@nocoo/base-mcp 0.1.0 → 0.1.1

package/dist/auth/oauth/handlers/register.js

@@ -0,0 +1,62 @@
+// ---------------------------------------------------------------------------
+// OAuth Register Handler — Dynamic Client Registration (RFC 7591)
+// ---------------------------------------------------------------------------
+import { isLoopbackRedirectUri } from "../../pkce.js";
+/**
+ * Handle dynamic client registration.
+ *
+ * Per RFC 7591, clients can register themselves to obtain a client_id.
+ * Only loopback redirect URIs are allowed (native CLI apps).
+ */
+export async function handleRegister(ctx, input) {
+    // Validate client_name
+    if (!input.client_name || typeof input.client_name !== "string") {
+        return {
+            success: false,
+            status: 400,
+            error: "client_name is required",
+        };
+    }
+    if (input.client_name.length > 255) {
+        return {
+            success: false,
+            status: 400,
+            error: "client_name must be 255 characters or less",
+        };
+    }
+    // Validate redirect_uris
+    if (!Array.isArray(input.redirect_uris) || input.redirect_uris.length === 0) {
+        return {
+            success: false,
+            status: 400,
+            error: "redirect_uris must be a non-empty array",
+        };
+    }
+    for (const uri of input.redirect_uris) {
+        if (!isLoopbackRedirectUri(uri)) {
+            return {
+                success: false,
+                status: 400,
+                error: `Invalid redirect_uri: ${uri}. Only loopback addresses (localhost, 127.0.0.1, [::1]) are allowed`,
+            };
+        }
+    }
+    // Create client
+    const client = await ctx.clients.create({
+        client_name: input.client_name,
+        redirect_uris: input.redirect_uris,
+        grant_types: input.grant_types ?? ["authorization_code"],
+    });
+    return {
+        success: true,
+        status: 201,
+        body: {
+            client_id: client.client_id,
+            client_name: client.client_name,
+            redirect_uris: JSON.parse(client.redirect_uris),
+            grant_types: JSON.parse(client.grant_types),
+            token_endpoint_auth_method: "none",
+        },
+    };
+}
+//# sourceMappingURL=register.js.map

package/dist/auth/oauth/handlers/register.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../src/auth/oauth/handlers/register.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,kEAAkE;AAClE,8EAA8E;AAE9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AAGtD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAiB,EACjB,KAAoB;IAEpB,uBAAuB;IACvB,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;QAChE,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,GAAG;YACX,KAAK,EAAE,yBAAyB;SACjC,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACnC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,GAAG;YACX,KAAK,EAAE,4CAA4C;SACpD,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5E,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,GAAG;YACX,KAAK,EAAE,yCAAyC;SACjD,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;QACtC,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,GAAG;gBACX,KAAK,EAAE,yBAAyB,GAAG,qEAAqE;aACzG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;QACtC,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,aAAa,EAAE,KAAK,CAAC,aAAa;QAClC,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,CAAC,oBAAoB,CAAC;KACzD,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,GAAG;QACX,IAAI,EAAE;YACJ,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC;YAC/C,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC;YAC3C,0BAA0B,EAAE,MAAM;SACnC;KACF,CAAC;AACJ,CAAC"}

package/dist/auth/oauth/handlers/token.d.ts

@@ -0,0 +1,10 @@
+import type { OAuthContext, TokenInput, TokenResult } from "../types.js";
+/**
+ * Handle OAuth token request.
+ *
+ * Supports two grant types:
+ * - authorization_code: Exchange code for tokens
+ * - refresh_token: Refresh access token using refresh token
+ */
+export declare function handleToken(ctx: OAuthContext, input: TokenInput): Promise<TokenResult>;
+//# sourceMappingURL=token.d.ts.map

package/dist/auth/oauth/handlers/token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../src/auth/oauth/handlers/token.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAGzE;;;;;;GAMG;AACH,wBAAsB,WAAW,CAC/B,GAAG,EAAE,YAAY,EACjB,KAAK,EAAE,UAAU,GAChB,OAAO,CAAC,WAAW,CAAC,CAmBtB"}

