@kya-os/mcp-i 1.10.0 → 1.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/317.js +1 -0
- package/dist/354.js +1 -1
- package/dist/839.js +1 -0
- package/dist/95.js +1 -1
- package/dist/cli-adapter/index.js +1 -1
- package/dist/runtime/102.js +1 -0
- package/dist/runtime/adapter-express.js +3 -3
- package/dist/runtime/adapter-nextjs.js +5 -5
- package/dist/runtime/audit.d.ts +1 -1
- package/dist/runtime/debug.d.ts +1 -1
- package/dist/runtime/debug.js +3 -2
- package/dist/runtime/delegation-hooks.d.ts +1 -1
- package/dist/runtime/http.js +3 -3
- package/dist/runtime/identity.d.ts +4 -4
- package/dist/runtime/identity.js +4 -4
- package/dist/runtime/index.d.ts +6 -2
- package/dist/runtime/index.js +10 -2
- package/dist/runtime/mcpi-runtime.d.ts +9 -1
- package/dist/runtime/mcpi-runtime.js +20 -3
- package/dist/runtime/outbound-delegation.d.ts +5 -3
- package/dist/runtime/outbound-delegation.js +14 -8
- package/dist/runtime/outbound-identity-bridge.d.ts +40 -0
- package/dist/runtime/outbound-identity-bridge.js +114 -0
- package/dist/runtime/proof-batch-queue.d.ts +1 -1
- package/dist/runtime/request-context.d.ts +10 -0
- package/dist/runtime/request-context.js +4 -0
- package/dist/runtime/resume-token-store-kv.d.ts +44 -0
- package/dist/runtime/resume-token-store-kv.js +93 -0
- package/dist/runtime/resume-token-store.d.ts +30 -0
- package/dist/runtime/resume-token-store.js +46 -0
- package/dist/runtime/session.js +6 -0
- package/dist/runtime/stdio.js +3 -3
- package/dist/runtime/utils/tools.d.ts +1 -1
- package/dist/runtime/utils/tools.js +29 -7
- package/dist/runtime/well-known.d.ts +12 -1
- package/dist/runtime/well-known.js +13 -2
- package/package.json +4 -2
- package/dist/225.js +0 -1
- package/dist/runtime/verifier-middleware.d.ts +0 -99
- package/dist/runtime/verifier-middleware.js +0 -416
|
@@ -2,7 +2,7 @@ import { Server as McpServer } from "@modelcontextprotocol/sdk/server/index.js";
|
|
|
2
2
|
import { ZodTypeAny } from "zod";
|
|
3
3
|
import { ToolFile } from "./server";
|
|
4
4
|
import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
|
|
5
|
-
import { DetachedProof } from "@kya-os/
|
|
5
|
+
import type { DetachedProof } from "@kya-os/mcp/types" with { "resolution-mode": "import" };
|
|
6
6
|
import { type ClientMessagesConfig } from "@kya-os/mcp-i-core";
|
|
7
7
|
export type ZodRawShape = {
|
|
8
8
|
[k: string]: ZodTypeAny;
|
|
@@ -8,7 +8,9 @@ const tool_protection_registry_1 = require("../tool-protection-registry");
|
|
|
8
8
|
const auth_handshake_1 = require("../auth-handshake");
|
|
9
9
|
const session_1 = require("../session");
|
|
10
10
|
const request_context_1 = require("../request-context");
|
|
11
|
+
const outbound_identity_bridge_1 = require("../outbound-identity-bridge");
|
|
11
12
|
const mcp_i_core_1 = require("@kya-os/mcp-i-core");
|
|
13
|
+
// C2/C3: @kya-os/mcp-i is CJS; @kya-os/mcp is ESM-only (TS1479 blocks static import).
|
|
12
14
|
const proof_batch_queue_1 = require("../proof-batch-queue");
|
|
13
15
|
const mcp_i_core_2 = require("@kya-os/mcp-i-core");
|
|
14
16
|
/**
|
|
@@ -18,13 +20,13 @@ const mcp_i_core_2 = require("@kya-os/mcp-i-core");
|
|
|
18
20
|
*/
|
|
19
21
|
function formatAuthInfo(auth) {
|
|
20
22
|
let result = auth.type;
|
|
21
|
-
if (
|
|
23
|
+
if ("provider" in auth && auth.provider) {
|
|
22
24
|
result += `:${auth.provider}`;
|
|
23
25
|
}
|
|
24
|
-
if (
|
|
26
|
+
if ("issuer" in auth && auth.issuer) {
|
|
25
27
|
result += `:${auth.issuer}`;
|
|
26
28
|
}
|
|
27
|
-
if (
|
|
29
|
+
if ("credentialType" in auth && auth.credentialType) {
|
|
28
30
|
result += `:${auth.credentialType}`;
|
|
29
31
|
}
|
|
30
32
|
return result;
|
|
@@ -251,7 +253,7 @@ async function addToolsToServer(server, toolModules, identityConfig, clientMessa
|
|
|
251
253
|
// Add internal handshake tool for MCP-I session establishment
|
|
252
254
|
// This allows MCP clients to perform a handshake and receive a sessionId
|
|
253
255
|
const handshakeTool = {
|
|
254
|
-
name: "
|
|
256
|
+
name: "_kyaos_handshake",
|
|
255
257
|
description: "Internal MCP-I handshake tool for session establishment. Clients should call this before protected tools.",
|
|
256
258
|
inputSchema: {
|
|
257
259
|
type: "object",
|
|
@@ -293,8 +295,10 @@ async function addToolsToServer(server, toolModules, identityConfig, clientMessa
|
|
|
293
295
|
},
|
|
294
296
|
};
|
|
295
297
|
tools.push(handshakeTool);
|
|
296
|
-
// Handshake tool handler
|
|
297
|
-
|
|
298
|
+
// Handshake tool handler. Registered under the canonical `_kyaos_` name; the
|
|
299
|
+
// dispatch lookup normalizes a legacy `_mcpi_handshake` call to this key
|
|
300
|
+
// (C4 #2918 dual-accept).
|
|
301
|
+
toolHandlers.set("_kyaos_handshake", async (args) => {
|
|
298
302
|
// Validate required fields explicitly before conversion
|
|
299
303
|
const missingFields = [];
|
|
300
304
|
if (!args.nonce ||
|
|
@@ -427,7 +431,16 @@ async function addToolsToServer(server, toolModules, identityConfig, clientMessa
|
|
|
427
431
|
requestId: request._meta?.requestId,
|
|
428
432
|
startTime: Date.now(),
|
|
429
433
|
}, async () => {
|
|
430
|
-
const { name, arguments: args } = request.params;
|
|
434
|
+
const { name: rawName, arguments: args } = request.params;
|
|
435
|
+
// C4 (#2918) dual-accept: normalize a legacy `_mcpi_*` internal tool
|
|
436
|
+
// name to its canonical `_kyaos_*` form before dispatch, and count the
|
|
437
|
+
// wire form for the sunset gate. Ordinary tool names pass through.
|
|
438
|
+
const name = (0, mcp_i_core_2.normalizeInternalToolName)(rawName);
|
|
439
|
+
if ((0, mcp_i_core_2.isInternalToolName)(rawName)) {
|
|
440
|
+
(0, mcp_i_core_2.recordWireForm)("tool_name", name === rawName ? "new" : "old", {
|
|
441
|
+
tool: name,
|
|
442
|
+
});
|
|
443
|
+
}
|
|
431
444
|
const handler = toolHandlers.get(name);
|
|
432
445
|
if (!handler) {
|
|
433
446
|
return {
|
|
@@ -626,9 +639,18 @@ async function addToolsToServer(server, toolModules, identityConfig, clientMessa
|
|
|
626
639
|
delegationId: verifyResult.delegation.id,
|
|
627
640
|
delegationChain: (0, mcp_i_core_1.buildChainString)(verifyResult.delegation),
|
|
628
641
|
delegationScopes: toolProtection.requiredScopes || [],
|
|
642
|
+
// JWS-compact DelegationCredential VC from the verified
|
|
643
|
+
// result — emitted on KYA-OS-Delegation-Credential when the
|
|
644
|
+
// verifier returned a presentable credential.
|
|
645
|
+
delegationCredential: verifyResult.credential?.credential_jwt,
|
|
629
646
|
identity: identity ?? null,
|
|
630
647
|
});
|
|
631
648
|
}
|
|
649
|
+
// Bridge this AsyncLocalStorage context into the compute
|
|
650
|
+
// outbound-identity interceptor (OpenClaw sidecar path) when it is
|
|
651
|
+
// present in-process. Idempotent + best-effort: a no-op on
|
|
652
|
+
// deployments without the compute interceptor.
|
|
653
|
+
(0, outbound_identity_bridge_1.ensureOutboundIdentityBridge)();
|
|
632
654
|
}
|
|
633
655
|
try {
|
|
634
656
|
// Execute the tool handler
|
|
@@ -1,8 +1,19 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Well-Known Endpoints for
|
|
2
|
+
* Well-Known Endpoints for the KYA-OS / MCP Runtime
|
|
3
3
|
*
|
|
4
4
|
* Handles /.well-known/did.json and /.well-known/agent.json endpoints
|
|
5
5
|
* according to requirements 7.1, 7.2, 7.3, 7.4, 7.5.
|
|
6
|
+
*
|
|
7
|
+
* C2 (#2916) classification: **product-layer, stays product-side.** The DIF
|
|
8
|
+
* `@kya-os/mcp` core does not generate `.well-known` manifests, and its
|
|
9
|
+
* `buildDidWebDocument` is intentionally NOT adopted here: it produces a
|
|
10
|
+
* byte-different DID document (full `kid` rather than a `#fragment`
|
|
11
|
+
* verification-method id, emits both `publicKeyJwk` and `publicKeyMultibase`,
|
|
12
|
+
* and requires a `did:web` DID). `did.json` is a W3C-standard wire artifact
|
|
13
|
+
* that must stay byte-stable, so this generator is left in place and its wire
|
|
14
|
+
* output is frozen by `__tests__/well-known-wire-freeze.test.ts`. Any future
|
|
15
|
+
* relocation/rename is gated by the C4 (#2918) dual-accept window — never
|
|
16
|
+
* change the `.well-known/did.json` path.
|
|
6
17
|
*/
|
|
7
18
|
import { AgentIdentity } from "./identity";
|
|
8
19
|
/**
|
|
@@ -1,9 +1,20 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
|
-
* Well-Known Endpoints for
|
|
3
|
+
* Well-Known Endpoints for the KYA-OS / MCP Runtime
|
|
4
4
|
*
|
|
5
5
|
* Handles /.well-known/did.json and /.well-known/agent.json endpoints
|
|
6
6
|
* according to requirements 7.1, 7.2, 7.3, 7.4, 7.5.
|
|
7
|
+
*
|
|
8
|
+
* C2 (#2916) classification: **product-layer, stays product-side.** The DIF
|
|
9
|
+
* `@kya-os/mcp` core does not generate `.well-known` manifests, and its
|
|
10
|
+
* `buildDidWebDocument` is intentionally NOT adopted here: it produces a
|
|
11
|
+
* byte-different DID document (full `kid` rather than a `#fragment`
|
|
12
|
+
* verification-method id, emits both `publicKeyJwk` and `publicKeyMultibase`,
|
|
13
|
+
* and requires a `did:web` DID). `did.json` is a W3C-standard wire artifact
|
|
14
|
+
* that must stay byte-stable, so this generator is left in place and its wire
|
|
15
|
+
* output is frozen by `__tests__/well-known-wire-freeze.test.ts`. Any future
|
|
16
|
+
* relocation/rename is gated by the C4 (#2918) dual-accept window — never
|
|
17
|
+
* change the `.well-known/did.json` path.
|
|
7
18
|
*/
|
|
8
19
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
20
|
exports.WellKnownManager = void 0;
|
|
@@ -15,7 +26,7 @@ exports.extractDIDFromPath = extractDIDFromPath;
|
|
|
15
26
|
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
|
16
27
|
const baseX = require("base-x");
|
|
17
28
|
const base58 = baseX.default || baseX;
|
|
18
|
-
const base58Encoder = base58(
|
|
29
|
+
const base58Encoder = base58("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz");
|
|
19
30
|
/**
|
|
20
31
|
* Well-known endpoints manager
|
|
21
32
|
*/
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kya-os/mcp-i",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.11.0",
|
|
4
4
|
"description": "The TypeScript MCP framework with identity features built-in",
|
|
5
5
|
"type": "commonjs",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -65,12 +65,13 @@
|
|
|
65
65
|
"dependencies": {
|
|
66
66
|
"@kya-os/contracts": "^1.8.0",
|
|
67
67
|
"@kya-os/mcp-i-core": "^1.7.0",
|
|
68
|
+
"@kya-os/mcp-i-runtime": "^1.0.0",
|
|
68
69
|
"@modelcontextprotocol/sdk": "^1.11.4",
|
|
69
70
|
"@swc/core": "^1.15.11",
|
|
70
71
|
"@types/express": "^5.0.6",
|
|
71
72
|
"@types/webpack-node-externals": "^3.0.4",
|
|
72
73
|
"@vercel/mcp-adapter": "^0.11.1",
|
|
73
|
-
"axios": "^1.
