@meertrack/mcp 1.0.0

package/dist/tools/list_digests.js

@@ -0,0 +1,63 @@
+import { z } from "zod";
+import { DigestListResponse, paginationInput } from "../types.js";
+import { toToolError } from "../errors.js";
+export const LIST_DIGESTS_NAME = "list_digests";
+export const LIST_DIGESTS_DESCRIPTION = [
+    "Wraps `GET /digests`. Returns cursor-paginated weekly digests (one per competitor per batch day) — the LLM-synthesized summaries. Unlike `list_activities`, pagination here has **no `total`**; use `has_more` / `next_cursor` only.",
+    "",
+    "Filters: `competitor_id` (narrow to one competitor), `from` / `to` (ISO 8601 date-time window on `period_start`).",
+    "",
+    "Chaining: For 'what happened last week across all competitors', prefer `list_latest_digests` — it's a one-shot. Use this when paging backward through history, or filtering to one competitor.",
+    "Errors: `invalid_parameter`, `invalid_cursor`, `unauthorized`, `rate_limited`.",
+].join("\n");
+const inputSchema = {
+    competitor_id: z
+        .string()
+        .uuid()
+        .optional()
+        .describe("Narrow to one competitor's digests. Omit for all tracked competitors."),
+    from: z
+        .string()
+        .datetime({ offset: true })
+        .optional()
+        .describe("Inclusive lower bound on `period_start`, ISO 8601 with offset."),
+    to: z
+        .string()
+        .datetime({ offset: true })
+        .optional()
+        .describe("Inclusive upper bound on `period_start`, ISO 8601 with offset."),
+    limit: paginationInput.limit,
+    cursor: paginationInput.cursor,
+};
+export function registerListDigests(server, client) {
+    server.registerTool(LIST_DIGESTS_NAME, {
+        title: "List digests",
+        description: LIST_DIGESTS_DESCRIPTION,
+        inputSchema,
+        outputSchema: DigestListResponse.shape,
+        annotations: { readOnlyHint: true },
+    }, async (args) => {
+        try {
+            const params = {};
+            if (args.competitor_id)
+                params.competitor_id = [args.competitor_id];
+            if (args.from)
+                params.from = args.from;
+            if (args.to)
+                params.to = args.to;
+            if (args.limit !== undefined)
+                params.limit = args.limit;
+            if (args.cursor)
+                params.cursor = args.cursor;
+            const data = await client.listDigests(params);
+            return {
+                structuredContent: data,
+                content: [{ type: "text", text: JSON.stringify(data) }],
+            };
+        }
+        catch (err) {
+            return toToolError(err);
+        }
+    });
+}
+//# sourceMappingURL=list_digests.js.map

package/dist/tools/list_digests.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list_digests.js","sourceRoot":"","sources":["../../src/tools/list_digests.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,MAAM,CAAC,MAAM,iBAAiB,GAAG,cAAc,CAAC;AAEhD,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,sOAAsO;IACtO,EAAE;IACF,mHAAmH;IACnH,EAAE;IACF,gMAAgM;IAChM,gFAAgF;CACjF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,WAAW,GAAG;IAClB,aAAa,EAAE,CAAC;SACb,MAAM,EAAE;SACR,IAAI,EAAE;SACN,QAAQ,EAAE;SACV,QAAQ,CAAC,uEAAuE,CAAC;IACpF,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,QAAQ,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;SAC1B,QAAQ,EAAE;SACV,QAAQ,CAAC,gEAAgE,CAAC;IAC7E,EAAE,EAAE,CAAC;SACF,MAAM,EAAE;SACR,QAAQ,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;SAC1B,QAAQ,EAAE;SACV,QAAQ,CAAC,gEAAgE,CAAC;IAC7E,KAAK,EAAE,eAAe,CAAC,KAAK;IAC5B,MAAM,EAAE,eAAe,CAAC,MAAM;CACtB,CAAC;AAEX,MAAM,UAAU,mBAAmB,CAAC,MAAiB,EAAE,MAAuB;IAC5E,MAAM,CAAC,YAAY,CACjB,iBAAiB,EACjB;QACE,KAAK,EAAE,cAAc;QACrB,WAAW,EAAE,wBAAwB;QACrC,WAAW;QACX,YAAY,EAAE,kBAAkB,CAAC,KAAK;QACtC,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;KACpC,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,IAAI,CAAC;YACH,MAAM,MAAM,GAA6C,EAAE,CAAC;YAC5D,IAAI,IAAI,CAAC,aAAa;gBAAE,MAAM,CAAC,aAAa,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACpE,IAAI,IAAI,CAAC,IAAI;gBAAE,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvC,IAAI,IAAI,CAAC,EAAE;gBAAE,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YACjC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS;gBAAE,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;YACxD,IAAI,IAAI,CAAC,MAAM;gBAAE,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAC7C,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC9C,OAAO;gBACL,iBAAiB,EAAE,IAAI;gBACvB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;aACxD,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/tools/list_latest_digests.d.ts