package/dist/auth/oauth/handlers/token.js

@@ -0,0 +1,139 @@
+// ---------------------------------------------------------------------------
+// OAuth Token Handler — Token Exchange Endpoint
+// ---------------------------------------------------------------------------
+import { verifyPkceS256 } from "../../pkce.js";
+import { generateToken, hashToken, tokenPreview } from "../../token.js";
+import { ACCESS_TOKEN_TTL, REFRESH_TOKEN_TTL } from "../constants.js";
+/**
+ * Handle OAuth token request.
+ *
+ * Supports two grant types:
+ * - authorization_code: Exchange code for tokens
+ * - refresh_token: Refresh access token using refresh token
+ */
+export async function handleToken(ctx, input) {
+    const { grant_type } = input;
+    if (!grant_type) {
+        return oauthError("invalid_request", "grant_type is required");
+    }
+    if (grant_type === "authorization_code") {
+        return handleAuthorizationCode(ctx, input);
+    }
+    if (grant_type === "refresh_token") {
+        return handleRefreshToken(ctx, input);
+    }
+    return oauthError("unsupported_grant_type", `Unsupported grant_type: ${grant_type}`);
+}
+// ---------------------------------------------------------------------------
+// Authorization Code Exchange
+// ---------------------------------------------------------------------------
+async function handleAuthorizationCode(ctx, input) {
+    const { code, redirect_uri, client_id, code_verifier } = input;
+    if (!code || !redirect_uri || !client_id || !code_verifier) {
+        return oauthError("invalid_request", "Missing required fields: code, redirect_uri, client_id, code_verifier");
+    }
+    // Step 1: Look up auth code
+    const authCode = await ctx.authCodes.findByCode(code);
+    if (!authCode) {
+        return oauthError("invalid_grant", "Authorization code is invalid, expired, or already consumed");
+    }
+    // Step 2: Validate client_id matches
+    if (authCode.client_id !== client_id) {
+        return oauthError("invalid_grant", "client_id does not match");
+    }
+    // Step 3: Validate redirect_uri matches
+    if (authCode.redirect_uri !== redirect_uri) {
+        return oauthError("invalid_grant", "redirect_uri does not match");
+    }
+    // Step 4: Verify PKCE S256
+    const pkceValid = await verifyPkceS256(code_verifier, authCode.code_challenge);
+    if (!pkceValid) {
+        return oauthError("invalid_grant", "PKCE verification failed");
+    }
+    // Step 5: Atomically consume the code
+    const consumed = await ctx.authCodes.consume(code);
+    if (!consumed) {
+        return oauthError("invalid_grant", "Authorization code already consumed (race condition)");
+    }
+    // Validate user_email is set
+    const userEmail = authCode.user_email;
+    if (!userEmail) {
+        return oauthError("server_error", "Authorization code missing user email");
+    }
+    // Step 6: Token rotation — revoke existing tokens
+    await ctx.tokens.revokeByClientAndUser(client_id, userEmail);
+    // Step 7: Issue new token pair
+    return issueTokenPair(ctx, client_id, userEmail, authCode.scope);
+}
+// ---------------------------------------------------------------------------
+// Refresh Token Exchange
+// ---------------------------------------------------------------------------
+async function handleRefreshToken(ctx, input) {
+    const { refresh_token, client_id } = input;
+    if (!refresh_token || !client_id) {
+        return oauthError("invalid_request", "Missing required fields: refresh_token, client_id");
+    }
+    // Look up token by refresh hash
+    const refreshHash = await hashToken(refresh_token);
+    const existingToken = await ctx.tokens.findByRefreshHash(refreshHash);
+    if (!existingToken) {
+        return oauthError("invalid_grant", "Refresh token is invalid, expired, or revoked");
+    }
+    // Verify client_id matches
+    if (existingToken.client_id !== client_id) {
+        return oauthError("invalid_grant", "client_id does not match");
+    }
+    // Token rotation — revoke all tokens for this client
+    await ctx.tokens.revokeByClientAndUser(client_id, existingToken.user_email);
+    // Issue new token pair
+    return issueTokenPair(ctx, client_id, existingToken.user_email, existingToken.scope, existingToken.client_name ?? undefined);
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+async function issueTokenPair(ctx, clientId, userEmail, scope, clientName) {
+    // Generate tokens with prefix
+    const accessToken = `${ctx.tokenPrefix}_at_${generateToken(24)}`;
+    const refreshToken = `${ctx.tokenPrefix}_rt_${generateToken(24)}`;
+    const accessHash = await hashToken(accessToken);
+    const refreshHash = await hashToken(refreshToken);
+    const now = Math.floor(Date.now() / 1000);
+    // Look up client name if not provided
+    let resolvedClientName = clientName;
+    if (!resolvedClientName) {
+        const client = await ctx.clients.findByClientId(clientId);
+        resolvedClientName = client?.client_name;
+    }
+    // Store token
+    await ctx.tokens.create({
+        access_token_hash: accessHash,
+        access_token_preview: tokenPreview(accessToken),
+        refresh_token_hash: refreshHash,
+        client_id: clientId,
+        user_email: userEmail,
+        scope,
+        client_name: resolvedClientName,
+        expires_at: now + ACCESS_TOKEN_TTL,
+        refresh_expires_at: now + REFRESH_TOKEN_TTL,
+    });
+    return {
+        success: true,
+        status: 200,
+        body: {
+            access_token: accessToken,
+            token_type: "Bearer",
+            expires_in: ACCESS_TOKEN_TTL,
+            refresh_token: refreshToken,
+            scope,
+        },
+    };
+}
+function oauthError(error, errorDescription) {
+    return {
+        success: false,
+        status: 400,
+        error,
+        error_description: errorDescription,
+    };
+}
+//# sourceMappingURL=token.js.map

