n source: BackendSource;\n backendToolId: string;\n integrationId?: string;\n}\n\nexport interface RouteInventoryCandidate {\n tool: KontextTool;\n route: ToolRouteRecord;\n}\n\nexport interface RouteConflictRecord {\n toolId: string;\n kept: ToolRouteRecord;\n dropped: ToolRouteRecord;\n}\n\nexport interface RouteInventorySnapshot {\n version: number;\n tools: KontextTool[];\n routes: Map<string, ToolRouteRecord>;\n conflicts: RouteConflictRecord[];\n}\n\nexport function emptyRouteInventorySnapshot(): RouteInventorySnapshot {\n return {\n version: 0,\n tools: [],\n routes: new Map(),\n conflicts: [],\n };\n}\n\nexport function buildRouteInventory(\n version: number,\n candidates: RouteInventoryCandidate[],\n options?: {\n onConflict?: (\n existing: ToolRouteRecord,\n incoming: ToolRouteRecord,\n ) => \"keep_existing\" | \"replace_existing\";\n },\n): RouteInventorySnapshot {\n const tools: KontextTool[] = [];\n const routes = new Map<string, ToolRouteRecord>();\n const conflicts: RouteConflictRecord[] = [];\n\n for (const candidate of candidates) {\n const toolId = candidate.route.toolId;\n if (!routes.has(toolId)) {\n routes.set(toolId, candidate.route);\n tools.push(candidate.tool);\n continue;\n }\n\n const existing = routes.get(toolId)!;\n const decision =\n options?.onConflict?.(existing, candidate.route) ?? \"keep_existing\";\n\n let kept = existing;\n let dropped = candidate.route;\n if (decision === \"replace_existing\") {\n const existingIdx = tools.findIndex((tool) => tool.id === toolId);\n if (existingIdx >= 0) {\n tools.splice(existingIdx, 1, candidate.tool);\n } else {\n tools.push(candidate.tool);\n }\n routes.set(toolId, candidate.route);\n kept = candidate.route;\n dropped = existing;\n }\n\n conflicts.push({\n toolId,\n kept,\n dropped,\n });\n }\n\n return {\n version,\n tools,\n routes,\n conflicts,\n };\n}\n","import {\n buildRouteInventory,\n emptyRouteInventorySnapshot,\n type RouteInventoryCandidate,\n type RouteInventorySnapshot,\n type ToolRouteRecord,\n} from \"./routes.js\";\n\nexport class RouteInventoryStore {\n private versionCounter = 0;\n private resetGeneration = 0;\n private buildRunCounter = 0;\n private latestCommittedBuildRun = 0;\n private snapshotState: RouteInventorySnapshot = emptyRouteInventorySnapshot();\n private pendingBuilds = new Map<string, Promise<RouteInventorySnapshot>>();\n\n get version(): number {\n return this.snapshotState.version;\n }\n\n get snapshot(): RouteInventorySnapshot {\n return this.snapshotState;\n }\n\n routeFor(toolId: string): ToolRouteRecord | undefined {\n return this.snapshotState.routes.get(toolId);\n }\n\n async build(\n buildCandidates: () => Promise<RouteInventoryCandidate[]>,\n options?: {\n key?: string;\n onConflict?: (\n existing: ToolRouteRecord,\n incoming: ToolRouteRecord,\n ) => \"keep_existing\" | \"replace_existing\";\n },\n ): Promise<RouteInventorySnapshot> {\n const key = options?.key ?? \"__default__\";\n const existingBuild = this.pendingBuilds.get(key);\n if (existingBuild) {\n return await existingBuild;\n }\n\n const buildGeneration = this.resetGeneration;\n const buildRun = ++this.buildRunCounter;\n const pendingPromise = (async () => {\n const candidates = await buildCandidates();\n if (this.resetGeneration !== buildGeneration) {\n return this.snapshotState;\n }\n if (buildRun >= this.latestCommittedBuildRun) {\n this.latestCommittedBuildRun = buildRun;\n this.versionCounter += 1;\n const snapshot = buildRouteInventory(this.versionCounter, candidates, {\n onConflict: options?.onConflict,\n });\n this.snapshotState = snapshot;\n return snapshot;\n }\n\n return buildRouteInventory(this.snapshotState.version, candidates, {\n onConflict: options?.onConflict,\n });\n })();\n this.pendingBuilds.set(key, pendingPromise);\n\n try {\n return await pendingPromise;\n } finally {\n if (this.pendingBuilds.get(key) === pendingPromise) {\n this.pendingBuilds.delete(key);\n }\n }\n }\n\n reset(): void {\n this.resetGeneration += 1;\n this.versionCounter = 0;\n this.latestCommittedBuildRun = this.buildRunCounter;\n this.snapshotState = emptyRouteInventorySnapshot();\n this.pendingBuilds.clear();\n }\n}\n","import { KontextError } from \"../../../errors.js\";\nimport type { ToolRouteRecord } from \"./routes.js\";\n\nexport interface RoutingPolicy {\n onRouteConflict(input: {\n toolId: string;\n existing: ToolRouteRecord;\n incoming: ToolRouteRecord;\n }): \"keep_existing\" | \"replace_existing\";\n}\n\nexport const defaultRoutingPolicy: RoutingPolicy = {\n onRouteConflict() {\n return \"keep_existing\";\n },\n};\n\nexport function toRouteConflictError(input: {\n toolId: string;\n kept: ToolRouteRecord;\n dropped: ToolRouteRecord;\n}): KontextError {\n return new KontextError(\n `Route conflict for tool \"${input.toolId}\". Keeping backend \"${input.kept.backendId}\" and dropping \"${input.dropped.backendId}\".`,\n \"kontext_tool_route_conflict\",\n {\n meta: {\n toolId: input.toolId,\n keptBackendId: input.kept.backendId,\n keptSource: input.kept.source,\n keptIntegrationId: input.kept.integrationId,\n droppedBackendId: input.dropped.backendId,\n droppedSource: input.dropped.source,\n droppedIntegrationId: input.dropped.integrationId,\n },\n },\n );\n}\n","import type { ClientState } from \"../../index.js\";\nimport type { KontextError } from \"../../../errors.js\";\n\nexport type KontextOrchestratorState = ClientState;\n\ntype OrchestratorEvent = \"stateChange\" | \"error\";\n\ntype ListenerMap = {\n stateChange: (state: KontextOrchestratorState) => void;\n error: (error: KontextError) => void;\n};\n\nexport interface OrchestratorStateController {\n readonly state: KontextOrchestratorState;\n setState(next: KontextOrchestratorState): void;\n emitError(error: KontextError): void;\n on(event: \"stateChange\", handler: ListenerMap[\"stateChange\"]): () => void;\n on(event: \"error\", handler: ListenerMap[\"error\"]): () => void;\n}\n\nexport function createOrchestratorStateController(input: {\n initialState?: KontextOrchestratorState;\n onStateChange?: (state: KontextOrchestratorState) => void;\n}): OrchestratorStateController {\n let state: KontextOrchestratorState = input.initialState ?? \"idle\";\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const listeners = new Map<OrchestratorEvent, Set<(...args: any[]) => void>>();\n\n function setState(next: KontextOrchestratorState): void {\n if (state === next) return;\n state = next;\n\n try {\n input.onStateChange?.(next);\n } catch {\n // Ignore user callback failures.\n }\n\n const handlers = listeners.get(\"stateChange\");\n if (!handlers) return;\n for (const handler of handlers) {\n try {\n handler(next);\n } catch {\n // Ignore listener failures.\n }\n }\n }\n\n function emitError(error: KontextError): void {\n const handlers = listeners.get(\"error\");\n if (!handlers) return;\n for (const handler of handlers) {\n try {\n handler(error);\n } catch {\n // Ignore listener failures.\n }\n }\n }\n\n function on(\n event: \"stateChange\" | \"error\",\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n handler: (...args: any[]) => void,\n ): () => void {\n if (!listeners.has(event)) {\n listeners.set(event, new Set());\n }\n listeners.get(event)!.add(handler);\n return () => {\n listeners.get(event)?.delete(handler);\n };\n }\n\n return {\n get state() {\n return state;\n },\n setState,\n emitError,\n on,\n };\n}\n","import { AuthorizationRequiredError, KontextError } from \"../../errors.js\";\nimport type { RuntimeIntegrationRecord } from \"../../mcp/client.js\";\nimport type { KontextStorage } from \"../../storage/types.js\";\nimport { createStorageKey, StorageKeys } from \"../../storage/types.js\";\n\ntype StoredAccessToken = {\n access_token?: string;\n expires_in?: number | string;\n issued_at?: number | string;\n token_type?: string;\n};\n\nfunction hasFreshStoredToken(\n tokens: StoredAccessToken | undefined,\n skewMs = 30_000,\n): boolean {\n if (!tokens?.access_token) return false;\n const expiresIn =\n typeof tokens.expires_in === \"number\"\n ? tokens.expires_in\n : Number(tokens.expires_in);\n const issuedAt =\n typeof tokens.issued_at === \"number\"\n ? tokens.issued_at\n : Number(tokens.issued_at);\n\n if (!Number.isFinite(expiresIn) || !Number.isFinite(issuedAt)) {\n return false;\n }\n\n const expiresAt = issuedAt + expiresIn * 1000;\n return Date.now() + skewMs < expiresAt;\n}\n\nexport interface TokenManager {\n tokenStorageKey(sessionKey: string): string;\n ensureInternalResourceToken(\n integration: RuntimeIntegrationRecord,\n options?: { forceExchange?: boolean },\n ): Promise<void>;\n}\n\nexport function createTokenManager(input: {\n clientId: string;\n baseSessionKey: string;\n gatewaySessionKey: string;\n serverUrl: string;\n storage: KontextStorage;\n}): TokenManager {\n const pendingInternalTokenExchange = new Map<string, Promise<void>>();\n\n function tokenStorageKey(sessionKey: string): string {\n return createStorageKey(input.clientId, sessionKey, StorageKeys.TOKENS);\n }\n\n async function readGatewayTokens(): Promise<{\n subjectToken: string | null;\n }> {\n const identityTokens = await input.storage.getJson<{\n access_token?: string;\n }>(\n createStorageKey(\n input.clientId,\n input.gatewaySessionKey,\n StorageKeys.IDENTITY_TOKENS,\n ),\n );\n const gatewayTokens = await input.storage.getJson<{\n access_token?: string;\n }>(tokenStorageKey(input.gatewaySessionKey));\n\n return {\n subjectToken:\n identityTokens?.access_token ?? gatewayTokens?.access_token ?? null,\n };\n }\n\n async function ensureInternalResourceToken(\n integration: RuntimeIntegrationRecord,\n options?: { forceExchange?: boolean },\n ): Promise<void> {\n const internalSessionKey = `${input.baseSessionKey}:internal:${integration.id}`;\n if (!options?.forceExchange) {\n const existingToken = await input.storage.getJson<StoredAccessToken>(\n tokenStorageKey(internalSessionKey),\n );\n if (hasFreshStoredToken(existingToken)) {\n return;\n }\n }\n\n const pending = pendingInternalTokenExchange.get(integration.id);\n if (pending) {\n return await pending;\n }\n\n const exchangePromise = (async () => {\n const { subjectToken: gatewaySubjectToken } = await readGatewayTokens();\n if (!gatewaySubjectToken) {\n return;\n }\n\n const body = new URLSearchParams({\n grant_type: \"urn:ietf:params:oauth:grant-type:token-exchange\",\n subject_token_type: \"urn:ietf:params:oauth:token-type:access_token\",\n subject_token: gatewaySubjectToken,\n resource: integration.url,\n client_id: input.clientId,\n });\n\n const response = await fetch(`${input.serverUrl}/oauth2/token`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n },\n body: body.toString(),\n });\n\n if (response.status === 401) {\n throw new AuthorizationRequiredError(\n \"Access token expired or invalid. Re-authenticate and retry.\",\n );\n }\n\n if (!response.ok) {\n throw new KontextError(\n `Failed to exchange gateway token for internal resource \"${integration.id}\": HTTP ${response.status}`,\n \"kontext_token_exchange_failed\",\n {\n statusCode: response.status,\n meta: {\n integrationId: integration.id,\n resource: integration.url,\n },\n },\n );\n }\n\n const exchanged = (await response.json()) as {\n access_token?: string;\n token_type?: string;\n expires_in?: number;\n refresh_token?: string;\n scope?: string;\n };\n\n if (!exchanged.access_token || !exchanged.token_type) {\n throw new KontextError(\n `Token exchange returned an invalid payload for integration \"${integration.id}\".`,\n \"kontext_token_exchange_failed\",\n {\n meta: {\n integrationId: integration.id,\n resource: integration.url,\n },\n },\n );\n }\n\n await input.storage.setJson(tokenStorageKey(internalSessionKey), {\n ...exchanged,\n issued_at: Date.now(),\n });\n })();\n\n pendingInternalTokenExchange.set(integration.id, exchangePromise);\n try {\n await exchangePromise;\n } finally {\n pendingInternalTokenExchange.delete(integration.id);\n }\n }\n\n return {\n tokenStorageKey,\n ensureInternalResourceToken,\n };\n}\n","import type { KontextClient } from \"../index.js\";\nimport type { RuntimeIntegrationRecord } from \"../../mcp/client.js\";\nimport {\n sortInternalIntegrations,\n type RoutingBackend,\n} from \"./internal/backends.js\";\n\nexport type InternalClientEntry = {\n integration: RuntimeIntegrationRecord;\n backendId: string;\n client: KontextClient;\n unsubscribeState: () => void;\n unsubscribeError: () => void;\n};\n\ntype InternalClientFactoryResult = {\n backend: RoutingBackend;\n client: KontextClient;\n unsubscribeState: () => void;\n unsubscribeError: () => void;\n};\n\nexport interface InternalClientRegistry {\n readonly size: number;\n entries(): IterableIterator<[string, InternalClientEntry]>;\n values(): IterableIterator<InternalClientEntry>;\n keys(): IterableIterator<string>;\n get(integrationId: string): InternalClientEntry | undefined;\n sync(discovered: RuntimeIntegrationRecord[]): Promise<void>;\n missingResolved(resolvedIntegrations: Set<string>): string[];\n dispose(mode: \"disconnect\" | \"signOut\"): Promise<void>;\n}\n\nexport function createInternalClientRegistry(input: {\n backends: Map<string, RoutingBackend>;\n createClient: (\n integration: RuntimeIntegrationRecord,\n ) => InternalClientFactoryResult;\n}): InternalClientRegistry {\n const internalClients = new Map<string, InternalClientEntry>();\n\n async function remove(integrationId: string): Promise<void> {\n const existing = internalClients.get(integrationId);\n if (!existing) return;\n\n existing.unsubscribeState();\n existing.unsubscribeError();\n internalClients.delete(integrationId);\n input.backends.delete(existing.backendId);\n\n try {\n await existing.client.disconnect();\n } catch {\n // Best effort disconnect.\n }\n }\n\n async function sync(discovered: RuntimeIntegrationRecord[]): Promise<void> {\n const sortedInternal = sortInternalIntegrations(discovered);\n const desiredById = new Map(sortedInternal.map((item) => [item.id, item]));\n\n for (const [integrationId, existing] of internalClients) {\n const next = desiredById.get(integrationId);\n if (!next) {\n await remove(integrationId);\n continue;\n }\n\n if (existing.integration.url !== next.url) {\n await remove(integrationId);\n }\n }\n\n for (const integration of sortedInternal) {\n const existing = internalClients.get(integration.id);\n if (existing) {\n existing.integration = integration;\n\n const backend = input.backends.get(existing.backendId);\n if (backend) {\n backend.integrationName = integration.name;\n }\n continue;\n }\n\n const created = input.createClient(integration);\n input.backends.set(created.backend.backendId, created.backend);\n internalClients.set(integration.id, {\n integration,\n backendId: created.backend.backendId,\n client: created.client,\n unsubscribeState: created.unsubscribeState,\n unsubscribeError: created.unsubscribeError,\n });\n }\n }\n\n function missingResolved(resolvedIntegrations: Set<string>): string[] {\n const missing: string[] = [];\n for (const integrationId of internalClients.keys()) {\n if (!resolvedIntegrations.has(integrationId)) {\n missing.push(integrationId);\n }\n }\n return missing;\n }\n\n async function dispose(mode: \"disconnect\" | \"signOut\"): Promise<void> {\n const entries = [...internalClients.values()];\n internalClients.clear();\n\n for (const backend of [...input.backends.values()]) {\n if (backend.source === \"internal\") {\n input.backends.delete(backend.backendId);\n }\n }\n\n await Promise.all(\n entries.map(async (entry) => {\n entry.unsubscribeState();\n entry.unsubscribeError();\n try {\n if (mode === \"signOut\") {\n await entry.client.auth.signOut();\n } else {\n await entry.client.disconnect();\n }\n } catch {\n // Best effort shutdown.\n }\n }),\n );\n }\n\n return {\n get size() {\n return internalClients.size;\n },\n entries() {\n return internalClients.entries();\n },\n values() {\n return internalClients.values();\n },\n keys() {\n return internalClients.keys();\n },\n get(integrationId: string) {\n return internalClients.get(integrationId);\n },\n sync,\n missingResolved,\n dispose,\n };\n}\n","/**\n * KontextOrchestrator — unified mixed-mode client facade.\n *\n * Combines:\n * - Gateway-routed tools (gateway_remote_mcp)\n * - Direct internal MCP tools (internal_mcp_credentials)\n *\n * into a single tool listing/execution surface.