@@ -0,0 +1,6 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { MeertrackClient } from "../client.js";
+export declare const LIST_LATEST_DIGESTS_NAME = "list_latest_digests";
+export declare const LIST_LATEST_DIGESTS_DESCRIPTION: string;
+export declare function registerListLatestDigests(server: McpServer, client: MeertrackClient): void;
+//# sourceMappingURL=list_latest_digests.d.ts.map

package/dist/tools/list_latest_digests.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list_latest_digests.d.ts","sourceRoot":"","sources":["../../src/tools/list_latest_digests.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAIpD,eAAO,MAAM,wBAAwB,wBAAwB,CAAC;AAE9D,eAAO,MAAM,+BAA+B,QAKhC,CAAC;AAEb,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,GAAG,IAAI,CAsB1F"}

package/dist/tools/list_latest_digests.js

@@ -0,0 +1,30 @@
+import { DigestLatestResponse } from "../types.js";
+import { toToolError } from "../errors.js";
+export const LIST_LATEST_DIGESTS_NAME = "list_latest_digests";
+export const LIST_LATEST_DIGESTS_DESCRIPTION = [
+    "Wraps `GET /digests/latest`. No parameters. Returns the most recent digest per active competitor from the same batch day — a one-shot 'what happened this week across my tracked competitors'.",
+    "",
+    "Chaining: One-shot entry point — no prior call needed. If the user wants older weeks or a specific competitor's history, use `list_digests` instead.",
+    "Errors: `unauthorized`, `rate_limited`.",
+].join("\n");
+export function registerListLatestDigests(server, client) {
+    server.registerTool(LIST_LATEST_DIGESTS_NAME, {
+        title: "List latest digests",
+        description: LIST_LATEST_DIGESTS_DESCRIPTION,
+        inputSchema: {},
+        outputSchema: DigestLatestResponse.shape,
+        annotations: { readOnlyHint: true },
+    }, async () => {
+        try {
+            const data = await client.listLatestDigests();
+            return {
+                structuredContent: data,
+                content: [{ type: "text", text: JSON.stringify(data) }],
+            };
+        }
+        catch (err) {
+            return toToolError(err);
+        }
+    });
+}
+//# sourceMappingURL=list_latest_digests.js.map

package/dist/tools/list_latest_digests.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list_latest_digests.js","sourceRoot":"","sources":["../../src/tools/list_latest_digests.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,MAAM,CAAC,MAAM,wBAAwB,GAAG,qBAAqB,CAAC;AAE9D,MAAM,CAAC,MAAM,+BAA+B,GAAG;IAC7C,gMAAgM;IAChM,EAAE;IACF,sJAAsJ;IACtJ,yCAAyC;CAC1C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,UAAU,yBAAyB,CAAC,MAAiB,EAAE,MAAuB;IAClF,MAAM,CAAC,YAAY,CACjB,wBAAwB,EACxB;QACE,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,+BAA+B;QAC5C,WAAW,EAAE,EAAE;QACf,YAAY,EAAE,oBAAoB,CAAC,KAAK;QACxC,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;KACpC,EACD,KAAK,IAAI,EAAE;QACT,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAC9C,OAAO;gBACL,iBAAiB,EAAE,IAAI;gBACvB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;aACxD,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/tools/whoami.d.ts

