@mag.ni/process 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Mag.ni
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,122 @@
+# @mag.ni/process
+
+MCP server for [Processes](https://process.mag.ni) — a platform where users design structured workflows that guide AI agents through sequential tasks, decision points, and reporting.
+
+## Quick Start
+
+Add to your `.mcp.json` (project root or `~/.claude.json`):
+
+```json
+{
+  "mcpServers": {
+    "process": {
+      "command": "npx",
+      "args": ["-y", "@mag.ni/process"]
+    }
+  }
+}
+```
+
+On first use, a browser window opens for authentication. After signing in, the token is stored locally and reused automatically.
+
+### Windows
+
+```json
+{
+  "mcpServers": {
+    "process": {
+      "command": "cmd",
+      "args": ["/c", "npx", "-y", "@mag.ni/process"]
+    }
+  }
+}
+```
+
+### Auto-Updates
+
+Using `npx -y` ensures you always run the latest version. Updates are picked up automatically when the MCP server restarts.
+
+## Configuration
+
+All settings have sensible defaults. Override via the `env` block in `.mcp.json` if needed:
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `PROCESSES_API_URL` | `https://process.mag.ni` | Process API endpoint |
+| `PROCESSES_AUTH_URL` | `https://auth.mag.ni` | OAuth authorization server |
+| `PROCESSES_OAUTH_CLIENT_ID` | `process-mcp` | OAuth client ID |
+| `PROCESSES_OAUTH_CALLBACK_PORT` | `19823` | Local port for OAuth callback |
+| `SENTRY_DSN` | _(disabled)_ | Error reporting endpoint |
+
+Example with custom API URL (e.g. for staging):
+
+```json
+{
+  "mcpServers": {
+    "process": {
+      "command": "npx",
+      "args": ["-y", "@mag.ni/process"],
+      "env": {
+        "PROCESSES_API_URL": "https://process.office.mag.ni",
+        "PROCESSES_AUTH_URL": "https://auth.office.mag.ni"
+      }
+    }
+  }
+}
+```
+
+## Available Tools
+
+### Agent Management
+| Tool | Description |
+|------|-------------|
+| `list_agent_users` | List all agent identities |
+| `create_agent_user` | Create a new agent identity |
+| `delete_agent_user` | Delete an unclaimed agent identity |
+
+### Session Management
+| Tool | Description |
+|------|-------------|
+| `claim_user` | Claim an agent identity to start working |
+| `heartbeat` | Extend session lease |
+| `release_user` | Release claimed identity |
+| `logout` | Clear session and stored credentials |
+
+### Workflow Execution
+| Tool | Description |
+|------|-------------|
+| `get_my_instances` | Get workflow instances assigned to you |
+| `get_instance_details` | Get current step, history, and metadata |
+| `get_available_actions` | Get actions at the current step |
+| `take_action` | Execute an action to advance the workflow |
+| `get_diagram_context` | Get full workflow structure |
+| `get_instance_notes` | Get notes on an instance |
+| `add_instance_note` | Add a note to an instance |
+| `get_node_details` | Get detailed instructions for steps |
+
+### Diagram Design
+| Tool | Description |
+|------|-------------|
+| `enter_design_mode` | Enter design mode |
+| `exit_design_mode` | Exit design mode |
+| `list_diagrams` | List available diagrams |
+| `get_diagram` | Get diagram details |
+| `create_diagram` | Create a new diagram |
+| `update_diagram` | Update diagram properties |
+| `create_node` | Add a node to a diagram |
+| `update_node` | Modify a node |
+| `delete_node` | Remove a node |
+| `create_arrow` | Connect two nodes |
+| `update_arrow` | Modify a connection |
+| `delete_arrow` | Remove a connection |
+| `delete_diagram` | Delete a diagram |
+| `duplicate_diagram` | Copy a diagram |
+
+## Requirements
+
+- Node.js 18+
+- An MCP-compatible client (e.g. [Claude Code](https://claude.com/claude-code))
+
+## License
+
+MIT

package/dist/auth.d.ts

@@ -0,0 +1,50 @@
+/**
+ * MCP Processes - OAuth2 Authorization Code + PKCE Authentication
+ *
+ * Authenticates the MCP server as the user who runs it (like `gh auth login`).
