@kya-os/mcp-i 1.10.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/dist/317.js +1 -0
  2. package/dist/354.js +1 -1
  3. package/dist/839.js +1 -0
  4. package/dist/95.js +1 -1
  5. package/dist/cli-adapter/index.js +1 -1
  6. package/dist/runtime/102.js +1 -0
  7. package/dist/runtime/adapter-express.js +3 -3
  8. package/dist/runtime/adapter-nextjs.js +5 -5
  9. package/dist/runtime/audit.d.ts +1 -1
  10. package/dist/runtime/debug.d.ts +1 -1
  11. package/dist/runtime/debug.js +3 -2
  12. package/dist/runtime/delegation-hooks.d.ts +1 -1
  13. package/dist/runtime/http.js +3 -3
  14. package/dist/runtime/identity.d.ts +4 -4
  15. package/dist/runtime/identity.js +4 -4
  16. package/dist/runtime/index.d.ts +6 -2
  17. package/dist/runtime/index.js +10 -2
  18. package/dist/runtime/mcpi-runtime.d.ts +9 -1
  19. package/dist/runtime/mcpi-runtime.js +20 -3
  20. package/dist/runtime/outbound-delegation.d.ts +5 -3
  21. package/dist/runtime/outbound-delegation.js +14 -8
  22. package/dist/runtime/outbound-identity-bridge.d.ts +40 -0
  23. package/dist/runtime/outbound-identity-bridge.js +114 -0
  24. package/dist/runtime/proof-batch-queue.d.ts +1 -1
  25. package/dist/runtime/request-context.d.ts +10 -0
  26. package/dist/runtime/request-context.js +4 -0
  27. package/dist/runtime/resume-token-store-kv.d.ts +44 -0
  28. package/dist/runtime/resume-token-store-kv.js +93 -0
  29. package/dist/runtime/resume-token-store.d.ts +30 -0
  30. package/dist/runtime/resume-token-store.js +46 -0
  31. package/dist/runtime/session.js +6 -0
  32. package/dist/runtime/stdio.js +3 -3
  33. package/dist/runtime/utils/tools.d.ts +1 -1
  34. package/dist/runtime/utils/tools.js +29 -7
  35. package/dist/runtime/well-known.d.ts +12 -1
  36. package/dist/runtime/well-known.js +13 -2
  37. package/package.json +4 -2
  38. package/dist/225.js +0 -1
  39. package/dist/runtime/verifier-middleware.d.ts +0 -99
  40. package/dist/runtime/verifier-middleware.js +0 -416
@@ -2,7 +2,7 @@ import { Server as McpServer } from "@modelcontextprotocol/sdk/server/index.js";
2
2
  import { ZodTypeAny } from "zod";
3
3
  import { ToolFile } from "./server";
4
4
  import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
5
- import { DetachedProof } from "@kya-os/contracts/proof";
5
+ import type { DetachedProof } from "@kya-os/mcp/types" with { "resolution-mode": "import" };
6
6
  import { type ClientMessagesConfig } from "@kya-os/mcp-i-core";
7
7
  export type ZodRawShape = {
8
8
  [k: string]: ZodTypeAny;
@@ -8,7 +8,9 @@ const tool_protection_registry_1 = require("../tool-protection-registry");
8
8
  const auth_handshake_1 = require("../auth-handshake");
9
9
  const session_1 = require("../session");
10
10
  const request_context_1 = require("../request-context");
11
+ const outbound_identity_bridge_1 = require("../outbound-identity-bridge");
11
12
  const mcp_i_core_1 = require("@kya-os/mcp-i-core");
13
+ // C2/C3: @kya-os/mcp-i is CJS; @kya-os/mcp is ESM-only (TS1479 blocks static import).
12
14
  const proof_batch_queue_1 = require("../proof-batch-queue");
13
15
  const mcp_i_core_2 = require("@kya-os/mcp-i-core");
14
16
  /**
@@ -18,13 +20,13 @@ const mcp_i_core_2 = require("@kya-os/mcp-i-core");
18
20
  */
19
21
  function formatAuthInfo(auth) {
20
22
  let result = auth.type;
21
- if ('provider' in auth && auth.provider) {
23
+ if ("provider" in auth && auth.provider) {
22
24
  result += `:${auth.provider}`;
23
25
  }
24
- if ('issuer' in auth && auth.issuer) {
26
+ if ("issuer" in auth && auth.issuer) {
25
27
  result += `:${auth.issuer}`;
26
28
  }
27
- if ('credentialType' in auth && auth.credentialType) {
29
+ if ("credentialType" in auth && auth.credentialType) {
28
30
  result += `:${auth.credentialType}`;
29
31
  }
30
32
  return result;
@@ -251,7 +253,7 @@ async function addToolsToServer(server, toolModules, identityConfig, clientMessa
251
253
  // Add internal handshake tool for MCP-I session establishment
252
254
  // This allows MCP clients to perform a handshake and receive a sessionId
253
255
  const handshakeTool = {
254
- name: "_mcpi_handshake",
256
+ name: "_kyaos_handshake",
255
257
  description: "Internal MCP-I handshake tool for session establishment. Clients should call this before protected tools.",
256
258
  inputSchema: {
257
259
  type: "object",
@@ -293,8 +295,10 @@ async function addToolsToServer(server, toolModules, identityConfig, clientMessa
293
295
  },
294
296
  };
295
297
  tools.push(handshakeTool);
296
- // Handshake tool handler
297
- toolHandlers.set("_mcpi_handshake", async (args) => {
298
+ // Handshake tool handler. Registered under the canonical `_kyaos_` name; the
299
+ // dispatch lookup normalizes a legacy `_mcpi_handshake` call to this key
300
+ // (C4 #2918 dual-accept).
301
+ toolHandlers.set("_kyaos_handshake", async (args) => {
298
302
  // Validate required fields explicitly before conversion
299
303
  const missingFields = [];
300
304
  if (!args.nonce ||
@@ -427,7 +431,16 @@ async function addToolsToServer(server, toolModules, identityConfig, clientMessa
427
431
  requestId: request._meta?.requestId,
428
432
  startTime: Date.now(),
429
433
  }, async () => {
430
- const { name, arguments: args } = request.params;
434
+ const { name: rawName, arguments: args } = request.params;
435
+ // C4 (#2918) dual-accept: normalize a legacy `_mcpi_*` internal tool
436
+ // name to its canonical `_kyaos_*` form before dispatch, and count the
437
+ // wire form for the sunset gate. Ordinary tool names pass through.
438
+ const name = (0, mcp_i_core_2.normalizeInternalToolName)(rawName);
439
+ if ((0, mcp_i_core_2.isInternalToolName)(rawName)) {
440
+ (0, mcp_i_core_2.recordWireForm)("tool_name", name === rawName ? "new" : "old", {
441
+ tool: name,
442
+ });
443
+ }
431
444
  const handler = toolHandlers.get(name);
432
445
  if (!handler) {
433
446
  return {
@@ -626,9 +639,18 @@ async function addToolsToServer(server, toolModules, identityConfig, clientMessa
626
639
  delegationId: verifyResult.delegation.id,
627
640
  delegationChain: (0, mcp_i_core_1.buildChainString)(verifyResult.delegation),
628
641
  delegationScopes: toolProtection.requiredScopes || [],
642
+ // JWS-compact DelegationCredential VC from the verified
643
+ // result — emitted on KYA-OS-Delegation-Credential when the
644
+ // verifier returned a presentable credential.
645
+ delegationCredential: verifyResult.credential?.credential_jwt,
629
646
  identity: identity ?? null,
630
647
  });
631
648
  }
649
+ // Bridge this AsyncLocalStorage context into the compute
650
+ // outbound-identity interceptor (OpenClaw sidecar path) when it is
651
+ // present in-process. Idempotent + best-effort: a no-op on
652
+ // deployments without the compute interceptor.
653
+ (0, outbound_identity_bridge_1.ensureOutboundIdentityBridge)();
632
654
  }
633
655
  try {
634
656
  // Execute the tool handler
@@ -1,8 +1,19 @@
1
1
  /**
2
- * Well-Known Endpoints for XMCP-I Runtime
2
+ * Well-Known Endpoints for the KYA-OS / MCP Runtime
3
3
  *
4
4
  * Handles /.well-known/did.json and /.well-known/agent.json endpoints
5
5
  * according to requirements 7.1, 7.2, 7.3, 7.4, 7.5.
6
+ *
7
+ * C2 (#2916) classification: **product-layer, stays product-side.** The DIF
8
+ * `@kya-os/mcp` core does not generate `.well-known` manifests, and its
9
+ * `buildDidWebDocument` is intentionally NOT adopted here: it produces a
10
+ * byte-different DID document (full `kid` rather than a `#fragment`
11
+ * verification-method id, emits both `publicKeyJwk` and `publicKeyMultibase`,
12
+ * and requires a `did:web` DID). `did.json` is a W3C-standard wire artifact
13
+ * that must stay byte-stable, so this generator is left in place and its wire
14
+ * output is frozen by `__tests__/well-known-wire-freeze.test.ts`. Any future
15
+ * relocation/rename is gated by the C4 (#2918) dual-accept window — never
16
+ * change the `.well-known/did.json` path.
6
17
  */
7
18
  import { AgentIdentity } from "./identity";
8
19
  /**
@@ -1,9 +1,20 @@
1
1
  "use strict";
2
2
  /**
3
- * Well-Known Endpoints for XMCP-I Runtime
3
+ * Well-Known Endpoints for the KYA-OS / MCP Runtime
4
4
  *
5
5
  * Handles /.well-known/did.json and /.well-known/agent.json endpoints
6
6
  * according to requirements 7.1, 7.2, 7.3, 7.4, 7.5.
7
+ *
8
+ * C2 (#2916) classification: **product-layer, stays product-side.** The DIF
9
+ * `@kya-os/mcp` core does not generate `.well-known` manifests, and its
10
+ * `buildDidWebDocument` is intentionally NOT adopted here: it produces a
11
+ * byte-different DID document (full `kid` rather than a `#fragment`
12
+ * verification-method id, emits both `publicKeyJwk` and `publicKeyMultibase`,
13
+ * and requires a `did:web` DID). `did.json` is a W3C-standard wire artifact
14
+ * that must stay byte-stable, so this generator is left in place and its wire
15
+ * output is frozen by `__tests__/well-known-wire-freeze.test.ts`. Any future
16
+ * relocation/rename is gated by the C4 (#2918) dual-accept window — never
17
+ * change the `.well-known/did.json` path.