\n */\n\nimport {\n createSingleEndpointKontextClient,\n type ConnectSessionResult,\n type IntegrationInfo,\n type KontextClient,\n type KontextClientConfig,\n type KontextTool,\n type ToolResult,\n} from \"../index.js\";\nimport {\n normalizeKontextServerUrl,\n type RuntimeIntegrationRecord,\n} from \"../../mcp/client.js\";\nimport { MemoryStorage } from \"../../storage/memory.js\";\nimport type { KontextStorage } from \"../../storage/types.js\";\nimport {\n AuthorizationRequiredError,\n ConfigError,\n KontextError,\n isKontextError,\n isNetworkError,\n isUnauthorizedError,\n} from \"../../errors.js\";\nimport {\n createGatewayBackend,\n createInternalBackend,\n gatewayBackendId,\n internalBackendId,\n type RoutingBackend,\n} from \"./internal/backends.js\";\nimport { RouteInventoryStore } from \"./internal/inventory.js\";\nimport type {\n RouteConflictRecord,\n RouteInventoryCandidate,\n ToolRouteRecord,\n} from \"./internal/routes.js\";\nimport {\n defaultRoutingPolicy,\n toRouteConflictError,\n} from \"./internal/policy.js\";\nimport {\n createOrchestratorStateController,\n type KontextOrchestratorState,\n} from \"./internal/state.js\";\nimport { createTokenManager } from \"./token-manager.js\";\nimport {\n createInternalClientRegistry,\n type InternalClientEntry,\n} from \"./internal-client-registry.js\";\n\nexport type { KontextOrchestratorState };\n\nexport interface KontextOrchestratorConfig {\n clientId: string;\n redirectUri: string;\n serverUrl?: string;\n storage?: KontextStorage;\n sessionKey?: string;\n onAuthRequired: KontextClientConfig[\"onAuthRequired\"];\n onIntegrationRequired?: KontextClientConfig[\"onIntegrationRequired\"];\n onStateChange?: (state: KontextOrchestratorState) => void;\n}\n\nexport interface KontextOrchestrator {\n readonly state: KontextOrchestratorState;\n\n connect(): Promise<void>;\n disconnect(): Promise<void>;\n getConnectPageUrl(): Promise<ConnectSessionResult>;\n\n readonly auth: {\n signIn(): Promise<void>;\n signOut(): Promise<void>;\n handleCallback(url: string | URL): Promise<void>;\n isCallback(url: string | URL): boolean;\n readonly isAuthenticated: boolean;\n };\n\n readonly integrations: {\n list(): Promise<IntegrationInfo[]>;\n };\n\n readonly tools: {\n list(options?: { limit?: number }): Promise<KontextTool[]>;\n execute(\n toolId: string,\n args?: Record<string, unknown>,\n ): Promise<ToolResult>;\n };\n\n on(\n event: \"stateChange\",\n handler: (state: KontextOrchestratorState) => void,\n ): () => void;\n on(event: \"error\", handler: (error: KontextError) => void): () => void;\n\n readonly mcp: KontextClient[\"mcp\"];\n}\n\ntype ErrorContext = {\n backendId?: string;\n source?: \"gateway\" | \"internal\";\n integrationId?: string;\n operation: string;\n toolId?: string;\n};\n\nfunction isTransientError(err: unknown): boolean {\n if (err instanceof Error && isNetworkError(err)) {\n return true;\n }\n\n if (isKontextError(err)) {\n if (err.code === \"kontext_network_error\") return true;\n if (err.statusCode === 429) return true;\n if (typeof err.statusCode === \"number\" && err.statusCode >= 500) {\n return true;\n }\n return false;\n }\n\n if (typeof err === \"object\" && err !== null) {\n const errObj = err as { status?: unknown; statusCode?: unknown };\n const maybeStatus = errObj.statusCode ?? errObj.status;\n const status = typeof maybeStatus === \"number\" ? maybeStatus : undefined;\n if (status === 429 || (typeof status === \"number\" && status >= 500)) {\n return true;\n }\n }\n\n return false;\n}\n\nasync function withTransientRetry<T>(\n operation: () => Promise<T>,\n maxRetries = 1,\n): Promise<T> {\n const retryDelayMs = 250;\n for (let attempt = 0; attempt <= maxRetries; attempt += 1) {\n try {\n return await operation();\n } catch (err) {\n if (attempt >= maxRetries || !isTransientError(err)) {\n throw err;\n }\n await new Promise((resolve) => setTimeout(resolve, retryDelayMs));\n }\n }\n\n throw new Error(\"Transient retry loop exhausted unexpectedly.\");\n}\n\nfunction toKontextError(err: unknown, context?: ErrorContext): KontextError {\n const contextMeta = context ? { ...context } : undefined;\n const mergeMeta = (\n base?: Record<string, unknown>,\n ): Record<string, unknown> =>\n contextMeta ? { ...(base ?? {}), ...contextMeta } : (base ?? {});\n\n if (isKontextError(err)) {\n if (!contextMeta) {\n return err;\n }\n\n // Preserve subclass identity and specialized fields while avoiding\n // in-place mutation of shared error instances.\n const cloned = Object.create(Object.getPrototypeOf(err)) as KontextError;\n Object.defineProperties(cloned, Object.getOwnPropertyDescriptors(err));\n Object.defineProperty(cloned, \"meta\", {\n value: mergeMeta(err.meta),\n enumerable: true,\n writable: true,\n configurable: true,\n });\n return cloned;\n }\n\n if (err instanceof Error) {\n if (isUnauthorizedError(err)) {\n return new AuthorizationRequiredError(err.message, {\n meta: mergeMeta(),\n cause: err,\n });\n }\n return new KontextError(err.message, \"kontext_unknown_error\", {\n meta: mergeMeta(),\n cause: err,\n });\n }\n\n return new KontextError(String(err), \"kontext_unknown_error\", {\n meta: mergeMeta(),\n });\n}\n\nfunction isAuthorizationRequired(err: unknown): boolean {\n if (err instanceof AuthorizationRequiredError) return true;\n if (isKontextError(err)) {\n return err.code === \"kontext_authorization_required\";\n }\n if (typeof err === \"object\" && err !== null) {\n return (\n (err as { code?: unknown }).code === \"kontext_authorization_required\"\n );\n }\n return false;\n}\n\nfunction isTokenExchangeFailure(err: unknown): boolean {\n if (isKontextError(err)) {\n return err.code === \"kontext_token_exchange_failed\";\n }\n if (typeof err === \"object\" && err !== null) {\n return (err as { code?: unknown }).code === \"kontext_token_exchange_failed\";\n }\n return false;\n}\n\nfunction isAuthRecoveryRequired(err: unknown): boolean {\n return isAuthorizationRequired(err) || isTokenExchangeFailure(err);\n}\nexport function createKontextOrchestrator(\n config: KontextOrchestratorConfig,\n): KontextOrchestrator {\n if (!config.clientId) {\n throw new ConfigError(\n \"clientId is required. Pass it in KontextOrchestratorConfig.\",\n \"kontext_config_missing_client_id\",\n );\n }\n if (!config.redirectUri) {\n throw new ConfigError(\n \"redirectUri is required. Set it to the URL where OAuth should redirect after authorization.\",\n \"kontext_config_missing_redirect_uri\",\n );\n }\n if (!config.onAuthRequired) {\n throw new ConfigError(\n \"onAuthRequired callback is required. Provide a function that opens the OAuth URL.\",\n \"kontext_config_missing_auth_handler\",\n );\n }\n\n const baseSessionKey = config.sessionKey ?? \"default\";\n const serverUrl = normalizeKontextServerUrl(\n config.serverUrl ?? \"https://api.kontext.dev\",\n );\n const sharedStorage = config.storage ?? new MemoryStorage();\n const gatewaySessionKey = `${baseSessionKey}:gateway`;\n\n const authSourceQueue: Array<\"gateway\" | string> = [];\n const stateController = createOrchestratorStateController({\n initialState: \"idle\",\n onStateChange: config.onStateChange,\n });\n\n const routeInventory = new RouteInventoryStore();\n const routingPolicy = defaultRoutingPolicy;\n\n const runtimeIntegrations = new Map<string, RuntimeIntegrationRecord>();\n const backends = new Map<string, RoutingBackend>();\n const managedInternalOps = new Map<string, number>();\n const resolvedInternalListings = new Set<string>();\n\n const tokenManager = createTokenManager({\n clientId: config.clientId,\n baseSessionKey,\n gatewaySessionKey,\n serverUrl,\n storage: sharedStorage,\n });\n\n let pendingIntegrationRefresh: Promise<RuntimeIntegrationRecord[]> | null =\n null;\n\n const gatewayClient = createSingleEndpointKontextClient({\n clientId: config.clientId,\n redirectUri: config.redirectUri,\n serverUrl: config.serverUrl,\n storage: sharedStorage,\n sessionKey: gatewaySessionKey,\n onAuthRequired: async (url) => {\n authSourceQueue.push(\"gateway\");\n return await config.onAuthRequired(url);\n },\n onIntegrationRequired: config.onIntegrationRequired,\n });\n\n const gatewayBackend = createGatewayBackend(gatewayClient);\n backends.set(gatewayBackendId(), gatewayBackend);\n\n const gatewayStateUnsubscribe = gatewayClient.on(\"stateChange\", (state) => {\n if (state === \"needs_auth\") {\n stateController.setState(\"needs_auth\");\n }\n });\n const gatewayErrorUnsubscribe = gatewayClient.on(\"error\", (error) => {\n const translated = toKontextError(error, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"client_error_event\",\n });\n stateController.emitError(translated);\n if (isAuthRecoveryRequired(translated)) {\n stateController.setState(\"needs_auth\");\n }\n });\n\n const ensureInternalResourceToken = tokenManager.ensureInternalResourceToken;\n\n function isInternalOpManaged(integrationId: string): boolean {\n return (managedInternalOps.get(integrationId) ?? 0) > 0;\n }\n\n async function runManagedInternalOp<T>(\n integrationId: string,\n operation: () => Promise<T>,\n ): Promise<T> {\n managedInternalOps.set(\n integrationId,\n (managedInternalOps.get(integrationId) ?? 0) + 1,\n );\n try {\n return await operation();\n } finally {\n const next = (managedInternalOps.get(integrationId) ?? 1) - 1;\n if (next <= 0) {\n managedInternalOps.delete(integrationId);\n } else {\n managedInternalOps.set(integrationId, next);\n }\n }\n }\n\n function createInternalClient(integration: RuntimeIntegrationRecord): {\n backend: RoutingBackend;\n client: KontextClient;\n unsubscribeState: () => void;\n unsubscribeError: () => void;\n } {\n const client = createSingleEndpointKontextClient({\n clientId: config.clientId,\n redirectUri: config.redirectUri,\n url: integration.url,\n serverUrl: config.serverUrl,\n storage: sharedStorage,\n sessionKey: `${baseSessionKey}:internal:${integration.id}`,\n onAuthRequired: async (url) => {\n authSourceQueue.push(integration.id);\n return await config.onAuthRequired(url);\n },\n onIntegrationRequired: config.onIntegrationRequired,\n });\n\n const unsubscribeState = client.on(\"stateChange\", (state) => {\n if (state === \"needs_auth\") {\n stateController.setState(\"needs_auth\");\n }\n });\n const unsubscribeError = client.on(\"error\", (error) => {\n const translated = toKontextError(error, {\n backendId: internalBackendId(integration.id),\n source: \"internal\",\n integrationId: integration.id,\n operation: \"client_error_event\",\n });\n if (\n isInternalOpManaged(integration.id) &&\n isAuthorizationRequired(translated)\n ) {\n return;\n }\n if (isAuthRecoveryRequired(translated)) {\n stateController.setState(\"needs_auth\");\n return;\n }\n stateController.emitError(translated);\n });\n\n const backend = createInternalBackend({ integration, client });\n\n return { backend, client, unsubscribeState, unsubscribeError };\n }\n\n const internalClientRegistry = createInternalClientRegistry({\n backends,\n createClient: createInternalClient,\n });\n\n async function refreshIntegrationInventory(\n force = false,\n ): Promise<RuntimeIntegrationRecord[]> {\n if (pendingIntegrationRefresh) {\n if (!force) {\n return await pendingIntegrationRefresh;\n }\n // Serialize forced refreshes to avoid concurrent shared-state updates.\n await pendingIntegrationRefresh;\n }\n\n const refreshPromise = (async () => {\n const items = await withTransientRetry(\n async () => await gatewayClient.mcp.listRuntimeIntegrations(),\n );\n await applyRuntimeIntegrations(items);\n return items;\n })();\n pendingIntegrationRefresh = refreshPromise;\n\n try {\n return await refreshPromise;\n } finally {\n if (pendingIntegrationRefresh === refreshPromise) {\n pendingIntegrationRefresh = null;\n }\n }\n }\n\n async function applyRuntimeIntegrations(\n integrations: RuntimeIntegrationRecord[],\n ): Promise<void> {\n runtimeIntegrations.clear();\n for (const item of integrations) {\n runtimeIntegrations.set(item.id, item);\n }\n await internalClientRegistry.sync(integrations);\n }\n\n async function buildInventoryCandidates(options?: {\n limit?: number;\n runtimeIntegrations?: RuntimeIntegrationRecord[];\n }): Promise<RouteInventoryCandidate[]> {\n const candidates: RouteInventoryCandidate[] = [];\n resolvedInternalListings.clear();\n const pendingInternalAuthRetries = new Set<string>();\n\n const gatewayTools = await gatewayClient.tools.list(options);\n for (const tool of gatewayTools) {\n candidates.push({\n tool,\n route: {\n toolId: tool.id,\n backendId: gatewayBackendId(),\n source: \"gateway\",\n backendToolId: tool.id,\n },\n });\n }\n\n if (options?.runtimeIntegrations) {\n await applyRuntimeIntegrations(options.runtimeIntegrations);\n } else {\n await refreshIntegrationInventory();\n }\n\n const sortedInternalEntries = [...internalClientRegistry.values()].sort(\n (a, b) => a.integration.id.localeCompare(b.integration.id),\n );\n\n const addInternalToolsForEntry = async (entry: InternalClientEntry) => {\n const internalTools = await withTransientRetry(\n async () =>\n await runManagedInternalOp(entry.integration.id, () =>\n entry.client.tools.list(),\n ),\n );\n resolvedInternalListings.add(entry.integration.id);\n for (const tool of internalTools) {\n const backendToolId = tool.id || tool.name;\n const unifiedId = `${entry.integration.id}:${tool.name}`;\n\n candidates.push({\n tool: {\n id: unifiedId,\n name: tool.name,\n description: tool.description,\n inputSchema: tool.inputSchema,\n server: {\n id: entry.integration.id,\n name: entry.integration.name,\n },\n },\n route: {\n toolId: unifiedId,\n backendId: entry.backendId,\n source: \"internal\",\n backendToolId,\n integrationId: entry.integration.id,\n },\n });\n }\n };\n\n for (const entry of sortedInternalEntries) {\n try {\n await ensureInternalResourceToken(entry.integration);\n await addInternalToolsForEntry(entry);\n } catch (err) {\n const translated = toKontextError(err, {\n backendId: entry.backendId,\n source: \"internal\",\n integrationId: entry.integration.id,\n operation: \"tools.list\",\n });\n if (isAuthorizationRequired(translated)) {\n pendingInternalAuthRetries.add(entry.integration.id);\n continue;\n }\n if (isTokenExchangeFailure(translated)) {\n stateController.setState(\"needs_auth\");\n }\n stateController.emitError(translated);\n }\n }\n\n if (pendingInternalAuthRetries.size > 0) {\n let hasUnresolvedAuth = false;\n for (const integrationId of pendingInternalAuthRetries) {\n const entry = internalClientRegistry.get(integrationId);\n if (!entry) continue;\n\n try {\n await ensureInternalResourceToken(entry.integration, {\n forceExchange: true,\n });\n await runManagedInternalOp(integrationId, async () => {\n await entry.client.disconnect();\n await entry.client.connect();\n });\n await addInternalToolsForEntry(entry);\n } catch (err) {\n const translated = toKontextError(err);\n if (isAuthRecoveryRequired(translated)) {\n hasUnresolvedAuth = true;\n if (isTokenExchangeFailure(translated)) {\n stateController.emitError(translated);\n }\n continue;\n }\n stateController.emitError(translated);\n }\n }\n\n if (hasUnresolvedAuth) {\n stateController.setState(\"needs_auth\");\n } else if (\n stateController.state === \"needs_auth\" &&\n gatewayClient.state === \"ready\"\n ) {\n stateController.setState(\"ready\");\n }\n }\n\n return candidates;\n }\n\n async function buildToolInventory(options?: {\n limit?: number;\n runtimeIntegrations?: RuntimeIntegrationRecord[];\n }): Promise<{\n tools: KontextTool[];\n conflicts: RouteConflictRecord[];\n }> {\n const inventoryKey = JSON.stringify({\n limit: options?.limit ?? null,\n runtimeIntegrations:\n options?.runtimeIntegrations\n ?.map((integration) => integration.id)\n .sort() ?? null,\n });\n const snapshot = await routeInventory.build(\n async () => await buildInventoryCandidates(options),\n {\n key: inventoryKey,\n onConflict: (existing, incoming) =>\n routingPolicy.onRouteConflict({\n toolId: existing.toolId,\n existing,\n incoming,\n }),\n },\n );\n return {\n tools: snapshot.tools,\n conflicts: snapshot.conflicts,\n };\n }\n\n function emitRouteConflicts(conflicts: RouteConflictRecord[]): void {\n for (const conflict of conflicts) {\n stateController.emitError(\n toRouteConflictError({\n toolId: conflict.toolId,\n kept: conflict.kept,\n dropped: conflict.dropped,\n }),\n );\n }\n }\n\n function getInternalIntegrationsMissingTools(): string[] {\n return internalClientRegistry.missingResolved(resolvedInternalListings);\n }\n\n async function disposeInternalClients(\n mode: \"disconnect\" | \"signOut\",\n ): Promise<void> {\n await internalClientRegistry.dispose(mode);\n }\n\n async function ensureConnected(): Promise<void> {\n if (stateController.state === \"ready\") return;\n if (\n stateController.state === \"needs_auth\" &&\n gatewayClient.state === \"ready\"\n ) {\n return;\n }\n\n stateController.setState(\"connecting\");\n\n try {\n await gatewayClient.connect();\n await refreshIntegrationInventory(true);\n stateController.setState(\"ready\");\n } catch (err) {\n const translated = toKontextError(err, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"connect\",\n });\n if (isAuthRecoveryRequired(translated)) {\n stateController.setState(\"needs_auth\");\n } else {\n stateController.setState(\"failed\");\n }\n stateController.emitError(translated);\n throw translated;\n }\n }\n\n async function routeForExecution(toolId: string): Promise<ToolRouteRecord> {\n let route = routeInventory.routeFor(toolId);\n if (route) return route;\n\n const inventory = await buildToolInventory();\n emitRouteConflicts(inventory.conflicts);\n route = routeInventory.routeFor(toolId);\n if (route) return route;\n\n throw new KontextError(\n `Unknown tool \"${toolId}\". Call tools.list() to refresh available tools.