+ * Flow:
+ * 1. Check for stored refresh token in ~/.config/mcp-processes/tokens.json
+ * 2. If no token: start local HTTP server, open browser to auth server
+ * 3. User logs in → auth server redirects to http://localhost:{port}/callback
+ * 4. Exchange auth code for access_token + refresh_token
+ * 5. Store refresh token locally for future sessions
+ */
+export interface AuthConfig {
+    authUrl: string;
+    clientId: string;
+    clientSecret?: string;
+    callbackPort: number;
+    scopes: string[];
+}
+export declare function clearStoredTokens(authUrl?: string): void;
+export declare class OAuthManager {
+    private config;
+    private accessToken;
+    private tokenExpiresAt;
+    private refreshToken;
+    constructor(config: AuthConfig);
+    /**
+     * Ensure we have a valid access token.
+     * If no token exists, triggers the browser-based login flow.
+     * If token is expired, uses refresh token to get a new one.
+     */
+    ensureAccessToken(): Promise<string>;
+    /**
+     * Start the interactive browser-based login flow
+     */
+    private interactiveLogin;
+    /**
+     * Get the current access token (may be null if not yet authenticated)
+     */
+    getAccessToken(): string | null;
+    /**
+     * Check if we have a stored refresh token (can authenticate without browser)
+     */
+    hasStoredCredentials(): boolean;
+    /**
+     * Clear all in-memory tokens and remove stored credentials for this environment.
+     * After calling this, the next ensureAccessToken() will trigger interactive login.
+     */
+    clearCredentials(): void;
+}
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AA+BH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AA+CD,wBAAgB,iBAAiB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAmBxD;AAgRD,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,cAAc,CAAa;IACnC,OAAO,CAAC,YAAY,CAAuB;gBAE/B,MAAM,EAAE,UAAU;IAU9B;;;;OAIG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAmC1C;;OAEG;YACW,gBAAgB;IAkD9B;;OAEG;IACH,cAAc,IAAI,MAAM,GAAG,IAAI;IAO/B;;OAEG;IACH,oBAAoB,IAAI,OAAO;IAI/B;;;OAGG;IACH,gBAAgB,IAAI,IAAI;CAMzB"}

package/dist/auth.js

@@ -0,0 +1,421 @@
+/**
+ * MCP Processes - OAuth2 Authorization Code + PKCE Authentication
+ *
+ * Authenticates the MCP server as the user who runs it (like `gh auth login`).
+ * Flow:
+ * 1. Check for stored refresh token in ~/.config/mcp-processes/tokens.json
+ * 2. If no token: start local HTTP server, open browser to auth server
+ * 3. User logs in → auth server redirects to http://localhost:{port}/callback
+ * 4. Exchange auth code for access_token + refresh_token
+ * 5. Store refresh token locally for future sessions
+ */
+import * as http from 'node:http';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import * as crypto from 'node:crypto';
+import { spawn } from 'node:child_process';
+// =============================================================================
+// Token Storage
+// =============================================================================
+function getTokenFilePath() {
+    const configDir = process.platform === 'win32'
+        ? path.join(os.homedir(), '.config', 'mcp-processes')
+        : path.join(os.homedir(), '.config', 'mcp-processes');
+    return path.join(configDir, 'tokens.json');
+}
+function loadTokenStore() {
+    const filePath = getTokenFilePath();
+    try {
+        const data = fs.readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(data);
+        // Migrate single-token format to multi-environment store
+        if (parsed.refreshToken && parsed.authUrl) {
+            return { [parsed.authUrl]: parsed };
+        }
+        return parsed;
+    }
+    catch {
+        return {};
+    }
+}
+function loadStoredTokens(authUrl) {
+    const store = loadTokenStore();
+    return store[authUrl] ?? null;
+}
+function saveTokens(tokens) {
+    const filePath = getTokenFilePath();
+    const dir = path.dirname(filePath);
+    fs.mkdirSync(dir, { recursive: true });
+    // Load existing store and merge
+    const store = loadTokenStore();
+    store[tokens.authUrl] = tokens;
+    fs.writeFileSync(filePath, JSON.stringify(store, null, 2), { mode: 0o600 });
+}
+export function clearStoredTokens(authUrl) {
+    if (!authUrl) {
+        // Clear all tokens
+        const filePath = getTokenFilePath();
+        try {
+            fs.unlinkSync(filePath);
+        }
+        catch {
+            // File doesn't exist, that's fine
+        }
+        return;
+    }
+    // Clear tokens for a specific auth URL
+    const store = loadTokenStore();
+    delete store[authUrl];
+    const filePath = getTokenFilePath();
+    const dir = path.dirname(filePath);
+    fs.mkdirSync(dir, { recursive: true });
+    fs.writeFileSync(filePath, JSON.stringify(store, null, 2), { mode: 0o600 });
+}
+// =============================================================================
+// PKCE Helpers
+// =============================================================================
+function generateCodeVerifier() {
+    return crypto.randomBytes(32).toString('base64url');
+}
+function generateCodeChallenge(verifier) {
+    return crypto.createHash('sha256').update(verifier).digest('base64url');
+}
+// =============================================================================
+// Browser Helpers
+// =============================================================================
+/**
+ * Open a URL in the default browser.
