@mpurdon/mcp-freshbooks 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Matthew Purdon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,221 @@
+# freshbooks-mcp
+
+A local MCP (Model Context Protocol) server that gives Claude Desktop access to your FreshBooks invoices. List, view, create, update, send, and (soft-)delete invoices, plus list clients and items so you can construct invoices end-to-end.
+
+- **Transport:** stdio (single user, runs on your machine)
+- **Auth:** OAuth2 with refresh-token persistence at `~/.freshbooks-mcp/tokens.json` (mode 0600)
+- **Runtime:** Node 20+, TypeScript built to ESM
+
+## Prerequisites
+
+- Node.js 20 or newer
+- A FreshBooks account with API access
+- Claude Desktop (https://claude.ai/download)
+- **mkcert** — generates a locally-trusted TLS cert so the OAuth callback can run over HTTPS (required by FreshBooks):
+  ```bash
+  brew install mkcert
+  mkcert -install   # installs the local CA — only needed once per machine
+  ```
+
+## 1. Create a FreshBooks developer app
+
+FreshBooks uses OAuth2, so you need a developer app to get a Client ID and Secret.
+
+1. Sign in at https://my.freshbooks.com.
+2. Open https://my.freshbooks.com/#/developer.
+3. Click **Create an App**. Give it a name like `Claude MCP (local)` and a short description. The app type is "Private app" or similar — there is no review process for private apps.
+4. Under **Redirect URIs**, add exactly:
+   ```
+   https://localhost:8765/callback
+   ```
+   (If you need a different port, set `FRESHBOOKS_REDIRECT_URI` in the environment before running setup, and add the matching URL to your app. Must be HTTPS.)
+5. Save. Copy the **Client ID** and **Client Secret** somewhere private — you'll paste them into a `.env` file in the next step.
+
+The required scopes are the defaults (read/write on accounting resources). FreshBooks will prompt you to consent during the OAuth flow.
+
+## 2. Install and build
+
+```bash
+npm install
+npm run build
+```
+
+## 3. Run setup (one-time OAuth)
+
+Create a `.env` in the project root (copy from `.env.example`):
+
+```
+FRESHBOOKS_CLIENT_ID=your_client_id
+FRESHBOOKS_CLIENT_SECRET=your_client_secret
+```
+
+Then:
+
+```bash
+npm run setup
+```
+
+What happens:
+
+1. Your default browser opens to `https://auth.freshbooks.com/oauth/authorize/...`. Sign in and approve.
+2. FreshBooks redirects to `https://localhost:8765/callback` with an auth code. The setup script catches it via a one-shot local HTTPS listener (using a mkcert-generated cert) and exchanges it for tokens.
+3. The script calls `/auth/api/v1/users/me` to discover your `account_id` and business name.
+4. Tokens are written to `~/.freshbooks-mcp/tokens.json` with mode 0600. The directory `~/.freshbooks-mcp` is created with mode 0700.
+5. The script prints a Claude Desktop config snippet — copy it.
+
+If you have multiple businesses on your FreshBooks account, the script picks the first one and prints a note. To target a different one, set `FRESHBOOKS_ACCOUNT_ID` and `FRESHBOOKS_BUSINESS_ID` in the server env (these override the discovered values). See "Multiple businesses on one FreshBooks account" below.
+
+## 4. Add to Claude Desktop config
+
+Open the Claude Desktop config file:
+
+- macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`
+- Windows: `%APPDATA%\Claude\claude_desktop_config.json`
+
+Paste the snippet that `npm run setup` printed into the `mcpServers` object. It looks like:
+
+```json
+{
+  "mcpServers": {
+    "freshbooks": {
+      "command": "node",
+      "args": ["/Users/mp/.claude/mcp-servers/freshbooks/dist/index.js"],
+      "env": {
+        "FRESHBOOKS_CLIENT_ID": "your_client_id",
+        "FRESHBOOKS_CLIENT_SECRET": "your_client_secret"
+      }
+    }
+  }
+}
+```
+
+Both `FRESHBOOKS_CLIENT_ID` and `FRESHBOOKS_CLIENT_SECRET` are required at runtime: the server uses them to refresh the access token when it expires (every ~12h).