`,\n \"kontext_tool_not_found\",\n { meta: { toolId } },\n );\n }\n\n const orchestrator: KontextOrchestrator = {\n get state() {\n return stateController.state;\n },\n\n async connect() {\n await ensureConnected();\n },\n\n async disconnect() {\n await disposeInternalClients(\"disconnect\");\n runtimeIntegrations.clear();\n routeInventory.reset();\n authSourceQueue.length = 0;\n await gatewayClient.disconnect();\n stateController.setState(\"idle\");\n },\n\n async getConnectPageUrl(): Promise<ConnectSessionResult> {\n await ensureConnected();\n return await gatewayClient.getConnectPageUrl();\n },\n\n auth: {\n async signIn() {\n if (\n stateController.state === \"needs_auth\" &&\n gatewayClient.state === \"ready\"\n ) {\n await refreshIntegrationInventory(true);\n\n let unresolvedInternalAuth = false;\n for (const [\n integrationId,\n entry,\n ] of internalClientRegistry.entries()) {\n try {\n await runManagedInternalOp(integrationId, () =>\n entry.client.auth.signIn(),\n );\n } catch (err) {\n const translated = toKontextError(err);\n if (isAuthorizationRequired(translated)) {\n unresolvedInternalAuth = true;\n continue;\n }\n stateController.emitError(translated);\n }\n }\n\n const inventory = await buildToolInventory();\n emitRouteConflicts(inventory.conflicts);\n const missingInternal = getInternalIntegrationsMissingTools();\n if (!unresolvedInternalAuth && missingInternal.length === 0) {\n stateController.setState(\"ready\");\n }\n return;\n }\n\n await ensureConnected();\n },\n\n async signOut() {\n await disposeInternalClients(\"signOut\");\n runtimeIntegrations.clear();\n routeInventory.reset();\n authSourceQueue.length = 0;\n await gatewayClient.auth.signOut();\n stateController.setState(\"idle\");\n },\n\n async handleCallback(url: string | URL) {\n if (internalClientRegistry.size === 0) {\n try {\n await refreshIntegrationInventory(true);\n } catch (err) {\n stateController.emitError(\n toKontextError(err, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"auth.handleCallback.preload\",\n }),\n );\n }\n }\n\n const ordered: Array<{\n client: KontextClient;\n sourceId?: \"gateway\" | string;\n }> = [];\n\n for (const sourceId of authSourceQueue) {\n if (sourceId === \"gateway\") {\n ordered.push({ client: gatewayClient, sourceId });\n continue;\n }\n const active = internalClientRegistry.get(sourceId);\n if (active) {\n ordered.push({ client: active.client, sourceId });\n }\n }\n\n if (gatewayClient.auth.isCallback(url)) {\n ordered.push({ client: gatewayClient });\n }\n\n for (const entry of internalClientRegistry.values()) {\n if (entry.client.auth.isCallback(url)) {\n ordered.push({ client: entry.client });\n }\n }\n\n ordered.push({ client: gatewayClient });\n ordered.push(\n ...[...internalClientRegistry.values()]\n .sort((a, b) => a.integration.id.localeCompare(b.integration.id))\n .map((entry) => ({ client: entry.client })),\n );\n\n const unique: Array<{\n client: KontextClient;\n sourceId?: \"gateway\" | string;\n }> = [];\n const seen = new Set<KontextClient>();\n for (const entry of ordered) {\n if (seen.has(entry.client)) continue;\n seen.add(entry.client);\n unique.push(entry);\n }\n\n let handledBy:\n | {\n client: KontextClient;\n sourceId?: \"gateway\" | string;\n }\n | undefined;\n let lastError: unknown = undefined;\n\n for (const entry of unique) {\n try {\n await entry.client.auth.handleCallback(url);\n handledBy = entry;\n break;\n } catch (err) {\n lastError = err;\n }\n }\n\n if (handledBy) {\n for (let idx = authSourceQueue.length - 1; idx >= 0; idx -= 1) {\n const sourceId = authSourceQueue[idx]!;\n const sourceClient =\n sourceId === \"gateway\"\n ? gatewayClient\n : internalClientRegistry.get(sourceId)?.client;\n if (sourceClient === handledBy.client) {\n authSourceQueue.splice(idx, 1);\n }\n }\n }\n\n if (!handledBy && lastError) {\n throw toKontextError(lastError, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"auth.handleCallback\",\n });\n }\n\n try {\n await ensureConnected();\n } catch (err) {\n stateController.emitError(\n toKontextError(err, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"post_callback_connect\",\n }),\n );\n }\n },\n\n isCallback(url: string | URL): boolean {\n if (gatewayClient.auth.isCallback(url)) return true;\n for (const entry of internalClientRegistry.values()) {\n if (entry.client.auth.isCallback(url)) return true;\n }\n return false;\n },\n\n get isAuthenticated(): boolean {\n return (\n stateController.state === \"ready\" ||\n gatewayClient.auth.isAuthenticated\n );\n },\n },\n\n integrations: {\n async list(): Promise<IntegrationInfo[]> {\n await ensureConnected();\n const discovered = await refreshIntegrationInventory(true);\n\n let gatewayStatuses: IntegrationInfo[] = [];\n try {\n gatewayStatuses = await gatewayClient.integrations.list();\n } catch (err) {\n stateController.emitError(\n toKontextError(err, {\n backendId: gatewayBackendId(),\n source: \"gateway\",\n operation: \"integrations.list\",\n }),\n );\n }\n const gatewayById = new Map(gatewayStatuses.map((i) => [i.id, i]));\n\n const needsInternalConnectLink = discovered.some(\n (i) =>\n i.category === \"internal_mcp_credentials\" &&\n !i.connection?.connected,\n );\n\n let sharedConnectUrl: string | undefined;\n if (needsInternalConnectLink) {\n try {\n sharedConnectUrl = (await gatewayClient.getConnectPageUrl())\n .connectUrl;\n } catch {\n sharedConnectUrl = undefined;\n }\n }\n\n return discovered.map((integration) => {\n const gatewayStatus = gatewayById.get(integration.id);\n const connected =\n gatewayStatus?.connected ??\n integration.connection?.connected ??\n false;\n const connectUrl =\n gatewayStatus?.connectUrl ??\n (!connected && integration.category === \"internal_mcp_credentials\"\n ? sharedConnectUrl\n : undefined);\n const reason =\n gatewayStatus?.reason ??\n (!connected && integration.category === \"internal_mcp_credentials\"\n ? \"credentials_required\"\n : undefined);\n\n return {\n id: integration.id,\n name: integration.name,\n connected,\n connectUrl,\n reason,\n };\n });\n },\n },\n\n tools: {\n async list(options?: { limit?: number }): Promise<KontextTool[]> {\n await ensureConnected();\n let inventory = await buildToolInventory(options);\n\n const missingInternal = getInternalIntegrationsMissingTools();\n if (missingInternal.length > 0) {\n const refreshed = await refreshIntegrationInventory(true);\n inventory = await buildToolInventory({\n ...options,\n runtimeIntegrations: refreshed,\n });\n }\n emitRouteConflicts(inventory.conflicts);\n\n const unresolvedInternal = getInternalIntegrationsMissingTools();\n if (\n stateController.state === \"needs_auth\" &&\n gatewayClient.state === \"ready\" &&\n unresolvedInternal.length === 0\n ) {\n stateController.setState(\"ready\");\n }\n\n return inventory.tools;\n },\n\n async execute(\n toolId: string,\n args?: Record<string, unknown>,\n ): Promise<ToolResult> {\n await ensureConnected();\n\n const route = await routeForExecution(toolId);\n\n try {\n if (route.source === \"gateway\") {\n return await gatewayClient.tools.execute(route.backendToolId, args);\n }\n\n const integrationId = route.integrationId;\n if (!integrationId) {\n throw new KontextError(\n `Route for tool \"${toolId}\" is missing integration metadata.`,\n \"kontext_tool_not_found\",\n { meta: { toolId, route } },\n );\n }\n\n let entry = internalClientRegistry.get(integrationId);\n if (!entry) {\n await refreshIntegrationInventory(true);\n entry = internalClientRegistry.get(integrationId);\n }\n if (!entry) {\n throw new KontextError(\n `Internal integration \"${integrationId}\" is no longer attached.`,\n \"kontext_tool_not_found\",\n { meta: { integrationId } },\n );\n }\n\n await ensureInternalResourceToken(entry.integration);\n try {\n const executeInternal = async () =>\n await withTransientRetry(\n async () =>\n await runManagedInternalOp(integrationId, () =>\n entry.client.tools.execute(route.backendToolId, args),\n ),\n );\n return await executeInternal();\n } catch (innerErr) {\n const innerTranslated = toKontextError(innerErr, {\n backendId: route.backendId,\n source: route.source,\n integrationId: route.integrationId,\n operation: \"tools.execute\",\n toolId,\n });\n throw innerTranslated;\n }\n } catch (err) {\n const translated = toKontextError(err, {\n backendId: route.backendId,\n source: route.source,\n integrationId: route.integrationId,\n operation: \"tools.execute\",\n toolId,\n });\n if (isAuthRecoveryRequired(translated)) {\n stateController.setState(\"needs_auth\");\n }\n stateController.emitError(translated);\n throw translated;\n }\n },\n },\n\n on(\n event: \"stateChange\" | \"error\",\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n handler: (...args: any[]) => void,\n ): () => void {\n if (event === \"stateChange\") {\n return stateController.on(\"stateChange\", handler);\n }\n return stateController.on(\"error\", handler);\n },\n\n get mcp() {\n return gatewayClient.mcp;\n },\n };\n\n // Preserve lifecycle subscriptions.\n void gatewayStateUnsubscribe;\n void gatewayErrorUnsubscribe;\n\n return orchestrator;\n}\n","/**\n * KontextClient — protocol-agnostic facade over KontextMcp.\n *\n * Hides all MCP internals (SEARCH_TOOLS, EXECUTE_TOOL, -32042) behind a\n * clean, typed API. Advanced users can access the underlying KontextMcp\n * via `client.mcp`.\n *\n * @example\n * ```typescript\n * import { createKontextClient } from '@kontext-dev/js-sdk';\n *\n * const client = createKontextClient({\n * clientId: 'your-client-id',\n * redirectUri: 'http://localhost:3000/callback',\n * onAuthRequired: (url) => open(url.toString()),\n * });\n *\n * await client.connect();\n * const tools = await client.tools.list();\n * const result = await client.tools.execute('github:repos', { query: 'mcp' });\n * ```\n *\n * @packageDocumentation\n */\n\nimport { KontextMcp } from \"../mcp/client.js\";\nimport type { KontextStorage } from \"../storage/types.js\";\nimport { parseIntegrationStatus } from \"./tool-utils.js\";\nimport { createKontextOrchestrator } from \"./orchestrator/index.js\";\nimport type { ElicitationEntry } from \"../errors.js\";\nimport {\n AuthorizationRequiredError,\n IntegrationConnectionRequiredError,\n NetworkError,\n KontextError,\n ConfigError,\n isKontextError,\n isNetworkError,\n isUnauthorizedError,\n} from \"../errors.js\";\n\n// ============================================================================\n// Public types\n// ============================================================================\n\nexport type ClientState =\n | \"idle\"\n | \"connecting\"\n | \"ready\"\n | \"needs_auth\"\n | \"failed\";\n\nexport interface KontextClientConfig {\n clientId: string;\n redirectUri: string;\n\n /**\n * Full URL of the MCP server endpoint.\n * When provided, the client connects directly to this URL.\n *\n * @example \"https://my-server.com/mcp\"\n */\n url?: string;\n\n serverUrl?: string;\n storage?: KontextStorage;\n sessionKey?: string;\n\n onAuthRequired: (\n url: URL,\n ) => string | URL | void | Promise<string | URL | void>;\n onIntegrationRequired?: (\n url: string,\n info: { id: string; name?: string },\n ) => void | Promise<void>;\n onStateChange?: (state: ClientState) => void;\n}\n\nexport interface KontextTool {\n id: string;\n name: string;\n description?: string;\n inputSchema?: object;\n server?: { id: string; name?: string };\n}\n\nexport interface IntegrationInfo {\n id: string;\n name: string;\n connected: boolean;\n connectUrl?: string;\n reason?: string;\n}\n\nexport interface ToolResult {\n content: string;\n raw: unknown;\n}\n\nexport interface ConnectSessionResult {\n connectUrl: string;\n sessionId: string;\n expiresAt: string;\n}\n\nexport interface KontextClient {\n readonly state: ClientState;\n\n connect(): Promise<void>;\n disconnect(): Promise<void>;\n getConnectPageUrl(): Promise<ConnectSessionResult>;\n\n readonly auth: {\n signIn(): Promise<void>;\n signOut(): Promise<void>;\n handleCallback(url: string | URL): Promise<void>;\n isCallback(url: string | URL): boolean;\n readonly isAuthenticated: boolean;\n };\n\n readonly integrations: {\n list(): Promise<IntegrationInfo[]>;\n };\n\n readonly tools: {\n list(options?: { limit?: number }): Promise<KontextTool[]>;\n execute(\n toolId: string,\n args?: Record<string, unknown>,\n ): Promise<ToolResult>;\n };\n\n on(event: \"stateChange\", handler: (state: ClientState) => void): () => void;\n on(event: \"error\", handler: (error: KontextError) => void): () => void;\n\n /**\n * Advanced escape hatch to the raw MCP client.\n *\n * Note: In hybrid/orchestrator mode (`createKontextClient` called without\n * `url`), this is the gateway MCP client only. Tools from direct internal\n * integrations are exposed through `client.tools`, not through this property.\n */\n readonly mcp: KontextMcp;\n}\n\n// ============================================================================\n// Internal helpers — meta-tool detection & gateway parsing\n// ============================================================================\n\nconst META_TOOL_NAMES = new Set([\n \"SEARCH_TOOLS\",\n \"EXECUTE_TOOL\",\n \"REQUEST_CAPABILITY\",\n]);\n\nfunction hasMetaTools(tools: Array<{ name: string }>): boolean {\n let hasSearch = false;\n let hasExecute = false;\n for (const tool of tools) {\n if (tool.name === \"SEARCH_TOOLS\") hasSearch = true;\n if (tool.name === \"EXECUTE_TOOL\") hasExecute = true;\n }\n return hasSearch && hasExecute;\n}\n\ntype GatewayToolSummary = {\n id: string;\n name: string;\n description?: string;\n inputSchema?: unknown;\n server?: { id?: string; name?: string; url?: string };\n};\n\ntype GatewayToolError = {\n serverId: string;\n reason: string;\n serverName?: string;\n};\n\ntype McpContentItem = {\n type?: string;\n text?: string;\n resource?: { mimeType?: string; text?: string };\n};\n\nfunction extractJsonResourceText(result: unknown): string | null {\n if (!result || typeof result !== \"object\") return null;\n const content = (result as { content?: McpContentItem[] }).content;\n if (!Array.isArray(content)) return null;\n for (const item of content) {\n if (\n item.type === \"resource\" &&\n item.resource?.mimeType === \"application/json\" &&\n item.resource.text\n ) {\n return item.resource.text;\n }\n }\n return null;\n}\n\nfunction extractTextContent(result: unknown): string {\n if (!result || typeof result !== \"object\") return String(result ?? \"\");\n const r = result as { content?: McpContentItem[] };\n if (r.content && Array.isArray(r.content)) {\n const texts = r.content\n .filter((c) => c.type === \"text\" && c.text)\n .map((c) => c.text!);\n if (texts.length > 0) return texts.join(\"\\n\");\n\n // Meta-tool EXECUTE_TOOL responses are wrapped as resource JSON payloads.\n const resourceTexts = r.content\n .filter((c) => c.type === \"resource\" && c.resource?.text)\n .map((c) => c.resource!.text!);\n if (resourceTexts.length > 0) {\n return resourceTexts\n .map((text) => {\n try {\n return extractTextContent(JSON.parse(text));\n } catch {\n return text;\n }\n })\n .join(\"\\n\");\n }\n\n return JSON.stringify(r.content);\n }\n return JSON.stringify(result);\n}\n\n// ============================================================================\n// Error translation\n// ============================================================================\n\n/**\n * Translate external errors into KontextError instances.\n * Uses structural checks (numeric codes, status codes, system error codes)\n * rather than fragile string matching.\n */\nfunction translateError(err: unknown): KontextError {\n if (isKontextError(err)) return err as KontextError;\n\n if (!(err instanceof Error)) {\n return new KontextError(String(err), \"kontext_unknown_error\");\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const props: Record<string, any> = err;\n\n // 1. MCP protocol -32042 (URL elicitation required) — check numeric code\n if (props.code === -32042) {\n const elicitations = (props.elicitations ?? props.data?.elicitations) as\n | ElicitationEntry[]\n | undefined;\n const elicitation = elicitations?.