7
18
  */
8
19
  Object.defineProperty(exports, "__esModule", { value: true });
9
20
  exports.WellKnownManager = void 0;
@@ -15,7 +26,7 @@ exports.extractDIDFromPath = extractDIDFromPath;
15
26
  // eslint-disable-next-line @typescript-eslint/no-var-requires
16
27
  const baseX = require("base-x");
17
28
  const base58 = baseX.default || baseX;
18
- const base58Encoder = base58('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
29
+ const base58Encoder = base58("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz");
19
30
  /**
20
31
  * Well-known endpoints manager
21
32
  */
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kya-os/mcp-i",
3
- "version": "1.10.0",
3
+ "version": "1.11.0",
4
4
  "description": "The TypeScript MCP framework with identity features built-in",
5
5
  "type": "commonjs",
6
6
  "main": "dist/index.js",
@@ -65,12 +65,13 @@
65
65
  "dependencies": {
66
66
  "@kya-os/contracts": "^1.8.0",
67
67
  "@kya-os/mcp-i-core": "^1.7.0",
68
+ "@kya-os/mcp-i-runtime": "^1.0.0",
68
69
  "@modelcontextprotocol/sdk": "^1.11.4",
69
70
  "@swc/core": "^1.15.11",
70
71
  "@types/express": "^5.0.6",
71
72
  "@types/webpack-node-externals": "^3.0.4",
72
73
  "@vercel/mcp-adapter": "^0.11.1",
73
- "axios": "^1.15.0",
74
+ "axios": "^1.16.1",
74
75
  "base-x": "^5.0.1",
75
76
  "chalk": "^5.2.0",
76
77
  "chokidar": "^3.6.0",
@@ -102,6 +103,7 @@
102
103
  "@modelcontextprotocol/inspector": "^0.20.0"
103
104
  },
104
105
  "devDependencies": {
106
+ "@kya-os/mcp": "^1.6.1",
105
107
  "@aws-sdk/client-dynamodb": "^3.992.0",
106
108
  "@types/content-type": "^1.1.9",
107
109
  "@types/fs-extra": "^11.0.4",
package/dist/225.js DELETED
@@ -1 +0,0 @@
1
- "use strict";exports.id=225,exports.ids=[225],exports.modules={2445:t=>{t.exports={rE:"3.993.0"}},2840:(t,e,n)=>{n.d(e,{k:()=>S});var r=n(50469),i=n(69700);const s="(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun)(?:[ne|u?r]?s?day)?",o="(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)",a="(\\d?\\d):(\\d{2}):(\\d{2})(?:\\.(\\d+))?",l="(\\d?\\d)",c="(\\d{4})",u=new RegExp(/^(\d{4})-(\d\d)-(\d\d)[tT](\d\d):(\d\d):(\d\d)(\.(\d+))?(([-+]\d\d:\d\d)|[zZ])$/),h=new RegExp(`^${s}, ${l} ${o} ${c} ${a} GMT$`),d=new RegExp(`^${s}, ${l}-${o}-(\\d\\d) ${a} GMT$`),p=new RegExp(`^${s} ${o} ( [1-9]|\\d\\d) ${a} ${c}$`),g=["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"];function m(t,e,n){const r=Number(t);if(r<e||r>n)throw new Error(`Value ${r} out of range [${e}, ${n}]`)}var f=n(84651),x=n(70764),y=n(12544),E=n(2914),b=n(63282),w=n(26144);class S extends b.f{settings;constructor(t){super(),this.settings=t}read(t,e){const n=r.l.of(t);if(n.isListSchema())return(0,i.G)(e).map(t=>this.read(n.getValueSchema(),t));if(n.isBlobSchema())return(this.serdeContext?.base64Decoder??y.E)(e);if(n.isTimestampSchema())switch((0,w.V)(n,this.settings)){case 5:return(t=>{if(null==t)return;if("string"!=typeof t)throw new TypeError("RFC3339 timestamps must be strings");const e=u.exec(t);if(!e)throw new TypeError(`Invalid RFC3339 timestamp format ${t}`);const[,n,r,i,s,o,a,,l,c]=e;m(r,1,12),m(i,1,31),m(s,0,23),m(o,0,59),m(a,0,60);const h=new Date(Date.UTC(Number(n),Number(r)-1,Number(i),Number(s),Number(o),Number(a),Number(l)?Math.round(1e3*parseFloat(`0.${l}`)):0));if(h.setUTCFullYear(Number(n)),"Z"!=c.toUpperCase()){const[,t,e,n]=/([+-])(\d\d):(\d\d)/.exec(c)||[void 0,"+",0,0],r="-"===t?1:-1;h.setTime(h.getTime()+r*(60*Number(e)*60*1e3+60*Number(n)*1e3))}return h})(e);case 6:return(t=>{if(null==t)return;if("string"!=typeof t)throw new TypeError("RFC7231 timestamps must be strings.");let e,n,r,i,s,o,a,l;if((l=h.exec(t))?[,e,n,r,i,s,o,a]=l:(l=d.exec(t))?([,e,n,r,i,s,o,a]=l,r=(Number(r)+1900).toString()):(l=p.exec(t))&&([,n,e,i,s,o,a,r]=l),r&&o){const t=Date.UTC(Number(r),g.indexOf(n),Number(e),Number(i),Number(s),Number(o),a?Math.round(1e3*parseFloat(`0.${a}`)):0);m(e,1,31),m(i,0,23),m(s,0,59),m(o,0,60);const l=new Date(t);return l.setUTCFullYear(Number(r)),l}throw new TypeError(`Invalid RFC7231 date-time value ${t}.`)})(e);case 7:return(t=>{if(null==t)return;let e=NaN;if("number"==typeof t)e=t;else if("string"==typeof t){if(!/^-?\d*\.?\d+$/.test(t))throw new TypeError("parseEpochTimestamp - numeric string invalid.");e=Number.parseFloat(t)}else"object"==typeof t&&1===t.tag&&(e=t.value);if(isNaN(e)||Math.abs(e)===1/0)throw new TypeError("Epoch timestamps must be valid finite numbers.");return new Date(Math.round(1e3*e))})(e);default:return console.warn("Missing timestamp format, parsing value with Date constructor:",e),new Date(e)}if(n.isStringSchema()){const t=n.getMergedTraits().mediaType;let r=e;if(t)return n.getMergedTraits().httpHeader&&(r=this.base64ToUtf8(r)),("application/json"===t||t.endsWith("+json"))&&(r=f.A.from(r)),r}return n.isNumericSchema()?Number(e):n.isBigIntegerSchema()?BigInt(e):n.isBigDecimalSchema()?new x.D(e,"bigDecimal"):n.isBooleanSchema()?"true"===String(e).toLowerCase():e}base64ToUtf8(t){return(this.serdeContext?.utf8Encoder??E.P)((this.serdeContext?.base64Decoder??y.E)(t))}}},3606:(t,e,n)=>{n.d(e,{getDefaultRoleAssumer:()=>Nr,getDefaultRoleAssumerWithWebIdentity:()=>Tr});var r=n(53347),i=n(96901),s=n(7387);const o=!1;var a=n(66686),l=n(22869);const c={UseGlobalEndpoint:{type:"builtInParams",name:"useGlobalEndpoint"},UseFIPS:{type:"builtInParams",name:"useFipsEndpoint"},Endpoint:{type:"builtInParams",name:"endpoint"},Region:{type:"builtInParams",name:"region"},UseDualStack:{type:"builtInParams",name:"useDualstackEndpoint"}};var u=n(51453),h=n(6723);class d extends h.T{constructor(t){super(t),Object.setPrototypeOf(this,d.prototype)}}class p extends d{name="ExpiredTokenException";$fault="client";constructor(t){super({name:"ExpiredTokenException",$fault:"client",...t}),Object.setPrototypeOf(this,p.prototype)}}class g extends d{name="MalformedPolicyDocumentException";$fault="client";constructor(t){super({name:"MalformedPolicyDocumentException",$fault:"client",...t}),Object.setPrototypeOf(this,g.prototype)}}class m extends d{name="PackedPolicyTooLargeException";$fault="client";constructor(t){super({name:"PackedPolicyTooLargeException",$fault:"client",...t}),Object.setPrototypeOf(this,m.prototype)}}class f extends d{name="RegionDisabledException";$fault="client";constructor(t){super({name:"RegionDisabledException",$fault:"client",...t}),Object.setPrototypeOf(this,f.prototype)}}class x extends d{name="IDPRejectedClaimException";$fault="client";constructor(t){super({name:"IDPRejectedClaimException",$fault:"client",...t}),Object.setPrototypeOf(this,x.prototype)}}class y extends d{name="InvalidIdentityTokenException";$fault="client";constructor(t){super({name:"InvalidIdentityTokenException",$fault:"client",...t}),Object.setPrototypeOf(this,y.prototype)}}class E extends d{name="IDPCommunicationErrorException";$fault="client";constructor(t){super({name:"IDPCommunicationErrorException",$fault:"client",...t}),Object.setPrototypeOf(this,E.prototype)}}const b="AssumedRoleUser",w="Credentials",S="DurationSeconds",v="Policy",N="PolicyArns",T="PackedPolicySize",I="RoleArn",P="RoleSessionName",C="SourceIdentity",A="awsQueryError",$="client",D="error",k="httpError",O="message",R="smithy.ts.sdk.synthetic.com.amazonaws.sts",M="com.amazonaws.sts",_=u.O.for(R);var V=[-3,R,"STSServiceException",0,[],[]];_.registerError(V,d);const j=u.O.for(M);var F=[-3,M,"ExpiredTokenException",{[A]:["ExpiredTokenException",400],[D]:$,[k]:400},[O],[0]];j.registerError(F,p);var U=[-3,M,"IDPCommunicationErrorException",{[A]:["IDPCommunicationError",400],[D]:$,[k]:400},[O],[0]];j.registerError(U,E);var L=[-3,M,"IDPRejectedClaimException",{[A]:["IDPRejectedClaim",403],[D]:$,[k]:403},[O],[0]];j.registerError(L,x);var z=[-3,M,"InvalidIdentityTokenException",{[A]:["InvalidIdentityToken",400],[D]:$,[k]:400},[O],[0]];j.registerError(z,y);var W=[-3,M,"MalformedPolicyDocumentException",{[A]:["MalformedPolicyDocument",400],[D]:$,[k]:400},[O],[0]];j.registerError(W,g);var K=[-3,M,"PackedPolicyTooLargeException",{[A]:["PackedPolicyTooLarge",400],[D]:$,[k]:400},[O],[0]];j.registerError(K,m);var B=[-3,M,"RegionDisabledException",{[A]:["RegionDisabledException",403],[D]:$,[k]:403},[O],[0]];j.registerError(B,f);const G=[_,j];var q=[0,M,"accessKeySecretType",8,0],Y=[0,M,"clientTokenType",8,0],Q=[3,M,b,0,["AssumedRoleId","Arn"],[0,0],2],Z=[3,M,"AssumeRoleRequest",0,[I,P,N,v,S,"Tags","TransitiveTagKeys","ExternalId","SerialNumber","TokenCode",C,"ProvidedContexts"],[0,0,()=>it,0,1,()=>ot,64,0,0,0,0,()=>st],2],H=[3,M,"AssumeRoleResponse",0,[w,b,T,C],[[()=>tt,0],()=>Q,1,0]],X=[3,M,"AssumeRoleWithWebIdentityRequest",0,[I,P,"WebIdentityToken","ProviderId",N,v,S],[0,0,[()=>Y,0],0,()=>it,0,1],3],J=[3,M,"AssumeRoleWithWebIdentityResponse",0,[w,"SubjectFromWebIdentityToken",b,T,"Provider","Audience",C],[[()=>tt,0],0,()=>Q,1,0,0,0]],tt=[3,M,w,0,["AccessKeyId","SecretAccessKey","SessionToken","Expiration"],[0,[()=>q,0],0,4],4],et=[3,M,"PolicyDescriptorType",0,["arn"],[0]],nt=[3,M,"ProvidedContext",0,["ProviderArn","ContextAssertion"],[0,0]],rt=[3,M,"Tag",0,["Key","Value"],[0,0],2],it=[1,M,"policyDescriptorListType",0,()=>et],st=[1,M,"ProvidedContextsListType",0,()=>nt],ot=[1,M,"tagListType",0,()=>rt],at=[9,M,"AssumeRole",0,()=>Z,()=>H],lt=[9,M,"AssumeRoleWithWebIdentity",0,()=>X,()=>J];class ct extends(l.u.classBuilder().ep(c).m(function(t,e,n,r){return[(0,a.r)(n,t.getEndpointParameterInstructions())]}).s("AWSSecurityTokenServiceV20110615","AssumeRole",{}).n("STSClient","AssumeRoleCommand").sc(at).build()){}class ut extends(l.u.classBuilder().ep(c).m(function(t,e,n,r){return[(0,a.r)(n,t.getEndpointParameterInstructions())]}).s("AWSSecurityTokenServiceV20110615","AssumeRoleWithWebIdentity",{}).n("STSClient","AssumeRoleWithWebIdentityCommand").sc(lt).build()){}const ht=t=>{if("string"==typeof t?.Arn){const e=t.Arn.split(":");if(e.length>4&&""!