+
+The server also reads a `.env` file in the project root on startup as a fallback, so any `FRESHBOOKS_*` var not present in the `env` block above is picked up from there. The `env` block always takes precedence. Recognized vars: `FRESHBOOKS_CLIENT_ID`, `FRESHBOOKS_CLIENT_SECRET`, `FRESHBOOKS_REDIRECT_URI`, `FRESHBOOKS_TOKENS_PATH`, `FRESHBOOKS_ACCOUNT_ID`, `FRESHBOOKS_BUSINESS_ID` — see `.env.example`.
+
+Restart Claude Desktop. You should see `freshbooks` appear in the tools menu.
+
+## Available tools
+
+All tools accept structured JSON input. Below are the inputs for each.
+
+### Invoices
+
+- **`list_invoices`** — `{ status?, client_id?, date_from?, date_to?, search?, page?, per_page? }`
+  Filter by `v3_status` (`draft`, `sent`, `viewed`, `paid`, `overdue`, ...), client, date range, or invoice number substring. Default `per_page` is 20.
+- **`get_invoice`** — `{ invoice_id: number }`
+- **`create_invoice`** — `{ client_id, lines: [{ description, qty, unit_cost, name?, taxName1?, taxAmount1? }], currency_code?, due_offset_days?, notes?, terms?, invoice_number?, create_date? }`
+  `unit_cost` is a decimal (e.g. `75.00` for $75), not cents. Tax amounts are percentages (e.g. `13` for 13%).
+- **`update_invoice`** — `{ invoice_id, notes?, terms?, due_offset_days?, invoice_number?, lines? }`
+  Partial update. Note: if you pass `lines`, it **replaces** all line items on the invoice.
+- **`send_invoice`** — `{ invoice_id, recipients?, subject?, body? }`
+  Emails the invoice (FreshBooks `action_email: true`). Defaults to the client's email on file.
+- **`delete_invoice`** — `{ invoice_id }`
+  **Soft delete.** Sets `vis_state=1`. The invoice is recoverable from the FreshBooks UI's deleted items view; this server does not expose a permanent-delete tool.
+
+### Clients
+
+- **`list_clients`** — `{ search?, page?, per_page? }`
+- **`get_client`** — `{ client_id: number }`
+
+### Items
+
+- **`list_items`** — `{ search?, page?, per_page? }`
+  Saved line items, useful when constructing invoices.
+
+### Account
+
+- **`get_account_info`** — `{}`
+  Returns `{ account_id, business_id, business_name }`. Use this to verify setup.
+
+## Example prompts in Claude Desktop
+
+- "List all overdue invoices."
+- "Show me invoice 12345."
+- "Find clients matching 'Acme'."
+- "Draft an invoice to client 678910 for 8 hours of consulting at $150/hr, due in 30 days."
+- "Email invoice 12345 to billing@example.com with subject 'March invoice'."
+
+Claude will ask for confirmation before destructive actions like `delete_invoice` or `send_invoice` — review the proposed input before approving.
+
+## Security notes
+
+- Tokens are stored at `~/.freshbooks-mcp/tokens.json` with mode 0600. The server refuses to start if the file is group- or world-readable.
+- The client secret is loaded from environment variables, not from disk.
+- `Authorization` headers are never logged. The client redacts request bodies in error messages.
+- All tool inputs are validated with strict Zod schemas (extra fields are rejected).
+- The OAuth setup uses a CSRF `state` parameter and verifies it on the callback.
+- The server binds the OAuth callback listener to `127.0.0.1` only.
+
+## Troubleshooting
+
+### `Refusing to read ~/.freshbooks-mcp/tokens.json: permissions are 644, must be 600`
+
+The token file is too permissive. Fix:
+
+```bash
+chmod 600 ~/.freshbooks-mcp/tokens.json
+chmod 700 ~/.freshbooks-mcp
+```
+
+### `FreshBooks token refresh failed ... Re-run npm run setup to re-authorize.`
+
+The refresh token has been revoked or expired. Re-run `npm run setup`. Common causes:
+
+- You changed your FreshBooks password.
+- You revoked the app's access in your FreshBooks settings.
+- The refresh token has been unused for a very long time.
+
+### `Could not refresh FreshBooks access token at startup`
+
+Same as above. The server proactively refreshes if the access token is within 60s of expiry, so this surfaces stale-refresh-token problems early.