[0];\n return new IntegrationConnectionRequiredError(\n elicitation?.integrationId ?? \"unknown\",\n {\n integrationName: elicitation?.integrationName,\n connectUrl: elicitation?.url,\n message: elicitation?.message,\n cause: err,\n },\n );\n }\n\n // 2. HTTP status on the error (from MCP SDK or fetch wrappers)\n const statusCode = (props.statusCode ?? props.status) as number | undefined;\n if (typeof statusCode === \"number\" && statusCode >= 400) {\n if (statusCode === 401) {\n return new AuthorizationRequiredError(err.message, { cause: err });\n }\n return new KontextError(err.message, \"kontext_server_error\", {\n statusCode,\n cause: err,\n });\n }\n\n // 3. Auth errors — structural check\n if (isUnauthorizedError(err)) {\n return new AuthorizationRequiredError(err.message, { cause: err });\n }\n\n // 4. Network errors — structural check (system error codes, not string matching)\n if (isNetworkError(err)) {\n return new NetworkError(err.message, { cause: err });\n }\n\n // 5. Fallback\n return new KontextError(err.message, \"kontext_unknown_error\", {\n cause: err,\n });\n}\n\n// ============================================================================\n// Factory\n// ============================================================================\n\nexport function createSingleEndpointKontextClient(\n config: KontextClientConfig,\n): KontextClient {\n if (!config.clientId) {\n throw new ConfigError(\n \"clientId is required. Pass it in KontextClientConfig or set KONTEXT_CLIENT_ID.\",\n \"kontext_config_missing_client_id\",\n );\n }\n if (!config.redirectUri) {\n throw new ConfigError(\n \"redirectUri is required. Set it to the URL where OAuth should redirect after authorization.\",\n \"kontext_config_missing_redirect_uri\",\n );\n }\n if (!config.onAuthRequired) {\n throw new ConfigError(\n \"onAuthRequired callback is required. Provide a function that opens the OAuth URL.\",\n \"kontext_config_missing_auth_handler\",\n );\n }\n\n let _state: ClientState = \"idle\";\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const _listeners = new Map<string, Set<(...args: any[]) => void>>();\n let _metaToolMode: boolean | null = null;\n\n // Build KontextMcp config — route elicitation to onIntegrationRequired\n const mcp = new KontextMcp({\n clientId: config.clientId,\n url: config.url,\n server: config.serverUrl,\n redirectUri: config.redirectUri,\n storage: config.storage,\n sessionKey: config.sessionKey,\n onAuthRequired: config.onAuthRequired,\n // Route MCP elicitation to the high-level callback.\n // KontextMcp calls this then re-throws; client.tools.execute() catches\n // the re-thrown error and handles translation.\n onElicitationUrl: config.onIntegrationRequired\n ? (entry) => {\n config.onIntegrationRequired!(entry.url, {\n id: entry.integrationId ?? \"unknown\",\n name: entry.integrationName ?? entry.message,\n });\n }\n : undefined,\n });\n\n // -- State machine helpers --\n\n function setState(newState: ClientState) {\n if (_state === newState) return;\n _state = newState;\n try {\n config.onStateChange?.(newState);\n } catch {\n // Don't let listener errors break state transitions\n }\n const handlers = _listeners.get(\"stateChange\");\n if (handlers) {\n for (const handler of handlers) {\n try {\n handler(newState);\n } catch {\n // Don't let listener errors break state transitions\n }\n }\n }\n }\n\n function emitError(error: KontextError) {\n const handlers = _listeners.get(\"error\");\n if (handlers) {\n for (const handler of handlers) {\n try {\n handler(error);\n } catch {\n // Don't let listener errors mask the original error\n }\n }\n }\n }\n\n // -- Gateway tool helpers --\n\n async function fetchGatewayTools(limit = 100): Promise<{\n tools: GatewayToolSummary[];\n errors: GatewayToolError[];\n elicitations?: Array<{\n url: string;\n message?: string;\n integrationId?: string;\n integrationName?: string;\n }>;\n }> {\n const result = await mcp.callTool(\"SEARCH_TOOLS\", { limit });\n const jsonText = extractJsonResourceText(result);\n if (!jsonText) {\n throw new KontextError(\n \"SEARCH_TOOLS did not return JSON resource content. The server may not support the gateway protocol.\",\n \"kontext_tool_response_empty\",\n );\n }\n\n let parsed: unknown;\n try {\n parsed = JSON.parse(jsonText);\n } catch (e) {\n throw new KontextError(\n `SEARCH_TOOLS returned invalid JSON: ${e instanceof Error ? e.message : String(e)}`,\n \"kontext_tool_response_invalid_json\",\n );\n }\n if (Array.isArray(parsed)) {\n return { tools: parsed as GatewayToolSummary[], errors: [] };\n }\n if (parsed && typeof parsed === \"object\") {\n const obj = parsed as Record<string, unknown>;\n return {\n tools: Array.isArray(obj.items) ? obj.items : [],\n errors: Array.isArray(obj.errors) ? obj.errors : [],\n elicitations: Array.isArray(obj.elicitations)\n ? obj.elicitations\n : undefined,\n };\n }\n throw new KontextError(\n \"SEARCH_TOOLS response was not a JSON array or object. Check the server version.\",\n \"kontext_tool_response_unexpected\",\n );\n }\n\n function toKontextTool(tool: GatewayToolSummary): KontextTool {\n return {\n id: tool.id,\n name: tool.name,\n description: tool.description,\n inputSchema: tool.inputSchema as object | undefined,\n server: tool.server\n ? { id: tool.server.id ?? \"\", name: tool.server.name }\n : undefined,\n };\n }\n\n async function ensureConnected(): Promise<void> {\n if (_state === \"ready\" && mcp.isConnected) return;\n setState(\"connecting\");\n try {\n // listTools() triggers lazy connection inside KontextMcp\n const mcpTools = await mcp.listTools();\n _metaToolMode = hasMetaTools(mcpTools);\n setState(\"ready\");\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n } else {\n setState(\"failed\");\n }\n emitError(translated);\n throw translated;\n }\n }\n\n // -- Public interface --\n\n const client: KontextClient = {\n get state() {\n return _state;\n },\n\n async connect() {\n await ensureConnected();\n },\n\n async disconnect() {\n await mcp.disconnect();\n _metaToolMode = null;\n setState(\"idle\");\n },\n\n async getConnectPageUrl(): Promise<ConnectSessionResult> {\n await ensureConnected();\n try {\n return await mcp.createConnectSession();\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n }\n throw translated;\n }\n },\n\n auth: {\n async signIn() {\n await ensureConnected();\n },\n\n async signOut() {\n await mcp.clearAuth();\n _metaToolMode = null;\n setState(\"idle\");\n },\n\n async handleCallback(url: string | URL) {\n await mcp.handleCallback(url);\n try {\n await ensureConnected();\n } catch (err) {\n // Connection may not succeed yet — emit error but don't throw\n // since the callback itself was handled successfully\n emitError(translateError(err));\n }\n },\n\n isCallback(url: string | URL): boolean {\n return mcp.isCallback(url);\n },\n\n get isAuthenticated(): boolean {\n return _state === \"ready\" || mcp.isConnected;\n },\n },\n\n integrations: {\n async list(): Promise<IntegrationInfo[]> {\n await ensureConnected();\n try {\n const { tools, errors, elicitations } = await fetchGatewayTools();\n\n const statuses = parseIntegrationStatus(tools, errors, elicitations);\n\n // Enrich with reason from errors\n const errorMap = new Map(errors.map((e) => [e.serverId, e.reason]));\n return statuses.map((s) => {\n const reason = errorMap.get(s.id);\n return reason ? { ...s, reason } : s;\n });\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n }\n throw translated;\n }\n },\n },\n\n tools: {\n async list(options?: { limit?: number }): Promise<KontextTool[]> {\n await ensureConnected();\n try {\n const mcpTools = await mcp.listTools();\n const nonMetaTools = mcpTools.filter(\n (t) => !META_TOOL_NAMES.has(t.name),\n );\n\n if (nonMetaTools.length > 0 || !hasMetaTools(mcpTools)) {\n _metaToolMode = false;\n return nonMetaTools.map((t) => ({\n id: t.name,\n name: t.name,\n description: t.description,\n inputSchema: t.inputSchema as object | undefined,\n }));\n }\n\n _metaToolMode = true;\n const { tools, elicitations } = await fetchGatewayTools(\n options?.limit,\n );\n\n // If the server returned embedded elicitations (partial result with\n // some servers needing OAuth), invoke the onIntegrationRequired callback\n // so the user can connect the missing integrations.\n if (elicitations?.length && config.onIntegrationRequired) {\n for (const e of elicitations) {\n if (e.url) {\n config.onIntegrationRequired(e.url, {\n id: e.integrationId ?? \"\",\n name: e.integrationName ?? e.message,\n });\n }\n }\n }\n\n return tools.map(toKontextTool);\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n }\n throw translated;\n }\n },\n\n async execute(\n toolId: string,\n args?: Record<string, unknown>,\n ): Promise<ToolResult> {\n await ensureConnected();\n\n // Determine meta-tool mode if not yet known\n if (_metaToolMode === null) {\n const mcpTools = await mcp.listTools();\n _metaToolMode = hasMetaTools(mcpTools);\n }\n\n try {\n const result = _metaToolMode\n ? await mcp.callTool(\"EXECUTE_TOOL\", {\n tool_id: toolId,\n tool_arguments: args ?? {},\n })\n : await mcp.callTool(toolId, args);\n\n return { content: extractTextContent(result), raw: result };\n } catch (err) {\n const translated = translateError(err);\n if (translated instanceof AuthorizationRequiredError) {\n setState(\"needs_auth\");\n }\n throw translated;\n }\n },\n },\n\n on(\n event: \"stateChange\" | \"error\",\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n handler: (...args: any[]) => void,\n ): () => void {\n if (!_listeners.has(event)) {\n _listeners.set(event, new Set());\n }\n _listeners.get(event)!.add(handler);\n return () => {\n _listeners.get(event)?.delete(handler);\n };\n },\n\n get mcp() {\n return mcp;\n },\n };\n\n return client;\n}\n\n/**\n * Primary SDK client entrypoint.\n *\n * - `config.url` set: single-endpoint mode.\n * - `config.url` omitted: hybrid orchestrated mode.\n */\nexport function createKontextClient(\n config: KontextClientConfig & { url: string },\n): KontextClient;\nexport function createKontextClient(\n config: Omit<KontextClientConfig, \"url\"> & { url?: undefined },\n): KontextClient;\nexport function createKontextClient(\n config: KontextClientConfig,\n): KontextClient {\n if (config.url !== undefined) {\n if (typeof config.url !== \"string\" || config.url.trim().length === 0) {\n throw new ConfigError(\n \"url must be a non-empty string. Omit url for hybrid mode, or provide a full MCP endpoint URL.\",\n \"kontext_config_invalid_url\",\n );\n }\n return createSingleEndpointKontextClient(config);\n }\n\n return createKontextOrchestrator(config);\n}\n","/**\n * Core types for the Kontext SDK\n * These mirror the API DTOs for type-safe interactions\n */\n\n// ============================================================================\n// Applications\n// ============================================================================\n\nexport interface Application {\n id: string;\n name: string;\n canModify?: boolean;\n activeSessionCount?: number;\n idleSessionCount?: number;\n liveSessionCount?: number;\n totalSessionCount?: number;\n oauth?: ApplicationOAuth;\n archivedAt?: string;\n createdAt: string;\n updatedAt: string;\n}\n\nexport interface ApplicationOAuth {\n type: \"public\" | \"confidential\";\n clientId: string;\n clientSecret?: string;\n pkceRequired: boolean;\n scopes: string[];\n authorizationUrl: string;\n tokenUrl: string;\n gatewayUrl: string;\n redirectUris: string[];\n}\n\nexport interface CreateApplicationOAuthInput {\n type?: \"public\" | \"confidential\";\n redirectUris: string[];\n pkceRequired?: boolean;\n scopes?: string[];\n}\n\nexport interface CreateApplicationInput {\n name: string;\n oauth: CreateApplicationOAuthInput;\n}\n\nexport interface UpdateApplicationInput {\n name?: string;\n}\n\nexport interface UpdateApplicationOAuthInput {\n pkceRequired?: boolean;\n scopes?: string[];\n redirectUris?: string[];\n}\n\nexport interface CreateApplicationResponse {\n application: Application;\n oauth: ApplicationOAuth;\n}\n\nexport interface ApplicationResponse {\n application: Application;\n}\n\nexport interface ApplicationOAuthResponse {\n oauth: ApplicationOAuth;\n}\n\nexport interface ListApplicationsResponse {\n items: Application[];\n nextCursor?: string;\n}\n\nexport interface RotateApplicationSecretResponse {\n oauth: ApplicationOAuth;\n}\n\nexport interface UpdateApplicationIntegrationsInput {\n integrationIds: string[];\n}\n\nexport interface ApplicationIntegrationsResponse {\n integrationIds: string[];\n}\n\n// ============================================================================\n// Integrations\n// ============================================================================\n\nexport type IntegrationAuthMode =\n | \"oauth\"\n | \"user_token\"\n | \"server_token\"\n | \"none\";\n\nexport type IntegrationValidationStatus = \"pending\" | \"valid\" | \"invalid\";\n\nexport interface IntegrationOAuthSummary {\n provider?: string;\n issuer?: string;\n scopes?: string[];\n metadata?: Record<string, unknown>;\n}\n\nexport interface IntegrationCapabilities {\n tools?: boolean;\n resources?: boolean;\n prompts?: boolean;\n}\n\nexport interface Integration {\n id: string;\n name: string;\n url: string;\n authMode: IntegrationAuthMode;\n oauth?: IntegrationOAuthSummary;\n capabilities?: IntegrationCapabilities;\n serverTokenConfigured: boolean;\n validationStatus: IntegrationValidationStatus;\n validationMessage?: string;\n lastValidatedAt?: string;\n userConnection?: ConnectionStatusResponse;\n createdAt: string;\n updatedAt: string;\n archivedAt?: string;\n}\n\nexport interface IntegrationOAuthConfigInput {\n provider?: string;\n issuer?: string;\n scopes?: string[];\n}\n\nexport interface CreateIntegrationInput {\n name: string;\n url: string;\n authMode?: IntegrationAuthMode;\n oauth?: IntegrationOAuthConfigInput;\n capabilities?: IntegrationCapabilities;\n serverToken?: string;\n}\n\nexport interface UpdateIntegrationInput {\n name?: string;\n url?: string;\n authMode?: IntegrationAuthMode;\n oauth?: IntegrationOAuthConfigInput;\n capabilities?: IntegrationCapabilities;\n serverToken?: string;\n}\n\nexport interface CreateIntegrationResponse {\n integration: Integration;\n}\n\nexport interface IntegrationResponse {\n integration: Integration;\n}\n\nexport interface ListIntegrationsResponse {\n items: Integration[];\n nextCursor?: string;\n}\n\nexport interface ValidateIntegrationResponse {\n status: IntegrationValidationStatus;\n message?: string;\n}\n\n// ============================================================================\n// Integration Connections\n// ============================================================================\n\nexport type ConnectionStatus = \"connected\" | \"disconnected\";\n\nexport interface ConnectionStatusResponse {\n connected: boolean;\n status?: ConnectionStatus;\n expiresAt?: string;\n displayName?: string;\n}\n\nexport interface ConnectionResponse {\n connection: ConnectionStatusResponse;\n}\n\nexport interface AddUserTokenInput {\n token: string;\n}\n\n// ============================================================================\n// Service Accounts\n// ============================================================================\n\nexport interface ServiceAccount {\n id: string;\n name: string;\n description: string | null;\n createdAt: string;\n}\n\nexport interface ServiceAccountCredentials {\n clientId: string;\n clientSecret: string;\n}\n\nexport interface CreateServiceAccountInput {\n name: string;\n description?: string;\n}\n\nexport interface CreateServiceAccountResponse {\n serviceAccount: ServiceAccount;\n credentials: ServiceAccountCredentials;\n}\n\nexport interface RotateSecretResponse {\n credentials: ServiceAccountCredentials;\n}\n\nexport interface ListServiceAccountsResponse {\n items: ServiceAccount[];\n nextCursor: string | null;\n}\n\nexport interface ServiceAccountResponse {\n serviceAccount: ServiceAccount;\n}\n\n// ============================================================================\n// Agent Sessions\n// ============================================================================\n\nexport type AgentSessionStatus = \"active\" | \"disconnected\";\nexport type AgentSessionDerivedStatus =\n | \"active\"\n | \"idle\"\n | \"expired\"\n | \"disconnected\";\n\nexport interface AgentSession {\n id: string;\n agentId: string;\n organizationId: string;\n authenticatedUserId: string;\n authenticatedUserEmail?: string | null;\n name: string;\n hostname?: string | null;\n userAgent?: string | null;\n clientInfo?: Record<string, unknown> | null;\n status: AgentSessionStatus;\n derivedStatus: AgentSessionDerivedStatus;\n connectedAt?: string;\n lastActiveAt?: string;\n disconnectedAt?: string;\n tokenExpiresAt?: string;\n createdAt: string;\n}\n\nexport interface AgentSessionResponse {\n session: AgentSession;\n}\n\nexport interface ListAgentSessionsResponse {\n items: AgentSession[];\n}\n\nexport interface RevokeAllSessionsResponse {\n success: boolean;\n disconnectedCount: number;\n}\n\n// ============================================================================\n// Traces & Events\n// ============================================================================\n\nexport interface Trace {\n traceId: string | null;\n sessionId: string;\n startedAt: string | null;\n endedAt: string | null;\n eventCount: number;\n okCount?: number;\n warnCount?: number;\n errorCount?: number;\n agentId?: string;\n ownerUserId?: string;\n ownerEmail?: string;\n agentName?: string;\n agentSessionId?: string;\n agentSessionName?: string;\n}\n\nexport interface TraceEvent {\n id: string;\n createdAt: string;\n sessionId: string;\n agentId: string;\n traceId?: string | null;\n apiKeyId?: string | null;\n eventType: string;\n status: string;\n durationMs?: number | null;\n integrationId?: string | null;\n toolName?: string | null;\n errorMessage?: string | null;\n bytesIn?: number | null;\n bytesOut?: number | null;\n requestJson?: unknown;\n responseJson?: unknown;\n parentEventId?: string | null;\n agentSessionId?: string | null;\n /** @deprecated Use createdAt */\n timestamp?: string;\n /** @deprecated Use status */\n level?: \"ok\" | \"warn\" | \"error\";\n /** @deprecated Use eventType */\n type?: string;\n /** @deprecated May be encoded in requestJson/responseJson */\n method?: string;\n /** @deprecated Use toolName */\n tool?: string;\n /** @deprecated Use durationMs */\n duration?: number;\n /** @deprecated Use status/errorMessage fields */\n errorType?: string;\n /** @deprecated May be encoded in requestJson/responseJson */\n metadata?: Record<string, unknown>;\n}\n\nexport interface ListTracesResponse {\n items: Trace[];\n nextCursor?: string;\n}\n\nexport interface TraceResponse {\n trace: Trace;\n events: TraceEvent[];\n}\n\nexport interface McpEvent {\n id: string;\n createdAt: string;\n agentId: string;\n integrationId: string | null;\n toolName: string | null;\n eventType: string;\n status: string;\n}\n\nexport interface McpEventListResponse {\n items: McpEvent[];\n}\n\n/**\n * @deprecated Use McpEventListResponse instead.