|
|
74
|
+
"axios": "^1.16.1",
|
|
74
75
|
"base-x": "^5.0.1",
|
|
75
76
|
"chalk": "^5.2.0",
|
|
76
77
|
"chokidar": "^3.6.0",
|
|
@@ -102,6 +103,7 @@
|
|
|
102
103
|
"@modelcontextprotocol/inspector": "^0.20.0"
|
|
103
104
|
},
|
|
104
105
|
"devDependencies": {
|
|
106
|
+
"@kya-os/mcp": "^1.6.1",
|
|
105
107
|
"@aws-sdk/client-dynamodb": "^3.992.0",
|
|
106
108
|
"@types/content-type": "^1.1.9",
|
|
107
109
|
"@types/fs-extra": "^11.0.4",
|
package/dist/225.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
"use strict";exports.id=225,exports.ids=[225],exports.modules={2445:t=>{t.exports={rE:"3.993.0"}},2840:(t,e,n)=>{n.d(e,{k:()=>S});var r=n(50469),i=n(69700);const s="(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun)(?:[ne|u?r]?s?day)?",o="(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)",a="(\\d?\\d):(\\d{2}):(\\d{2})(?:\\.(\\d+))?",l="(\\d?\\d)",c="(\\d{4})",u=new RegExp(/^(\d{4})-(\d\d)-(\d\d)[tT](\d\d):(\d\d):(\d\d)(\.(\d+))?(([-+]\d\d:\d\d)|[zZ])$/),h=new RegExp(`^${s}, ${l} ${o} ${c} ${a} GMT$`),d=new RegExp(`^${s}, ${l}-${o}-(\\d\\d) ${a} GMT$`),p=new RegExp(`^${s} ${o} ( [1-9]|\\d\\d) ${a} ${c}$`),g=["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"];function m(t,e,n){const r=Number(t);if(r<e||r>n)throw new Error(`Value ${r} out of range [${e}, ${n}]`)}var f=n(84651),x=n(70764),y=n(12544),E=n(2914),b=n(63282),w=n(26144);class S extends b.f{settings;constructor(t){super(),this.settings=t}read(t,e){const n=r.l.of(t);if(n.isListSchema())return(0,i.G)(e).map(t=>this.read(n.getValueSchema(),t));if(n.isBlobSchema())return(this.serdeContext?.base64Decoder??y.E)(e);if(n.isTimestampSchema())switch((0,w.V)(n,this.settings)){case 5:return(t=>{if(null==t)return;if("string"!=typeof t)throw new TypeError("RFC3339 timestamps must be strings");const e=u.exec(t);if(!e)throw new TypeError(`Invalid RFC3339 timestamp format ${t}`);const[,n,r,i,s,o,a,,l,c]=e;m(r,1,12),m(i,1,31),m(s,0,23),m(o,0,59),m(a,0,60);const h=new Date(Date.UTC(Number(n),Number(r)-1,Number(i),Number(s),Number(o),Number(a),Number(l)?Math.round(1e3*parseFloat(`0.${l}`)):0));if(h.setUTCFullYear(Number(n)),"Z"!=c.toUpperCase()){const[,t,e,n]=/([+-])(\d\d):(\d\d)/.exec(c)||[void 0,"+",0,0],r="-"===t?1:-1;h.setTime(h.getTime()+r*(60*Number(e)*60*1e3+60*Number(n)*1e3))}return h})(e);case 6:return(t=>{if(null==t)return;if("string"!=typeof t)throw new TypeError("RFC7231 timestamps must be strings.");let e,n,r,i,s,o,a,l;if((l=h.exec(t))?[,e,n,r,i,s,o,a]=l:(l=d.exec(t))?([,e,n,r,i,s,o,a]=l,r=(Number(r)+1900).toString()):(l=p.exec(t))&&([,n,e,i,s,o,a,r]=l),r&&o){const t=Date.UTC(Number(r),g.indexOf(n),Number(e),Number(i),Number(s),Number(o),a?Math.round(1e3*parseFloat(`0.${a}`)):0);m(e,1,31),m(i,0,23),m(s,0,59),m(o,0,60);const l=new Date(t);return l.setUTCFullYear(Number(r)),l}throw new TypeError(`Invalid RFC7231 date-time value ${t}.`)})(e);case 7:return(t=>{if(null==t)return;let e=NaN;if("number"==typeof t)e=t;else if("string"==typeof t){if(!/^-?\d*\.?\d+$/.test(t))throw new TypeError("parseEpochTimestamp - numeric string invalid.");e=Number.parseFloat(t)}else"object"==typeof t&&1===t.tag&&(e=t.value);if(isNaN(e)||Math.abs(e)===1/0)throw new TypeError("Epoch timestamps must be valid finite numbers.");return new Date(Math.round(1e3*e))})(e);default:return console.warn("Missing timestamp format, parsing value with Date constructor:",e),new Date(e)}if(n.isStringSchema()){const t=n.getMergedTraits().mediaType;let r=e;if(t)return n.getMergedTraits().httpHeader&&(r=this.base64ToUtf8(r)),("application/json"===t||t.endsWith("+json"))&&(r=f.A.from(r)),r}return n.isNumericSchema()?Number(e):n.isBigIntegerSchema()?BigInt(e):n.isBigDecimalSchema()?new x.D(e,"bigDecimal"):n.isBooleanSchema()?"true"===String(e).toLowerCase():e}base64ToUtf8(t){return(this.serdeContext?.utf8Encoder??E.P)((this.serdeContext?.base64Decoder??y.E)(t))}}},3606:(t,e,n)=>{n.d(e,{getDefaultRoleAssumer:()=>Nr,getDefaultRoleAssumerWithWebIdentity:()=>Tr});var r=n(53347),i=n(96901),s=n(7387);const o=!1;var a=n(66686),l=n(22869);const c={UseGlobalEndpoint:{type:"builtInParams",name:"useGlobalEndpoint"},UseFIPS:{type:"builtInParams",name:"useFipsEndpoint"},Endpoint:{type:"builtInParams",name:"endpoint"},Region:{type:"builtInParams",name:"region"},UseDualStack:{type:"builtInParams",name:"useDualstackEndpoint"}};var u=n(51453),h=n(6723);class d extends h.T{constructor(t){super(t),Object.setPrototypeOf(this,d.prototype)}}class p extends d{name="ExpiredTokenException";$fault="client";constructor(t){super({name:"ExpiredTokenException",$fault:"client",...t}),Object.setPrototypeOf(this,p.prototype)}}class g extends d{name="MalformedPolicyDocumentException";$fault="client";constructor(t){super({name:"MalformedPolicyDocumentException",$fault:"client",...t}),Object.setPrototypeOf(this,g.prototype)}}class m extends d{name="PackedPolicyTooLargeException";$fault="client";constructor(t){super({name:"PackedPolicyTooLargeException",$fault:"client",...t}),Object.setPrototypeOf(this,m.prototype)}}class f extends d{name="RegionDisabledException";$fault="client";constructor(t){super({name:"RegionDisabledException",$fault:"client",...t}),Object.setPrototypeOf(this,f.prototype)}}class x extends d{name="IDPRejectedClaimException";$fault="client";constructor(t){super({name:"IDPRejectedClaimException",$fault:"client",...t}),Object.setPrototypeOf(this,x.prototype)}}class y extends d{name="InvalidIdentityTokenException";$fault="client";constructor(t){super({name:"InvalidIdentityTokenException",$fault:"client",...t}),Object.setPrototypeOf(this,y.prototype)}}class E extends d{name="IDPCommunicationErrorException";$fault="client";constructor(t){super({name:"IDPCommunicationErrorException",$fault:"client",...t}),Object.setPrototypeOf(this,E.prototype)}}const b="AssumedRoleUser",w="Credentials",S="DurationSeconds",v="Policy",N="PolicyArns",T="PackedPolicySize",I="RoleArn",P="RoleSessionName",C="SourceIdentity",A="awsQueryError",$="client",D="error",k="httpError",O="message",R="smithy.ts.sdk.synthetic.com.amazonaws.sts",M="com.amazonaws.sts",_=u.O.for(R);var V=[-3,R,"STSServiceException",0,[],[]];_.registerError(V,d);const j=u.O.for(M);var F=[-3,M,"ExpiredTokenException",{[A]:["ExpiredTokenException",400],[D]:$,[k]:400},[O],[0]];j.registerError(F,p);var U=[-3,M,"IDPCommunicationErrorException",{[A]:["IDPCommunicationError",400],[D]:$,[k]:400},[O],[0]];j.registerError(U,E);var L=[-3,M,"IDPRejectedClaimException",{[A]:["IDPRejectedClaim",403],[D]:$,[k]:403},[O],[0]];j.registerError(L,x);var z=[-3,M,"InvalidIdentityTokenException",{[A]:["InvalidIdentityToken",400],[D]:$,[k]:400},[O],[0]];j.registerError(z,y);var W=[-3,M,"MalformedPolicyDocumentException",{[A]:["MalformedPolicyDocument",400],[D]:$,[k]:400},[O],[0]];j.registerError(W,g);var K=[-3,M,"PackedPolicyTooLargeException",{[A]:["PackedPolicyTooLarge",400],[D]:$,[k]:400},[O],[0]];j.registerError(K,m);var B=[-3,M,"RegionDisabledException",{[A]:["RegionDisabledException",403],[D]:$,[k]:403},[O],[0]];j.registerError(B,f);const G=[_,j];var q=[0,M,"accessKeySecretType",8,0],Y=[0,M,"clientTokenType",8,0],Q=[3,M,b,0,["AssumedRoleId","Arn"],[0,0],2],Z=[3,M,"AssumeRoleRequest",0,[I,P,N,v,S,"Tags","TransitiveTagKeys","ExternalId","SerialNumber","TokenCode",C,"ProvidedContexts"],[0,0,()=>it,0,1,()=>ot,64,0,0,0,0,()=>st],2],H=[3,M,"AssumeRoleResponse",0,[w,b,T,C],[[()=>tt,0],()=>Q,1,0]],X=[3,M,"AssumeRoleWithWebIdentityRequest",0,[I,P,"WebIdentityToken","ProviderId",N,v,S],[0,0,[()=>Y,0],0,()=>it,0,1],3],J=[3,M,"AssumeRoleWithWebIdentityResponse",0,[w,"SubjectFromWebIdentityToken",b,T,"Provider","Audience",C],[[()=>tt,0],0,()=>Q,1,0,0,0]],tt=[3,M,w,0,["AccessKeyId","SecretAccessKey","SessionToken","Expiration"],[0,[()=>q,0],0,4],4],et=[3,M,"PolicyDescriptorType",0,["arn"],[0]],nt=[3,M,"ProvidedContext",0,["ProviderArn","ContextAssertion"],[0,0]],rt=[3,M,"Tag",0,["Key","Value"],[0,0],2],it=[1,M,"policyDescriptorListType",0,()=>et],st=[1,M,"ProvidedContextsListType",0,()=>nt],ot=[1,M,"tagListType",0,()=>rt],at=[9,M,"AssumeRole",0,()=>Z,()=>H],lt=[9,M,"AssumeRoleWithWebIdentity",0,()=>X,()=>J];class ct extends(l.u.classBuilder().ep(c).m(function(t,e,n,r){return[(0,a.r)(n,t.getEndpointParameterInstructions())]}).s("AWSSecurityTokenServiceV20110615","AssumeRole",{}).n("STSClient","AssumeRoleCommand").sc(at).build()){}class ut extends(l.u.classBuilder().ep(c).m(function(t,e,n,r){return[(0,a.r)(n,t.getEndpointParameterInstructions())]}).s("AWSSecurityTokenServiceV20110615","AssumeRoleWithWebIdentity",{}).n("STSClient","AssumeRoleWithWebIdentityCommand").sc(lt).build()){}const ht=t=>{if("string"==typeof t?.Arn){const e=t.Arn.split(":");if(e.length>4&&""!==e[4])return e[4]}},dt=async(t,e,n,r={})=>{const a="function"==typeof t?await t():t,l="function"==typeof e?await e():e;let c="";const u=a??l??(c=await function(t={}){return(0,s.Z)({...i.GG,default:async()=>(o||console.warn("@aws-sdk - WARN - default STS region of us-east-1 used. See @aws-sdk/credential-providers README and set a region explicitly."),"us-east-1")},{...i.zH,...t})}(r)());return n?.debug?.