+ * On Windows, cmd.exe interprets & as a command separator, so we write
+ * a temp HTML file with a redirect and open that instead.
+ */
+function openBrowser(url) {
+    try {
+        if (process.platform === 'win32') {
+            // Use PowerShell Start-Process — avoids cmd.exe's & interpretation issues with URLs
+            // Escape double quotes in URL to prevent PowerShell injection
+            const safeUrl = url.replace(/"/g, '`"');
+            spawn('powershell.exe', ['-NoProfile', '-Command', `Start-Process "${safeUrl}"`], {
+                stdio: 'ignore',
+                windowsHide: true,
+            });
+        }
+        else if (process.platform === 'darwin') {
+            spawn('open', [url], { stdio: 'ignore' });
+        }
+        else {
+            spawn('xdg-open', [url], { stdio: 'ignore' });
+        }
+    }
+    catch {
+        console.error(`\nPlease open this URL in your browser to authenticate:\n${url}\n`);
+    }
+}
+// =============================================================================
+// HTML Page Helpers
+// =============================================================================
+function escapeHtml(str) {
+    return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+}
+function renderErrorPage(title, message, details) {
+    const timestamp = new Date().toISOString();
+    const reportBody = `Error: ${title}\nMessage: ${message}\nDetails: ${details}\nTimestamp: ${timestamp}\nPlatform: ${process.platform}\nNode: ${process.version}`;
+    return `<!DOCTYPE html>
+<html><head><meta charset="utf-8"><title>MCP Processes — Error</title>
+<link rel="icon" href="https://mag.ni/favicon.ico" />
+<style>
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', system-ui, sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; background: #f8f9fa; color: #1a1a2e; }
+  .card { background: white; border-radius: 12px; padding: 48px; box-shadow: 0 2px 12px rgba(0,0,0,0.08); text-align: center; max-width: 520px; }
+  .icon { font-size: 48px; margin-bottom: 16px; }
+  h1 { font-size: 22px; font-weight: 600; margin: 0 0 12px; color: #c0392b; }
+  p { color: #555; line-height: 1.6; margin: 0; }
+  .details { margin-top: 16px; padding: 12px 16px; background: #f1f3f5; border-radius: 8px; font-family: 'SF Mono', Monaco, 'Cascadia Code', monospace; font-size: 12px; color: #666; text-align: left; word-break: break-all; }
+  .actions { margin-top: 24px; display: flex; gap: 12px; justify-content: center; flex-wrap: wrap; }
+  .btn { display: inline-block; padding: 10px 20px; border-radius: 8px; font-size: 14px; font-weight: 500; text-decoration: none; cursor: pointer; border: none; transition: background 0.2s; }
+  .btn-primary { background: #3b82f6; color: white; }
+  .btn-primary:hover { background: #2563eb; }
+  .btn-secondary { background: #e5e7eb; color: #374151; }
+  .btn-secondary:hover { background: #d1d5db; }
+  .hint { margin-top: 20px; font-size: 13px; color: #888; }
+  .copied { color: #16a34a; font-weight: 500; }
+</style></head>
+<body><div class="card">
+  <div class="icon">&#9888;</div>
+  <h1>${escapeHtml(title)}</h1>
+  <p>${escapeHtml(message)}</p>
+  <div class="details">
+    <div>${escapeHtml(details)}</div>
+    <div style="margin-top:4px;color:#999">${escapeHtml(timestamp)}</div>
+  </div>
+  <div class="actions">
+    <button class="btn btn-primary" onclick="copyReport()">Copy Error Report</button>
+    <a class="btn btn-secondary" href="mailto:tech-success@magnifinance.com?subject=${encodeURIComponent('MCP Processes Auth Error: ' + title)}&body=${encodeURIComponent(reportBody)}">Email Report</a>
+  </div>
+  <p class="hint" id="hint">Copy the error report and send it to the development team so we can help.</p>
+</div>
+<script>
+function copyReport() {
+  const report = ${JSON.stringify(reportBody)};
+  navigator.clipboard.writeText(report).then(function() {
+    document.getElementById('hint').innerHTML = '<span class="copied">Copied to clipboard!</span> Paste it in a message to the dev team.';
+  }).catch(function() {
+    // Fallback: select text in details box
+    var range = document.createRange();
+    range.selectNodeContents(document.querySelector('.details'));
+    var sel = window.getSelection();
+    sel.removeAllRanges();
+    sel.addRange(range);
+    document.getElementById('hint').textContent = 'Select and copy the error details above.';
+  });
+}
+</script>
+</body></html>`;
+}
+// =============================================================================
+// Authorization Code Flow
+// =============================================================================
+/**
+ * Start a local HTTP server and wait for the OAuth callback.
