@open-mercato/ai-assistant 0.4.11-develop.1905.b892e2dd78 → 0.4.11-develop.1907.1fcb594c32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +1 -0
- package/dist/modules/ai_assistant/lib/codemode-tools.js +111 -12
- package/dist/modules/ai_assistant/lib/codemode-tools.js.map +3 -3
- package/package.json +4 -4
- package/src/modules/ai_assistant/lib/__tests__/codemode-tools.test.ts +244 -0
- package/src/modules/ai_assistant/lib/codemode-tools.ts +147 -11
package/AGENTS.md
CHANGED
|
@@ -46,6 +46,7 @@ registerMcpTool({
|
|
|
46
46
|
- MUST use zod schemas for `inputSchema` — never use raw JSON Schema
|
|
47
47
|
- MUST return a serializable object from the handler
|
|
48
48
|
- MUST use `moduleId` matching the module's `id` field
|
|
49
|
+
- Code Mode `api.request()` MUST enforce endpoint-level RBAC before fetch and fail closed for undocumented or featureless mutation endpoints
|
|
49
50
|
|
|
50
51
|
### Modify OpenCode Configuration
|
|
51
52
|
|
|
@@ -2,7 +2,8 @@ import { z } from "zod";
|
|
|
2
2
|
import { registerMcpTool } from "./tool-registry.js";
|
|
3
3
|
import { createSandbox } from "./sandbox.js";
|
|
4
4
|
import { truncateResult } from "./truncate.js";
|
|
5
|
-
import {
|
|
5
|
+
import { hasRequiredFeatures } from "./auth.js";
|
|
6
|
+
import { getApiEndpoints, getRawOpenApiSpec } from "./api-endpoint-index.js";
|
|
6
7
|
import {
|
|
7
8
|
getCachedEntityGraph,
|
|
8
9
|
inferModuleFromEntity
|
|
@@ -16,6 +17,7 @@ import {
|
|
|
16
17
|
} from "./session-memory.js";
|
|
17
18
|
let cachedCodeModeSpec = null;
|
|
18
19
|
let cachedCommonTypes = null;
|
|
20
|
+
const CODE_MODE_REQUIRED_FEATURES = ["ai_assistant.view"];
|
|
19
21
|
async function getCodeModeSpec() {
|
|
20
22
|
if (cachedCodeModeSpec) return cachedCodeModeSpec;
|
|
21
23
|
const rawSpec = await getRawOpenApiSpec();
|
|
@@ -394,7 +396,7 @@ Use BEFORE execute to learn endpoint schemas for CREATE/UPDATE. Skip for common
|
|
|
394
396
|
'An async arrow function that queries spec, e.g. async () => spec.paths["/api/customers/companies"]'
|
|
395
397
|
)
|
|
396
398
|
}),
|
|
397
|
-
requiredFeatures: [],
|
|
399
|
+
requiredFeatures: [...CODE_MODE_REQUIRED_FEATURES],
|
|
398
400
|
handler: async (input, ctx) => {
|
|
399
401
|
const codePreview = input.code.slice(0, 120).replace(/\n/g, " ");
|
|
400
402
|
console.error(`[AI Usage] search: code="${codePreview}${input.code.length > 120 ? "..." : ""}"`);
|
|
@@ -465,8 +467,7 @@ RULES: For FIND/LIST \u2192 GET only (1 call). For UPDATE \u2192 PUT to collecti
|
|
|
465
467
|
'Async arrow function. For reads: async () => api.request({ method: "GET", path: "/api/customers/companies" }). For updates: async () => api.request({ method: "PUT", path: "/api/customers/companies", body: { id: "<uuid>", name: "New Name" } }). id goes in BODY not URL.'
|
|
466
468
|
)
|
|
467
469
|
}),
|
|
468
|
-
requiredFeatures: [],
|
|
469
|
-
// ACL checked at API level
|
|
470
|
+
requiredFeatures: [...CODE_MODE_REQUIRED_FEATURES],
|
|
470
471
|
handler: async (input, ctx) => {
|
|
471
472
|
const codePreview = input.code.slice(0, 120).replace(/\n/g, " ");
|
|
472
473
|
console.error(`[AI Usage] execute: code="${codePreview}${input.code.length > 120 ? "..." : ""}" user=${ctx.userId || "unknown"}`);
|
|
@@ -534,10 +535,24 @@ function createApiRequestFn(ctx, onCall) {
|
|
|
534
535
|
onCall();
|
|
535
536
|
const { method, path, query, body } = params;
|
|
536
537
|
const callStart = Date.now();
|
|
537
|
-
const
|
|
538
|
+
const normalizedMethod = method.toUpperCase();
|
|
539
|
+
const apiPath = normalizeApiRequestPath(path);
|
|
540
|
+
const authorization = await authorizeCodeModeApiRequest(ctx, normalizedMethod, apiPath);
|
|
541
|
+
if (!authorization.allowed) {
|
|
542
|
+
const callDuration2 = Date.now() - callStart;
|
|
543
|
+
console.error(
|
|
544
|
+
`[AI Usage] api.request: ${normalizedMethod} ${apiPath} \u2192 ${authorization.statusCode} in ${callDuration2}ms (blocked by Code Mode RBAC)`
|
|
545
|
+
);
|
|
546
|
+
return {
|
|
547
|
+
success: false,
|
|
548
|
+
statusCode: authorization.statusCode,
|
|
549
|
+
error: authorization.error,
|
|
550
|
+
details: authorization.details
|
|
551
|
+
};
|
|
552
|
+
}
|
|
538
553
|
let url = `${baseUrl}${apiPath}`;
|
|
539
554
|
const queryParams = { ...query };
|
|
540
|
-
if (
|
|
555
|
+
if (normalizedMethod === "GET") {
|
|
541
556
|
if (ctx.tenantId) queryParams.tenantId = ctx.tenantId;
|
|
542
557
|
if (ctx.organizationId) queryParams.organizationId = ctx.organizationId;
|
|
543
558
|
}
|
|
@@ -546,7 +561,7 @@ function createApiRequestFn(ctx, onCall) {
|
|
|
546
561
|
url += separator + new URLSearchParams(queryParams).toString();
|
|
547
562
|
}
|
|
548
563
|
let requestBody;
|
|
549
|
-
if (["POST", "PUT", "PATCH"].includes(
|
|
564
|
+
if (["POST", "PUT", "PATCH"].includes(normalizedMethod)) {
|
|
550
565
|
requestBody = { ...body };
|
|
551
566
|
if (ctx.tenantId) requestBody.tenantId = ctx.tenantId;
|
|
552
567
|
if (ctx.organizationId) requestBody.organizationId = ctx.organizationId;
|
|
@@ -558,7 +573,7 @@ function createApiRequestFn(ctx, onCall) {
|
|
|
558
573
|
if (ctx.tenantId) headers["X-Tenant-Id"] = ctx.tenantId;
|
|
559
574
|
if (ctx.organizationId) headers["X-Organization-Id"] = ctx.organizationId;
|
|
560
575
|
const response = await globalThis.fetch(url, {
|
|
561
|
-
method:
|
|
576
|
+
method: normalizedMethod,
|
|
562
577
|
headers,
|
|
563
578
|
body: requestBody ? JSON.stringify(requestBody) : void 0
|
|
564
579
|
});
|
|
@@ -566,7 +581,7 @@ function createApiRequestFn(ctx, onCall) {
|
|
|
566
581
|
const data = tryParseJson(responseText);
|
|
567
582
|
const callDuration = Date.now() - callStart;
|
|
568
583
|
if (!response.ok) {
|
|
569
|
-
console.error(`[AI Usage] api.request: ${
|
|
584
|
+
console.error(`[AI Usage] api.request: ${normalizedMethod} ${apiPath} \u2192 ${response.status} in ${callDuration}ms`);
|
|
570
585
|
if (response.status === 400) {
|
|
571
586
|
return {
|
|
572
587
|
success: false,
|
|
@@ -581,8 +596,8 @@ function createApiRequestFn(ctx, onCall) {
|
|
|
581
596
|
details: data
|
|
582
597
|
};
|
|
583
598
|
}
|
|
584
|
-
console.error(`[AI Usage] api.request: ${
|
|
585
|
-
if (!["GET", "HEAD", "OPTIONS"].includes(
|
|
599
|
+
console.error(`[AI Usage] api.request: ${normalizedMethod} ${apiPath} \u2192 ${response.status} in ${callDuration}ms (${responseText.length} bytes)`);
|
|
600
|
+
if (!["GET", "HEAD", "OPTIONS"].includes(normalizedMethod)) {
|
|
586
601
|
return {
|
|
587
602
|
success: true,
|
|
588
603
|
statusCode: response.status,
|
|
@@ -597,6 +612,87 @@ function createApiRequestFn(ctx, onCall) {
|
|
|
597
612
|
};
|
|
598
613
|
};
|
|
599
614
|
}
|
|
615
|
+
async function authorizeCodeModeApiRequest(ctx, method, path) {
|
|
616
|
+
const normalizedMethod = method.toUpperCase();
|
|
617
|
+
const normalizedPath = normalizeApiRequestPath(path);
|
|
618
|
+
const endpoint = await findCodeModeApiEndpoint(normalizedMethod, normalizedPath);
|
|
619
|
+
if (!endpoint) {
|
|
620
|
+
return {
|
|
621
|
+
allowed: false,
|
|
622
|
+
statusCode: 403,
|
|
623
|
+
error: `Code Mode cannot call undocumented API endpoint ${normalizedMethod} ${normalizedPath}`
|
|
624
|
+
};
|
|
625
|
+
}
|
|
626
|
+
const rbacService = resolveRbacService(ctx);
|
|
627
|
+
const requiredFeatures = endpoint.requiredFeatures ?? [];
|
|
628
|
+
if (requiredFeatures.length > 0) {
|
|
629
|
+
if (hasRequiredFeatures(requiredFeatures, ctx.userFeatures, ctx.isSuperAdmin, rbacService)) {
|
|
630
|
+
return { allowed: true, endpoint };
|
|
631
|
+
}
|
|
632
|
+
return {
|
|
633
|
+
allowed: false,
|
|
634
|
+
statusCode: 403,
|
|
635
|
+
error: `Insufficient permissions for ${normalizedMethod} ${normalizedPath}`,
|
|
636
|
+
details: { requiredFeatures, operationId: endpoint.operationId }
|
|
637
|
+
};
|
|
638
|
+
}
|
|
639
|
+
if (isUnsafeHttpMethod(normalizedMethod)) {
|
|
640
|
+
return {
|
|
641
|
+
allowed: false,
|
|
642
|
+
statusCode: 403,
|
|
643
|
+
error: `Code Mode cannot call mutation endpoint without declared required features: ${normalizedMethod} ${normalizedPath}`,
|
|
644
|
+
details: { operationId: endpoint.operationId }
|
|
645
|
+
};
|
|
646
|
+
}
|
|
647
|
+
return { allowed: true, endpoint };
|
|
648
|
+
}
|
|
649
|
+
function resolveRbacService(ctx) {
|
|
650
|
+
try {
|
|
651
|
+
return ctx.container.resolve("rbacService");
|
|
652
|
+
} catch {
|
|
653
|
+
return void 0;
|
|
654
|
+
}
|
|
655
|
+
}
|
|
656
|
+
async function findCodeModeApiEndpoint(method, path) {
|
|
657
|
+
const endpoints = await getApiEndpoints();
|
|
658
|
+
const exactMatch = endpoints.find((endpoint) => endpoint.method === method && endpoint.path === path);
|
|
659
|
+
if (exactMatch) {
|
|
660
|
+
return exactMatch;
|
|
661
|
+
}
|
|
662
|
+
return endpoints.find((endpoint) => endpoint.method === method && matchApiEndpointPath(endpoint.path, path)) ?? null;
|
|
663
|
+
}
|
|
664
|
+
function matchApiEndpointPath(endpointPath, requestPath) {
|
|
665
|
+
const normalizedEndpointPath = normalizeApiRequestPath(endpointPath);
|
|
666
|
+
const normalizedRequestPath = normalizeApiRequestPath(requestPath);
|
|
667
|
+
if (normalizedEndpointPath === normalizedRequestPath) {
|
|
668
|
+
return true;
|
|
669
|
+
}
|
|
670
|
+
const endpointSegments = normalizedEndpointPath.split("/").filter(Boolean);
|
|
671
|
+
const requestSegments = normalizedRequestPath.split("/").filter(Boolean);
|
|
672
|
+
if (endpointSegments.length !== requestSegments.length) {
|
|
673
|
+
return false;
|
|
674
|
+
}
|
|
675
|
+
return endpointSegments.every((segment, index) => {
|
|
676
|
+
if (isPathParameterSegment(segment)) {
|
|
677
|
+
return requestSegments[index].length > 0;
|
|
678
|
+
}
|
|
679
|
+
return segment === requestSegments[index];
|
|
680
|
+
});
|
|
681
|
+
}
|
|
682
|
+
function normalizeApiRequestPath(path) {
|
|
683
|
+
const [rawPath] = path.split("?");
|
|
684
|
+
const normalizedPath = rawPath.startsWith("/api") ? rawPath : `/api${rawPath.startsWith("/") ? rawPath : `/${rawPath}`}`;
|
|
685
|
+
if (normalizedPath.length > 1 && normalizedPath.endsWith("/")) {
|
|
686
|
+
return normalizedPath.slice(0, -1);
|
|
687
|
+
}
|
|
688
|
+
return normalizedPath;
|
|
689
|
+
}
|
|
690
|
+
function isPathParameterSegment(segment) {
|
|
691
|
+
return segment.startsWith("{") && segment.endsWith("}") || segment.startsWith("[") && segment.endsWith("]") || segment.startsWith(":");
|
|
692
|
+
}
|
|
693
|
+
function isUnsafeHttpMethod(method) {
|
|
694
|
+
return !["GET", "HEAD", "OPTIONS"].includes(method.toUpperCase());
|
|
695
|
+
}
|
|
600
696
|
function tryParseJson(text) {
|
|
601
697
|
try {
|
|
602
698
|
return JSON.parse(text);
|
|
@@ -605,6 +701,9 @@ function tryParseJson(text) {
|
|
|
605
701
|
}
|
|
606
702
|
}
|
|
607
703
|
export {
|
|
608
|
-
|
|
704
|
+
CODE_MODE_REQUIRED_FEATURES,
|
|
705
|
+
authorizeCodeModeApiRequest,
|
|
706
|
+
loadCodeModeTools,
|
|
707
|
+
matchApiEndpointPath
|
|
609
708
|
};
|
|
610
709
|
//# sourceMappingURL=codemode-tools.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/modules/ai_assistant/lib/codemode-tools.ts"],
|
|
4
|
-
"sourcesContent": ["/**\n * Code Mode Tools\n *\n * Two meta-tools that replace all individual API/schema/module tools:\n * - search: Query the OpenAPI spec + entity graph programmatically\n * - execute: Make API calls via a sandboxed api.request() wrapper\n *\n * The AI writes JavaScript that runs in a node:vm sandbox with injected globals.\n */\n\nimport { z } from 'zod'\nimport { registerMcpTool } from './tool-registry'\nimport type { McpToolContext } from './types'\nimport { createSandbox } from './sandbox'\nimport { truncateResult } from './truncate'\nimport { getRawOpenApiSpec } from './api-endpoint-index'\nimport {\n getCachedEntityGraph,\n inferModuleFromEntity,\n type EntityGraph,\n} from './entity-graph'\nimport {\n lookupSearchCache,\n storeSearchResult,\n buildMemoryContext,\n buildSearchLabel,\n incrementToolCallCount,\n} from './session-memory'\n\n/**\n * Cached spec object combining OpenAPI paths + entity schemas.\n */\nlet cachedCodeModeSpec: Record<string, unknown> | null = null\n\n/**\n * Cached TypeScript type stubs for common CRUD endpoints.\n * Generated once at startup from the OpenAPI spec.\n */\nlet cachedCommonTypes: string | null = null\n\n/**\n * Build the merged spec object for the search tool.\n */\nasync function getCodeModeSpec(): Promise<Record<string, unknown>> {\n if (cachedCodeModeSpec) return cachedCodeModeSpec\n\n const rawSpec = await getRawOpenApiSpec()\n const graph = getCachedEntityGraph()\n\n const paths = (rawSpec?.paths ?? {}) as Record<string, Record<string, unknown>>\n const entitySchemas = graph ? buildEntitySchemas(graph) : []\n\n const spec: Record<string, unknown> = {\n paths,\n info: rawSpec?.info,\n components: rawSpec?.components,\n entitySchemas,\n }\n\n // --- Helper functions injected into sandbox ---\n\n /**\n * spec.findEndpoints(keyword) \u2014 find all endpoints matching a keyword.\n * Returns compact list: [{ path, methods }]\n */\n spec.findEndpoints = (keyword: string) => {\n const kw = keyword.toLowerCase()\n return Object.entries(paths)\n .filter(([path]) => path.toLowerCase().includes(kw))\n .map(([path, methods]) => ({\n path,\n methods: Object.keys(methods).filter((m) => m !== 'parameters'),\n }))\n }\n\n /**\n * spec.describeEndpoint(path, method) \u2014 compact endpoint profile with working example.