("@aws-sdk/client-sts::resolveRegion","accepting first of:",`${a} (credential provider clientConfig)`,`${l} (contextual client)`,`${c} (STS default: AWS_REGION, profile region, or us-east-1)`),u},pt=t=>"h2"===t?.metadata?.handlerProtocol;var gt=n(97040),mt=n(74534),ft=n(70775),xt=n(5572),yt=n(61019),Et=n(94615),bt=n(45326),wt=n(9575),St=n(68249),vt=n(75279),Nt=n(10860),Tt=n(39412),It=n(72084),Pt=n(10773),Ct=n(9942),At=n(23870),$t=n(45547),Dt=n(81974);const kt=async(t,e,n)=>({operation:(0,$t.u)(e).operation,region:await(0,Dt.t)(t.region)()||(()=>{throw new Error("expected `region` to be configured for `aws.auth#sigv4`")})()}),Ot=t=>{const e=[];return"AssumeRoleWithWebIdentity"===t.operation?e.push({schemeId:"smithy.api#noAuth"}):e.push(function(t){return{schemeId:"aws.auth#sigv4",signingProperties:{name:"sts",region:t.region},propertiesExtractor:(t,e)=>({signingProperties:{config:t,context:e}})}}(t)),e};var Rt=n(2445),Mt=n(17479),_t=n(96965),Vt=n(17357),jt=n(17914),Ft=n(5882),Ut=n(24661),Lt=n(46109),zt=n(14433),Wt=n(5012),Kt=n(24176),Bt=n(64327),Gt=n(34338),qt=n(57815),Yt=n(55425),Qt=n(99816),Zt=n(48828),Ht=n(63139),Xt=n(78607),Jt=n(59772),te=n(50469),ee=n(28075);const ne=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",re=new RegExp("^["+ne+"]["+ne+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040]*$");function ie(t,e){const n=[];let r=e.exec(t);for(;r;){const i=[];i.startIndex=e.lastIndex-r[0].length;const s=r.length;for(let t=0;t<s;t++)i.push(r[t]);n.push(i),r=e.exec(t)}return n}const se=function(t){return!(null==re.exec(t))},oe=["hasOwnProperty","toString","valueOf","__defineGetter__","__defineSetter__","__lookupGetter__","__lookupSetter__"],ae=["__proto__","constructor","prototype"],le=t=>oe.includes(t)?"__"+t:t,ce={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:function(t,e){return e},attributeValueProcessor:function(t,e){return e},stopNodes:[],alwaysCreateTextNode:!1,isArray:()=>!1,commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:function(t,e,n){return t},captureMetaData:!1,maxNestedTags:100,strictReservedNames:!0,jPath:!0,onDangerousProperty:le};function ue(t,e){if("string"!=typeof t)return;const n=t.toLowerCase();if(oe.some(t=>n===t.toLowerCase()))throw new Error(`[SECURITY] Invalid ${e}: "${t}" is a reserved JavaScript keyword that could cause prototype pollution`);if(ae.some(t=>n===t.toLowerCase()))throw new Error(`[SECURITY] Invalid ${e}: "${t}" is a reserved JavaScript keyword that could cause prototype pollution`)}function he(t){return"boolean"==typeof t?{enabled:t,maxEntitySize:1e4,maxExpansionDepth:10,maxTotalExpansions:1e3,maxExpandedLength:1e5,maxEntityCount:100,allowedTags:null,tagFilter:null}:"object"==typeof t&&null!==t?{enabled:!1!==t.enabled,maxEntitySize:Math.max(1,t.maxEntitySize??1e4),maxExpansionDepth:Math.max(1,t.maxExpansionDepth??10),maxTotalExpansions:Math.max(1,t.maxTotalExpansions??1e3),maxExpandedLength:Math.max(1,t.maxExpandedLength??1e5),maxEntityCount:Math.max(1,t.maxEntityCount??100),allowedTags:t.allowedTags??null,tagFilter:t.tagFilter??null}:he(!0)}const de=function(t){const e=Object.assign({},ce,t),n=[{value:e.attributeNamePrefix,name:"attributeNamePrefix"},{value:e.attributesGroupName,name:"attributesGroupName"},{value:e.textNodeName,name:"textNodeName"},{value:e.cdataPropName,name:"cdataPropName"},{value:e.commentPropName,name:"commentPropName"}];for(const{value:t,name:e}of n)t&&ue(t,e);return null===e.onDangerousProperty&&(e.onDangerousProperty=le),e.processEntities=he(e.processEntities),e.stopNodes&&Array.isArray(e.stopNodes)&&(e.stopNodes=e.stopNodes.map(t=>"string"==typeof t&&t.startsWith("*.")?".."+t.substring(2):t)),e};let pe;pe="function"!=typeof Symbol?"@@xmlMetadata":Symbol("XML Node Metadata");class ge{constructor(t){this.tagname=t,this.child=[],this[":@"]=Object.create(null)}add(t,e){"__proto__"===t&&(t="#__proto__"),this.child.push({[t]:e})}addChild(t,e){"__proto__"===t.tagname&&(t.tagname="#__proto__"),t[":@"]&&Object.keys(t[":@"]).length>0?this.child.push({[t.tagname]:t.child,":@":t[":@"]}):this.child.push({[t.tagname]:t.child}),void 0!==e&&(this.child[this.child.length-1][pe]={startIndex:e})}static getMetaDataSymbol(){return pe}}class me{constructor(t){this.suppressValidationErr=!t,this.options=t}readDocType(t,e){const n=Object.create(null);let r=0;if("O"!==t[e+3]||"C"!==t[e+4]||"T"!==t[e+5]||"Y"!==t[e+6]||"P"!==t[e+7]||"E"!==t[e+8])throw new Error("Invalid Tag instead of DOCTYPE");{e+=9;let i=1,s=!1,o=!1,a="";for(;e<t.length;e++)if("<"!==t[e]||o)if(">"===t[e]){if(o?"-"===t[e-1]&&"-"===t[e-2]&&(o=!1,i--):i--,0===i)break}else"["===t[e]?s=!0:a+=t[e];else{if(s&&xe(t,"!ENTITY",e)){let i,s;if(e+=7,[i,s,e]=this.readEntityExp(t,e+1,this.suppressValidationErr),-1===s.indexOf("&")){if(!1!==this.options.enabled&&null!=this.options.maxEntityCount&&r>=this.options.maxEntityCount)throw new Error(`Entity count (${r+1}) exceeds maximum allowed (${this.options.maxEntityCount})`);const t=i.replace(/[.*+?^${}()|[\]\\]/g,"\\$&");n[i]={regx:RegExp(`&${t};`,"g"),val:s},r++}}else if(s&&xe(t,"!ELEMENT",e)){e+=8;const{index:n}=this.readElementExp(t,e+1);e=n}else if(s&&xe(t,"!ATTLIST",e))e+=8;else if(s&&xe(t,"!NOTATION",e)){e+=9;const{index:n}=this.readNotationExp(t,e+1,this.suppressValidationErr);e=n}else{if(!xe(t,"!--",e))throw new Error("Invalid DOCTYPE");o=!0}i++,a=""}if(0!==i)throw new Error("Unclosed DOCTYPE")}return{entities:n,i:e}}readEntityExp(t,e){const n=e=fe(t,e);for(;e<t.length&&!/\s/.test(t[e])&&'"'!==t[e]&&"'"!==t[e];)e++;let r=t.substring(n,e);if(ye(r),e=fe(t,e),!this.suppressValidationErr){if("SYSTEM"===t.substring(e,e+6).toUpperCase())throw new Error("External entities are not supported");if("%"===t[e])throw new Error("Parameter entities are not supported")}let i="";if([e,i]=this.readIdentifierVal(t,e,"entity"),!1!==this.options.enabled&&null!=this.options.maxEntitySize&&i.length>this.options.maxEntitySize)throw new Error(`Entity "${r}" size (${i.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);return[r,i,--e]}readNotationExp(t,e){const n=e=fe(t,e);for(;e<t.length&&!/\s/.test(t[e]);)e++;let r=t.substring(n,e);!this.suppressValidationErr&&ye(r),e=fe(t,e);const i=t.substring(e,e+6).toUpperCase();if(!this.suppressValidationErr&&"SYSTEM"!==i&&"PUBLIC"!==i)throw new Error(`Expected SYSTEM or PUBLIC, found "${i}"`);e+=i.length,e=fe(t,e);let s=null,o=null;if("PUBLIC"===i)[e,s]=this.readIdentifierVal(t,e,"publicIdentifier"),'"'!==t[e=fe(t,e)]&&"'"!==t[e]||([e,o]=this.readIdentifierVal(t,e,"systemIdentifier"));else if("SYSTEM"===i&&([e,o]=this.readIdentifierVal(t,e,"systemIdentifier"),!this.suppressValidationErr&&!o))throw new Error("Missing mandatory system identifier for SYSTEM notation");return{notationName:r,publicIdentifier:s,systemIdentifier:o,index:--e}}readIdentifierVal(t,e,n){let r="";const i=t[e];if('"'!==i&&"'"!==i)throw new Error(`Expected quoted string, found "${i}"`);const s=++e;for(;e<t.length&&t[e]!==i;)e++;if(r=t.substring(s,e),t[e]!==i)throw new Error(`Unterminated ${n} value`);return[++e,r]}readElementExp(t,e){const n=e=fe(t,e);for(;e<t.length&&!/\s/.test(t[e]);)e++;let r=t.substring(n,e);if(!this.suppressValidationErr&&!se(r))throw new Error(`Invalid element name: "${r}"`);let i="";if("E"===t[e=fe(t,e)]&&xe(t,"MPTY",e))e+=4;else if("A"===t[e]&&xe(t,"NY",e))e+=2;else if("("===t[e]){const n=++e;for(;e<t.length&&")"!==t[e];)e++;if(i=t.substring(n,e),")"!==t[e])throw new Error("Unterminated content model")}else if(!this.suppressValidationErr)throw new Error(`Invalid Element Expression, found "${t[e]}"`);return{elementName:r,contentModel:i.trim(),index:e}}readAttlistExp(t,e){let n=e=fe(t,e);for(;e<t.length&&!/\s/.test(t[e]);)e++;let r=t.substring(n,e);for(ye(r),n=e=fe(t,e);e<t.length&&!/\s/.test(t[e]);)e++;let i=t.substring(n,e);if(!ye(i))throw new Error(`Invalid attribute name: "${i}"`);e=fe(t,e);let s="";if("NOTATION"===t.substring(e,e+8).toUpperCase()){if(s="NOTATION","("!==t[e=fe(t,e+=8)])throw new Error(`Expected '(', found "${t[e]}"`);e++;let n=[];for(;e<t.length&&")"!==t[e];){const r=e;for(;e<t.length&&"|"!==t[e]&&")"!==t[e];)e++;let i=t.substring(r,e);if(i=i.trim(),!ye(i))throw new Error(`Invalid notation name: "${i}"`);n.push(i),"|"===t[e]&&(e++,e=fe(t,e))}if(")"!==t[e])throw new Error("Unterminated list of notations");e++,s+=" ("+n.join("|")+")"}else{const n=e;for(;e<t.length&&!/\s/.test(t[e]);)e++;s+=t.substring(n,e);const r=["CDATA","ID","IDREF","IDREFS","ENTITY","ENTITIES","NMTOKEN","NMTOKENS"];if(!this.suppressValidationErr&&!r.includes(s.toUpperCase()))throw new Error(`Invalid attribute type: "${s}"`)}e=fe(t,e);let o="";return"#REQUIRED"===t.substring(e,e+8).toUpperCase()?(o="#REQUIRED",e+=8):"#IMPLIED"===t.substring(e,e+7).toUpperCase()?(o="#IMPLIED",e+=7):[e,o]=this.readIdentifierVal(t,e,"ATTLIST"),{elementName:r,attributeName:i,attributeType:s,defaultValue:o,index:e}}}const fe=(t,e)=>{for(;e<t.length&&/\s/.test(t[e]);)e++;return e};function xe(t,e,n){for(let r=0;r<e.length;r++)if(e[r]!==t[n+r+1])return!1;return!0}function ye(t){if(se(t))return t;throw new Error(`Invalid entity name ${t}`)}const Ee=/^[-+]?0x[a-fA-F0-9]+$/,be=/^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/,we={hex:!0,leadingZeros:!0,decimalPoint:".",eNotation:!0,infinity:"original"};const Se=/^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;class ve{constructor(t={}){this.separator=t.separator||".",this.path=[],this.siblingStacks=[]}push(t,e=null,n=null){this.path.length>0&&(this.path[this.path.length-1].values=void 0);const r=this.path.length;this.siblingStacks[r]||(this.siblingStacks[r]=new Map);const i=this.siblingStacks[r],s=n?`${n}:${t}`:t,o=i.get(s)||0;let a=0;for(const t of i.values())a+=t;i.set(s,o+1);const l={tag:t,position:a,counter:o};null!=n&&(l.namespace=n),null!=e&&(l.values=e),this.path.push(l)}pop(){if(0===this.path.length)return;const t=this.path.pop();return this.siblingStacks.length>this.path.length+1&&(this.siblingStacks.length=this.path.length+1),t}updateCurrent(t){if(this.path.length>0){const e=this.path[this.path.length-1];null!