==e[4])return e[4]}},dt=async(t,e,n,r={})=>{const a="function"==typeof t?await t():t,l="function"==typeof e?await e():e;let c="";const u=a??l??(c=await function(t={}){return(0,s.Z)({...i.GG,default:async()=>(o||console.warn("@aws-sdk - WARN - default STS region of us-east-1 used. See @aws-sdk/credential-providers README and set a region explicitly."),"us-east-1")},{...i.zH,...t})}(r)());return n?.debug?.("@aws-sdk/client-sts::resolveRegion","accepting first of:",`${a} (credential provider clientConfig)`,`${l} (contextual client)`,`${c} (STS default: AWS_REGION, profile region, or us-east-1)`),u},pt=t=>"h2"===t?.metadata?.handlerProtocol;var gt=n(97040),mt=n(74534),ft=n(70775),xt=n(5572),yt=n(61019),Et=n(94615),bt=n(45326),wt=n(9575),St=n(68249),vt=n(75279),Nt=n(10860),Tt=n(39412),It=n(72084),Pt=n(10773),Ct=n(9942),At=n(23870),$t=n(45547),Dt=n(81974);const kt=async(t,e,n)=>({operation:(0,$t.u)(e).operation,region:await(0,Dt.t)(t.region)()||(()=>{throw new Error("expected `region` to be configured for `aws.auth#sigv4`")})()}),Ot=t=>{const e=[];return"AssumeRoleWithWebIdentity"===t.operation?e.push({schemeId:"smithy.api#noAuth"}):e.push(function(t){return{schemeId:"aws.auth#sigv4",signingProperties:{name:"sts",region:t.region},propertiesExtractor:(t,e)=>({signingProperties:{config:t,context:e}})}}(t)),e};var Rt=n(2445),Mt=n(17479),_t=n(96965),Vt=n(17357),jt=n(17914),Ft=n(5882),Ut=n(24661),Lt=n(46109),zt=n(14433),Wt=n(5012),Kt=n(24176),Bt=n(64327),Gt=n(34338),qt=n(57815),Yt=n(55425),Qt=n(99816),Zt=n(48828),Ht=n(63139),Xt=n(78607),Jt=n(59772),te=n(50469),ee=n(28075);const ne=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",re=new RegExp("^["+ne+"]["+ne+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040]*$");function ie(t,e){const n=[];let r=e.exec(t);for(;r;){const i=[];i.startIndex=e.lastIndex-r[0].length;const s=r.length;for(let t=0;t<s;t++)i.push(r[t]);n.push(i),r=e.exec(t)}return n}const se=function(t){return!(null==re.exec(t))},oe=["hasOwnProperty","toString","valueOf","__defineGetter__","__defineSetter__","__lookupGetter__","__lookupSetter__"],ae=["__proto__","constructor","prototype"],le=t=>oe.includes(t)?"__"+t:t,ce={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:function(t,e){return e},attributeValueProcessor:function(t,e){return e},stopNodes:[],alwaysCreateTextNode:!1,isArray:()=>!1,commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:function(t,e,n){return t},captureMetaData:!1,maxNestedTags:100,strictReservedNames:!0,jPath:!0,onDangerousProperty:le};function ue(t,e){if("string"!=typeof t)return;const n=t.toLowerCase();if(oe.some(t=>n===t.toLowerCase()))throw new Error(`[SECURITY] Invalid ${e}: "${t}" is a reserved JavaScript keyword that could cause prototype pollution`);if(ae.some(t=>n===t.toLowerCase()))throw new Error(`[SECURITY] Invalid ${e}: "${t}" is a reserved JavaScript keyword that could cause prototype pollution`)}function he(t){return"boolean"==typeof t?{enabled:t,maxEntitySize:1e4,maxExpansionDepth:10,maxTotalExpansions:1e3,maxExpandedLength:1e5,maxEntityCount:100,allowedTags:null,tagFilter:null}:"object"==typeof t&&null!==t?{enabled:!1!==t.enabled,maxEntitySize:Math.max(1,t.maxEntitySize??1e4),maxExpansionDepth:Math.max(1,t.maxExpansionDepth??10),maxTotalExpansions:Math.max(1,t.maxTotalExpansions??1e3),maxExpandedLength:Math.max(1,t.maxExpandedLength??1e5),maxEntityCount:Math.max(1,t.maxEntityCount??100),allowedTags:t.allowedTags??null,tagFilter:t.tagFilter??null}:he(!0)}const de=function(t){const e=Object.assign({},ce,t),n=[{value:e.attributeNamePrefix,name:"attributeNamePrefix"},{value:e.attributesGroupName,name:"attributesGroupName"},{value:e.textNodeName,name:"textNodeName"},{value:e.cdataPropName,name:"cdataPropName"},{value:e.commentPropName,name:"commentPropName"}];for(const{value:t,name:e}of n)t&&ue(t,e);return null===e.onDangerousProperty&&(e.onDangerousProperty=le),e.processEntities=he(e.processEntities),e.stopNodes&&Array.isArray(e.stopNodes)&&(e.stopNodes=e.stopNodes.map(t=>"string"==typeof t&&t.startsWith("*.")?".."+t.substring(2):t)),e};let pe;pe="function"!=typeof Symbol?"@@xmlMetadata":Symbol("XML Node Metadata");class ge{constructor(t){this.tagname=t,this.child=[],this[":@"]=Object.create(null)}add(t,e){"__proto__"===t&&(t="#__proto__"),this.child.push({[t]:e})}addChild(t,e){"__proto__"===t.tagname&&(t.tagname="#__proto__"),t[":@"]&&Object.keys(t[":@"]).length>0?this.child.push({[t.tagname]:t.child,":@":t[":@"]}):this.child.push({[t.tagname]:t.child}),void 0!==e&&(this.child[this.child.length-1][pe]={startIndex:e})}static getMetaDataSymbol(){return pe}}class me{constructor(t){this.suppressValidationErr=!t,this.options=t}readDocType(t,e){const n=Object.create(null);let r=0;if("O"!==t[e+3]||"C"!==t[e+4]||"T"!==t[e+5]||"Y"!==t[e+6]||"P"!==t[e+7]||"E"!==t[e+8])throw new Error("Invalid Tag instead of DOCTYPE");{e+=9;let i=1,s=!1,o=!1,a="";for(;e<t.length;e++)if("<"!==t[e]||o)if(">"===t[e]){if(o?"-"===t[e-1]&&"-"===t[e-2]&&(o=!1,i--):i--,0===i)break}else"["===t[e]?s=!0:a+=t[e];else{if(s&&xe(t,"!ENTITY",e)){let i,s;if(e+=7,[i,s,e]=this.readEntityExp(t,e+1,this.suppressValidationErr),-1===s.indexOf("&")){if(!1!==this.options.enabled&&null!=this.options.maxEntityCount&&r>=this.options.maxEntityCount)throw new Error(`Entity count (${r+1}) exceeds maximum allowed (${this.options.maxEntityCount})`);const t=i.replace(/[.*+?^${}()|[\]\\]/g,"\\$&");n[i]={regx:RegExp(`&${t};`,"g"),val:s},r++}}else if(s&&xe(t,"!ELEMENT",e)){e+=8;const{index:n}=this.readElementExp(t,e+1);e=n}else if(s&&xe(t,"!ATTLIST",e))e+=8;else if(s&&xe(t,"!NOTATION",e)){e+=9;const{index:n}=this.readNotationExp(t,e+1,this.suppressValidationErr);e=n}else{if(!xe(t,"!--",e))throw new Error("Invalid DOCTYPE");o=!0}i++,a=""}if(0!==i)throw new Error("Unclosed DOCTYPE")}return{entities:n,i:e}}readEntityExp(t,e){const n=e=fe(t,e);for(;e<t.length&&!/\s/.test(t[e])&&'"'!==t[e]&&"'"!==t[e];)e++;let r=t.substring(n,e);if(ye(r),e=fe(t,e),!this.suppressValidationErr){if("SYSTEM"===t.substring(e,e+6).toUpperCase())throw new Error("External entities are not supported");if("%"===t[e])throw new Error("Parameter entities are not supported")}let i="";if([e,i]=this.readIdentifierVal(t,e,"entity"),!1!==this.options.enabled&&null!=this.options.maxEntitySize&&i.length>this.options.maxEntitySize)throw new Error(`Entity "${r}" size (${i.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);return[r,i,--e]}readNotationExp(t,e){const n=e=fe(t,e);for(;e<t.length&&!/\s/.test(t[e]);)e++;let r=t.substring(n,e);!this.suppressValidationErr&&ye(r),e=fe(t,e);const i=t.substring(e,e+6).toUpperCase();if(!this.suppressValidationErr&&"SYSTEM"!==i&&"PUBLIC"!==i)throw new Error(`Expected SYSTEM or PUBLIC, found "${i}"`);e+=i.length,e=fe(t,e);let s=null,o=null;if("PUBLIC"===i)[e,s]=this.readIdentifierVal(t,e,"publicIdentifier"),'"'!==t[e=fe(t,e)]&&"'"!==t[e]||([e,o]=this.readIdentifierVal(t,e,"systemIdentifier"));else if("SYSTEM"===i&&([e,o]=this.readIdentifierVal(t,e,"systemIdentifier"),!this.suppressValidationErr&&!o))throw new Error("Missing mandatory system identifier for SYSTEM notation");return{notationName:r,publicIdentifier:s,systemIdentifier:o,index:--e}}readIdentifierVal(t,e,n){let r="";const i=t[e];if('"'!==i&&"'"!==i)throw new Error(`Expected quoted string, found "${i}"`);const s=++e;for(;e<t.length&&t[e]!==i;)e++;if(r=t.substring(s,e),t[e]!==i)throw new Error(`Unterminated ${n} value`);return[++e,r]}readElementExp(t,e){const n=e=fe(t,e);for(;e<t.length&&!/\s/.test(t[e]);)e++;let r=t.substring(n,e);if(!this.suppressValidationErr&&!se(r))throw new Error(`Invalid element name: "${r}"`);let i="";if("E"===t[e=fe(t,e)]&&xe(t,"MPTY",e))e+=4;else if("A"===t[e]&&xe(t,"NY",e))e+=2;else if("("===t[e]){const n=++e;for(;e<t.length&&")"!==t[e];)e++;if(i=t.substring(n,e),")"!==t[e])throw new Error("Unterminated content model")}else if(!this.suppressValidationErr)throw new Error(`Invalid Element Expression, found "${t[e]}"`);return{elementName:r,contentModel:i.trim(),index:e}}readAttlistExp(t,e){let n=e=fe(t,e);for(;e<t.length&&!/\s/.test(t[e]);)e++;let r=t.substring(n,e);for(ye(r),n=e=fe(t,e);e<t.length&&!/\s/.test(t[e]);)e++;let i=t.substring(n,e);if(!ye(i))throw new Error(`Invalid attribute name: "${i}"`);e=fe(t,e);let s="";if("NOTATION"===t.substring(e,e+8).toUpperCase()){if(s="NOTATION","("!==t[e=fe(t,e+=8)])throw new Error(`Expected '(', found "${t[e]}"`);e++;let n=[];for(;e<t.length&&")"!==t[e];){const r=e;for(;e<t.length&&"|"!==t[e]&&")"!==t[e];)e++;let i=t.substring(r,e);if(i=i.trim(),!ye(i))throw new Error(`Invalid notation name: "${i}"`);n.push(i),"|"===t[e]&&(e++,e=fe(t,e))}if(")"!==t[e])throw new Error("Unterminated list of notations");e++,s+=" ("+n.join("|")+")"}else{const n=e;for(;e<t.length&&!/\s/.test(t[e]);)e++;s+=t.substring(n,e);const r=["CDATA","ID","IDREF","IDREFS","ENTITY","ENTITIES","NMTOKEN","NMTOKENS"];if(!this.suppressValidationErr&&!r.includes(s.toUpperCase()))throw new Error(`Invalid attribute type: "${s}"`)}e=fe(t,e);let o="";return"#REQUIRED"===t.substring(e,e+8).toUpperCase()?(o="#REQUIRED",e+=8):"#IMPLIED"===t.substring(e,e+7).toUpperCase()?(o="#IMPLIED",e+=7):[e,o]=this.readIdentifierVal(t,e,"ATTLIST"),{elementName:r,attributeName:i,attributeType:s,defaultValue:o,index:e}}}const fe=(t,e)=>{for(;e<t.length&&/\s/.test(t[e]);)e++;return e};function xe(t,e,n){for(let r=0;r<e.length;r++)if(e[r]!