\n * Returns: { path, method, summary, requiredFields, optionalFields, nestedCollections, example, relatedEndpoints, relatedEntity }\n * For full schema access, use: spec.paths[path][method].requestBody\n */\n spec.describeEndpoint = (path: string, method: string) => {\n const pathObj = paths[path] as Record<string, unknown> | undefined\n if (!pathObj) return null\n\n const endpoint = pathObj[method.toLowerCase()] as Record<string, unknown> | undefined\n if (!endpoint) return null\n\n // Extract requestBody JSON Schema\n const bodySchema = extractRequestBodySchema(endpoint)\n const bodyProps = (bodySchema?.properties ?? {}) as Record<string, Record<string, unknown>>\n const bodyRequired = (bodySchema?.required ?? []) as string[]\n\n // Split fields into required (with types) vs optional (names only)\n const requiredFields: Array<{ name: string; type: string; format?: string }> = []\n const optionalFields: string[] = []\n const nestedCollections: Array<{\n field: string\n type: string\n requiredFields: Array<{ name: string; type: string }>\n commonFields: string[]\n }> = []\n\n for (const [name, prop] of Object.entries(bodyProps)) {\n const propType = (prop.type as string) || 'string'\n\n // Detect nested array collections (e.g. lines, items, addresses)\n if (propType === 'array' && prop.items && (prop.items as Record<string, unknown>).type === 'object') {\n const itemSchema = prop.items as Record<string, unknown>\n const itemProps = (itemSchema.properties ?? {}) as Record<string, Record<string, unknown>>\n const itemRequired = (itemSchema.required ?? []) as string[]\n\n const nestedRequired = itemRequired.map((n) => ({\n name: n,\n type: ((itemProps[n]?.type as string) || 'string'),\n }))\n\n // Common fields: first few non-required fields that are likely user-provided\n const nestedOptional = Object.keys(itemProps).filter((n) => !itemRequired.includes(n))\n const commonFields = nestedOptional.slice(0, 6)\n\n nestedCollections.push({\n field: name,\n type: 'array',\n requiredFields: nestedRequired,\n commonFields,\n })\n continue\n }\n\n if (bodyRequired.includes(name)) {\n const field: { name: string; type: string; format?: string } = { name, type: propType }\n if (prop.format) field.format = prop.format as string\n requiredFields.push(field)\n } else {\n optionalFields.push(name)\n }\n }\n\n // Generate minimal working example from required fields + nested collections\n const example: Record<string, unknown> = {}\n for (const field of requiredFields) {\n example[field.name] = generatePlaceholder(field.type, field.format)\n }\n for (const collection of nestedCollections) {\n const itemExample: Record<string, unknown> = {}\n for (const field of collection.requiredFields) {\n itemExample[field.name] = generatePlaceholder(field.type)\n }\n // Add first 2 common fields to the example\n for (const name of collection.commonFields.slice(0, 2)) {\n itemExample[name] = '<value>'\n }\n example[collection.field] = [itemExample]\n }\n\n // Find related endpoints sharing the same module prefix\n const segments = path.replace('/api/', '').split('/')\n const moduleSegment = segments[0]\n const resourceName = segments[1] || segments[0]\n const modulePrefix = `/api/${moduleSegment}/`\n const relatedEndpoints = Object.entries(paths)\n .filter(([p]) => p.startsWith(modulePrefix) && p !== path && !p.includes('{'))\n .map(([p, methods]) => ({\n path: p,\n methods: Object.keys(methods as Record<string, unknown>).filter((m) => m !== 'parameters'),\n }))\n .slice(0, 8)\n\n // Compact entity: className + relationship summary\n const resourceNorm = resourceName.replace(/-/g, '_')\n const resourceSingular = resourceNorm.endsWith('s') ? resourceNorm.slice(0, -1) : resourceNorm\n const moduleSingular = moduleSegment.endsWith('s') ? moduleSegment.slice(0, -1) : moduleSegment\n const prefixedTable = `${moduleSingular}_${resourceNorm}`\n\n const entity = entitySchemas.find((e: Record<string, unknown>) => {\n const table = ((e.tableName as string) || '').toLowerCase()\n const cls = ((e.className as string) || '').toLowerCase()\n const mod = ((e.module as string) || '').toLowerCase()\n if (table === resourceNorm || table === prefixedTable) return true\n if (cls.includes(moduleSingular) && cls.includes(resourceSingular)) return true\n if (mod === moduleSegment && cls.includes(resourceSingular)) return true\n if (cls === resourceSingular || cls.includes(resourceSingular)) return true\n return false\n }) || null\n\n let relatedEntity: string | null = null\n if (entity) {\n const ent = entity as Record<string, unknown>\n const rels = (ent.relationships as Array<{ relationship: string; target: string }>) || []\n const relSummary = rels.map((r) => `${r.relationship}: ${r.target}`).join(', ')\n relatedEntity = `${ent.className}${relSummary ? ` (${relSummary})` : ''}`\n }\n\n // GET endpoints: include query parameters compactly\n const parameters = method.toLowerCase() === 'get'\n ? (endpoint.parameters as Array<Record<string, unknown>> || [])\n .filter((p) => p.in === 'query')\n .map((p) => p.name as string)\n : undefined\n\n return {\n path,\n method: method.toUpperCase(),\n summary: endpoint.summary || endpoint.description,\n ...(parameters && parameters.length > 0 ? { queryParams: parameters } : {}),\n ...(requiredFields.length > 0 ? { requiredFields } : {}),\n ...(optionalFields.length > 0 ? { optionalFields } : {}),\n ...(nestedCollections.length > 0 ? { nestedCollections } : {}),\n ...(Object.keys(example).length > 0 ? { example } : {}),\n ...(relatedEndpoints.length > 0 ? { relatedEndpoints } : {}),\n relatedEntity,\n }\n }\n\n /**\n * spec.describeEntity(keyword) \u2014 find entity by keyword and return its full schema.\n * Returns: { className, tableName, module, fields, relationships }\n */\n spec.describeEntity = (keyword: string) => {\n const kw = keyword.toLowerCase()\n return entitySchemas.find((e: Record<string, unknown>) => {\n const cls = (e.className as string || '').toLowerCase()\n const table = (e.tableName as string || '').toLowerCase()\n return cls.includes(kw) || table.includes(kw)\n }) || null\n }\n\n cachedCodeModeSpec = spec\n return spec\n}\n\n/**\n * Extract the JSON Schema from an OpenAPI endpoint's requestBody.\n * Handles the common `content['application/json'].schema` path.\n */\nfunction extractRequestBodySchema(\n endpoint: Record<string, unknown>\n): Record<string, unknown> | null {\n const requestBody = endpoint.requestBody as Record<string, unknown> | undefined\n if (!requestBody) return null\n\n const content = requestBody.content as Record<string, Record<string, unknown>> | undefined\n if (!content) return null\n\n const jsonContent = content['application/json']\n if (!jsonContent) return null\n\n return (jsonContent.schema as Record<string, unknown>) || null\n}\n\n/**\n * Generate a placeholder value for a given JSON Schema type.\n */\nfunction generatePlaceholder(type: string, format?: string): unknown {\n if (format === 'uuid' || format === 'objectId') return '<uuid>'\n if (format === 'date-time' || format === 'date') return '<date>'\n if (format === 'email') return '<email>'\n switch (type) {\n case 'string': return '<string>'\n case 'number':\n case 'integer': return 0\n case 'boolean': return false\n case 'array': return []\n default: return '<value>'\n }\n}\n\n/**\n * Common CRUD endpoints to pre-generate types for.\n * These are the endpoints the agent uses most and where debug spirals happen.\n */\nconst COMMON_ENDPOINTS: Array<{ path: string; method: string; typeName: string }> = [\n { path: '/api/sales/quotes', method: 'post', typeName: 'CreateQuote' },\n { path: '/api/sales/orders', method: 'post', typeName: 'CreateOrder' },\n { path: '/api/sales/invoices', method: 'post', typeName: 'CreateInvoice' },\n { path: '/api/customers/companies', method: 'post', typeName: 'CreateCompany' },\n { path: '/api/customers/people', method: 'post', typeName: 'CreatePerson' },\n { path: '/api/customers/deals', method: 'post', typeName: 'CreateDeal' },\n { path: '/api/catalog/products', method: 'post', typeName: 'CreateProduct' },\n { path: '/api/customers/companies', method: 'put', typeName: 'UpdateCompany' },\n { path: '/api/customers/people', method: 'put', typeName: 'UpdatePerson' },\n { path: '/api/sales/quotes', method: 'put', typeName: 'UpdateQuote' },\n]\n\n/**\n * Generate TypeScript-like type stubs from the OpenAPI spec for common endpoints.\n * This runs once at startup and injects types into the execute tool description\n * so the LLM sees the correct payload shape without needing to call describeEndpoint.\n */\nasync function generateCommonTypes(): Promise<string> {\n if (cachedCommonTypes) return cachedCommonTypes\n\n const rawSpec = await getRawOpenApiSpec()\n if (!rawSpec?.paths) {\n cachedCommonTypes = ''\n return ''\n }\n\n const paths = rawSpec.paths as Record<string, Record<string, unknown>>\n const typeLines: string[] = ['Available types for api.request() body:\\n']\n\n for (const { path, method, typeName } of COMMON_ENDPOINTS) {\n const pathObj = paths[path] as Record<string, unknown> | undefined\n if (!pathObj) continue\n\n const endpoint = pathObj[method] as Record<string, unknown> | undefined\n if (!endpoint) continue\n\n const bodySchema = extractRequestBodySchema(endpoint)\n if (!bodySchema?.properties) continue\n\n const typeStr = schemaToTypeString(\n typeName,\n bodySchema,\n `${method.toUpperCase()} ${path}`,\n )\n if (typeStr) typeLines.push(typeStr)\n }\n\n if (typeLines.length <= 1) {\n cachedCommonTypes = ''\n return ''\n }\n\n cachedCommonTypes = typeLines.join('\\n')\n console.error(`[Code Mode] Generated ${typeLines.length - 1} common type stubs`)\n return cachedCommonTypes\n}\n\n/**\n * Convert a JSON Schema object to a compact TypeScript-like type string.\n * Produces a single-line or multi-line type declaration the LLM can use directly.\n */\nfunction schemaToTypeString(\n typeName: string,\n schema: Record<string, unknown>,\n comment: string,\n): string | null {\n const props = schema.properties as Record<string, Record<string, unknown>> | undefined\n if (!props) return null\n\n const required = new Set((schema.required as string[]) || [])\n\n // Skip internal fields that the sandbox injects automatically\n const skipFields = new Set(['tenantId', 'organizationId'])\n\n const fields: string[] = []\n const nestedTypes: string[] = []\n\n for (const [name, prop] of Object.entries(props)) {\n if (skipFields.has(name)) continue\n if (!prop || typeof prop !== 'object') continue\n\n const isRequired = required.has(name)\n const optMark = isRequired ? '' : '?'\n\n // Detect nested array of objects \u2192 extract as separate type\n if (\n prop.type === 'array' &&\n prop.items &&\n (prop.items as Record<string, unknown>).type === 'object'\n ) {\n const itemTypeName = `${typeName}${capitalize(singularize(name))}`\n const itemSchema = prop.items as Record<string, unknown>\n const nestedType = schemaToTypeString(itemTypeName, itemSchema, '')\n if (nestedType) nestedTypes.push(nestedType)\n fields.push(`${name}${optMark}: ${itemTypeName}[]`)\n continue\n }\n\n const propType = resolvePropertyType(prop)\n fields.push(`${name}${optMark}: ${propType}`)\n }\n\n if (fields.length === 0) return null\n\n const commentLine = comment ? `// ${comment}\\n` : ''\n const nested = nestedTypes.length > 0 ? nestedTypes.join('\\n') + '\\n' : ''\n return `${nested}${commentLine}type ${typeName} = { ${fields.join('; ')} }`\n}\n\n/**\n * Resolve a JSON Schema property to a compact TypeScript type string.\n */\nfunction resolvePropertyType(prop: Record<string, unknown>): string {\n // Handle anyOf (nullable types)\n if (prop.anyOf && Array.isArray(prop.anyOf)) {\n const variants = (prop.anyOf as Array<Record<string, unknown> | null>).filter(\n (s): s is Record<string, unknown> => s != null,\n )\n const nonNull = variants.filter((s) => s.type !== 'null')\n if (nonNull.length === 1) {\n return resolvePropertyType(nonNull[0]) + ' | null'\n }\n if (nonNull.length > 1) {\n return nonNull.map((s) => resolvePropertyType(s)).join(' | ')\n }\n }\n\n // Handle enum\n if (prop.enum && Array.isArray(prop.enum)) {\n return (prop.enum as string[]).map((v) => `'${v}'`).join(' | ')\n }\n\n const type = prop.type as string\n const format = prop.format as string | undefined\n\n if (type === 'array') {\n const items = prop.items as Record<string, unknown> | undefined\n if (items) return `${resolvePropertyType(items)}[]`\n return 'unknown[]'\n }\n\n if (type === 'object') return 'object'\n\n if (format === 'uuid') return 'string /*uuid*/'\n if (format === 'date-time') return 'string /*ISO date*/'\n if (format === 'date') return 'string /*date*/'\n if (format === 'email') return 'string /*email*/'\n\n switch (type) {\n case 'string': return 'string'\n case 'number':\n case 'integer': return 'number'\n case 'boolean': return 'boolean'\n default: return 'unknown'\n }\n}\n\nfunction capitalize(s: string): string {\n return s.charAt(0).toUpperCase() + s.slice(1)\n}\n\nfunction singularize(s: string): string {\n if (s.endsWith('ies')) return s.slice(0, -3) + 'y'\n if (s.endsWith('ses')) return s.slice(0, -2)\n if (s.endsWith('s') && !s.endsWith('ss')) return s.slice(0, -1)\n return s\n}\n\n/**\n * Format a 400 API error response into a human-readable fix instruction.\n * Parses Zod-style validation errors and produces a concise message the LLM can act on.\n */\nfunction formatValidationError(data: unknown): string {\n if (!data || typeof data !== 'object') {\n return `Validation error: ${JSON.stringify(data)}`\n }\n\n // Raw Zod v4 array format: [{ expected, code, path, message }]\n if (Array.isArray(data)) {\n const issues = data as Array<Record<string, unknown>>\n const parts = issues.slice(0, 5).map((issue) => {\n const path = Array.isArray(issue.path) ? issue.path.join('.') : ''\n const msg = issue.message as string || `expected ${issue.expected}` || issue.code as string || 'invalid'\n return path ? `${path}: ${msg}` : msg\n })\n if (parts.length > 0) {\n return `Validation failed \u2014 ${parts.join('; ')}. Fix the listed fields and retry.`\n }\n }\n\n const obj = data as Record<string, unknown>\n\n // Zod v4 flat format: { fieldErrors: { field: [messages] }, formErrors: [messages] }\n if (obj.fieldErrors && typeof obj.fieldErrors === 'object') {\n const fieldErrors = obj.fieldErrors as Record<string, string[]>\n const parts: string[] = []\n for (const [field, messages] of Object.entries(fieldErrors)) {\n if (Array.isArray(messages) && messages.length > 0) {\n parts.push(`${field}: ${messages[0]}`)\n }\n }\n const formErrors = obj.formErrors as string[] | undefined\n if (Array.isArray(formErrors) && formErrors.length > 0) {\n parts.push(formErrors[0])\n }\n if (parts.length > 0) {\n return `Validation failed \u2014 ${parts.join('; ')}. Fix the listed fields and retry.`\n }\n }\n\n // Zod v3 format: { issues: [{ path: [...], message, code }] }\n if (obj.issues && Array.isArray(obj.issues)) {\n const issues = obj.issues as Array<Record<string, unknown>>\n const parts = issues.slice(0, 5).map((issue) => {\n const path = Array.isArray(issue.path) ? issue.path.join('.') : ''\n const msg = issue.message as string || issue.code as string || 'invalid'\n return path ? `${path}: ${msg}` : msg\n })\n return `Validation failed \u2014 ${parts.join('; ')}. Fix the listed fields and retry.`\n }\n\n // Our API error format: { error: string, details: ... }\n if (obj.error && typeof obj.error === 'string') {\n const details = obj.details\n if (details && typeof details === 'object') {\n return formatValidationError(details)\n }\n return obj.error\n }\n\n // Generic: { message: string }\n if (obj.message && typeof obj.message === 'string') {\n return obj.message\n }\n\n // Fallback: compact JSON\n const json = JSON.stringify(data)\n if (json.length > 500) {\n return `Validation error (truncated): ${json.slice(0, 500)}...