@lobu/cli 4.3.0 → 6.0.0

package/dist/internal/oauth.js

@@ -0,0 +1,234 @@
+/**
+ * OAuth 2.0 device-code client used by `lobu login`.
+ *
+ * Mirrors the same flow that `@lobu/owletto-openclaw` uses against
+ * Owletto-hosted issuers: dynamic client registration (RFC 7591) +
+ * device authorization grant (RFC 8628) + refresh-token grant.
+ */
+const CLIENT_NAME = "Lobu CLI";
+const SOFTWARE_ID = "lobu-cli";
+const SCOPE = "mcp:read mcp:write mcp:admin profile:read";
+const GRANT_DEVICE_CODE = "urn:ietf:params:oauth:grant-type:device_code";
+const GRANT_REFRESH_TOKEN = "refresh_token";
+/** RFC 8628 §3.5: on `slow_down`, the device MUST increase the interval by 5s. */
+const SLOW_DOWN_BUMP_SECONDS = 5;
+export const DEVICE_CODE_GRANT_TYPE = GRANT_DEVICE_CODE;
+export class OAuthError extends Error {
+    code;
+    constructor(code, message) {
+        super(message);
+        this.code = code;
+        this.name = "OAuthError";
+    }
+}
+/**
+ * Find the OAuth issuer for an API URL by stripping the path and fetching
+ * `<origin>/.well-known/oauth-authorization-server`. Both Owletto-hosted
+ * issuers (community.lobu.ai, app.lobu.ai) and the embedded local gateway
+ * publish discovery at the API origin.
+ */
+export async function discoverOAuth(apiUrl) {
+    const origin = new URL(apiUrl).origin;
+    const url = `${origin}/.well-known/oauth-authorization-server`;
+    const meta = await getJson(url, "discovery");
+    const tokenEndpoint = pickString(meta, "token_endpoint");
+    if (!tokenEndpoint) {
+        throw new OAuthError("discovery_invalid", `Discovery doc at ${url} is missing token_endpoint.`);
+    }
+    return {
+        issuer: pickString(meta, "issuer") ?? origin,
+        authorizationEndpoint: pickString(meta, "authorization_endpoint"),
+        tokenEndpoint,
+        registrationEndpoint: pickString(meta, "registration_endpoint"),
+        deviceAuthorizationEndpoint: pickString(meta, "device_authorization_endpoint"),
+        revocationEndpoint: pickString(meta, "revocation_endpoint"),
+        userinfoEndpoint: pickString(meta, "userinfo_endpoint"),
+        grantTypesSupported: Array.isArray(meta.grant_types_supported)
+            ? meta.grant_types_supported.filter((g) => typeof g === "string")
+            : [],
+    };
+}
+/**
+ * Register a public client capable of running the device-code grant.
+ * `token_endpoint_auth_method: "none"` keeps the CLI from needing to
+ * ship a client secret.
+ */
+export async function registerClient(registrationEndpoint, softwareVersion) {
+    const body = await postJson(registrationEndpoint, {
+        client_name: CLIENT_NAME,
+        software_id: SOFTWARE_ID,
+        software_version: softwareVersion,
+        grant_types: [GRANT_DEVICE_CODE, GRANT_REFRESH_TOKEN],
+        token_endpoint_auth_method: "none",
+        scope: SCOPE,
+    });
+    if (!body.ok) {
+        throw new OAuthError("registration_failed", body.errorMessage);
+    }
+    const clientId = pickString(body.data, "client_id");
+    if (!clientId) {
+        throw new OAuthError("registration_invalid", "Registration response was missing client_id.");
+    }
+    return { clientId, clientSecret: pickString(body.data, "client_secret") };
+}
+export async function startDeviceAuthorization(endpoint, client) {
+    const body = await postJson(endpoint, withClient(client, { scope: SCOPE }));
+    if (!body.ok) {
+        throw new OAuthError("device_authorization_failed", body.errorMessage);
+    }
+    const deviceCode = pickString(body.data, "device_code");
+    const userCode = pickString(body.data, "user_code");
+    const verificationUri = pickString(body.data, "verification_uri");
+    if (!deviceCode || !userCode || !verificationUri) {
+        throw new OAuthError("device_authorization_invalid", "Device authorization response was missing required fields.");
+    }
+    return {
+        deviceCode,
+        userCode,
+        verificationUri,
+        verificationUriComplete: pickString(body.data, "verification_uri_complete"),
+        expiresIn: pickNumber(body.data, "expires_in") ?? 600,
+        interval: Math.max(pickNumber(body.data, "interval") ?? 5, 1),
+    };
+}
+/**
+ * One iteration of the device-code polling loop. Returns `pending` for
+ * `authorization_pending` / `slow_down` (with `bumpInterval` set when the
+ * server asks us to back off), `complete` once the user approves, and
+ * `error` for terminal failures.