+ * Opens the browser to the authorization URL.
+ * Returns the authorization code.
+ */
+function waitForAuthorizationCode(authorizationUrl, port, expectedState) {
+    return new Promise((resolve, reject) => {
+        const server = http.createServer((req, res) => {
+            if (!req.url?.startsWith('/callback')) {
+                res.writeHead(404);
+                res.end('Not found');
+                return;
+            }
+            const url = new URL(req.url, `http://localhost:${port}`);
+            const code = url.searchParams.get('code');
+            const state = url.searchParams.get('state');
+            const error = url.searchParams.get('error');
+            const errorDescription = url.searchParams.get('error_description');
+            if (error) {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(renderErrorPage('Authentication Failed', errorDescription || error, `OAuth error code: ${error}`));
+                server.close();
+                reject(new Error(`OAuth error: ${error} - ${errorDescription}`));
+                return;
+            }
+            if (state !== expectedState) {
+                console.error(`State mismatch — expected: ${expectedState.substring(0, 8)}..., received: ${(state || 'null').substring(0, 8)}...`);
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(renderErrorPage('Invalid State', 'CSRF state mismatch. This can happen if you took too long to log in or opened multiple login tabs.', `Expected: ${expectedState.substring(0, 8)}..., Received: ${(state || 'null').substring(0, 8)}...`));
+                server.close();
+                reject(new Error('OAuth state mismatch'));
+                return;
+            }
+            if (!code) {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(renderErrorPage('Missing Authorization Code', 'The authorization server did not return an authorization code.', 'No authorization code was present in the callback response.'));
+                server.close();
+                reject(new Error('No authorization code received'));
+                return;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(`<!DOCTYPE html>
+<html><head><meta charset="utf-8"><title>MCP Processes — Authenticated</title>
+<link rel="icon" href="https://mag.ni/favicon.ico" />
+<style>
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', system-ui, sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; background: #f8f9fa; color: #1a1a2e; }
+  .card { background: white; border-radius: 12px; padding: 48px; box-shadow: 0 2px 12px rgba(0,0,0,0.08); text-align: center; max-width: 440px; }
+  .icon { font-size: 48px; margin-bottom: 16px; }
+  h1 { font-size: 22px; font-weight: 600; margin: 0 0 12px; }
+  p { color: #555; line-height: 1.6; margin: 0; }
+  .hint { margin-top: 20px; font-size: 13px; color: #888; }
+</style></head>
+<body><div class="card">
+  <div class="icon">&#10003;</div>
+  <h1>You're signed in to MCP Processes</h1>
+  <p>Your session token has been saved. The MCP server is now authenticated with your identity and tenant context.</p>
+  <p class="hint">You can close this tab and return to your terminal.</p>
+</div></body></html>`);
+            server.close();
+            resolve(code);
+        });
+        server.listen(port, '127.0.0.1', () => {
+            // Open browser to authorization URL
+            openBrowser(authorizationUrl);
+        });
+        // Timeout after 2 minutes
+        setTimeout(() => {
+            server.close();
+            reject(new Error('Authentication timed out (2 minutes). Please try again.'));
+        }, 120000);
+    });
+}
+/**
+ * Exchange authorization code for tokens
+ */
+async function exchangeCodeForTokens(config, code, codeVerifier) {
+    const tokenUrl = `${config.authUrl}/connect/token`;
+    const params = {
+        grant_type: 'authorization_code',
+        client_id: config.clientId,
+        code,
+        redirect_uri: `http://localhost:${config.callbackPort}/callback`,
+        code_verifier: codeVerifier,
+    };
+    if (config.clientSecret) {
+        params.client_secret = config.clientSecret;
+    }
+    const body = new URLSearchParams(params);
+    const response = await fetch(tokenUrl, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            'User-Agent': 'MCP-Processes/1.0',
+        },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`Token exchange failed (${response.status}): ${errorText}`);
+    }
+    return response.json();
+}
+/**
+ * Use refresh token to get a new access token
+ */
+async function refreshAccessToken(config, refreshToken) {
+    const tokenUrl = `${config.authUrl}/connect/token`;
+    const params = {
+        grant_type: 'refresh_token',
+        client_id: config.clientId,
+        refresh_token: refreshToken,
+    };
+    if (config.clientSecret) {