@@ -0,0 +1,6 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { MeertrackClient } from "../client.js";
+export declare const WHOAMI_NAME = "whoami";
+export declare const WHOAMI_DESCRIPTION: string;
+export declare function registerWhoami(server: McpServer, client: MeertrackClient): void;
+//# sourceMappingURL=whoami.d.ts.map

package/dist/tools/whoami.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.d.ts","sourceRoot":"","sources":["../../src/tools/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAIpD,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC,eAAO,MAAM,kBAAkB,QAKnB,CAAC;AAEb,wBAAgB,cAAc,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,GAAG,IAAI,CAsB/E"}

package/dist/tools/whoami.js

@@ -0,0 +1,30 @@
+import { MeResponse } from "../types.js";
+import { toToolError } from "../errors.js";
+export const WHOAMI_NAME = "whoami";
+export const WHOAMI_DESCRIPTION = [
+    "Wraps `GET /me`. Confirms which workspace and API key the agent is authenticated as and returns the current subscription, competitor budget, and rate-limit snapshot.",
+    "",
+    "Chaining: Call first in a session to verify auth and workspace identity before any other tool.",
+    "Errors: `unauthorized` (key is invalid or revoked — mint a new one), `rate_limited` (retry after `X-RateLimit-Reset`).",
+].join("\n");
+export function registerWhoami(server, client) {
+    server.registerTool(WHOAMI_NAME, {
+        title: "Who am I?",
+        description: WHOAMI_DESCRIPTION,
+        inputSchema: {},
+        outputSchema: MeResponse.shape,
+        annotations: { readOnlyHint: true },
+    }, async () => {
+        try {
+            const data = await client.me();
+            return {
+                structuredContent: data,
+                content: [{ type: "text", text: JSON.stringify(data) }],
+            };
+        }
+        catch (err) {
+            return toToolError(err);
+        }
+    });
+}
+//# sourceMappingURL=whoami.js.map

package/dist/tools/whoami.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../src/tools/whoami.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,MAAM,CAAC,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEpC,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,uKAAuK;IACvK,EAAE;IACF,gGAAgG;IAChG,wHAAwH;CACzH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,UAAU,cAAc,CAAC,MAAiB,EAAE,MAAuB;IACvE,MAAM,CAAC,YAAY,CACjB,WAAW,EACX;QACE,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,kBAAkB;QAC/B,WAAW,EAAE,EAAE;QACf,YAAY,EAAE,UAAU,CAAC,KAAK;QAC9B,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;KACpC,EACD,KAAK,IAAI,EAAE;QACT,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,EAAE,EAAE,CAAC;YAC/B,OAAO;gBACL,iBAAiB,EAAE,IAAI;gBACvB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;aACxD,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/transports/http.d.ts

@@ -0,0 +1,58 @@
+import { Hono } from "hono";
+import { buildWwwAuthenticateHeader } from "../auth.js";
+import { type Logger } from "../logger.js";
+/**
+ * Streamable HTTP transport (MCP spec 2025-11-25 §transports).
+ *
+ * Shape:
+ *   POST /mcp    — JSON-RPC request/response, delegated to the SDK transport
+ *                  which enforces the dual-Accept header, Content-Type, and
+ *                  `MCP-Protocol-Version`.
+ *   GET  /mcp    — 405 (V1 is stateless with no server-initiated notifications).
+ *   DELETE /mcp  — 405 (V1 is stateless; `Mcp-Session-Id` is never issued).
+ *   GET /health  — Fly.io health probe.
+ *   GET /.well-known/oauth-protected-resource — RFC 9728 PRM stub (required
+ *       by spec §Authorization for spec-conformant clients to discover how
+ *       to authenticate).
+ *
+ * Per-request server: every POST builds a fresh `McpServer` bound to that
+ * request's bearer. This is the standard stateless pattern — it isolates
+ * per-key auth state and avoids cross-bearer leakage. It is NOT a performance
+ * mistake. If profiling ever shows `McpServer` construction is a hot spot, the
+ * fix is to hoist tool registration to module scope (tool definitions are
+ * static) and only rebuild the per-request auth/client binding — **do not**
+ * share a mutable server across requests with different bearers. Not a v1
+ * optimization.
+ */
+export interface CreateHttpAppOptions {
+    /** Optional upstream override (otherwise resolved from env). */
+    baseUrl?: string;
+    /**
+     * Allowlist for the `Origin` header (DNS rebinding protection, spec
+     * §transports line 104). Requests without an `Origin` header pass (non-
+     * browser clients like `curl` / `npx` don't set it).
+     */
+    allowedOrigins: string[];
+    /**
+     * Public URL of the PRM document, embedded in `WWW-Authenticate` on 401s.
+     * Used verbatim — include scheme + host + path.
+     */
+    protectedResourceMetadataUrl: string;
+    /** Optional fetch override for tests. Threaded into `buildServer`. */
+    fetchImpl?: typeof fetch;
+    /** Optional logger override (tests use a sink that captures lines). */
+    logger?: Logger;
+}
+export declare const HEALTH_PATH = "/health";
+export declare const MCP_PATH = "/mcp";
+export declare const PRM_PATH = "/.well-known/oauth-protected-resource";
+export declare function createHttpApp(options: CreateHttpAppOptions): Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
+/**
+ * Resolve the PRM URL from config + the incoming request. Used by the
+ * entrypoint when users don't override the metadata URL explicitly: derive it
+ * from the first request's `Host`. For the production Fly deploy, this config
+ * is set at startup via `MEERTRACK_MCP_PRM_URL` to the public HTTPS URL.
+ */
+export declare function defaultProtectedResourceMetadataUrl(host: string, protocol?: "http" | "https"): string;
+export { buildWwwAuthenticateHeader };
+//# sourceMappingURL=http.d.ts.map