`\n }\n return `Validation error: ${json}`\n}\n\n/**\n * Build entity schema array from the entity graph.\n * Same structure as buildEntityResult in entity-graph-tools.ts.\n */\nfunction buildEntitySchemas(graph: EntityGraph) {\n return graph.nodes.map((node) => {\n const relationships = graph.edges\n .filter((edge) => edge.source === node.className)\n .map((edge) => ({\n relationship: edge.relationship,\n target: edge.target,\n property: edge.property,\n nullable: edge.nullable,\n }))\n\n return {\n className: node.className,\n tableName: node.tableName,\n module: inferModuleFromEntity(node.className, node.tableName),\n fields: node.properties,\n relationships,\n }\n })\n}\n\n/**\n * Detect mutation HTTP methods in code via static analysis.\n * Returns which methods were found (POST, PUT, PATCH, DELETE).\n */\nfunction detectMutationInCode(code: string): { hasMutation: boolean; methods: string[] } {\n const methods: string[] = []\n const pattern = /method:\\s*['\"](\\w+)['\"]/gi\n let match\n while ((match = pattern.exec(code)) !== null) {\n const method = match[1].toUpperCase()\n if (['POST', 'PUT', 'PATCH', 'DELETE'].includes(method)) {\n methods.push(method)\n }\n }\n return { hasMutation: methods.length > 0, methods }\n}\n\n/**\n * Load and register the two Code Mode tools.\n * Generates TypeScript type stubs for common endpoints at startup.\n * @returns Number of tools registered (always 2)\n */\nexport async function loadCodeModeTools(): Promise<number> {\n const commonTypes = await generateCommonTypes()\n registerSearchTool()\n registerExecuteTool(commonTypes)\n return 2\n}\n\n/**\n * search \u2014 Query the OpenAPI spec and entity graph programmatically.\n */\nfunction registerSearchTool(): void {\n registerMcpTool(\n {\n name: 'search',\n description: `Query the OpenAPI spec and entity schemas. READ-ONLY, no side effects.\nGlobals: spec.findEndpoints(keyword), spec.describeEndpoint(path, method), spec.describeEntity(keyword), spec.paths, spec.entitySchemas.\nUse BEFORE execute to learn endpoint schemas for CREATE/UPDATE. Skip for common paths (companies, people, orders, quotes, products).`,\n inputSchema: z.object({\n code: z\n .string()\n .describe(\n 'An async arrow function that queries spec, e.g. async () => spec.paths[\"/api/customers/companies\"]'\n ),\n }),\n requiredFeatures: [],\n handler: async (input: { code: string }, ctx: McpToolContext) => {\n const codePreview = input.code.slice(0, 120).replace(/\\n/g, ' ')\n console.error(`[AI Usage] search: code=\"${codePreview}${input.code.length > 120 ? '...' : ''}\"`)\n\n // Check session memory for cached result\n if (ctx.sessionId) {\n const cached = lookupSearchCache(ctx.sessionId, input.code)\n if (cached) {\n console.error(`[AI Usage] search: CACHE HIT (label=\"${cached.label}\")`)\n const memoryContext = buildMemoryContext(ctx.sessionId)\n return {\n success: true,\n result: cached.result,\n fromCache: true,\n _memoryContext: memoryContext,\n }\n }\n\n // Enforce tool call limit\n const { count, exceeded } = incrementToolCallCount(ctx.sessionId)\n if (exceeded) {\n console.error(`[AI Usage] search: TOOL CALL LIMIT EXCEEDED (count=${count})`)\n return {\n success: false,\n error: 'Tool call limit exceeded. Summarize what you know and respond to the user.',\n }\n }\n }\n\n const spec = await getCodeModeSpec()\n const sandbox = createSandbox({ spec })\n const result = await sandbox.execute(input.code)\n\n if (result.error) {\n console.error(`[AI Usage] search: ERROR in ${result.durationMs}ms \u2014 ${result.error}`)\n return {\n success: false,\n error: result.error,\n logs: result.logs,\n durationMs: result.durationMs,\n }\n }\n\n const truncated = truncateResult(result.result)\n console.error(`[AI Usage] search: OK in ${result.durationMs}ms \u2014 ${truncated.length} chars`)\n\n // Store in session memory\n if (ctx.sessionId) {\n const label = buildSearchLabel(input.code)\n storeSearchResult(ctx.sessionId, input.code, truncated, label)\n }\n\n const memoryContext = ctx.sessionId ? buildMemoryContext(ctx.sessionId) : undefined\n return {\n success: true,\n result: truncated,\n logs: result.logs,\n durationMs: result.durationMs,\n _memoryContext: memoryContext,\n }\n },\n },\n { moduleId: 'codemode' }\n )\n}\n\n/**\n * execute \u2014 Run JavaScript that can make API calls via api.request().\n */\nfunction registerExecuteTool(commonTypes: string): void {\n const typesBlock = commonTypes\n ? `\\n\\n${commonTypes}`\n : ''\n\n registerMcpTool(\n {\n name: 'execute',\n description: `Make API calls. Returns JSON.\nGlobals: api.request({ method, path, query?, body? }) \u2192 { success, statusCode, data }, context { tenantId, organizationId, userId }.\nRULES: For FIND/LIST \u2192 GET only (1 call). For UPDATE \u2192 PUT to collection path with id in BODY. NEVER PUT/POST/DELETE unless user explicitly asked to change data. Before ANY write operation (POST/PUT/DELETE), you MUST use the AskUserQuestion tool to get explicit user confirmation. Do NOT just ask in text \u2014 use the tool so execution pauses until the user responds.${typesBlock}`,\n inputSchema: z.object({\n code: z\n .string()\n .describe(\n 'Async arrow function. For reads: async () => api.request({ method: \"GET\", path: \"/api/customers/companies\" }). For updates: async () => api.request({ method: \"PUT\", path: \"/api/customers/companies\", body: { id: \"<uuid>\", name: \"New Name\" } }). id goes in BODY not URL.'\n ),\n }),\n requiredFeatures: [], // ACL checked at API level\n handler: async (input: { code: string }, ctx: McpToolContext) => {\n const codePreview = input.code.slice(0, 120).replace(/\\n/g, ' ')\n console.error(`[AI Usage] execute: code=\"${codePreview}${input.code.length > 120 ? '...' : ''}\" user=${ctx.userId || 'unknown'}`)\n\n // Enforce tool call limit\n if (ctx.sessionId) {\n const { count, exceeded } = incrementToolCallCount(ctx.sessionId)\n if (exceeded) {\n console.error(`[AI Usage] execute: TOOL CALL LIMIT EXCEEDED (count=${count})`)\n return {\n success: false,\n error: 'Tool call limit exceeded. Summarize what you know and respond to the user.',\n }\n }\n }\n\n // Detect mutations via static analysis \u2014 cap API calls for safety\n const mutationInfo = detectMutationInCode(input.code)\n const maxApiCalls = mutationInfo.hasMutation ? 20 : 50\n if (mutationInfo.hasMutation) {\n console.error(`[AI Usage] execute: MUTATION DETECTED (${mutationInfo.methods.join(',')}) \u2014 capping API calls to ${maxApiCalls}`)\n }\n let apiCallCount = 0\n\n const apiRequestFn = createApiRequestFn(ctx, () => {\n apiCallCount++\n if (apiCallCount > maxApiCalls) {\n throw new Error(`API call limit exceeded (max ${maxApiCalls})`)\n }\n })\n\n const context = {\n tenantId: ctx.tenantId,\n organizationId: ctx.organizationId,\n userId: ctx.userId,\n }\n\n const sandbox = createSandbox(\n { api: { request: apiRequestFn }, context },\n { maxApiCalls }\n )\n\n const result = await sandbox.execute(input.code)\n\n if (result.error) {\n console.error(`[AI Usage] execute: ERROR in ${result.durationMs}ms \u2014 apiCalls=${apiCallCount} \u2014 ${result.error}`)\n return {\n success: false,\n error: result.error,\n logs: result.logs,\n durationMs: result.durationMs,\n apiCallCount,\n }\n }\n\n const truncated = truncateResult(result.result)\n console.error(`[AI Usage] execute: OK in ${result.durationMs}ms \u2014 apiCalls=${apiCallCount} \u2014 ${truncated.length} chars`)\n\n const memoryContext = ctx.sessionId ? buildMemoryContext(ctx.sessionId) : undefined\n return {\n success: true,\n result: truncated,\n logs: result.logs,\n durationMs: result.durationMs,\n apiCallCount,\n _memoryContext: memoryContext,\n }\n },\n },\n { moduleId: 'codemode' }\n )\n}\n\n/**\n * Create the api.request() function for the execute sandbox.\n * Replicates the authenticated API call logic from api-discovery-tools.ts.\n */\nfunction createApiRequestFn(\n ctx: McpToolContext,\n onCall: () => void\n): (params: {\n method: string\n path: string\n query?: Record<string, string>\n body?: Record<string, unknown>\n}) => Promise<unknown> {\n const baseUrl =\n process.env.NEXT_PUBLIC_API_BASE_URL ||\n process.env.NEXT_PUBLIC_APP_URL ||\n process.env.APP_URL ||\n 'http://localhost:3000'\n\n return async (params) => {\n onCall()\n\n const { method, path, query, body } = params\n const callStart = Date.now()\n\n // Ensure path starts with /api\n const apiPath = path.startsWith('/api') ? path : `/api${path}`\n let url = `${baseUrl}${apiPath}`\n\n // Build query parameters\n const queryParams: Record<string, string> = { ...query }\n\n if (method === 'GET') {\n if (ctx.tenantId) queryParams.tenantId = ctx.tenantId\n if (ctx.organizationId) queryParams.organizationId = ctx.organizationId\n }\n\n if (Object.keys(queryParams).length > 0) {\n const separator = url.includes('?') ? '&' : '?'\n url += separator + new URLSearchParams(queryParams).toString()\n }\n\n // Build request body with context injection\n let requestBody: Record<string, unknown> | undefined\n if (['POST', 'PUT', 'PATCH'].includes(method.toUpperCase())) {\n requestBody = { ...body }\n if (ctx.tenantId) requestBody.tenantId = ctx.tenantId\n if (ctx.organizationId) requestBody.organizationId = ctx.organizationId\n }\n\n // Build headers\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n }\n if (ctx.apiKeySecret) headers['X-API-Key'] = ctx.apiKeySecret\n if (ctx.tenantId) headers['X-Tenant-Id'] = ctx.tenantId\n if (ctx.organizationId) headers['X-Organization-Id'] = ctx.organizationId\n\n // Execute request using host fetch (not sandbox)\n const response = await globalThis.fetch(url, {\n method: method.toUpperCase(),\n headers,\n body: requestBody ? JSON.stringify(requestBody) : undefined,\n })\n\n const responseText = await response.text()\n const data = tryParseJson(responseText)\n const callDuration = Date.now() - callStart\n\n if (!response.ok) {\n console.error(`[AI Usage] api.request: ${method.toUpperCase()} ${apiPath} \u2192 ${response.status} in ${callDuration}ms`)\n\n // Format 400 validation errors into a clear fix instruction for the LLM\n if (response.status === 400) {\n return {\n success: false,\n statusCode: 400,\n error: formatValidationError(data),\n }\n }\n\n return {\n success: false,\n statusCode: response.status,\n error: `API error ${response.status}`,\n details: data,\n }\n }\n\n console.error(`[AI Usage] api.request: ${method.toUpperCase()} ${apiPath} \u2192 ${response.status} in ${callDuration}ms (${responseText.length} bytes)`)\n\n // Add mutation warning for non-GET calls\n if (!['GET', 'HEAD', 'OPTIONS'].includes(method.toUpperCase())) {\n return {\n success: true,\n statusCode: response.status,\n data,\n _note: 'WRITE operation performed. Only do writes when user explicitly requested data modification.',\n }\n }\n\n return {\n success: true,\n statusCode: response.status,\n data,\n }\n }\n}\n\nfunction tryParseJson(text: string): unknown {\n try {\n return JSON.parse(text)\n } catch {\n return text\n }\n}\n"],
|
|
5
|
-
"mappings": "AAUA,SAAS,SAAS;AAClB,SAAS,uBAAuB;AAEhC,SAAS,qBAAqB;AAC9B,SAAS,sBAAsB;AAC/B,SAAS,yBAAyB;AAClC;AAAA,EACE;AAAA,EACA;AAAA,OAEK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAKP,IAAI,qBAAqD;AAMzD,IAAI,oBAAmC;AAKvC,eAAe,kBAAoD;AACjE,MAAI,mBAAoB,QAAO;AAE/B,QAAM,UAAU,MAAM,kBAAkB;AACxC,QAAM,QAAQ,qBAAqB;AAEnC,QAAM,QAAS,SAAS,SAAS,CAAC;AAClC,QAAM,gBAAgB,QAAQ,mBAAmB,KAAK,IAAI,CAAC;AAE3D,QAAM,OAAgC;AAAA,IACpC;AAAA,IACA,MAAM,SAAS;AAAA,IACf,YAAY,SAAS;AAAA,IACrB;AAAA,EACF;AAQA,OAAK,gBAAgB,CAAC,YAAoB;AACxC,UAAM,KAAK,QAAQ,YAAY;AAC/B,WAAO,OAAO,QAAQ,KAAK,EACxB,OAAO,CAAC,CAAC,IAAI,MAAM,KAAK,YAAY,EAAE,SAAS,EAAE,CAAC,EAClD,IAAI,CAAC,CAAC,MAAM,OAAO,OAAO;AAAA,MACzB;AAAA,MACA,SAAS,OAAO,KAAK,OAAO,EAAE,OAAO,CAAC,MAAM,MAAM,YAAY;AAAA,IAChE,EAAE;AAAA,EACN;AAOA,OAAK,mBAAmB,CAAC,MAAc,WAAmB;AACxD,UAAM,UAAU,MAAM,IAAI;AAC1B,QAAI,CAAC,QAAS,QAAO;AAErB,UAAM,WAAW,QAAQ,OAAO,YAAY,CAAC;AAC7C,QAAI,CAAC,SAAU,QAAO;AAGtB,UAAM,aAAa,yBAAyB,QAAQ;AACpD,UAAM,YAAa,YAAY,cAAc,CAAC;AAC9C,UAAM,eAAgB,YAAY,YAAY,CAAC;AAG/C,UAAM,iBAAyE,CAAC;AAChF,UAAM,iBAA2B,CAAC;AAClC,UAAM,oBAKD,CAAC;AAEN,eAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,SAAS,GAAG;AACpD,YAAM,WAAY,KAAK,QAAmB;AAG1C,UAAI,aAAa,WAAW,KAAK,SAAU,KAAK,MAAkC,SAAS,UAAU;AACnG,cAAM,aAAa,KAAK;AACxB,cAAM,YAAa,WAAW,cAAc,CAAC;AAC7C,cAAM,eAAgB,WAAW,YAAY,CAAC;AAE9C,cAAM,iBAAiB,aAAa,IAAI,CAAC,OAAO;AAAA,UAC9C,MAAM;AAAA,UACN,MAAQ,UAAU,CAAC,GAAG,QAAmB;AAAA,QAC3C,EAAE;AAGF,cAAM,iBAAiB,OAAO,KAAK,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,aAAa,SAAS,CAAC,CAAC;AACrF,cAAM,eAAe,eAAe,MAAM,GAAG,CAAC;AAE9C,0BAAkB,KAAK;AAAA,UACrB,OAAO;AAAA,UACP,MAAM;AAAA,UACN,gBAAgB;AAAA,UAChB;AAAA,QACF,CAAC;AACD;AAAA,MACF;AAEA,UAAI,aAAa,SAAS,IAAI,GAAG;AAC/B,cAAM,QAAyD,EAAE,MAAM,MAAM,SAAS;AACtF,YAAI,KAAK,OAAQ,OAAM,SAAS,KAAK;AACrC,uBAAe,KAAK,KAAK;AAAA,MAC3B,OAAO;AACL,uBAAe,KAAK,IAAI;AAAA,MAC1B;AAAA,IACF;AAGA,UAAM,UAAmC,CAAC;AAC1C,eAAW,SAAS,gBAAgB;AAClC,cAAQ,MAAM,IAAI,IAAI,oBAAoB,MAAM,MAAM,MAAM,MAAM;AAAA,IACpE;AACA,eAAW,cAAc,mBAAmB;AAC1C,YAAM,cAAuC,CAAC;AAC9C,iBAAW,SAAS,WAAW,gBAAgB;AAC7C,oBAAY,MAAM,IAAI,IAAI,oBAAoB,MAAM,IAAI;AAAA,MAC1D;AAEA,iBAAW,QAAQ,WAAW,aAAa,MAAM,GAAG,CAAC,GAAG;AACtD,oBAAY,IAAI,IAAI;AAAA,MACtB;AACA,cAAQ,WAAW,KAAK,IAAI,CAAC,WAAW;AAAA,IAC1C;AAGA,UAAM,WAAW,KAAK,QAAQ,SAAS,EAAE,EAAE,MAAM,GAAG;AACpD,UAAM,gBAAgB,SAAS,CAAC;AAChC,UAAM,eAAe,SAAS,CAAC,KAAK,SAAS,CAAC;AAC9C,UAAM,eAAe,QAAQ,aAAa;AAC1C,UAAM,mBAAmB,OAAO,QAAQ,KAAK,EAC1C,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,WAAW,YAAY,KAAK,MAAM,QAAQ,CAAC,EAAE,SAAS,GAAG,CAAC,EAC5E,IAAI,CAAC,CAAC,GAAG,OAAO,OAAO;AAAA,MACtB,MAAM;AAAA,MACN,SAAS,OAAO,KAAK,OAAkC,EAAE,OAAO,CAAC,MAAM,MAAM,YAAY;AAAA,IAC3F,EAAE,EACD,MAAM,GAAG,CAAC;AAGb,UAAM,eAAe,aAAa,QAAQ,MAAM,GAAG;AACnD,UAAM,mBAAmB,aAAa,SAAS,GAAG,IAAI,aAAa,MAAM,GAAG,EAAE,IAAI;AAClF,UAAM,iBAAiB,cAAc,SAAS,GAAG,IAAI,cAAc,MAAM,GAAG,EAAE,IAAI;AAClF,UAAM,gBAAgB,GAAG,cAAc,IAAI,YAAY;AAEvD,UAAM,SAAS,cAAc,KAAK,CAAC,MAA+B;AAChE,YAAM,SAAU,EAAE,aAAwB,IAAI,YAAY;AAC1D,YAAM,OAAQ,EAAE,aAAwB,IAAI,YAAY;AACxD,YAAM,OAAQ,EAAE,UAAqB,IAAI,YAAY;AACrD,UAAI,UAAU,gBAAgB,UAAU,cAAe,QAAO;AAC9D,UAAI,IAAI,SAAS,cAAc,KAAK,IAAI,SAAS,gBAAgB,EAAG,QAAO;AAC3E,UAAI,QAAQ,iBAAiB,IAAI,SAAS,gBAAgB,EAAG,QAAO;AACpE,UAAI,QAAQ,oBAAoB,IAAI,SAAS,gBAAgB,EAAG,QAAO;AACvE,aAAO;AAAA,IACT,CAAC,KAAK;AAEN,QAAI,gBAA+B;AACnC,QAAI,QAAQ;AACV,YAAM,MAAM;AACZ,YAAM,OAAQ,IAAI,iBAAqE,CAAC;AACxF,YAAM,aAAa,KAAK,IAAI,CAAC,MAAM,GAAG,EAAE,YAAY,KAAK,EAAE,MAAM,EAAE,EAAE,KAAK,IAAI;AAC9E,sBAAgB,GAAG,IAAI,SAAS,GAAG,aAAa,KAAK,UAAU,MAAM,EAAE;AAAA,IACzE;AAGA,UAAM,aAAa,OAAO,YAAY,MAAM,SACvC,SAAS,cAAgD,CAAC,GACxD,OAAO,CAAC,MAAM,EAAE,OAAO,OAAO,EAC9B,IAAI,CAAC,MAAM,EAAE,IAAc,IAC9B;AAEJ,WAAO;AAAA,MACL;AAAA,MACA,QAAQ,OAAO,YAAY;AAAA,MAC3B,SAAS,SAAS,WAAW,SAAS;AAAA,MACtC,GAAI,cAAc,WAAW,SAAS,IAAI,EAAE,aAAa,WAAW,IAAI,CAAC;AAAA,MACzE,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,MACtD,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,MACtD,GAAI,kBAAkB,SAAS,IAAI,EAAE,kBAAkB,IAAI,CAAC;AAAA,MAC5D,GAAI,OAAO,KAAK,OAAO,EAAE,SAAS,IAAI,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrD,GAAI,iBAAiB,SAAS,IAAI,EAAE,iBAAiB,IAAI,CAAC;AAAA,MAC1D;AAAA,IACF;AAAA,EACF;AAMA,OAAK,iBAAiB,CAAC,YAAoB;AACzC,UAAM,KAAK,QAAQ,YAAY;AAC/B,WAAO,cAAc,KAAK,CAAC,MAA+B;AACxD,YAAM,OAAO,EAAE,aAAuB,IAAI,YAAY;AACtD,YAAM,SAAS,EAAE,aAAuB,IAAI,YAAY;AACxD,aAAO,IAAI,SAAS,EAAE,KAAK,MAAM,SAAS,EAAE;AAAA,IAC9C,CAAC,KAAK;AAAA,EACR;AAEA,uBAAqB;AACrB,SAAO;AACT;AAMA,SAAS,yBACP,UACgC;AAChC,QAAM,cAAc,SAAS;AAC7B,MAAI,CAAC,YAAa,QAAO;AAEzB,QAAM,UAAU,YAAY;AAC5B,MAAI,CAAC,QAAS,QAAO;AAErB,QAAM,cAAc,QAAQ,kBAAkB;AAC9C,MAAI,CAAC,YAAa,QAAO;AAEzB,SAAQ,YAAY,UAAsC;AAC5D;AAKA,SAAS,oBAAoB,MAAc,QAA0B;AACnE,MAAI,WAAW,UAAU,WAAW,WAAY,QAAO;AACvD,MAAI,WAAW,eAAe,WAAW,OAAQ,QAAO;AACxD,MAAI,WAAW,QAAS,QAAO;AAC/B,UAAQ,MAAM;AAAA,IACZ,KAAK;AAAU,aAAO;AAAA,IACtB,KAAK;AAAA,IACL,KAAK;AAAW,aAAO;AAAA,IACvB,KAAK;AAAW,aAAO;AAAA,IACvB,KAAK;AAAS,aAAO,CAAC;AAAA,IACtB;AAAS,aAAO;AAAA,EAClB;AACF;AAMA,MAAM,mBAA8E;AAAA,EAClF,EAAE,MAAM,qBAAqB,QAAQ,QAAQ,UAAU,cAAc;AAAA,EACrE,EAAE,MAAM,qBAAqB,QAAQ,QAAQ,UAAU,cAAc;AAAA,EACrE,EAAE,MAAM,uBAAuB,QAAQ,QAAQ,UAAU,gBAAgB;AAAA,EACzE,EAAE,MAAM,4BAA4B,QAAQ,QAAQ,UAAU,gBAAgB;AAAA,EAC9E,EAAE,MAAM,yBAAyB,QAAQ,QAAQ,UAAU,eAAe;AAAA,EAC1E,EAAE,MAAM,wBAAwB,QAAQ,QAAQ,UAAU,aAAa;AAAA,EACvE,EAAE,MAAM,yBAAyB,QAAQ,QAAQ,UAAU,gBAAgB;AAAA,EAC3E,EAAE,MAAM,4BAA4B,QAAQ,OAAO,UAAU,gBAAgB;AAAA,EAC7E,EAAE,MAAM,yBAAyB,QAAQ,OAAO,UAAU,eAAe;AAAA,EACzE,EAAE,MAAM,qBAAqB,QAAQ,OAAO,UAAU,cAAc;AACtE;AAOA,eAAe,sBAAuC;AACpD,MAAI,kBAAmB,QAAO;AAE9B,QAAM,UAAU,MAAM,kBAAkB;AACxC,MAAI,CAAC,SAAS,OAAO;AACnB,wBAAoB;AACpB,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ,QAAQ;AACtB,QAAM,YAAsB,CAAC,2CAA2C;AAExE,aAAW,EAAE,MAAM,QAAQ,SAAS,KAAK,kBAAkB;AACzD,UAAM,UAAU,MAAM,IAAI;AAC1B,QAAI,CAAC,QAAS;AAEd,UAAM,WAAW,QAAQ,MAAM;AAC/B,QAAI,CAAC,SAAU;AAEf,UAAM,aAAa,yBAAyB,QAAQ;AACpD,QAAI,CAAC,YAAY,WAAY;AAE7B,UAAM,UAAU;AAAA,MACd;AAAA,MACA;AAAA,MACA,GAAG,OAAO,YAAY,CAAC,IAAI,IAAI;AAAA,IACjC;AACA,QAAI,QAAS,WAAU,KAAK,OAAO;AAAA,EACrC;AAEA,MAAI,UAAU,UAAU,GAAG;AACzB,wBAAoB;AACpB,WAAO;AAAA,EACT;AAEA,sBAAoB,UAAU,KAAK,IAAI;AACvC,UAAQ,MAAM,yBAAyB,UAAU,SAAS,CAAC,oBAAoB;AAC/E,SAAO;AACT;AAMA,SAAS,mBACP,UACA,QACA,SACe;AACf,QAAM,QAAQ,OAAO;AACrB,MAAI,CAAC,MAAO,QAAO;AAEnB,QAAM,WAAW,IAAI,IAAK,OAAO,YAAyB,CAAC,CAAC;AAG5D,QAAM,aAAa,oBAAI,IAAI,CAAC,YAAY,gBAAgB,CAAC;AAEzD,QAAM,SAAmB,CAAC;AAC1B,QAAM,cAAwB,CAAC;AAE/B,aAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,KAAK,GAAG;AAChD,QAAI,WAAW,IAAI,IAAI,EAAG;AAC1B,QAAI,CAAC,QAAQ,OAAO,SAAS,SAAU;AAEvC,UAAM,aAAa,SAAS,IAAI,IAAI;AACpC,UAAM,UAAU,aAAa,KAAK;AAGlC,QACE,KAAK,SAAS,WACd,KAAK,SACJ,KAAK,MAAkC,SAAS,UACjD;AACA,YAAM,eAAe,GAAG,QAAQ,GAAG,WAAW,YAAY,IAAI,CAAC,CAAC;AAChE,YAAM,aAAa,KAAK;AACxB,YAAM,aAAa,mBAAmB,cAAc,YAAY,EAAE;AAClE,UAAI,WAAY,aAAY,KAAK,UAAU;AAC3C,aAAO,KAAK,GAAG,IAAI,GAAG,OAAO,KAAK,YAAY,IAAI;AAClD;AAAA,IACF;AAEA,UAAM,WAAW,oBAAoB,IAAI;AACzC,WAAO,KAAK,GAAG,IAAI,GAAG,OAAO,KAAK,QAAQ,EAAE;AAAA,EAC9C;AAEA,MAAI,OAAO,WAAW,EAAG,QAAO;AAEhC,QAAM,cAAc,UAAU,MAAM,OAAO;AAAA,IAAO;AAClD,QAAM,SAAS,YAAY,SAAS,IAAI,YAAY,KAAK,IAAI,IAAI,OAAO;AACxE,SAAO,GAAG,MAAM,GAAG,WAAW,QAAQ,QAAQ,QAAQ,OAAO,KAAK,IAAI,CAAC;AACzE;AAKA,SAAS,oBAAoB,MAAuC;AAElE,MAAI,KAAK,SAAS,MAAM,QAAQ,KAAK,KAAK,GAAG;AAC3C,UAAM,WAAY,KAAK,MAAgD;AAAA,MACrE,CAAC,MAAoC,KAAK;AAAA,IAC5C;AACA,UAAM,UAAU,SAAS,OAAO,CAAC,MAAM,EAAE,SAAS,MAAM;AACxD,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,oBAAoB,QAAQ,CAAC,CAAC,IAAI;AAAA,IAC3C;AACA,QAAI,QAAQ,SAAS,GAAG;AACtB,aAAO,QAAQ,IAAI,CAAC,MAAM,oBAAoB,CAAC,CAAC,EAAE,KAAK,KAAK;AAAA,IAC9D;AAAA,EACF;AAGA,MAAI,KAAK,QAAQ,MAAM,QAAQ,KAAK,IAAI,GAAG;AACzC,WAAQ,KAAK,KAAkB,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,KAAK,KAAK;AAAA,EAChE;AAEA,QAAM,OAAO,KAAK;AAClB,QAAM,SAAS,KAAK;AAEpB,MAAI,SAAS,SAAS;AACpB,UAAM,QAAQ,KAAK;AACnB,QAAI,MAAO,QAAO,GAAG,oBAAoB,KAAK,CAAC;AAC/C,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,SAAU,QAAO;AAE9B,MAAI,WAAW,OAAQ,QAAO;AAC9B,MAAI,WAAW,YAAa,QAAO;AACnC,MAAI,WAAW,OAAQ,QAAO;AAC9B,MAAI,WAAW,QAAS,QAAO;AAE/B,UAAQ,MAAM;AAAA,IACZ,KAAK;AAAU,aAAO;AAAA,IACtB,KAAK;AAAA,IACL,KAAK;AAAW,aAAO;AAAA,IACvB,KAAK;AAAW,aAAO;AAAA,IACvB;AAAS,aAAO;AAAA,EAClB;AACF;AAEA,SAAS,WAAW,GAAmB;AACrC,SAAO,EAAE,OAAO,CAAC,EAAE,YAAY,IAAI,EAAE,MAAM,CAAC;AAC9C;AAEA,SAAS,YAAY,GAAmB;AACtC,MAAI,EAAE,SAAS,KAAK,EAAG,QAAO,EAAE,MAAM,GAAG,EAAE,IAAI;AAC/C,MAAI,EAAE,SAAS,KAAK,EAAG,QAAO,EAAE,MAAM,GAAG,EAAE;AAC3C,MAAI,EAAE,SAAS,GAAG,KAAK,CAAC,EAAE,SAAS,IAAI,EAAG,QAAO,EAAE,MAAM,GAAG,EAAE;AAC9D,SAAO;AACT;AAMA,SAAS,sBAAsB,MAAuB;AACpD,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,WAAO,qBAAqB,KAAK,UAAU,IAAI,CAAC;AAAA,EAClD;AAGA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,UAAM,SAAS;AACf,UAAM,QAAQ,OAAO,MAAM,GAAG,CAAC,EAAE,IAAI,CAAC,UAAU;AAC9C,YAAM,OAAO,MAAM,QAAQ,MAAM,IAAI,IAAI,MAAM,KAAK,KAAK,GAAG,IAAI;AAChE,YAAM,MAAM,MAAM,WAAqB,YAAY,MAAM,QAAQ,MAAM,MAAM,QAAkB;AAC/F,aAAO,OAAO,GAAG,IAAI,KAAK,GAAG,KAAK;AAAA,IACpC,CAAC;AACD,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO,4BAAuB,MAAM,KAAK,IAAI,CAAC;AAAA,IAChD;AAAA,EACF;AAEA,QAAM,MAAM;AAGZ,MAAI,IAAI,eAAe,OAAO,IAAI,gBAAgB,UAAU;AAC1D,UAAM,cAAc,IAAI;AACxB,UAAM,QAAkB,CAAC;AACzB,eAAW,CAAC,OAAO,QAAQ,KAAK,OAAO,QAAQ,WAAW,GAAG;AAC3D,UAAI,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAClD,cAAM,KAAK,GAAG,KAAK,KAAK,SAAS,CAAC,CAAC,EAAE;AAAA,MACvC;AAAA,IACF;AACA,UAAM,aAAa,IAAI;AACvB,QAAI,MAAM,QAAQ,UAAU,KAAK,WAAW,SAAS,GAAG;AACtD,YAAM,KAAK,WAAW,CAAC,CAAC;AAAA,IAC1B;AACA,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO,4BAAuB,MAAM,KAAK,IAAI,CAAC;AAAA,IAChD;AAAA,EACF;AAGA,MAAI,IAAI,UAAU,MAAM,QAAQ,IAAI,MAAM,GAAG;AAC3C,UAAM,SAAS,IAAI;AACnB,UAAM,QAAQ,OAAO,MAAM,GAAG,CAAC,EAAE,IAAI,CAAC,UAAU;AAC9C,YAAM,OAAO,MAAM,QAAQ,MAAM,IAAI,IAAI,MAAM,KAAK,KAAK,GAAG,IAAI;AAChE,YAAM,MAAM,MAAM,WAAqB,MAAM,QAAkB;AAC/D,aAAO,OAAO,GAAG,IAAI,KAAK,GAAG,KAAK;AAAA,IACpC,CAAC;AACD,WAAO,4BAAuB,MAAM,KAAK,IAAI,CAAC;AAAA,EAChD;AAGA,MAAI,IAAI,SAAS,OAAO,IAAI,UAAU,UAAU;AAC9C,UAAM,UAAU,IAAI;AACpB,QAAI,WAAW,OAAO,YAAY,UAAU;AAC1C,aAAO,sBAAsB,OAAO;AAAA,IACtC;AACA,WAAO,IAAI;AAAA,EACb;AAGA,MAAI,IAAI,WAAW,OAAO,IAAI,YAAY,UAAU;AAClD,WAAO,IAAI;AAAA,EACb;AAGA,QAAM,OAAO,KAAK,UAAU,IAAI;AAChC,MAAI,KAAK,SAAS,KAAK;AACrB,WAAO,iCAAiC,KAAK,MAAM,GAAG,GAAG,CAAC;AAAA,EAC5D;AACA,SAAO,qBAAqB,IAAI;AAClC;AAMA,SAAS,mBAAmB,OAAoB;AAC9C,SAAO,MAAM,MAAM,IAAI,CAAC,SAAS;AAC/B,UAAM,gBAAgB,MAAM,MACzB,OAAO,CAAC,SAAS,KAAK,WAAW,KAAK,SAAS,EAC/C,IAAI,CAAC,UAAU;AAAA,MACd,cAAc,KAAK;AAAA,MACnB,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,UAAU,KAAK;AAAA,IACjB,EAAE;AAEJ,WAAO;AAAA,MACL,WAAW,KAAK;AAAA,MAChB,WAAW,KAAK;AAAA,MAChB,QAAQ,sBAAsB,KAAK,WAAW,KAAK,SAAS;AAAA,MAC5D,QAAQ,KAAK;AAAA,MACb;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAMA,SAAS,qBAAqB,MAA2D;AACvF,QAAM,UAAoB,CAAC;AAC3B,QAAM,UAAU;AAChB,MAAI;AACJ,UAAQ,QAAQ,QAAQ,KAAK,IAAI,OAAO,MAAM;AAC5C,UAAM,SAAS,MAAM,CAAC,EAAE,YAAY;AACpC,QAAI,CAAC,QAAQ,OAAO,SAAS,QAAQ,EAAE,SAAS,MAAM,GAAG;AACvD,cAAQ,KAAK,MAAM;AAAA,IACrB;AAAA,EACF;AACA,SAAO,EAAE,aAAa,QAAQ,SAAS,GAAG,QAAQ;AACpD;AAOA,eAAsB,oBAAqC;AACzD,QAAM,cAAc,MAAM,oBAAoB;AAC9C,qBAAmB;AACnB,sBAAoB,WAAW;AAC/B,SAAO;AACT;AAKA,SAAS,qBAA2B;AAClC;AAAA,IACE;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA;AAAA;AAAA,MAGb,aAAa,EAAE,OAAO;AAAA,QACpB,MAAM,EACH,OAAO,EACP;AAAA,UACC;AAAA,QACF;AAAA,MACJ,CAAC;AAAA,MACD,kBAAkB,CAAC;AAAA,MACnB,SAAS,OAAO,OAAyB,QAAwB;AAC/D,cAAM,cAAc,MAAM,KAAK,MAAM,GAAG,GAAG,EAAE,QAAQ,OAAO,GAAG;AAC/D,gBAAQ,MAAM,4BAA4B,WAAW,GAAG,MAAM,KAAK,SAAS,MAAM,QAAQ,EAAE,GAAG;AAG/F,YAAI,IAAI,WAAW;AACjB,gBAAM,SAAS,kBAAkB,IAAI,WAAW,MAAM,IAAI;AAC1D,cAAI,QAAQ;AACV,oBAAQ,MAAM,wCAAwC,OAAO,KAAK,IAAI;AACtE,kBAAMA,iBAAgB,mBAAmB,IAAI,SAAS;AACtD,mBAAO;AAAA,cACL,SAAS;AAAA,cACT,QAAQ,OAAO;AAAA,cACf,WAAW;AAAA,cACX,gBAAgBA;AAAA,YAClB;AAAA,UACF;AAGA,gBAAM,EAAE,OAAO,SAAS,IAAI,uBAAuB,IAAI,SAAS;AAChE,cAAI,UAAU;AACZ,oBAAQ,MAAM,sDAAsD,KAAK,GAAG;AAC5E,mBAAO;AAAA,cACL,SAAS;AAAA,cACT,OAAO;AAAA,YACT;AAAA,UACF;AAAA,QACF;AAEA,cAAM,OAAO,MAAM,gBAAgB;AACnC,cAAM,UAAU,cAAc,EAAE,KAAK,CAAC;AACtC,cAAM,SAAS,MAAM,QAAQ,QAAQ,MAAM,IAAI;AAE/C,YAAI,OAAO,OAAO;AAChB,kBAAQ,MAAM,+BAA+B,OAAO,UAAU,aAAQ,OAAO,KAAK,EAAE;AACpF,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,OAAO;AAAA,YACd,MAAM,OAAO;AAAA,YACb,YAAY,OAAO;AAAA,UACrB;AAAA,QACF;AAEA,cAAM,YAAY,eAAe,OAAO,MAAM;AAC9C,gBAAQ,MAAM,4BAA4B,OAAO,UAAU,aAAQ,UAAU,MAAM,QAAQ;AAG3F,YAAI,IAAI,WAAW;AACjB,gBAAM,QAAQ,iBAAiB,MAAM,IAAI;AACzC,4BAAkB,IAAI,WAAW,MAAM,MAAM,WAAW,KAAK;AAAA,QAC/D;AAEA,cAAM,gBAAgB,IAAI,YAAY,mBAAmB,IAAI,SAAS,IAAI;AAC1E,eAAO;AAAA,UACL,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,MAAM,OAAO;AAAA,UACb,YAAY,OAAO;AAAA,UACnB,gBAAgB;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAAA,IACA,EAAE,UAAU,WAAW;AAAA,EACzB;AACF;AAKA,SAAS,oBAAoB,aAA2B;AACtD,QAAM,aAAa,cACf;AAAA;AAAA,EAAO,WAAW,KAClB;AAEJ;AAAA,IACE;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA;AAAA,6XAE2V,UAAU;AAAA,MAClX,aAAa,EAAE,OAAO;AAAA,QACpB,MAAM,EACH,OAAO,EACP;AAAA,UACC;AAAA,QACF;AAAA,MACJ,CAAC;AAAA,MACD,kBAAkB,CAAC;AAAA;AAAA,MACnB,SAAS,OAAO,OAAyB,QAAwB;AAC/D,cAAM,cAAc,MAAM,KAAK,MAAM,GAAG,GAAG,EAAE,QAAQ,OAAO,GAAG;AAC/D,gBAAQ,MAAM,6BAA6B,WAAW,GAAG,MAAM,KAAK,SAAS,MAAM,QAAQ,EAAE,UAAU,IAAI,UAAU,SAAS,EAAE;AAGhI,YAAI,IAAI,WAAW;AACjB,gBAAM,EAAE,OAAO,SAAS,IAAI,uBAAuB,IAAI,SAAS;AAChE,cAAI,UAAU;AACZ,oBAAQ,MAAM,uDAAuD,KAAK,GAAG;AAC7E,mBAAO;AAAA,cACL,SAAS;AAAA,cACT,OAAO;AAAA,YACT;AAAA,UACF;AAAA,QACF;AAGA,cAAM,eAAe,qBAAqB,MAAM,IAAI;AACpD,cAAM,cAAc,aAAa,cAAc,KAAK;AACpD,YAAI,aAAa,aAAa;AAC5B,kBAAQ,MAAM,0CAA0C,aAAa,QAAQ,KAAK,GAAG,CAAC,iCAA4B,WAAW,EAAE;AAAA,QACjI;AACA,YAAI,eAAe;AAEnB,cAAM,eAAe,mBAAmB,KAAK,MAAM;AACjD;AACA,cAAI,eAAe,aAAa;AAC9B,kBAAM,IAAI,MAAM,gCAAgC,WAAW,GAAG;AAAA,UAChE;AAAA,QACF,CAAC;AAED,cAAM,UAAU;AAAA,UACd,UAAU,IAAI;AAAA,UACd,gBAAgB,IAAI;AAAA,UACpB,QAAQ,IAAI;AAAA,QACd;AAEA,cAAM,UAAU;AAAA,UACd,EAAE,KAAK,EAAE,SAAS,aAAa,GAAG,QAAQ;AAAA,UAC1C,EAAE,YAAY;AAAA,QAChB;AAEA,cAAM,SAAS,MAAM,QAAQ,QAAQ,MAAM,IAAI;AAE/C,YAAI,OAAO,OAAO;AAChB,kBAAQ,MAAM,gCAAgC,OAAO,UAAU,sBAAiB,YAAY,WAAM,OAAO,KAAK,EAAE;AAChH,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,OAAO;AAAA,YACd,MAAM,OAAO;AAAA,YACb,YAAY,OAAO;AAAA,YACnB;AAAA,UACF;AAAA,QACF;AAEA,cAAM,YAAY,eAAe,OAAO,MAAM;AAC9C,gBAAQ,MAAM,6BAA6B,OAAO,UAAU,sBAAiB,YAAY,WAAM,UAAU,MAAM,QAAQ;AAEvH,cAAM,gBAAgB,IAAI,YAAY,mBAAmB,IAAI,SAAS,IAAI;AAC1E,eAAO;AAAA,UACL,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,MAAM,OAAO;AAAA,UACb,YAAY,OAAO;AAAA,UACnB;AAAA,UACA,gBAAgB;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAAA,IACA,EAAE,UAAU,WAAW;AAAA,EACzB;AACF;AAMA,SAAS,mBACP,KACA,QAMqB;AACrB,QAAM,UACJ,QAAQ,IAAI,4BACZ,QAAQ,IAAI,uBACZ,QAAQ,IAAI,WACZ;AAEF,SAAO,OAAO,WAAW;AACvB,WAAO;AAEP,UAAM,EAAE,QAAQ,MAAM,OAAO,KAAK,IAAI;AACtC,UAAM,YAAY,KAAK,IAAI;AAG3B,UAAM,UAAU,KAAK,WAAW,MAAM,IAAI,OAAO,OAAO,IAAI;AAC5D,QAAI,MAAM,GAAG,OAAO,GAAG,OAAO;AAG9B,UAAM,cAAsC,EAAE,GAAG,MAAM;AAEvD,QAAI,WAAW,OAAO;AACpB,UAAI,IAAI,SAAU,aAAY,WAAW,IAAI;AAC7C,UAAI,IAAI,eAAgB,aAAY,iBAAiB,IAAI;AAAA,IAC3D;AAEA,QAAI,OAAO,KAAK,WAAW,EAAE,SAAS,GAAG;AACvC,YAAM,YAAY,IAAI,SAAS,GAAG,IAAI,MAAM;AAC5C,aAAO,YAAY,IAAI,gBAAgB,WAAW,EAAE,SAAS;AAAA,IAC/D;AAGA,QAAI;AACJ,QAAI,CAAC,QAAQ,OAAO,OAAO,EAAE,SAAS,OAAO,YAAY,CAAC,GAAG;AAC3D,oBAAc,EAAE,GAAG,KAAK;AACxB,UAAI,IAAI,SAAU,aAAY,WAAW,IAAI;AAC7C,UAAI,IAAI,eAAgB,aAAY,iBAAiB,IAAI;AAAA,IAC3D;AAGA,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AACA,QAAI,IAAI,aAAc,SAAQ,WAAW,IAAI,IAAI;AACjD,QAAI,IAAI,SAAU,SAAQ,aAAa,IAAI,IAAI;AAC/C,QAAI,IAAI,eAAgB,SAAQ,mBAAmB,IAAI,IAAI;AAG3D,UAAM,WAAW,MAAM,WAAW,MAAM,KAAK;AAAA,MAC3C,QAAQ,OAAO,YAAY;AAAA,MAC3B;AAAA,MACA,MAAM,cAAc,KAAK,UAAU,WAAW,IAAI;AAAA,IACpD,CAAC;AAED,UAAM,eAAe,MAAM,SAAS,KAAK;AACzC,UAAM,OAAO,aAAa,YAAY;AACtC,UAAM,eAAe,KAAK,IAAI,IAAI;AAElC,QAAI,CAAC,SAAS,IAAI;AAChB,cAAQ,MAAM,2BAA2B,OAAO,YAAY,CAAC,IAAI,OAAO,WAAM,SAAS,MAAM,OAAO,YAAY,IAAI;AAGpH,UAAI,SAAS,WAAW,KAAK;AAC3B,eAAO;AAAA,UACL,SAAS;AAAA,UACT,YAAY;AAAA,UACZ,OAAO,sBAAsB,IAAI;AAAA,QACnC;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,SAAS;AAAA,QACrB,OAAO,aAAa,SAAS,MAAM;AAAA,QACnC,SAAS;AAAA,MACX;AAAA,IACF;AAEA,YAAQ,MAAM,2BAA2B,OAAO,YAAY,CAAC,IAAI,OAAO,WAAM,SAAS,MAAM,OAAO,YAAY,OAAO,aAAa,MAAM,SAAS;AAGnJ,QAAI,CAAC,CAAC,OAAO,QAAQ,SAAS,EAAE,SAAS,OAAO,YAAY,CAAC,GAAG;AAC9D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,SAAS;AAAA,QACrB;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,YAAY,SAAS;AAAA,MACrB;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,aAAa,MAAuB;AAC3C,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;",
|
|
6
|
-
"names": ["memoryContext"]
|
|
4
|
+
"sourcesContent": ["/**\n * Code Mode Tools\n *\n * Two meta-tools that replace all individual API/schema/module tools:\n * - search: Query the OpenAPI spec + entity graph programmatically\n * - execute: Make API calls via a sandboxed api.request() wrapper\n *\n * The AI writes JavaScript that runs in a node:vm sandbox with injected globals.\n */\n\nimport { z } from 'zod'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { registerMcpTool } from './tool-registry'\nimport type { McpToolContext } from './types'\nimport { createSandbox } from './sandbox'\nimport { truncateResult } from './truncate'\nimport { hasRequiredFeatures } from './auth'\nimport { getApiEndpoints, getRawOpenApiSpec, type ApiEndpoint } from './api-endpoint-index'\nimport {\n getCachedEntityGraph,\n inferModuleFromEntity,\n type EntityGraph,\n} from './entity-graph'\nimport {\n lookupSearchCache,\n storeSearchResult,\n buildMemoryContext,\n buildSearchLabel,\n incrementToolCallCount,\n} from './session-memory'\n\n/**\n * Cached spec object combining OpenAPI paths + entity schemas.\n */\nlet cachedCodeModeSpec: Record<string, unknown> | null = null\n\n/**\n * Cached TypeScript type stubs for common CRUD endpoints.\n * Generated once at startup from the OpenAPI spec.\n */\nlet cachedCommonTypes: string | null = null\n\nexport const CODE_MODE_REQUIRED_FEATURES = ['ai_assistant.view'] as const\n\n/**\n * Build the merged spec object for the search tool.\n */\nasync function getCodeModeSpec(): Promise<Record<string, unknown>> {\n if (cachedCodeModeSpec) return cachedCodeModeSpec\n\n const rawSpec = await getRawOpenApiSpec()\n const graph = getCachedEntityGraph()\n\n const paths = (rawSpec?.paths ?? {}) as Record<string, Record<string, unknown>>\n const entitySchemas = graph ? buildEntitySchemas(graph) : []\n\n const spec: Record<string, unknown> = {\n paths,\n info: rawSpec?.info,\n components: rawSpec?.components,\n entitySchemas,\n }\n\n // --- Helper functions injected into sandbox ---\n\n /**\n * spec.findEndpoints(keyword) \u2014 find all endpoints matching a keyword.