=t&&(e.values=t)}}getCurrentTag(){return this.path.length>0?this.path[this.path.length-1].tag:void 0}getCurrentNamespace(){return this.path.length>0?this.path[this.path.length-1].namespace:void 0}getAttrValue(t){if(0===this.path.length)return;const e=this.path[this.path.length-1];return e.values?.[t]}hasAttr(t){if(0===this.path.length)return!1;const e=this.path[this.path.length-1];return void 0!==e.values&&t in e.values}getPosition(){return 0===this.path.length?-1:this.path[this.path.length-1].position??0}getCounter(){return 0===this.path.length?-1:this.path[this.path.length-1].counter??0}getIndex(){return this.getPosition()}getDepth(){return this.path.length}toString(t,e=!0){const n=t||this.separator;return this.path.map(t=>e&&t.namespace?`${t.namespace}:${t.tag}`:t.tag).join(n)}toArray(){return this.path.map(t=>t.tag)}reset(){this.path=[],this.siblingStacks=[]}matches(t){const e=t.segments;return 0!==e.length&&(t.hasDeepWildcard()?this._matchWithDeepWildcard(e):this._matchSimple(e))}_matchSimple(t){if(this.path.length!==t.length)return!1;for(let e=0;e<t.length;e++){const n=t[e],r=this.path[e],i=e===this.path.length-1;if(!this._matchSegment(n,r,i))return!1}return!0}_matchWithDeepWildcard(t){let e=this.path.length-1,n=t.length-1;for(;n>=0&&e>=0;){const r=t[n];if("deep-wildcard"===r.type){if(n--,n<0)return!0;const r=t[n];let i=!1;for(let t=e;t>=0;t--){const s=t===this.path.length-1;if(this._matchSegment(r,this.path[t],s)){e=t-1,n--,i=!0;break}}if(!i)return!1}else{const t=e===this.path.length-1;if(!this._matchSegment(r,this.path[e],t))return!1;e--,n--}}return n<0}_matchSegment(t,e,n){if("*"!==t.tag&&t.tag!==e.tag)return!1;if(void 0!==t.namespace&&"*"!==t.namespace&&t.namespace!==e.namespace)return!1;if(void 0!==t.attrName){if(!n)return!1;if(!e.values||!(t.attrName in e.values))return!1;if(void 0!==t.attrValue){const n=e.values[t.attrName];if(String(n)!==String(t.attrValue))return!1}}if(void 0!==t.position){if(!n)return!1;const r=e.counter??0;if("first"===t.position&&0!==r)return!1;if("odd"===t.position&&r%2!=1)return!1;if("even"===t.position&&r%2!=0)return!1;if("nth"===t.position&&r!==t.positionValue)return!1}return!0}snapshot(){return{path:this.path.map(t=>({...t})),siblingStacks:this.siblingStacks.map(t=>new Map(t))}}restore(t){this.path=t.path.map(t=>({...t})),this.siblingStacks=t.siblingStacks.map(t=>new Map(t))}}class Ne{constructor(t,e={}){this.pattern=t,this.separator=e.separator||".",this.segments=this._parse(t),this._hasDeepWildcard=this.segments.some(t=>"deep-wildcard"===t.type),this._hasAttributeCondition=this.segments.some(t=>void 0!==t.attrName),this._hasPositionSelector=this.segments.some(t=>void 0!==t.position)}_parse(t){const e=[];let n=0,r="";for(;n<t.length;)t[n]===this.separator?n+1<t.length&&t[n+1]===this.separator?(r.trim()&&(e.push(this._parseSegment(r.trim())),r=""),e.push({type:"deep-wildcard"}),n+=2):(r.trim()&&e.push(this._parseSegment(r.trim())),r="",n++):(r+=t[n],n++);return r.trim()&&e.push(this._parseSegment(r.trim())),e}_parseSegment(t){const e={type:"tag"};let n=null,r=t;const i=t.match(/^([^\[]+)(\[[^\]]*\])(.*)$/);if(i&&(r=i[1]+i[3],i[2])){const t=i[2].slice(1,-1);t&&(n=t)}let s,o,a=r;if(r.includes("::")){const e=r.indexOf("::");if(s=r.substring(0,e).trim(),a=r.substring(e+2).trim(),!s)throw new Error(`Invalid namespace in pattern: ${t}`)}let l=null;if(a.includes(":")){const t=a.lastIndexOf(":"),e=a.substring(0,t).trim(),n=a.substring(t+1).trim();["first","last","odd","even"].includes(n)||/^nth\(\d+\)$/.test(n)?(o=e,l=n):o=a}else o=a;if(!o)throw new Error(`Invalid segment pattern: ${t}`);if(e.tag=o,s&&(e.namespace=s),n)if(n.includes("=")){const t=n.indexOf("=");e.attrName=n.substring(0,t).trim(),e.attrValue=n.substring(t+1).trim()}else e.attrName=n.trim();if(l){const t=l.match(/^nth\((\d+)\)$/);t?(e.position="nth",e.positionValue=parseInt(t[1],10)):e.position=l}return e}get length(){return this.segments.length}hasDeepWildcard(){return this._hasDeepWildcard}hasAttributeCondition(){return this._hasAttributeCondition}hasPositionSelector(){return this._hasPositionSelector}toString(){return this.pattern}}function Te(t,e){if(!t)return{};const n=e.attributesGroupName?t[e.attributesGroupName]:t;if(!n)return{};const r={};for(const t in n)t.startsWith(e.attributeNamePrefix)?r[t.substring(e.attributeNamePrefix.length)]=n[t]:r[t]=n[t];return r}function Ie(t){if(!t||"string"!=typeof t)return;const e=t.indexOf(":");if(-1!==e&&e>0){const n=t.substring(0,e);if("xmlns"!==n)return n}}class Pe{constructor(t){var e;if(this.options=t,this.currentNode=null,this.tagsNodeStack=[],this.docTypeEntities={},this.lastEntities={apos:{regex:/&(apos|#39|#x27);/g,val:"'"},gt:{regex:/&(gt|#62|#x3E);/g,val:">"},lt:{regex:/&(lt|#60|#x3C);/g,val:"<"},quot:{regex:/&(quot|#34|#x22);/g,val:'"'}},this.ampEntity={regex:/&(amp|#38|#x26);/g,val:"&"},this.htmlEntities={space:{regex:/&(nbsp|#160);/g,val:" "},cent:{regex:/&(cent|#162);/g,val:"¢"},pound:{regex:/&(pound|#163);/g,val:"£"},yen:{regex:/&(yen|#165);/g,val:"¥"},euro:{regex:/&(euro|#8364);/g,val:"€"},copyright:{regex:/&(copy|#169);/g,val:"©"},reg:{regex:/&(reg|#174);/g,val:"®"},inr:{regex:/&(inr|#8377);/g,val:"₹"},num_dec:{regex:/&#([0-9]{1,7});/g,val:(t,e)=>ze(e,10,"&#")},num_hex:{regex:/&#x([0-9a-fA-F]{1,6});/g,val:(t,e)=>ze(e,16,"&#x")}},this.addExternalEntities=Ce,this.parseXml=Oe,this.parseTextData=Ae,this.resolveNameSpace=$e,this.buildAttributesMap=ke,this.isItStopNode=Ve,this.replaceEntitiesValue=Me,this.readStopNodeData=Ue,this.saveTextToParentTag=_e,this.addChild=Re,this.ignoreAttributesFn="function"==typeof(e=this.options.ignoreAttributes)?e:Array.isArray(e)?t=>{for(const n of e){if("string"==typeof n&&t===n)return!0;if(n instanceof RegExp&&n.test(t))return!0}}:()=>!1,this.entityExpansionCount=0,this.currentExpandedLength=0,this.matcher=new ve,this.isCurrentNodeStopNode=!1,this.options.stopNodes&&this.options.stopNodes.length>0){this.stopNodeExpressions=[];for(let t=0;t<this.options.stopNodes.length;t++){const e=this.options.stopNodes[t];"string"==typeof e?this.stopNodeExpressions.push(new Ne(e)):e instanceof Ne&&this.stopNodeExpressions.push(e)}}}}function Ce(t){const e=Object.keys(t);for(let n=0;n<e.length;n++){const r=e[n],i=r.replace(/[.\-+*:]/g,"\\.");this.lastEntities[r]={regex:new RegExp("&"+i+";","g"),val:t[r]}}}function Ae(t,e,n,r,i,s,o){if(void 0!==t&&(this.options.trimValues&&!r&&(t=t.trim()),t.length>0)){o||(t=this.replaceEntitiesValue(t,e,n));const r=this.options.jPath?n.toString():n,a=this.options.tagValueProcessor(e,t,r,i,s);return null==a?t:typeof a!=typeof t||a!==t?a:this.options.trimValues||t.trim()===t?Le(t,this.options.parseTagValue,this.options.numberParseOptions):t}}function $e(t){if(this.options.removeNSPrefix){const e=t.split(":"),n="/"===t.charAt(0)?"/":"";if("xmlns"===e[0])return"";2===e.length&&(t=n+e[1])}return t}const De=new RegExp("([^\\s=]+)\\s*(=\\s*(['\"])([\\s\\S]*?)\\3)?","gm");function ke(t,e,n){if(!0!==this.options.ignoreAttributes&&"string"==typeof t){const r=ie(t,De),i=r.length,s={},o={};for(let t=0;t<i;t++){const i=this.resolveNameSpace(r[t][1]),s=r[t][4];if(i.length&&void 0!==s){let t=s;this.options.trimValues&&(t=t.trim()),t=this.replaceEntitiesValue(t,n,e),o[i]=t}}Object.keys(o).length>0&&"object"==typeof e&&e.updateCurrent&&e.updateCurrent(o);for(let t=0;t<i;t++){const i=this.resolveNameSpace(r[t][1]),o=this.options.jPath?e.toString():e;if(this.ignoreAttributesFn(i,o))continue;let a=r[t][4],l=this.options.attributeNamePrefix+i;if(i.length)if(this.options.transformAttributeName&&(l=this.options.transformAttributeName(l)),l=Ke(l,this.options),void 0!==a){this.options.trimValues&&(a=a.trim()),a=this.replaceEntitiesValue(a,n,e);const t=this.options.jPath?e.toString():e,r=this.options.attributeValueProcessor(i,a,t);s[l]=null==r?a:typeof r!=typeof a||r!==a?r:Le(a,this.options.parseAttributeValue,this.options.numberParseOptions)}else this.options.allowBooleanAttributes&&(s[l]=!0)}if(!Object.keys(s).length)return;if(this.options.attributesGroupName){const t={};return t[this.options.attributesGroupName]=s,t}return s}}const Oe=function(t){t=t.replace(/\r\n?/g,"\n");const e=new ge("!xml");let n=e,r="";this.matcher.reset(),this.entityExpansionCount=0,this.currentExpandedLength=0;const i=new me(this.options.processEntities);for(let s=0;s<t.length;s++)if("<"===t[s])if("/"===t[s+1]){const e=je(t,">",s,"Closing Tag is not closed.");let i=t.substring(s+2,e).trim();if(this.options.removeNSPrefix){const t=i.indexOf(":");-1!==t&&(i=i.substr(t+1))}i=We(this.options.transformTagName,i,"",this.options).tagName,n&&(r=this.saveTextToParentTag(r,n,this.matcher));const o=this.matcher.getCurrentTag();if(i&&-1!==this.options.unpairedTags.indexOf(i))throw new Error(`Unpaired tag can not be used as closing tag: </${i}>`);o&&-1!==this.options.unpairedTags.indexOf(o)&&(this.matcher.pop(),this.tagsNodeStack.pop()),this.matcher.pop(),this.isCurrentNodeStopNode=!1,n=this.tagsNodeStack.pop(),r="",s=e}else if("?"===t[s+1]){let e=Fe(t,s,!1,"?>");if(!e)throw new Error("Pi Tag is not closed.");if(r=this.saveTextToParentTag(r,n,this.matcher),this.options.ignoreDeclaration&&"?xml"===e.tagName||this.options.ignorePiTags);else{const t=new ge(e.tagName);t.add(this.options.textNodeName,""),e.tagName!==e.tagExp&&e.attrExpPresent&&(t[":@"]=this.buildAttributesMap(e.tagExp,this.matcher,e.tagName)),this.addChild(n,t,this.matcher,s)}s=e.closeIndex+1}else if("!--"===t.substr(s+1,3)){const e=je(t,"--\x3e",s+4,"Comment is not closed.");if(this.options.commentPropName){const i=t.substring(s+4,e-2);r=this.saveTextToParentTag(r,n,this.matcher),n.add(this.options.commentPropName,[{[this.options.textNodeName]:i}])}s=e}else if("!D"===t.substr(s+1,2)){const e=i.readDocType(t,s);this.docTypeEntities=e.entities,s=e.i}else if("!