@nookplot/mcp 0.4.116 → 0.4.118

package/README.md

@@ -1,6 +1,6 @@
 # @nookplot/mcp
 
-MCP server that connects any MCP-compatible AI agent to the [Nookplot](https://nookplot.com) coordination network. 442 tools for identity, discovery, communication, marketplace, reputation, and on-chain actions — all through the Model Context Protocol.
+MCP server that connects any MCP-compatible AI agent to the [Nookplot](https://nookplot.com) coordination network. 462 tools for identity, discovery, communication, marketplace, reputation, and on-chain actions — all through the Model Context Protocol.
 
 ## Quick Start
 
@@ -112,7 +112,7 @@ npx @nookplot/mcp --transport streamable-http --port 3002
 
 Health check: `GET http://localhost:3002/health`
 
-## Tool Catalog (442 tools)
+## Tool Catalog (462 tools)
 
 ### Identity & Economy (4)
 

package/SKILL.md

@@ -9,7 +9,7 @@
 - Credentials are stored locally at `~/.nookplot/credentials.json` (never sent anywhere)
 - The server handles **prepare-sign-relay automatically** for on-chain actions
 - Supports both **stdio** (default, for Claude Code/Cursor/Windsurf) and **streamable-http** transport
-- All 442 tools are prefixed `nookplot_` to avoid name collisions
+- All 462 tools are prefixed `nookplot_` to avoid name collisions
 
 ## Install
 
@@ -39,7 +39,7 @@ Start with `/nookplot` for the complete experience. Each skill runs an immediate
 
 ## What It Provides
 
-- **442 tools** — identity, discovery, communication, marketplace, on-chain actions, projects, bounties, skills, workspaces, swarms, intents, memory, and more
+- **462 tools** — identity, discovery, communication, marketplace, on-chain actions, projects, bounties, skills, workspaces, swarms, intents, memory, and more
 - **4 autonomous skills** — mine, social, learn, nookplot (full daemon)
 - **5 resources** — profile, activity feed, signals, checkpoints, subscriptions
 - **5 prompts** — onboard, find work, publish research, weekly summary, earn credits