package/dist/auth/oauth/handlers/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../src/auth/oauth/handlers/token.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,gDAAgD;AAChD,8EAA8E;AAE9E,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAExE,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEtE;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,GAAiB,EACjB,KAAiB;IAEjB,MAAM,EAAE,UAAU,EAAE,GAAG,KAAK,CAAC;IAE7B,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,UAAU,CAAC,iBAAiB,EAAE,wBAAwB,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,UAAU,KAAK,oBAAoB,EAAE,CAAC;QACxC,OAAO,uBAAuB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,UAAU,KAAK,eAAe,EAAE,CAAC;QACnC,OAAO,kBAAkB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,UAAU,CACf,wBAAwB,EACxB,2BAA2B,UAAU,EAAE,CACxC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,8BAA8B;AAC9B,8EAA8E;AAE9E,KAAK,UAAU,uBAAuB,CACpC,GAAiB,EACjB,KAAiB;IAEjB,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,KAAK,CAAC;IAE/D,IAAI,CAAC,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3D,OAAO,UAAU,CACf,iBAAiB,EACjB,uEAAuE,CACxE,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,UAAU,CACf,eAAe,EACf,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,IAAI,QAAQ,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACrC,OAAO,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;IACjE,CAAC;IAED,wCAAwC;IACxC,IAAI,QAAQ,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;QAC3C,OAAO,UAAU,CAAC,eAAe,EAAE,6BAA6B,CAAC,CAAC;IACpE,CAAC;IAED,2BAA2B;IAC3B,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,aAAa,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC;IAC/E,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;IACjE,CAAC;IAED,sCAAsC;IACtC,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,UAAU,CACf,eAAe,EACf,sDAAsD,CACvD,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,MAAM,SAAS,GAAG,QAAQ,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,UAAU,CAAC,cAAc,EAAE,uCAAuC,CAAC,CAAC;IAC7E,CAAC;IAED,kDAAkD;IAClD,MAAM,GAAG,CAAC,MAAM,CAAC,qBAAqB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAE7D,+BAA+B;IAC/B,OAAO,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;AACnE,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,KAAK,UAAU,kBAAkB,CAC/B,GAAiB,EACjB,KAAiB;IAEjB,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,CAAC,SAAS,EAAE,CAAC;QACjC,OAAO,UAAU,CACf,iBAAiB,EACjB,mDAAmD,CACpD,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,aAAa,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACtE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,UAAU,CACf,eAAe,EACf,+CAA+C,CAChD,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,IAAI,aAAa,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;IACjE,CAAC;IAED,qDAAqD;IACrD,MAAM,GAAG,CAAC,MAAM,CAAC,qBAAqB,CAAC,SAAS,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;IAE5E,uBAAuB;IACvB,OAAO,cAAc,CACnB,GAAG,EACH,SAAS,EACT,aAAa,CAAC,UAAU,EACxB,aAAa,CAAC,KAAK,EACnB,aAAa,CAAC,WAAW,IAAI,SAAS,CACvC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,KAAK,UAAU,cAAc,CAC3B,GAAiB,EACjB,QAAgB,EAChB,SAAiB,EACjB,KAAa,EACb,UAAmB;IAEnB,8BAA8B;IAC9B,MAAM,WAAW,GAAG,GAAG,GAAG,CAAC,WAAW,OAAO,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;IACjE,MAAM,YAAY,GAAG,GAAG,GAAG,CAAC,WAAW,OAAO,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;IAElE,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,sCAAsC;IACtC,IAAI,kBAAkB,GAAG,UAAU,CAAC;IACpC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC1D,kBAAkB,GAAG,MAAM,EAAE,WAAW,CAAC;IAC3C,CAAC;IAED,cAAc;IACd,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC;QACtB,iBAAiB,EAAE,UAAU;QAC7B,oBAAoB,EAAE,YAAY,CAAC,WAAW,CAAC;QAC/C,kBAAkB,EAAE,WAAW;QAC/B,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,SAAS;QACrB,KAAK;QACL,WAAW,EAAE,kBAAkB;QAC/B,UAAU,EAAE,GAAG,GAAG,gBAAgB;QAClC,kBAAkB,EAAE,GAAG,GAAG,iBAAiB;KAC5C,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,GAAG;QACX,IAAI,EAAE;YACJ,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,gBAAgB;YAC5B,aAAa,EAAE,YAAY;YAC3B,KAAK;SACN;KACF,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,KAAa,EAAE,gBAAwB;IACzD,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,GAAG;QACX,KAAK;QACL,iBAAiB,EAAE,gBAAgB;KACpC,CAAC;AACJ,CAAC"}