==t[n+r+1])return!1;return!0}function ye(t){if(se(t))return t;throw new Error(`Invalid entity name ${t}`)}const Ee=/^[-+]?0x[a-fA-F0-9]+$/,be=/^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/,we={hex:!0,leadingZeros:!0,decimalPoint:".",eNotation:!0,infinity:"original"};const Se=/^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;class ve{constructor(t={}){this.separator=t.separator||".",this.path=[],this.siblingStacks=[]}push(t,e=null,n=null){this.path.length>0&&(this.path[this.path.length-1].values=void 0);const r=this.path.length;this.siblingStacks[r]||(this.siblingStacks[r]=new Map);const i=this.siblingStacks[r],s=n?`${n}:${t}`:t,o=i.get(s)||0;let a=0;for(const t of i.values())a+=t;i.set(s,o+1);const l={tag:t,position:a,counter:o};null!=n&&(l.namespace=n),null!=e&&(l.values=e),this.path.push(l)}pop(){if(0===this.path.length)return;const t=this.path.pop();return this.siblingStacks.length>this.path.length+1&&(this.siblingStacks.length=this.path.length+1),t}updateCurrent(t){if(this.path.length>0){const e=this.path[this.path.length-1];null!=t&&(e.values=t)}}getCurrentTag(){return this.path.length>0?this.path[this.path.length-1].tag:void 0}getCurrentNamespace(){return this.path.length>0?this.path[this.path.length-1].namespace:void 0}getAttrValue(t){if(0===this.path.length)return;const e=this.path[this.path.length-1];return e.values?.[t]}hasAttr(t){if(0===this.path.length)return!1;const e=this.path[this.path.length-1];return void 0!==e.values&&t in e.values}getPosition(){return 0===this.path.length?-1:this.path[this.path.length-1].position??0}getCounter(){return 0===this.path.length?-1:this.path[this.path.length-1].counter??0}getIndex(){return this.getPosition()}getDepth(){return this.path.length}toString(t,e=!0){const n=t||this.separator;return this.path.map(t=>e&&t.namespace?`${t.namespace}:${t.tag}`:t.tag).join(n)}toArray(){return this.path.map(t=>t.tag)}reset(){this.path=[],this.siblingStacks=[]}matches(t){const e=t.segments;return 0!==e.length&&(t.hasDeepWildcard()?this._matchWithDeepWildcard(e):this._matchSimple(e))}_matchSimple(t){if(this.path.length!==t.length)return!1;for(let e=0;e<t.length;e++){const n=t[e],r=this.path[e],i=e===this.path.length-1;if(!this._matchSegment(n,r,i))return!1}return!0}_matchWithDeepWildcard(t){let e=this.path.length-1,n=t.length-1;for(;n>=0&&e>=0;){const r=t[n];if("deep-wildcard"===r.type){if(n--,n<0)return!0;const r=t[n];let i=!1;for(let t=e;t>=0;t--){const s=t===this.path.length-1;if(this._matchSegment(r,this.path[t],s)){e=t-1,n--,i=!0;break}}if(!i)return!1}else{const t=e===this.path.length-1;if(!this._matchSegment(r,this.path[e],t))return!1;e--,n--}}return n<0}_matchSegment(t,e,n){if("*"!==t.tag&&t.tag!==e.tag)return!1;if(void 0!==t.namespace&&"*"!==t.namespace&&t.namespace!==e.namespace)return!1;if(void 0!==t.attrName){if(!n)return!1;if(!e.values||!(t.attrName in e.values))return!1;if(void 0!==t.attrValue){const n=e.values[t.attrName];if(String(n)!==String(t.attrValue))return!1}}if(void 0!==t.position){if(!n)return!1;const r=e.counter??0;if("first"===t.position&&0!==r)return!1;if("odd"===t.position&&r%2!=1)return!1;if("even"===t.position&&r%2!=0)return!1;if("nth"===t.position&&r!==t.positionValue)return!1}return!0}snapshot(){return{path:this.path.map(t=>({...t})),siblingStacks:this.siblingStacks.map(t=>new Map(t))}}restore(t){this.path=t.path.map(t=>({...t})),this.siblingStacks=t.siblingStacks.map(t=>new Map(t))}}class Ne{constructor(t,e={}){this.pattern=t,this.separator=e.separator||".",this.segments=this._parse(t),this._hasDeepWildcard=this.segments.some(t=>"deep-wildcard"===t.type),this._hasAttributeCondition=this.segments.some(t=>void 0!==t.attrName),this._hasPositionSelector=this.segments.some(t=>void 0!==t.position)}_parse(t){const e=[];let n=0,r="";for(;n<t.length;)t[n]===this.separator?n+1<t.length&&t[n+1]===this.separator?(r.trim()&&(e.push(this._parseSegment(r.trim())),r=""),e.push({type:"deep-wildcard"}),n+=2):(r.trim()&&e.push(this._parseSegment(r.trim())),r="",n++):(r+=t[n],n++);return r.trim()&&e.push(this._parseSegment(r.trim())),e}_parseSegment(t){const e={type:"tag"};let n=null,r=t;const i=t.match(/^([^\[]+)(\[[^\]]*\])(.*)$/);if(i&&(r=i[1]+i[3],i[2])){const t=i[2].slice(1,-1);t&&(n=t)}let s,o,a=r;if(r.includes("::")){const e=r.indexOf("::");if(s=r.substring(0,e).trim(),a=r.substring(e+2).trim(),!s)throw new Error(`Invalid namespace in pattern: ${t}`)}let l=null;if(a.includes(":")){const t=a.lastIndexOf(":"),e=a.substring(0,t).trim(),n=a.substring(t+1).trim();["first","last","odd","even"].includes(n)||/^nth\(\d+\)$/.test(n)?(o=e,l=n):o=a}else o=a;if(!o)throw new Error(`Invalid segment pattern: ${t}`);if(e.tag=o,s&&(e.namespace=s),n)if(n.includes("=")){const t=n.indexOf("=");e.attrName=n.substring(0,t).trim(),e.attrValue=n.substring(t+1).trim()}else e.attrName=n.trim();if(l){const t=l.match(/^nth\((\d+)\)$/);t?(e.position="nth",e.positionValue=parseInt(t[1],10)):e.position=l}return e}get length(){return this.segments.length}hasDeepWildcard(){return this._hasDeepWildcard}hasAttributeCondition(){return this._hasAttributeCondition}hasPositionSelector(){return this._hasPositionSelector}toString(){return this.pattern}}function Te(t,e){if(!t)return{};const n=e.attributesGroupName?t[e.attributesGroupName]:t;if(!n)return{};const r={};for(const t in n)t.startsWith(e.attributeNamePrefix)?r[t.substring(e.attributeNamePrefix.length)]=n[t]:r[t]=n[t];return r}function Ie(t){if(!t||"string"!=typeof t)return;const e=t.indexOf(":");if(-1!==e&&e>0){const n=t.substring(0,e);if("xmlns"!==n)return n}}class Pe{constructor(t){var e;if(this.options=t,this.currentNode=null,this.tagsNodeStack=[],this.docTypeEntities={},this.lastEntities={apos:{regex:/&(apos|#39|#x27);/g,val:"'"},gt:{regex:/&(gt|#62|#x3E);/g,val:">"},lt:{regex:/&(lt|#60|#x3C);/g,val:"<"},quot:{regex:/&(quot|#34|#x22);/g,val:'"'}},this.ampEntity={regex:/&(amp|#38|#x26);/g,val:"&"},this.htmlEntities={space:{regex:/&(nbsp|#160);/g,val:" "},cent:{regex:/&(cent|#162);/g,val:"¢"},pound:{regex:/&(pound|#163);/g,val:"£"},yen:{regex:/&(yen|#165);/g,val:"¥"},euro:{regex:/&(euro|#8364);/g,val:"€"},copyright:{regex:/&(copy|#169);/g,val:"©"},reg:{regex:/&(reg|#174);/g,val:"®"},inr:{regex:/&(inr|#8377);/g,val:"₹"},num_dec:{regex:/&#([0-9]{1,7});/g,val:(t,e)=>ze(e,10,"&#")},num_hex:{regex:/&#x([0-9a-fA-F]{1,6});/g,val:(t,e)=>ze(e,16,"&#x")}},this.addExternalEntities=Ce,this.parseXml=Oe,this.parseTextData=Ae,this.resolveNameSpace=$e,this.buildAttributesMap=ke,this.isItStopNode=Ve,this.replaceEntitiesValue=Me,this.readStopNodeData=Ue,this.saveTextToParentTag=_e,this.addChild=Re,this.ignoreAttributesFn="function"==typeof(e=this.options.ignoreAttributes)?e:Array.isArray(e)?t=>{for(const n of e){if("string"==typeof n&&t===n)return!0;if(n instanceof RegExp&&n.test(t))return!0}}:()=>!1,this.entityExpansionCount=0,this.currentExpandedLength=0,this.matcher=new ve,this.isCurrentNodeStopNode=!1,this.options.stopNodes&&this.options.stopNodes.length>0){this.stopNodeExpressions=[];for(let t=0;t<this.options.stopNodes.length;t++){const e=this.options.stopNodes[t];"string"==typeof e?this.stopNodeExpressions.push(new Ne(e)):e instanceof Ne&&this.stopNodeExpressions.push(e)}}}}function Ce(t){const e=Object.keys(t);for(let n=0;n<e.length;n++){const r=e[n],i=r.replace(/[.\-+*:]/g,"\\.");this.lastEntities[r]={regex:new RegExp("&"+i+";","g"),val:t[r]}}}function Ae(t,e,n,r,i,s,o){if(void 0!==t&&(this.options.trimValues&&!r&&(t=t.trim()),t.length>0)){o||(t=this.replaceEntitiesValue(t,e,n));const r=this.options.jPath?n.toString():n,a=this.options.tagValueProcessor(e,t,r,i,s);return null==a?t:typeof a!=typeof t||a!==t?a:this.options.trimValues||t.trim()===t?Le(t,this.options.parseTagValue,this.options.numberParseOptions):t}}function $e(t){if(this.options.removeNSPrefix){const e=t.split(":"),n="/"===t.charAt(0)?"/":"";if("xmlns"===e[0])return"";2===e.length&&(t=n+e[1])}return t}const De=new RegExp("([^\\s=]+)\\s*(=\\s*(['\"])([\\s\\S]*?)\\3)?","gm");function ke(t,e,n){if(!0!==this.options.ignoreAttributes&&"string"==typeof t){const r=ie(t,De),i=r.length,s={},o={};for(let t=0;t<i;t++){const i=this.resolveNameSpace(r[t][1]),s=r[t][4];if(i.length&&void 0!==s){let t=s;this.options.trimValues&&(t=t.trim()),t=this.replaceEntitiesValue(t,n,e),o[i]=t}}Object.keys(o).length>0&&"object"==typeof e&&e.updateCurrent&&e.updateCurrent(o);for(let t=0;t<i;t++){const i=this.resolveNameSpace(r[t][1]),o=this.options.jPath?e.toString():e;if(this.ignoreAttributesFn(i,o))continue;let a=r[t][4],l=this.options.attributeNamePrefix+i;if(i.length)if(this.options.transformAttributeName&&(l=this.options.transformAttributeName(l)),l=Ke(l,this.options),void 0!==a){this.options.trimValues&&(a=a.trim()),a=this.replaceEntitiesValue(a,n,e);const t=this.options.jPath?e.toString():e,r=this.options.attributeValueProcessor(i,a,t);s[l]=null==r?a:typeof r!=typeof a||r!==a?r:Le(a,this.options.parseAttributeValue,this.options.numberParseOptions)}else this.options.allowBooleanAttributes&&(s[l]=!0)}if(!Object.keys(s).length)return;if(this.options.attributesGroupName){const t={};return t[this.options.attributesGroupName]=s,t}return s}}const Oe=function(t){t=t.replace(/\r\n?/g,"\n");const e=new ge("!xml");let n=e,r="";this.matcher.reset(),this.entityExpansionCount=0,this.currentExpandedLength=0;const i=new me(this.options.processEntities);for(let s=0;s<t.length;s++)if("<"===t[s])if("/"===t[s+1]){const e=je(t,">",s,"Closing Tag is not closed.");let i=t.substring(s+2,e).trim();if(this.options.removeNSPrefix){const t=i.indexOf(":");-1!==t&&(i=i.substr(t+1))}i=We(this.options.transformTagName,i,"",this.options).tagName,n&&(r=this.saveTextToParentTag(r,n,this.matcher));const o=this.matcher.getCurrentTag();if(i&&-1!