@olane/o-mcp 0.6.13 → 0.7.2

package/dist/src/oauth/mcp-oauth-callback-server.js

@@ -0,0 +1,179 @@
+import express from 'express';
+import { EventEmitter } from 'events';
+/**
+ * HTTP server for handling OAuth callbacks
+ *
+ * This server runs locally to receive the OAuth redirect after user authorization.
+ * It automatically shuts down after receiving the callback.
+ */
+export class McpOAuthCallbackServer {
+    constructor(port) {
+        this.server = null;
+        this.port = 3334;
+        this.callbackResult = null;
+        if (port) {
+            this.port = port;
+        }
+        this.app = express();
+        this.events = new EventEmitter();
+        this.setupRoutes();
+    }
+    /**
+     * Setup Express routes
+     */
+    setupRoutes() {
+        // OAuth callback endpoint
+        this.app.get('/oauth/callback', (req, res) => {
+            const { code, state, error, error_description } = req.query;
+            if (error) {
+                this.callbackResult = {
+                    code: '',
+                    error: error,
+                    error_description: error_description,
+                };
+                res.send(`
+          <html>
+            <head><title>OAuth Error</title></head>
+            <body style="font-family: Arial, sans-serif; padding: 40px; text-align: center;">
+              <h1 style="color: #d32f2f;">Authentication Failed</h1>
+              <p style="color: #666;">Error: ${error}</p>
+              <p style="color: #666;">${error_description || ''}</p>
+              <p style="margin-top: 40px; color: #999;">You can close this window.</p>
+            </body>
+          </html>
+        `);
+            }
+            else if (code) {
+                this.callbackResult = {
+                    code: code,
+                    state: state,
+                };
+                res.send(`
+          <html>
+            <head><title>OAuth Success</title></head>
+            <body style="font-family: Arial, sans-serif; padding: 40px; text-align: center;">
+              <h1 style="color: #4caf50;">✓ Authentication Successful</h1>
+              <p style="color: #666;">You have successfully authenticated with the MCP server.</p>
+              <p style="margin-top: 40px; color: #999;">You can close this window.</p>
+              <script>
+                setTimeout(() => window.close(), 3000);
+              </script>
+            </body>
+          </html>
+        `);
+            }
+            else {
+                this.callbackResult = {
+                    code: '',
+                    error: 'invalid_request',
+                    error_description: 'No code or error in callback',
+                };
+                res.status(400).send(`
+          <html>
+            <head><title>OAuth Error</title></head>
+            <body style="font-family: Arial, sans-serif; padding: 40px; text-align: center;">
+              <h1 style="color: #d32f2f;">Invalid Callback</h1>
+              <p style="color: #666;">The OAuth callback was missing required parameters.</p>
+              <p style="margin-top: 40px; color: #999;">You can close this window.</p>
+            </body>
+          </html>
+        `);
+            }
+            // Emit callback event
+            this.events.emit('callback', this.callbackResult);
+        });
+        // Health check endpoint
+        this.app.get('/health', (req, res) => {
+            res.json({ status: 'ok', port: this.port });
+        });
+    }
+    /**
+     * Start the callback server
+     */
+    async start(port) {
+        if (port) {
+            this.port = port;
+        }
+        if (this.server) {
+            throw new Error('Callback server is already running');
+        }
+        return new Promise((resolve, reject) => {
+            try {
+                this.server = this.app.listen(this.port, () => {
+                    console.log(`OAuth callback server listening on http://localhost:${this.port}`);
+                    resolve();
+                });
+                this.server.on('error', (error) => {