package/dist/auth/oauth/index.d.ts

@@ -0,0 +1,4 @@
+export type { McpClient, McpAuthCode, McpToken, ClientStore, AuthCodeStore, OAuthTokenStore, AuthContext, OAuthContext, RegisterResult, AuthorizeResult, CallbackResult, TokenResult, RevokeResult, RegisterInput, AuthorizeInput, CallbackInput, TokenInput, } from "./types.js";
+export { AUTH_CODE_TTL, ACCESS_TOKEN_TTL, REFRESH_TOKEN_TTL, } from "./constants.js";
+export { handleRegister, handleAuthorize, handleCallback, handleToken, } from "./handlers/index.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/oauth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/oauth/index.ts"],"names":[],"mappings":"AAKA,YAAY,EACV,SAAS,EACT,WAAW,EACX,QAAQ,EACR,WAAW,EACX,aAAa,EACb,eAAe,EACf,WAAW,EACX,YAAY,EACZ,cAAc,EACd,eAAe,EACf,cAAc,EACd,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,aAAa,EACb,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,cAAc,EACd,eAAe,EACf,cAAc,EACd,WAAW,GACZ,MAAM,qBAAqB,CAAC"}

package/dist/auth/oauth/index.js

@@ -0,0 +1,8 @@
+// ---------------------------------------------------------------------------
+// OAuth Module Index — Export all OAuth types and handlers
+// ---------------------------------------------------------------------------
+// Constants
+export { AUTH_CODE_TTL, ACCESS_TOKEN_TTL, REFRESH_TOKEN_TTL, } from "./constants.js";
+// Handlers
+export { handleRegister, handleAuthorize, handleCallback, handleToken, } from "./handlers/index.js";
+//# sourceMappingURL=index.js.map

package/dist/auth/oauth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/oauth/index.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,2DAA2D;AAC3D,8EAA8E;AAuB9E,YAAY;AACZ,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAExB,WAAW;AACX,OAAO,EACL,cAAc,EACd,eAAe,EACf,cAAc,EACd,WAAW,GACZ,MAAM,qBAAqB,CAAC"}