["===t.substr(s+1,2)){const e=je(t,"]]>",s,"CDATA is not closed.")-2,i=t.substring(s+9,e);r=this.saveTextToParentTag(r,n,this.matcher);let o=this.parseTextData(i,n.tagname,this.matcher,!0,!1,!0,!0);null==o&&(o=""),this.options.cdataPropName?n.add(this.options.cdataPropName,[{[this.options.textNodeName]:i}]):n.add(this.options.textNodeName,o),s=e+2}else{let i=Fe(t,s,this.options.removeNSPrefix);if(!i){const e=t.substring(Math.max(0,s-50),Math.min(t.length,s+50));throw new Error(`readTagExp returned undefined at position ${s}. Context: "${e}"`)}let o=i.tagName;const a=i.rawTagName;let l=i.tagExp,c=i.attrExpPresent,u=i.closeIndex;if(({tagName:o,tagExp:l}=We(this.options.transformTagName,o,l,this.options)),this.options.strictReservedNames&&(o===this.options.commentPropName||o===this.options.cdataPropName||o===this.options.textNodeName||o===this.options.attributesGroupName))throw new Error(`Invalid tag name: ${o}`);n&&r&&"!xml"!==n.tagname&&(r=this.saveTextToParentTag(r,n,this.matcher,!1));const h=n;h&&-1!==this.options.unpairedTags.indexOf(h.tagname)&&(n=this.tagsNodeStack.pop(),this.matcher.pop());let d=!1;l.length>0&&l.lastIndexOf("/")===l.length-1&&(d=!0,"/"===o[o.length-1]?(o=o.substr(0,o.length-1),l=o):l=l.substr(0,l.length-1),c=o!==l);let p,g=null,m={};p=Ie(a),o!==e.tagname&&this.matcher.push(o,{},p),o!==l&&c&&(g=this.buildAttributesMap(l,this.matcher,o),g&&(m=Te(g,this.options))),o!==e.tagname&&(this.isCurrentNodeStopNode=this.isItStopNode(this.stopNodeExpressions,this.matcher));const f=s;if(this.isCurrentNodeStopNode){let e="";if(d)s=i.closeIndex;else if(-1!==this.options.unpairedTags.indexOf(o))s=i.closeIndex;else{const n=this.readStopNodeData(t,a,u+1);if(!n)throw new Error(`Unexpected end of ${a}`);s=n.i,e=n.tagContent}const r=new ge(o);g&&(r[":@"]=g),r.add(this.options.textNodeName,e),this.matcher.pop(),this.isCurrentNodeStopNode=!1,this.addChild(n,r,this.matcher,f)}else{if(d){({tagName:o,tagExp:l}=We(this.options.transformTagName,o,l,this.options));const t=new ge(o);g&&(t[":@"]=g),this.addChild(n,t,this.matcher,f),this.matcher.pop(),this.isCurrentNodeStopNode=!1}else{if(-1!==this.options.unpairedTags.indexOf(o)){const t=new ge(o);g&&(t[":@"]=g),this.addChild(n,t,this.matcher,f),this.matcher.pop(),this.isCurrentNodeStopNode=!1,s=i.closeIndex;continue}{const t=new ge(o);if(this.tagsNodeStack.length>this.options.maxNestedTags)throw new Error("Maximum nested tags exceeded");this.tagsNodeStack.push(n),g&&(t[":@"]=g),this.addChild(n,t,this.matcher,f),n=t}}r="",s=u}}else r+=t[s];return e.child};function Re(t,e,n,r){this.options.captureMetaData||(r=void 0);const i=this.options.jPath?n.toString():n,s=this.options.updateTag(e.tagname,i,e[":@"]);!1===s||("string"==typeof s?(e.tagname=s,t.addChild(e,r)):t.addChild(e,r))}function Me(t,e,n){const r=this.options.processEntities;if(!r||!r.enabled)return t;if(r.allowedTags){const i=this.options.jPath?n.toString():n;if(!(Array.isArray(r.allowedTags)?r.allowedTags.includes(e):r.allowedTags(e,i)))return t}if(r.tagFilter){const i=this.options.jPath?n.toString():n;if(!r.tagFilter(e,i))return t}for(const e of Object.keys(this.docTypeEntities)){const n=this.docTypeEntities[e],i=t.match(n.regx);if(i){if(this.entityExpansionCount+=i.length,r.maxTotalExpansions&&this.entityExpansionCount>r.maxTotalExpansions)throw new Error(`Entity expansion limit exceeded: ${this.entityExpansionCount} > ${r.maxTotalExpansions}`);const e=t.length;if(t=t.replace(n.regx,n.val),r.maxExpandedLength&&(this.currentExpandedLength+=t.length-e,this.currentExpandedLength>r.maxExpandedLength))throw new Error(`Total expanded content size exceeded: ${this.currentExpandedLength} > ${r.maxExpandedLength}`)}}for(const e of Object.keys(this.lastEntities)){const n=this.lastEntities[e],i=t.match(n.regex);if(i&&(this.entityExpansionCount+=i.length,r.maxTotalExpansions&&this.entityExpansionCount>r.maxTotalExpansions))throw new Error(`Entity expansion limit exceeded: ${this.entityExpansionCount} > ${r.maxTotalExpansions}`);t=t.replace(n.regex,n.val)}if(-1===t.indexOf("&"))return t;if(this.options.htmlEntities)for(const e of Object.keys(this.htmlEntities)){const n=this.htmlEntities[e],i=t.match(n.regex);if(i&&(this.entityExpansionCount+=i.length,r.maxTotalExpansions&&this.entityExpansionCount>r.maxTotalExpansions))throw new Error(`Entity expansion limit exceeded: ${this.entityExpansionCount} > ${r.maxTotalExpansions}`);t=t.replace(n.regex,n.val)}return t.replace(this.ampEntity.regex,this.ampEntity.val)}function _e(t,e,n,r){return t&&(void 0===r&&(r=0===e.child.length),void 0!==(t=this.parseTextData(t,e.tagname,n,!1,!!e[":@"]&&0!==Object.keys(e[":@"]).length,r))&&""!==t&&e.add(this.options.textNodeName,t),t=""),t}function Ve(t,e){if(!t||0===t.length)return!1;for(let n=0;n<t.length;n++)if(e.matches(t[n]))return!0;return!1}function je(t,e,n,r){const i=t.indexOf(e,n);if(-1===i)throw new Error(r);return i+e.length-1}function Fe(t,e,n,r=">"){const i=function(t,e,n=">"){let r,i="";for(let s=e;s<t.length;s++){let e=t[s];if(r)e===r&&(r="");else if('"'===e||"'"===e)r=e;else if(e===n[0]){if(!n[1])return{data:i,index:s};if(t[s+1]===n[1])return{data:i,index:s}}else"\t"===e&&(e=" ");i+=e}}(t,e+1,r);if(!i)return;let s=i.data;const o=i.index,a=s.search(/\s/);let l=s,c=!0;-1!==a&&(l=s.substring(0,a),s=s.substring(a+1).trimStart());const u=l;if(n){const t=l.indexOf(":");-1!==t&&(l=l.substr(t+1),c=l!==i.data.substr(t+1))}return{tagName:l,tagExp:s,closeIndex:o,attrExpPresent:c,rawTagName:u}}function Ue(t,e,n){const r=n;let i=1;for(;n<t.length;n++)if("<"===t[n])if("/"===t[n+1]){const s=je(t,">",n,`${e} is not closed`);if(t.substring(n+2,s).trim()===e&&(i--,0===i))return{tagContent:t.substring(r,n),i:s};n=s}else if("?"===t[n+1])n=je(t,"?>",n+1,"StopNode is not closed.");else if("!--"===t.substr(n+1,3))n=je(t,"--\x3e",n+3,"StopNode is not closed.");else if("!["===t.substr(n+1,2))n=je(t,"]]>",n,"StopNode is not closed.")-2;else{const r=Fe(t,n,">");r&&((r&&r.tagName)===e&&"/"!==r.tagExp[r.tagExp.length-1]&&i++,n=r.closeIndex)}}function Le(t,e,n){if(e&&"string"==typeof t){const e=t.trim();return"true"===e||"false"!==e&&function(t,e={}){if(e=Object.assign({},we,e),!t||"string"!=typeof t)return t;let n=t.trim();if(void 0!==e.skipLike&&e.skipLike.test(n))return t;if("0"===t)return 0;if(e.hex&&Ee.test(n))return function(t){if(parseInt)return parseInt(t,16);if(Number.parseInt)return Number.parseInt(t,16);if(window&&window.parseInt)return window.parseInt(t,16);throw new Error("parseInt, Number.parseInt, window.parseInt are not supported")}(n);if(isFinite(n)){if(n.includes("e")||n.includes("E"))return function(t,e,n){if(!n.eNotation)return t;const r=e.match(Se);if(r){let i=r[1]||"";const s=-1===r[3].indexOf("e")?"E":"e",o=r[2],a=i?t[o.length+1]===s:t[o.length]===s;return o.length>1&&a?t:(1!==o.length||!r[3].startsWith(`.${s}`)&&r[3][0]!==s)&&o.length>0?n.leadingZeros&&!a?(e=(r[1]||"")+r[3],Number(e)):t:Number(e)}return t}(t,n,e);{const i=be.exec(n);if(i){const s=i[1]||"",o=i[2];let a=(r=i[3])&&-1!==r.indexOf(".")?("."===(r=r.replace(/0+$/,""))?r="0":"."===r[0]?r="0"+r:"."===r[r.length-1]&&(r=r.substring(0,r.length-1)),r):r;const l=s?"."===t[o.length+1]:"."===t[o.length];if(!e.leadingZeros&&(o.length>1||1===o.length&&!l))return t;{const r=Number(n),i=String(r);if(0===r)return r;if(-1!==i.search(/[eE]/))return e.eNotation?r:t;if(-1!==n.indexOf("."))return"0"===i||i===a||i===`${s}${a}`?r:t;let l=o?a:n;return o?l===i||s+l===i?r:t:l===i||l===s+i?r:t}}return t}}var r;return function(t,e,n){const r=e===1/0;switch(n.infinity.toLowerCase()){case"null":return null;case"infinity":return e;case"string":return r?"Infinity":"-Infinity";default:return t}}(t,Number(n),e)}(t,n)}return function(t){return void 0!==t}(t)?t:""}function ze(t,e,n){const r=Number.parseInt(t,e);return r>=0&&r<=1114111?String.fromCodePoint(r):n+t+";"}function We(t,e,n,r){if(t){const r=t(e);n===e&&(n=r),e=r}return{tagName:e=Ke(e,r),tagExp:n}}function Ke(t,e){if(ae.includes(t))throw new Error(`[SECURITY] Invalid name: "${t}" is a reserved JavaScript keyword that could cause prototype pollution`);return oe.includes(t)?e.onDangerousProperty(t):t}const Be=ge.getMetaDataSymbol();function Ge(t,e){if(!t||"object"!=typeof t)return{};if(!e)return t;const n={};for(const r in t)r.startsWith(e)?n[r.substring(e.length)]=t[r]:n[r]=t[r];return n}function qe(t,e,n){return Ye(t,e,n)}function Ye(t,e,n){let r;const i={};for(let s=0;s<t.length;s++){const o=t[s],a=Qe(o);if(void 0!==a&&a!==e.textNodeName){const t=Ge(o[":@"]||{},e.attributeNamePrefix);n.push(a,t)}if(a===e.textNodeName)void 0===r?r=o[a]:r+=""+o[a];else{if(void 0===a)continue;if(o[a]){let t=Ye(o[a],e,n);const r=He(t,e);if(o[":@"]?Ze(t,o[":@"],n,e):1!==Object.keys(t).length||void 0===t[e.textNodeName]||e.alwaysCreateTextNode?0===Object.keys(t).length&&(e.alwaysCreateTextNode?t[e.textNodeName]="":t=""):t=t[e.textNodeName],void 0!==o[Be]&&"object"==typeof t&&null!==t&&(t[Be]=o[Be]),void 0!==i[a]&&Object.prototype.hasOwnProperty.call(i,a))Array.isArray(i[a])||(i[a]=[i[a]]),i[a].push(t);else{const s=e.jPath?n.toString():n;e.isArray(a,s,r)?i[a]=[t]:i[a]=t}void 0!==a&&a!==e.textNodeName&&n.pop()}}}return"string"==typeof r?r.length>0&&(i[e.textNodeName]=r):void 0!==r&&(i[e.textNodeName]=r),i}function Qe(t){const e=Object.keys(t);for(let t=0;t<e.length;t++){const n=e[t];if(":@"!