+                    if (error.code === 'EADDRINUSE') {
+                        reject(new Error(`Port ${this.port} is already in use. Please close other OAuth flows or choose a different port.`));
+                    }
+                    else {
+                        reject(error);
+                    }
+                });
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+    }
+    /**
+     * Stop the callback server
+     */
+    async stop() {
+        if (!this.server) {
+            return;
+        }
+        return new Promise((resolve, reject) => {
+            this.server.close((error) => {
+                if (error) {
+                    reject(error);
+                }
+                else {
+                    this.server = null;
+                    this.callbackResult = null;
+                    resolve();
+                }
+            });
+        });
+    }
+    /**
+     * Wait for OAuth callback
+     * @param timeout Timeout in milliseconds (default: 5 minutes)
+     */
+    async waitForCallback(timeout = 300000) {
+        return new Promise((resolve, reject) => {
+            const timeoutId = setTimeout(() => {
+                this.events.removeAllListeners('callback');
+                reject(new Error('OAuth callback timeout. User did not complete authentication.'));
+            }, timeout);
+            this.events.once('callback', (result) => {
+                clearTimeout(timeoutId);
+                if (result.error) {
+                    reject(new Error(`OAuth error: ${result.error}. ${result.error_description || ''}`));
+                }
+                else {
+                    resolve(result);
+                }
+            });
+        });
+    }
+    /**
+     * Get the callback URL
+     */
+    getCallbackUrl() {
+        return `http://localhost:${this.port}/oauth/callback`;
+    }
+    /**
+     * Get the current port
+     */
+    getPort() {
+        return this.port;
+    }
+    /**
+     * Check if server is running
+     */
+    isRunning() {
+        return this.server !== null;
+    }
+}

package/dist/src/oauth/mcp-oauth-manager.d.ts

@@ -0,0 +1,61 @@
+import { oRequest } from '@olane/o-core';
+import { oLaneTool } from '@olane/o-lane';
+import { oNodeToolConfig } from '@olane/o-node';
+import { ToolResult } from '@olane/o-tool';
+/**
+ * MCP OAuth Manager Tool
+ *
+ * Coordinates OAuth authentication flows for MCP servers:
+ * - Dynamic client registration (RFC 7591)
+ * - PKCE authorization flow
+ * - Token storage and refresh
+ * - Callback server management
+ */
+export declare class McpOAuthManager extends oLaneTool {
+    private storage;
+    private callbackServer;
+    private dynamicRegistration;
+    private oauthToolAddress;
+    constructor(config: oNodeToolConfig);
+    /**
+     * Authenticate with an OAuth-protected MCP server
+     */
+    _tool_authenticate_server(request: oRequest): Promise<ToolResult>;
+    /**
+     * Refresh OAuth tokens for an MCP server
+     */
+    _tool_refresh_tokens(request: oRequest): Promise<ToolResult>;
+    /**
+     * Check OAuth token status for an MCP server
+     */
+    _tool_check_tokens(request: oRequest): Promise<ToolResult>;
+    /**
+     * Clear OAuth tokens and client info for an MCP server
+     */
+    _tool_clear_tokens(request: oRequest): Promise<ToolResult>;
+    /**
+     * List all authenticated MCP servers
+     */
+    _tool_list_authenticated_servers(request: oRequest): Promise<ToolResult>;
+    /**
+     * Public method for refreshing tokens (used by transport)
+     */
+    refreshTokens(serverUrl: string): Promise<void>;
+    /**
+     * Get service name for OAuth tool
+     */
+    private getServiceName;
+    /**
+     * Hash server URL for service name
+     */
+    private hashServerUrl;
+    /**
+     * Launch browser for OAuth authorization
+     */
+    private launchBrowser;
+    /**
+     * Cleanup on shutdown
+     */
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=mcp-oauth-manager.d.ts.map