\n * Returns compact list: [{ path, methods }]\n */\n spec.findEndpoints = (keyword: string) => {\n const kw = keyword.toLowerCase()\n return Object.entries(paths)\n .filter(([path]) => path.toLowerCase().includes(kw))\n .map(([path, methods]) => ({\n path,\n methods: Object.keys(methods).filter((m) => m !== 'parameters'),\n }))\n }\n\n /**\n * spec.describeEndpoint(path, method) \u2014 compact endpoint profile with working example.\n * Returns: { path, method, summary, requiredFields, optionalFields, nestedCollections, example, relatedEndpoints, relatedEntity }\n * For full schema access, use: spec.paths[path][method].requestBody\n */\n spec.describeEndpoint = (path: string, method: string) => {\n const pathObj = paths[path] as Record<string, unknown> | undefined\n if (!pathObj) return null\n\n const endpoint = pathObj[method.toLowerCase()] as Record<string, unknown> | undefined\n if (!endpoint) return null\n\n // Extract requestBody JSON Schema\n const bodySchema = extractRequestBodySchema(endpoint)\n const bodyProps = (bodySchema?.properties ?? {}) as Record<string, Record<string, unknown>>\n const bodyRequired = (bodySchema?.required ?? []) as string[]\n\n // Split fields into required (with types) vs optional (names only)\n const requiredFields: Array<{ name: string; type: string; format?: string }> = []\n const optionalFields: string[] = []\n const nestedCollections: Array<{\n field: string\n type: string\n requiredFields: Array<{ name: string; type: string }>\n commonFields: string[]\n }> = []\n\n for (const [name, prop] of Object.entries(bodyProps)) {\n const propType = (prop.type as string) || 'string'\n\n // Detect nested array collections (e.g. lines, items, addresses)\n if (propType === 'array' && prop.items && (prop.items as Record<string, unknown>).type === 'object') {\n const itemSchema = prop.items as Record<string, unknown>\n const itemProps = (itemSchema.properties ?? {}) as Record<string, Record<string, unknown>>\n const itemRequired = (itemSchema.required ?? []) as string[]\n\n const nestedRequired = itemRequired.map((n) => ({\n name: n,\n type: ((itemProps[n]?.type as string) || 'string'),\n }))\n\n // Common fields: first few non-required fields that are likely user-provided\n const nestedOptional = Object.keys(itemProps).filter((n) => !itemRequired.includes(n))\n const commonFields = nestedOptional.slice(0, 6)\n\n nestedCollections.push({\n field: name,\n type: 'array',\n requiredFields: nestedRequired,\n commonFields,\n })\n continue\n }\n\n if (bodyRequired.includes(name)) {\n const field: { name: string; type: string; format?: string } = { name, type: propType }\n if (prop.format) field.format = prop.format as string\n requiredFields.push(field)\n } else {\n optionalFields.push(name)\n }\n }\n\n // Generate minimal working example from required fields + nested collections\n const example: Record<string, unknown> = {}\n for (const field of requiredFields) {\n example[field.name] = generatePlaceholder(field.type, field.format)\n }\n for (const collection of nestedCollections) {\n const itemExample: Record<string, unknown> = {}\n for (const field of collection.requiredFields) {\n itemExample[field.name] = generatePlaceholder(field.type)\n }\n // Add first 2 common fields to the example\n for (const name of collection.commonFields.slice(0, 2)) {\n itemExample[name] = '<value>'\n }\n example[collection.field] = [itemExample]\n }\n\n // Find related endpoints sharing the same module prefix\n const segments = path.replace('/api/', '').split('/')\n const moduleSegment = segments[0]\n const resourceName = segments[1] || segments[0]\n const modulePrefix = `/api/${moduleSegment}/`\n const relatedEndpoints = Object.entries(paths)\n .filter(([p]) => p.startsWith(modulePrefix) && p !== path && !p.includes('{'))\n .map(([p, methods]) => ({\n path: p,\n methods: Object.keys(methods as Record<string, unknown>).filter((m) => m !== 'parameters'),\n }))\n .slice(0, 8)\n\n // Compact entity: className + relationship summary\n const resourceNorm = resourceName.replace(/-/g, '_')\n const resourceSingular = resourceNorm.endsWith('s') ? resourceNorm.slice(0, -1) : resourceNorm\n const moduleSingular = moduleSegment.endsWith('s') ? moduleSegment.slice(0, -1) : moduleSegment\n const prefixedTable = `${moduleSingular}_${resourceNorm}`\n\n const entity = entitySchemas.find((e: Record<string, unknown>) => {\n const table = ((e.tableName as string) || '').toLowerCase()\n const cls = ((e.className as string) || '').toLowerCase()\n const mod = ((e.module as string) || '').toLowerCase()\n if (table === resourceNorm || table === prefixedTable) return true\n if (cls.includes(moduleSingular) && cls.includes(resourceSingular)) return true\n if (mod === moduleSegment && cls.includes(resourceSingular)) return true\n if (cls === resourceSingular || cls.includes(resourceSingular)) return true\n return false\n }) || null\n\n let relatedEntity: string | null = null\n if (entity) {\n const ent = entity as Record<string, unknown>\n const rels = (ent.relationships as Array<{ relationship: string; target: string }>) || []\n const relSummary = rels.map((r) => `${r.relationship}: ${r.target}`).join(', ')\n relatedEntity = `${ent.className}${relSummary ? ` (${relSummary})` : ''}`\n }\n\n // GET endpoints: include query parameters compactly\n const parameters = method.toLowerCase() === 'get'\n ? (endpoint.parameters as Array<Record<string, unknown>> || [])\n .filter((p) => p.in === 'query')\n .map((p) => p.name as string)\n : undefined\n\n return {\n path,\n method: method.toUpperCase(),\n summary: endpoint.summary || endpoint.description,\n ...(parameters && parameters.length > 0 ? { queryParams: parameters } : {}),\n ...(requiredFields.length > 0 ? { requiredFields } : {}),\n ...(optionalFields.length > 0 ? { optionalFields } : {}),\n ...(nestedCollections.length > 0 ? { nestedCollections } : {}),\n ...(Object.keys(example).length > 0 ? { example } : {}),\n ...(relatedEndpoints.length > 0 ? { relatedEndpoints } : {}),\n relatedEntity,\n }\n }\n\n /**\n * spec.describeEntity(keyword) \u2014 find entity by keyword and return its full schema.\n * Returns: { className, tableName, module, fields, relationships }\n */\n spec.describeEntity = (keyword: string) => {\n const kw = keyword.toLowerCase()\n return entitySchemas.find((e: Record<string, unknown>) => {\n const cls = (e.className as string || '').toLowerCase()\n const table = (e.tableName as string || '').toLowerCase()\n return cls.includes(kw) || table.includes(kw)\n }) || null\n }\n\n cachedCodeModeSpec = spec\n return spec\n}\n\n/**\n * Extract the JSON Schema from an OpenAPI endpoint's requestBody.\n * Handles the common `content['application/json'].schema` path.\n */\nfunction extractRequestBodySchema(\n endpoint: Record<string, unknown>\n): Record<string, unknown> | null {\n const requestBody = endpoint.requestBody as Record<string, unknown> | undefined\n if (!requestBody) return null\n\n const content = requestBody.content as Record<string, Record<string, unknown>> | undefined\n if (!content) return null\n\n const jsonContent = content['application/json']\n if (!jsonContent) return null\n\n return (jsonContent.schema as Record<string, unknown>) || null\n}\n\n/**\n * Generate a placeholder value for a given JSON Schema type.\n */\nfunction generatePlaceholder(type: string, format?: string): unknown {\n if (format === 'uuid' || format === 'objectId') return '<uuid>'\n if (format === 'date-time' || format === 'date') return '<date>'\n if (format === 'email') return '<email>'\n switch (type) {\n case 'string': return '<string>'\n case 'number':\n case 'integer': return 0\n case 'boolean': return false\n case 'array': return []\n default: return '<value>'\n }\n}\n\n/**\n * Common CRUD endpoints to pre-generate types for.\n * These are the endpoints the agent uses most and where debug spirals happen.\n */\nconst COMMON_ENDPOINTS: Array<{ path: string; method: string; typeName: string }> = [\n { path: '/api/sales/quotes', method: 'post', typeName: 'CreateQuote' },\n { path: '/api/sales/orders', method: 'post', typeName: 'CreateOrder' },\n { path: '/api/sales/invoices', method: 'post', typeName: 'CreateInvoice' },\n { path: '/api/customers/companies', method: 'post', typeName: 'CreateCompany' },\n { path: '/api/customers/people', method: 'post', typeName: 'CreatePerson' },\n { path: '/api/customers/deals', method: 'post', typeName: 'CreateDeal' },\n { path: '/api/catalog/products', method: 'post', typeName: 'CreateProduct' },\n { path: '/api/customers/companies', method: 'put', typeName: 'UpdateCompany' },\n { path: '/api/customers/people', method: 'put', typeName: 'UpdatePerson' },\n { path: '/api/sales/quotes', method: 'put', typeName: 'UpdateQuote' },\n]\n\n/**\n * Generate TypeScript-like type stubs from the OpenAPI spec for common endpoints.\n * This runs once at startup and injects types into the execute tool description\n * so the LLM sees the correct payload shape without needing to call describeEndpoint.\n */\nasync function generateCommonTypes(): Promise<string> {\n if (cachedCommonTypes) return cachedCommonTypes\n\n const rawSpec = await getRawOpenApiSpec()\n if (!rawSpec?.paths) {\n cachedCommonTypes = ''\n return ''\n }\n\n const paths = rawSpec.paths as Record<string, Record<string, unknown>>\n const typeLines: string[] = ['Available types for api.request() body:\\n']\n\n for (const { path, method, typeName } of COMMON_ENDPOINTS) {\n const pathObj = paths[path] as Record<string, unknown> | undefined\n if (!pathObj) continue\n\n const endpoint = pathObj[method] as Record<string, unknown> | undefined\n if (!endpoint) continue\n\n const bodySchema = extractRequestBodySchema(endpoint)\n if (!bodySchema?.properties) continue\n\n const typeStr = schemaToTypeString(\n typeName,\n bodySchema,\n `${method.toUpperCase()} ${path}`,\n )\n if (typeStr) typeLines.push(typeStr)\n }\n\n if (typeLines.length <= 1) {\n cachedCommonTypes = ''\n return ''\n }\n\n cachedCommonTypes = typeLines.join('\\n')\n console.error(`[Code Mode] Generated ${typeLines.length - 1} common type stubs`)\n return cachedCommonTypes\n}\n\n/**\n * Convert a JSON Schema object to a compact TypeScript-like type string.\n * Produces a single-line or multi-line type declaration the LLM can use directly.\n */\nfunction schemaToTypeString(\n typeName: string,\n schema: Record<string, unknown>,\n comment: string,\n): string | null {\n const props = schema.properties as Record<string, Record<string, unknown>> | undefined\n if (!props) return null\n\n const required = new Set((schema.required as string[]) || [])\n\n // Skip internal fields that the sandbox injects automatically\n const skipFields = new Set(['tenantId', 'organizationId'])\n\n const fields: string[] = []\n const nestedTypes: string[] = []\n\n for (const [name, prop] of Object.entries(props)) {\n if (skipFields.has(name)) continue\n if (!prop || typeof prop !== 'object') continue\n\n const isRequired = required.has(name)\n const optMark = isRequired ? '' : '?'\n\n // Detect nested array of objects \u2192 extract as separate type\n if (\n prop.type === 'array' &&\n prop.items &&\n (prop.items as Record<string, unknown>).type === 'object'\n ) {\n const itemTypeName = `${typeName}${capitalize(singularize(name))}`\n const itemSchema = prop.items as Record<string, unknown>\n const nestedType = schemaToTypeString(itemTypeName, itemSchema, '')\n if (nestedType) nestedTypes.push(nestedType)\n fields.push(`${name}${optMark}: ${itemTypeName}[]`)\n continue\n }\n\n const propType = resolvePropertyType(prop)\n fields.push(`${name}${optMark}: ${propType}`)\n }\n\n if (fields.length === 0) return null\n\n const commentLine = comment ? `// ${comment}\\n` : ''\n const nested = nestedTypes.length > 0 ? nestedTypes.join('\\n') + '\\n' : ''\n return `${nested}${commentLine}type ${typeName} = { ${fields.join('; ')} }`\n}\n\n/**\n * Resolve a JSON Schema property to a compact TypeScript type string.\n */\nfunction resolvePropertyType(prop: Record<string, unknown>): string {\n // Handle anyOf (nullable types)\n if (prop.anyOf && Array.isArray(prop.anyOf)) {\n const variants = (prop.anyOf as Array<Record<string, unknown> | null>).filter(\n (s): s is Record<string, unknown> => s != null,\n )\n const nonNull = variants.filter((s) => s.type !== 'null')\n if (nonNull.length === 1) {\n return resolvePropertyType(nonNull[0]) + ' | null'\n }\n if (nonNull.length > 1) {\n return nonNull.map((s) => resolvePropertyType(s)).join(' | ')\n }\n }\n\n // Handle enum\n if (prop.enum && Array.isArray(prop.enum)) {\n return (prop.enum as string[]).map((v) => `'${v}'`).join(' | ')\n }\n\n const type = prop.type as string\n const format = prop.format as string | undefined\n\n if (type === 'array') {\n const items = prop.items as Record<string, unknown> | undefined\n if (items) return `${resolvePropertyType(items)}[]`\n return 'unknown[]'\n }\n\n if (type === 'object') return 'object'\n\n if (format === 'uuid') return 'string /*uuid*/'\n if (format === 'date-time') return 'string /*ISO date*/'\n if (format === 'date') return 'string /*date*/'\n if (format === 'email') return 'string /*email*/'\n\n switch (type) {\n case 'string': return 'string'\n case 'number':\n case 'integer': return 'number'\n case 'boolean': return 'boolean'\n default: return 'unknown'\n }\n}\n\nfunction capitalize(s: string): string {\n return s.charAt(0).toUpperCase() + s.slice(1)\n}\n\nfunction singularize(s: string): string {\n if (s.endsWith('ies')) return s.slice(0, -3) + 'y'\n if (s.endsWith('ses')) return s.slice(0, -2)\n if (s.endsWith('s') && !s.endsWith('ss')) return s.slice(0, -1)\n return s\n}\n\n/**\n * Format a 400 API error response into a human-readable fix instruction.\n * Parses Zod-style validation errors and produces a concise message the LLM can act on.\n */\nfunction formatValidationError(data: unknown): string {\n if (!data || typeof data !== 'object') {\n return `Validation error: ${JSON.stringify(data)}`\n }\n\n // Raw Zod v4 array format: [{ expected, code, path, message }]\n if (Array.isArray(data)) {\n const issues = data as Array<Record<string, unknown>>\n const parts = issues.slice(0, 5).map((issue) => {\n const path = Array.isArray(issue.path) ? issue.path.join('.') : ''\n const msg = issue.message as string || `expected ${issue.expected}` || issue.code as string || 'invalid'\n return path ? `${path}: ${msg}` : msg\n })\n if (parts.length > 0) {\n return `Validation failed \u2014 ${parts.join('; ')}. Fix the listed fields and retry.