package/dist/transports/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/transports/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EACL,0BAA0B,EAG3B,MAAM,YAAY,CAAC;AAEpB,OAAO,EAA2B,KAAK,MAAM,EAAE,MAAM,cAAc,CAAC;AAEpE;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,MAAM,WAAW,oBAAoB;IACnC,gEAAgE;IAChE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB;;;OAGG;IACH,4BAA4B,EAAE,MAAM,CAAC;IACrC,sEAAsE;IACtE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IACzB,uEAAuE;IACvE,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,eAAO,MAAM,WAAW,YAAY,CAAC;AACrC,eAAO,MAAM,QAAQ,SAAS,CAAC;AAC/B,eAAO,MAAM,QAAQ,0CAA0C,CAAC;AAEhE,wBAAgB,aAAa,CAAC,OAAO,EAAE,oBAAoB,8EAqC1D;AAgKD;;;;;GAKG;AACH,wBAAgB,mCAAmC,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAM,GAAG,OAAiB,GAAG,MAAM,CAE9G;AAED,OAAO,EAAE,0BAA0B,EAAE,CAAC"}

package/dist/transports/http.js

@@ -0,0 +1,179 @@
+import { Hono } from "hono";
+import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
+import { buildWwwAuthenticateHeader, extractHttpBearer, } from "../auth.js";
+import { buildServer } from "../server.js";
+import { logger as defaultLogger } from "../logger.js";
+export const HEALTH_PATH = "/health";
+export const MCP_PATH = "/mcp";
+export const PRM_PATH = "/.well-known/oauth-protected-resource";
+export function createHttpApp(options) {
+    const app = new Hono();
+    // Origin allowlist — runs before routing so it protects every path. The SDK
+    // also has deprecated built-in origin validation; we enforce it at the
+    // transport edge per the spec's current guidance.
+    app.use("*", async (c, next) => {
+        const origin = c.req.header("origin");
+        if (origin && !options.allowedOrigins.includes(origin)) {
+            return c.json({ error: { code: "forbidden_origin", message: `Origin not allowed: ${origin}` } }, 403);
+        }
+        await next();
+    });
+    app.get(HEALTH_PATH, (c) => c.json({ ok: true }));
+    app.get(PRM_PATH, (c) => c.json({
+        resource: prmResourceFor(options.protectedResourceMetadataUrl),
+        authorization_servers: [],
+        bearer_methods_supported: ["header"],
+    }));
+    const log = options.logger ?? defaultLogger;
+    app.post(MCP_PATH, (c) => handleMcpPost(c, options, log));
+    // Stateless — no server-initiated notifications, no session termination.
+    // Spec allows 405 for either, as long as `Allow` advertises what IS valid.
+    app.get(MCP_PATH, (c) => methodNotAllowed(c));
+    app.delete(MCP_PATH, (c) => methodNotAllowed(c));
+    app.all(MCP_PATH, (c) => methodNotAllowed(c));
+    return app;
+}
+function prmResourceFor(prmUrl) {
+    // The `resource` in PRM is the MCP endpoint, not the PRM doc URL itself.
+    // Derive it from the PRM URL by replacing the well-known suffix with `/mcp`.
+    try {
+        const u = new URL(prmUrl);
+        u.pathname = MCP_PATH;
+        return u.toString();
+    }
+    catch {
+        return prmUrl;
+    }
+}
+function methodNotAllowed(_c) {
+    return new Response(JSON.stringify({
+        jsonrpc: "2.0",
+        error: { code: -32000, message: "Method not allowed." },
+        id: null,
+    }), {
+        status: 405,
+        headers: { Allow: "POST", "Content-Type": "application/json" },
+    });
+}
+async function handleMcpPost(c, options, log) {
+    const start = Date.now();
+    const protocolVersion = c.req.header("mcp-protocol-version") ?? undefined;
+    const userAgent = c.req.header("user-agent") ?? undefined;
+    // Peek the body once so we can log the JSON-RPC method/tool. The SDK reads
+    // the request body itself, so we re-make a Request with the same body text
+    // before forwarding. Body peek is cheap (single small JSON-RPC frame).
+    const bodyText = await c.req.raw.text().catch(() => "");
+    const peeked = peekRpcBody(bodyText);
+    const finalize = (status, extra = {}) => {
+        log.log({
+            event: "http_request",
+            status,
+            duration_ms: Date.now() - start,
+            ...(peeked.method !== undefined ? { mcp_method: peeked.method } : {}),
+            ...(peeked.tool !== undefined ? { tool: peeked.tool } : {}),
+            ...(protocolVersion !== undefined ? { mcp_protocol_version: protocolVersion } : {}),
+            ...(userAgent !== undefined ? { client_user_agent: userAgent } : {}),