\n */\nexport type ListEventsResponse = McpEventListResponse;\n\nexport interface TraceStats {\n totalTraces: number;\n totalEvents: number;\n eventCounts: { ok: number; warn: number; error: number };\n errorRate: number;\n latency: { avg: number; p50: number; p95: number; p99: number };\n bytesTransferred: { in: number; out: number };\n errorsByType: Array<{ type: string; count: number; percentage: number }>;\n topTools: Array<{ name: string; count: number; avgDuration: number }>;\n timeline: Array<{\n date: string;\n traceCount: number;\n eventCount: number;\n warnCount: number;\n errorCount: number;\n bytesIn: number;\n bytesOut: number;\n }>;\n}\n\nexport interface TraceStatsResponse {\n stats: TraceStats;\n}\n\n// ============================================================================\n// Pagination\n// ============================================================================\n\nexport interface PaginationParams {\n cursor?: string;\n limit?: number;\n}\n\n// ============================================================================\n// OAuth Tokens (for storage)\n// ============================================================================\n\nexport interface OAuthTokens {\n accessToken: string;\n refreshToken?: string;\n tokenType: string;\n scope?: string;\n expiresAt?: string;\n}\n\n// ============================================================================\n// Token Exchange (RFC 8693)\n// ============================================================================\n\n/**\n * RFC 8693 Token Exchange grant type\n */\nexport const TOKEN_EXCHANGE_GRANT_TYPE =\n \"urn:ietf:params:oauth:grant-type:token-exchange\";\n\n/**\n * RFC 8693 token type identifier for access tokens\n */\nexport const TOKEN_TYPE_ACCESS_TOKEN =\n \"urn:ietf:params:oauth:token-type:access_token\";\n\n/**\n * Request body for RFC 8693 token exchange\n */\nexport interface TokenExchangeRequest {\n grant_type: typeof TOKEN_EXCHANGE_GRANT_TYPE;\n subject_token: string;\n subject_token_type?: string;\n resource: string;\n scope?: string;\n audience?: string;\n}\n\n/**\n * Response from RFC 8693 token exchange\n */\nexport interface TokenExchangeResponse {\n access_token: string;\n issued_token_type: string;\n token_type: string;\n expires_in?: number;\n scope?: string;\n refresh_token?: string;\n}\n\n// ============================================================================\n// Client Configuration\n// ============================================================================\n\nexport interface KontextManagementClientConfig {\n /**\n * Base URL for the Kontext API (e.g., \"https://api.kontext.dev\")\n */\n baseUrl: string;\n\n /**\n * API version to use (default: \"v1\")\n */\n apiVersion?: string;\n\n /**\n * OAuth token endpoint URL (optional)\n * If not specified, defaults to `${baseUrl}/oauth2/token`\n * Useful for local development where Hydra runs on a different port\n */\n tokenUrl?: string;\n\n /**\n * OAuth scopes to request (optional)\n * Defaults to [\"management:all\"]\n */\n scopes?: string[];\n\n /**\n * OAuth audience for token requests (optional)\n * If not specified, defaults to `${baseUrl}/api/${apiVersion}`\n * Required for Hydra token introspection\n */\n audience?: string;\n\n /**\n * Service account credentials for authentication\n */\n credentials: {\n clientId: string;\n clientSecret: string;\n };\n}\n","/**\n * RFC 8693 Token Exchange\n *\n * Generic token exchange function for exchanging identity tokens\n * for resource-scoped tokens.\n *\n * @see https://datatracker.ietf.org/doc/html/rfc8693\n */\n\nimport {\n TOKEN_EXCHANGE_GRANT_TYPE,\n TOKEN_TYPE_ACCESS_TOKEN,\n type TokenExchangeResponse,\n} from \"../management/types.js\";\nimport { OAuthError } from \"../errors.js\";\n\n/**\n * Configuration for token exchange\n */\nexport interface TokenExchangeConfig {\n /**\n * Token endpoint URL (e.g., https://api.kontext.dev/oauth2/token)\n */\n tokenUrl: string;\n\n /**\n * OAuth client ID\n */\n clientId: string;\n\n /**\n * OAuth client secret (for confidential clients)\n */\n clientSecret?: string;\n}\n\n/**\n * Exchange a subject token for a resource-scoped token (RFC 8693).\n *\n * This function implements the OAuth 2.0 Token Exchange grant type,\n * allowing an identity token to be exchanged for an access token\n * scoped to a specific resource.\n *\n * @param config - Token exchange configuration\n * @param subjectToken - The subject token to exchange (typically an access token)\n * @param resource - The target resource identifier (e.g., \"mcp-gateway\", \"my-mcp-server\")\n * @param scope - Optional scope restriction (must be subset of subject token scopes)\n * @param subjectTokenType - Optional subject token type (defaults to access token)\n * @returns Resource-scoped token response\n * @throws {OAuthError} If the token exchange fails\n *\n * @example\n * ```typescript\n * const response = await exchangeToken(\n * {\n * tokenUrl: 'https://api.kontext.dev/oauth2/token',\n * clientId: 'my-client-id',\n * },\n * identityToken,\n * 'mcp-gateway'\n * );\n * console.log(response.access_token);\n * ```\n */\nexport async function exchangeToken(\n config: TokenExchangeConfig,\n subjectToken: string,\n resource: string,\n scope?: string,\n subjectTokenType: string = TOKEN_TYPE_ACCESS_TOKEN,\n): Promise<TokenExchangeResponse> {\n // Build the request body as form-urlencoded\n const body = new URLSearchParams();\n body.set(\"grant_type\", TOKEN_EXCHANGE_GRANT_TYPE);\n body.set(\"subject_token\", subjectToken);\n body.set(\"subject_token_type\", subjectTokenType);\n body.set(\"resource\", resource);\n\n if (scope) {\n body.set(\"scope\", scope);\n }\n\n // For public clients, include client_id in the body\n // For confidential clients, use Basic auth\n const headers: Record<string, string> = {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n };\n\n if (config.clientSecret) {\n // Confidential client: use Basic authentication\n const credentials = Buffer.from(\n `${config.clientId}:${config.clientSecret}`,\n ).toString(\"base64\");\n headers[\"Authorization\"] = `Basic ${credentials}`;\n } else {\n // Public client: include client_id in body\n body.set(\"client_id\", config.clientId);\n }\n\n const response = await fetch(config.tokenUrl, {\n method: \"POST\",\n headers,\n body: body.toString(),\n });\n\n if (!response.ok) {\n let errorMessage = `Token exchange failed: ${response.status} ${response.statusText}`;\n let errorCode: string | undefined;\n let integrationName: string | undefined;\n let integrationId: string | undefined;\n\n try {\n const errorBody = await response.json();\n errorCode = errorBody.error;\n if (errorBody.error_description) {\n errorMessage = errorBody.error_description;\n } else if (errorBody.error) {\n errorMessage = `Token exchange failed: ${errorBody.error}`;\n }\n // Extract integration-specific fields when present (e.g., integration_required,\n // or any error that includes integration metadata for reconnection flows)\n if (errorBody.integration_name || errorBody.integration_id) {\n integrationName = errorBody.integration_name;\n integrationId = errorBody.integration_id;\n }\n } catch {\n // Ignore JSON parse errors, use default message\n }\n\n throw new OAuthError(errorMessage, \"kontext_oauth_token_exchange_failed\", {\n errorCode,\n meta: {\n integrationName,\n integrationId,\n },\n });\n }\n\n const tokenResponse = (await response.json()) as TokenExchangeResponse;\n\n // Validate required fields\n if (!tokenResponse.access_token) {\n throw new OAuthError(\n \"Token exchange response missing access_token.\",\n \"kontext_oauth_token_exchange_failed\",\n );\n }\n\n if (!tokenResponse.issued_token_type) {\n throw new OAuthError(\n \"Token exchange response missing issued_token_type.\",\n \"kontext_oauth_token_exchange_failed\",\n );\n }\n\n if (!tokenResponse.token_type) {\n throw new OAuthError(\n \"Token exchange response missing token_type.\",\n \"kontext_oauth_token_exchange_failed\",\n );\n }\n\n return tokenResponse;\n}\n","/**\n * Token verification error codes.\n * These provide structured error information for debugging and error handling.\n */\nexport type TokenVerificationErrorCode =\n | \"INVALID_TOKEN_FORMAT\"\n | \"INVALID_SIGNATURE\"\n | \"TOKEN_EXPIRED\"\n | \"TOKEN_NOT_YET_VALID\"\n | \"INVALID_ISSUER\"\n | \"INVALID_AUDIENCE\"\n | \"MISSING_SCOPE\"\n | \"MISSING_CLAIMS\"\n | \"JWKS_FETCH_FAILED\"\n | \"UNKNOWN_KID\"\n | \"UNSUPPORTED_ALGORITHM\";\n\n/**\n * Error thrown when token verification fails.\n * Contains a structured error code for programmatic handling.\n */\nexport class TokenVerificationError extends Error {\n readonly code: TokenVerificationErrorCode;\n\n constructor(code: TokenVerificationErrorCode, message: string) {\n super(message);\n this.name = \"TokenVerificationError\";\n this.code = code;\n Object.setPrototypeOf(this, TokenVerificationError.prototype);\n }\n}\n","import { createRemoteJWKSet, type JWTVerifyGetKey } from \"jose\";\nimport { TokenVerificationError } from \"./errors.js\";\n\n/**\n * Options for the JWKS client.\n */\nexport interface JwksClientOptions {\n /** JWKS endpoint URL */\n jwksUrl: string;\n\n /** Cache TTL in milliseconds (default: 5 minutes) */\n cacheTtlMs?: number;\n\n /** Minimum time between refetches in milliseconds (default: 30 seconds) */\n refetchCooldownMs?: number;\n\n /** Custom fetch function for testing */\n fetch?: typeof globalThis.fetch;\n}\n\nconst DEFAULT_CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes\nconst DEFAULT_REFETCH_COOLDOWN_MS = 30 * 1000; // 30 seconds\n\n/**\n * JWKS client with caching and rate-limited refetching.\n *\n * Uses jose's createRemoteJWKSet for JWKS fetching and caching,\n * but adds rate limiting to prevent DoS via rapid refetch requests.\n */\nexport class JwksClient {\n private readonly jwksUrl: URL;\n private readonly cacheTtlMs: number;\n private readonly refetchCooldownMs: number;\n private readonly customFetch?: typeof globalThis.fetch;\n\n private jwks: JWTVerifyGetKey | null = null;\n private lastFetchAt = 0;\n private lastRefreshAt = 0;\n\n constructor(options: JwksClientOptions) {\n this.jwksUrl = new URL(options.jwksUrl);\n this.cacheTtlMs = options.cacheTtlMs ?? DEFAULT_CACHE_TTL_MS;\n this.refetchCooldownMs =\n options.refetchCooldownMs ?? DEFAULT_REFETCH_COOLDOWN_MS;\n this.customFetch = options.fetch;\n }\n\n /**\n * Get the JWKS key resolver for use with jose's jwtVerify.\n *\n * Creates the remote JWKS on first call and caches it.\n * The jose library handles internal caching and key lookup.\n */\n getKeyResolver(): JWTVerifyGetKey {\n const now = Date.now();\n\n // Check if we need to refresh (cache expired)\n if (this.jwks && now - this.lastFetchAt > this.cacheTtlMs) {\n this.jwks = null;\n }\n\n if (!this.jwks) {\n this.jwks = createRemoteJWKSet(this.jwksUrl, {\n // jose handles caching internally, we just track our own refresh timing\n ...(this.customFetch && {\n [Symbol.for(\"fetch\")]: this.customFetch,\n }),\n });\n this.lastFetchAt = now;\n }\n\n return this.jwks;\n }\n\n /**\n * Force refresh the JWKS cache.\n *\n * Respects the refetch cooldown to prevent rapid refetching.\n * Returns true if refresh was performed, false if cooldown not elapsed.\n */\n refresh(): boolean {\n const now = Date.now();\n\n if (!this.canRefresh()) {\n return false;\n }\n\n this.jwks = null;\n this.lastRefreshAt = now;\n return true;\n }\n\n /**\n * Check if a refresh is allowed (cooldown elapsed).\n */\n canRefresh(): boolean {\n return Date.now() - this.lastRefreshAt >= this.refetchCooldownMs;\n }\n\n /**\n * Handle unknown kid errors by attempting refresh.\n *\n * @returns TokenVerificationError if refresh not allowed or already attempted\n */\n handleUnknownKid(kid: string): TokenVerificationError | null {\n if (this.refresh()) {\n // Refresh performed, caller should retry verification\n return null;\n }\n\n // Cooldown not elapsed, return error\n return new TokenVerificationError(\n \"UNKNOWN_KID\",\n `Unknown key ID: ${kid}. JWKS refresh on cooldown.`,\n );\n }\n\n /**\n * Clear the cache, forcing a fresh fetch on next access.\n */\n clearCache(): void {\n this.jwks = null;\n this.lastFetchAt = 0;\n // Don't reset lastRefreshAt to maintain cooldown protection\n }\n}\n","import { jwtVerify, decodeProtectedHeader, errors as joseErrors } from \"jose\";\nimport { JwksClient } from \"./jwks-client.js\";\nimport { TokenVerificationError } from \"./errors.js\";\nimport type {\n KontextTokenVerifierConfig,\n VerifiedTokenClaims,\n VerifyResult,\n JwtPayload,\n} from \"./types.js\";\n\nconst DEFAULT_CLOCK_TOLERANCE_SEC = 30;\nconst SUPPORTED_ALGORITHMS = [\"ES256\", \"RS256\"];\n\n/**\n * Token verifier for Kontext-issued JWTs using JWKS discovery.\n *\n * Uses the jose library for robust JWT verification with support for:\n * - ES256 and RS256 algorithms\n * - JWKS-based key discovery with caching\n * - Key rotation support with rate-limited refetching\n * - Configurable clock tolerance\n * - Typed error responses\n *\n * @example\n * ```typescript\n * import { KontextTokenVerifier } from '@kontext-dev/js-sdk';\n *\n * const verifier = new KontextTokenVerifier({\n * jwksUrl: 'https://api.kontext.dev/.well-known/jwks.json',\n * issuer: 'kontext-token-exchange',\n * audience: 'mcp-gateway',\n * requiredScopes: ['mcp:invoke'],\n * });\n *\n * const result = await verifier.verify(bearerToken);\n * if (result.success) {\n * console.log(`Verified token for client: ${result.claims.clientId}`);\n * } else {\n * console.error(`Verification failed: ${result.error.code}`);\n * }\n * ```\n */\ninterface ResolvedConfig {\n jwksUrl: string;\n issuer: string | string[];\n audience: string | string[];\n requiredScopes: string[];\n cacheTtlMs: number;\n refetchCooldownMs: number;\n clockToleranceSec: number;\n fetch?: typeof globalThis.fetch;\n}\n\nexport class KontextTokenVerifier {\n private readonly config: ResolvedConfig;\n private readonly jwksClient: JwksClient;\n private readonly audiences: string[];\n\n constructor(config: KontextTokenVerifierConfig) {\n this.config = {\n jwksUrl: config.jwksUrl,\n issuer: config.issuer,\n audience: config.audience,\n requiredScopes: config.requiredScopes ?? [],\n cacheTtlMs: config.cacheTtlMs ?? 5 * 60 * 1000,\n refetchCooldownMs: config.refetchCooldownMs ?? 30 * 1000,\n clockToleranceSec:\n config.clockToleranceSec ?? DEFAULT_CLOCK_TOLERANCE_SEC,\n fetch: config.fetch,\n };\n\n this.audiences = Array.isArray(config.audience)\n ? config.audience\n : [config.audience];\n\n this.jwksClient = new JwksClient({\n jwksUrl: config.jwksUrl,\n cacheTtlMs: this.config.cacheTtlMs,\n refetchCooldownMs: this.config.refetchCooldownMs,\n fetch: config.fetch,\n });\n }\n\n /**\n * Verify a JWT token.\n *\n * @param token - The JWT token string (without \"Bearer \" prefix)\n * @returns VerifyResult with success=true and claims, or success=false and error\n */\n async verify(token: string): Promise<VerifyResult> {\n try {\n return await this.verifyInternal(token, false);\n } catch (error) {\n if (error instanceof TokenVerificationError) {\n return { success: false, error };\n }\n\n // Unexpected error\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_TOKEN_FORMAT\",\n `Unexpected verification error: ${(error as Error).message}`,\n ),\n };\n }\n }\n\n /**\n * Verify a JWT token and return claims or null.