+
+### Claude Desktop says the server crashed / disappeared
+
+1. Check Claude Desktop's log file (Help -> Open Developer Tools -> Console for the renderer; the main process log is in the same directory as the config file).
+2. Run the server manually to see its stderr:
+   ```bash
+   FRESHBOOKS_CLIENT_ID=... FRESHBOOKS_CLIENT_SECRET=... node /Users/mp/.claude/mcp-servers/freshbooks/dist/index.js
+   ```
+   It will sit waiting for stdio JSON-RPC; press Ctrl+C to exit. If startup failed it prints `[freshbooks-mcp] fatal: ...` to stderr.
+3. Common fix: re-run `npm run build` after pulling updates.
+
+### `429 Too Many Requests` showing up
+
+The server respects FreshBooks' `Retry-After` header automatically (single retry). If you're hitting the limit consistently, increase `per_page` to fetch more per call, or cache results in your conversation.
+
+### Multiple businesses on one FreshBooks account
+
+`npm run setup` picks the first business and prints a note. To target a different one, set these in the server's `env` block (they take precedence over the discovered values in `tokens.json`):
+
+```json
+"env": {
+  "FRESHBOOKS_CLIENT_ID": "your_client_id",
+  "FRESHBOOKS_CLIENT_SECRET": "your_client_secret",
+  "FRESHBOOKS_ACCOUNT_ID": "abc123",
+  "FRESHBOOKS_BUSINESS_ID": "456"
+}
+```
+
+`FRESHBOOKS_ACCOUNT_ID` is used for `/accounting` and `/uploads` paths (invoices, clients, items, attachments); `FRESHBOOKS_BUSINESS_ID` is used for `/projects` and `/timetracking` paths (time entries, timesheets). You can find both by hitting `https://api.freshbooks.com/auth/api/v1/users/me` with your access token, or by running the `get_account_info` tool. (Editing `~/.freshbooks-mcp/tokens.json` directly still works too — the server re-reads it on each request — but env vars are the cleaner option.)
+
+## File layout
+
+```
+src/
+  index.ts              # MCP server entry (stdio)
+  setup.ts              # OAuth setup CLI
+  freshbooks/
+    auth.ts             # token load/save/refresh
+    client.ts           # API client with auto-refresh + 429 handling
+    types.ts            # FreshBooks DTOs
+  tools/
+    invoices.ts         # list/get/create/update/send/delete
+    clients.ts          # list/get
+    items.ts            # list
+    account.ts          # get_account_info
+```
+
+## License
+
+Private — for personal use.

package/dist/freshbooks/auth.js

@@ -0,0 +1,147 @@
+/**
+ * Token persistence and refresh for FreshBooks OAuth2.
+ *
+ * Tokens are stored at ~/.freshbooks-mcp/tokens.json with mode 0600.
+ * The file holds the access_token, refresh_token, expiry, and the
+ * discovered account_id + business_name so we don't refetch on every start.
+ */
+import { promises as fs } from "node:fs";
+import path from "node:path";
+import os from "node:os";
+const TOKEN_URL = "https://api.freshbooks.com/auth/oauth/token";
+export function defaultTokensPath() {
+    const override = process.env.FRESHBOOKS_TOKENS_PATH;
+    if (override && override.length > 0) {
+        return override.startsWith("~")
+            ? path.join(os.homedir(), override.slice(1))
+            : override;
+    }
+    return path.join(os.homedir(), ".freshbooks-mcp", "tokens.json");
+}
+/**
+ * Optional override for the account_id used in /accounting and /uploads paths.
+ * When unset, the value discovered during setup (stored in tokens.json) is used.
+ */
+export function accountIdOverride() {
+    const v = process.env.FRESHBOOKS_ACCOUNT_ID;
+    return v && v.trim().length > 0 ? v.trim() : undefined;
+}
+/**
+ * Optional override for the business_id used in /projects and /timetracking paths.
+ * When unset, the value discovered during setup (stored in tokens.json) is used.