package/dist/src/oauth/mcp-oauth-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-oauth-manager.d.ts","sourceRoot":"","sources":["../../../src/oauth/mcp-oauth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,QAAQ,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAO3C;;;;;;;;GAQG;AACH,qBAAa,eAAgB,SAAQ,SAAS;IAC5C,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,cAAc,CAAuC;IAC7D,OAAO,CAAC,mBAAmB,CAAyB;IACpD,OAAO,CAAC,gBAAgB,CAAW;gBAEvB,MAAM,EAAE,eAAe;IAkBnC;;OAEG;IACG,yBAAyB,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;IAyLvE;;OAEG;IACG,oBAAoB,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;IAwClE;;OAEG;IACG,kBAAkB,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;IAehE;;OAEG;IACG,kBAAkB,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;IAahE;;OAEG;IACG,gCAAgC,CACpC,OAAO,EAAE,QAAQ,GAChB,OAAO,CAAC,UAAU,CAAC;IAWtB;;OAEG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAarD;;OAEG;IACH,OAAO,CAAC,cAAc;IAItB;;OAEG;IACH,OAAO,CAAC,aAAa;IAOrB;;OAEG;YACW,aAAa;IAY3B;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAO5B"}

package/dist/src/oauth/mcp-oauth-manager.js

@@ -0,0 +1,289 @@
+import { oAddress } from '@olane/o-core';
+import { oLaneTool } from '@olane/o-lane';
+import { McpOAuthStorage } from './mcp-oauth-storage.js';
+import { McpOAuthCallbackServer } from './mcp-oauth-callback-server.js';
+import { McpDynamicRegistration } from './mcp-dynamic-registration.js';
+import { MCP_OAUTH_METHODS } from './methods/mcp-oauth.methods.js';
+/**
+ * MCP OAuth Manager Tool
+ *
+ * Coordinates OAuth authentication flows for MCP servers:
+ * - Dynamic client registration (RFC 7591)
+ * - PKCE authorization flow
+ * - Token storage and refresh
+ * - Callback server management
+ */
+export class McpOAuthManager extends oLaneTool {
+    constructor(config) {
+        super({
+            ...config,
+            address: new oAddress('o://mcp/oauth'),
+            description: 'OAuth authentication manager for MCP servers',
+            methods: MCP_OAUTH_METHODS,
+        });
+        this.callbackServer = null;
+        // Initialize storage adapter with o://secure
+        this.storage = new McpOAuthStorage({
+            storageAddress: new oAddress('o://secure'),
+            useFunction: this.use.bind(this),
+        });
+        this.dynamicRegistration = new McpDynamicRegistration();
+        this.oauthToolAddress = new oAddress('o://oauth');
+    }
+    /**
+     * Authenticate with an OAuth-protected MCP server
+     */
+    async _tool_authenticate_server(request) {
+        const { serverUrl, clientName, scope, staticClientInfo, useDynamicRegistration = true, callbackPort = 3334, } = request.params;
+        try {
+            this.logger.info(`Starting OAuth authentication for ${serverUrl}`);
+            // 1. Check if we already have valid tokens
+            const existingTokens = await this.storage.getTokens(serverUrl);
+            if (existingTokens &&
+                !(await this.storage.areTokensExpired(serverUrl))) {
+                this.logger.info(`Already authenticated with ${serverUrl}`);
+                return {
+                    success: true,
+                    message: 'Already authenticated',
+                    hasTokens: true,
+                };
+            }
+            // 2. Get or register OAuth client
+            let clientInfo;
+            if (staticClientInfo) {
+                // Use provided static client credentials
+                this.logger.info(`Using static OAuth client info for ${serverUrl}`);
+                const staticInfo = staticClientInfo;
+                // Discover endpoints if not provided
+                const endpoints = await this.dynamicRegistration.discoverEndpoints(serverUrl);
+                clientInfo = {
+                    client_id: staticInfo.client_id,
+                    client_secret: staticInfo.client_secret,
+                    authorization_endpoint: staticInfo.authorization_endpoint ||
+                        endpoints.authorization_endpoint ||
+                        '',
+                    token_endpoint: staticInfo.token_endpoint || endpoints.token_endpoint || '',
+                    scope: (staticInfo.scope ||
+                        scope ||