==n)return n}}function Ze(t,e,n,r){if(e){const i=Object.keys(e),s=i.length;for(let o=0;o<s;o++){const s=i[o],a=s.startsWith(r.attributeNamePrefix)?s.substring(r.attributeNamePrefix.length):s,l=r.jPath?n.toString()+"."+a:n;r.isArray(s,l,!0,!0)?t[s]=[e[s]]:t[s]=e[s]}}}function He(t,e){const{textNodeName:n}=e,r=Object.keys(t).length;return 0===r||!(1!==r||!t[n]&&"boolean"!=typeof t[n]&&0!==t[n])}const Xe={allowBooleanAttributes:!1,unpairedTags:[]};function Je(t){return" "===t||"\t"===t||"\n"===t||"\r"===t}function tn(t,e){const n=e;for(;e<t.length;e++)if("?"==t[e]||" "==t[e]){const r=t.substr(n,e-n);if(e>5&&"xml"===r)return an("InvalidXml","XML declaration allowed only at the start of the document.",un(t,e));if("?"==t[e]&&">"==t[e+1]){e++;break}continue}return e}function en(t,e){if(t.length>e+5&&"-"===t[e+1]&&"-"===t[e+2]){for(e+=3;e<t.length;e++)if("-"===t[e]&&"-"===t[e+1]&&">"===t[e+2]){e+=2;break}}else if(t.length>e+8&&"D"===t[e+1]&&"O"===t[e+2]&&"C"===t[e+3]&&"T"===t[e+4]&&"Y"===t[e+5]&&"P"===t[e+6]&&"E"===t[e+7]){let n=1;for(e+=8;e<t.length;e++)if("<"===t[e])n++;else if(">"===t[e]&&(n--,0===n))break}else if(t.length>e+9&&"["===t[e+1]&&"C"===t[e+2]&&"D"===t[e+3]&&"A"===t[e+4]&&"T"===t[e+5]&&"A"===t[e+6]&&"["===t[e+7])for(e+=8;e<t.length;e++)if("]"===t[e]&&"]"===t[e+1]&&">"===t[e+2]){e+=2;break}return e}function nn(t,e){let n="",r="",i=!1;for(;e<t.length;e++){if('"'===t[e]||"'"===t[e])""===r?r=t[e]:r!==t[e]||(r="");else if(">"===t[e]&&""===r){i=!0;break}n+=t[e]}return""===r&&{value:n,index:e,tagClosed:i}}const rn=new RegExp("(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['\"])(([\\s\\S])*?)\\5)?","g");function sn(t,e){const n=ie(t,rn),r={};for(let t=0;t<n.length;t++){if(0===n[t][1].length)return an("InvalidAttr","Attribute '"+n[t][2]+"' has no space in starting.",hn(n[t]));if(void 0!==n[t][3]&&void 0===n[t][4])return an("InvalidAttr","Attribute '"+n[t][2]+"' is without value.",hn(n[t]));if(void 0===n[t][3]&&!e.allowBooleanAttributes)return an("InvalidAttr","boolean attribute '"+n[t][2]+"' is not allowed.",hn(n[t]));const i=n[t][2];if(!ln(i))return an("InvalidAttr","Attribute '"+i+"' is an invalid name.",hn(n[t]));if(Object.prototype.hasOwnProperty.call(r,i))return an("InvalidAttr","Attribute '"+i+"' is repeated.",hn(n[t]));r[i]=1}return!0}function on(t,e){if(";"===t[++e])return-1;if("#"===t[e])return function(t,e){let n=/\d/;for("x"===t[e]&&(e++,n=/[\da-fA-F]/);e<t.length;e++){if(";"===t[e])return e;if(!t[e].match(n))break}return-1}(t,++e);let n=0;for(;e<t.length;e++,n++)if(!(t[e].match(/\w/)&&n<20)){if(";"===t[e])break;return-1}return e}function an(t,e,n){return{err:{code:t,msg:e,line:n.line||n,col:n.col}}}function ln(t){return se(t)}function cn(t){return se(t)}function un(t,e){const n=t.substring(0,e).split(/\r?\n/);return{line:n.length,col:n[n.length-1].length+1}}function hn(t){return t.startIndex+t[1].length}const dn=new class{constructor(t){this.externalEntities={},this.options=de(t)}parse(t,e){if("string"!=typeof t&&t.toString)t=t.toString();else if("string"!=typeof t)throw new Error("XML data is accepted in String or Bytes[] form.");if(e){!0===e&&(e={});const n=function(t,e){e=Object.assign({},Xe,e);const n=[];let r=!1,i=!1;"\ufeff"===t[0]&&(t=t.substr(1));for(let s=0;s<t.length;s++)if("<"===t[s]&&"?"===t[s+1]){if(s+=2,s=tn(t,s),s.err)return s}else{if("<"!==t[s]){if(Je(t[s]))continue;return an("InvalidChar","char '"+t[s]+"' is not expected.",un(t,s))}{let o=s;if(s++,"!"===t[s]){s=en(t,s);continue}{let a=!1;"/"===t[s]&&(a=!0,s++);let l="";for(;s<t.length&&">"!==t[s]&&" "!==t[s]&&"\t"!==t[s]&&"\n"!==t[s]&&"\r"!==t[s];s++)l+=t[s];if(l=l.trim(),"/"===l[l.length-1]&&(l=l.substring(0,l.length-1),s--),!cn(l)){let e;return e=0===l.trim().length?"Invalid space after '<'.":"Tag '"+l+"' is an invalid name.",an("InvalidTag",e,un(t,s))}const c=nn(t,s);if(!1===c)return an("InvalidAttr","Attributes for '"+l+"' have open quote.",un(t,s));let u=c.value;if(s=c.index,"/"===u[u.length-1]){const n=s-u.length;u=u.substring(0,u.length-1);const i=sn(u,e);if(!0!==i)return an(i.err.code,i.err.msg,un(t,n+i.err.line));r=!0}else if(a){if(!c.tagClosed)return an("InvalidTag","Closing tag '"+l+"' doesn't have proper closing.",un(t,s));if(u.trim().length>0)return an("InvalidTag","Closing tag '"+l+"' can't have attributes or invalid starting.",un(t,o));if(0===n.length)return an("InvalidTag","Closing tag '"+l+"' has not been opened.",un(t,o));{const e=n.pop();if(l!==e.tagName){let n=un(t,e.tagStartPos);return an("InvalidTag","Expected closing tag '"+e.tagName+"' (opened in line "+n.line+", col "+n.col+") instead of closing tag '"+l+"'.",un(t,o))}0==n.length&&(i=!0)}}else{const a=sn(u,e);if(!0!==a)return an(a.err.code,a.err.msg,un(t,s-u.length+a.err.line));if(!0===i)return an("InvalidXml","Multiple possible root nodes found.",un(t,s));-1!==e.unpairedTags.indexOf(l)||n.push({tagName:l,tagStartPos:o}),r=!0}for(s++;s<t.length;s++)if("<"===t[s]){if("!"===t[s+1]){s++,s=en(t,s);continue}if("?"!==t[s+1])break;if(s=tn(t,++s),s.err)return s}else if("&"===t[s]){const e=on(t,s);if(-1==e)return an("InvalidChar","char '&' is not expected.",un(t,s));s=e}else if(!0===i&&!Je(t[s]))return an("InvalidXml","Extra text at the end",un(t,s));"<"===t[s]&&s--}}}return r?1==n.length?an("InvalidTag","Unclosed tag '"+n[0].tagName+"'.",un(t,n[0].tagStartPos)):!(n.length>0)||an("InvalidXml","Invalid '"+JSON.stringify(n.map(t=>t.tagName),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1}):an("InvalidXml","Start tag expected.",1)}(t,e);if(!0!==n)throw Error(`${n.err.msg}:${n.err.line}:${n.err.col}`)}const n=new Pe(this.options);n.addExternalEntities(this.externalEntities);const r=n.parseXml(t);return this.options.preserveOrder||void 0===r?r:qe(r,this.options,n.matcher)}addEntity(t,e){if(-1!==e.indexOf("&"))throw new Error("Entity value can't have '&'");if(-1!==t.indexOf("&")||-1!==t.indexOf(";"))throw new Error("An entity must be set without '&' and ';'. Eg. use '#xD' for '
'");if("&"===e)throw new Error("An entity with value '&' is not permitted");this.externalEntities[t]=e}static getMetaDataSymbol(){return ge.getMetaDataSymbol()}}({attributeNamePrefix:"",htmlEntities:!0,ignoreAttributes:!1,ignoreDeclaration:!0,parseTagValue:!1,trimValues:!1,tagValueProcessor:(t,e)=>""===e.trim()&&e.includes("\n")?"":void 0});dn.addEntity("#xD","\r"),dn.addEntity("#10","\n");var pn=n(2840);const gn=t=>{const e="#text";for(const n in t)t.hasOwnProperty(n)&&void 0!==t[n][e]?t[n]=t[n][e]:"object"==typeof t[n]&&null!==t[n]&&(t[n]=gn(t[n]));return t};var mn=n(2914),fn=n(88791),xn=n(89946);class yn extends fn.B{settings;stringDeserializer;constructor(t){super(),this.settings=t,this.stringDeserializer=new pn.k(t)}setSerdeContext(t){this.serdeContext=t,this.stringDeserializer.setSerdeContext(t)}read(t,e,n){const r=te.l.of(t),i=r.getMemberSchemas();if(r.isStructSchema()&&r.isMemberSchema()&&Object.values(i).find(t=>!!t.getMemberTraits().eventPayload)){const t={},n=Object.keys(i)[0];return i[n].isBlobSchema()?t[n]=e:t[n]=this.read(i[n],e),t}const s=(this.serdeContext?.utf8Encoder??mn.P)(e),o=this.parseXml(s);return this.readSchema(t,n?o[n]:o)}readSchema(t,e){const n=te.l.of(t);if(n.isUnitSchema())return;const r=n.getMergedTraits();if(n.isListSchema()&&!Array.isArray(e))return this.readSchema(n,[e]);if(null==e)return e;if("object"==typeof e){const t=!!r.sparse,i=!!r.xmlFlattened;if(n.isListSchema()){const r=n.getValueSchema(),s=[],o=r.getMergedTraits().xmlName??"member",a=i?e:(e[0]??e)[o],l=Array.isArray(a)?a:[a];for(const e of l)(null!=e||t)&&s.push(this.readSchema(r,e));return s}const s={};if(n.isMapSchema()){const r=n.getKeySchema(),o=n.getValueSchema();let a;a=i?Array.isArray(e)?e:[e]:Array.isArray(e.entry)?e.entry:[e.entry];const l=r.getMergedTraits().xmlName??"key",c=o.getMergedTraits().xmlName??"value";for(const e of a){const n=e[l],r=e[c];(null!=r||t)&&(s[n]=this.readSchema(o,r))}return s}if(n.isStructSchema()){const t=n.isUnionSchema();let r;t&&(r=new xn.F(e,s));for(const[i,o]of n.structIterator()){const n=o.getMergedTraits(),a=n.httpPayload?n.xmlName??o.getName():o.getMemberTraits().xmlName??i;t&&r.mark(a),null!=e[a]&&(s[i]=this.readSchema(o,e[a]))}return t&&r.writeUnknown(),s}if(n.isDocumentSchema())return e;throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${n.getName(!0)}`)}return n.isListSchema()?[]:n.isMapSchema()||n.isStructSchema()?{}:this.stringDeserializer.read(n,e)}parseXml(t){if(t.length){let n;try{e=t,n=dn.parse(e,!0)}catch(e){throw e&&"object"==typeof e&&Object.defineProperty(e,"$responseBodyText",{value:t}),e}const r="#text",i=Object.keys(n)[0],s=n[i];return s[r]&&(s[i]=s[r],delete s[r]),gn(s)}var e;return{}}}var En=n(26144),bn=n(30259),wn=n(34708),Sn=n(70764),vn=n(10015),Nn=n(39181);class Tn extends fn.B{settings;buffer;constructor(t){super(),this.settings=t}write(t,e,n=""){void 0===this.buffer&&(this.buffer="");const r=te.l.of(t);if(n&&!n.endsWith(".")&&(n+="."),r.isBlobSchema())("string"==typeof e||e instanceof Uint8Array)&&(this.writeKey(n),this.writeValue((this.serdeContext?.base64Encoder??Nn.n)(e)));else if(r.isBooleanSchema()||r.isNumericSchema()||r.isStringSchema())null!=e?(this.writeKey(n),this.writeValue(String(e))):r.isIdempotencyToken()&&(this.writeKey(n),this.writeValue((0,wn.v4)()));else if(r.isBigIntegerSchema())null!=e&&(this.writeKey(n),this.writeValue(String(e)));else if(r.isBigDecimalSchema())null!