package/dist/auth/oauth/testing/index.d.ts

@@ -0,0 +1,2 @@
+export { createMockClientStore, createMockAuthCodeStore, createMockTokenStore, createMockAuthContext, createMockOAuthContext, type MockAuthContextOptions, type CreateMockOAuthContextOptions, } from "./mock-stores.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/oauth/testing/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/auth/oauth/testing/index.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,6BAA6B,GACnC,MAAM,kBAAkB,CAAC"}

package/dist/auth/oauth/testing/index.js

@@ -0,0 +1,5 @@
+// ---------------------------------------------------------------------------
+// OAuth Testing Module Index
+// ---------------------------------------------------------------------------
+export { createMockClientStore, createMockAuthCodeStore, createMockTokenStore, createMockAuthContext, createMockOAuthContext, } from "./mock-stores.js";
+//# sourceMappingURL=index.js.map

package/dist/auth/oauth/testing/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/auth/oauth/testing/index.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GAGvB,MAAM,kBAAkB,CAAC"}

package/dist/auth/oauth/testing/mock-stores.d.ts

@@ -0,0 +1,36 @@
+import type { ClientStore, AuthCodeStore, OAuthTokenStore, AuthContext, OAuthContext, McpClient, McpAuthCode, McpToken } from "../types.js";
+export declare function createMockClientStore(): ClientStore & {
+    clients: Map<string, McpClient>;
+    reset(): void;
+};
+export declare function createMockAuthCodeStore(): AuthCodeStore & {
+    sessions: Map<string, McpAuthCode>;
+    codes: Map<string, McpAuthCode>;
+    reset(): void;
+};
+export declare function createMockTokenStore(): OAuthTokenStore & {
+    tokens: Map<string, McpToken>;
+    reset(): void;
+};
+export interface MockAuthContextOptions {
+    authenticated?: boolean;
+    email?: string | null;
+    allowedEmails?: string[];
+}
+export declare function createMockAuthContext(options?: MockAuthContextOptions): AuthContext & {
+    setAuthenticated(value: boolean): void;
+    setEmail(email: string | null): void;
+};
+export interface CreateMockOAuthContextOptions {
+    issuer?: string;
+    tokenPrefix?: string;
+    auth?: MockAuthContextOptions;
+}
+export declare function createMockOAuthContext(options?: CreateMockOAuthContextOptions): OAuthContext & {
+    clients: ReturnType<typeof createMockClientStore>;
+    authCodes: ReturnType<typeof createMockAuthCodeStore>;
+    tokens: ReturnType<typeof createMockTokenStore>;
+    auth: ReturnType<typeof createMockAuthContext>;
+    reset(): void;
+};
+//# sourceMappingURL=mock-stores.d.ts.map

package/dist/auth/oauth/testing/mock-stores.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mock-stores.d.ts","sourceRoot":"","sources":["../../../../src/auth/oauth/testing/mock-stores.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,WAAW,EACX,aAAa,EACb,eAAe,EACf,WAAW,EACX,YAAY,EACZ,SAAS,EACT,WAAW,EACX,QAAQ,EACT,MAAM,aAAa,CAAC;AAMrB,wBAAgB,qBAAqB,IAAI,WAAW,GAAG;IACrD,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAChC,KAAK,IAAI,IAAI,CAAC;CACf,CAmCA;AAMD,wBAAgB,uBAAuB,IAAI,aAAa,GAAG;IACzD,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACnC,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChC,KAAK,IAAI,IAAI,CAAC;CACf,CAoEA;AAMD,wBAAgB,oBAAoB,IAAI,eAAe,GAAG;IACxD,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9B,KAAK,IAAI,IAAI,CAAC;CACf,CAmEA;AAMD,MAAM,WAAW,sBAAsB;IACrC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wBAAgB,qBAAqB,CACnC,OAAO,GAAE,sBAA2B,GACnC,WAAW,GAAG;IAAE,gBAAgB,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAAA;CAAE,CA2BhG;AAMD,MAAM,WAAW,6BAA6B;IAC5C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,sBAAsB,CAAC;CAC/B;AAED,wBAAgB,sBAAsB,CACpC,OAAO,GAAE,6BAAkC,GAC1C,YAAY,GAAG;IAChB,OAAO,EAAE,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC;IAClD,SAAS,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,CAAC;IACtD,MAAM,EAAE,UAAU,CAAC,OAAO,oBAAoB,CAAC,CAAC;IAChD,IAAI,EAAE,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC;IAC/C,KAAK,IAAI,IAAI,CAAC;CACf,CAoBA"}