+ */
+export function businessIdOverride() {
+    const v = process.env.FRESHBOOKS_BUSINESS_ID;
+    if (!v || v.trim().length === 0)
+        return undefined;
+    const n = Number(v.trim());
+    if (!Number.isInteger(n) || n <= 0) {
+        throw new Error(`FRESHBOOKS_BUSINESS_ID must be a positive integer, got: ${v}`);
+    }
+    return n;
+}
+export function loadAppCredentials() {
+    const client_id = process.env.FRESHBOOKS_CLIENT_ID;
+    const client_secret = process.env.FRESHBOOKS_CLIENT_SECRET;
+    const redirect_uri = process.env.FRESHBOOKS_REDIRECT_URI ?? "https://localhost:8765/callback";
+    if (!client_id || !client_secret) {
+        throw new Error("Missing FRESHBOOKS_CLIENT_ID or FRESHBOOKS_CLIENT_SECRET. " +
+            "Set them in your environment (or in the env block of your Claude Desktop config) " +
+            "and re-run setup if you have not yet authorized.");
+    }
+    return { client_id, client_secret, redirect_uri };
+}
+/**
+ * Load tokens from disk. Refuses to read a world- or group-readable file.
+ */
+export async function loadTokens(filePath = defaultTokensPath()) {
+    let stat;
+    try {
+        stat = await fs.stat(filePath);
+    }
+    catch {
+        throw new Error(`No tokens file at ${filePath}. Run the freshbooks-setup command to authorize FreshBooks.`);
+    }
+    // On non-Windows, enforce 0600. mode is the low 9 bits of stat.mode.
+    if (process.platform !== "win32") {
+        const mode = stat.mode & 0o777;
+        if (mode & 0o077) {
+            throw new Error(`Refusing to read ${filePath}: permissions are ${mode.toString(8)}, ` +
+                `must be 600. Run: chmod 600 ${filePath}`);
+        }
+    }
+    const raw = await fs.readFile(filePath, "utf8");
+    const parsed = JSON.parse(raw);
+    if (!parsed.access_token || !parsed.refresh_token || !parsed.account_id) {
+        throw new Error(`Tokens file at ${filePath} is missing required fields. Re-run \`npm run setup\`.`);
+    }
+    return parsed;
+}
+/**
+ * Persist tokens with mode 0600. Creates the parent dir if needed.
+ */
+export async function saveTokens(tokens, filePath = defaultTokensPath()) {
+    const dir = path.dirname(filePath);
+    await fs.mkdir(dir, { recursive: true, mode: 0o700 });
+    const json = JSON.stringify(tokens, null, 2);
+    // Write with restrictive mode from the start.
+    await fs.writeFile(filePath, json, { mode: 0o600, encoding: "utf8" });
+    // Belt-and-suspenders: chmod in case umask interfered.
+    if (process.platform !== "win32") {
+        await fs.chmod(filePath, 0o600);
+    }
+}
+/**
+ * Exchange an authorization code for tokens.
+ */
+export async function exchangeAuthCode(creds, code) {
+    const body = {
+        grant_type: "authorization_code",
+        client_id: creds.client_id,
+        client_secret: creds.client_secret,
+        redirect_uri: creds.redirect_uri,
+        code,
+    };
+    return doTokenRequest(body);
+}
+/**
+ * Use a refresh token to get a new access token.
+ */
+export async function refreshAccessToken(creds, refresh_token) {
+    const body = {
+        grant_type: "refresh_token",
+        client_id: creds.client_id,
+        client_secret: creds.client_secret,
+        redirect_uri: creds.redirect_uri,
+        refresh_token,
+    };
+    return doTokenRequest(body);
+}
+async function doTokenRequest(body) {
+    const res = await fetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Accept: "application/json" },
+        body: JSON.stringify(body),
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        // Never echo the request body — it contains the client_secret.
+        throw new Error(`FreshBooks token endpoint returned ${res.status}: ${truncate(text, 500)}`);
+    }
+    const data = (await res.json());
+    if (!data.access_token || !data.refresh_token) {
+        throw new Error("FreshBooks token response missing access_token or refresh_token.");
+    }
+    return data;
+}
+function truncate(s, max) {
+    return s.length > max ? `${s.slice(0, max)}...` : s;
+}
+/**
+ * Compute expires_at (epoch seconds) from a Date and expires_in seconds,
+ * subtracting a 60s safety margin so we refresh before the server thinks it expired.