=e&&(this.writeKey(n),this.writeValue(e instanceof Sn.D?e.string:String(e)));else if(r.isTimestampSchema()){if(e instanceof Date)switch(this.writeKey(n),(0,En.V)(r,this.settings)){case 5:this.writeValue(e.toISOString().replace(".000Z","Z"));break;case 6:this.writeValue((0,vn.JV)(e));break;case 7:this.writeValue(String(e.getTime()/1e3))}}else if(r.isDocumentSchema())Array.isArray(e)?this.write(79,e,n):e instanceof Date?this.write(4,e,n):e instanceof Uint8Array?this.write(21,e,n):e&&"object"==typeof e?this.write(143,e,n):(this.writeKey(n),this.writeValue(String(e)));else if(r.isListSchema()){if(Array.isArray(e))if(0===e.length)this.settings.serializeEmptyLists&&(this.writeKey(n),this.writeValue(""));else{const t=r.getValueSchema(),i=this.settings.flattenLists||r.getMergedTraits().xmlFlattened;let s=1;for(const r of e){if(null==r)continue;const e=t.getMergedTraits(),o=this.getKey("member",e.xmlName,e.ec2QueryName),a=i?`${n}${s}`:`${n}${o}.${s}`;this.write(t,r,a),++s}}}else if(r.isMapSchema()){if(e&&"object"==typeof e){const t=r.getKeySchema(),i=r.getValueSchema(),s=r.getMergedTraits().xmlFlattened;let o=1;for(const[r,a]of Object.entries(e)){if(null==a)continue;const e=t.getMergedTraits(),l=this.getKey("key",e.xmlName,e.ec2QueryName),c=s?`${n}${o}.${l}`:`${n}entry.${o}.${l}`,u=i.getMergedTraits(),h=this.getKey("value",u.xmlName,u.ec2QueryName),d=s?`${n}${o}.${h}`:`${n}entry.${o}.${h}`;this.write(t,r,c),this.write(i,a,d),++o}}}else if(r.isStructSchema()){if(e&&"object"==typeof e){let t=!1;for(const[i,s]of r.structIterator()){if(null==e[i]&&!s.isIdempotencyToken())continue;const r=s.getMergedTraits(),o=`${n}${this.getKey(i,r.xmlName,r.ec2QueryName,"struct")}`;this.write(s,e[i],o),t=!0}if(!t&&r.isUnionSchema()){const{$unknown:t}=e;if(Array.isArray(t)){const[e,r]=t,i=`${n}${e}`;this.write(15,r,i)}}}}else if(!r.isUnitSchema())throw new Error(`@aws-sdk/core/protocols - QuerySerializer unrecognized schema type ${r.getName(!0)}`)}flush(){if(void 0===this.buffer)throw new Error("@aws-sdk/core/protocols - QuerySerializer cannot flush with nothing written to buffer.");const t=this.buffer;return delete this.buffer,t}getKey(t,e,n,r){const{ec2:i,capitalizeKeys:s}=this.settings;if(i&&n)return n;const o=e??t;return s&&"struct"===r?o[0].toUpperCase()+o.slice(1):o}writeKey(t){t.endsWith(".")&&(t=t.slice(0,t.length-1)),this.buffer+=`&${(0,bn.$)(t)}=`}writeValue(t){this.buffer+=(0,bn.$)(t)}}class In extends Ht.M{options;serializer;deserializer;mixin=new ee.U;constructor(t){super({defaultNamespace:t.defaultNamespace}),this.options=t;const e={timestampFormat:{useTrait:!0,default:5},httpBindings:!1,xmlNamespace:t.xmlNamespace,serviceNamespace:t.defaultNamespace,serializeEmptyLists:!0};this.serializer=new Tn(e),this.deserializer=new yn(e)}getShapeId(){return"aws.protocols#awsQuery"}setSerdeContext(t){this.serializer.setSerdeContext(t),this.deserializer.setSerdeContext(t)}getPayloadCodec(){throw new Error("AWSQuery protocol has no payload codec.")}async serializeRequest(t,e,n){const r=await super.serializeRequest(t,e,n);r.path.endsWith("/")||(r.path+="/"),Object.assign(r.headers,{"content-type":"application/x-www-form-urlencoded"}),"unit"!==(0,Jt.L)(t.input)&&r.body||(r.body="");const i=t.name.split("#")[1]??t.name;return r.body=`Action=${i}&Version=${this.options.version}`+r.body,r.body.endsWith("&")&&(r.body=r.body.slice(-1)),r}async deserializeResponse(t,e,n){const r=this.deserializer,i=te.l.of(t.output),s={};if(n.statusCode>=300){const i=await(0,Xt.P)(n.body,e);i.byteLength>0&&Object.assign(s,await r.read(15,i)),await this.handleError(t,e,n,s,this.deserializeMetadata(n))}for(const t in n.headers){const e=n.headers[t];delete n.headers[t],n.headers[t.toLowerCase()]=e}const o=t.name.split("#")[1]??t.name,a=i.isStructSchema()&&this.useNestedResult()?o+"Result":void 0,l=await(0,Xt.P)(n.body,e);return l.byteLength>0&&Object.assign(s,await r.read(i,l,a)),{$metadata:this.deserializeMetadata(n),...s}}useNestedResult(){return!0}async handleError(t,e,n,r,i){const s=this.loadQueryErrorCode(n,r)??"Unknown",o=this.loadQueryError(r),a=this.loadQueryErrorMessage(r);o.message=a,o.Error={Type:o.Type,Code:o.Code,Message:a};const{errorSchema:l,errorMetadata:c}=await this.mixin.getErrorSchemaOrThrowBaseException(s,this.options.defaultNamespace,n,o,i,this.mixin.findQueryCompatibleError),h=te.l.of(l),d=new(u.O.for(l[1]).getErrorCtor(l)??Error)(a),p={Type:o.Error.Type,Code:o.Error.Code,Error:o.Error};for(const[t,e]of h.structIterator()){const n=e.getMergedTraits().xmlName??t,i=o[n]??r[n];p[t]=this.deserializer.readSchema(e,i)}throw this.mixin.decorateServiceException(Object.assign(d,c,{$fault:h.getMergedTraits().error,message:a},p),r)}loadQueryErrorCode(t,e){const n=(e.Errors?.[0]?.Error??e.Errors?.Error??e.Error)?.Code;return void 0!==n?n:404==t.statusCode?"NotFound":void 0}loadQueryError(t){return t.Errors?.[0]?.Error??t.Errors?.Error??t.Error}loadQueryErrorMessage(t){const e=this.loadQueryError(t);return e?.message??e?.Message??t.message??t.Message??"Unknown"}getDefaultContentType(){return"application/x-www-form-urlencoded"}}var Pn=n(3761),Cn=n(67933),An=n(12544),$n=n(40935),Dn=n(2456),kn=n(48105),On=n(1034),Rn=n(7856);const Mn="required",_n="type",Vn="fn",jn="argv",Fn="ref",Un=!1,Ln=!0,zn="booleanEquals",Wn="stringEquals",Kn="sigv4",Bn="us-east-1",Gn="endpoint",qn="https://sts.{Region}.{PartitionResult#dnsSuffix}",Yn="tree",Qn="error",Zn="getAttr",Hn={[Mn]:!1,[_n]:"string"},Xn={[Mn]:!0,default:!1,[_n]:"boolean"},Jn={[Fn]:"Endpoint"},tr={[Vn]:"isSet",[jn]:[{[Fn]:"Region"}]},er={[Fn]:"Region"},nr={[Vn]:"aws.partition",[jn]:[er],assign:"PartitionResult"},rr={[Fn]:"UseFIPS"},ir={[Fn]:"UseDualStack"},sr={url:"https://sts.amazonaws.com",properties:{authSchemes:[{name:Kn,signingName:"sts",signingRegion:Bn}]},headers:{}},or={},ar={conditions:[{[Vn]:Wn,[jn]:[er,"aws-global"]}],[Gn]:sr,[_n]:Gn},lr={[Vn]:zn,[jn]:[rr,!0]},cr={[Vn]:zn,[jn]:[ir,!0]},ur={[Vn]:Zn,[jn]:[{[Fn]:"PartitionResult"},"supportsFIPS"]},hr={[Fn]:"PartitionResult"},dr={[Vn]:zn,[jn]:[!0,{[Vn]:Zn,[jn]:[hr,"supportsDualStack"]}]},pr=[{[Vn]:"isSet",[jn]:[Jn]}],gr=[lr],mr=[cr],fr={version:"1.0",parameters:{Region:Hn,UseDualStack:Xn,UseFIPS:Xn,Endpoint:Hn,UseGlobalEndpoint:Xn},rules:[{conditions:[{[Vn]:zn,[jn]:[{[Fn]:"UseGlobalEndpoint"},Ln]},{[Vn]:"not",[jn]:pr},tr,nr,{[Vn]:zn,[jn]:[rr,Un]},{[Vn]:zn,[jn]:[ir,Un]}],rules:[{conditions:[{[Vn]:Wn,[jn]:[er,"ap-northeast-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"ap-south-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"ap-southeast-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"ap-southeast-2"]}],endpoint:sr,[_n]:Gn},ar,{conditions:[{[Vn]:Wn,[jn]:[er,"ca-central-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-central-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-north-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-west-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-west-2"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-west-3"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"sa-east-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,Bn]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"us-east-2"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"us-west-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"us-west-2"]}],endpoint:sr,[_n]:Gn},{endpoint:{url:qn,properties:{authSchemes:[{name:Kn,signingName:"sts",signingRegion:"{Region}"}]},headers:or},[_n]:Gn}],[_n]:Yn},{conditions:pr,rules:[{conditions:gr,error:"Invalid Configuration: FIPS and custom endpoint are not supported",[_n]:Qn},{conditions:mr,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",[_n]:Qn},{endpoint:{url:Jn,properties:or,headers:or},[_n]:Gn}],[_n]:Yn},{conditions:[tr],rules:[{conditions:[nr],rules:[{conditions:[lr,cr],rules:[{conditions:[{[Vn]:zn,[jn]:[Ln,ur]},dr],rules:[{endpoint:{url:"https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:or,headers:or},[_n]:Gn}],[_n]:Yn},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",[_n]:Qn}],[_n]:Yn},{conditions:gr,rules:[{conditions:[{[Vn]:zn,[jn]:[ur,Ln]}],rules:[{conditions:[{[Vn]:Wn,[jn]:[{[Vn]:Zn,[jn]:[hr,"name"]},"aws-us-gov"]}],endpoint:{url:"https://sts.{Region}.amazonaws.com",properties:or,headers:or},[_n]:Gn},{endpoint:{url:"https://sts-fips.{Region}.{PartitionResult#dnsSuffix}",properties:or,headers:or},[_n]:Gn}],[_n]:Yn},{error:"FIPS is enabled but this partition does not support FIPS",[_n]:Qn}],[_n]:Yn},{conditions:mr,rules:[{conditions:[dr],rules:[{endpoint:{url:"https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:or,headers:or},[_n]:Gn}],[_n]:Yn},{error:"DualStack is enabled but this partition does not support DualStack",[_n]:Qn}],[_n]:Yn},ar,{endpoint:{url:qn,properties:or,headers:or},[_n]:Gn}],[_n]:Yn}],[_n]:Yn},{error:"Invalid Configuration: Missing Region",[_n]:Qn}]},xr=new kn.k({size:50,params:["Endpoint","Region","UseDualStack","UseFIPS","UseGlobalEndpoint"]}),yr=(t,e={})=>xr.get(t,()=>(0,On.s)(fr,{endpointParams:t,logger:e.logger}));Rn.m.aws=Dn.UF;var Er=n(93673),br=n(78646),wr=n(18081);class Sr extends Ct.K{config;constructor(...[t]){const e=(t=>{(0,Gt.I)(process.version);const e=(0,Qt.I)(t),n=()=>e().then(qt.l),r=(t=>({apiVersion:"2011-06-15",base64Decoder:t?.base64Decoder??An.E,base64Encoder:t?.base64Encoder??Nn.n,disableHostPrefix:t?.disableHostPrefix??!1,endpointProvider:t?.endpointProvider??yr,extensions:t?.extensions??[],httpAuthSchemeProvider:t?.httpAuthSchemeProvider??Ot,httpAuthSchemes:t?.httpAuthSchemes??[{schemeId:"aws.auth#sigv4",identityProvider:t=>t.getIdentityProvider("aws.auth#sigv4"),signer:new Vt.f2},{schemeId:"smithy.api#noAuth",identityProvider:t=>t.getIdentityProvider("smithy.api#noAuth")||(async()=>({})),signer:new zt.m}],logger:t?.logger??new Pn.N,protocol:t?.protocol??In,protocolSettings:t?.protocolSettings??