package/dist/auth/oauth/testing/mock-stores.js

@@ -0,0 +1,218 @@
+// ---------------------------------------------------------------------------
+// OAuth Testing Utilities — Mock stores for unit testing
+// ---------------------------------------------------------------------------
+// ---------------------------------------------------------------------------
+// Mock Client Store
+// ---------------------------------------------------------------------------
+export function createMockClientStore() {
+    const clients = new Map();
+    let counter = 0;
+    return {
+        clients,
+        reset() {
+            clients.clear();
+            counter = 0;
+        },
+        async create(input) {
+            counter++;
+            const id = `client_${counter}`;
+            const clientId = `test_mcp_${Date.now()}_${counter}`;
+            const now = Math.floor(Date.now() / 1000);
+            const client = {
+                id,
+                client_id: clientId,
+                client_name: input.client_name,
+                redirect_uris: JSON.stringify(input.redirect_uris),
+                grant_types: JSON.stringify(input.grant_types),
+                created_at: now,
+            };
+            clients.set(clientId, client);
+            return client;
+        },
+        async findByClientId(clientId) {
+            return clients.get(clientId) ?? null;
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// Mock Auth Code Store
+// ---------------------------------------------------------------------------
+export function createMockAuthCodeStore() {
+    const sessions = new Map();
+    const codes = new Map();
+    return {
+        sessions,
+        codes,
+        reset() {
+            sessions.clear();
+            codes.clear();
+        },
+        async createSession(input) {
+            const session = {
+                state: input.state,
+                client_id: input.client_id,
+                redirect_uri: input.redirect_uri,
+                code_challenge: input.code_challenge,
+                code_challenge_method: input.code_challenge_method,
+                scope: input.scope,
+                code: null,
+                user_email: null,
+                consumed: 0,
+                expires_at: input.expires_at,
+            };
+            sessions.set(input.state, session);
+        },
+        async findByState(state) {
+            const session = sessions.get(state);
+            if (!session)
+                return null;
+            const now = Math.floor(Date.now() / 1000);
+            if (session.expires_at < now)
+                return null;
+            return session;
+        },
+        async upgrade(state, code, userEmail, expiresAt) {
+            const session = sessions.get(state);
+            if (!session)
+                return false;
+            if (session.code !== null)
+                return false;
+            const now = Math.floor(Date.now() / 1000);
+            if (session.expires_at < now)
+                return false;
+            session.code = code;
+            session.user_email = userEmail;
+            session.expires_at = expiresAt;
+            codes.set(code, session);
+            return true;
+        },
+        async findByCode(code) {
+            const session = codes.get(code);
+            if (!session)
+                return null;
+            if (session.consumed !== 0)
+                return null;
+            const now = Math.floor(Date.now() / 1000);
+            if (session.expires_at < now)
+                return null;
+            return session;
+        },
+        async consume(code) {
+            const session = codes.get(code);
+            if (!session)
+                return false;
+            if (session.consumed !== 0)