+            ...extra,
+        });
+    };
+    const prmUrl = options.protectedResourceMetadataUrl;
+    const authCtx = {
+        header: (name) => c.req.header(name) ?? null,
+        searchParams: new URL(c.req.url).searchParams,
+        protectedResourceMetadataUrl: prmUrl,
+    };
+    const resolution = extractHttpBearer(authCtx);
+    if (!resolution.ok) {
+        finalize(401);
+        return unauthorizedResponse(resolution.message, resolution.wwwAuthenticate);
+    }
+    let upstreamRequestId = null;
+    const server = buildServer({
+        apiKey: resolution.apiKey,
+        ...(options.baseUrl !== undefined ? { baseUrl: options.baseUrl } : {}),
+        ...(options.fetchImpl !== undefined ? { fetchImpl: options.fetchImpl } : {}),
+        onUpstreamResponse: ({ requestId }) => {
+            // Last upstream call wins — single tool invocation per JSON-RPC frame in
+            // practice, so this is the call's request id.
+            if (requestId)
+                upstreamRequestId = requestId;
+        },
+    });
+    // Stateless mode: `sessionIdGenerator` explicitly undefined disables session
+    // tracking entirely. JSON responses (not SSE) because this server never
+    // pushes notifications — simpler to reason about and lets us await full
+    // completion before releasing the per-request server.
+    const transport = new WebStandardStreamableHTTPServerTransport({
+        sessionIdGenerator: undefined,
+        enableJsonResponse: true,
+    });
+    // Re-construct the request because we already consumed its body above.
+    const forwarded = new Request(c.req.raw.url, {
+        method: c.req.raw.method,
+        headers: c.req.raw.headers,
+        body: bodyText,
+    });
+    try {
+        await server.connect(transport);
+        const response = await transport.handleRequest(forwarded);
+        await server.close();
+        finalize(response.status, upstreamRequestId ? { meertrack_request_id: upstreamRequestId } : {});
+        return response;
+    }
+    catch (err) {
+        await server.close().catch(() => { });
+        const message = err instanceof Error ? err.message : String(err);
+        finalize(500, { error: message, ...(upstreamRequestId ? { meertrack_request_id: upstreamRequestId } : {}) });
+        return new Response(JSON.stringify({
+            jsonrpc: "2.0",
+            error: { code: -32603, message: `Internal error: ${message}` },
+            id: null,
+        }), { status: 500, headers: { "Content-Type": "application/json" } });
+    }
+}
+/**
+ * Pull the JSON-RPC `method` and (when applicable) the `params.name` tool name
+ * out of a request body. Tolerates malformed bodies — bad input is the SDK's
+ * job to reject; logging just records what we can see.
+ */
+function peekRpcBody(text) {
+    if (!text)
+        return {};
+    try {
+        const parsed = JSON.parse(text);
+        const first = Array.isArray(parsed) ? parsed[0] : parsed;
+        if (!first || typeof first !== "object")
+            return {};
+        const method = typeof first.method === "string" ? first.method : undefined;
+        const tool = method === "tools/call" && first.params && typeof first.params.name === "string"
+            ? first.params.name
+            : undefined;
+        return {
+            ...(method !== undefined ? { method } : {}),
+            ...(tool !== undefined ? { tool } : {}),
+        };
+    }
+    catch {
+        return {};
+    }
+}
+function unauthorizedResponse(message, wwwAuthenticate) {
+    return new Response(JSON.stringify({ error: { code: "unauthorized", message } }), {
+        status: 401,
+        headers: {
+            "Content-Type": "application/json",
+            "WWW-Authenticate": wwwAuthenticate,
+        },
+    });
+}
+/**
+ * Resolve the PRM URL from config + the incoming request. Used by the
+ * entrypoint when users don't override the metadata URL explicitly: derive it
+ * from the first request's `Host`. For the production Fly deploy, this config
+ * is set at startup via `MEERTRACK_MCP_PRM_URL` to the public HTTPS URL.
+ */
+export function defaultProtectedResourceMetadataUrl(host, protocol = "https") {
+    return `${protocol}://${host}${PRM_PATH}`;
+}
+export { buildWwwAuthenticateHeader };
+//# sourceMappingURL=http.js.map