==this.options.unpairedTags.indexOf(i))throw new Error(`Unpaired tag can not be used as closing tag: </${i}>`);o&&-1!==this.options.unpairedTags.indexOf(o)&&(this.matcher.pop(),this.tagsNodeStack.pop()),this.matcher.pop(),this.isCurrentNodeStopNode=!1,n=this.tagsNodeStack.pop(),r="",s=e}else if("?"===t[s+1]){let e=Fe(t,s,!1,"?>");if(!e)throw new Error("Pi Tag is not closed.");if(r=this.saveTextToParentTag(r,n,this.matcher),this.options.ignoreDeclaration&&"?xml"===e.tagName||this.options.ignorePiTags);else{const t=new ge(e.tagName);t.add(this.options.textNodeName,""),e.tagName!==e.tagExp&&e.attrExpPresent&&(t[":@"]=this.buildAttributesMap(e.tagExp,this.matcher,e.tagName)),this.addChild(n,t,this.matcher,s)}s=e.closeIndex+1}else if("!--"===t.substr(s+1,3)){const e=je(t,"--\x3e",s+4,"Comment is not closed.");if(this.options.commentPropName){const i=t.substring(s+4,e-2);r=this.saveTextToParentTag(r,n,this.matcher),n.add(this.options.commentPropName,[{[this.options.textNodeName]:i}])}s=e}else if("!D"===t.substr(s+1,2)){const e=i.readDocType(t,s);this.docTypeEntities=e.entities,s=e.i}else if("!["===t.substr(s+1,2)){const e=je(t,"]]>",s,"CDATA is not closed.")-2,i=t.substring(s+9,e);r=this.saveTextToParentTag(r,n,this.matcher);let o=this.parseTextData(i,n.tagname,this.matcher,!0,!1,!0,!0);null==o&&(o=""),this.options.cdataPropName?n.add(this.options.cdataPropName,[{[this.options.textNodeName]:i}]):n.add(this.options.textNodeName,o),s=e+2}else{let i=Fe(t,s,this.options.removeNSPrefix);if(!i){const e=t.substring(Math.max(0,s-50),Math.min(t.length,s+50));throw new Error(`readTagExp returned undefined at position ${s}. Context: "${e}"`)}let o=i.tagName;const a=i.rawTagName;let l=i.tagExp,c=i.attrExpPresent,u=i.closeIndex;if(({tagName:o,tagExp:l}=We(this.options.transformTagName,o,l,this.options)),this.options.strictReservedNames&&(o===this.options.commentPropName||o===this.options.cdataPropName||o===this.options.textNodeName||o===this.options.attributesGroupName))throw new Error(`Invalid tag name: ${o}`);n&&r&&"!xml"!==n.tagname&&(r=this.saveTextToParentTag(r,n,this.matcher,!1));const h=n;h&&-1!==this.options.unpairedTags.indexOf(h.tagname)&&(n=this.tagsNodeStack.pop(),this.matcher.pop());let d=!1;l.length>0&&l.lastIndexOf("/")===l.length-1&&(d=!0,"/"===o[o.length-1]?(o=o.substr(0,o.length-1),l=o):l=l.substr(0,l.length-1),c=o!==l);let p,g=null,m={};p=Ie(a),o!==e.tagname&&this.matcher.push(o,{},p),o!==l&&c&&(g=this.buildAttributesMap(l,this.matcher,o),g&&(m=Te(g,this.options))),o!==e.tagname&&(this.isCurrentNodeStopNode=this.isItStopNode(this.stopNodeExpressions,this.matcher));const f=s;if(this.isCurrentNodeStopNode){let e="";if(d)s=i.closeIndex;else if(-1!==this.options.unpairedTags.indexOf(o))s=i.closeIndex;else{const n=this.readStopNodeData(t,a,u+1);if(!n)throw new Error(`Unexpected end of ${a}`);s=n.i,e=n.tagContent}const r=new ge(o);g&&(r[":@"]=g),r.add(this.options.textNodeName,e),this.matcher.pop(),this.isCurrentNodeStopNode=!1,this.addChild(n,r,this.matcher,f)}else{if(d){({tagName:o,tagExp:l}=We(this.options.transformTagName,o,l,this.options));const t=new ge(o);g&&(t[":@"]=g),this.addChild(n,t,this.matcher,f),this.matcher.pop(),this.isCurrentNodeStopNode=!1}else{if(-1!==this.options.unpairedTags.indexOf(o)){const t=new ge(o);g&&(t[":@"]=g),this.addChild(n,t,this.matcher,f),this.matcher.pop(),this.isCurrentNodeStopNode=!1,s=i.closeIndex;continue}{const t=new ge(o);if(this.tagsNodeStack.length>this.options.maxNestedTags)throw new Error("Maximum nested tags exceeded");this.tagsNodeStack.push(n),g&&(t[":@"]=g),this.addChild(n,t,this.matcher,f),n=t}}r="",s=u}}else r+=t[s];return e.child};function Re(t,e,n,r){this.options.captureMetaData||(r=void 0);const i=this.options.jPath?n.toString():n,s=this.options.updateTag(e.tagname,i,e[":@"]);!1===s||("string"==typeof s?(e.tagname=s,t.addChild(e,r)):t.addChild(e,r))}function Me(t,e,n){const r=this.options.processEntities;if(!r||!r.enabled)return t;if(r.allowedTags){const i=this.options.jPath?n.toString():n;if(!(Array.isArray(r.allowedTags)?r.allowedTags.includes(e):r.allowedTags(e,i)))return t}if(r.tagFilter){const i=this.options.jPath?n.toString():n;if(!r.tagFilter(e,i))return t}for(const e of Object.keys(this.docTypeEntities)){const n=this.docTypeEntities[e],i=t.match(n.regx);if(i){if(this.entityExpansionCount+=i.length,r.maxTotalExpansions&&this.entityExpansionCount>r.maxTotalExpansions)throw new Error(`Entity expansion limit exceeded: ${this.entityExpansionCount} > ${r.maxTotalExpansions}`);const e=t.length;if(t=t.replace(n.regx,n.val),r.maxExpandedLength&&(this.currentExpandedLength+=t.length-e,this.currentExpandedLength>r.maxExpandedLength))throw new Error(`Total expanded content size exceeded: ${this.currentExpandedLength} > ${r.maxExpandedLength}`)}}for(const e of Object.keys(this.lastEntities)){const n=this.lastEntities[e],i=t.match(n.regex);if(i&&(this.entityExpansionCount+=i.length,r.maxTotalExpansions&&this.entityExpansionCount>r.maxTotalExpansions))throw new Error(`Entity expansion limit exceeded: ${this.entityExpansionCount} > ${r.maxTotalExpansions}`);t=t.replace(n.regex,n.val)}if(-1===t.indexOf("&"))return t;if(this.options.htmlEntities)for(const e of Object.keys(this.htmlEntities)){const n=this.htmlEntities[e],i=t.match(n.regex);if(i&&(this.entityExpansionCount+=i.length,r.maxTotalExpansions&&this.entityExpansionCount>r.maxTotalExpansions))throw new Error(`Entity expansion limit exceeded: ${this.entityExpansionCount} > ${r.maxTotalExpansions}`);t=t.replace(n.regex,n.val)}return t.replace(this.ampEntity.regex,this.ampEntity.val)}function _e(t,e,n,r){return t&&(void 0===r&&(r=0===e.child.length),void 0!==(t=this.parseTextData(t,e.tagname,n,!1,!!e[":@"]&&0!==Object.keys(e[":@"]).length,r))&&""!==t&&e.add(this.options.textNodeName,t),t=""),t}function Ve(t,e){if(!t||0===t.length)return!1;for(let n=0;n<t.length;n++)if(e.matches(t[n]))return!0;return!1}function je(t,e,n,r){const i=t.indexOf(e,n);if(-1===i)throw new Error(r);return i+e.length-1}function Fe(t,e,n,r=">"){const i=function(t,e,n=">"){let r,i="";for(let s=e;s<t.length;s++){let e=t[s];if(r)e===r&&(r="");else if('"'===e||"'"===e)r=e;else if(e===n[0]){if(!n[1])return{data:i,index:s};if(t[s+1]===n[1])return{data:i,index:s}}else"\t"===e&&(e=" ");i+=e}}(t,e+1,r);if(!i)return;let s=i.data;const o=i.index,a=s.search(/\s/);let l=s,c=!0;-1!==a&&(l=s.substring(0,a),s=s.substring(a+1).trimStart());const u=l;if(n){const t=l.indexOf(":");-1!==t&&(l=l.substr(t+1),c=l!==i.data.substr(t+1))}return{tagName:l,tagExp:s,closeIndex:o,attrExpPresent:c,rawTagName:u}}function Ue(t,e,n){const r=n;let i=1;for(;n<t.length;n++)if("<"===t[n])if("/"===t[n+1]){const s=je(t,">",n,`${e} is not closed`);if(t.substring(n+2,s).trim()===e&&(i--,0===i))return{tagContent:t.substring(r,n),i:s};n=s}else if("?"===t[n+1])n=je(t,"?>",n+1,"StopNode is not closed.");else if("!--"===t.substr(n+1,3))n=je(t,"--\x3e",n+3,"StopNode is not closed.");else if("!["===t.substr(n+1,2))n=je(t,"]]>",n,"StopNode is not closed.")-2;else{const r=Fe(t,n,">");r&&((r&&r.tagName)===e&&"/"!==r.tagExp[r.tagExp.length-1]&&i++,n=r.closeIndex)}}function Le(t,e,n){if(e&&"string"==typeof t){const e=t.trim();return"true"===e||"false"!==e&&function(t,e={}){if(e=Object.assign({},we,e),!t||"string"!=typeof t)return t;let n=t.trim();if(void 0!==e.skipLike&&e.skipLike.test(n))return t;if("0"===t)return 0;if(e.hex&&Ee.test(n))return function(t){if(parseInt)return parseInt(t,16);if(Number.parseInt)return Number.parseInt(t,16);if(window&&window.parseInt)return window.parseInt(t,16);throw new Error("parseInt, Number.parseInt, window.parseInt are not supported")}(n);if(isFinite(n)){if(n.includes("e")||n.includes("E"))return function(t,e,n){if(!n.eNotation)return t;const r=e.match(Se);if(r){let i=r[1]||"";const s=-1===r[3].indexOf("e")?"E":"e",o=r[2],a=i?t[o.length+1]===s:t[o.length]===s;return o.length>1&&a?t:(1!==o.length||!r[3].startsWith(`.${s}`)&&r[3][0]!==s)&&o.length>0?n.leadingZeros&&!a?(e=(r[1]||"")+r[3],Number(e)):t:Number(e)}return t}(t,n,e);{const i=be.exec(n);if(i){const s=i[1]||"",o=i[2];let a=(r=i[3])&&-1!==r.indexOf(".")?("."===(r=r.replace(/0+$/,""))?r="0":"."===r[0]?r="0"+r:"."===r[r.length-1]&&(r=r.substring(0,r.length-1)),r):r;const l=s?"."===t[o.length+1]:"."===t[o.length];if(!e.leadingZeros&&(o.length>1||1===o.length&&!l))return t;{const r=Number(n),i=String(r);if(0===r)return r;if(-1!==i.search(/[eE]/))return e.eNotation?r:t;if(-1!==n.indexOf("."))return"0"===i||i===a||i===`${s}${a}`?r:t;let l=o?a:n;return o?l===i||s+l===i?r:t:l===i||l===s+i?r:t}}return t}}var r;return function(t,e,n){const r=e===1/0;switch(n.infinity.toLowerCase()){case"null":return null;case"infinity":return e;case"string":return r?"Infinity":"-Infinity";default:return t}}(t,Number(n),e)}(t,n)}return function(t){return void 0!==t}(t)?t:""}function ze(t,e,n){const r=Number.parseInt(t,e);return r>=0&&r<=1114111?String.fromCodePoint(r):n+t+";"}function We(t,e,n,r){if(t){const r=t(e);n===e&&(n=r),e=r}return{tagName:e=Ke(e,r),tagExp:n}}function Ke(t,e){if(ae.includes(t))throw new Error(`[SECURITY] Invalid name: "${t}" is a reserved JavaScript keyword that could cause prototype pollution`);return oe.includes(t)?e.onDangerousProperty(t):t}const Be=ge.getMetaDataSymbol();function Ge(t,e){if(!t||"object"!=typeof t)return{};if(!e)return t;const n={};for(const r in t)r.startsWith(e)?n[r.substring(e.length)]=t[r]:n[r]=t[r];return n}function qe(t,e,n){return Ye(t,e,n)}function Ye(t,e,n){let r;const i={};for(let s=0;s<t.length;s++){const o=t[s],a=Qe(o);if(void 0!==a&&a!==e.textNodeName){const t=Ge(o[":@"]||{},e.attributeNamePrefix);n.push(a,t)}if(a===e.textNodeName)void 0===r?r=o[a]:r+=""+o[a];else{if(void 0===a)continue;if(o[a]){let t=Ye(o[a],e,n);const r=He(t,e);if(o[":@"]?Ze(t,o[":@"],n,e):1!