+                return false;
+            session.consumed = 1;
+            return true;
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// Mock Token Store
+// ---------------------------------------------------------------------------
+export function createMockTokenStore() {
+    const tokens = new Map();
+    let counter = 0;
+    return {
+        tokens,
+        reset() {
+            tokens.clear();
+            counter = 0;
+        },
+        async create(input) {
+            counter++;
+            const id = `token_${counter}`;
+            const now = Math.floor(Date.now() / 1000);
+            const token = {
+                id,
+                access_token_hash: input.access_token_hash,
+                access_token_preview: input.access_token_preview,
+                refresh_token_hash: input.refresh_token_hash,
+                client_id: input.client_id,
+                user_email: input.user_email,
+                client_name: input.client_name ?? null,
+                scope: input.scope,
+                revoked: 0,
+                revoked_at: null,
+                expires_at: input.expires_at,
+                refresh_expires_at: input.refresh_expires_at,
+                last_used_at: null,
+                created_at: now,
+            };
+            tokens.set(id, token);
+            return token;
+        },
+        async findByRefreshHash(refreshHash) {
+            for (const token of tokens.values()) {
+                if (token.refresh_token_hash === refreshHash) {
+                    if (token.revoked !== 0)
+                        return null;
+                    const now = Math.floor(Date.now() / 1000);
+                    if (token.refresh_expires_at < now)
+                        return null;
+                    return token;
+                }
+            }
+            return null;
+        },
+        async revokeByClientAndUser(clientId, userEmail) {
+            let count = 0;
+            const now = Math.floor(Date.now() / 1000);
+            for (const token of tokens.values()) {
+                if (token.client_id === clientId &&
+                    token.user_email === userEmail &&
+                    token.revoked === 0) {
+                    token.revoked = 1;
+                    token.revoked_at = now;
+                    count++;
+                }
+            }
+            return count;
+        },
+    };
+}
+export function createMockAuthContext(options = {}) {
+    let authenticated = options.authenticated ?? false;
+    let email = options.email ?? null;
+    const allowedEmails = options.allowedEmails ?? [];
+    return {
+        setAuthenticated(value) {
+            authenticated = value;
+        },
+        setEmail(value) {
+            email = value;
+        },
+        async isAuthenticated() {
+            return authenticated;
+        },
+        async getEmail() {
+            return email;
+        },
+        isEmailAllowed(emailToCheck) {
+            if (allowedEmails.length === 0)
+                return true; // No whitelist = allow all
+            return allowedEmails.includes(emailToCheck);
+        },
+    };
+}
+export function createMockOAuthContext(options = {}) {
+    const clients = createMockClientStore();
+    const authCodes = createMockAuthCodeStore();
+    const tokens = createMockTokenStore();
+    const auth = createMockAuthContext(options.auth);
+    return {
+        clients,
+        authCodes,
+        tokens,
+        auth,
+        issuer: options.issuer ?? "https://test.example.com",
+        tokenPrefix: options.tokenPrefix ?? "test",
+        reset() {
+            clients.reset();
+            authCodes.reset();
+            tokens.reset();
+        },
+    };
+}
+//# sourceMappingURL=mock-stores.js.map