+ */
+export async function pollDeviceToken(tokenEndpoint, client, deviceCode) {
+    const body = await postJson(tokenEndpoint, withClient(client, {
+        grant_type: GRANT_DEVICE_CODE,
+        device_code: deviceCode,
+    }));
+    if (body.ok && typeof body.data.access_token === "string") {
+        return { status: "complete", tokens: parseTokenResponse(body.data) };
+    }
+    const code = pickString(body.data, "error") ?? "unknown_error";
+    if (code === "authorization_pending") {
+        return { status: "pending", bumpInterval: false };
+    }
+    if (code === "slow_down") {
+        return { status: "pending", bumpInterval: true };
+    }
+    return {
+        status: "error",
+        code,
+        message: pickString(body.data, "error_description") ??
+            `Token endpoint returned ${body.status}.`,
+    };
+}
+export async function refreshTokens(tokenEndpoint, client, refreshToken) {
+    const body = await postJson(tokenEndpoint, withClient(client, {
+        grant_type: GRANT_REFRESH_TOKEN,
+        refresh_token: refreshToken,
+    }));
+    if (!body.ok || typeof body.data.access_token !== "string")
+        return null;
+    return parseTokenResponse(body.data);
+}
+export async function fetchUserInfo(userinfoEndpoint, accessToken) {
+    let response;
+    try {
+        response = await fetch(userinfoEndpoint, {
+            headers: {
+                Authorization: `Bearer ${accessToken}`,
+                Accept: "application/json",
+            },
+        });
+    }
+    catch {
+        return null;
+    }
+    if (!response.ok)
+        return null;
+    const data = (await response.json().catch(() => null));
+    if (!data)
+        return null;
+    const sub = pickString(data, "sub");
+    if (!sub)
+        return null;
+    return {
+        sub,
+        email: pickString(data, "email"),
+        name: pickString(data, "name"),
+    };
+}
+/** RFC 7009 — best-effort. Network failures are intentionally swallowed. */
+export async function revokeToken(revocationEndpoint, client, token, hint) {
+    await postJson(revocationEndpoint, withClient(client, { token, token_type_hint: hint }));
+}
+export function bumpInterval(interval, slowDown) {
+    return slowDown ? interval + SLOW_DOWN_BUMP_SECONDS : interval;
+}
+function parseTokenResponse(data) {
+    const accessToken = pickString(data, "access_token");
+    if (!accessToken) {
+        throw new OAuthError("invalid_token_response", "Token endpoint response was missing access_token.");
+    }
+    return {
+        accessToken,
+        refreshToken: pickString(data, "refresh_token"),
+        expiresIn: pickNumber(data, "expires_in"),
+    };
+}
+async function postJson(url, body) {
+    let response;
+    try {
+        response = await fetch(url, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Accept: "application/json",
+            },
+            body: JSON.stringify(body),
+        });
+    }
+    catch (err) {
+        return {
+            ok: false,
+            status: 0,
+            data: {},
+            errorMessage: `Network error: ${err.message}`,
+        };
+    }
+    const data = (await response.json().catch(() => ({})));
+    if (response.ok)
+        return { ok: true, status: response.status, data };
+    const errorMessage = pickString(data, "error_description") ??
+        pickString(data, "error") ??