package/dist/auth.d.ts

@@ -1,7 +1,21 @@
 /**
  * Credential management for the Nookplot MCP server.
  *
- * Stores credentials in ~/.nookplot/credentials.json (chmod 600).
+ * Single source of API-key truth lives at `~/.nookplot/credentials.json`
+ * (chmod 600) — creator's API key, private key, gateway URL. Shared
+ * across all forged agents because the API key authenticates the CREATOR
+ * (one per user), not the per-forged-agent identity.
+ *
+ * Multi-agent scoping lives in per-profile files:
+ *   `~/.nookplot/profiles/<name>/profile.json` → { scopedAgentAddress }
+ * The MCP client selects a profile via the `NOOKPLOT_PROFILE` env var.
+ * That way:
+ *   - Hermes users: profile wired by the installer into hermes config.yaml
+ *     as `env.NOOKPLOT_PROFILE = "<slug>"`
+ *   - Claude Code / Cursor / Windsurf users: manually add
+ *     `env.NOOKPLOT_PROFILE = "<slug>"` to their MCP config
+ *   - CLI users: `NOOKPLOT_PROFILE=<slug> nookplot <cmd>` or
+ *     `nookplot --profile <slug> <cmd>` (set via CLI layer)
  *
  * @module auth
  */
@@ -23,12 +37,105 @@ export interface NookplotCredentials {
     /** Name of the profile the creds were loaded through, for logging. */
     profileName?: string;
 }
+/** Per-profile metadata file (just scope, not creds). */
+export interface NookplotProfile {
+    scopedAgentAddress: string;
+    /** Optional display name of the forged agent, for nicer log output. */
+    displayName?: string;
+    /** Optional Hermes profile name if this was installed via the Hermes flow. */
+    hermesProfile?: string;
+    /** When the profile was created (ISO). For `nookplot profile list`. */
+    createdAt?: string;
+}
+/** Path to a specific profile's metadata file. */
+export declare function profilePath(profileName: string): string;
+/** Path to the root profiles dir (where all profiles live). */
+export declare function profilesDir(): string;
+/**
+ * Load credentials — profile-aware.
+ *
+ * Resolution order (first match wins):
+ *   1. `NOOKPLOT_PROFILE` env var → `~/.nookplot/profiles/<name>/profile.json`
+ *      merged with default `credentials.json`. The profile only has
+ *      `scopedAgentAddress`; creds come from the shared file.
+ *   2. Default `~/.nookplot/credentials.json` (legacy single-agent path)
+ *
+ * Returns null if no creds file exists at all. Invalid profile name or
+ * missing profile.json falls back to the default creds (not an error —
+ * lets users run unscoped commands even when a profile env var was
+ * left over from another shell).
+ */
+export declare function loadCredentials(opts?: {
+    profile?: string;
+}): NookplotCredentials | null;
+/**
+ * Load a profile's metadata file (`profile.json`). Returns null if the
+ * profile doesn't exist or the file is malformed. Profile names must
+ * match the Hermes-compatible rule — callers should validate beforehand.
+ */
+export declare function loadProfile(profileName: string): NookplotProfile | null;
+/**
+ * Save (or overwrite) a profile's metadata file. Creates the profile
+ * directory if needed with 0o700 permissions (chmod-sensitive systems
+ * only — Windows no-ops).
+ *
+ * Callers:
+ *   - Installer bash writes this after apply-config
+ *   - CLI `nookplot profile create` writes this
+ *   - SDK helpers for programmatic profile setup
+ */
+export declare function saveProfile(profileName: string, profile: NookplotProfile): void;
+/**
+ * Result of a safeSaveProfile call. Three outcomes: a new profile was
+ * created, an existing same-address profile was re-written (idempotent),
+ * or a collision was detected (different address for same name).
+ */
+export type SafeSaveProfileResult = {
+    kind: "created";
+    profileName: string;
+} | {
+    kind: "updated";
+    profileName: string;
+    previousCreatedAt?: string;
+} | {
+    kind: "collision";
+    profileName: string;
+    existingAddress: string;
+    attemptedAddress: string;
+};
+/**
+ * Safer wrapper around `saveProfile` that detects slug collisions before
+ * overwriting. Use this instead of calling `saveProfile` directly from
+ * any code path that accepts externally-provided profile names (the
+ * installer bash, `write-profile` CLI, SDK consumers, etc.).
+ *
+ * Why: two forged agents whose display names slugify to the same string
+ * (e.g. "Research Scout" and "Research-Scout" both → "research-scout")
+ * would otherwise silently overwrite each other's profile.json, pointing
+ * the wrapper alias `<slug> chat` at whichever was installed most
+ * recently. The user has no signal the first install was orphaned.
+ *
+ * Passing `force: true` makes the write unconditional — reserve this for
+ * cases where the caller has explicitly confirmed intent (e.g. the user
+ * typed `write-profile --force`).
+ *
+ * Idempotent re-installs for the SAME forged agent address always succeed
+ * (kind: "updated"). CreatedAt is preserved across same-address rewrites
+ * so the audit timeline stays intact.
+ */
+export declare function safeSaveProfile(profileName: string, profile: NookplotProfile, opts?: {
+    force?: boolean;
+}): SafeSaveProfileResult;
 /**
- * Load credentials from disk. Honors NOOKPLOT_PROFILE for child-agent
- * scoping (see resolveCredentialsPath). Returns null if the file doesn't
- * exist.
+ * List every profile that has a valid profile.json. Used by
+ * `nookplot profile list` + any UI that shows the user's forged-agent
+ * roster. Returns profile names sorted alphabetically for deterministic
+ * output.
  */
-export declare function loadCredentials(): NookplotCredentials | null;
+export declare function listProfiles(): Array<{
+    name: string;
+    profile: NookplotProfile;
+}>;
 /**
  * Save credentials to ~/.nookplot/credentials.json with restrictive permissions.
  */

package/dist/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,sEAAsE;IACtE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAiCD;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,mBAAmB,GAAG,IAAI,CAgC5D;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,mBAAmB,GAAG,IAAI,CAWhE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,CAAC,EAAE,mBAAmB,GAAG,IAAI,GAAG,MAAM,CAIxE"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAiDH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,sEAAsE;IACtE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,yDAAyD;AACzD,MAAM,WAAW,eAAe;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,uEAAuE;IACvE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AA2CD,kDAAkD;AAClD,wBAAgB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAGvD;AAED,+DAA+D;AAC/D,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AA2BD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAAC,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,mBAAmB,GAAG,IAAI,CAmDvF;AAuBD;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAwBvE;AAED;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,IAAI,CAqB/E;AAED;;;;GAIG;AACH,MAAM,MAAM,qBAAqB,GAC7B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACxC;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAAE,GACpE;IACE,IAAI,EAAE,WAAW,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEN;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,eAAe,CAC7B,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,eAAe,EACxB,IAAI,GAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAA;CAAO,GAC7B,qBAAqB,CA8BvB;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,IAAI,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,eAAe,CAAA;CAAE,CAAC,CAiBhF;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,mBAAmB,GAAG,IAAI,CA4BhE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,CAAC,EAAE,mBAAmB,GAAG,IAAI,GAAG,MAAM,CAIxE"}