+                        'openid profile email'),
+                };
+                if (!clientInfo.authorization_endpoint || !clientInfo.token_endpoint) {
+                    throw new Error(`Could not determine OAuth endpoints for ${serverUrl}. Please provide authorization_endpoint and token_endpoint in staticClientInfo.`);
+                }
+            }
+            else if (useDynamicRegistration) {
+                // Dynamic client registration
+                this.logger.info(`Attempting dynamic client registration for ${serverUrl}`);
+                const existingClientInfo = await this.storage.getClientInfo(serverUrl);
+                // Start callback server to get redirect URI
+                this.callbackServer = new McpOAuthCallbackServer(callbackPort);
+                await this.callbackServer.start();
+                const redirectUri = this.callbackServer.getCallbackUrl();
+                clientInfo = await this.dynamicRegistration.getOrRegisterClient(serverUrl, clientName || 'Olane MCP Client', redirectUri, existingClientInfo, scope);
+                // Save client info to encrypted storage
+                await this.storage.saveClientInfo(serverUrl, clientInfo);
+                this.logger.info(`Client registered successfully for ${serverUrl}`);
+            }
+            else {
+                throw new Error(`No OAuth client credentials provided for ${serverUrl}. Please provide staticClientInfo or enable useDynamicRegistration.`);
+            }
+            // 3. Start callback server if not already started
+            if (!this.callbackServer) {
+                this.callbackServer = new McpOAuthCallbackServer(callbackPort);
+                await this.callbackServer.start();
+            }
+            const redirectUri = this.callbackServer.getCallbackUrl();
+            // 4. Configure OAuth via existing OAuthTool
+            const serviceName = this.getServiceName(serverUrl);
+            await this.use(this.oauthToolAddress, {
+                method: 'configure',
+                params: {
+                    serviceName,
+                    clientId: clientInfo.client_id,
+                    clientSecret: clientInfo.client_secret,
+                    redirectUri,
+                    authorizationUrl: clientInfo.authorization_endpoint,
+                    tokenUrl: clientInfo.token_endpoint,
+                    scope: clientInfo.scope || scope || 'openid profile email',
+                },
+            });
+            // 5. Get authorization URL (with PKCE)
+            const authUrlResponse = await this.use(this.oauthToolAddress, {
+                method: 'getAuthorizationUrl',
+                params: {
+                    serviceName,
+                    scope: clientInfo.scope || scope,
+                },
+            });
+            const authUrl = authUrlResponse.result?.data?.authorizationUrl ||
+                authUrlResponse.result?.authorizationUrl;
+            this.logger.info(`Authorization URL: ${authUrl}`);
+            // 6. Launch browser
+            this.logger.info('Opening browser for user authorization...');
+            await this.launchBrowser(authUrl);
+            // 7. Wait for callback
+            this.logger.info('Waiting for OAuth callback...');
+            const { code, state } = await this.callbackServer.waitForCallback(300000); // 5 min timeout
+            this.logger.info('OAuth callback received');
+            // 8. Exchange code for tokens
+            const tokenResponse = await this.use(this.oauthToolAddress, {
+                method: 'exchangeCode',
+                params: {
+                    serviceName,
+                    code,
+                    state,
+                },
+            });
+            const tokens = tokenResponse.result?.data?.tokens ||
+                tokenResponse.result?.tokens;
+            // 9. Persist tokens to encrypted storage
+            await this.storage.saveTokens(serverUrl, tokens);
+            // 10. Stop callback server
+            await this.callbackServer.stop();
+            this.callbackServer = null;