`\n }\n }\n\n const obj = data as Record<string, unknown>\n\n // Zod v4 flat format: { fieldErrors: { field: [messages] }, formErrors: [messages] }\n if (obj.fieldErrors && typeof obj.fieldErrors === 'object') {\n const fieldErrors = obj.fieldErrors as Record<string, string[]>\n const parts: string[] = []\n for (const [field, messages] of Object.entries(fieldErrors)) {\n if (Array.isArray(messages) && messages.length > 0) {\n parts.push(`${field}: ${messages[0]}`)\n }\n }\n const formErrors = obj.formErrors as string[] | undefined\n if (Array.isArray(formErrors) && formErrors.length > 0) {\n parts.push(formErrors[0])\n }\n if (parts.length > 0) {\n return `Validation failed \u2014 ${parts.join('; ')}. Fix the listed fields and retry.`\n }\n }\n\n // Zod v3 format: { issues: [{ path: [...], message, code }] }\n if (obj.issues && Array.isArray(obj.issues)) {\n const issues = obj.issues as Array<Record<string, unknown>>\n const parts = issues.slice(0, 5).map((issue) => {\n const path = Array.isArray(issue.path) ? issue.path.join('.') : ''\n const msg = issue.message as string || issue.code as string || 'invalid'\n return path ? `${path}: ${msg}` : msg\n })\n return `Validation failed \u2014 ${parts.join('; ')}. Fix the listed fields and retry.`\n }\n\n // Our API error format: { error: string, details: ... }\n if (obj.error && typeof obj.error === 'string') {\n const details = obj.details\n if (details && typeof details === 'object') {\n return formatValidationError(details)\n }\n return obj.error\n }\n\n // Generic: { message: string }\n if (obj.message && typeof obj.message === 'string') {\n return obj.message\n }\n\n // Fallback: compact JSON\n const json = JSON.stringify(data)\n if (json.length > 500) {\n return `Validation error (truncated): ${json.slice(0, 500)}...`\n }\n return `Validation error: ${json}`\n}\n\n/**\n * Build entity schema array from the entity graph.\n * Same structure as buildEntityResult in entity-graph-tools.ts.\n */\nfunction buildEntitySchemas(graph: EntityGraph) {\n return graph.nodes.map((node) => {\n const relationships = graph.edges\n .filter((edge) => edge.source === node.className)\n .map((edge) => ({\n relationship: edge.relationship,\n target: edge.target,\n property: edge.property,\n nullable: edge.nullable,\n }))\n\n return {\n className: node.className,\n tableName: node.tableName,\n module: inferModuleFromEntity(node.className, node.tableName),\n fields: node.properties,\n relationships,\n }\n })\n}\n\n/**\n * Detect mutation HTTP methods in code via static analysis.\n * Returns which methods were found (POST, PUT, PATCH, DELETE).\n */\nfunction detectMutationInCode(code: string): { hasMutation: boolean; methods: string[] } {\n const methods: string[] = []\n const pattern = /method:\\s*['\"](\\w+)['\"]/gi\n let match\n while ((match = pattern.exec(code)) !== null) {\n const method = match[1].toUpperCase()\n if (['POST', 'PUT', 'PATCH', 'DELETE'].includes(method)) {\n methods.push(method)\n }\n }\n return { hasMutation: methods.length > 0, methods }\n}\n\n/**\n * Load and register the two Code Mode tools.\n * Generates TypeScript type stubs for common endpoints at startup.\n * @returns Number of tools registered (always 2)\n */\nexport async function loadCodeModeTools(): Promise<number> {\n const commonTypes = await generateCommonTypes()\n registerSearchTool()\n registerExecuteTool(commonTypes)\n return 2\n}\n\n/**\n * search \u2014 Query the OpenAPI spec and entity graph programmatically.\n */\nfunction registerSearchTool(): void {\n registerMcpTool(\n {\n name: 'search',\n description: `Query the OpenAPI spec and entity schemas. READ-ONLY, no side effects.\nGlobals: spec.findEndpoints(keyword), spec.describeEndpoint(path, method), spec.describeEntity(keyword), spec.paths, spec.entitySchemas.\nUse BEFORE execute to learn endpoint schemas for CREATE/UPDATE. Skip for common paths (companies, people, orders, quotes, products).`,\n inputSchema: z.object({\n code: z\n .string()\n .describe(\n 'An async arrow function that queries spec, e.g. async () => spec.paths[\"/api/customers/companies\"]'\n ),\n }),\n requiredFeatures: [...CODE_MODE_REQUIRED_FEATURES],\n handler: async (input: { code: string }, ctx: McpToolContext) => {\n const codePreview = input.code.slice(0, 120).replace(/\\n/g, ' ')\n console.error(`[AI Usage] search: code=\"${codePreview}${input.code.length > 120 ? '...' : ''}\"`)\n\n // Check session memory for cached result\n if (ctx.sessionId) {\n const cached = lookupSearchCache(ctx.sessionId, input.code)\n if (cached) {\n console.error(`[AI Usage] search: CACHE HIT (label=\"${cached.label}\")`)\n const memoryContext = buildMemoryContext(ctx.sessionId)\n return {\n success: true,\n result: cached.result,\n fromCache: true,\n _memoryContext: memoryContext,\n }\n }\n\n // Enforce tool call limit\n const { count, exceeded } = incrementToolCallCount(ctx.sessionId)\n if (exceeded) {\n console.error(`[AI Usage] search: TOOL CALL LIMIT EXCEEDED (count=${count})`)\n return {\n success: false,\n error: 'Tool call limit exceeded. Summarize what you know and respond to the user.',\n }\n }\n }\n\n const spec = await getCodeModeSpec()\n const sandbox = createSandbox({ spec })\n const result = await sandbox.execute(input.code)\n\n if (result.error) {\n console.error(`[AI Usage] search: ERROR in ${result.durationMs}ms \u2014 ${result.error}`)\n return {\n success: false,\n error: result.error,\n logs: result.logs,\n durationMs: result.durationMs,\n }\n }\n\n const truncated = truncateResult(result.result)\n console.error(`[AI Usage] search: OK in ${result.durationMs}ms \u2014 ${truncated.length} chars`)\n\n // Store in session memory\n if (ctx.sessionId) {\n const label = buildSearchLabel(input.code)\n storeSearchResult(ctx.sessionId, input.code, truncated, label)\n }\n\n const memoryContext = ctx.sessionId ? buildMemoryContext(ctx.sessionId) : undefined\n return {\n success: true,\n result: truncated,\n logs: result.logs,\n durationMs: result.durationMs,\n _memoryContext: memoryContext,\n }\n },\n },\n { moduleId: 'codemode' }\n )\n}\n\n/**\n * execute \u2014 Run JavaScript that can make API calls via api.request().\n */\nfunction registerExecuteTool(commonTypes: string): void {\n const typesBlock = commonTypes\n ? `\\n\\n${commonTypes}`\n : ''\n\n registerMcpTool(\n {\n name: 'execute',\n description: `Make API calls. Returns JSON.\nGlobals: api.request({ method, path, query?, body? }) \u2192 { success, statusCode, data }, context { tenantId, organizationId, userId }.\nRULES: For FIND/LIST \u2192 GET only (1 call). For UPDATE \u2192 PUT to collection path with id in BODY. NEVER PUT/POST/DELETE unless user explicitly asked to change data. Before ANY write operation (POST/PUT/DELETE), you MUST use the AskUserQuestion tool to get explicit user confirmation. Do NOT just ask in text \u2014 use the tool so execution pauses until the user responds.${typesBlock}`,\n inputSchema: z.object({\n code: z\n .string()\n .describe(\n 'Async arrow function. For reads: async () => api.request({ method: \"GET\", path: \"/api/customers/companies\" }). For updates: async () => api.request({ method: \"PUT\", path: \"/api/customers/companies\", body: { id: \"<uuid>\", name: \"New Name\" } }). id goes in BODY not URL.'\n ),\n }),\n requiredFeatures: [...CODE_MODE_REQUIRED_FEATURES],\n handler: async (input: { code: string }, ctx: McpToolContext) => {\n const codePreview = input.code.slice(0, 120).replace(/\\n/g, ' ')\n console.error(`[AI Usage] execute: code=\"${codePreview}${input.code.length > 120 ? '...' : ''}\" user=${ctx.userId || 'unknown'}`)\n\n // Enforce tool call limit\n if (ctx.sessionId) {\n const { count, exceeded } = incrementToolCallCount(ctx.sessionId)\n if (exceeded) {\n console.error(`[AI Usage] execute: TOOL CALL LIMIT EXCEEDED (count=${count})`)\n return {\n success: false,\n error: 'Tool call limit exceeded. Summarize what you know and respond to the user.',\n }\n }\n }\n\n // Detect mutations via static analysis \u2014 cap API calls for safety\n const mutationInfo = detectMutationInCode(input.code)\n const maxApiCalls = mutationInfo.hasMutation ? 20 : 50\n if (mutationInfo.hasMutation) {\n console.error(`[AI Usage] execute: MUTATION DETECTED (${mutationInfo.methods.join(',')}) \u2014 capping API calls to ${maxApiCalls}`)\n }\n let apiCallCount = 0\n\n const apiRequestFn = createApiRequestFn(ctx, () => {\n apiCallCount++\n if (apiCallCount > maxApiCalls) {\n throw new Error(`API call limit exceeded (max ${maxApiCalls})`)\n }\n })\n\n const context = {\n tenantId: ctx.tenantId,\n organizationId: ctx.organizationId,\n userId: ctx.userId,\n }\n\n const sandbox = createSandbox(\n { api: { request: apiRequestFn }, context },\n { maxApiCalls }\n )\n\n const result = await sandbox.execute(input.code)\n\n if (result.error) {\n console.error(`[AI Usage] execute: ERROR in ${result.durationMs}ms \u2014 apiCalls=${apiCallCount} \u2014 ${result.error}`)\n return {\n success: false,\n error: result.error,\n logs: result.logs,\n durationMs: result.durationMs,\n apiCallCount,\n }\n }\n\n const truncated = truncateResult(result.result)\n console.error(`[AI Usage] execute: OK in ${result.durationMs}ms \u2014 apiCalls=${apiCallCount} \u2014 ${truncated.length} chars`)\n\n const memoryContext = ctx.sessionId ? buildMemoryContext(ctx.sessionId) : undefined\n return {\n success: true,\n result: truncated,\n logs: result.logs,\n durationMs: result.durationMs,\n apiCallCount,\n _memoryContext: memoryContext,\n }\n },\n },\n { moduleId: 'codemode' }\n )\n}\n\n/**\n * Create the api.request() function for the execute sandbox.\n * Replicates the authenticated API call logic from api-discovery-tools.ts.\n */\nfunction createApiRequestFn(\n ctx: McpToolContext,\n onCall: () => void\n): (params: {\n method: string\n path: string\n query?: Record<string, string>\n body?: Record<string, unknown>\n}) => Promise<unknown> {\n const baseUrl =\n process.env.NEXT_PUBLIC_API_BASE_URL ||\n process.env.NEXT_PUBLIC_APP_URL ||\n process.env.APP_URL ||\n 'http://localhost:3000'\n\n return async (params) => {\n onCall()\n\n const { method, path, query, body } = params\n const callStart = Date.now()\n const normalizedMethod = method.toUpperCase()\n const apiPath = normalizeApiRequestPath(path)\n const authorization = await authorizeCodeModeApiRequest(ctx, normalizedMethod, apiPath)\n\n if (!authorization.allowed) {\n const callDuration = Date.now() - callStart\n console.error(\n `[AI Usage] api.request: ${normalizedMethod} ${apiPath} \u2192 ${authorization.statusCode} in ${callDuration}ms (blocked by Code Mode RBAC)`\n )\n return {\n success: false,\n statusCode: authorization.statusCode,\n error: authorization.error,\n details: authorization.details,\n }\n }\n\n let url = `${baseUrl}${apiPath}`\n\n // Build query parameters\n const queryParams: Record<string, string> = { ...query }\n\n if (normalizedMethod === 'GET') {\n if (ctx.tenantId) queryParams.tenantId = ctx.tenantId\n if (ctx.organizationId) queryParams.organizationId = ctx.organizationId\n }\n\n if (Object.keys(queryParams).length > 0) {\n const separator = url.includes('?') ? '&' : '?'\n url += separator + new URLSearchParams(queryParams).toString()\n }\n\n // Build request body with context injection\n let requestBody: Record<string, unknown> | undefined\n if (['POST', 'PUT', 'PATCH'].includes(normalizedMethod)) {\n requestBody = { ...body }\n if (ctx.tenantId) requestBody.tenantId = ctx.tenantId\n if (ctx.organizationId) requestBody.organizationId = ctx.organizationId\n }\n\n // Build headers\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n }\n if (ctx.apiKeySecret) headers['X-API-Key'] = ctx.apiKeySecret\n if (ctx.tenantId) headers['X-Tenant-Id'] = ctx.tenantId\n if (ctx.organizationId) headers['X-Organization-Id'] = ctx.organizationId\n\n // Execute request using host fetch (not sandbox)\n const response = await globalThis.fetch(url, {\n method: normalizedMethod,\n headers,\n body: requestBody ? JSON.stringify(requestBody) : undefined,\n })\n\n const responseText = await response.text()\n const data = tryParseJson(responseText)\n const callDuration = Date.now() - callStart\n\n if (!response.ok) {\n console.error(`[AI Usage] api.request: ${normalizedMethod} ${apiPath} \u2192 ${response.status} in ${callDuration}ms`)\n\n // Format 400 validation errors into a clear fix instruction for the LLM\n if (response.status === 400) {\n return {\n success: false,\n statusCode: 400,\n error: formatValidationError(data),\n }\n }\n\n return {\n success: false,\n statusCode: response.status,\n error: `API error ${response.status}`,\n details: data,\n }\n }\n\n console.error(`[AI Usage] api.request: ${normalizedMethod} ${apiPath} \u2192 ${response.status} in ${callDuration}ms (${responseText.length} bytes)`)\n\n // Add mutation warning for non-GET calls\n if (!['GET', 'HEAD', 'OPTIONS'].includes(normalizedMethod)) {\n return {\n success: true,\n statusCode: response.status,\n data,\n _note: 'WRITE operation performed. Only do writes when user explicitly requested data modification.',\n }\n }\n\n return {\n success: true,\n statusCode: response.status,\n data,\n }\n }\n}\n\ntype CodeModeApiAuthorization =\n | { allowed: true; endpoint: ApiEndpoint }\n | { allowed: false; statusCode: number; error: string; details?: Record<string, unknown> }\n\nexport async function authorizeCodeModeApiRequest(\n ctx: McpToolContext,\n method: string,\n path: string\n): Promise<CodeModeApiAuthorization> {\n const normalizedMethod = method.toUpperCase()\n const normalizedPath = normalizeApiRequestPath(path)\n const endpoint = await findCodeModeApiEndpoint(normalizedMethod, normalizedPath)\n\n if (!endpoint) {\n return {\n allowed: false,\n statusCode: 403,\n error: `Code Mode cannot call undocumented API endpoint ${normalizedMethod} ${normalizedPath}`,\n }\n }\n\n const rbacService = resolveRbacService(ctx)\n const requiredFeatures = endpoint.requiredFeatures ?? []\n\n if (requiredFeatures.length > 0) {\n if (hasRequiredFeatures(requiredFeatures, ctx.userFeatures, ctx.isSuperAdmin, rbacService)) {\n return { allowed: true, endpoint }\n }\n\n return {\n allowed: false,\n statusCode: 403,\n error: `Insufficient permissions for ${normalizedMethod} ${normalizedPath}`,\n details: { requiredFeatures, operationId: endpoint.operationId },\n }\n }\n\n if (isUnsafeHttpMethod(normalizedMethod)) {\n return {\n allowed: false,\n statusCode: 403,\n error: `Code Mode cannot call mutation endpoint without declared required features: ${normalizedMethod} ${normalizedPath}`,\n details: { operationId: endpoint.operationId },\n }\n }\n\n return { allowed: true, endpoint }\n}\n\nfunction resolveRbacService(ctx: McpToolContext): RbacService | undefined {\n try {\n return ctx.container.resolve('rbacService') as RbacService\n } catch {\n return undefined\n }\n}\n\nasync function findCodeModeApiEndpoint(\n method: string,\n path: string\n): Promise<ApiEndpoint | null> {\n const endpoints = await getApiEndpoints()\n const exactMatch = endpoints.find((endpoint) => endpoint.method === method && endpoint.path === path)\n if (exactMatch) {\n return exactMatch\n }\n\n return endpoints.find((endpoint) => endpoint.method === method && matchApiEndpointPath(endpoint.path, path)) ?? null\n}\n\nexport function matchApiEndpointPath(endpointPath: string, requestPath: string): boolean {\n const normalizedEndpointPath = normalizeApiRequestPath(endpointPath)\n const normalizedRequestPath = normalizeApiRequestPath(requestPath)\n\n if (normalizedEndpointPath === normalizedRequestPath) {\n return true\n }\n\n const endpointSegments = normalizedEndpointPath.split('/').filter(Boolean)\n const requestSegments = normalizedRequestPath.split('/').filter(Boolean)\n\n if (endpointSegments.length !== requestSegments.length) {\n return false\n }\n\n return endpointSegments.every((segment, index) => {\n if (isPathParameterSegment(segment)) {\n return requestSegments[index].length > 0\n }\n return segment === requestSegments[index]\n })\n}\n\nfunction normalizeApiRequestPath(path: string): string {\n const [rawPath] = path.split('?')\n const normalizedPath = rawPath.startsWith('/api')\n ? rawPath\n : `/api${rawPath.startsWith('/') ? rawPath : `/${rawPath}`}`\n\n if (normalizedPath.length > 1 && normalizedPath.endsWith('/')) {\n return normalizedPath.slice(0, -1)\n }\n\n return normalizedPath\n}\n\nfunction isPathParameterSegment(segment: string): boolean {\n return (\n (segment.startsWith('{') && segment.endsWith('}')) ||\n (segment.startsWith('[') && segment.endsWith(']')) ||\n segment.startsWith(':')\n )\n}\n\nfunction isUnsafeHttpMethod(method: string): boolean {\n return !['GET', 'HEAD', 'OPTIONS'].includes(method.toUpperCase())\n}\n\nfunction tryParseJson(text: string): unknown {\n try {\n return JSON.parse(text)\n } catch {\n return text\n }\n}\n"],