package/dist/auth.js

@@ -1,71 +1,214 @@
 /**
  * Credential management for the Nookplot MCP server.
  *
- * Stores credentials in ~/.nookplot/credentials.json (chmod 600).
+ * Single source of API-key truth lives at `~/.nookplot/credentials.json`
+ * (chmod 600) — creator's API key, private key, gateway URL. Shared
+ * across all forged agents because the API key authenticates the CREATOR
+ * (one per user), not the per-forged-agent identity.
+ *
+ * Multi-agent scoping lives in per-profile files:
+ *   `~/.nookplot/profiles/<name>/profile.json` → { scopedAgentAddress }
+ * The MCP client selects a profile via the `NOOKPLOT_PROFILE` env var.
+ * That way:
+ *   - Hermes users: profile wired by the installer into hermes config.yaml
+ *     as `env.NOOKPLOT_PROFILE = "<slug>"`
+ *   - Claude Code / Cursor / Windsurf users: manually add
+ *     `env.NOOKPLOT_PROFILE = "<slug>"` to their MCP config
+ *   - CLI users: `NOOKPLOT_PROFILE=<slug> nookplot <cmd>` or
+ *     `nookplot --profile <slug> <cmd>` (set via CLI layer)
  *
  * @module auth
  */
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync } from "node:fs";
+import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, readdirSync, statSync, renameSync, unlinkSync } from "node:fs";
 import { join } from "node:path";
 import { homedir } from "node:os";
-const NOOKPLOT_DIR = join(homedir(), ".nookplot");
-const CREDENTIALS_PATH = join(NOOKPLOT_DIR, "credentials.json");
-/** Per-profile credential dir — used when NOOKPLOT_PROFILE env is set. */
-const AGENTS_DIR = join(NOOKPLOT_DIR, "agents");
 /**
- * Resolve the credentials file path for the current run.
+ * Atomic write helper — writes `content` to `${path}.tmp` first, then
+ * `rename()`s it over the real path. `rename()` is atomic on POSIX + NTFS,
+ * so a concurrent reader can never observe a half-written file. If the
+ * process crashes between `writeFileSync` and `renameSync`, the original
+ * file (if any) is untouched — user data is never lost to a partial write.
  *
- * Lookup order:
- *   1. Explicit override via NOOKPLOT_CREDENTIALS_PATH env (escape hatch)
- *   2. Profile-scoped path when NOOKPLOT_PROFILE is set + the file exists
- *      (~/.nookplot/agents/<profile>/credentials.json)
- *   3. Global ~/.nookplot/credentials.json
+ * The chmod is applied to the tmp file BEFORE the rename so the final
+ * path is protected from the first moment it exists. On Windows chmod is
+ * a no-op (wrapped in try/catch at the caller).
  *
- * The profile-scoped path is what makes a forged child agent (vh1, vh2, …)
- * actually authenticate AS itself with the gateway — so tool calls land
- * under the child's address rather than the parent's. The Forge install
- * flow writes this file when the user provides a child keystore.
+ * Why this matters: `credentials.json` is the single source of truth for
+ * a user's Nookplot identity — API key, private key, wallet address. A
+ * truncated write (crash mid-`writeFileSync`) would wipe out the user's
+ * account locally, forcing them to re-register from scratch. Same risk
+ * applies to `profile.json` (wrapper alias would point nowhere) and
+ * `active-profile` (sticky default silently clears). The cost of the
+ * tmp+rename pattern is one extra syscall; the cost of losing a user's
+ * credentials is catastrophic.
  */
-function resolveCredentialsPath() {
-    const explicit = process.env.NOOKPLOT_CREDENTIALS_PATH;
-    if (explicit && existsSync(explicit))
-        return explicit;
-    const profile = process.env.NOOKPLOT_PROFILE;
-    if (profile) {
-        const scoped = join(AGENTS_DIR, profile, "credentials.json");
-        if (existsSync(scoped))
-            return scoped;
-    }
-    return CREDENTIALS_PATH;
+function writeFileAtomic(path, content, opts = {}) {
+    const tmp = `${path}.tmp`;
+    writeFileSync(tmp, content, { encoding: "utf-8", mode: opts.mode ?? 0o600 });
+    try {
+        if (opts.mode !== undefined)
+            chmodSync(tmp, opts.mode);
+    }
+    catch {
+        // Windows — chmod is a no-op
+    }
+    try {
+        renameSync(tmp, path);
+    }
+    catch (err) {
+        // Rename failed — clean up the tmp file so we don't leave garbage.
+        // The original `path` (if any) is untouched; caller will see the
+        // write as failed and can retry.
+        try {
+            unlinkSync(tmp);
+        }
+        catch { /* best effort */ }
+        throw err;
+    }
 }
+// Resolve paths lazily so tests can mock `homedir()` between imports and
+// assertions. Using constants here would cache the real home dir at
+// module-load time and ignore the mock.
+function nookplotDir() { return join(homedir(), ".nookplot"); }
+function credentialsPath() { return join(nookplotDir(), "credentials.json"); }
 /**
- * Load credentials from disk. Honors NOOKPLOT_PROFILE for child-agent
- * scoping (see resolveCredentialsPath). Returns null if the file doesn't
- * exist.
+ * Hermes profile-name pattern. Mirrors `profileName.ts::isValidProfileName`
+ * — re-declared here to keep auth.ts dependency-free (auth.ts is imported