+            this.logger.info(`OAuth authentication successful for ${serverUrl}`);
+            return {
+                success: true,
+                message: 'OAuth authentication successful',
+                serverUrl,
+                hasTokens: true,
+            };
+        }
+        catch (error) {
+            // Clean up callback server on error
+            if (this.callbackServer) {
+                await this.callbackServer.stop().catch(() => { });
+                this.callbackServer = null;
+            }
+            this.logger.error(`OAuth authentication failed: ${error.message}`);
+            throw new Error(`OAuth authentication failed: ${error.message}`);
+        }
+    }
+    /**
+     * Refresh OAuth tokens for an MCP server
+     */
+    async _tool_refresh_tokens(request) {
+        const { serverUrl } = request.params;
+        try {
+            this.logger.info(`Refreshing OAuth tokens for ${serverUrl}`);
+            const tokens = await this.storage.getTokens(serverUrl);
+            if (!tokens?.refresh_token) {
+                throw new Error('No refresh token available');
+            }
+            const serviceName = this.getServiceName(serverUrl);
+            const refreshResponse = await this.use(this.oauthToolAddress, {
+                method: 'refreshToken',
+                params: {
+                    serviceName,
+                    refreshToken: tokens.refresh_token,
+                },
+            });
+            const newTokens = refreshResponse.result?.data?.tokens ||
+                refreshResponse.result?.tokens;
+            // Save new tokens to encrypted storage
+            await this.storage.saveTokens(serverUrl, newTokens);
+            this.logger.info(`Tokens refreshed successfully for ${serverUrl}`);
+            return {
+                success: true,
+                message: 'Tokens refreshed successfully',
+            };
+        }
+        catch (error) {
+            this.logger.error(`Token refresh failed: ${error.message}`);
+            throw new Error(`Token refresh failed: ${error.message}`);
+        }
+    }
+    /**
+     * Check OAuth token status for an MCP server
+     */
+    async _tool_check_tokens(request) {
+        const { serverUrl } = request.params;
+        const tokens = await this.storage.getTokens(serverUrl);
+        const isExpired = await this.storage.areTokensExpired(serverUrl);
+        return {
+            success: true,
+            hasTokens: !!tokens,
+            isExpired: tokens ? isExpired : null,
+            expiresAt: tokens?.expires_at || null,
+            hasRefreshToken: !!tokens?.refresh_token,
+        };
+    }
+    /**
+     * Clear OAuth tokens and client info for an MCP server
+     */
+    async _tool_clear_tokens(request) {
+        const { serverUrl } = request.params;
+        await this.storage.clearServer(serverUrl);
+        this.logger.info(`Cleared OAuth data for ${serverUrl}`);
+        return {
+            success: true,
+            message: `Cleared OAuth data for ${serverUrl}`,
+        };
+    }
+    /**
+     * List all authenticated MCP servers
+     */
+    async _tool_list_authenticated_servers(request) {
+        // This would require maintaining an index of servers
+        // For now, return empty list
+        // TODO: Implement server list tracking in storage
+        return {
+            success: true,
+            servers: [],
+            message: 'Server list tracking not yet implemented',
+        };
+    }
+    /**
+     * Public method for refreshing tokens (used by transport)
+     */
+    async refreshTokens(serverUrl) {
+        // await this._tool_refresh_tokens({
+        //   jsonrpc: '2.0',
+        //   method: 'refresh_tokens',
+        //   id: Date.now().toString(),
+        //   params: { serverUrl },
+        //   state: {},
+        //   peerId: this.peerId,
+        //   source: this.address!,
+        //   target: this.address!,
+        // } as oRequest);
+    }
+    /**
+     * Get service name for OAuth tool
+     */
+    getServiceName(serverUrl) {
+        return `mcp_${this.hashServerUrl(serverUrl)}`;
+    }