package/dist/transports/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/transports/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,wCAAwC,EAAE,MAAM,+DAA+D,CAAC;AACzH,OAAO,EACL,0BAA0B,EAC1B,iBAAiB,GAElB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,MAAM,IAAI,aAAa,EAAe,MAAM,cAAc,CAAC;AA8CpE,MAAM,CAAC,MAAM,WAAW,GAAG,SAAS,CAAC;AACrC,MAAM,CAAC,MAAM,QAAQ,GAAG,MAAM,CAAC;AAC/B,MAAM,CAAC,MAAM,QAAQ,GAAG,uCAAuC,CAAC;AAEhE,MAAM,UAAU,aAAa,CAAC,OAA6B;IACzD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,4EAA4E;IAC5E,uEAAuE;IACvE,kDAAkD;IAClD,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,uBAAuB,MAAM,EAAE,EAAE,EAAE,EACjF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAElD,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CACtB,CAAC,CAAC,IAAI,CAAC;QACL,QAAQ,EAAE,cAAc,CAAC,OAAO,CAAC,4BAA4B,CAAC;QAC9D,qBAAqB,EAAE,EAAE;QACzB,wBAAwB,EAAE,CAAC,QAAQ,CAAC;KACrC,CAAC,CACH,CAAC;IAEF,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,IAAI,aAAa,CAAC;IAC5C,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;IAE1D,yEAAyE;IACzE,2EAA2E;IAC3E,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9C,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;IAE9C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IACpC,yEAAyE;IACzE,6EAA6E;IAC7E,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1B,CAAC,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACtB,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,EAAW;IACnC,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;QACb,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,EAAE;QACvD,EAAE,EAAE,IAAI;KACT,CAAC,EACF;QACE,MAAM,EAAE,GAAG;QACX,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAC/D,CACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,CAAU,EACV,OAA6B,EAC7B,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,eAAe,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,IAAI,SAAS,CAAC;IAC1E,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC;IAE1D,2EAA2E;IAC3E,2EAA2E;IAC3E,uEAAuE;IACvE,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IAErC,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAE,QAAiC,EAAE,EAAQ,EAAE;QAC7E,GAAG,CAAC,GAAG,CAAC;YACN,KAAK,EAAE,cAAc;YACrB,MAAM;YACN,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC/B,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3D,GAAG,CAAC,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACnF,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,GAAG,KAAK;SACT,CAAC,CAAC;IACL,CAAC,CAAC;IAEF,MAAM,MAAM,GAAG,OAAO,CAAC,4BAA4B,CAAC;IAEpD,MAAM,OAAO,GAAoB;QAC/B,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI;QAC5C,YAAY,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,YAAY;QAC7C,4BAA4B,EAAE,MAAM;KACrC,CAAC;IAEF,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;QACnB,QAAQ,CAAC,GAAG,CAAC,CAAC;QACd,OAAO,oBAAoB,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,eAAe,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,iBAAiB,GAAkB,IAAI,CAAC;IAE5C,MAAM,MAAM,GAAG,WAAW,CAAC;QACzB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtE,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5E,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE;YACpC,yEAAyE;YACzE,8CAA8C;YAC9C,IAAI,SAAS;gBAAE,iBAAiB,GAAG,SAAS,CAAC;QAC/C,CAAC;KACF,CAAC,CAAC;IAEH,6EAA6E;IAC7E,wEAAwE;IACxE,wEAAwE;IACxE,sDAAsD;IACtD,MAAM,SAAS,GAAG,IAAI,wCAAwC,CAAC;QAC7D,kBAAkB,EAAE,SAAS;QAC7B,kBAAkB,EAAE,IAAI;KACzB,CAAC,CAAC;IAEH,uEAAuE;IACvE,MAAM,SAAS,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE;QAC3C,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM;QACxB,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO;QAC1B,IAAI,EAAE,QAAQ;KACf,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAC1D,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAChG,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,QAAQ,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7G,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;YACb,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,mBAAmB,OAAO,EAAE,EAAE;YAC9D,EAAE,EAAE,IAAI;SACT,CAAC,EACF,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAE8B,CAAC;QAC7D,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACzD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3E,MAAM,IAAI,GACR,MAAM,KAAK,YAAY,IAAI,KAAK,CAAC,MAAM,IAAI,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,QAAQ;YAC9E,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI;YACnB,CAAC,CAAC,SAAS,CAAC;QAChB,OAAO;YACL,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe,EAAE,eAAuB;IACpE,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,EAAE,CAAC,EAC5D;QACE,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,kBAAkB,EAAE,eAAe;SACpC;KACF,CACF,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mCAAmC,CAAC,IAAY,EAAE,WAA6B,OAAO;IACpG,OAAO,GAAG,QAAQ,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;AAC5C,CAAC;AAED,OAAO,EAAE,0BAA0B,EAAE,CAAC"}