\n * Simpler API for cases where you don't need error details.\n *\n * @param token - The JWT token string (without \"Bearer \" prefix)\n * @returns VerifiedTokenClaims if valid, null if invalid\n */\n async verifyOrNull(token: string): Promise<VerifiedTokenClaims | null> {\n const result = await this.verify(token);\n return result.success ? result.claims : null;\n }\n\n /**\n * Clear the JWKS cache, forcing a fresh fetch on next verification.\n */\n clearCache(): void {\n this.jwksClient.clearCache();\n }\n\n private async verifyInternal(\n token: string,\n isRetry: boolean,\n ): Promise<VerifyResult> {\n const JWKS = this.jwksClient.getKeyResolver();\n\n try {\n // Use jose's jwtVerify for robust verification\n const { payload, protectedHeader } = await jwtVerify(token, JWKS, {\n issuer: this.config.issuer,\n audience: this.audiences,\n clockTolerance: this.config.clockToleranceSec,\n algorithms: SUPPORTED_ALGORITHMS,\n });\n\n // Check algorithm is supported\n const alg = protectedHeader.alg;\n if (!SUPPORTED_ALGORITHMS.includes(alg)) {\n throw new TokenVerificationError(\n \"UNSUPPORTED_ALGORITHM\",\n `Unsupported algorithm: ${alg}. Expected one of: ${SUPPORTED_ALGORITHMS.join(\", \")}`,\n );\n }\n\n // Validate required claims\n const jwtPayload = payload as JwtPayload;\n if (\n typeof jwtPayload.exp !== \"number\" ||\n !Number.isFinite(jwtPayload.exp) ||\n jwtPayload.exp <= 0\n ) {\n throw new TokenVerificationError(\n \"MISSING_CLAIMS\",\n \"Token missing required exp claim\",\n );\n }\n\n // Extract and validate scopes\n const scopes = this.parseScopes(jwtPayload.scope);\n for (const required of this.config.requiredScopes) {\n if (!scopes.includes(required)) {\n throw new TokenVerificationError(\n \"MISSING_SCOPE\",\n `Missing required scope: ${required}`,\n );\n }\n }\n\n // Extract client ID\n const clientId = jwtPayload.client_id || jwtPayload.sub;\n if (!clientId) {\n throw new TokenVerificationError(\n \"MISSING_CLAIMS\",\n \"Token missing client_id and sub claims\",\n );\n }\n\n // Build verified claims\n const claims: VerifiedTokenClaims = {\n sub: jwtPayload.sub || \"\",\n clientId,\n scopes,\n expiresAt: new Date(jwtPayload.exp * 1000),\n jti: jwtPayload.jti,\n payload: jwtPayload,\n };\n\n return { success: true, claims };\n } catch (error) {\n // Handle jose-specific errors\n if (error instanceof joseErrors.JWKSNoMatchingKey) {\n // Unknown kid - try refreshing JWKS once\n if (!isRetry) {\n const kid = this.extractKid(token);\n const refreshError = this.jwksClient.handleUnknownKid(\n kid || \"unknown\",\n );\n if (!refreshError) {\n // Refresh performed, retry verification\n return this.verifyInternal(token, true);\n }\n return { success: false, error: refreshError };\n }\n\n return {\n success: false,\n error: new TokenVerificationError(\n \"UNKNOWN_KID\",\n \"No matching key found in JWKS\",\n ),\n };\n }\n\n if (error instanceof joseErrors.JWTExpired) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"TOKEN_EXPIRED\",\n \"Token has expired\",\n ),\n };\n }\n\n if (error instanceof joseErrors.JWTClaimValidationFailed) {\n const message = error.message;\n if (message.includes(\"iss\")) {\n const expected = Array.isArray(this.config.issuer)\n ? this.config.issuer.join(\" or \")\n : this.config.issuer;\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_ISSUER\",\n `Invalid issuer: expected ${expected}`,\n ),\n };\n }\n if (message.includes(\"aud\")) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_AUDIENCE\",\n `Invalid audience: expected one of ${this.audiences.join(\", \")}`,\n ),\n };\n }\n if (message.includes(\"nbf\")) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"TOKEN_NOT_YET_VALID\",\n \"Token is not yet valid (nbf claim)\",\n ),\n };\n }\n }\n\n if (error instanceof joseErrors.JWSSignatureVerificationFailed) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_SIGNATURE\",\n \"Signature verification failed\",\n ),\n };\n }\n\n if (error instanceof joseErrors.JWSInvalid) {\n return {\n success: false,\n error: new TokenVerificationError(\n \"INVALID_TOKEN_FORMAT\",\n `Invalid JWS: ${error.message}`,\n ),\n };\n }\n\n // Re-throw TokenVerificationError\n if (error instanceof TokenVerificationError) {\n throw error;\n }\n\n // Unknown error\n throw new TokenVerificationError(\n \"INVALID_TOKEN_FORMAT\",\n `Verification failed: ${(error as Error).message}`,\n );\n }\n }\n\n private parseScopes(scope: string | undefined): string[] {\n if (!scope) return [];\n return scope\n .split(\" \")\n .map((s) => s.trim())\n .filter(Boolean);\n }\n\n private extractKid(token: string): string | null {\n try {\n const header = decodeProtectedHeader(token);\n return header.kid ?? null;\n } catch {\n return null;\n }\n }\n}\n","/**\n * Session and transport management for the Kontext server SDK.\n *\n * Tracks StreamableHTTPServerTransport instances by session ID,\n * handles cleanup of stale sessions, and provides the session lifecycle\n * hooks used by `kontext.middleware()`.\n */\n\nimport { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\n\nexport interface SessionCallbacks {\n onSessionClosed?: (sessionId: string) => void;\n}\n\nexport class SessionManager {\n private readonly transports = new Map<\n string,\n StreamableHTTPServerTransport\n >();\n private readonly lastAccessed = new Map<string, number>();\n private readonly expiresAt = new Map<string, number>();\n private readonly cleanupInterval: ReturnType<typeof setInterval>;\n\n private static readonly STALE_TIMEOUT_MS = 60 * 60 * 1000; // 1 hour\n private static readonly CLEANUP_INTERVAL_MS = 5 * 60 * 1000; // 5 minutes\n\n constructor() {\n this.cleanupInterval = setInterval(\n () => this.cleanupStaleSessions(),\n SessionManager.CLEANUP_INTERVAL_MS,\n );\n // Allow the timer to not block process exit\n if (this.cleanupInterval.unref) {\n this.cleanupInterval.unref();\n }\n }\n\n getTransport(sessionId: string): StreamableHTTPServerTransport | undefined {\n return this.transports.get(sessionId);\n }\n\n registerSession(\n sessionId: string,\n transport: StreamableHTTPServerTransport,\n callbacks?: SessionCallbacks,\n expiresAt?: number,\n ): void {\n this.transports.set(sessionId, transport);\n this.lastAccessed.set(sessionId, Date.now());\n if (expiresAt !== undefined) {\n this.expiresAt.set(sessionId, expiresAt);\n }\n\n transport.onclose = () => {\n this.removeSession(sessionId);\n callbacks?.onSessionClosed?.(sessionId);\n };\n }\n\n touchSession(sessionId: string): void {\n if (this.transports.has(sessionId)) {\n this.lastAccessed.set(sessionId, Date.now());\n }\n }\n\n removeSession(sessionId: string): void {\n this.transports.delete(sessionId);\n this.lastAccessed.delete(sessionId);\n this.expiresAt.delete(sessionId);\n }\n\n /**\n * Check if a session's token has expired.\n * Returns true if the token's `expiresAt` has passed.\n */\n isSessionExpired(sessionId: string): boolean {\n const exp = this.expiresAt.get(sessionId);\n return exp !== undefined && Date.now() / 1000 >= exp;\n }\n\n private cleanupStaleSessions(): void {\n const now = Date.now();\n for (const [sid, lastTime] of this.lastAccessed.entries()) {\n if (now - lastTime > SessionManager.STALE_TIMEOUT_MS) {\n const transport = this.transports.get(sid);\n if (transport) {\n void transport.close?.();\n }\n this.removeSession(sid);\n }\n }\n }\n\n destroy(): void {\n clearInterval(this.cleanupInterval);\n for (const [sid, transport] of this.transports.entries()) {\n void transport.close?.();\n this.removeSession(sid);\n }\n }\n}\n","/**\n * Kontext — the v3 server SDK entry point.\n *\n * Two methods:\n * kontext.middleware(server) — Express middleware (auth + metadata + transport + sessions)\n * kontext.require(integration, token) — RFC 8693 token exchange with caching\n * kontext.requireCredentials(integration, token) — Resolve per-user internal credentials\n *\n * @example Factory pattern (recommended for production — supports concurrent sessions)\n * ```typescript\n * import { Kontext } from \"@kontext-dev/js-sdk/server\";\n * import { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\n * import express from \"express\";\n *\n * const kontext = new Kontext({ clientId: \"mcp_my-server\" });\n *\n * function createServer() {\n * const server = new McpServer({ name: \"my-server\", version: \"1.0.0\" });\n * server.tool(\"list_repos\", {}, async (args, { authInfo }) => {\n * const github = await kontext.require(\"github\", authInfo!.token);\n * const res = await fetch(\"https://api.github.com/user/repos\", {\n * headers: { Authorization: github.authorization },\n * });\n * return { content: [{ type: \"text\", text: JSON.stringify(await res.json()) }] };\n * });\n * return server;\n * }\n *\n * const app = express();\n * app.use(kontext.middleware(createServer)); // /mcp endpoint + /.well-known/* metadata\n * app.listen(3000);\n * ```\n */\n\nimport { createHash } from \"node:crypto\";\nimport { createRequire } from \"node:module\";\nimport type { Router, Request, Response, NextFunction } from \"express\";\nimport type { McpServerOrFactory } from \"./types.js\";\nimport { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\nimport { isInitializeRequest } from \"@modelcontextprotocol/sdk/types.js\";\nimport {\n mcpAuthMetadataRouter,\n getOAuthProtectedResourceMetadataUrl,\n} from \"@modelcontextprotocol/sdk/server/auth/router.js\";\nimport { requireBearerAuth } from \"@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js\";\nimport type { OAuthMetadata } from \"@modelcontextprotocol/sdk/shared/auth.js\";\nimport type { OAuthTokenVerifier } from \"@modelcontextprotocol/sdk/server/auth/provider.js\";\nimport type { AuthInfo } from \"@modelcontextprotocol/sdk/server/auth/types.js\";\nimport { InvalidTokenError } from \"@modelcontextprotocol/sdk/server/auth/errors.js\";\n\nimport {\n exchangeToken,\n type TokenExchangeConfig,\n} from \"../oauth/token-exchange.js\";\nimport { OAuthError, IntegrationConnectionRequiredError } from \"../errors.js\";\nimport { KontextTokenVerifier } from \"../verify/verifier.js\";\nimport { SessionManager, type SessionCallbacks } from \"./sessions.js\";\nimport type {\n KontextOptions,\n MiddlewareOptions,\n IntegrationCredential,\n IntegrationResolvedCredentials,\n IntegrationName,\n} from \"./types.js\";\n\nconst DEFAULT_API_URL = \"https://api.kontext.dev\";\nconst METADATA_CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour\nconst CREDENTIAL_CACHE_MAX_ENTRIES = 500;\nconst RUNTIME_AUTH_CACHE_MAX_ENTRIES = 8;\nconst RESOLVED_CREDENTIAL_CACHE_TTL_MS = 30 * 1000;\n\nconst SDK_VERSION = (() => {\n try {\n const esmRequire = createRequire(import.meta.url);\n const pkg = esmRequire(\"../../package.json\") as { version?: string };\n return pkg.version ?? \"unknown\";\n } catch {\n return \"unknown\";\n }\n})();\n\ninterface CachedCredential {\n credential: IntegrationCredential;\n expiresAt: number;\n}\n\ninterface CachedResolvedCredential {\n credential: IntegrationResolvedCredentials;\n expiresAt: number;\n}\n\ninterface RuntimeAuthContext {\n metadataRouter: Router;\n bearerAuth: ReturnType<typeof requireBearerAuth>;\n}\n\n/**\n * The v3 Kontext server SDK.\n *\n * Provides two methods:\n * - `middleware(server)` — Express Router with auth metadata, bearer validation, and MCP transport.\n * Accepts an `McpServer` instance (single-session) or a factory `() => McpServer` (concurrent sessions).\n * - `require(integration, token)` — RFC 8693 token exchange with in-memory caching\n * - `requireCredentials(integration, token)` — Resolve per-user credential maps for internal integrations\n */\nexport class Kontext {\n private static readonly shutdownInstances = new Set<Kontext>();\n private static shutdownHandlersRegistered = false;\n\n private readonly clientId: string;\n private readonly clientSecret: string | undefined;\n private readonly apiUrl: string;\n private readonly tokenIssuers: string[];\n\n // AS metadata: fetched lazily, cached with TTL\n private oauthMetadata: OAuthMetadata | null = null;\n private metadataFetchedAt = 0;\n private metadataPromise: Promise<OAuthMetadata> | null = null;\n\n // Token exchange caching: keyed by `${integration}\\0${subjectToken}`\n private readonly credentialCache = new Map<string, CachedCredential>();\n private readonly resolvedCredentialCache = new Map<\n string,\n CachedResolvedCredential\n >();\n private readonly runtimeAuthCache = new Map<string, RuntimeAuthContext>();\n private readonly runtimeVerifierIds = new WeakMap<\n OAuthTokenVerifier,\n number\n >();\n private runtimeVerifierIdCounter = 0;\n\n // Telemetry: cached service token for event reporting\n private serviceToken: string | null = null;\n private serviceTokenExp = 0;\n private serviceTokenPromise: Promise<string> | null = null;\n\n // Session tracking: MCP sessionId → API agentSessionId\n private readonly agentSessionIds = new Map<string, string>();\n private readonly pendingSessionDisconnects = new Set<string>();\n\n constructor(options: KontextOptions) {\n this.clientId = options.clientId;\n this.clientSecret =\n options.clientSecret ?? process.env.KONTEXT_CLIENT_SECRET;\n this.apiUrl = (options.apiUrl ?? DEFAULT_API_URL).replace(/\\/$/, \"\");\n const rawTokenIssuers = Array.isArray(options.tokenIssuer)\n ? options.tokenIssuer\n : options.tokenIssuer\n ? options.tokenIssuer.split(\",\")\n : process.env.KONTEXT_TOKEN_ISSUER?.split(\",\");\n this.tokenIssuers = Array.from(\n new Set(rawTokenIssuers?.map((issuer) => issuer.trim()).filter(Boolean)),\n );\n\n Kontext.shutdownInstances.add(this);\n Kontext.ensureShutdownHandlers();\n }\n\n /**\n * Cleanup method for runtimes that create/dispose SDK instances dynamically.\n * Ensures this instance can be garbage-collected by removing static references.\n */\n async destroy(): Promise<void> {\n await this.disconnectAllSessions();\n Kontext.shutdownInstances.delete(this);\n this.credentialCache.clear();\n this.resolvedCredentialCache.clear();\n this.oauthMetadata = null;\n this.metadataFetchedAt = 0;\n this.metadataPromise = null;\n this.serviceToken = null;\n this.serviceTokenExp = 0;\n this.serviceTokenPromise = null;\n this.agentSessionIds.clear();\n this.pendingSessionDisconnects.clear();\n }\n\n private static ensureShutdownHandlers(): void {\n if (Kontext.shutdownHandlersRegistered) return;\n\n const onShutdown = () => {\n for (const instance of Kontext.shutdownInstances) {\n void instance.disconnectAllSessions();\n }\n };\n\n process.once(\"SIGINT\", onShutdown);\n process.once(\"SIGTERM\", onShutdown);\n Kontext.shutdownHandlersRegistered = true;\n }\n\n // ===========================================================================\n // middleware()\n // ===========================================================================\n\n /**\n * Express middleware: `.well-known` metadata + bearer auth + MCP transport + sessions.\n *\n * Must be mounted at the app root (not a sub-path) because RFC 9728 requires\n * `/.well-known/oauth-protected-resource` at the root. Use `mcpPath` to set\n * the transport endpoint path.\n *\n * @param server - An `McpServer` instance for single-session use, or a\n * `() => McpServer` factory for concurrent sessions (recommended in production).\n * `McpServer.connect()` is 1:1 per the MCP spec — passing a factory ensures\n * each session gets its own instance.\n *\n * @example Factory pattern (recommended for concurrent sessions)\n * ```typescript\n * app.use(kontext.middleware(() => createServer()));\n * ```\n *\n * @example Single instance (local dev / single session)\n * ```typescript\n * app.use(kontext.middleware(server));\n * ```\n *\n * @example Custom path\n * ```typescript\n * app.use(kontext.middleware(createServer, { mcpPath: \"/api/mcp\" }));\n * ```\n */\n middleware(server: McpServerOrFactory, options?: MiddlewareOptions): Router {\n // Dynamic require for express (works in both ESM and CJS)\n const esmRequire = createRequire(import.meta.url);\n const express = esmRequire(\"express\") as typeof import(\"express\");\n const router = express.Router();\n\n const mcpPath = options?.mcpPath ?? \"/mcp\";\n const sessionManager = new SessionManager();\n const omitAuth = options?.dangerouslyOmitAuth ?? false;\n\n // CORS: MCP clients (Inspector, browser-based) connect directly and need\n // CORS to perform OAuth discovery and token exchange from the browser.\n router.use((_req: Request, res: Response, next: NextFunction) => {\n res.header(\"Access-Control-Allow-Origin\", \"*\");\n res.header(\n \"Access-Control-Allow-Headers\",\n \"Content-Type, Authorization, Mcp-Session-Id, Mcp-Protocol-Version, Accept\",\n );\n res.header(\"Access-Control-Expose-Headers\", \"Mcp-Session-Id\");\n res.header(\"Access-Control-Allow-Methods\", \"GET, POST, DELETE, OPTIONS\");\n if (_req.method === \"OPTIONS\") {\n res.sendStatus(204);\n return;\n }\n next();\n });\n\n if (omitAuth) {\n console.warn(\n \"[kontext] ⚠️ Auth is disabled (dangerouslyOmitAuth). Do NOT use in production.