package/dist/auth/oauth/testing/mock-stores.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mock-stores.js","sourceRoot":"","sources":["../../../../src/auth/oauth/testing/mock-stores.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,yDAAyD;AACzD,8EAA8E;AAa9E,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB;IAInC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC7C,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,OAAO;QACL,OAAO;QAEP,KAAK;YACH,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,GAAG,CAAC,CAAC;QACd,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,KAAK;YAChB,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,GAAG,UAAU,OAAO,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,YAAY,IAAI,CAAC,GAAG,EAAE,IAAI,OAAO,EAAE,CAAC;YACrD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAE1C,MAAM,MAAM,GAAc;gBACxB,EAAE;gBACF,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC;gBAClD,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC;gBAC9C,UAAU,EAAE,GAAG;aAChB,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC9B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,KAAK,CAAC,cAAc,CAAC,QAAQ;YAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;QACvC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,MAAM,UAAU,uBAAuB;IAKrC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAuB,CAAC;IAChD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAuB,CAAC;IAE7C,OAAO;QACL,QAAQ;QACR,KAAK;QAEL,KAAK;YACH,QAAQ,CAAC,KAAK,EAAE,CAAC;YACjB,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,KAAK;YACvB,MAAM,OAAO,GAAgB;gBAC3B,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,cAAc,EAAE,KAAK,CAAC,cAAc;gBACpC,qBAAqB,EAAE,KAAK,CAAC,qBAAqB;gBAClD,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,IAAI,EAAE,IAAI;gBACV,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,CAAC;gBACX,UAAU,EAAE,KAAK,CAAC,UAAU;aAC7B,CAAC;YACF,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACrC,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,KAAK;YACrB,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,UAAU,GAAG,GAAG;gBAAE,OAAO,IAAI,CAAC;YAC1C,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;YAC7C,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YAC3B,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YACxC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,UAAU,GAAG,GAAG;gBAAE,OAAO,KAAK,CAAC;YAE3C,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;YACpB,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;YAC/B,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;YAC/B,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,IAAI;YACnB,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAChC,IAAI,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC1B,IAAI,OAAO,CAAC,QAAQ,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YACxC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,UAAU,GAAG,GAAG;gBAAE,OAAO,IAAI,CAAC;YAC1C,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,IAAI;YAChB,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAChC,IAAI,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YAC3B,IAAI,OAAO,CAAC,QAAQ,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YACzC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAM,UAAU,oBAAoB;IAIlC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC3C,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,OAAO;QACL,MAAM;QAEN,KAAK;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,GAAG,CAAC,CAAC;QACd,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,KAAK;YAChB,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,GAAG,SAAS,OAAO,EAAE,CAAC;YAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAE1C,MAAM,KAAK,GAAa;gBACtB,EAAE;gBACF,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;gBAC1C,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;gBAChD,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;gBAC5C,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI;gBACtC,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,OAAO,EAAE,CAAC;gBACV,UAAU,EAAE,IAAI;gBAChB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;gBAC5C,YAAY,EAAE,IAAI;gBAClB,UAAU,EAAE,GAAG;aAChB,CAAC;YAEF,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,CAAC,iBAAiB,CAAC,WAAW;YACjC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;gBACpC,IAAI,KAAK,CAAC,kBAAkB,KAAK,WAAW,EAAE,CAAC;oBAC7C,IAAI,KAAK,CAAC,OAAO,KAAK,CAAC;wBAAE,OAAO,IAAI,CAAC;oBACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;oBAC1C,IAAI,KAAK,CAAC,kBAAkB,GAAG,GAAG;wBAAE,OAAO,IAAI,CAAC;oBAChD,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,qBAAqB,CAAC,QAAQ,EAAE,SAAS;YAC7C,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;gBACpC,IACE,KAAK,CAAC,SAAS,KAAK,QAAQ;oBAC5B,KAAK,CAAC,UAAU,KAAK,SAAS;oBAC9B,KAAK,CAAC,OAAO,KAAK,CAAC,EACnB,CAAC;oBACD,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;oBAClB,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;oBACvB,KAAK,EAAE,CAAC;gBACV,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;AACJ,CAAC;AAYD,MAAM,UAAU,qBAAqB,CACnC,UAAkC,EAAE;IAEpC,IAAI,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,KAAK,CAAC;IACnD,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC;IAClC,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;IAElD,OAAO;QACL,gBAAgB,CAAC,KAAc;YAC7B,aAAa,GAAG,KAAK,CAAC;QACxB,CAAC;QAED,QAAQ,CAAC,KAAoB;YAC3B,KAAK,GAAG,KAAK,CAAC;QAChB,CAAC;QAED,KAAK,CAAC,eAAe;YACnB,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,KAAK,CAAC,QAAQ;YACZ,OAAO,KAAK,CAAC;QACf,CAAC;QAED,cAAc,CAAC,YAAoB;YACjC,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC,CAAC,2BAA2B;YACxE,OAAO,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC;KACF,CAAC;AACJ,CAAC;AAYD,MAAM,UAAU,sBAAsB,CACpC,UAAyC,EAAE;IAQ3C,MAAM,OAAO,GAAG,qBAAqB,EAAE,CAAC;IACxC,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;IAC5C,MAAM,MAAM,GAAG,oBAAoB,EAAE,CAAC;IACtC,MAAM,IAAI,GAAG,qBAAqB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjD,OAAO;QACL,OAAO;QACP,SAAS;QACT,MAAM;QACN,IAAI;QACJ,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,0BAA0B;QACpD,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,MAAM;QAE1C,KAAK;YACH,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,SAAS,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;KACF,CAAC;AACJ,CAAC"}