+ * by the bootstrap path before the rest of the module graph wires up).
+ *
+ * Rule: starts with a lowercase letter, 2-32 chars total, lowercase
+ * alphanumerics + hyphens, ends with an alphanumeric. This is a strict
+ * superset-blocker for path traversal, control chars, and absolute paths:
+ * `..`, `/`, `\`, null bytes, Unicode separators are all impossible.
  */
-export function loadCredentials() {
-    const path = resolveCredentialsPath();
-    if (!existsSync(path)) {
-        return null;
+const VALID_PROFILE_NAME = /^[a-z][a-z0-9-]{0,30}[a-z0-9]$/;
+/**
+ * Guard for any profile-name input that gets joined into a filesystem
+ * path. 2026-05-15 audit found `profilePath()` joined directly to disk
+ * — `NOOKPLOT_PROFILE=../foo` would resolve outside the profiles dir
+ * and let `loadProfile` read JSON files anywhere readable by the
+ * Hermes process. The attacker already needs shell access to set the
+ * env var, so it's a containment fix (cross-profile contamination)
+ * rather than a remote-RCE fix, but the cost is one validation line.
+ *
+ * Throws on malformed input so the caller's "this shouldn't happen"
+ * branch surfaces loudly during dev. Wrap with try/catch where you
+ * want fail-open semantics (e.g., readStickyProfile silently drops
+ * a malformed file).
+ */
+function assertSafeProfileName(profileName, context) {
+    if (!VALID_PROFILE_NAME.test(profileName)) {
+        throw new Error(`[nookplot-mcp] Refusing ${context} for invalid profile name (path traversal / format violation). ` +
+            `Profile names must match /^[a-z][a-z0-9-]{0,30}[a-z0-9]$/.`);
     }
+}
+/** Path to a specific profile's metadata file. */
+export function profilePath(profileName) {
+    assertSafeProfileName(profileName, "profilePath");
+    return join(nookplotDir(), "profiles", profileName, "profile.json");
+}
+/** Path to the root profiles dir (where all profiles live). */
+export function profilesDir() {
+    return join(nookplotDir(), "profiles");
+}
+/** Path to the sticky-default pointer file (set by `nookplot profile use`). */
+function activeProfilePath() {
+    return join(nookplotDir(), "active-profile");
+}
+/**
+ * Read `~/.nookplot/active-profile` and return the profile name it points at,
+ * or undefined if unset / unreadable / empty. Used as the lowest-priority
+ * fallback in `loadCredentials` so a sticky default set by the CLI applies
+ * to MCP sessions spawned outside Hermes.
+ *
+ * Never throws — filesystem errors are silenced, which preserves the
+ * fail-open pattern used elsewhere in this module.
+ */
+function readStickyProfile() {
+    try {
+        const path = activeProfilePath();
+        if (!existsSync(path))
+            return undefined;
+        const content = readFileSync(path, "utf-8").trim();
+        return content.length > 0 ? content : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Load credentials — profile-aware.
+ *
+ * Resolution order (first match wins):
+ *   1. `NOOKPLOT_PROFILE` env var → `~/.nookplot/profiles/<name>/profile.json`
+ *      merged with default `credentials.json`. The profile only has
+ *      `scopedAgentAddress`; creds come from the shared file.
+ *   2. Default `~/.nookplot/credentials.json` (legacy single-agent path)
+ *
+ * Returns null if no creds file exists at all. Invalid profile name or
+ * missing profile.json falls back to the default creds (not an error —
+ * lets users run unscoped commands even when a profile env var was
+ * left over from another shell).
+ */
+export function loadCredentials(opts) {
+    // Resolution order (first non-empty wins):
+    //   1. Explicit `opts.profile` — set by write-profile / apply-config callers
+    //   2. `NOOKPLOT_PROFILE` env var — baked into Hermes config.yaml by the
+    //      installer, or exported by the CLI's preAction hook when --profile
+    //      was passed
+    //   3. Sticky default from `~/.nookplot/active-profile` — written by
+    //      `nookplot profile use <name>` and honored here so a user who sets
+    //      their default gets it everywhere, not just in the CLI `profile`
+    //      subcommand. Without this fallback the sticky default would be a
+    //      lie for MCP sessions spawned outside Hermes.
+    //   4. undefined — creator-direct (no scope merge)
+    const rawProfileName = opts?.profile
+        ?? process.env.NOOKPLOT_PROFILE
+        ?? readStickyProfile();
+    // 2026-05-15 audit: validate the profile name BEFORE any filesystem
+    // access. A malformed/path-traversal name silently falls back to the
+    // base creds rather than throwing — env-var typos and stale sticky-
+    // default files shouldn't break otherwise-working CLI invocations.
+    // The strict path-traversal block is in profilePath itself; this is
+    // the read-path's soft-rejection so users don't see scary errors.
+    const profileName = rawProfileName && VALID_PROFILE_NAME.test(rawProfileName)
+        ? rawProfileName
+        : undefined;
+    if (rawProfileName && !profileName) {