+        `HTTP ${response.status}`;
+    return { ok: false, status: response.status, data, errorMessage };
+}
+async function getJson(url, context) {
+    let response;
+    try {
+        response = await fetch(url, { headers: { Accept: "application/json" } });
+    }
+    catch (err) {
+        throw new OAuthError(`${context}_unreachable`, `Could not reach ${url}: ${err.message}`);
+    }
+    if (!response.ok) {
+        throw new OAuthError(`${context}_failed`, `${url} returned HTTP ${response.status}.`);
+    }
+    return (await response.json());
+}
+function withClient(client, fields) {
+    const body = {
+        client_id: client.clientId,
+        ...fields,
+    };
+    if (client.clientSecret)
+        body.client_secret = client.clientSecret;
+    return body;
+}
+function pickString(data, key) {
+    const v = data[key];
+    return typeof v === "string" && v.length > 0 ? v : undefined;
+}
+function pickNumber(data, key) {
+    const v = data[key];
+    return typeof v === "number" && Number.isFinite(v) ? v : undefined;
+}
+//# sourceMappingURL=oauth.js.map

package/dist/internal/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/internal/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,GAAG,UAAU,CAAC;AAC/B,MAAM,WAAW,GAAG,UAAU,CAAC;AAC/B,MAAM,KAAK,GAAG,2CAA2C,CAAC;AAC1D,MAAM,iBAAiB,GAAG,8CAA8C,CAAC;AACzE,MAAM,mBAAmB,GAAG,eAAe,CAAC;AAC5C,kFAAkF;AAClF,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAEjC,MAAM,CAAC,MAAM,sBAAsB,GAAG,iBAAiB,CAAC;AAuCxD,MAAM,OAAO,UAAW,SAAQ,KAAK;IAEjB;IADlB,YACkB,IAAY,EAC5B,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,SAAI,GAAJ,IAAI,CAAQ;QAI5B,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC;IAC3B,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc;IAChD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IACtC,MAAM,GAAG,GAAG,GAAG,MAAM,yCAAyC,CAAC;IAC/D,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAE7C,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IACzD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,UAAU,CAClB,mBAAmB,EACnB,oBAAoB,GAAG,6BAA6B,CACrD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM,EAAE,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM;QAC5C,qBAAqB,EAAE,UAAU,CAAC,IAAI,EAAE,wBAAwB,CAAC;QACjE,aAAa;QACb,oBAAoB,EAAE,UAAU,CAAC,IAAI,EAAE,uBAAuB,CAAC;QAC/D,2BAA2B,EAAE,UAAU,CACrC,IAAI,EACJ,+BAA+B,CAChC;QACD,kBAAkB,EAAE,UAAU,CAAC,IAAI,EAAE,qBAAqB,CAAC;QAC3D,gBAAgB,EAAE,UAAU,CAAC,IAAI,EAAE,mBAAmB,CAAC;QACvD,mBAAmB,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,qBAAqB,CAAC;YAC5D,CAAC,CAAE,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAChC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAChB;YAChB,CAAC,CAAC,EAAE;KACP,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,oBAA4B,EAC5B,eAAuB;IAEvB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,oBAAoB,EAAE;QAChD,WAAW,EAAE,WAAW;QACxB,WAAW,EAAE,WAAW;QACxB,gBAAgB,EAAE,eAAe;QACjC,WAAW,EAAE,CAAC,iBAAiB,EAAE,mBAAmB,CAAC;QACrD,0BAA0B,EAAE,MAAM;QAClC,KAAK,EAAE,KAAK;KACb,CAAC,CAAC;IAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,UAAU,CAClB,sBAAsB,EACtB,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,CAAC;AAC5E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,QAAgB,EAChB,MAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAC5E,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,UAAU,CAAC,6BAA6B,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACpD,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAClE,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ,IAAI,CAAC,eAAe,EAAE,CAAC;QACjD,MAAM,IAAI,UAAU,CAClB,8BAA8B,EAC9B,4DAA4D,CAC7D,CAAC;IACJ,CAAC;IAED,OAAO;QACL,UAAU;QACV,QAAQ;QACR,eAAe;QACf,uBAAuB,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,2BAA2B,CAAC;QAC3E,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,GAAG;QACrD,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;KAC9D,CAAC;AACJ,CAAC;AAOD