package/dist/transports/stdio.d.ts

@@ -0,0 +1,12 @@
+import { type BuildServerOptions } from "../server.js";
+/**
+ * stdio transport: read JSON-RPC frames from process.stdin, write responses to
+ * process.stdout. stdout is a protocol channel — every diagnostic must go to
+ * stderr so we don't corrupt the MCP framing. The logger writes single-line
+ * JSON to stderr for parity with the HTTP transport, with the same redaction.
+ *
+ * Owns the process lifetime: returns when the transport closes (client
+ * disconnected stdin) or a fatal signal fires.
+ */
+export declare function runStdio(opts: BuildServerOptions): Promise<void>;
+//# sourceMappingURL=stdio.d.ts.map

package/dist/transports/stdio.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../../src/transports/stdio.ts"],"names":[],"mappings":"AACA,OAAO,EAAe,KAAK,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAIpE;;;;;;;;GAQG;AACH,wBAAsB,QAAQ,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBtE"}

package/dist/transports/stdio.js

@@ -0,0 +1,35 @@
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { buildServer } from "../server.js";
+import { logger } from "../logger.js";
+import { VERSION } from "../version.js";
+/**
+ * stdio transport: read JSON-RPC frames from process.stdin, write responses to
+ * process.stdout. stdout is a protocol channel — every diagnostic must go to
+ * stderr so we don't corrupt the MCP framing. The logger writes single-line
+ * JSON to stderr for parity with the HTTP transport, with the same redaction.
+ *
+ * Owns the process lifetime: returns when the transport closes (client
+ * disconnected stdin) or a fatal signal fires.
+ */
+export async function runStdio(opts) {
+    const server = buildServer(opts);
+    const transport = new StdioServerTransport();
+    const shutdown = async (signal) => {
+        logger.log({ event: "stdio_shutdown", signal });
+        try {
+            await server.close();
+        }
+        catch (err) {
+            logger.log({
+                event: "stdio_shutdown_error",
+                message: err instanceof Error ? err.message : String(err),
+            });
+        }
+        process.exit(0);
+    };
+    process.once("SIGINT", () => void shutdown("SIGINT"));
+    process.once("SIGTERM", () => void shutdown("SIGTERM"));
+    await server.connect(transport);
+    logger.log({ event: "stdio_ready", version: VERSION });
+}
+//# sourceMappingURL=stdio.js.map

package/dist/transports/stdio.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../src/transports/stdio.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,WAAW,EAA2B,MAAM,cAAc,CAAC;AACpE,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAwB;IACrD,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAE7C,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAsB,EAAiB,EAAE;QAC/D,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,CAAC;gBACT,KAAK,EAAE,sBAAsB;gBAC7B,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aAC1D,CAAC,CAAC;QACL,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IAExD,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;AACzD,CAAC"}