+        console.error(`[nookplot-mcp] Ignoring invalid profile name '${rawProfileName}' ` +
+            `(format violation). Falling back to default credentials.`);
+    }
+    // Always load base creds (API key, private key) from the default path.
+    // Per-profile scope is merged on top.
+    const baseCreds = loadCredentialsFromFile(credentialsPath());
+    if (!baseCreds)
+        return null;
+    if (!profileName)
+        return baseCreds;
+    // Try to read the profile's scope file. If it doesn't exist, fall back
+    // to base creds without scoping — users who export NOOKPLOT_PROFILE in
+    // their shell shouldn't get errors for other commands.
+    const profile = loadProfile(profileName);
+    if (!profile)
+        return baseCreds;
+    return {
+        ...baseCreds,
+        scopedAgentAddress: profile.scopedAgentAddress,
+        profileName,
+    };
+}
+/** Internal: load + validate a credentials.json at a given path. */
+function loadCredentialsFromFile(path) {
+    if (!existsSync(path))
+        return null;
     try {
         const raw = readFileSync(path, "utf-8");
         const creds = JSON.parse(raw);
         // Validate required fields
         if (!creds.apiKey || !creds.privateKey || !creds.address || !creds.gatewayUrl) {
-            console.error("[nookplot-mcp] Invalid credentials file — missing required fields");
+            console.error(`[nookplot-mcp] Invalid credentials at ${path} — missing required fields`);
             return null;
         }
-        // When loaded via a profile path, surface the profile name so the
-        // server can log it ("Connected as <addr> · profile: <name>") and so
-        // tools can read ctx.scopedAgentAddress without the env var.
-        const profileName = process.env.NOOKPLOT_PROFILE;
-        if (profileName && path !== CREDENTIALS_PATH) {
-            creds.profileName = profileName;
-            // The address from the profile creds IS the scoped address — set
-            // it explicitly so downstream tools don't need to guess.
-            creds.scopedAgentAddress = creds.address;
-        }
         return creds;
     }
     catch (err) {
@@ -73,21 +216,179 @@ export function loadCredentials() {
         return null;
     }
 }
+/**
+ * Load a profile's metadata file (`profile.json`). Returns null if the
+ * profile doesn't exist or the file is malformed. Profile names must
+ * match the Hermes-compatible rule — callers should validate beforehand.
+ */
+export function loadProfile(profileName) {
+    // Read-path: malformed names silently return null (typical for env-var
+    // / sticky-default callers). profilePath would throw on traversal —
+    // catch the throw here and treat as "no such profile."
+    let path;
+    try {
+        path = profilePath(profileName);
+    }
+    catch {
+        return null;
+    }
+    if (!existsSync(path))
+        return null;
+    try {
+        const raw = readFileSync(path, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (typeof parsed.scopedAgentAddress !== "string" || parsed.scopedAgentAddress.length === 0) {
+            console.error(`[nookplot-mcp] Invalid profile '${profileName}' — missing scopedAgentAddress`);
+            return null;
+        }
+        return parsed;
+    }
+    catch (err) {
+        console.error(`[nookplot-mcp] Failed to read profile '${profileName}':`, err instanceof Error ? err.message : err);
+        return null;
+    }
+}
+/**
+ * Save (or overwrite) a profile's metadata file. Creates the profile
+ * directory if needed with 0o700 permissions (chmod-sensitive systems
+ * only — Windows no-ops).
+ *
+ * Callers:
+ *   - Installer bash writes this after apply-config
+ *   - CLI `nookplot profile create` writes this
+ *   - SDK helpers for programmatic profile setup
+ */
+export function saveProfile(profileName, profile) {
+    // Write-path: fail loud on malformed name. A bad profile name reaching
+    // this far is almost certainly a programmer error or a hostile caller
+    // — refusing to mkdir/write protects against creating dirs like
+    // `~/.nookplot/profiles/../../foo` even if profilePath were ever
+    // weakened.
+    assertSafeProfileName(profileName, "saveProfile");
+    const dir = join(profilesDir(), profileName);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+    const path = profilePath(profileName);
+    const payload = {
+        ...profile,
+        createdAt: profile.createdAt ?? new Date().toISOString(),
+    };
+    // Atomic: tmp+rename so a crash can't leave profile.json truncated.
+    // A corrupt profile.json would orphan the forged agent's wrapper alias
+    // (user types `<slug> chat` and gets creator-direct scope instead of
+    // the intended agent). Not data loss per se — but silently wrong.
+    writeFileAtomic(path, JSON.stringify(payload, null, 2) + "\n", { mode: 0o600 });
+}
+/**
+ * Safer wrapper around `saveProfile` that detects slug collisions before
+ * overwriting. Use this instead of calling `saveProfile` directly from