==Object.keys(t).length||void 0===t[e.textNodeName]||e.alwaysCreateTextNode?0===Object.keys(t).length&&(e.alwaysCreateTextNode?t[e.textNodeName]="":t=""):t=t[e.textNodeName],void 0!==o[Be]&&"object"==typeof t&&null!==t&&(t[Be]=o[Be]),void 0!==i[a]&&Object.prototype.hasOwnProperty.call(i,a))Array.isArray(i[a])||(i[a]=[i[a]]),i[a].push(t);else{const s=e.jPath?n.toString():n;e.isArray(a,s,r)?i[a]=[t]:i[a]=t}void 0!==a&&a!==e.textNodeName&&n.pop()}}}return"string"==typeof r?r.length>0&&(i[e.textNodeName]=r):void 0!==r&&(i[e.textNodeName]=r),i}function Qe(t){const e=Object.keys(t);for(let t=0;t<e.length;t++){const n=e[t];if(":@"!==n)return n}}function Ze(t,e,n,r){if(e){const i=Object.keys(e),s=i.length;for(let o=0;o<s;o++){const s=i[o],a=s.startsWith(r.attributeNamePrefix)?s.substring(r.attributeNamePrefix.length):s,l=r.jPath?n.toString()+"."+a:n;r.isArray(s,l,!0,!0)?t[s]=[e[s]]:t[s]=e[s]}}}function He(t,e){const{textNodeName:n}=e,r=Object.keys(t).length;return 0===r||!(1!==r||!t[n]&&"boolean"!=typeof t[n]&&0!==t[n])}const Xe={allowBooleanAttributes:!1,unpairedTags:[]};function Je(t){return" "===t||"\t"===t||"\n"===t||"\r"===t}function tn(t,e){const n=e;for(;e<t.length;e++)if("?"==t[e]||" "==t[e]){const r=t.substr(n,e-n);if(e>5&&"xml"===r)return an("InvalidXml","XML declaration allowed only at the start of the document.",un(t,e));if("?"==t[e]&&">"==t[e+1]){e++;break}continue}return e}function en(t,e){if(t.length>e+5&&"-"===t[e+1]&&"-"===t[e+2]){for(e+=3;e<t.length;e++)if("-"===t[e]&&"-"===t[e+1]&&">"===t[e+2]){e+=2;break}}else if(t.length>e+8&&"D"===t[e+1]&&"O"===t[e+2]&&"C"===t[e+3]&&"T"===t[e+4]&&"Y"===t[e+5]&&"P"===t[e+6]&&"E"===t[e+7]){let n=1;for(e+=8;e<t.length;e++)if("<"===t[e])n++;else if(">"===t[e]&&(n--,0===n))break}else if(t.length>e+9&&"["===t[e+1]&&"C"===t[e+2]&&"D"===t[e+3]&&"A"===t[e+4]&&"T"===t[e+5]&&"A"===t[e+6]&&"["===t[e+7])for(e+=8;e<t.length;e++)if("]"===t[e]&&"]"===t[e+1]&&">"===t[e+2]){e+=2;break}return e}function nn(t,e){let n="",r="",i=!1;for(;e<t.length;e++){if('"'===t[e]||"'"===t[e])""===r?r=t[e]:r!==t[e]||(r="");else if(">"===t[e]&&""===r){i=!0;break}n+=t[e]}return""===r&&{value:n,index:e,tagClosed:i}}const rn=new RegExp("(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['\"])(([\\s\\S])*?)\\5)?","g");function sn(t,e){const n=ie(t,rn),r={};for(let t=0;t<n.length;t++){if(0===n[t][1].length)return an("InvalidAttr","Attribute '"+n[t][2]+"' has no space in starting.",hn(n[t]));if(void 0!==n[t][3]&&void 0===n[t][4])return an("InvalidAttr","Attribute '"+n[t][2]+"' is without value.",hn(n[t]));if(void 0===n[t][3]&&!e.allowBooleanAttributes)return an("InvalidAttr","boolean attribute '"+n[t][2]+"' is not allowed.",hn(n[t]));const i=n[t][2];if(!ln(i))return an("InvalidAttr","Attribute '"+i+"' is an invalid name.",hn(n[t]));if(Object.prototype.hasOwnProperty.call(r,i))return an("InvalidAttr","Attribute '"+i+"' is repeated.",hn(n[t]));r[i]=1}return!0}function on(t,e){if(";"===t[++e])return-1;if("#"===t[e])return function(t,e){let n=/\d/;for("x"===t[e]&&(e++,n=/[\da-fA-F]/);e<t.length;e++){if(";"===t[e])return e;if(!t[e].match(n))break}return-1}(t,++e);let n=0;for(;e<t.length;e++,n++)if(!(t[e].match(/\w/)&&n<20)){if(";"===t[e])break;return-1}return e}function an(t,e,n){return{err:{code:t,msg:e,line:n.line||n,col:n.col}}}function ln(t){return se(t)}function cn(t){return se(t)}function un(t,e){const n=t.substring(0,e).split(/\r?\n/);return{line:n.length,col:n[n.length-1].length+1}}function hn(t){return t.startIndex+t[1].length}const dn=new class{constructor(t){this.externalEntities={},this.options=de(t)}parse(t,e){if("string"!=typeof t&&t.toString)t=t.toString();else if("string"!=typeof t)throw new Error("XML data is accepted in String or Bytes[] form.");if(e){!0===e&&(e={});const n=function(t,e){e=Object.assign({},Xe,e);const n=[];let r=!1,i=!1;"\ufeff"===t[0]&&(t=t.substr(1));for(let s=0;s<t.length;s++)if("<"===t[s]&&"?"===t[s+1]){if(s+=2,s=tn(t,s),s.err)return s}else{if("<"!==t[s]){if(Je(t[s]))continue;return an("InvalidChar","char '"+t[s]+"' is not expected.",un(t,s))}{let o=s;if(s++,"!"===t[s]){s=en(t,s);continue}{let a=!1;"/"===t[s]&&(a=!0,s++);let l="";for(;s<t.length&&">"!==t[s]&&" "!==t[s]&&"\t"!==t[s]&&"\n"!==t[s]&&"\r"!==t[s];s++)l+=t[s];if(l=l.trim(),"/"===l[l.length-1]&&(l=l.substring(0,l.length-1),s--),!cn(l)){let e;return e=0===l.trim().length?"Invalid space after '<'.":"Tag '"+l+"' is an invalid name.",an("InvalidTag",e,un(t,s))}const c=nn(t,s);if(!1===c)return an("InvalidAttr","Attributes for '"+l+"' have open quote.",un(t,s));let u=c.value;if(s=c.index,"/"===u[u.length-1]){const n=s-u.length;u=u.substring(0,u.length-1);const i=sn(u,e);if(!0!==i)return an(i.err.code,i.err.msg,un(t,n+i.err.line));r=!0}else if(a){if(!c.tagClosed)return an("InvalidTag","Closing tag '"+l+"' doesn't have proper closing.",un(t,s));if(u.trim().length>0)return an("InvalidTag","Closing tag '"+l+"' can't have attributes or invalid starting.",un(t,o));if(0===n.length)return an("InvalidTag","Closing tag '"+l+"' has not been opened.",un(t,o));{const e=n.pop();if(l!==e.tagName){let n=un(t,e.tagStartPos);return an("InvalidTag","Expected closing tag '"+e.tagName+"' (opened in line "+n.line+", col "+n.col+") instead of closing tag '"+l+"'.",un(t,o))}0==n.length&&(i=!0)}}else{const a=sn(u,e);if(!0!==a)return an(a.err.code,a.err.msg,un(t,s-u.length+a.err.line));if(!0===i)return an("InvalidXml","Multiple possible root nodes found.",un(t,s));-1!==e.unpairedTags.indexOf(l)||n.push({tagName:l,tagStartPos:o}),r=!0}for(s++;s<t.length;s++)if("<"===t[s]){if("!"===t[s+1]){s++,s=en(t,s);continue}if("?"!==t[s+1])break;if(s=tn(t,++s),s.err)return s}else if("&"===t[s]){const e=on(t,s);if(-1==e)return an("InvalidChar","char '&' is not expected.",un(t,s));s=e}else if(!0===i&&!Je(t[s]))return an("InvalidXml","Extra text at the end",un(t,s));"<"===t[s]&&s--}}}return r?1==n.length?an("InvalidTag","Unclosed tag '"+n[0].tagName+"'.",un(t,n[0].tagStartPos)):!(n.length>0)||an("InvalidXml","Invalid '"+JSON.stringify(n.map(t=>t.tagName),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1}):an("InvalidXml","Start tag expected.",1)}(t,e);if(!0!==n)throw Error(`${n.err.msg}:${n.err.line}:${n.err.col}`)}const n=new Pe(this.options);n.addExternalEntities(this.externalEntities);const r=n.parseXml(t);return this.options.preserveOrder||void 0===r?r:qe(r,this.options,n.matcher)}addEntity(t,e){if(-1!==e.indexOf("&"))throw new Error("Entity value can't have '&'");if(-1!==t.indexOf("&")||-1!==t.indexOf(";"))throw new Error("An entity must be set without '&' and ';'. Eg. use '#xD' for '&#xD;'");if("&"===e)throw new Error("An entity with value '&' is not permitted");this.externalEntities[t]=e}static getMetaDataSymbol(){return ge.getMetaDataSymbol()}}({attributeNamePrefix:"",htmlEntities:!0,ignoreAttributes:!1,ignoreDeclaration:!0,parseTagValue:!1,trimValues:!1,tagValueProcessor:(t,e)=>""===e.trim()&&e.includes("\n")?"":void 0});dn.addEntity("#xD","\r"),dn.addEntity("#10","\n");var pn=n(2840);const gn=t=>{const e="#text";for(const n in t)t.hasOwnProperty(n)&&void 0!==t[n][e]?t[n]=t[n][e]:"object"==typeof t[n]&&null!==t[n]&&(t[n]=gn(t[n]));return t};var mn=n(2914),fn=n(88791),xn=n(89946);class yn extends fn.B{settings;stringDeserializer;constructor(t){super(),this.settings=t,this.stringDeserializer=new pn.k(t)}setSerdeContext(t){this.serdeContext=t,this.stringDeserializer.setSerdeContext(t)}read(t,e,n){const r=te.l.of(t),i=r.getMemberSchemas();if(r.isStructSchema()&&r.isMemberSchema()&&Object.values(i).find(t=>!!t.getMemberTraits().eventPayload)){const t={},n=Object.keys(i)[0];return i[n].isBlobSchema()?t[n]=e:t[n]=this.read(i[n],e),t}const s=(this.serdeContext?.utf8Encoder??mn.P)(e),o=this.parseXml(s);return this.readSchema(t,n?o[n]:o)}readSchema(t,e){const n=te.l.of(t);if(n.isUnitSchema())return;const r=n.getMergedTraits();if(n.isListSchema()&&!Array.isArray(e))return this.readSchema(n,[e]);if(null==e)return e;if("object"==typeof e){const t=!!r.sparse,i=!!r.xmlFlattened;if(n.isListSchema()){const r=n.getValueSchema(),s=[],o=r.getMergedTraits().xmlName??"member",a=i?e:(e[0]??e)[o],l=Array.isArray(a)?a:[a];for(const e of l)(null!=e||t)&&s.push(this.readSchema(r,e));return s}const s={};if(n.isMapSchema()){const r=n.getKeySchema(),o=n.getValueSchema();let a;a=i?Array.isArray(e)?e:[e]:Array.isArray(e.entry)?e.entry:[e.entry];const l=r.getMergedTraits().xmlName??"key",c=o.getMergedTraits().xmlName??"value";for(const e of a){const n=e[l],r=e[c];(null!=r||t)&&(s[n]=this.readSchema(o,r))}return s}if(n.isStructSchema()){const t=n.isUnionSchema();let r;t&&(r=new xn.F(e,s));for(const[i,o]of n.structIterator()){const n=o.getMergedTraits(),a=n.httpPayload?n.xmlName??o.getName():o.getMemberTraits().xmlName??i;t&&r.mark(a),null!=e[a]&&(s[i]=this.readSchema(o,e[a]))}return t&&r.writeUnknown(),s}if(n.isDocumentSchema())return e;throw new Error(`@aws-sdk/core/protocols - xml deserializer unhandled schema type for ${n.getName(!0)}`)}return n.isListSchema()?[]:n.isMapSchema()||n.isStructSchema()?{}:this.stringDeserializer.read(n,e)}parseXml(t){if(t.length){let n;try{e=t,n=dn.parse(e,!0)}catch(e){throw e&&"object"==typeof e&&Object.defineProperty(e,"$responseBodyText",{value:t}),e}const r="#text",i=Object.keys(n)[0],s=n[i];return s[r]&&(s[i]=s[r],delete s[r]),gn(s)}var e;return{}}}var En=n(26144),bn=n(30259),wn=n(34708),Sn=n(70764),vn=n(10015),Nn=n(39181);class Tn extends fn.B{settings;buffer;constructor(t){super(),this.settings=t}write(t,e,n=""){void 0===this.buffer&&(this.buffer="");const r=te.l.of(t);if(n&&!n.endsWith(".")