\",\n );\n\n // JSON body parsing + unauthenticated MCP transport — no metadata, no bearer auth\n router.use(mcpPath, express.json({ limit: options?.bodyLimit ?? \"1mb\" }));\n const mcpHandler = this.createMcpHandler(\n server,\n sessionManager,\n null,\n options,\n );\n router.post(mcpPath, mcpHandler.post);\n router.get(mcpPath, mcpHandler.get);\n router.delete(mcpPath, mcpHandler.delete);\n\n return router;\n }\n\n const getRuntimeAuth = async (\n req: Request,\n ): Promise<RuntimeAuthContext> => {\n const metadata = this.applyMetadataTransform(\n await this.getOAuthMetadata(),\n options?.metadataTransform,\n );\n const rsUrl = this.resolveResourceServerUrl(req, mcpPath, options);\n return this.getOrCreateRuntimeAuthContext(\n metadata,\n rsUrl,\n options?.verifier,\n );\n };\n\n // Intentionally use a catch-all middleware here. Metadata responses depend\n // on request-derived runtime auth context (host/protocol/mount path), so we\n // guard by path and build that context lazily per request.\n router.use(async (req: Request, res: Response, next: NextFunction) => {\n const path = req.path || req.url || \"\";\n const isMetadataRequest =\n path.startsWith(\"/.well-known/oauth-authorization-server\") ||\n path.startsWith(\"/.well-known/oauth-protected-resource\");\n\n if (!isMetadataRequest) {\n next();\n return;\n }\n\n try {\n const runtimeAuth = await getRuntimeAuth(req);\n runtimeAuth.metadataRouter(req, res, next);\n } catch (error) {\n this.respondMetadataInitError(res, error);\n }\n });\n\n // JSON body parsing for MCP POST requests\n router.use(mcpPath, express.json({ limit: options?.bodyLimit ?? \"1mb\" }));\n\n const mcpHandler = this.createMcpHandler(\n server,\n sessionManager,\n getRuntimeAuth,\n options,\n );\n router.post(mcpPath, mcpHandler.post);\n router.get(mcpPath, mcpHandler.get);\n router.delete(mcpPath, mcpHandler.delete);\n\n return router;\n }\n\n // ===========================================================================\n // require()\n // ===========================================================================\n\n /**\n * Exchange a user's access token for an integration credential.\n *\n * @param integration - Integration name (e.g., \"github\")\n * @param token - The user's Bearer token (from `authInfo.token`)\n * @returns Integration credential with `accessToken` and `authorization` header\n *\n * @throws {IntegrationConnectionRequiredError} User hasn't connected this integration\n * @throws {OAuthError} Token exchange failed\n */\n async require(\n integration: IntegrationName,\n token: string,\n ): Promise<IntegrationCredential> {\n const now = Date.now();\n this.evictExpiredCredentials(now);\n\n // Check cache first\n const cacheKey = `${integration}\\0${token}`;\n const cached = this.credentialCache.get(cacheKey);\n if (cached && now < cached.expiresAt) {\n // LRU touch\n this.credentialCache.delete(cacheKey);\n this.credentialCache.set(cacheKey, cached);\n return cached.credential;\n }\n if (cached) {\n this.credentialCache.delete(cacheKey);\n }\n\n // Perform token exchange\n const exchangeConfig: TokenExchangeConfig = {\n tokenUrl: `${this.apiUrl}/oauth2/token`,\n clientId: this.clientId,\n clientSecret: this.clientSecret,\n };\n\n let response;\n try {\n response = await exchangeToken(exchangeConfig, token, integration);\n } catch (err) {\n // Map \"integration not connected\" errors.\n // Per the spec, when the token exchange returns integration_required\n // the SDK fetches a connect URL via a second API call.\n if (err instanceof OAuthError) {\n if (\n err.errorCode === \"integration_required\" ||\n err.message.includes(\"not connected\") ||\n (err.message.includes(\"expired\") && err.message.includes(\"reconnect\"))\n ) {\n const integrationId =\n (err.meta.integrationId as string) || integration;\n const connectUrl = await this.fetchConnectUrl(\n token,\n integrationId,\n exchangeConfig,\n );\n throw new IntegrationConnectionRequiredError(integrationId, {\n integrationName: err.meta.integrationName as string | undefined,\n connectUrl,\n message: err.message,\n });\n }\n }\n throw err;\n }\n\n const credential: IntegrationCredential = {\n accessToken: response.access_token,\n tokenType: response.token_type,\n authorization: `${response.token_type} ${response.access_token}`,\n expiresIn: response.expires_in,\n scope: response.scope,\n integration,\n };\n\n // Cache with TTL = min(expiresIn - 60s, 5 minutes)\n if (response.expires_in) {\n const ttlMs = Math.min(response.expires_in - 60, 5 * 60) * 1000;\n if (ttlMs > 0) {\n this.trimCacheToFit(this.credentialCache, CREDENTIAL_CACHE_MAX_ENTRIES);\n this.credentialCache.set(cacheKey, {\n credential,\n expiresAt: now + ttlMs,\n });\n }\n }\n\n return credential;\n }\n\n /**\n * Resolve per-user credential key/value pairs for an internal MCP integration.\n *\n * @param integration - Integration UUID or name\n * @param token - The user's Bearer token (from `authInfo.token`)\n * @returns Decrypted credential map for the current user and integration\n *\n * @throws {IntegrationConnectionRequiredError} User has not provided required credentials\n * @throws {OAuthError} Runtime credential resolution failed\n */\n async requireCredentials(\n integration: IntegrationName,\n token: string,\n ): Promise<IntegrationResolvedCredentials> {\n const now = Date.now();\n this.evictExpiredResolvedCredentials(now);\n\n const cacheKey = `${integration}\\0${token}\\0internal_credentials`;\n const cached = this.resolvedCredentialCache.get(cacheKey);\n if (cached && now < cached.expiresAt) {\n this.resolvedCredentialCache.delete(cacheKey);\n this.resolvedCredentialCache.set(cacheKey, cached);\n return cached.credential;\n }\n if (cached) {\n this.resolvedCredentialCache.delete(cacheKey);\n }\n\n const exchangeConfig: TokenExchangeConfig = {\n tokenUrl: `${this.apiUrl}/oauth2/token`,\n clientId: this.clientId,\n clientSecret: this.clientSecret,\n };\n\n let gatewayAccessToken = token;\n if (!this.isGatewayScopedToken(token)) {\n try {\n const exchanged = await exchangeToken(\n exchangeConfig,\n token,\n \"mcp-gateway\",\n );\n gatewayAccessToken = exchanged.access_token;\n } catch (err) {\n throw new OAuthError(\n \"Failed to exchange subject token for runtime\",\n \"kontext_credentials_exchange_failed\",\n {\n errorCode: \"credentials_exchange_failed\",\n errorDescription:\n err instanceof Error\n ? err.message\n : String(err ?? \"unknown error\"),\n },\n );\n }\n }\n\n const integrationId = await this.resolveRuntimeIntegrationId(\n integration,\n gatewayAccessToken,\n );\n\n const res = await fetch(\n `${this.apiUrl}/mcp/integrations/${integrationId}/credentials/resolve`,\n {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${gatewayAccessToken}`,\n \"Content-Type\": \"application/json\",\n },\n body: \"{}\",\n },\n );\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n const message =\n text && text.trim().length > 0\n ? text\n : `HTTP ${res.status} while resolving credentials`;\n\n if (\n res.status === 400 &&\n message.toLowerCase().includes(\"credentials required\")\n ) {\n throw new IntegrationConnectionRequiredError(integrationId, {\n integrationName: String(integration),\n message,\n });\n }\n\n throw new OAuthError(\n `Failed to resolve credentials for integration ${integrationId}`,\n \"kontext_credentials_resolve_failed\",\n {\n errorCode: \"credentials_resolve_failed\",\n errorDescription: message,\n },\n );\n }\n\n const payload = (await res.json()) as {\n integrationId?: string;\n credentials?: Record<string, unknown>;\n };\n\n if (\n !payload.credentials ||\n typeof payload.credentials !== \"object\" ||\n Array.isArray(payload.credentials)\n ) {\n throw new OAuthError(\n \"Credential resolve returned invalid payload\",\n \"kontext_credentials_invalid_payload\",\n );\n }\n\n const credentials: Record<string, string> = {};\n for (const [key, value] of Object.entries(payload.credentials)) {\n if (typeof value === \"string\") {\n credentials[key] = value;\n }\n }\n\n if (Object.keys(credentials).length === 0) {\n throw new IntegrationConnectionRequiredError(integrationId, {\n integrationName: String(integration),\n message: \"No credentials configured for this integration\",\n });\n }\n\n const resolved: IntegrationResolvedCredentials = {\n integration,\n integrationId: payload.integrationId ?? integrationId,\n credentials,\n };\n\n this.trimCacheToFit(\n this.resolvedCredentialCache,\n CREDENTIAL_CACHE_MAX_ENTRIES,\n );\n this.resolvedCredentialCache.set(cacheKey, {\n credential: resolved,\n expiresAt: now + RESOLVED_CREDENTIAL_CACHE_TTL_MS,\n });\n\n return resolved;\n }\n\n private getGatewayAudiences(): Set<string> {\n return new Set([`${new URL(this.apiUrl).origin}/mcp`, \"mcp-gateway\"]);\n }\n\n private isGatewayScopedToken(token: string): boolean {\n const audiences = this.extractTokenAudiences(token);\n if (audiences.length === 0) {\n return false;\n }\n const gatewayAudiences = this.getGatewayAudiences();\n return audiences.some((audience) => gatewayAudiences.has(audience));\n }\n\n private extractTokenAudiences(token: string): string[] {\n const [, payloadPart] = token.split(\".\");\n if (!payloadPart) return [];\n try {\n const payload = JSON.parse(\n Buffer.from(payloadPart, \"base64url\").toString(\"utf8\"),\n ) as { aud?: unknown };\n if (typeof payload.aud === \"string\") {\n return [payload.aud];\n }\n if (Array.isArray(payload.aud)) {\n return payload.aud.filter(\n (value): value is string => typeof value === \"string\",\n );\n }\n } catch {\n // Non-JWT or malformed payload — treat as unknown audience.\n }\n return [];\n }\n\n // ===========================================================================\n // Private: fetch connect URL (spec §2 — two-step init)\n // ===========================================================================\n\n private async resolveRuntimeIntegrationId(\n integration: IntegrationName,\n runtimeToken: string,\n ): Promise<string> {\n const raw = String(integration);\n if (this.isUuid(raw)) {\n return raw;\n }\n\n const res = await fetch(`${this.apiUrl}/mcp/integrations`, {\n headers: {\n Authorization: `Bearer ${runtimeToken}`,\n },\n });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new OAuthError(\n \"Failed to resolve integration identifier\",\n \"kontext_integration_lookup_failed\",\n {\n errorCode: \"integration_lookup_failed\",\n errorDescription: text || `HTTP ${res.status}`,\n },\n );\n }\n\n const payload = (await res.json()) as {\n items?: Array<{ id?: string; name?: string }>;\n };\n const items = Array.isArray(payload.items) ? payload.items : [];\n const match = items.find((item) => item.id === raw || item.name === raw);\n const integrationId = match?.id;\n if (!integrationId) {\n throw new IntegrationConnectionRequiredError(raw, {\n integrationName: raw,\n message: `Integration ${raw} is not attached to this application`,\n });\n }\n\n return integrationId;\n }\n\n private isUuid(value: string): boolean {\n return /^[0-9a-f]{8}-[0-9a-f]{4}-[1-8][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(\n value,\n );\n }\n\n /**\n * Fetch a browser-openable connect URL for a missing integration.\n *\n * Per the integration-interrupt-flow spec, the SDK:\n * 1. Exchanges the user's token for a resource-scoped mcp-gateway JWT\n * 2. Calls POST /mcp/integrations/:id/oauth/init with that JWT\n * 3. Returns the `connectUrl` (intermediate endpoint with one-time token)\n *\n * The connect URL points to our own server (ticket pattern), which\n * validates the ticket, sets a browser session cookie, then redirects\n * to the actual OAuth provider.\n */\n private async fetchConnectUrl(\n subjectToken: string,\n integrationId: string,\n exchangeConfig: TokenExchangeConfig,\n ): Promise<string | undefined> {\n try {\n // Step 1: Exchange for mcp-gateway to get a resource-scoped JWT\n const gatewayToken = await exchangeToken(\n exchangeConfig,\n subjectToken,\n \"mcp-gateway\",\n );\n\n // Step 2: Call the init endpoint with the resource-scoped JWT\n const initUrl = `${this.apiUrl}/mcp/integrations/${integrationId}/oauth/init`;\n const res = await fetch(initUrl, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${gatewayToken.access_token}`,\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({}),\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n console.warn(\n `[kontext] fetchConnectUrl: init endpoint returned ${res.status}: ${text}`,\n );\n return undefined;\n }\n\n const data = (await res.json()) as {\n connectUrl?: string;\n authorizationUrl?: string;\n };\n\n // Prefer connectUrl (intermediate endpoint) over raw authorizationUrl\n return data.connectUrl ?? data.authorizationUrl;\n } catch (err) {\n // If we can't get the connect URL, return undefined — the error\n // still propagates as IntegrationConnectionRequiredError, just\n // without a connect URL.\n console.warn(\n `[kontext] fetchConnectUrl failed:`,\n err instanceof Error ? err.message : String(err),\n );\n return undefined;\n }\n }\n\n // ===========================================================================\n // Private: AS metadata\n // ===========================================================================\n\n private async getOAuthMetadata(): Promise<OAuthMetadata> {\n const now = Date.now();\n if (\n this.oauthMetadata &&\n now - this.metadataFetchedAt < METADATA_CACHE_TTL_MS\n ) {\n return this.oauthMetadata;\n }\n\n if (this.metadataPromise) {\n return this.metadataPromise;\n }\n\n this.metadataPromise = this.fetchOAuthMetadata();\n try {\n const metadata = await this.metadataPromise;\n this.oauthMetadata = metadata;\n this.metadataFetchedAt = Date.now();\n return metadata;\n } finally {\n this.metadataPromise = null;\n }\n }\n\n private applyMetadataTransform(\n metadata: OAuthMetadata,\n metadataTransform?: MiddlewareOptions[\"metadataTransform\"],\n ): OAuthMetadata {\n if (!metadataTransform) {\n return metadata;\n }\n\n // Keep cached discovery metadata immutable from user-provided transforms.\n return metadataTransform(this.cloneOAuthMetadata(metadata));\n }\n\n private cloneOAuthMetadata(metadata: OAuthMetadata): OAuthMetadata {\n return JSON.parse(JSON.stringify(metadata)) as OAuthMetadata;\n }\n\n private async fetchOAuthMetadata(): Promise<OAuthMetadata> {\n // Try RFC 8414 first, then OIDC discovery\n const urls = [\n `${this.apiUrl}/.well-known/oauth-authorization-server`,\n `${this.apiUrl}/.well-known/openid-configuration`,\n ];\n\n let lastError: Error | undefined;\n for (const url of urls) {\n try {\n const res = await fetch(url);\n if (res.ok) {\n return (await res.json()) as OAuthMetadata;\n }\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n throw new Error(\n `Failed to fetch AS metadata from ${this.apiUrl}: ${lastError?.message ?? \"unknown error\"}`,\n );\n }\n\n private resolveResourceServerUrl(\n req: Request,\n mcpPath: string,\n options?: MiddlewareOptions,\n ): URL {\n if (options?.resourceServerUrl) {\n return new URL(options.resourceServerUrl);\n }\n const host = req.get(\"host\");\n if (!host) {\n throw new Error(\n \"Missing Host header. Set middleware({ resourceServerUrl }) to a trusted public URL.\",\n );\n }\n return new URL(`${req.protocol}://${host}${mcpPath}`);\n }\n\n private getOrCreateRuntimeAuthContext(\n metadata: OAuthMetadata,\n rsUrl: URL,\n customVerifier?: OAuthTokenVerifier,\n ): RuntimeAuthContext {\n const key = this.getRuntimeAuthCacheKey(rsUrl, customVerifier);\n const cached = this.runtimeAuthCache.get(key);\n if (cached) {\n // LRU touch\n this.runtimeAuthCache.delete(key);\n this.runtimeAuthCache.set(key, cached);\n return cached;\n }\n\n // mcpAuthMetadataRouter uses issuer for authorization_servers.\n // Keep issuer aligned with the request's resource server origin.\n const proxiedMetadata = { ...metadata, issuer: `${rsUrl.origin}/` };\n const metadataRouter = mcpAuthMetadataRouter({\n oauthMetadata: proxiedMetadata,\n resourceServerUrl: rsUrl,\n });\n const resourceMetadataUrl = getOAuthProtectedResourceMetadataUrl(rsUrl);\n const verifier =\n customVerifier ?? this.createTokenVerifier(metadata, rsUrl);\n const runtimeAuth: RuntimeAuthContext = {\n metadataRouter,\n bearerAuth: requireBearerAuth({\n verifier,\n resourceMetadataUrl,\n }),\n };\n\n this.trimCacheToFit(this.runtimeAuthCache, RUNTIME_AUTH_CACHE_MAX_ENTRIES);\n this.runtimeAuthCache.set(key, runtimeAuth);\n return runtimeAuth;\n }\n\n private getRuntimeAuthCacheKey(\n rsUrl: URL,\n customVerifier?: OAuthTokenVerifier,\n ): string {\n if (!customVerifier) {\n return `${rsUrl.href}\\0default`;\n }\n\n let verifierId = this.runtimeVerifierIds.get(customVerifier);\n if (verifierId === undefined) {\n verifierId = ++this.runtimeVerifierIdCounter;\n this.runtimeVerifierIds.set(customVerifier, verifierId);\n }\n\n return `${rsUrl.href}\\0custom:${verifierId}`;\n }\n\n private respondMetadataInitError(res: Response, error: unknown): void {\n const message = error instanceof Error ? error.message : String(error);\n console.error(`[kontext] Failed to fetch AS metadata: ${message}`);\n if (res.headersSent) return;\n res.status(503).json({\n error: \"service_unavailable\",\n error_description:\n \"Failed to fetch authorization server metadata. Retry later.