+        params.client_secret = config.clientSecret;
+    }
+    const body = new URLSearchParams(params);
+    const response = await fetch(tokenUrl, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            'User-Agent': 'MCP-Processes/1.0',
+        },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`Token refresh failed (${response.status}): ${errorText}`);
+    }
+    return response.json();
+}
+// =============================================================================
+// OAuth Manager
+// =============================================================================
+export class OAuthManager {
+    config;
+    accessToken = null;
+    tokenExpiresAt = 0;
+    refreshToken = null;
+    constructor(config) {
+        this.config = config;
+        // Try to load stored refresh token for this environment
+        const stored = loadStoredTokens(config.authUrl);
+        if (stored && stored.clientId === config.clientId) {
+            this.refreshToken = stored.refreshToken;
+        }
+    }
+    /**
+     * Ensure we have a valid access token.
+     * If no token exists, triggers the browser-based login flow.
+     * If token is expired, uses refresh token to get a new one.
+     */
+    async ensureAccessToken() {
+        // Token still valid (with 30s buffer)
+        if (this.accessToken && Date.now() < this.tokenExpiresAt - 30000) {
+            return this.accessToken;
+        }
+        // Try refresh token first
+        if (this.refreshToken) {
+            try {
+                const tokenResponse = await refreshAccessToken(this.config, this.refreshToken);
+                this.accessToken = tokenResponse.access_token;
+                this.tokenExpiresAt = Date.now() + tokenResponse.expires_in * 1000;
+                // Update stored refresh token if a new one was issued
+                if (tokenResponse.refresh_token) {
+                    this.refreshToken = tokenResponse.refresh_token;
+                    saveTokens({
+                        refreshToken: this.refreshToken,
+                        authUrl: this.config.authUrl,
+                        clientId: this.config.clientId,
+                    });
+                }
+                return this.accessToken;
+            }
+            catch (error) {
+                // Refresh failed — fall through to interactive login
+                console.error('Token refresh failed, initiating login flow...');
+                this.refreshToken = null;
+            }
+        }
+        // No valid token — start interactive login
+        return this.interactiveLogin();
+    }
+    /**
+     * Start the interactive browser-based login flow
+     */
+    async interactiveLogin() {
+        const codeVerifier = generateCodeVerifier();
+        const codeChallenge = generateCodeChallenge(codeVerifier);
+        const state = crypto.randomBytes(16).toString('hex');
+        const authParams = new URLSearchParams({
+            client_id: this.config.clientId,
+            redirect_uri: `http://localhost:${this.config.callbackPort}/callback`,
+            response_type: 'code',
+            scope: this.config.scopes.join(' '),
+            code_challenge: codeChallenge,
+            code_challenge_method: 'S256',
+            state,
+        });
+        const authorizationUrl = `${this.config.authUrl}/connect/authorize?${authParams.toString()}`;
+        console.error('Opening browser for authentication...');
+        // Wait for the user to authenticate and get the code
+        const code = await waitForAuthorizationCode(authorizationUrl, this.config.callbackPort, state);
+        // Exchange code for tokens
+        const tokenResponse = await exchangeCodeForTokens(this.config, code, codeVerifier);
+        this.accessToken = tokenResponse.access_token;
+        this.tokenExpiresAt = Date.now() + tokenResponse.expires_in * 1000;
+        // Store refresh token for future sessions
+        if (tokenResponse.refresh_token) {
+            this.refreshToken = tokenResponse.refresh_token;
+            saveTokens({
+                refreshToken: this.refreshToken,
+                authUrl: this.config.authUrl,
+                clientId: this.config.clientId,
+            });
+        }
+        console.error('Authentication successful!');
+        return this.accessToken;
+    }
+    /**
+     * Get the current access token (may be null if not yet authenticated)
+     */
+    getAccessToken() {
+        if (this.accessToken && Date.now() < this.tokenExpiresAt - 30000) {
+            return this.accessToken;
+        }
+        return null;
+    }
+    /**
+     * Check if we have a stored refresh token (can authenticate without browser)
+     */
+    hasStoredCredentials() {
+        return this.refreshToken !== null;
+    }
+    /**
+     * Clear all in-memory tokens and remove stored credentials for this environment.