&&(n+="."),r.isBlobSchema())("string"==typeof e||e instanceof Uint8Array)&&(this.writeKey(n),this.writeValue((this.serdeContext?.base64Encoder??Nn.n)(e)));else if(r.isBooleanSchema()||r.isNumericSchema()||r.isStringSchema())null!=e?(this.writeKey(n),this.writeValue(String(e))):r.isIdempotencyToken()&&(this.writeKey(n),this.writeValue((0,wn.v4)()));else if(r.isBigIntegerSchema())null!=e&&(this.writeKey(n),this.writeValue(String(e)));else if(r.isBigDecimalSchema())null!=e&&(this.writeKey(n),this.writeValue(e instanceof Sn.D?e.string:String(e)));else if(r.isTimestampSchema()){if(e instanceof Date)switch(this.writeKey(n),(0,En.V)(r,this.settings)){case 5:this.writeValue(e.toISOString().replace(".000Z","Z"));break;case 6:this.writeValue((0,vn.JV)(e));break;case 7:this.writeValue(String(e.getTime()/1e3))}}else if(r.isDocumentSchema())Array.isArray(e)?this.write(79,e,n):e instanceof Date?this.write(4,e,n):e instanceof Uint8Array?this.write(21,e,n):e&&"object"==typeof e?this.write(143,e,n):(this.writeKey(n),this.writeValue(String(e)));else if(r.isListSchema()){if(Array.isArray(e))if(0===e.length)this.settings.serializeEmptyLists&&(this.writeKey(n),this.writeValue(""));else{const t=r.getValueSchema(),i=this.settings.flattenLists||r.getMergedTraits().xmlFlattened;let s=1;for(const r of e){if(null==r)continue;const e=t.getMergedTraits(),o=this.getKey("member",e.xmlName,e.ec2QueryName),a=i?`${n}${s}`:`${n}${o}.${s}`;this.write(t,r,a),++s}}}else if(r.isMapSchema()){if(e&&"object"==typeof e){const t=r.getKeySchema(),i=r.getValueSchema(),s=r.getMergedTraits().xmlFlattened;let o=1;for(const[r,a]of Object.entries(e)){if(null==a)continue;const e=t.getMergedTraits(),l=this.getKey("key",e.xmlName,e.ec2QueryName),c=s?`${n}${o}.${l}`:`${n}entry.${o}.${l}`,u=i.getMergedTraits(),h=this.getKey("value",u.xmlName,u.ec2QueryName),d=s?`${n}${o}.${h}`:`${n}entry.${o}.${h}`;this.write(t,r,c),this.write(i,a,d),++o}}}else if(r.isStructSchema()){if(e&&"object"==typeof e){let t=!1;for(const[i,s]of r.structIterator()){if(null==e[i]&&!s.isIdempotencyToken())continue;const r=s.getMergedTraits(),o=`${n}${this.getKey(i,r.xmlName,r.ec2QueryName,"struct")}`;this.write(s,e[i],o),t=!0}if(!t&&r.isUnionSchema()){const{$unknown:t}=e;if(Array.isArray(t)){const[e,r]=t,i=`${n}${e}`;this.write(15,r,i)}}}}else if(!r.isUnitSchema())throw new Error(`@aws-sdk/core/protocols - QuerySerializer unrecognized schema type ${r.getName(!0)}`)}flush(){if(void 0===this.buffer)throw new Error("@aws-sdk/core/protocols - QuerySerializer cannot flush with nothing written to buffer.");const t=this.buffer;return delete this.buffer,t}getKey(t,e,n,r){const{ec2:i,capitalizeKeys:s}=this.settings;if(i&&n)return n;const o=e??t;return s&&"struct"===r?o[0].toUpperCase()+o.slice(1):o}writeKey(t){t.endsWith(".")&&(t=t.slice(0,t.length-1)),this.buffer+=`&${(0,bn.$)(t)}=`}writeValue(t){this.buffer+=(0,bn.$)(t)}}class In extends Ht.M{options;serializer;deserializer;mixin=new ee.U;constructor(t){super({defaultNamespace:t.defaultNamespace}),this.options=t;const e={timestampFormat:{useTrait:!0,default:5},httpBindings:!1,xmlNamespace:t.xmlNamespace,serviceNamespace:t.defaultNamespace,serializeEmptyLists:!0};this.serializer=new Tn(e),this.deserializer=new yn(e)}getShapeId(){return"aws.protocols#awsQuery"}setSerdeContext(t){this.serializer.setSerdeContext(t),this.deserializer.setSerdeContext(t)}getPayloadCodec(){throw new Error("AWSQuery protocol has no payload codec.")}async serializeRequest(t,e,n){const r=await super.serializeRequest(t,e,n);r.path.endsWith("/")||(r.path+="/"),Object.assign(r.headers,{"content-type":"application/x-www-form-urlencoded"}),"unit"!==(0,Jt.L)(t.input)&&r.body||(r.body="");const i=t.name.split("#")[1]??t.name;return r.body=`Action=${i}&Version=${this.options.version}`+r.body,r.body.endsWith("&")&&(r.body=r.body.slice(-1)),r}async deserializeResponse(t,e,n){const r=this.deserializer,i=te.l.of(t.output),s={};if(n.statusCode>=300){const i=await(0,Xt.P)(n.body,e);i.byteLength>0&&Object.assign(s,await r.read(15,i)),await this.handleError(t,e,n,s,this.deserializeMetadata(n))}for(const t in n.headers){const e=n.headers[t];delete n.headers[t],n.headers[t.toLowerCase()]=e}const o=t.name.split("#")[1]??t.name,a=i.isStructSchema()&&this.useNestedResult()?o+"Result":void 0,l=await(0,Xt.P)(n.body,e);return l.byteLength>0&&Object.assign(s,await r.read(i,l,a)),{$metadata:this.deserializeMetadata(n),...s}}useNestedResult(){return!0}async handleError(t,e,n,r,i){const s=this.loadQueryErrorCode(n,r)??"Unknown",o=this.loadQueryError(r),a=this.loadQueryErrorMessage(r);o.message=a,o.Error={Type:o.Type,Code:o.Code,Message:a};const{errorSchema:l,errorMetadata:c}=await this.mixin.getErrorSchemaOrThrowBaseException(s,this.options.defaultNamespace,n,o,i,this.mixin.findQueryCompatibleError),h=te.l.of(l),d=new(u.O.for(l[1]).getErrorCtor(l)??Error)(a),p={Type:o.Error.Type,Code:o.Error.Code,Error:o.Error};for(const[t,e]of h.structIterator()){const n=e.getMergedTraits().xmlName??t,i=o[n]??r[n];p[t]=this.deserializer.readSchema(e,i)}throw this.mixin.decorateServiceException(Object.assign(d,c,{$fault:h.getMergedTraits().error,message:a},p),r)}loadQueryErrorCode(t,e){const n=(e.Errors?.[0]?.Error??e.Errors?.Error??e.Error)?.Code;return void 0!==n?n:404==t.statusCode?"NotFound":void 0}loadQueryError(t){return t.Errors?.[0]?.Error??t.Errors?.Error??t.Error}loadQueryErrorMessage(t){const e=this.loadQueryError(t);return e?.message??e?.Message??t.message??t.Message??"Unknown"}getDefaultContentType(){return"application/x-www-form-urlencoded"}}var Pn=n(3761),Cn=n(67933),An=n(12544),$n=n(40935),Dn=n(2456),kn=n(48105),On=n(1034),Rn=n(7856);const Mn="required",_n="type",Vn="fn",jn="argv",Fn="ref",Un=!1,Ln=!0,zn="booleanEquals",Wn="stringEquals",Kn="sigv4",Bn="us-east-1",Gn="endpoint",qn="https://sts.{Region}.{PartitionResult#dnsSuffix}",Yn="tree",Qn="error",Zn="getAttr",Hn={[Mn]:!1,[_n]:"string"},Xn={[Mn]:!0,default:!1,[_n]:"boolean"},Jn={[Fn]:"Endpoint"},tr={[Vn]:"isSet",[jn]:[{[Fn]:"Region"}]},er={[Fn]:"Region"},nr={[Vn]:"aws.partition",[jn]:[er],assign:"PartitionResult"},rr={[Fn]:"UseFIPS"},ir={[Fn]:"UseDualStack"},sr={url:"https://sts.amazonaws.com",properties:{authSchemes:[{name:Kn,signingName:"sts",signingRegion:Bn}]},headers:{}},or={},ar={conditions:[{[Vn]:Wn,[jn]:[er,"aws-global"]}],[Gn]:sr,[_n]:Gn},lr={[Vn]:zn,[jn]:[rr,!0]},cr={[Vn]:zn,[jn]:[ir,!0]},ur={[Vn]:Zn,[jn]:[{[Fn]:"PartitionResult"},"supportsFIPS"]},hr={[Fn]:"PartitionResult"},dr={[Vn]:zn,[jn]:[!0,{[Vn]:Zn,[jn]:[hr,"supportsDualStack"]}]},pr=[{[Vn]:"isSet",[jn]:[Jn]}],gr=[lr],mr=[cr],fr={version:"1.0",parameters:{Region:Hn,UseDualStack:Xn,UseFIPS:Xn,Endpoint:Hn,UseGlobalEndpoint:Xn},rules:[{conditions:[{[Vn]:zn,[jn]:[{[Fn]:"UseGlobalEndpoint"},Ln]},{[Vn]:"not",[jn]:pr},tr,nr,{[Vn]:zn,[jn]:[rr,Un]},{[Vn]:zn,[jn]:[ir,Un]}],rules:[{conditions:[{[Vn]:Wn,[jn]:[er,"ap-northeast-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"ap-south-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"ap-southeast-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"ap-southeast-2"]}],endpoint:sr,[_n]:Gn},ar,{conditions:[{[Vn]:Wn,[jn]:[er,"ca-central-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-central-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-north-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-west-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-west-2"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"eu-west-3"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"sa-east-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,Bn]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"us-east-2"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"us-west-1"]}],endpoint:sr,[_n]:Gn},{conditions:[{[Vn]:Wn,[jn]:[er,"us-west-2"]}],endpoint:sr,[_n]:Gn},{endpoint:{url:qn,properties:{authSchemes:[{name:Kn,signingName:"sts",signingRegion:"{Region}"}]},headers:or},[_n]:Gn}],[_n]:Yn},{conditions:pr,rules:[{conditions:gr,error:"Invalid Configuration: FIPS and custom endpoint are not supported",[_n]:Qn},{conditions:mr,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",[_n]:Qn},{endpoint:{url:Jn,properties:or,headers:or},[_n]:Gn}],[_n]:Yn},{conditions:[tr],rules:[{conditions:[nr],rules:[{conditions:[lr,cr],rules:[{conditions:[{[Vn]:zn,[jn]:[Ln,ur]},dr],rules:[{endpoint:{url:"https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:or,headers:or},[_n]:Gn}],[_n]:Yn},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",[_n]:Qn}],[_n]:Yn},{conditions:gr,rules:[{conditions:[{[Vn]:zn,[jn]:[ur,Ln]}],rules:[{conditions:[{[Vn]:Wn,[jn]:[{[Vn]:Zn,[jn]:[hr,"name"]},"aws-us-gov"]}],endpoint:{url:"https://sts.{Region}.amazonaws.com",properties:or,headers:or},[_n]:Gn},{endpoint:{url:"https://sts-fips.{Region}.{PartitionResult#dnsSuffix}",properties:or,headers:or},[_n]:Gn}],[_n]:Yn},{error:"FIPS is enabled but this partition does not support FIPS",[_n]:Qn}],[_n]:Yn},{conditions:mr,rules:[{conditions:[dr],rules:[{endpoint:{url:"https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:or,headers:or},[_n]:Gn}],[_n]:Yn},{error:"DualStack is enabled but this partition does not support DualStack",[_n]:Qn}],[_n]:Yn},ar,{endpoint:{url:qn,properties:or,headers:or},[_n]:Gn}],[_n]:Yn}],[_n]:Yn},{error:"Invalid Configuration: Missing Region",[_n]:Qn}]},xr=new kn.k({size:50,params:["Endpoint","Region","UseDualStack","UseFIPS","UseGlobalEndpoint"]}),yr=(t,e={})=>xr.get(t,()=>(0,On.s)(fr,{endpointParams:t,logger:e.logger}));Rn.m.aws=Dn.UF;var Er=n(93673),br=n(78646),wr=n(18081);class Sr extends Ct.K{config;constructor(...