{defaultNamespace:"com.amazonaws.sts",errorTypeRegistries:G,xmlNamespace:"https://sts.amazonaws.com/doc/2011-06-15/",version:"2011-06-15",serviceTarget:"AWSSecurityTokenServiceV20110615"},serviceId:t?.serviceId??"STS",urlParser:t?.urlParser??Cn.D,utf8Decoder:t?.utf8Decoder??$n.a,utf8Encoder:t?.utf8Encoder??mn.P}))(t);(0,Mt.I)(process.version);const o={profile:t?.profile,logger:r.logger};return{...r,...t,runtime:"node",defaultsMode:e,authSchemePreference:t?.authSchemePreference??(0,s.Z)(_t.$,o),bodyLengthChecker:t?.bodyLengthChecker??Yt.n,defaultUserAgentProvider:t?.defaultUserAgentProvider??(0,jt.pf)({serviceId:r.serviceId,clientVersion:Rt.rE}),httpAuthSchemes:t?.httpAuthSchemes??[{schemeId:"aws.auth#sigv4",identityProvider:e=>e.getIdentityProvider("aws.auth#sigv4")||(async e=>await t.credentialDefaultProvider(e?.__config||{})()),signer:new Vt.f2},{schemeId:"smithy.api#noAuth",identityProvider:t=>t.getIdentityProvider("smithy.api#noAuth")||(async()=>({})),signer:new zt.m}],maxAttempts:t?.maxAttempts??(0,s.Z)(It.qs,t),region:t?.region??(0,s.Z)(i.GG,{...i.zH,...o}),requestHandler:Kt.$.create(t?.requestHandler??n),retryMode:t?.retryMode??(0,s.Z)({...It.kN,default:async()=>(await n()).retryMode||Zt.L0},t),sha256:t?.sha256??Wt.V.bind(null,"sha256"),streamCollector:t?.streamCollector??Bt.k,useDualstackEndpoint:t?.useDualstackEndpoint??(0,s.Z)(Ut.e$,o),useFipsEndpoint:t?.useFipsEndpoint??(0,s.Z)(Lt.Ko,o),userAgentAppId:t?.userAgentAppId??(0,s.Z)(Ft.hV,o)}})(t||{});super(e),this.initConfig=e;const n=(r=e,Object.assign(r,{useDualstackEndpoint:r.useDualstackEndpoint??!1,useFipsEndpoint:r.useFipsEndpoint??!1,useGlobalEndpoint:r.useGlobalEndpoint??!1,defaultSigningName:"sts"}));var r;const o=(0,xt.D)(n),a=(0,It.$z)(o),l=(0,Et.T)(a),c=(0,gt.OV)(l),u=((t,e)=>{const n=Object.assign((0,Er.R)(t),(0,wr.xA)(t),(0,br.e)(t),(t=>{const e=t.httpAuthSchemes;let n=t.httpAuthSchemeProvider,r=t.credentials;return{setHttpAuthScheme(t){const n=e.findIndex(e=>e.schemeId===t.schemeId);-1===n?e.push(t):e.splice(n,1,t)},httpAuthSchemes:()=>e,setHttpAuthSchemeProvider(t){n=t},httpAuthSchemeProvider:()=>n,setCredentials(t){r=t},credentials:()=>r}})(t));return e.forEach(t=>t.configure(n)),Object.assign(t,(0,Er.$)(n),(0,wr.uv)(n),(0,br.j)(n),{httpAuthSchemes:(r=n).httpAuthSchemes(),httpAuthSchemeProvider:r.httpAuthSchemeProvider(),credentials:r.credentials()});var r})((t=>{const e=(n=t,Object.assign(n,{stsClientCtor:Sr}));var n;const r=(0,At.h)(e);return Object.assign(r,{authSchemePreference:(0,Dt.t)(t.authSchemePreference??[])})})((0,Tt.C)(c)),t?.extensions||[]);this.config=u,this.middlewareStack.use((0,vt.wq)(this.config)),this.middlewareStack.use((0,yt.sM)(this.config)),this.middlewareStack.use((0,Pt.ey)(this.config)),this.middlewareStack.use((0,Nt.vK)(this.config)),this.middlewareStack.use((0,gt.TC)(this.config)),this.middlewareStack.use((0,mt.Y7)(this.config)),this.middlewareStack.use((0,ft.n)(this.config)),this.middlewareStack.use((0,bt.w)(this.config,{httpAuthSchemeParametersProvider:kt,identityProviderConfigProvider:async t=>new wt.h({"aws.auth#sigv4":t.credentials})})),this.middlewareStack.use((0,St.l)(this.config))}destroy(){super.destroy()}}const vr=(t,e)=>e?class extends t{constructor(t){super(t);for(const t of e)this.middlewareStack.use(t)}}:t,Nr=(t={},e)=>((t,e)=>{let n,i;return async(s,o)=>{if(i=s,!n){const{logger:r=t?.parentClientConfig?.logger,profile:s=t?.parentClientConfig?.profile,region:o,requestHandler:a=t?.parentClientConfig?.requestHandler,credentialProviderLogger:l,userAgentAppId:c=t?.parentClientConfig?.userAgentAppId}=t,u=await dt(o,t?.parentClientConfig?.region,l,{logger:r,profile:s}),h=!pt(a);n=new e({...t,userAgentAppId:c,profile:s,credentialDefaultProvider:()=>async()=>i,region:u,requestHandler:h?a:void 0,logger:r})}const{Credentials:a,AssumedRoleUser:l}=await n.send(new ct(o));if(!a||!a.AccessKeyId||!a.SecretAccessKey)throw new Error(`Invalid response from STS.assumeRole call with role ${o.RoleArn}`);const c=ht(l),u={accessKeyId:a.AccessKeyId,secretAccessKey:a.SecretAccessKey,sessionToken:a.SessionToken,expiration:a.Expiration,...a.CredentialScope&&{credentialScope:a.CredentialScope},...c&&{accountId:c}};return(0,r.g)(u,"CREDENTIALS_STS_ASSUME_ROLE","i"),u}})(t,vr(Sr,e)),Tr=(t={},e)=>((t,e)=>{let n;return async i=>{if(!n){const{logger:r=t?.parentClientConfig?.logger,profile:i=t?.parentClientConfig?.profile,region:s,requestHandler:o=t?.parentClientConfig?.requestHandler,credentialProviderLogger:a,userAgentAppId:l=t?.parentClientConfig?.userAgentAppId}=t,c=await dt(s,t?.parentClientConfig?.region,a,{logger:r,profile:i}),u=!pt(o);n=new e({...t,userAgentAppId:l,profile:i,region:c,requestHandler:u?o:void 0,logger:r})}const{Credentials:s,AssumedRoleUser:o}=await n.send(new ut(i));if(!s||!s.AccessKeyId||!s.SecretAccessKey)throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${i.RoleArn}`);const a=ht(o),l={accessKeyId:s.AccessKeyId,secretAccessKey:s.SecretAccessKey,sessionToken:s.SessionToken,expiration:s.Expiration,...s.CredentialScope&&{credentialScope:s.CredentialScope},...a&&{accountId:a}};return a&&(0,r.g)(l,"RESOLVED_ACCOUNT_ID","T"),(0,r.g)(l,"CREDENTIALS_STS_ASSUME_ROLE_WEB_ID","k"),l}})(t,vr(Sr,e))},14433:(t,e,n)=>{n.d(e,{m:()=>r});class r{async sign(t,e,n){return t}}},30259:(t,e,n)=>{function r(t){return encodeURIComponent(t).replace(/[!'()*]/g,function(t){return"%"+t.charCodeAt(0).toString(16).toUpperCase()})}n.d(e,{$:()=>r})},69700:(t,e,n)=>{n.d(e,{G:()=>r});const r=t=>{const e=t.length,n=[];let r,i=!1,s=0;for(let o=0;o<e;++o){const e=t[o];switch(e){case'"':"\\"!==r&&(i=!i);break;case",":i||(n.push(t.slice(s,o)),s=o+1)}r=e}return n.push(t.slice(s)),n.map(t=>{const e=(t=t.trim()).length;return e<2?t:('"'===t[0]&&'"'===t[e-1]&&(t=t.slice(1,e-1)),t.replace(/\\"/g,'"'))})}}};
|
|
@@ -1,99 +0,0 @@
|
|
|
1
|
-
import type { Request, Response, NextFunction } from "express";
|
|
2
|
-
import type { ProofMeta, DetachedProof } from "@kya-os/contracts/proof";
|
|
3
|
-
import type { Receipt } from "@kya-os/contracts/registry";
|
|
4
|
-
import { type StructuredError } from "@kya-os/contracts/verifier";
|
|
5
|
-
import { type CryptoProvider } from "@kya-os/mcp-i-core";
|
|
6
|
-
/**
|
|
7
|
-
* Verifier middleware for proof and receipt validation
|
|
8
|
-
*/
|
|
9
|
-
export interface VerifierConfig {
|
|
10
|
-
/**
|
|
11
|
-
* Enable receipt verification
|
|
12
|
-
*/
|
|
13
|
-
receiptVerification?: boolean;
|
|
14
|
-
/**
|
|
15
|
-
* Enable delegation checking
|
|
16
|
-
*/
|
|
17
|
-
delegationChecking?: boolean;
|
|
18
|
-
/**
|
|
19
|
-
* KTA base URL
|
|
20
|
-
*/
|
|
21
|
-
ktaBaseUrl?: string;
|
|
22
|
-
/**
|
|
23
|
-
* Policy toggle for receipt checking
|
|
24
|
-
*/
|
|
25
|
-
receiptPolicy?: "required" | "optional" | "disabled";
|
|
26
|
-
/**
|
|
27
|
-
* Allow mock data for testing
|
|
28
|
-
*/
|
|
29
|
-
allowMockData?: boolean;
|
|
30
|
-
/**
|
|
31
|
-
* Optional CryptoProvider for signature verification
|
|
32
|
-
* If provided, enables full JWS signature verification when DetachedProof is available
|
|
33
|
-
*/
|
|
34
|
-
cryptoProvider?: CryptoProvider;
|
|
35
|
-
}
|
|
36
|
-
export interface LocalVerifierResult {
|
|
37
|
-
success: boolean;
|
|
38
|
-
headers?: Record<string, string>;
|
|
39
|
-
error?: StructuredError;
|
|
40
|
-
}
|
|
41
|
-
export interface VerifierContext {
|
|
42
|
-
proof: ProofMeta;
|
|
43
|
-
receipt?: Receipt;
|
|
44
|
-
delegationRef?: string;
|
|
45
|
-
/**
|
|
46
|
-
* Optional full DetachedProof with JWS for signature verification
|
|
47
|
-
* If provided, enables full cryptographic signature verification
|
|
48
|
-
*/
|
|
49
|
-
detachedProof?: DetachedProof;
|
|
50
|
-
}
|
|
51
|
-
/**
|
|
52
|
-
* Core verifier implementation
|
|
53
|
-
*/
|
|
54
|
-
export declare class CoreVerifier {
|
|
55
|
-
private config;
|
|
56
|
-
private receiptVerifier;
|
|
57
|
-
private delegationManager;
|
|
58
|
-
private cryptoService?;
|
|
59
|
-
constructor(config?: VerifierConfig);
|
|
60
|
-
/**
|
|
61
|
-
* Verify proof with optional receipt checking
|
|
62
|
-
*/
|
|
63
|
-
verify(context: VerifierContext): Promise<LocalVerifierResult>;
|
|
64
|
-
/**
|
|
65
|
-
* Verify proof signature
|
|
66
|
-
*
|
|
67
|
-
* Note: Full signature verification requires DetachedProof with JWS.
|
|
68
|
-
* If only ProofMeta is available, performs structure validation only.
|
|
69
|
-
* To enable full verification, provide detachedProof in VerifierContext.
|
|
70
|
-
*/
|
|
71
|
-
private verifySignature;
|
|
72
|
-
/**
|
|
73
|
-
* Fetch public key from DID document
|
|
74
|
-
*
|
|
75
|
-
* Note: This is a simplified implementation. Production code should use
|
|
76
|
-
* a proper DID resolver that supports multiple DID methods (did:key, did:web, etc.)
|
|
77
|
-
*/
|
|
78
|
-
private fetchPublicKeyFromDID;
|
|
79
|
-
/**
|
|
80
|
-
* Verify delegation status
|
|
81
|
-
*/
|
|
82
|
-
private verifyDelegation;
|
|
83
|
-
/**
|
|
84
|
-
* Check if receipt verification should be performed
|
|
85
|
-
*/
|
|
86
|
-
private shouldVerifyReceipt;
|
|
87
|
-
/**
|
|
88
|
-
* Generate trusted headers for successful verification
|
|
89
|
-
*/
|
|
90
|
-
private generateHeaders;
|
|
91
|
-
}
|
|
92
|
-
/**
|
|
93
|
-
* Cloudflare Worker verifier
|
|
94
|
-
*/
|
|
95
|
-
export declare function verifyWorker(request: Request, config?: VerifierConfig): Promise<LocalVerifierResult>;
|
|
96
|
-
/**
|
|
97
|
-
* Express verifier middleware
|
|
98
|
-
*/
|
|
99
|
-
export declare function verifyExpress(config?: VerifierConfig): (req: Request, res: Response, next: NextFunction) => Promise<Response<any, Record<string, any>> | undefined>;
|