+     * After calling this, the next ensureAccessToken() will trigger interactive login.
+     */
+    clearCredentials() {
+        this.accessToken = null;
+        this.tokenExpiresAt = 0;
+        this.refreshToken = null;
+        clearStoredTokens(this.config.authUrl);
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAgC3C,gFAAgF;AAChF,gBAAgB;AAChB,gFAAgF;AAEhF,SAAS,gBAAgB;IACvB,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5C,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,eAAe,CAAC;QACrD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IAExD,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChC,yDAAyD;QACzD,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC1C,OAAO,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,MAAsB,EAAE,CAAC;QACtD,CAAC;QACD,OAAO,MAAoB,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;AAChC,CAAC;AAED,SAAS,UAAU,CAAC,MAAoB;IACtC,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEnC,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEvC,gCAAgC;IAChC,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC;IAE/B,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAgB;IAChD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,mBAAmB;QACnB,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;QACpC,IAAI,CAAC;YACH,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;QACD,OAAO;IACT,CAAC;IAED,uCAAuC;IACvC,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC;IACtB,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,gFAAgF;AAChF,eAAe;AACf,gFAAgF;AAEhF,SAAS,oBAAoB;IAC3B,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAC1E,CAAC;AAED,gFAAgF;AAChF,kBAAkB;AAClB,gFAAgF;AAEhF;;;;GAIG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,oFAAoF;YACpF,8DAA8D;YAC9D,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACxC,KAAK,CAAC,gBAAgB,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,kBAAkB,OAAO,GAAG,CAAC,EAAE;gBAChF,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,IAAI;aAClB,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACzC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,4DAA4D,GAAG,IAAI,CAAC,CAAC;IACrF,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,oBAAoB;AACpB,gFAAgF;AAEhF,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACxG,CAAC;AAED,SAAS,eAAe,CAAC,KAAa,EAAE,OAAe,EAAE,OAAe;IACtE,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,UAAU,GAAG,UAAU,KAAK,cAAc,OAAO,cAAc,OAAO,gBAAgB,SAAS,eAAe,OAAO,CAAC,QAAQ,WAAW,OAAO,CAAC,OAAO,EAAE,CAAC;IAEjK,OAAO;;;;;;;;;;;;;;;;;;;;;QAqBD,UAAU,CAAC,KAAK,CAAC;OAClB,UAAU,CAAC,OAAO,CAAC;;WAEf,UAAU,CAAC,OAAO,CAAC;6CACe,UAAU,CAAC,SAAS,CAAC;;;;sFAIoB,kBAAkB,CAAC,4BAA4B,GAAG,KAAK,CAAC,SAAS,kBAAkB,CAAC,UAAU,CAAC;;;;;;mBAMlK,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;;;;;;;;;;;;;;eAc9B,CAAC;AAChB,CAAC;AAED,gFAAgF;AAChF,0BAA0B;AAC1B,gFAAgF;AAEhF;;;;GAIG;AACH,SAAS,wBAAwB,CAC/B,gBAAwB,EACxB,IAAY,EACZ,aAAqB;IAErB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAC5C,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;YACzD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;YAEnE,IAAI,KAAK,EAAE,CAAC;gBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,uBAAuB,EAAE,gBAAgB,IAAI,KAAK,EAAE,qBAAqB,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC3G,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,MAAM,gBAAgB,EAAE,CAAC,CAAC,CAAC;gBACjE,OAAO;YACT,CAAC;YAED,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;gBAC5B,OAAO,CAAC,KAAK,CAAC,8BAA8B,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,kBAAkB,CAAC,KAAK,IAAI,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;gBACnI,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,eAAe,EAAE,oGAAoG,EAAE,aAAa,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,kBAAkB,CAAC,KAAK,IAAI,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACpP,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC;gBAC1C,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,4BAA4B,EAAE,gEAAgE,EAAE,6DAA6D,CAAC,CAAC,CAAC;gBACxL,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;qBAgBO,CAAC,CAAC;YACjB,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;YACpC,oCAAoC;YACpC,WAAW,CAAC,gBAAgB,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