[t]){const e=(t=>{(0,Gt.I)(process.version);const e=(0,Qt.I)(t),n=()=>e().then(qt.l),r=(t=>({apiVersion:"2011-06-15",base64Decoder:t?.base64Decoder??An.E,base64Encoder:t?.base64Encoder??Nn.n,disableHostPrefix:t?.disableHostPrefix??!1,endpointProvider:t?.endpointProvider??yr,extensions:t?.extensions??[],httpAuthSchemeProvider:t?.httpAuthSchemeProvider??Ot,httpAuthSchemes:t?.httpAuthSchemes??[{schemeId:"aws.auth#sigv4",identityProvider:t=>t.getIdentityProvider("aws.auth#sigv4"),signer:new Vt.f2},{schemeId:"smithy.api#noAuth",identityProvider:t=>t.getIdentityProvider("smithy.api#noAuth")||(async()=>({})),signer:new zt.m}],logger:t?.logger??new Pn.N,protocol:t?.protocol??In,protocolSettings:t?.protocolSettings??{defaultNamespace:"com.amazonaws.sts",errorTypeRegistries:G,xmlNamespace:"https://sts.amazonaws.com/doc/2011-06-15/",version:"2011-06-15",serviceTarget:"AWSSecurityTokenServiceV20110615"},serviceId:t?.serviceId??"STS",urlParser:t?.urlParser??Cn.D,utf8Decoder:t?.utf8Decoder??$n.a,utf8Encoder:t?.utf8Encoder??mn.P}))(t);(0,Mt.I)(process.version);const o={profile:t?.profile,logger:r.logger};return{...r,...t,runtime:"node",defaultsMode:e,authSchemePreference:t?.authSchemePreference??(0,s.Z)(_t.$,o),bodyLengthChecker:t?.bodyLengthChecker??Yt.n,defaultUserAgentProvider:t?.defaultUserAgentProvider??(0,jt.pf)({serviceId:r.serviceId,clientVersion:Rt.rE}),httpAuthSchemes:t?.httpAuthSchemes??[{schemeId:"aws.auth#sigv4",identityProvider:e=>e.getIdentityProvider("aws.auth#sigv4")||(async e=>await t.credentialDefaultProvider(e?.__config||{})()),signer:new Vt.f2},{schemeId:"smithy.api#noAuth",identityProvider:t=>t.getIdentityProvider("smithy.api#noAuth")||(async()=>({})),signer:new zt.m}],maxAttempts:t?.maxAttempts??(0,s.Z)(It.qs,t),region:t?.region??(0,s.Z)(i.GG,{...i.zH,...o}),requestHandler:Kt.$.create(t?.requestHandler??n),retryMode:t?.retryMode??(0,s.Z)({...It.kN,default:async()=>(await n()).retryMode||Zt.L0},t),sha256:t?.sha256??Wt.V.bind(null,"sha256"),streamCollector:t?.streamCollector??Bt.k,useDualstackEndpoint:t?.useDualstackEndpoint??(0,s.Z)(Ut.e$,o),useFipsEndpoint:t?.useFipsEndpoint??(0,s.Z)(Lt.Ko,o),userAgentAppId:t?.userAgentAppId??(0,s.Z)(Ft.hV,o)}})(t||{});super(e),this.initConfig=e;const n=(r=e,Object.assign(r,{useDualstackEndpoint:r.useDualstackEndpoint??!1,useFipsEndpoint:r.useFipsEndpoint??!1,useGlobalEndpoint:r.useGlobalEndpoint??!1,defaultSigningName:"sts"}));var r;const o=(0,xt.D)(n),a=(0,It.$z)(o),l=(0,Et.T)(a),c=(0,gt.OV)(l),u=((t,e)=>{const n=Object.assign((0,Er.R)(t),(0,wr.xA)(t),(0,br.e)(t),(t=>{const e=t.httpAuthSchemes;let n=t.httpAuthSchemeProvider,r=t.credentials;return{setHttpAuthScheme(t){const n=e.findIndex(e=>e.schemeId===t.schemeId);-1===n?e.push(t):e.splice(n,1,t)},httpAuthSchemes:()=>e,setHttpAuthSchemeProvider(t){n=t},httpAuthSchemeProvider:()=>n,setCredentials(t){r=t},credentials:()=>r}})(t));return e.forEach(t=>t.configure(n)),Object.assign(t,(0,Er.$)(n),(0,wr.uv)(n),(0,br.j)(n),{httpAuthSchemes:(r=n).httpAuthSchemes(),httpAuthSchemeProvider:r.httpAuthSchemeProvider(),credentials:r.credentials()});var r})((t=>{const e=(n=t,Object.assign(n,{stsClientCtor:Sr}));var n;const r=(0,At.h)(e);return Object.assign(r,{authSchemePreference:(0,Dt.t)(t.authSchemePreference??[])})})((0,Tt.C)(c)),t?.extensions||[]);this.config=u,this.middlewareStack.use((0,vt.wq)(this.config)),this.middlewareStack.use((0,yt.sM)(this.config)),this.middlewareStack.use((0,Pt.ey)(this.config)),this.middlewareStack.use((0,Nt.vK)(this.config)),this.middlewareStack.use((0,gt.TC)(this.config)),this.middlewareStack.use((0,mt.Y7)(this.config)),this.middlewareStack.use((0,ft.n)(this.config)),this.middlewareStack.use((0,bt.w)(this.config,{httpAuthSchemeParametersProvider:kt,identityProviderConfigProvider:async t=>new wt.h({"aws.auth#sigv4":t.credentials})})),this.middlewareStack.use((0,St.l)(this.config))}destroy(){super.destroy()}}const vr=(t,e)=>e?class extends t{constructor(t){super(t);for(const t of e)this.middlewareStack.use(t)}}:t,Nr=(t={},e)=>((t,e)=>{let n,i;return async(s,o)=>{if(i=s,!n){const{logger:r=t?.parentClientConfig?.logger,profile:s=t?.parentClientConfig?.profile,region:o,requestHandler:a=t?.parentClientConfig?.requestHandler,credentialProviderLogger:l,userAgentAppId:c=t?.parentClientConfig?.userAgentAppId}=t,u=await dt(o,t?.parentClientConfig?.region,l,{logger:r,profile:s}),h=!pt(a);n=new e({...t,userAgentAppId:c,profile:s,credentialDefaultProvider:()=>async()=>i,region:u,requestHandler:h?a:void 0,logger:r})}const{Credentials:a,AssumedRoleUser:l}=await n.send(new ct(o));if(!a||!a.AccessKeyId||!a.SecretAccessKey)throw new Error(`Invalid response from STS.assumeRole call with role ${o.RoleArn}`);const c=ht(l),u={accessKeyId:a.AccessKeyId,secretAccessKey:a.SecretAccessKey,sessionToken:a.SessionToken,expiration:a.Expiration,...a.CredentialScope&&{credentialScope:a.CredentialScope},...c&&{accountId:c}};return(0,r.g)(u,"CREDENTIALS_STS_ASSUME_ROLE","i"),u}})(t,vr(Sr,e)),Tr=(t={},e)=>((t,e)=>{let n;return async i=>{if(!n){const{logger:r=t?.parentClientConfig?.logger,profile:i=t?.parentClientConfig?.profile,region:s,requestHandler:o=t?.parentClientConfig?.requestHandler,credentialProviderLogger:a,userAgentAppId:l=t?.parentClientConfig?.userAgentAppId}=t,c=await dt(s,t?.parentClientConfig?.region,a,{logger:r,profile:i}),u=!pt(o);n=new e({...t,userAgentAppId:l,profile:i,region:c,requestHandler:u?o:void 0,logger:r})}const{Credentials:s,AssumedRoleUser:o}=await n.send(new ut(i));if(!s||!s.AccessKeyId||!s.SecretAccessKey)throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${i.RoleArn}`);const a=ht(o),l={accessKeyId:s.AccessKeyId,secretAccessKey:s.SecretAccessKey,sessionToken:s.SessionToken,expiration:s.Expiration,...s.CredentialScope&&{credentialScope:s.CredentialScope},...a&&{accountId:a}};return a&&(0,r.g)(l,"RESOLVED_ACCOUNT_ID","T"),(0,r.g)(l,"CREDENTIALS_STS_ASSUME_ROLE_WEB_ID","k"),l}})(t,vr(Sr,e))},14433:(t,e,n)=>{n.d(e,{m:()=>r});class r{async sign(t,e,n){return t}}},30259:(t,e,n)=>{function r(t){return encodeURIComponent(t).replace(/[!'()*]/g,function(t){return"%"+t.charCodeAt(0).toString(16).toUpperCase()})}n.d(e,{$:()=>r})},69700:(t,e,n)=>{n.d(e,{G:()=>r});const r=t=>{const e=t.length,n=[];let r,i=!1,s=0;for(let o=0;o<e;++o){const e=t[o];switch(e){case'"':"\\"!==r&&(i=!i);break;case",":i||(n.push(t.slice(s,o)),s=o+1)}r=e}return n.push(t.slice(s)),n.map(t=>{const e=(t=t.trim()).length;return e<2?t:('"'===t[0]&&'"'===t[e-1]&&(t=t.slice(1,e-1)),t.replace(/\\"/g,'"'))})}}};
@@ -1,99 +0,0 @@
1
- import type { Request, Response, NextFunction } from "express";
2
- import type { ProofMeta, DetachedProof } from "@kya-os/contracts/proof";
3
- import type { Receipt } from "@kya-os/contracts/registry";
4
- import { type StructuredError } from "@kya-os/contracts/verifier";
5
- import { type CryptoProvider } from "@kya-os/mcp-i-core";
6
- /**
7
- * Verifier middleware for proof and receipt validation
8
- */
9
- export interface VerifierConfig {
10
- /**
11
- * Enable receipt verification
12
- */
13
- receiptVerification?: boolean;
14
- /**
15
- * Enable delegation checking
16
- */
17
- delegationChecking?: boolean;
18
- /**
19
- * KTA base URL
20
- */
21
- ktaBaseUrl?: string;
22
- /**
23
- * Policy toggle for receipt checking
24
- */
25
- receiptPolicy?: "required" | "optional" | "disabled";
26
- /**
27
- * Allow mock data for testing
28
- */
29
- allowMockData?: boolean;
30
- /**
31
- * Optional CryptoProvider for signature verification
32
- * If provided, enables full JWS signature verification when DetachedProof is available
33
- */
34
- cryptoProvider?: CryptoProvider;
35
- }
36
- export interface LocalVerifierResult {
37
- success: boolean;
38
- headers?: Record<string, string>;
39
- error?: StructuredError;
40
- }
41
- export interface VerifierContext {
42
- proof: ProofMeta;
43
- receipt?: Receipt;
44
- delegationRef?: string;
45
- /**
46
- * Optional full DetachedProof with JWS for signature verification
47
- * If provided, enables full cryptographic signature verification
48
- */
49
- detachedProof?: DetachedProof;
50
- }
51
- /**
52
- * Core verifier implementation
53
- */
54
- export declare class CoreVerifier {
55
- private config;
56
- private receiptVerifier;
57
- private delegationManager;
58
- private cryptoService?;
59
- constructor(config?: VerifierConfig);
60
- /**
61
- * Verify proof with optional receipt checking
62
- */
63
- verify(context: VerifierContext): Promise<LocalVerifierResult>;
64
- /**
65
- * Verify proof signature
66
- *
67
- * Note: Full signature verification requires DetachedProof with JWS.
68
- * If only ProofMeta is available, performs structure validation only.
69
- * To enable full verification, provide detachedProof in VerifierContext.
70
- */
71
- private verifySignature;
72
- /**
73
- * Fetch public key from DID document
74
- *
75
- * Note: This is a simplified implementation. Production code should use
76
- * a proper DID resolver that supports multiple DID methods (did:key, did:web, etc.)
77
- */
78
- private fetchPublicKeyFromDID;
79
- /**
80
- * Verify delegation status
81
- */
82
- private verifyDelegation;
83
- /**
84
- * Check if receipt verification should be performed
85
- */
86
- private shouldVerifyReceipt;
87
- /**
88
- * Generate trusted headers for successful verification
89
- */
90
- private generateHeaders;
91
- }
92
- /**
93
- * Cloudflare Worker verifier
94
- */
95
- export declare function verifyWorker(request: Request, config?: VerifierConfig): Promise<LocalVerifierResult>;
96
- /**
97
- * Express verifier middleware
98
- */
99
- export declare function verifyExpress(config?: VerifierConfig): (req: Request, res: Response, next: NextFunction) => Promise<Response<any, Record<string, any>> | undefined>;