+ */
+export function computeExpiresAt(expires_in, now = new Date()) {
+    return Math.floor(now.getTime() / 1000) + expires_in - 60;
+}
+//# sourceMappingURL=auth.js.map

package/dist/freshbooks/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/freshbooks/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAqBzB,MAAM,SAAS,GAAG,6CAA6C,CAAC;AAEhE,MAAM,UAAU,iBAAiB;IAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACpD,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,OAAO,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;YAC7B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC5C,CAAC,CAAC,QAAQ,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;AACnE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACzD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAC7C,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAClD,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,2DAA2D,CAAC,EAAE,CAC/D,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACnD,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IAC3D,MAAM,YAAY,GAChB,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,iCAAiC,CAAC;IAC3E,IAAI,CAAC,SAAS,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,4DAA4D;YAC1D,mFAAmF;YACnF,kDAAkD,CACrD,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAQ,GAAG,iBAAiB,EAAE;IAE9B,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,qBAAqB,QAAQ,6DAA6D,CAC3F,CAAC;IACJ,CAAC;IACD,qEAAqE;IACrE,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC;QAC/B,IAAI,IAAI,GAAG,KAAK,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,oBAAoB,QAAQ,qBAAqB,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;gBACnE,+BAA+B,QAAQ,EAAE,CAC5C,CAAC;QACJ,CAAC;IACH,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;IAC9C,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACxE,MAAM,IAAI,KAAK,CACb,kBAAkB,QAAQ,wDAAwD,CACnF,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,MAAmB,EACnB,QAAQ,GAAG,iBAAiB,EAAE;IAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7C,8CAA8C;IAC9C,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;IACtE,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAClC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAqB,EACrB,IAAY;IAMZ,MAAM,IAAI,GAAG;QACX,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,aAAa,EAAE,KAAK,CAAC,aAAa;QAClC,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,IAAI;KACL,CAAC;IACF,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,KAAqB,EACrB,aAAqB;IAMrB,MAAM,IAAI,GAAG;QACX,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,aAAa,EAAE,KAAK,CAAC,aAAa;QAClC,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,aAAa;KACd,CAAC;IACF,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,IAA4B;IAKxD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;QACjC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;QAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC3B,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,+DAA+D;QAC/D,MAAM,IAAI,KAAK,CACb,sCAAsC,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAC3E,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;IACF,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAW;IACtC,OAAO,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,UAAkB,EAClB,MAAY,IAAI,IAAI,EAAE;IAEtB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,UAAU,GAAG,EAAE,CAAC;AAC5D,CAAC"}

package/dist/freshbooks/client.js

@@ -0,0 +1,225 @@
+/**
+ * Typed FreshBooks API client.
+ *
+ * - Auto-refreshes the access token on 401 (single retry).
+ * - Respects 429 Retry-After (single retry with capped backoff).
+ * - Unwraps the FreshBooks `{ response: { result: { ... } } }` envelope.
+ * - Builds URLs with URL/URLSearchParams — no string concatenation.
+ * - attachFileToInvoice: uploads a file to FreshBooks and associates it with an invoice.
+ */
+import fs from "node:fs/promises";
+import path from "node:path";
+import { accountIdOverride, businessIdOverride, computeExpiresAt, loadTokens, refreshAccessToken, saveTokens, } from "./auth.js";
+const API_BASE = "https://api.freshbooks.com";
+export class FreshBooksError extends Error {
+    status;
+    body;
+    constructor(message, status, body) {
+        super(message);
+        this.name = "FreshBooksError";
+        this.status = status;
+        this.body = body;
+    }
+}
+export class FreshBooksClient {
+    creds;
+    tokens;
+    tokensPath;
+    timeoutMs;
+    constructor(opts) {
+        this.creds = opts.creds;
+        this.tokens = opts.tokens;
+        this.tokensPath = opts.tokensPath;
+        this.timeoutMs = opts.timeoutMs ?? 30_000;
+    }
+    // FRESHBOOKS_ACCOUNT_ID / FRESHBOOKS_BUSINESS_ID env vars take precedence over
+    // the values discovered during setup — useful when one FreshBooks login owns
+    // multiple businesses and you want to target one other than the first.