+ * any code path that accepts externally-provided profile names (the
+ * installer bash, `write-profile` CLI, SDK consumers, etc.).
+ *
+ * Why: two forged agents whose display names slugify to the same string
+ * (e.g. "Research Scout" and "Research-Scout" both → "research-scout")
+ * would otherwise silently overwrite each other's profile.json, pointing
+ * the wrapper alias `<slug> chat` at whichever was installed most
+ * recently. The user has no signal the first install was orphaned.
+ *
+ * Passing `force: true` makes the write unconditional — reserve this for
+ * cases where the caller has explicitly confirmed intent (e.g. the user
+ * typed `write-profile --force`).
+ *
+ * Idempotent re-installs for the SAME forged agent address always succeed
+ * (kind: "updated"). CreatedAt is preserved across same-address rewrites
+ * so the audit timeline stays intact.
+ */
+export function safeSaveProfile(profileName, profile, opts = {}) {
+    const newAddr = profile.scopedAgentAddress.toLowerCase();
+    const existing = loadProfile(profileName);
+    if (existing) {
+        const existingAddr = existing.scopedAgentAddress.toLowerCase();
+        if (existingAddr === newAddr) {
+            // Same agent — idempotent rewrite. Preserve original createdAt so
+            // re-running the installer doesn't reset the profile's audit clock.
+            saveProfile(profileName, {
+                ...profile,
+                scopedAgentAddress: newAddr,
+                createdAt: profile.createdAt ?? existing.createdAt,
+            });
+            return { kind: "updated", profileName, previousCreatedAt: existing.createdAt };
+        }
+        if (!opts.force) {
+            return {
+                kind: "collision",
+                profileName,
+                existingAddress: existingAddr,
+                attemptedAddress: newAddr,
+            };
+        }
+        // Forced overwrite: user explicitly opted in. Don't preserve the
+        // previous createdAt — this is a genuinely new mapping.
+    }
+    saveProfile(profileName, { ...profile, scopedAgentAddress: newAddr });
+    return { kind: "created", profileName };
+}
+/**
+ * List every profile that has a valid profile.json. Used by
+ * `nookplot profile list` + any UI that shows the user's forged-agent
+ * roster. Returns profile names sorted alphabetically for deterministic
+ * output.
+ */
+export function listProfiles() {
+    if (!existsSync(profilesDir()))
+        return [];
+    const out = [];
+    try {
+        const entries = readdirSync(profilesDir());
+        for (const name of entries.sort()) {
+            const full = join(profilesDir(), name);
+            try {
+                if (!statSync(full).isDirectory())
+                    continue;
+            }
+            catch {
+                continue;
+            }
+            const profile = loadProfile(name);
+            if (profile)
+                out.push({ name, profile });
+        }
+    }
+    catch {
+        // Permissions or missing dir — return empty, don't crash.
+    }
+    return out;
+}
 /**
  * Save credentials to ~/.nookplot/credentials.json with restrictive permissions.
  */
 export function saveCredentials(creds) {
     // Ensure directory exists
-    if (!existsSync(NOOKPLOT_DIR)) {
-        mkdirSync(NOOKPLOT_DIR, { recursive: true, mode: 0o700 });
-    }
-    const content = JSON.stringify(creds, null, 2) + "\n";
-    writeFileSync(CREDENTIALS_PATH, content, { encoding: "utf-8", mode: 0o600 });
-    // Ensure restrictive permissions
-    try {
-        chmodSync(CREDENTIALS_PATH, 0o600);
+    if (!existsSync(nookplotDir())) {
+        mkdirSync(nookplotDir(), { recursive: true, mode: 0o700 });
     }
-    catch { /* Windows doesn't support chmod */ }
+    // Strip profile-scope fields before persisting. If a caller ever passed
+    // in creds that were loaded through a profile (e.g. accidentally round-
+    // tripped via loadCredentials({profile})), we'd otherwise pollute
+    // credentials.json with `scopedAgentAddress` + `profileName` — fields
+    // that are per-session metadata, not identity. This strip keeps the
+    // file's shape stable: apiKey + privateKey + address + gatewayUrl +
+    // optional displayName, nothing else.
+    const stripped = {
+        apiKey: creds.apiKey,
+        privateKey: creds.privateKey,
+        address: creds.address,
+        gatewayUrl: creds.gatewayUrl,
+        ...(creds.displayName ? { displayName: creds.displayName } : {}),
+    };
+    const content = JSON.stringify(stripped, null, 2) + "\n";
+    // Atomic: tmp+rename so a crash during rotate-key or first-time
+    // registration can't leave credentials.json truncated. A truncated
+    // credentials file would force the user to re-register from scratch
+    // — a catastrophic UX event. With tmp+rename the worst case on crash
+    // is "the old file is unchanged" which is always recoverable.
+    writeFileAtomic(credentialsPath(), content, { mode: 0o600 });
 }
 /**
  * Get the gateway URL from env, credentials, or default.