\",\n });\n }\n\n private evictExpiredCredentials(now: number): void {\n for (const [key, value] of this.credentialCache.entries()) {\n if (value.expiresAt <= now) {\n this.credentialCache.delete(key);\n }\n }\n }\n\n private evictExpiredResolvedCredentials(now: number): void {\n for (const [key, value] of this.resolvedCredentialCache.entries()) {\n if (value.expiresAt <= now) {\n this.resolvedCredentialCache.delete(key);\n }\n }\n }\n\n private trimCacheToFit<T>(cache: Map<string, T>, maxEntries: number): void {\n while (cache.size >= maxEntries) {\n const oldestKey = cache.keys().next().value as string | undefined;\n if (!oldestKey) break;\n cache.delete(oldestKey);\n }\n }\n\n // ===========================================================================\n // Private: token verifier\n // ===========================================================================\n\n private createTokenVerifier(\n metadata: OAuthMetadata,\n resourceUrl: URL,\n ): OAuthTokenVerifier {\n const metadataRaw = metadata as Record<string, unknown>;\n const jwksUri =\n (metadataRaw.jwks_uri as string | undefined) ??\n `${this.apiUrl}/.well-known/jwks.json`;\n const clientId = this.clientId;\n\n const issuers = Array.from(\n new Set(\n [metadata.issuer, ...this.tokenIssuers].filter(\n (issuer): issuer is string => typeof issuer === \"string\" && !!issuer,\n ),\n ),\n );\n if (!issuers.length) {\n throw new Error(\"OAuth metadata missing issuer\");\n }\n const issuer: string | string[] =\n issuers.length === 1 ? issuers[0]! : issuers;\n\n const verifier = new KontextTokenVerifier({\n jwksUrl: jwksUri,\n issuer,\n audience: resourceUrl.href,\n });\n\n return {\n async verifyAccessToken(token: string): Promise<AuthInfo> {\n const result = await verifier.verify(token);\n\n if (!result.success) {\n throw new InvalidTokenError(\n `Token verification failed: ${result.error.message}`,\n );\n }\n\n const { claims } = result;\n const payload = claims.payload as Record<string, unknown>;\n const ext = (payload.ext as Record<string, unknown> | undefined) ?? {};\n\n return {\n token,\n clientId: claims.clientId ?? clientId,\n scopes: claims.scopes,\n expiresAt: Math.floor(claims.expiresAt.getTime() / 1000),\n extra: {\n ...ext,\n sub: claims.sub,\n email: payload.email ?? ext.email,\n },\n };\n },\n };\n }\n\n // ===========================================================================\n // Private: telemetry\n // ===========================================================================\n\n private async getServiceToken(): Promise<string> {\n if (this.serviceToken && Date.now() < this.serviceTokenExp - 30_000) {\n return this.serviceToken;\n }\n\n if (this.serviceTokenPromise) {\n return this.serviceTokenPromise;\n }\n\n this.serviceTokenPromise = (async () => {\n const res = await fetch(`${this.apiUrl}/oauth2/token`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Authorization: `Basic ${Buffer.from(this.clientId + \":\" + this.clientSecret).toString(\"base64\")}`,\n },\n body: \"grant_type=client_credentials\",\n });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new Error(\n `[kontext:telemetry] client_credentials grant failed: HTTP ${res.status} ${text}`,\n );\n }\n const data = (await res.json()) as {\n access_token: string;\n expires_in: number;\n };\n this.serviceToken = data.access_token;\n this.serviceTokenExp = Date.now() + data.expires_in * 1000;\n return data.access_token;\n })();\n\n try {\n return await this.serviceTokenPromise;\n } finally {\n this.serviceTokenPromise = null;\n }\n }\n\n private reportEvent(\n event: Record<string, unknown> & {\n sessionId?: string;\n ownerUserId?: unknown;\n durationMs: number;\n },\n ): void {\n if (!this.clientSecret || !event.sessionId) return;\n this.getServiceToken()\n .then((token) =>\n fetch(`${this.apiUrl}/api/v1/mcp-events`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n ...event,\n agentId: this.clientId,\n clientId: this.clientId,\n clientVersion: SDK_VERSION,\n }),\n }).then((res) => {\n if (!res.ok) {\n console.warn(\n `[kontext:telemetry] event report failed: HTTP ${res.status}`,\n );\n }\n }),\n )\n .catch((err) => {\n console.warn(\n `[kontext:telemetry] error:`,\n err instanceof Error ? err.message : String(err),\n );\n });\n }\n\n // ===========================================================================\n // Private: session lifecycle\n // ===========================================================================\n\n private createAgentSession(\n userToken: string | undefined,\n mcpSessionId: string,\n metadata?: {\n authenticatedUserId?: string;\n hostname?: string;\n userAgent?: string;\n clientInfo?: Record<string, unknown>;\n tokenExpiresAt?: number;\n },\n ): void {\n if (!this.clientSecret || !userToken) return;\n if (!metadata?.authenticatedUserId) {\n console.warn(\n \"[kontext:sessions] create skipped: missing authenticated user id\",\n );\n return;\n }\n const tokenIdentifier = createHash(\"sha256\")\n .update(userToken)\n .digest(\"hex\");\n\n this.getServiceToken()\n .then((token) =>\n fetch(`${this.apiUrl}/api/v1/agent-sessions`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n tokenIdentifier,\n authenticatedUserId: metadata.authenticatedUserId,\n clientSessionId: mcpSessionId,\n hostname: metadata?.hostname,\n userAgent: metadata?.userAgent,\n clientInfo: metadata?.clientInfo,\n tokenExpiresAt: metadata?.tokenExpiresAt\n ? new Date(metadata.tokenExpiresAt * 1000).toISOString()\n : undefined,\n }),\n }).then(async (res) => {\n if (res.ok) {\n const data = (await res.json()) as {\n sessionId: string;\n name: string;\n };\n if (this.pendingSessionDisconnects.delete(mcpSessionId)) {\n this.disconnectAgentSessionByAgentSessionId(\n data.sessionId,\n token,\n );\n return;\n }\n\n this.agentSessionIds.set(mcpSessionId, data.sessionId);\n } else {\n this.pendingSessionDisconnects.delete(mcpSessionId);\n console.warn(\n `[kontext:sessions] create failed: HTTP ${res.status}`,\n );\n }\n }),\n )\n .catch((err) => {\n this.pendingSessionDisconnects.delete(mcpSessionId);\n console.warn(\n `[kontext:sessions] error:`,\n err instanceof Error ? err.message : String(err),\n );\n });\n }\n\n private disconnectAgentSessionByAgentSessionId(\n agentSessionId: string,\n serviceToken?: string,\n ): void {\n if (!this.clientSecret) return;\n\n const tokenPromise = serviceToken\n ? Promise.resolve(serviceToken)\n : this.getServiceToken();\n\n tokenPromise\n .then((token) =>\n fetch(\n `${this.apiUrl}/api/v1/agent-sessions/${agentSessionId}/disconnect`,\n {\n method: \"POST\",\n headers: { Authorization: `Bearer ${token}` },\n },\n ),\n )\n .catch(() => {});\n }\n\n private disconnectAgentSession(mcpSessionId: string): void {\n if (!this.clientSecret) return;\n\n const agentSessionId = this.agentSessionIds.get(mcpSessionId);\n this.agentSessionIds.delete(mcpSessionId);\n if (!agentSessionId) {\n this.pendingSessionDisconnects.add(mcpSessionId);\n return;\n }\n\n this.pendingSessionDisconnects.delete(mcpSessionId);\n this.disconnectAgentSessionByAgentSessionId(agentSessionId);\n }\n\n private async disconnectAllSessions(): Promise<void> {\n if (!this.clientSecret) return;\n if (this.agentSessionIds.size === 0) {\n this.pendingSessionDisconnects.clear();\n return;\n }\n\n try {\n const token = await this.getServiceToken();\n await Promise.allSettled(\n [...this.agentSessionIds.values()].map((agentSessionId) =>\n fetch(\n `${this.apiUrl}/api/v1/agent-sessions/${agentSessionId}/disconnect`,\n {\n method: \"POST\",\n headers: { Authorization: `Bearer ${token}` },\n },\n ),\n ),\n );\n } catch {\n // Best-effort on shutdown — swallow errors\n }\n this.agentSessionIds.clear();\n this.pendingSessionDisconnects.clear();\n }\n\n // ===========================================================================\n // Private: MCP transport handlers\n // ===========================================================================\n\n private async runBearerAuth(\n bearerAuth: ReturnType<typeof requireBearerAuth>,\n req: Request,\n res: Response,\n ): Promise<void> {\n await new Promise<void>((resolve, reject) => {\n let settled = false;\n let nextCalled = false;\n\n const cleanup = () => {\n res.removeListener(\"finish\", onResponseDone);\n res.removeListener(\"close\", onResponseDone);\n };\n\n const settleResolve = () => {\n if (settled) return;\n settled = true;\n cleanup();\n resolve();\n };\n\n const settleReject = (err: unknown) => {\n if (settled) return;\n settled = true;\n cleanup();\n reject(err instanceof Error ? err : new Error(String(err)));\n };\n\n const onResponseDone = () => {\n // Auth middleware can terminate the response (401/403) without\n // calling next(). Treat response completion as terminal.\n settleResolve();\n };\n\n res.once(\"finish\", onResponseDone);\n res.once(\"close\", onResponseDone);\n\n let middlewareResult: unknown;\n try {\n middlewareResult = bearerAuth(req, res, (err?: unknown) => {\n nextCalled = true;\n if (err) {\n settleReject(err);\n return;\n }\n settleResolve();\n });\n } catch (err) {\n settleReject(err);\n return;\n }\n\n void Promise.resolve(middlewareResult).then(\n () => {\n if (!nextCalled && res.headersSent) {\n settleResolve();\n }\n },\n (err: unknown) => {\n settleReject(err);\n },\n );\n });\n }\n\n private createMcpHandler(\n server: McpServerOrFactory,\n sessionManager: SessionManager,\n getRuntimeAuth: ((req: Request) => Promise<RuntimeAuthContext>) | null,\n options?: MiddlewareOptions,\n ) {\n const callbacks: SessionCallbacks = {\n onSessionClosed: (sessionId: string) => {\n options?.onSessionClosed?.(sessionId);\n this.disconnectAgentSession(sessionId);\n },\n };\n\n const post = async (req: Request, res: Response) => {\n const traceId = crypto.randomUUID();\n const authReq = req as Request & { auth?: AuthInfo };\n\n // Authenticate every request (not just initialize) so authInfo\n // is available in tool handlers on subsequent calls.\n if (getRuntimeAuth) {\n let bearerAuth: ReturnType<typeof requireBearerAuth>;\n try {\n const runtimeAuth = await getRuntimeAuth(req);\n bearerAuth = runtimeAuth.bearerAuth;\n } catch (error) {\n this.respondMetadataInitError(res, error);\n return;\n }\n\n await this.runBearerAuth(bearerAuth, req, res);\n\n const sessionId = req.headers[\"mcp-session-id\"] as string | undefined;\n\n // Only report auth events for established sessions — the\n // initial request has no session ID yet and is covered by\n // the \"initialize\" event instead.\n if (sessionId) {\n if (res.headersSent) {\n this.reportEvent({\n eventType: \"auth_error\",\n traceId,\n sessionId,\n durationMs: 0,\n status: \"error_auth\",\n });\n return;\n }\n\n if (authReq.auth) {\n this.reportEvent({\n eventType: \"auth_ok\",\n traceId,\n ownerUserId: authReq.auth.extra?.sub,\n sessionId,\n durationMs: 0,\n status: \"ok\",\n });\n }\n } else if (res.headersSent) {\n // Auth failed on initial request — nothing more to do\n return;\n }\n }\n\n const sessionId = req.headers[\"mcp-session-id\"] as string | undefined;\n\n // If there's an existing session, route to its transport\n if (sessionId) {\n const transport = sessionManager.getTransport(sessionId);\n if (transport) {\n sessionManager.touchSession(sessionId);\n await transport.handleRequest(req, res, req.body);\n return;\n }\n }\n\n // New session: must be an initialize request\n if (!isInitializeRequest(req.body)) {\n res.status(400).json({\n jsonrpc: \"2.0\",\n error: {\n code: -32000,\n message: sessionId\n ? `Session ${sessionId} not found`\n : \"No valid session ID provided\",\n },\n id: null,\n });\n return;\n }\n\n // Create transport and connect\n const authInfo = authReq.auth;\n const transport = new StreamableHTTPServerTransport({\n sessionIdGenerator: () => crypto.randomUUID(),\n onsessioninitialized: (sid: string) => {\n sessionManager.registerSession(\n sid,\n transport,\n callbacks,\n authInfo?.expiresAt,\n );\n options?.onSessionInitialized?.(sid, authInfo, transport);\n this.reportEvent({\n eventType: \"initialize\",\n traceId,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n durationMs: 0,\n status: \"ok\",\n });\n this.createAgentSession(authInfo?.token, sid, {\n authenticatedUserId:\n typeof authInfo?.extra?.sub === \"string\"\n ? authInfo.extra.sub\n : undefined,\n hostname: req.headers[\"x-forwarded-for\"] as string | undefined,\n userAgent: req.headers[\"user-agent\"] as string | undefined,\n tokenExpiresAt: authInfo?.expiresAt,\n });\n },\n });\n\n // Wrap handleRequest to intercept tool calls with telemetry\n const originalHandle = transport.handleRequest.bind(transport);\n transport.handleRequest = async (\n wrappedReq: Request,\n wrappedRes: Response,\n parsedBody?: Record<string, unknown>,\n ) => {\n const reqTraceId = wrappedReq === req ? traceId : crypto.randomUUID();\n const sid =\n (wrappedReq.headers[\"mcp-session-id\"] as string | undefined) ??\n transport.sessionId;\n const start = Date.now();\n try {\n await originalHandle(wrappedReq, wrappedRes, parsedBody);\n if (parsedBody?.method === \"tools/call\") {\n this.reportEvent({\n eventType: \"execute_tool\",\n traceId: reqTraceId,\n toolName: (\n parsedBody.params as Record<string, unknown> | undefined\n )?.name,\n durationMs: Date.now() - start,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n status: \"ok\",\n requestJson: parsedBody.params,\n });\n } else if (parsedBody?.method === \"tools/list\") {\n this.reportEvent({\n eventType: \"search_tools\",\n traceId: reqTraceId,\n durationMs: Date.now() - start,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n status: \"ok\",\n });\n }\n } catch (err) {\n if (parsedBody?.method === \"tools/call\") {\n this.reportEvent({\n eventType: \"execute_tool\",\n traceId: reqTraceId,\n toolName: (\n parsedBody.params as Record<string, unknown> | undefined\n )?.name,\n durationMs: Date.now() - start,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n status: \"error_remote\",\n errorMessage: err instanceof Error ? err.message : String(err),\n });\n } else if (parsedBody?.method === \"tools/list\") {\n this.reportEvent({\n eventType: \"search_tools\",\n traceId: reqTraceId,\n durationMs: Date.now() - start,\n sessionId: sid,\n ownerUserId: authInfo?.extra?.sub,\n status: \"error_remote\",\n errorMessage: err instanceof Error ? err.message : String(err),\n });\n }\n throw err;\n }\n };\n\n const mcpServer = typeof server === \"function\" ? server() : server;\n await mcpServer.connect(transport);\n await transport.handleRequest(req, res, req.body);\n };\n\n const get = async (req: Request, res: Response) => {\n if (getRuntimeAuth) {\n let bearerAuth: ReturnType<typeof requireBearerAuth>;\n try {\n const runtimeAuth = await getRuntimeAuth(req);\n bearerAuth = runtimeAuth.bearerAuth;\n } catch (error) {\n this.respondMetadataInitError(res, error);\n return;\n }\n\n await this.runBearerAuth(bearerAuth, req, res);\n if (res.headersSent) {\n return;\n }\n }\n\n const sessionId =\n (req.headers[\"mcp-session-id\"] as string | undefined) ||\n (req.headers[\"Mcp-Session-Id\"] as string | undefined);\n if (!sessionId) {\n res.status(400).json({ error: \"Missing Mcp-Session-Id header\" });\n return;\n }\n\n const transport = sessionManager.getTransport(sessionId);\n if (!transport) {\n res.status(400).json({ error: \"Session not found\" });\n return;\n }\n\n sessionManager.touchSession(sessionId);\n await transport.handleRequest(req, res);\n };\n\n const del = async (req: Request, res: Response) => {\n if (getRuntimeAuth) {\n let bearerAuth: ReturnType<typeof requireBearerAuth>;\n try {\n const runtimeAuth = await getRuntimeAuth(req);\n bearerAuth = runtimeAuth.bearerAuth;\n } catch (error) {\n this.respondMetadataInitError(res, error);\n return;\n }\n\n await this.runBearerAuth(bearerAuth, req, res);\n if (res.headersSent) {\n return;\n }\n }\n\n const sessionId =\n (req.headers[\"mcp-session-id\"] as string | undefined) ||\n (req.headers[\"Mcp-Session-Id\"] as string | undefined);\n if (!sessionId) {\n res.status(400).json({ error: \"Missing Mcp-Session-Id header\" });\n return;\n }\n\n const transport = sessionManager.getTransport(sessionId);\n if (!transport) {\n res.status(400).json({ error: \"Session not found\" });\n return;\n }\n\n await transport.handleRequest(req, res);\n };\n\n return { post, get, delete: del };\n }\n}\n"]}