+    get accountId() {
+        return accountIdOverride() ?? this.tokens.account_id;
+    }
+    get businessName() {
+        return this.tokens.business_name;
+    }
+    get businessId() {
+        return businessIdOverride() ?? this.tokens.business_id;
+    }
+    /**
+     * Low-level request. Handles auth refresh on 401 and Retry-After on 429.
+     */
+    async request(method, pathname, options = {}) {
+        return this.requestWithRetry(method, pathname, options, 0);
+    }
+    async requestWithRetry(method, pathname, options, attempt) {
+        // Reload tokens from disk on the first attempt so changes to tokens.json
+        // (e.g. switching account_id) take effect without restarting the server.
+        if (attempt === 0) {
+            try {
+                this.tokens = await loadTokens(this.tokensPath);
+            }
+            catch {
+                // If reload fails, continue with cached tokens.
+            }
+        }
+        const url = new URL(pathname, API_BASE);
+        if (options.query) {
+            for (const [k, v] of Object.entries(options.query)) {
+                if (v === undefined || v === null || v === "")
+                    continue;
+                url.searchParams.set(k, String(v));
+            }
+        }
+        const headers = {
+            Authorization: `Bearer ${this.tokens.access_token}`,
+            "Api-Version": "alpha",
+            Accept: "application/json",
+        };
+        let body;
+        if (options.body !== undefined) {
+            headers["Content-Type"] = "application/json";
+            body = JSON.stringify(options.body);
+        }
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+        let res;
+        try {
+            res = await fetch(url.toString(), {
+                method,
+                headers,
+                body,
+                signal: controller.signal,
+            });
+        }
+        finally {
+            clearTimeout(timer);
+        }
+        // 401 -> try one refresh, then retry once.
+        if (res.status === 401 && attempt === 0) {
+            await this.refresh();
+            return this.requestWithRetry(method, pathname, options, attempt + 1);
+        }
+        // 429 -> respect Retry-After (single retry).
+        if (res.status === 429 && attempt === 0) {
+            const retryAfter = Number(res.headers.get("retry-after") ?? "1");
+            const delayMs = Math.min(Math.max(retryAfter, 1), 30) * 1000;
+            await new Promise((r) => setTimeout(r, delayMs));
+            return this.requestWithRetry(method, pathname, options, attempt + 1);
+        }
+        if (!res.ok) {
+            const text = await res.text();
+            let parsed = text;
+            try {
+                parsed = JSON.parse(text);
+            }
+            catch {
+                /* leave as text */
+            }
+            throw new FreshBooksError(`FreshBooks ${method} ${pathname} failed: ${res.status}`, res.status, parsed);
+        }
+        if (res.status === 204)
+            return undefined;
+        const text = await res.text();
+        if (text.length === 0)
+            return undefined;
+        return JSON.parse(text);
+    }
+    /**
+     * Refresh the access token and persist the new bundle.
+     * Throws with a clear "re-run setup" hint if the refresh token is rejected.
+     */
+    async refresh() {
+        try {
+            const fresh = await refreshAccessToken(this.creds, this.tokens.refresh_token);
+            this.tokens = {
+                ...this.tokens,
+                access_token: fresh.access_token,
+                refresh_token: fresh.refresh_token,
+                expires_at: computeExpiresAt(fresh.expires_in),
+                updated_at: new Date().toISOString(),
+            };
+            await saveTokens(this.tokens, this.tokensPath);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`FreshBooks token refresh failed (${msg}). ` +
+                "Re-run the freshbooks-setup command to re-authorize.");
+        }
+    }
+    // ---------- Domain helpers (unwrap FreshBooks envelopes) ----------
+    /**
+     * Accounting endpoints wrap responses in { response: { result: { ... } } }.
+     * If `resultKey` is provided, returns result[key] (e.g. "invoice", "client").
+     * If empty string, returns the whole result object (used for list endpoints
+     * where the result holds the collection plus pagination siblings).
+     */
+    async accounting(method, pathname, resultKey, options = {}) {
+        const env = await this.request(method, pathname, options);
+        if (!env || !env.response || !env.response.result) {
+            throw new FreshBooksError(`Unexpected response shape from ${pathname}`, 200, env);
+        }
+        if (resultKey === "") {
+            return env.response.result;
+        }
+        return env.response.result[resultKey];
+    }
+    /**
+     * Identity endpoints (/auth/api/v1/...) return { response: { ... } } without `result`.