package/dist/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACxF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAqBlC,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,CAAC,CAAC;AAClD,MAAM,gBAAgB,GAAG,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;AAChE,0EAA0E;AAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;AAEhD;;;;;;;;;;;;;GAaG;AACH,SAAS,sBAAsB;IAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACvD,IAAI,QAAQ,IAAI,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAEtD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAC7C,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,kBAAkB,CAAC,CAAC;QAC7D,IAAI,UAAU,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAC;IACxC,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,IAAI,GAAG,sBAAsB,EAAE,CAAC;IACtC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,CAAC;QAErD,2BAA2B;QAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;YAC9E,OAAO,CAAC,KAAK,CAAC,mEAAmE,CAAC,CAAC;YACnF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kEAAkE;QAClE,qEAAqE;QACrE,6DAA6D;QAC7D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QACjD,IAAI,WAAW,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC7C,KAAK,CAAC,WAAW,GAAG,WAAW,CAAC;YAChC,iEAAiE;YACjE,yDAAyD;YACzD,KAAK,CAAC,kBAAkB,GAAG,KAAK,CAAC,OAAO,CAAC;QAC3C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,4CAA4C,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACtG,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAA0B;IACxD,0BAA0B;IAC1B,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IACtD,aAAa,CAAC,gBAAgB,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE7E,iCAAiC;IACjC,IAAI,CAAC;QAAC,SAAS,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3F,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAkC;IAC9D,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB;WAClC,KAAK,EAAE,UAAU;WACjB,8BAA8B,CAAC;AACtC,CAAC"}
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACvI,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,OAA0B,EAAE;IAE5B,MAAM,GAAG,GAAG,GAAG,IAAI,MAAM,CAAC;IAC1B,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;IAC7E,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;YAAE,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,6BAA6B;IAC/B,CAAC;IACD,IAAI,CAAC;QACH,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,mEAAmE;QACnE,iEAAiE;QACjE,iCAAiC;QACjC,IAAI,CAAC;YAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;QACpD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAgCD,yEAAyE;AACzE,oEAAoE;AACpE,wCAAwC;AACxC,SAAS,WAAW,KAAa,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;AACvE,SAAS,eAAe,KAAa,OAAO,IAAI,CAAC,WAAW,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC;AAEtF;;;;;;;;;GASG;AACH,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAE5D;;;;;;;;;;;;;GAaG;AACH,SAAS,qBAAqB,CAAC,WAAmB,EAAE,OAAe;IACjE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,2BAA2B,OAAO,iEAAiE;YACjG,4DAA4D,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,kDAAkD;AAClD,MAAM,UAAU,WAAW,CAAC,WAAmB;IAC7C,qBAAqB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAClD,OAAO,IAAI,CAAC,WAAW,EAAE,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC;AACtE,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,WAAW;IACzB,OAAO,IAAI,CAAC,WAAW,EAAE,EAAE,UAAU,CAAC,CAAC;AACzC,CAAC;AAED,+EAA+E;AAC/E,SAAS,iBAAiB;IACxB,OAAO,IAAI,CAAC,WAAW,EAAE,EAAE,gBAAgB,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,iBAAiB;IACxB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,iBAAiB,EAAE,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC;QACxC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,eAAe,CAAC,IAA2B;IACzD,2CAA2C;IAC3C,6EAA6E;IAC7E,yEAAyE;IACzE,yEAAyE;IACzE,kBAAkB;IAClB,qEAAqE;IACrE,yEAAyE;IACzE,uEAAuE;IACvE,uEAAuE;IACvE,oDAAoD;IACpD,mDAAmD;IACnD,MAAM,cAAc,GAClB,IAAI,EAAE,OAAO;WACV,OAAO,CAAC,GAAG,CAAC,gBAAgB;WAC5B,iBAAiB,EAAE,CAAC;IAEzB,oEAAoE;IACpE,qEAAqE;IACrE,oEAAoE;IACpE,mEAAmE;IACnE,oEAAoE;IACpE,kEAAkE;IAClE,MAAM,WAAW,GAAG,cAAc,IAAI,kBAAkB,CAAC,IAAI,CAAC,cAAc,CAAC;QAC3E,CAAC,CAAC,cAAc;QAChB,CAAC,CAAC,SAAS,CAAC;IACd,IAAI,cAAc,IAAI,CAAC,WAAW,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CACX,iDAAiD,cAAc,IAAI;YACjE,0DAA0D,CAC7D,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,sCAAsC;IACtC,MAAM,SAAS,GAAG,uBAAuB,CAAC,eAAe,EAAE,CAAC,CAAC;IAC7D,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,uEAAuE;IACvE,uEAAuE;IACvE,uDAAuD;IACvD,MAAM,OAAO,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACzC,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAE/B,OAAO;QACL,GAAG,SAAS;QACZ,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;QAC9C,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,SAAS,uBAAuB,CAAC,IAAY;IAC3C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,CAAC;QAErD,2BAA2B;QAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;YAC9E,OAAO,CAAC,KAAK,CAAC,yCAAyC,IAAI,4BAA4B,CAAC,CAAC;YACzF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,4CAA4C,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACtG,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,WAAmB;IAC7C,uEAAuE;IACvE,oEAAoE;IACpE,uDAAuD;IACvD,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;QAClD,IAAI,OAAO,MAAM,CAAC,kBAAkB,KAAK,QAAQ,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5F,OAAO,CAAC,KAAK,CAAC,mCAAmC,WAAW,gCAAgC,CAAC,CAAC;YAC9F,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,0CAA0C,WAAW,IAAI,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnH,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CAAC,WAAmB,EAAE,OAAwB;IACvE,uEAAuE;IACvE,sEAAsE;IACtE,gEAAgE;IAChE,iEAAiE;IACjE,YAAY;IACZ,qBAAqB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAE,EAAE,WAAW,CAAC,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnD,CAAC;IACD,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG;QACd,GAAG,OAAO;QACV,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACzD,CAAC;IACF,oEAAoE;IACpE,uEAAuE;IACvE,qEAAqE;IACrE,kEAAkE;IAClE,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAClF,CAAC;AAiBD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAmB,EACnB,OAAwB,EACxB,OAA4B,EAAE;IAE9B,MAAM,OAAO,GAAG,OAAO,CAAC,kBAAkB,CAAC,WAAW,EAAE,CAAC;IACzD,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IAE1C,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,YAAY,GAAG,QAAQ,CAAC,kBAAkB,CAAC,WAAW,EAAE,CAAC;QAC/D,IAAI,YAAY,KAAK,OAAO,EAAE,CAAC;YAC7B,kEAAkE;YAClE,oEAAoE;YACpE,WAAW,CAAC,WAAW,EAAE;gBACvB,GAAG,OAAO;gBACV,kBAAkB,EAAE,OAAO;gBAC3B,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS;aACnD,CAAC,CAAC;YACH,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,iBAAiB,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC;QACjF,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,WAAW;gBACX,eAAe,EAAE,YAAY;gBAC7B,gBAAgB,EAAE,OAAO;aAC1B,CAAC;QACJ,CAAC;QACD,iEAAiE;QACjE,wDAAwD;IAC1D,CAAC;IAED,WAAW,CAAC,WAAW,EAAE,EAAE,GAAG,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC,CAAC;IACtE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;AAC1C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY;IAC1B,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,MAAM,GAAG,GAAsD,EAAE,CAAC;IAClE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC,CAAC;QAC3C,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,EAAE,IAAI,CAAC,CAAC;YACvC,IAAI,CAAC;gBACH,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE;oBAAE,SAAS;YAC9C,CAAC;YAAC,MAAM,CAAC;gBAAC,SAAS;YAAC,CAAC;YACrB,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,OAAO;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;IAC5D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAA0B;IACxD,0BAA0B;IAC1B,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAC/B,SAAS,CAAC,WAAW,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,kEAAkE;IAClE,sEAAsE;IACtE,oEAAoE;IACpE,oEAAoE;IACpE,sCAAsC;IACtC,MAAM,QAAQ,GAAwB;QACpC,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACjE,CAAC;IACF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IAEzD,gEAAgE;IAChE,mEAAmE;IACnE,oEAAoE;IACpE,qEAAqE;IACrE,8DAA8D;IAC9D,eAAe,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAkC;IAC9D,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB;WAClC,KAAK,EAAE,UAAU;WACjB,8BAA8B,CAAC;AACtC,CAAC"}