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,aAAqB,EACrB,MAAwB,EACxB,UAAkB;IAElB,MAAM,IAAI,GAAG,MAAM,QAAQ,CACzB,aAAa,EACb,UAAU,CAAC,MAAM,EAAE;QACjB,UAAU,EAAE,iBAAiB;QAC7B,WAAW,EAAE,UAAU;KACxB,CAAC,CACH,CAAC;IAEF,IAAI,IAAI,CAAC,EAAE,IAAI,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC1D,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IACvE,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,eAAe,CAAC;IAC/D,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;QACrC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;IACpD,CAAC;IACD,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACnD,CAAC;IACD,OAAO;QACL,MAAM,EAAE,OAAO;QACf,IAAI;QACJ,OAAO,EACL,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAmB,CAAC;YAC1C,2BAA2B,IAAI,CAAC,MAAM,GAAG;KAC5C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,aAAqB,EACrB,MAAwB,EACxB,YAAoB;IAEpB,MAAM,IAAI,GAAG,MAAM,QAAQ,CACzB,aAAa,EACb,UAAU,CAAC,MAAM,EAAE;QACjB,UAAU,EAAE,mBAAmB;QAC/B,aAAa,EAAE,YAAY;KAC5B,CAAC,CACH,CAAC;IACF,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxE,OAAO,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,gBAAwB,EACxB,WAAmB;IAEnB,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YACvC,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;gBACtC,MAAM,EAAE,kBAAkB;aAC3B;SACF,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAG7C,CAAC;IACT,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACpC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,OAAO;QACL,GAAG;QACH,KAAK,EAAE,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC;QAChC,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,4EAA4E;AAC5E,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,kBAA0B,EAC1B,MAAwB,EACxB,KAAa,EACb,IAAsC;IAEtC,MAAM,QAAQ,CACZ,kBAAkB,EAClB,UAAU,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CACrD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,QAAiB;IAC9D,OAAO,QAAQ,CAAC,CAAC,CAAC,QAAQ,GAAG,sBAAsB,CAAC,CAAC,CAAC,QAAQ,CAAC;AACjE,CAAC;AAED,SAAS,kBAAkB,CAAC,IAA6B;IACvD,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACrD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,UAAU,CAClB,wBAAwB,EACxB,mDAAmD,CACpD,CAAC;IACJ,CAAC;IACD,OAAO;QACL,WAAW;QACX,YAAY,EAAE,UAAU,CAAC,IAAI,EAAE,eAAe,CAAC;QAC/C,SAAS,EAAE,UAAU,CAAC,IAAI,EAAE,YAAY,CAAC;KAC1C,CAAC;AACJ,CAAC;AAWD,KAAK,UAAU,QAAQ,CACrB,GAAW,EACX,IAA6B;IAE7B,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC1B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,CAAC;YACT,IAAI,EAAE,EAAE;YACR,YAAY,EAAE,kBAAmB,GAAa,CAAC,OAAO,EAAE;SACzD,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAGpD,CAAC;IACF,IAAI,QAAQ,CAAC,EAAE;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;IACpE,MAAM,YAAY,GAChB,UAAU,CAAC,IAAI,EAAE,mBAAmB,CAAC;QACrC,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC;QACzB,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;IAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;AACpE,CAAC;AAED,KAAK,UAAU,OAAO,CACpB,GAAW,EACX,OAAe;IAEf,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,UAAU,CAClB,GAAG,OAAO,cAAc,EACxB,mBAAmB,GAAG,KAAM,GAAa,CAAC,OAAO,EAAE,CACpD,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,UAAU,CAClB,GAAG,OAAO,SAAS,EACnB,GAAG,GAAG,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAC3C,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;AAC5D,CAAC;AAED,SAAS,UAAU,CACjB,MAAwB,EACxB,MAA+B;IAE/B,MAAM,IAAI,GAA4B;QACpC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,GAAG,MAAM;KACV,CAAC;IACF,IAAI,MAAM,CAAC,YAAY;QAAE,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;IAClE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,UAAU,CACjB,IAA6B,EAC7B,GAAW;IAEX,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACpB,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AAED,SAAS,UAAU,CACjB,IAA6B,EAC7B,GAAW;IAEX,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACpB,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AACrE,CAAC"}