+     */
+    async identity(pathname) {
+        const env = await this.request("GET", pathname);
+        if (!env || !env.response) {
+            throw new FreshBooksError(`Unexpected identity response from ${pathname}`, 200, env);
+        }
+        return env.response;
+    }
+    /**
+     * Upload a local file as a FreshBooks attachment, then associate it with an invoice.
+     *
+     * FreshBooks two-step process:
+     *   1. POST /uploads/account/{id}/attachments  (multipart/form-data)
+     *      → returns { jwt, public_id } to identify the upload
+     *   2. POST /accounting/account/{id}/invoices/invoices/{inv}/attachments
+     *      → binds the upload to the invoice
+     */
+    async attachFileToInvoice(invoiceId, filePath) {
+        const fileName = path.basename(filePath);
+        const fileBuffer = await fs.readFile(filePath);
+        // ── Step 1: upload ────────────────────────────────────────────────────────
+        const formData = new FormData();
+        const blob = new Blob([fileBuffer], {
+            type: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+        });
+        formData.append("content", blob, fileName);
+        const uploadUrl = `${API_BASE}/uploads/account/${this.tokens.account_id}/attachments`;
+        const uploadRes = await fetch(uploadUrl, {
+            method: "POST",
+            headers: { Authorization: `Bearer ${this.tokens.access_token}` },
+            body: formData,
+        });
+        if (!uploadRes.ok) {
+            const text = await uploadRes.text();
+            throw new FreshBooksError(`Attachment upload failed: ${uploadRes.status}`, uploadRes.status, text);
+        }
+        // The uploads endpoint returns several possible shapes depending on API version.
+        // Try each known path before giving up.
+        const uploadJson = (await uploadRes.json());
+        const att = uploadJson?.["response"]?.["result"] ??
+            uploadJson?.["attachment"] ??
+            uploadJson;
+        const jwt = att?.["jwt"] ?? undefined;
+        const publicId = att?.["public_id"] ?? undefined;
+        if (!jwt && !publicId) {
+            throw new FreshBooksError(`Attachment upload succeeded but response contained no jwt or public_id`, uploadRes.status, uploadJson);
+        }
+        // ── Step 2: associate with invoice ────────────────────────────────────────
+        const attachBody = { name: fileName };
+        if (jwt)
+            attachBody["jwt"] = jwt;
+        if (publicId)
+            attachBody["public_id"] = publicId;
+        const assocPath = `/accounting/account/${this.accountId}/invoices/invoices/${invoiceId}/attachments`;
+        await this.request("POST", assocPath, { body: { attachment: attachBody } });
+        return { fileName, attached: true };
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/freshbooks/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/freshbooks/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAGL,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,kBAAkB,EAClB,UAAU,GACX,MAAM,WAAW,CAAC;AAEnB,MAAM,QAAQ,GAAG,4BAA4B,CAAC;AAU9C,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,MAAM,CAAS;IACf,IAAI,CAAU;IACd,YAAY,OAAe,EAAE,MAAc,EAAE,IAAa;QACxD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAED,MAAM,OAAO,gBAAgB;IACnB,KAAK,CAAiB;IACtB,MAAM,CAAc;IACpB,UAAU,CAAS;IACnB,SAAS,CAAS;IAE1B,YAAY,IAAmB;QAC7B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QAClC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;IAC5C,CAAC;IAED,+EAA+E;IAC/E,6EAA6E;IAC7E,uEAAuE;IACvE,IAAI,SAAS;QACX,OAAO,iBAAiB,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;IACvD,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;IACnC,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,kBAAkB,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,MAAyC,EACzC,QAAgB,EAChB,UAGI,EAAE;QAEN,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,MAAyC,EACzC,QAAgB,EAChB,OAGC,EACD,OAAe;QAEf,yEAAyE;QACzE,yEAAyE;QACzE,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAClD,CAAC;YAAC,MAAM,CAAC;gBACP,gDAAgD;YAClD,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE;oBAAE,SAAS;gBACxD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAA2B;YACtC