,0BAA0B;QAC1B,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC,CAAC;QAC/E,CAAC,EAAE,MAAM,CAAC,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,MAAkB,EAClB,IAAY,EACZ,YAAoB;IAEpB,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,OAAO,gBAAgB,CAAC;IACnD,MAAM,MAAM,GAA2B;QACrC,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,IAAI;QACJ,YAAY,EAAE,oBAAoB,MAAM,CAAC,YAAY,WAAW;QAChE,aAAa,EAAE,YAAY;KAC5B,CAAC;IACF,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;IAC7C,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;IAEzC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QACrC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,YAAY,EAAE,mBAAmB;SAClC;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,MAAM,SAAS,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAA4B,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,MAAkB,EAClB,YAAoB;IAEpB,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,OAAO,gBAAgB,CAAC;IACnD,MAAM,MAAM,GAA2B;QACrC,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,YAAY;KAC5B,CAAC;IACF,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;IAC7C,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;IAEzC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QACrC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,YAAY,EAAE,mBAAmB;SAClC;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;KACtB,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,MAAM,SAAS,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAA4B,CAAC;AACnD,CAAC;AAED,gFAAgF;AAChF,gBAAgB;AAChB,gFAAgF;AAEhF,MAAM,OAAO,YAAY;IACf,MAAM,CAAa;IACnB,WAAW,GAAkB,IAAI,CAAC;IAClC,cAAc,GAAW,CAAC,CAAC;IAC3B,YAAY,GAAkB,IAAI,CAAC;IAE3C,YAAY,MAAkB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,wDAAwD;QACxD,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC;YAClD,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QAC1C,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB;QACrB,sCAAsC;QACtC,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,GAAG,KAAK,EAAE,CAAC;YACjE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QAED,0BAA0B;QAC1B,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;gBAC/E,IAAI,CAAC,WAAW,GAAG,aAAa,CAAC,YAAY,CAAC;gBAC9C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC;gBAEnE,sDAAsD;gBACtD,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;oBAChC,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC,aAAa,CAAC;oBAChD,UAAU,CAAC;wBACT,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;wBAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;qBAC/B,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,CAAC,WAAW,CAAC;YAC1B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,qDAAqD;gBACrD,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;gBAChE,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB;QAC5B,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAErD,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC;YACrC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,YAAY,EAAE,oBAAoB,IAAI,CAAC,MAAM,CAAC,YAAY,WAAW;YACrE,aAAa,EAAE,MAAM;YACrB,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACnC,cAAc,EAAE,aAAa;YAC7B,qBAAqB,EAAE,MAAM;YAC7B,KAAK;SACN,CAAC,CAAC;QAEH,MAAM,gBAAgB,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,sBAAsB,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC;QAE7F,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAEvD,qDAAqD;QACrD,MAAM,IAAI,GAAG,MAAM,wBAAwB,CACzC,gBAAgB,EAChB,IAAI,CAAC,MAAM,CAAC,YAAY,EACxB,KAAK,CACN,CAAC;QAEF,2BAA2B;QAC3B,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAC/C,IAAI,CAAC,MAAM,EACX,IAAI,EACJ,YAAY,CACb,CAAC;QAEF,IAAI,CAAC,WAAW,GAAG,aAAa,CAAC,YAAY,CAAC;QAC9C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC;QAEnE,0CAA0C;QAC1C,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;YAChC,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC,aAAa,CAAC;YAChD,UAAU,CAAC;gBACT,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,GAAG,KAAK,EAAE,CAAC;YACjE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,OAAO,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC;IACpC,CAAC;IAED;;;OAGG;IACH,gBAAgB;QACd,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;CACF"}