+    /**
+     * Hash server URL for service name
+     */
+    hashServerUrl(url) {
+        return Buffer.from(url)
+            .toString('base64')
+            .replace(/[^a-zA-Z0-9]/g, '_')
+            .substring(0, 16);
+    }
+    /**
+     * Launch browser for OAuth authorization
+     */
+    async launchBrowser(url) {
+        try {
+            const open = (await import('open')).default;
+            await open(url);
+        }
+        catch (error) {
+            this.logger.warn(`Could not automatically open browser: ${error.message}`);
+            this.logger.info(`Please open this URL in your browser: ${url}`);
+        }
+    }
+    /**
+     * Cleanup on shutdown
+     */
+    async stop() {
+        if (this.callbackServer) {
+            await this.callbackServer.stop().catch(() => { });
+            this.callbackServer = null;
+        }
+        await super.stop();
+    }
+}

package/dist/src/oauth/mcp-oauth-storage.d.ts

@@ -0,0 +1,60 @@
+import { oAddress } from '@olane/o-core';
+import { OAuthTokens } from './interfaces/oauth-tokens.interface.js';
+import { OAuthClientInfo } from './interfaces/oauth-client-info.interface.js';
+interface OAuthStorageConfig {
+    storageAddress: oAddress;
+    useFunction: (address: oAddress, request: any) => Promise<any>;
+}
+/**
+ * OAuth storage adapter that uses Olane OS o-storage for encrypted persistence
+ *
+ * This adapter provides a thin layer over o://secure storage for OAuth tokens
+ * and client information, with automatic encryption handled by the storage layer.
+ */
+export declare class McpOAuthStorage {
+    private storageAddress;
+    private use;
+    constructor(config: OAuthStorageConfig);
+    /**
+     * Save OAuth tokens for a server (encrypted via o://secure)
+     */
+    saveTokens(serverUrl: string, tokens: OAuthTokens): Promise<void>;
+    /**
+     * Get OAuth tokens for a server (decrypted automatically)
+     */
+    getTokens(serverUrl: string): Promise<OAuthTokens | null>;
+    /**
+     * Save OAuth client info for a server (encrypted)
+     */
+    saveClientInfo(serverUrl: string, clientInfo: OAuthClientInfo): Promise<void>;
+    /**
+     * Get OAuth client info for a server (decrypted automatically)
+     */
+    getClientInfo(serverUrl: string): Promise<OAuthClientInfo | null>;
+    /**
+     * Clear all OAuth data for a server
+     */
+    clearServer(serverUrl: string): Promise<void>;
+    /**
+     * Check if tokens exist for a server
+     */
+    hasTokens(serverUrl: string): Promise<boolean>;
+    /**
+     * Check if tokens are expired
+     */
+    areTokensExpired(serverUrl: string): Promise<boolean>;
+    /**
+     * Get the token key for storage
+     */
+    private getTokenKey;
+    /**
+     * Get the client info key for storage
+     */
+    private getClientKey;
+    /**
+     * Hash server URL for use as storage key
+     */
+    private hashServerUrl;
+}
+export {};
+//# sourceMappingURL=mcp-oauth-storage.d.ts.map

package/dist/src/oauth/mcp-oauth-storage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-oauth-storage.d.ts","sourceRoot":"","sources":["../../../src/oauth/mcp-oauth-storage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,wCAAwC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,6CAA6C,CAAC;AAE9E,UAAU,kBAAkB;IAC1B,cAAc,EAAE,QAAQ,CAAC;IACzB,WAAW,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;CAChE;AAED;;;;;GAKG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,cAAc,CAAW;IACjC,OAAO,CAAC,GAAG,CAAoD;gBAEnD,MAAM,EAAE,kBAAkB;IAKtC;;OAEG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBvE;;OAEG;IACG,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAkB/D;;OAEG;IACG,cAAc,CAClB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,eAAe,GAC1B,OAAO,CAAC,IAAI,CAAC;IAYhB;;OAEG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAgBvE;;OAEG;IACG,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBnD;;OAEG;IACG,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAepD;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAY3D;;OAEG;IACH,OAAO,CAAC,WAAW;IAInB;;OAEG;IACH,OAAO,CAAC,YAAY;IAIpB;;OAEG;IACH,OAAO,CAAC,aAAa;CAOtB"}