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE;YACnD,aAAa,EAAE,OAAO;YACtB,MAAM,EAAE,kBAAkB;SAC3B,CAAC;QACF,IAAI,IAAwB,CAAC;QAC7B,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;YAC7C,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACnE,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;gBAChC,MAAM;gBACN,OAAO;gBACP,IAAI;gBACJ,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QAED,2CAA2C;QAC3C,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,gBAAgB,CAAI,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;QAC1E,CAAC;QAED,6CAA6C;QAC7C,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,CAAC;YACjE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC;YAC7D,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YACjD,OAAO,IAAI,CAAC,gBAAgB,CAAI,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,MAAM,GAAY,IAAI,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,mBAAmB;YACrB,CAAC;YACD,MAAM,IAAI,eAAe,CACvB,cAAc,MAAM,IAAI,QAAQ,YAAY,GAAG,CAAC,MAAM,EAAE,EACxD,GAAG,CAAC,MAAM,EACV,MAAM,CACP,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,SAAc,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAc,CAAC;QAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM,CAAC;IAC/B,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,OAAO;QACnB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,kBAAkB,CACpC,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,CAAC,aAAa,CAC1B,CAAC;YACF,IAAI,CAAC,MAAM,GAAG;gBACZ,GAAG,IAAI,CAAC,MAAM;gBACd,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,aAAa,EAAE,KAAK,CAAC,aAAa;gBAClC,UAAU,EAAE,gBAAgB,CAAC,KAAK,CAAC,UAAU,CAAC;gBAC9C,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACrC,CAAC;YACF,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,oCAAoC,GAAG,KAAK;gBAC1C,sDAAsD,CACzD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,qEAAqE;IAErE;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CACd,MAAyC,EACzC,QAAgB,EAChB,SAAiB,EACjB,UAGI,EAAE;QAGN,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAW,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACpE,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAClD,MAAM,IAAI,eAAe,CACvB,kCAAkC,QAAQ,EAAE,EAC5C,GAAG,EACH,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;YACrB,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAW,CAAC;QAClC,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAM,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAI,QAAgB;QAEhC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAW,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC1D,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,eAAe,CACvB,qCAAqC,QAAQ,EAAE,EAC/C,GAAG,EACH,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,CAAC;IACtB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,mBAAmB,CACvB,SAAiB,EACjB,QAAgB;QAEhB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE/C,6EAA6E;QAC7E,MAAM,QAAQ,GAAG,IAAI,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,EAAE;YAClC,IAAI,EAAE,mEAAmE;SAC1E,CAAC,CAAC;QACH,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE3C,MAAM,SAAS,GAAG,GAAG,QAAQ,oBAAoB,IAAI,CAAC,MAAM,CAAC,UAAU,cAAc,CAAC;QACtF,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE;YAChE,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,eAAe,CACvB,6BAA6B,SAAS,CAAC,MAAM,EAAE,EAC/C,SAAS,CAAC,MAAM,EAChB,IAAI,CACL,CAAC;QACJ,CAAC;QAED,iFAAiF;QACjF,wCAAwC;QACxC,MAAM,UAAU,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAA4B,CAAC;QACvE,MAAM,GAAG,GACL,UAAU,EAAE,CAAC,UAAU,CAAyC,EAAE,CAClE,QAAQ,CAC+B;YACxC,UAAU,EAAE,CAAC,YAAY,CAAyC;YACnE,UAAU,CAAC;QAEb,MAAM,GAAG,GAAI,GAAG,EAAE,CAAC,KAAK,CAAwB,IAAI,SAAS,CAAC;QAC9D,MAAM,QAAQ,GAAI,GAAG,EAAE,CAAC,WAAW,CAAwB,IAAI,SAAS,CAAC;QAEzE,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YACtB,MAAM,IAAI,eAAe,CACvB,wEAAwE,EACxE,SAAS,CAAC,MAAM,EAChB,UAAU,CACX,CAAC;QACJ,CAAC;QAED,6EAA6E;QAC7E,MAAM,UAAU,GAA4B,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC/D,IAAI,GAAG;YAAE,UAAU,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;QACjC,IAAI,QAAQ;YAAE,UAAU,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC;QAEjD,MAAM,SAAS,GAAG,uBAAuB,IAAI,CAAC,SAAS,sBAAsB,SAAS,cAAc,CAAC;QAErG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;QAE5E,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IACtC,CAAC;CACF"}