|
|
5
|
+
"mappings": "AAUA,SAAS,SAAS;AAElB,SAAS,uBAAuB;AAEhC,SAAS,qBAAqB;AAC9B,SAAS,sBAAsB;AAC/B,SAAS,2BAA2B;AACpC,SAAS,iBAAiB,yBAA2C;AACrE;AAAA,EACE;AAAA,EACA;AAAA,OAEK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAKP,IAAI,qBAAqD;AAMzD,IAAI,oBAAmC;AAEhC,MAAM,8BAA8B,CAAC,mBAAmB;AAK/D,eAAe,kBAAoD;AACjE,MAAI,mBAAoB,QAAO;AAE/B,QAAM,UAAU,MAAM,kBAAkB;AACxC,QAAM,QAAQ,qBAAqB;AAEnC,QAAM,QAAS,SAAS,SAAS,CAAC;AAClC,QAAM,gBAAgB,QAAQ,mBAAmB,KAAK,IAAI,CAAC;AAE3D,QAAM,OAAgC;AAAA,IACpC;AAAA,IACA,MAAM,SAAS;AAAA,IACf,YAAY,SAAS;AAAA,IACrB;AAAA,EACF;AAQA,OAAK,gBAAgB,CAAC,YAAoB;AACxC,UAAM,KAAK,QAAQ,YAAY;AAC/B,WAAO,OAAO,QAAQ,KAAK,EACxB,OAAO,CAAC,CAAC,IAAI,MAAM,KAAK,YAAY,EAAE,SAAS,EAAE,CAAC,EAClD,IAAI,CAAC,CAAC,MAAM,OAAO,OAAO;AAAA,MACzB;AAAA,MACA,SAAS,OAAO,KAAK,OAAO,EAAE,OAAO,CAAC,MAAM,MAAM,YAAY;AAAA,IAChE,EAAE;AAAA,EACN;AAOA,OAAK,mBAAmB,CAAC,MAAc,WAAmB;AACxD,UAAM,UAAU,MAAM,IAAI;AAC1B,QAAI,CAAC,QAAS,QAAO;AAErB,UAAM,WAAW,QAAQ,OAAO,YAAY,CAAC;AAC7C,QAAI,CAAC,SAAU,QAAO;AAGtB,UAAM,aAAa,yBAAyB,QAAQ;AACpD,UAAM,YAAa,YAAY,cAAc,CAAC;AAC9C,UAAM,eAAgB,YAAY,YAAY,CAAC;AAG/C,UAAM,iBAAyE,CAAC;AAChF,UAAM,iBAA2B,CAAC;AAClC,UAAM,oBAKD,CAAC;AAEN,eAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,SAAS,GAAG;AACpD,YAAM,WAAY,KAAK,QAAmB;AAG1C,UAAI,aAAa,WAAW,KAAK,SAAU,KAAK,MAAkC,SAAS,UAAU;AACnG,cAAM,aAAa,KAAK;AACxB,cAAM,YAAa,WAAW,cAAc,CAAC;AAC7C,cAAM,eAAgB,WAAW,YAAY,CAAC;AAE9C,cAAM,iBAAiB,aAAa,IAAI,CAAC,OAAO;AAAA,UAC9C,MAAM;AAAA,UACN,MAAQ,UAAU,CAAC,GAAG,QAAmB;AAAA,QAC3C,EAAE;AAGF,cAAM,iBAAiB,OAAO,KAAK,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,aAAa,SAAS,CAAC,CAAC;AACrF,cAAM,eAAe,eAAe,MAAM,GAAG,CAAC;AAE9C,0BAAkB,KAAK;AAAA,UACrB,OAAO;AAAA,UACP,MAAM;AAAA,UACN,gBAAgB;AAAA,UAChB;AAAA,QACF,CAAC;AACD;AAAA,MACF;AAEA,UAAI,aAAa,SAAS,IAAI,GAAG;AAC/B,cAAM,QAAyD,EAAE,MAAM,MAAM,SAAS;AACtF,YAAI,KAAK,OAAQ,OAAM,SAAS,KAAK;AACrC,uBAAe,KAAK,KAAK;AAAA,MAC3B,OAAO;AACL,uBAAe,KAAK,IAAI;AAAA,MAC1B;AAAA,IACF;AAGA,UAAM,UAAmC,CAAC;AAC1C,eAAW,SAAS,gBAAgB;AAClC,cAAQ,MAAM,IAAI,IAAI,oBAAoB,MAAM,MAAM,MAAM,MAAM;AAAA,IACpE;AACA,eAAW,cAAc,mBAAmB;AAC1C,YAAM,cAAuC,CAAC;AAC9C,iBAAW,SAAS,WAAW,gBAAgB;AAC7C,oBAAY,MAAM,IAAI,IAAI,oBAAoB,MAAM,IAAI;AAAA,MAC1D;AAEA,iBAAW,QAAQ,WAAW,aAAa,MAAM,GAAG,CAAC,GAAG;AACtD,oBAAY,IAAI,IAAI;AAAA,MACtB;AACA,cAAQ,WAAW,KAAK,IAAI,CAAC,WAAW;AAAA,IAC1C;AAGA,UAAM,WAAW,KAAK,QAAQ,SAAS,EAAE,EAAE,MAAM,GAAG;AACpD,UAAM,gBAAgB,SAAS,CAAC;AAChC,UAAM,eAAe,SAAS,CAAC,KAAK,SAAS,CAAC;AAC9C,UAAM,eAAe,QAAQ,aAAa;AAC1C,UAAM,mBAAmB,OAAO,QAAQ,KAAK,EAC1C,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,WAAW,YAAY,KAAK,MAAM,QAAQ,CAAC,EAAE,SAAS,GAAG,CAAC,EAC5E,IAAI,CAAC,CAAC,GAAG,OAAO,OAAO;AAAA,MACtB,MAAM;AAAA,MACN,SAAS,OAAO,KAAK,OAAkC,EAAE,OAAO,CAAC,MAAM,MAAM,YAAY;AAAA,IAC3F,EAAE,EACD,MAAM,GAAG,CAAC;AAGb,UAAM,eAAe,aAAa,QAAQ,MAAM,GAAG;AACnD,UAAM,mBAAmB,aAAa,SAAS,GAAG,IAAI,aAAa,MAAM,GAAG,EAAE,IAAI;AAClF,UAAM,iBAAiB,cAAc,SAAS,GAAG,IAAI,cAAc,MAAM,GAAG,EAAE,IAAI;AAClF,UAAM,gBAAgB,GAAG,cAAc,IAAI,YAAY;AAEvD,UAAM,SAAS,cAAc,KAAK,CAAC,MAA+B;AAChE,YAAM,SAAU,EAAE,aAAwB,IAAI,YAAY;AAC1D,YAAM,OAAQ,EAAE,aAAwB,IAAI,YAAY;AACxD,YAAM,OAAQ,EAAE,UAAqB,IAAI,YAAY;AACrD,UAAI,UAAU,gBAAgB,UAAU,cAAe,QAAO;AAC9D,UAAI,IAAI,SAAS,cAAc,KAAK,IAAI,SAAS,gBAAgB,EAAG,QAAO;AAC3E,UAAI,QAAQ,iBAAiB,IAAI,SAAS,gBAAgB,EAAG,QAAO;AACpE,UAAI,QAAQ,oBAAoB,IAAI,SAAS,gBAAgB,EAAG,QAAO;AACvE,aAAO;AAAA,IACT,CAAC,KAAK;AAEN,QAAI,gBAA+B;AACnC,QAAI,QAAQ;AACV,YAAM,MAAM;AACZ,YAAM,OAAQ,IAAI,iBAAqE,CAAC;AACxF,YAAM,aAAa,KAAK,IAAI,CAAC,MAAM,GAAG,EAAE,YAAY,KAAK,EAAE,MAAM,EAAE,EAAE,KAAK,IAAI;AAC9E,sBAAgB,GAAG,IAAI,SAAS,GAAG,aAAa,KAAK,UAAU,MAAM,EAAE;AAAA,IACzE;AAGA,UAAM,aAAa,OAAO,YAAY,MAAM,SACvC,SAAS,cAAgD,CAAC,GACxD,OAAO,CAAC,MAAM,EAAE,OAAO,OAAO,EAC9B,IAAI,CAAC,MAAM,EAAE,IAAc,IAC9B;AAEJ,WAAO;AAAA,MACL;AAAA,MACA,QAAQ,OAAO,YAAY;AAAA,MAC3B,SAAS,SAAS,WAAW,SAAS;AAAA,MACtC,GAAI,cAAc,WAAW,SAAS,IAAI,EAAE,aAAa,WAAW,IAAI,CAAC;AAAA,MACzE,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,MACtD,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,MACtD,GAAI,kBAAkB,SAAS,IAAI,EAAE,kBAAkB,IAAI,CAAC;AAAA,MAC5D,GAAI,OAAO,KAAK,OAAO,EAAE,SAAS,IAAI,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrD,GAAI,iBAAiB,SAAS,IAAI,EAAE,iBAAiB,IAAI,CAAC;AAAA,MAC1D;AAAA,IACF;AAAA,EACF;AAMA,OAAK,iBAAiB,CAAC,YAAoB;AACzC,UAAM,KAAK,QAAQ,YAAY;AAC/B,WAAO,cAAc,KAAK,CAAC,MAA+B;AACxD,YAAM,OAAO,EAAE,aAAuB,IAAI,YAAY;AACtD,YAAM,SAAS,EAAE,aAAuB,IAAI,YAAY;AACxD,aAAO,IAAI,SAAS,EAAE,KAAK,MAAM,SAAS,EAAE;AAAA,IAC9C,CAAC,KAAK;AAAA,EACR;AAEA,uBAAqB;AACrB,SAAO;AACT;AAMA,SAAS,yBACP,UACgC;AAChC,QAAM,cAAc,SAAS;AAC7B,MAAI,CAAC,YAAa,QAAO;AAEzB,QAAM,UAAU,YAAY;AAC5B,MAAI,CAAC,QAAS,QAAO;AAErB,QAAM,cAAc,QAAQ,kBAAkB;AAC9C,MAAI,CAAC,YAAa,QAAO;AAEzB,SAAQ,YAAY,UAAsC;AAC5D;AAKA,SAAS,oBAAoB,MAAc,QAA0B;AACnE,MAAI,WAAW,UAAU,WAAW,WAAY,QAAO;AACvD,MAAI,WAAW,eAAe,WAAW,OAAQ,QAAO;AACxD,MAAI,WAAW,QAAS,QAAO;AAC/B,UAAQ,MAAM;AAAA,IACZ,KAAK;AAAU,aAAO;AAAA,IACtB,KAAK;AAAA,IACL,KAAK;AAAW,aAAO;AAAA,IACvB,KAAK;AAAW,aAAO;AAAA,IACvB,KAAK;AAAS,aAAO,CAAC;AAAA,IACtB;AAAS,aAAO;AAAA,EAClB;AACF;AAMA,MAAM,mBAA8E;AAAA,EAClF,EAAE,MAAM,qBAAqB,QAAQ,QAAQ,UAAU,cAAc;AAAA,EACrE,EAAE,MAAM,qBAAqB,QAAQ,QAAQ,UAAU,cAAc;AAAA,EACrE,EAAE,MAAM,uBAAuB,QAAQ,QAAQ,UAAU,gBAAgB;AAAA,EACzE,EAAE,MAAM,4BAA4B,QAAQ,QAAQ,UAAU,gBAAgB;AAAA,EAC9E,EAAE,MAAM,yBAAyB,QAAQ,QAAQ,UAAU,eAAe;AAAA,EAC1E,EAAE,MAAM,wBAAwB,QAAQ,QAAQ,UAAU,aAAa;AAAA,EACvE,EAAE,MAAM,yBAAyB,QAAQ,QAAQ,UAAU,gBAAgB;AAAA,EAC3E,EAAE,MAAM,4BAA4B,QAAQ,OAAO,UAAU,gBAAgB;AAAA,EAC7E,EAAE,MAAM,yBAAyB,QAAQ,OAAO,UAAU,eAAe;AAAA,EACzE,EAAE,MAAM,qBAAqB,QAAQ,OAAO,UAAU,cAAc;AACtE;AAOA,eAAe,sBAAuC;AACpD,MAAI,kBAAmB,QAAO;AAE9B,QAAM,UAAU,MAAM,kBAAkB;AACxC,MAAI,CAAC,SAAS,OAAO;AACnB,wBAAoB;AACpB,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ,QAAQ;AACtB,QAAM,YAAsB,CAAC,2CAA2C;AAExE,aAAW,EAAE,MAAM,QAAQ,SAAS,KAAK,kBAAkB;AACzD,UAAM,UAAU,MAAM,IAAI;AAC1B,QAAI,CAAC,QAAS;AAEd,UAAM,WAAW,QAAQ,MAAM;AAC/B,QAAI,CAAC,SAAU;AAEf,UAAM,aAAa,yBAAyB,QAAQ;AACpD,QAAI,CAAC,YAAY,WAAY;AAE7B,UAAM,UAAU;AAAA,MACd;AAAA,MACA;AAAA,MACA,GAAG,OAAO,YAAY,CAAC,IAAI,IAAI;AAAA,IACjC;AACA,QAAI,QAAS,WAAU,KAAK,OAAO;AAAA,EACrC;AAEA,MAAI,UAAU,UAAU,GAAG;AACzB,wBAAoB;AACpB,WAAO;AAAA,EACT;AAEA,sBAAoB,UAAU,KAAK,IAAI;AACvC,UAAQ,MAAM,yBAAyB,UAAU,SAAS,CAAC,oBAAoB;AAC/E,SAAO;AACT;AAMA,SAAS,mBACP,UACA,QACA,SACe;AACf,QAAM,QAAQ,OAAO;AACrB,MAAI,CAAC,MAAO,QAAO;AAEnB,QAAM,WAAW,IAAI,IAAK,OAAO,YAAyB,CAAC,CAAC;AAG5D,QAAM,aAAa,oBAAI,IAAI,CAAC,YAAY,gBAAgB,CAAC;AAEzD,QAAM,SAAmB,CAAC;AAC1B,QAAM,cAAwB,CAAC;AAE/B,aAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,KAAK,GAAG;AAChD,QAAI,WAAW,IAAI,IAAI,EAAG;AAC1B,QAAI,CAAC,QAAQ,OAAO,SAAS,SAAU;AAEvC,UAAM,aAAa,SAAS,IAAI,IAAI;AACpC,UAAM,UAAU,aAAa,KAAK;AAGlC,QACE,KAAK,SAAS,WACd,KAAK,SACJ,KAAK,MAAkC,SAAS,UACjD;AACA,YAAM,eAAe,GAAG,QAAQ,GAAG,WAAW,YAAY,IAAI,CAAC,CAAC;AAChE,YAAM,aAAa,KAAK;AACxB,YAAM,aAAa,mBAAmB,cAAc,YAAY,EAAE;AAClE,UAAI,WAAY,aAAY,KAAK,UAAU;AAC3C,aAAO,KAAK,GAAG,IAAI,GAAG,OAAO,KAAK,YAAY,IAAI;AAClD;AAAA,IACF;AAEA,UAAM,WAAW,oBAAoB,IAAI;AACzC,WAAO,KAAK,GAAG,IAAI,GAAG,OAAO,KAAK,QAAQ,EAAE;AAAA,EAC9C;AAEA,MAAI,OAAO,WAAW,EAAG,QAAO;AAEhC,QAAM,cAAc,UAAU,MAAM,OAAO;AAAA,IAAO;AAClD,QAAM,SAAS,YAAY,SAAS,IAAI,YAAY,KAAK,IAAI,IAAI,OAAO;AACxE,SAAO,GAAG,MAAM,GAAG,WAAW,QAAQ,QAAQ,QAAQ,OAAO,KAAK,IAAI,CAAC;AACzE;AAKA,SAAS,oBAAoB,MAAuC;AAElE,MAAI,KAAK,SAAS,MAAM,QAAQ,KAAK,KAAK,GAAG;AAC3C,UAAM,WAAY,KAAK,MAAgD;AAAA,MACrE,CAAC,MAAoC,KAAK;AAAA,IAC5C;AACA,UAAM,UAAU,SAAS,OAAO,CAAC,MAAM,EAAE,SAAS,MAAM;AACxD,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,oBAAoB,QAAQ,CAAC,CAAC,IAAI;AAAA,IAC3C;AACA,QAAI,QAAQ,SAAS,GAAG;AACtB,aAAO,QAAQ,IAAI,CAAC,MAAM,oBAAoB,CAAC,CAAC,EAAE,KAAK,KAAK;AAAA,IAC9D;AAAA,EACF;AAGA,MAAI,KAAK,QAAQ,MAAM,QAAQ,KAAK,IAAI,GAAG;AACzC,WAAQ,KAAK,KAAkB,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,KAAK,KAAK;AAAA,EAChE;AAEA,QAAM,OAAO,KAAK;AAClB,QAAM,SAAS,KAAK;AAEpB,MAAI,SAAS,SAAS;AACpB,UAAM,QAAQ,KAAK;AACnB,QAAI,MAAO,QAAO,GAAG,oBAAoB,KAAK,CAAC;AAC/C,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,SAAU,QAAO;AAE9B,MAAI,WAAW,OAAQ,QAAO;AAC9B,MAAI,WAAW,YAAa,QAAO;AACnC,MAAI,WAAW,OAAQ,QAAO;AAC9B,MAAI,WAAW,QAAS,QAAO;AAE/B,UAAQ,MAAM;AAAA,IACZ,KAAK;AAAU,aAAO;AAAA,IACtB,KAAK;AAAA,IACL,KAAK;AAAW,aAAO;AAAA,IACvB,KAAK;AAAW,aAAO;AAAA,IACvB;AAAS,aAAO;AAAA,EAClB;AACF;AAEA,SAAS,WAAW,GAAmB;AACrC,SAAO,EAAE,OAAO,CAAC,EAAE,YAAY,IAAI,EAAE,MAAM,CAAC;AAC9C;AAEA,SAAS,YAAY,GAAmB;AACtC,MAAI,EAAE,SAAS,KAAK,EAAG,QAAO,EAAE,MAAM,GAAG,EAAE,IAAI;AAC/C,MAAI,EAAE,SAAS,KAAK,EAAG,QAAO,EAAE,MAAM,GAAG,EAAE;AAC3C,MAAI,EAAE,SAAS,GAAG,KAAK,CAAC,EAAE,SAAS,IAAI,EAAG,QAAO,EAAE,MAAM,GAAG,EAAE;AAC9D,SAAO;AACT;AAMA,SAAS,sBAAsB,MAAuB;AACpD,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,WAAO,qBAAqB,KAAK,UAAU,IAAI,CAAC;AAAA,EAClD;AAGA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,UAAM,SAAS;AACf,UAAM,QAAQ,OAAO,MAAM,GAAG,CAAC,EAAE,IAAI,CAAC,UAAU;AAC9C,YAAM,OAAO,MAAM,QAAQ,MAAM,IAAI,IAAI,MAAM,KAAK,KAAK,GAAG,IAAI;AAChE,YAAM,MAAM,MAAM,WAAqB,YAAY,MAAM,QAAQ,MAAM,MAAM,QAAkB;AAC/F,aAAO,OAAO,GAAG,IAAI,KAAK,GAAG,KAAK;AAAA,IACpC,CAAC;AACD,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO,4BAAuB,MAAM,KAAK,IAAI,CAAC;AAAA,IAChD;AAAA,EACF;AAEA,QAAM,MAAM;AAGZ,MAAI,IAAI,eAAe,OAAO,IAAI,gBAAgB,UAAU;AAC1D,UAAM,cAAc,IAAI;AACxB,UAAM,QAAkB,CAAC;AACzB,eAAW,CAAC,OAAO,QAAQ,KAAK,OAAO,QAAQ,WAAW,GAAG;AAC3D,UAAI,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAClD,cAAM,KAAK,GAAG,KAAK,KAAK,SAAS,CAAC,CAAC,EAAE;AAAA,MACvC;AAAA,IACF;AACA,UAAM,aAAa,IAAI;AACvB,QAAI,MAAM,QAAQ,UAAU,KAAK,WAAW,SAAS,GAAG;AACtD,YAAM,KAAK,WAAW,CAAC,CAAC;AAAA,IAC1B;AACA,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO,4BAAuB,MAAM,KAAK,IAAI,CAAC;AAAA,IAChD;AAAA,EACF;AAGA,MAAI,IAAI,UAAU,MAAM,QAAQ,IAAI,MAAM,GAAG;AAC3C,UAAM,SAAS,IAAI;AACnB,UAAM,QAAQ,OAAO,MAAM,GAAG,CAAC,EAAE,IAAI,CAAC,UAAU;AAC9C,YAAM,OAAO,MAAM,QAAQ,MAAM,IAAI,IAAI,MAAM,KAAK,KAAK,GAAG,IAAI;AAChE,YAAM,MAAM,MAAM,WAAqB,MAAM,QAAkB;AAC/D,aAAO,OAAO,GAAG,IAAI,KAAK,GAAG,KAAK;AAAA,IACpC,CAAC;AACD,WAAO,4BAAuB,MAAM,KAAK,IAAI,CAAC;AAAA,EAChD;AAGA,MAAI,IAAI,SAAS,OAAO,IAAI,UAAU,UAAU;AAC9C,UAAM,UAAU,IAAI;AACpB,QAAI,WAAW,OAAO,YAAY,UAAU;AAC1C,aAAO,sBAAsB,OAAO;AAAA,IACtC;AACA,WAAO,IAAI;AAAA,EACb;AAGA,MAAI,IAAI,WAAW,OAAO,IAAI,YAAY,UAAU;AAClD,WAAO,IAAI;AAAA,EACb;AAGA,QAAM,OAAO,KAAK,UAAU,IAAI;AAChC,MAAI,KAAK,SAAS,KAAK;AACrB,WAAO,iCAAiC,KAAK,MAAM,GAAG,GAAG,CAAC;AAAA,EAC5D;AACA,SAAO,qBAAqB,IAAI;AAClC;AAMA,SAAS,mBAAmB,OAAoB;AAC9C,SAAO,MAAM,MAAM,IAAI,CAAC,SAAS;AAC/B,UAAM,gBAAgB,MAAM,MACzB,OAAO,CAAC,SAAS,KAAK,WAAW,KAAK,SAAS,EAC/C,IAAI,CAAC,UAAU;AAAA,MACd,cAAc,KAAK;AAAA,MACnB,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,UAAU,KAAK;AAAA,IACjB,EAAE;AAEJ,WAAO;AAAA,MACL,WAAW,KAAK;AAAA,MAChB,WAAW,KAAK;AAAA,MAChB,QAAQ,sBAAsB,KAAK,WAAW,KAAK,SAAS;AAAA,MAC5D,QAAQ,KAAK;AAAA,MACb;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAMA,SAAS,qBAAqB,MAA2D;AACvF,QAAM,UAAoB,CAAC;AAC3B,QAAM,UAAU;AAChB,MAAI;AACJ,UAAQ,QAAQ,QAAQ,KAAK,IAAI,OAAO,MAAM;AAC5C,UAAM,SAAS,MAAM,CAAC,EAAE,YAAY;AACpC,QAAI,CAAC,QAAQ,OAAO,SAAS,QAAQ,EAAE,SAAS,MAAM,GAAG;AACvD,cAAQ,KAAK,MAAM;AAAA,IACrB;AAAA,EACF;AACA,SAAO,EAAE,aAAa,QAAQ,SAAS,GAAG,QAAQ;AACpD;AAOA,eAAsB,oBAAqC;AACzD,QAAM,cAAc,MAAM,oBAAoB;AAC9C,qBAAmB;AACnB,sBAAoB,WAAW;AAC/B,SAAO;AACT;AAKA,SAAS,qBAA2B;AAClC;AAAA,IACE;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA;AAAA;AAAA,MAGb,aAAa,EAAE,OAAO;AAAA,QACpB,MAAM,EACH,OAAO,EACP;AAAA,UACC;AAAA,QACF;AAAA,MACJ,CAAC;AAAA,MACD,kBAAkB,CAAC,GAAG,2BAA2B;AAAA,MACjD,SAAS,OAAO,OAAyB,QAAwB;AAC/D,cAAM,cAAc,MAAM,KAAK,MAAM,GAAG,GAAG,EAAE,QAAQ,OAAO,GAAG;AAC/D,gBAAQ,MAAM,4BAA4B,WAAW,GAAG,MAAM,KAAK,SAAS,MAAM,QAAQ,EAAE,GAAG;AAG/F,YAAI,IAAI,WAAW;AACjB,gBAAM,SAAS,kBAAkB,IAAI,WAAW,MAAM,IAAI;AAC1D,cAAI,QAAQ;AACV,oBAAQ,MAAM,wCAAwC,OAAO,KAAK,IAAI;AACtE,kBAAMA,iBAAgB,mBAAmB,IAAI,SAAS;AACtD,mBAAO;AAAA,cACL,SAAS;AAAA,cACT,QAAQ,OAAO;AAAA,cACf,WAAW;AAAA,cACX,gBAAgBA;AAAA,YAClB;AAAA,UACF;AAGA,gBAAM,EAAE,OAAO,SAAS,IAAI,uBAAuB,IAAI,SAAS;AAChE,cAAI,UAAU;AACZ,oBAAQ,MAAM,sDAAsD,KAAK,GAAG;AAC5E,mBAAO;AAAA,cACL,SAAS;AAAA,cACT,OAAO;AAAA,YACT;AAAA,UACF;AAAA,QACF;AAEA,cAAM,OAAO,MAAM,gBAAgB;AACnC,cAAM,UAAU,cAAc,EAAE,KAAK,CAAC;AACtC,cAAM,SAAS,MAAM,QAAQ,QAAQ,MAAM,IAAI;AAE/C,YAAI,OAAO,OAAO;AAChB,kBAAQ,MAAM,+BAA+B,OAAO,UAAU,aAAQ,OAAO,KAAK,EAAE;AACpF,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,OAAO;AAAA,YACd,MAAM,OAAO;AAAA,YACb,YAAY,OAAO;AAAA,UACrB;AAAA,QACF;AAEA,cAAM,YAAY,eAAe,OAAO,MAAM;AAC9C,gBAAQ,MAAM,4BAA4B,OAAO,UAAU,aAAQ,UAAU,MAAM,QAAQ;AAG3F,YAAI,IAAI,WAAW;AACjB,gBAAM,QAAQ,iBAAiB,MAAM,IAAI;AACzC,4BAAkB,IAAI,WAAW,MAAM,MAAM,WAAW,KAAK;AAAA,QAC/D;AAEA,cAAM,gBAAgB,IAAI,YAAY,mBAAmB,IAAI,SAAS,IAAI;AAC1E,eAAO;AAAA,UACL,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,MAAM,OAAO;AAAA,UACb,YAAY,OAAO;AAAA,UACnB,gBAAgB;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAAA,IACA,EAAE,UAAU,WAAW;AAAA,EACzB;AACF;AAKA,SAAS,oBAAoB,aAA2B;AACtD,QAAM,aAAa,cACf;AAAA;AAAA,EAAO,WAAW,KAClB;AAEJ;AAAA,IACE;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA;AAAA,6XAE2V,UAAU;AAAA,MAClX,aAAa,EAAE,OAAO;AAAA,QACpB,MAAM,EACH,OAAO,EACP;AAAA,UACC;AAAA,QACF;AAAA,MACJ,CAAC;AAAA,MACD,kBAAkB,CAAC,GAAG,2BAA2B;AAAA,MACjD,SAAS,OAAO,OAAyB,QAAwB;AAC/D,cAAM,cAAc,MAAM,KAAK,MAAM,GAAG,GAAG,EAAE,QAAQ,OAAO,GAAG;AAC/D,gBAAQ,MAAM,6BAA6B,WAAW,GAAG,MAAM,KAAK,SAAS,MAAM,QAAQ,EAAE,UAAU,IAAI,UAAU,SAAS,EAAE;AAGhI,YAAI,IAAI,WAAW;AACjB,gBAAM,EAAE,OAAO,SAAS,IAAI,uBAAuB,IAAI,SAAS;AAChE,cAAI,UAAU;AACZ,oBAAQ,MAAM,uDAAuD,KAAK,GAAG;AAC7E,mBAAO;AAAA,cACL,SAAS;AAAA,cACT,OAAO;AAAA,YACT;AAAA,UACF;AAAA,QACF;AAGA,cAAM,eAAe,qBAAqB,MAAM,IAAI;AACpD,cAAM,cAAc,aAAa,cAAc,KAAK;AACpD,YAAI,aAAa,aAAa;AAC5B,kBAAQ,MAAM,0CAA0C,aAAa,QAAQ,KAAK,GAAG,CAAC,iCAA4B,WAAW,EAAE;AAAA,QACjI;AACA,YAAI,eAAe;AAEnB,cAAM,eAAe,mBAAmB,KAAK,MAAM;AACjD;AACA,cAAI,eAAe,aAAa;AAC9B,kBAAM,IAAI,MAAM,gCAAgC,WAAW,GAAG;AAAA,UAChE;AAAA,QACF,CAAC;AAED,cAAM,UAAU;AAAA,UACd,UAAU,IAAI;AAAA,UACd,gBAAgB,IAAI;AAAA,UACpB,QAAQ,IAAI;AAAA,QACd;AAEA,cAAM,UAAU;AAAA,UACd,EAAE,KAAK,EAAE,SAAS,aAAa,GAAG,QAAQ;AAAA,UAC1C,EAAE,YAAY;AAAA,QAChB;AAEA,cAAM,SAAS,MAAM,QAAQ,QAAQ,MAAM,IAAI;AAE/C,YAAI,OAAO,OAAO;AAChB,kBAAQ,MAAM,gCAAgC,OAAO,UAAU,sBAAiB,YAAY,WAAM,OAAO,KAAK,EAAE;AAChH,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,OAAO;AAAA,YACd,MAAM,OAAO;AAAA,YACb,YAAY,OAAO;AAAA,YACnB;AAAA,UACF;AAAA,QACF;AAEA,cAAM,YAAY,eAAe,OAAO,MAAM;AAC9C,gBAAQ,MAAM,6BAA6B,OAAO,UAAU,sBAAiB,YAAY,WAAM,UAAU,MAAM,QAAQ;AAEvH,cAAM,gBAAgB,IAAI,YAAY,mBAAmB,IAAI,SAAS,IAAI;AAC1E,eAAO;AAAA,UACL,SAAS;AAAA,UACT,QAAQ;AAAA,UACR,MAAM,OAAO;AAAA,UACb,YAAY,OAAO;AAAA,UACnB;AAAA,UACA,gBAAgB;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAAA,IACA,EAAE,UAAU,WAAW;AAAA,EACzB;AACF;AAMA,SAAS,mBACP,KACA,QAMqB;AACrB,QAAM,UACJ,QAAQ,IAAI,4BACZ,QAAQ,IAAI,uBACZ,QAAQ,IAAI,WACZ;AAEF,SAAO,OAAO,WAAW;AACvB,WAAO;AAEP,UAAM,EAAE,QAAQ,MAAM,OAAO,KAAK,IAAI;AACtC,UAAM,YAAY,KAAK,IAAI;AAC3B,UAAM,mBAAmB,OAAO,YAAY;AAC5C,UAAM,UAAU,wBAAwB,IAAI;AAC5C,UAAM,gBAAgB,MAAM,4BAA4B,KAAK,kBAAkB,OAAO;AAEtF,QAAI,CAAC,cAAc,SAAS;AAC1B,YAAMC,gBAAe,KAAK,IAAI,IAAI;AAClC,cAAQ;AAAA,QACN,2BAA2B,gBAAgB,IAAI,OAAO,WAAM,cAAc,UAAU,OAAOA,aAAY;AAAA,MACzG;AACA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,cAAc;AAAA,QAC1B,OAAO,cAAc;AAAA,QACrB,SAAS,cAAc;AAAA,MACzB;AAAA,IACF;AAEA,QAAI,MAAM,GAAG,OAAO,GAAG,OAAO;AAG9B,UAAM,cAAsC,EAAE,GAAG,MAAM;AAEvD,QAAI,qBAAqB,OAAO;AAC9B,UAAI,IAAI,SAAU,aAAY,WAAW,IAAI;AAC7C,UAAI,IAAI,eAAgB,aAAY,iBAAiB,IAAI;AAAA,IAC3D;AAEA,QAAI,OAAO,KAAK,WAAW,EAAE,SAAS,GAAG;AACvC,YAAM,YAAY,IAAI,SAAS,GAAG,IAAI,MAAM;AAC5C,aAAO,YAAY,IAAI,gBAAgB,WAAW,EAAE,SAAS;AAAA,IAC/D;AAGA,QAAI;AACJ,QAAI,CAAC,QAAQ,OAAO,OAAO,EAAE,SAAS,gBAAgB,GAAG;AACvD,oBAAc,EAAE,GAAG,KAAK;AACxB,UAAI,IAAI,SAAU,aAAY,WAAW,IAAI;AAC7C,UAAI,IAAI,eAAgB,aAAY,iBAAiB,IAAI;AAAA,IAC3D;AAGA,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AACA,QAAI,IAAI,aAAc,SAAQ,WAAW,IAAI,IAAI;AACjD,QAAI,IAAI,SAAU,SAAQ,aAAa,IAAI,IAAI;AAC/C,QAAI,IAAI,eAAgB,SAAQ,mBAAmB,IAAI,IAAI;AAG3D,UAAM,WAAW,MAAM,WAAW,MAAM,KAAK;AAAA,MAC3C,QAAQ;AAAA,MACR;AAAA,MACA,MAAM,cAAc,KAAK,UAAU,WAAW,IAAI;AAAA,IACpD,CAAC;AAED,UAAM,eAAe,MAAM,SAAS,KAAK;AACzC,UAAM,OAAO,aAAa,YAAY;AACtC,UAAM,eAAe,KAAK,IAAI,IAAI;AAElC,QAAI,CAAC,SAAS,IAAI;AAChB,cAAQ,MAAM,2BAA2B,gBAAgB,IAAI,OAAO,WAAM,SAAS,MAAM,OAAO,YAAY,IAAI;AAGhH,UAAI,SAAS,WAAW,KAAK;AAC3B,eAAO;AAAA,UACL,SAAS;AAAA,UACT,YAAY;AAAA,UACZ,OAAO,sBAAsB,IAAI;AAAA,QACnC;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,SAAS;AAAA,QACrB,OAAO,aAAa,SAAS,MAAM;AAAA,QACnC,SAAS;AAAA,MACX;AAAA,IACF;AAEA,YAAQ,MAAM,2BAA2B,gBAAgB,IAAI,OAAO,WAAM,SAAS,MAAM,OAAO,YAAY,OAAO,aAAa,MAAM,SAAS;AAG/I,QAAI,CAAC,CAAC,OAAO,QAAQ,SAAS,EAAE,SAAS,gBAAgB,GAAG;AAC1D,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,SAAS;AAAA,QACrB;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,YAAY,SAAS;AAAA,MACrB;AAAA,IACF;AAAA,EACF;AACF;AAMA,eAAsB,4BACpB,KACA,QACA,MACmC;AACnC,QAAM,mBAAmB,OAAO,YAAY;AAC5C,QAAM,iBAAiB,wBAAwB,IAAI;AACnD,QAAM,WAAW,MAAM,wBAAwB,kBAAkB,cAAc;AAE/E,MAAI,CAAC,UAAU;AACb,WAAO;AAAA,MACL,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,OAAO,mDAAmD,gBAAgB,IAAI,cAAc;AAAA,IAC9F;AAAA,EACF;AAEA,QAAM,cAAc,mBAAmB,GAAG;AAC1C,QAAM,mBAAmB,SAAS,oBAAoB,CAAC;AAEvD,MAAI,iBAAiB,SAAS,GAAG;AAC/B,QAAI,oBAAoB,kBAAkB,IAAI,cAAc,IAAI,cAAc,WAAW,GAAG;AAC1F,aAAO,EAAE,SAAS,MAAM,SAAS;AAAA,IACnC;AAEA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,OAAO,gCAAgC,gBAAgB,IAAI,cAAc;AAAA,MACzE,SAAS,EAAE,kBAAkB,aAAa,SAAS,YAAY;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,mBAAmB,gBAAgB,GAAG;AACxC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,OAAO,+EAA+E,gBAAgB,IAAI,cAAc;AAAA,MACxH,SAAS,EAAE,aAAa,SAAS,YAAY;AAAA,IAC/C;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,MAAM,SAAS;AACnC;AAEA,SAAS,mBAAmB,KAA8C;AACxE,MAAI;AACF,WAAO,IAAI,UAAU,QAAQ,aAAa;AAAA,EAC5C,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAe,wBACb,QACA,MAC6B;AAC7B,QAAM,YAAY,MAAM,gBAAgB;AACxC,QAAM,aAAa,UAAU,KAAK,CAAC,aAAa,SAAS,WAAW,UAAU,SAAS,SAAS,IAAI;AACpG,MAAI,YAAY;AACd,WAAO;AAAA,EACT;AAEA,SAAO,UAAU,KAAK,CAAC,aAAa,SAAS,WAAW,UAAU,qBAAqB,SAAS,MAAM,IAAI,CAAC,KAAK;AAClH;AAEO,SAAS,qBAAqB,cAAsB,aAA8B;AACvF,QAAM,yBAAyB,wBAAwB,YAAY;AACnE,QAAM,wBAAwB,wBAAwB,WAAW;AAEjE,MAAI,2BAA2B,uBAAuB;AACpD,WAAO;AAAA,EACT;AAEA,QAAM,mBAAmB,uBAAuB,MAAM,GAAG,EAAE,OAAO,OAAO;AACzE,QAAM,kBAAkB,sBAAsB,MAAM,GAAG,EAAE,OAAO,OAAO;AAEvE,MAAI,iBAAiB,WAAW,gBAAgB,QAAQ;AACtD,WAAO;AAAA,EACT;AAEA,SAAO,iBAAiB,MAAM,CAAC,SAAS,UAAU;AAChD,QAAI,uBAAuB,OAAO,GAAG;AACnC,aAAO,gBAAgB,KAAK,EAAE,SAAS;AAAA,IACzC;AACA,WAAO,YAAY,gBAAgB,KAAK;AAAA,EAC1C,CAAC;AACH;AAEA,SAAS,wBAAwB,MAAsB;AACrD,QAAM,CAAC,OAAO,IAAI,KAAK,MAAM,GAAG;AAChC,QAAM,iBAAiB,QAAQ,WAAW,MAAM,IAC5C,UACA,OAAO,QAAQ,WAAW,GAAG,IAAI,UAAU,IAAI,OAAO,EAAE;AAE5D,MAAI,eAAe,SAAS,KAAK,eAAe,SAAS,GAAG,GAAG;AAC7D,WAAO,eAAe,MAAM,GAAG,EAAE;AAAA,EACnC;AAEA,SAAO;AACT;AAEA,SAAS,uBAAuB,SAA0B;AACxD,SACG,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,KAC/C,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,KAChD,QAAQ,WAAW,GAAG;AAE1B;AAEA,SAAS,mBAAmB,QAAyB;AACnD,SAAO,CAAC,CAAC,OAAO,QAAQ,SAAS,EAAE,SAAS,OAAO,YAAY,CAAC;AAClE;AAEA,SAAS,aAAa,MAAuB;AAC3C,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;",
|
|
6
|
+
"names": ["memoryContext", "callDuration"]
|
|
7
7
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@open-mercato/ai-assistant",
|
|
3
|
-
"version": "0.4.11-develop.
|
|
3
|
+
"version": "0.4.11-develop.1907.1fcb594c32",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -94,12 +94,12 @@
|
|
|
94
94
|
"zod-to-json-schema": "^3.25.1"
|
|
95
95
|
},
|
|
96
96
|
"peerDependencies": {
|
|
97
|
-
"@open-mercato/shared": "0.4.11-develop.
|
|
98
|
-
"@open-mercato/ui": "0.4.11-develop.
|
|
97
|
+
"@open-mercato/shared": "0.4.11-develop.1907.1fcb594c32",
|
|
98
|
+
"@open-mercato/ui": "0.4.11-develop.1907.1fcb594c32",
|
|
99
99
|
"zod": ">=3.23.0"
|
|
100
100
|
},
|
|
101
101
|
"devDependencies": {
|
|
102
|
-
"@open-mercato/cli": "0.4.11-develop.
|
|
102
|
+
"@open-mercato/cli": "0.4.11-develop.1907.1fcb594c32",
|
|
103
103
|
"tsx": "^4.21.0"
|
|
104
104
|
},
|
|
105
105
|
"publishConfig": {
|
|
@@ -0,0 +1,244 @@
|
|
|
1
|
+
import type { McpToolContext } from '../types'
|
|
2
|
+
import { getApiEndpoints } from '../api-endpoint-index'
|
|
3
|
+
import {
|
|
4
|
+
authorizeCodeModeApiRequest,
|
|
5
|
+
CODE_MODE_REQUIRED_FEATURES,
|
|
6
|
+
matchApiEndpointPath,
|
|
7
|
+
} from '../codemode-tools'
|
|
8
|
+
|
|
9
|
+
jest.mock('../api-endpoint-index', () => ({
|
|
10
|
+
getApiEndpoints: jest.fn(),
|
|
11
|
+
getRawOpenApiSpec: jest.fn(),
|
|
12
|
+
}))
|
|
13
|
+
|
|
14
|
+
const mockedGetApiEndpoints = jest.mocked(getApiEndpoints)
|
|
15
|
+
|
|
16
|
+
type MockRbacService = {
|
|
17
|
+
hasAllFeatures: jest.Mock<boolean, [string[], string[]]>
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
function createContext(
|
|
21
|
+
overrides: Partial<McpToolContext> = {},
|
|
22
|
+
rbacService?: MockRbacService
|
|
23
|
+
): McpToolContext {
|
|
24
|
+
const defaultRbacService: MockRbacService = rbacService ?? {
|
|
25
|
+
hasAllFeatures: jest.fn((requiredFeatures: string[], userFeatures: string[]) =>
|
|
26
|
+
requiredFeatures.every((feature) => userFeatures.includes(feature))
|
|
27
|
+
),
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
return {
|
|
31
|
+
tenantId: 'tenant-1',
|
|
32
|
+
organizationId: 'org-1',
|
|
33
|
+
userId: 'user-1',
|
|
34
|
+
userFeatures: ['ai_assistant.view'],
|
|
35
|
+
isSuperAdmin: false,
|
|
36
|
+
apiKeySecret: 'omk_test.secret',
|
|
37
|
+
container: {
|
|
38
|
+
resolve: jest.fn((name: string) => {
|
|
39
|
+
if (name === 'rbacService') {
|
|
40
|
+
return defaultRbacService
|
|
41
|
+
}
|
|
42
|
+
throw new Error(`Unknown dependency: ${name}`)
|
|
43
|
+
}),
|
|
44
|
+
} as unknown as McpToolContext['container'],
|
|
45
|
+
...overrides,
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
describe('CODE_MODE_REQUIRED_FEATURES', () => {
|
|
50
|
+
it('requires ai_assistant.view for Code Mode tools', () => {
|
|
51
|
+
expect(CODE_MODE_REQUIRED_FEATURES).toEqual(['ai_assistant.view'])
|
|
52
|
+
})
|
|
53
|
+
})
|
|
54
|
+
|
|
55
|
+
describe('matchApiEndpointPath', () => {
|
|
56
|
+
it('matches OpenAPI path params against concrete request paths', () => {
|
|
57
|
+
expect(
|
|
58
|
+
matchApiEndpointPath('/api/customers/companies/{id}', '/api/customers/companies/company-1')
|
|
59
|
+
).toBe(true)
|
|
60
|
+
})
|
|
61
|
+
|
|
62
|
+
it('normalizes missing /api prefixes and query strings', () => {
|
|
63
|
+
expect(
|
|
64
|
+
matchApiEndpointPath('/api/customers/companies/{id}', 'customers/companies/company-1?expand=1')
|
|
65
|
+
).toBe(true)
|
|
66
|
+
})
|
|
67
|
+
|
|
68
|
+
it('rejects different resource paths', () => {
|
|
69
|
+
expect(
|
|
70
|
+
matchApiEndpointPath('/api/customers/companies/{id}', '/api/customers/people/person-1')
|
|
71
|
+
).toBe(false)
|
|
72
|
+
})
|
|
73
|
+
})
|
|
74
|
+
|
|
75
|
+
describe('authorizeCodeModeApiRequest', () => {
|
|
76
|
+
beforeEach(() => {
|
|
77
|
+
mockedGetApiEndpoints.mockReset()
|
|
78
|
+
})
|
|
79
|
+
|
|
80
|
+
it('denies undocumented endpoints', async () => {
|
|
81
|
+
mockedGetApiEndpoints.mockResolvedValue([])
|
|
82
|
+
|
|
83
|
+
const result = await authorizeCodeModeApiRequest(
|
|
84
|
+
createContext(),
|
|
85
|
+
'DELETE',
|
|
86
|
+
'/api/customers/companies'
|
|
87
|
+
)
|
|
88
|
+
|
|
89
|
+
expect(result).toEqual({
|
|
90
|
+
allowed: false,
|
|
91
|
+
statusCode: 403,
|
|
92
|
+
error: 'Code Mode cannot call undocumented API endpoint DELETE /api/customers/companies',
|
|
93
|
+
})
|
|
94
|
+
})
|
|
95
|
+
|
|
96
|
+
it('denies access when endpoint features are missing', async () => {
|
|
97
|
+
mockedGetApiEndpoints.mockResolvedValue([
|
|
98
|
+
{
|
|
99
|
+
id: 'delete_companies',
|
|
100
|
+
operationId: 'delete_companies',
|
|
101
|
+
method: 'DELETE',
|
|
102
|
+
path: '/api/customers/companies',
|
|
103
|
+
summary: '',
|
|
104
|
+
description: '',
|
|
105
|
+
tags: [],
|
|
106
|
+
requiredFeatures: ['customers.companies.delete'],
|
|
107
|
+
parameters: [],
|
|
108
|
+
requestBodySchema: null,
|
|
109
|
+
deprecated: false,
|
|
110
|
+
},
|
|
111
|
+
])
|
|
112
|
+
|
|
113
|
+
const result = await authorizeCodeModeApiRequest(
|
|
114
|
+
createContext({ userFeatures: ['ai_assistant.view'] }),
|
|
115
|
+
'DELETE',
|
|
116
|
+
'/api/customers/companies'
|
|
117
|
+
)
|
|
118
|
+
|
|
119
|
+
expect(result).toEqual({
|
|
120
|
+
allowed: false,
|
|
121
|
+
statusCode: 403,
|
|
122
|
+
error: 'Insufficient permissions for DELETE /api/customers/companies',
|
|
123
|
+
details: {
|
|
124
|
+
requiredFeatures: ['customers.companies.delete'],
|
|
125
|
+
operationId: 'delete_companies',
|
|
126
|
+
},
|
|
127
|
+
})
|
|
128
|
+
})
|
|
129
|
+
|
|
130
|
+
it('denies mutation endpoints that do not declare required features', async () => {
|
|
131
|
+
mockedGetApiEndpoints.mockResolvedValue([
|
|
132
|
+
{
|
|
133
|
+
id: 'accept_quote',
|
|
134
|
+
operationId: 'accept_quote',
|
|
135
|
+
method: 'POST',
|
|
136
|
+
path: '/api/sales/quotes/accept',
|
|
137
|
+
summary: '',
|
|
138
|
+
description: '',
|
|
139
|
+
tags: [],
|
|
140
|
+
requiredFeatures: [],
|
|
141
|
+
parameters: [],
|
|
142
|
+
requestBodySchema: null,
|
|
143
|
+
deprecated: false,
|
|
144
|
+
},
|
|
145
|
+
])
|
|
146
|
+
|
|
147
|
+
const result = await authorizeCodeModeApiRequest(
|
|
148
|
+
createContext(),
|
|
149
|
+
'POST',
|
|
150
|
+
'/api/sales/quotes/accept'
|
|
151
|
+
)
|
|
152
|
+
|
|
153
|
+
expect(result).toEqual({
|
|
154
|
+
allowed: false,
|
|
155
|
+
statusCode: 403,
|
|
156
|
+
error: 'Code Mode cannot call mutation endpoint without declared required features: POST /api/sales/quotes/accept',
|
|
157
|
+
details: {
|
|
158
|
+
operationId: 'accept_quote',
|
|
159
|
+
},
|
|
160
|
+
})
|
|
161
|
+
})
|
|
162
|
+
|
|
163
|
+
it('allows documented reads without endpoint features', async () => {
|
|
164
|
+
mockedGetApiEndpoints.mockResolvedValue([
|
|
165
|
+
{
|
|
166
|
+
id: 'list_companies',
|
|
167
|
+
operationId: 'list_companies',
|
|
168
|
+
method: 'GET',
|
|
169
|
+
path: '/api/customers/companies',
|
|
170
|
+
summary: '',
|
|
171
|
+
description: '',
|
|
172
|
+
tags: [],
|
|
173
|
+
requiredFeatures: [],
|
|
174
|
+
parameters: [],
|
|
175
|
+
requestBodySchema: null,
|
|
176
|
+
deprecated: false,
|
|
177
|
+
},
|
|
178
|
+
])
|
|
179
|
+
|
|
180
|
+
const result = await authorizeCodeModeApiRequest(
|
|
181
|
+
createContext(),
|
|
182
|
+
'GET',
|
|
183
|
+
'/api/customers/companies'
|
|
184
|
+
)
|
|
185
|
+
|
|
186
|
+
expect(result).toEqual({
|
|
187
|
+
allowed: true,
|
|
188
|
+
endpoint: {
|
|
189
|
+
id: 'list_companies',
|
|
190
|
+
operationId: 'list_companies',
|
|
191
|
+
method: 'GET',
|
|
192
|
+
path: '/api/customers/companies',
|
|
193
|
+
summary: '',
|
|
194
|
+
description: '',
|
|
195
|
+
tags: [],
|
|
196
|
+
requiredFeatures: [],
|
|
197
|
+
parameters: [],
|
|
198
|
+
requestBodySchema: null,
|
|
199
|
+
deprecated: false,
|
|
200
|
+
},
|
|
201
|
+
})
|
|
202
|
+
})
|
|
203
|
+
|
|
204
|
+
it('allows endpoint calls when user has the required feature', async () => {
|
|
205
|
+
mockedGetApiEndpoints.mockResolvedValue([
|
|
206
|
+
{
|
|
207
|
+
id: 'delete_company',
|
|
208
|
+
operationId: 'delete_company',
|
|
209
|
+
method: 'DELETE',
|
|
210
|
+
path: '/api/customers/companies/{id}',
|
|
211
|
+
summary: '',
|
|
212
|
+
description: '',
|
|
213
|
+
tags: [],
|
|
214
|
+
requiredFeatures: ['customers.companies.delete'],
|
|
215
|
+
parameters: [],
|
|
216
|
+
requestBodySchema: null,
|
|
217
|
+
deprecated: false,
|
|
218
|
+
},
|
|
219
|
+
])
|
|
220
|
+
|
|
221
|
+
const result = await authorizeCodeModeApiRequest(
|
|
222
|
+
createContext({ userFeatures: ['ai_assistant.view', 'customers.companies.delete'] }),
|
|
223
|
+
'DELETE',
|
|
224
|
+
'/api/customers/companies/company-1'
|
|
225
|
+
)
|
|
226
|
+
|
|
227
|
+
expect(result).toEqual({
|
|
228
|
+
allowed: true,
|
|
229
|
+
endpoint: {
|
|
230
|
+
id: 'delete_company',
|
|
231
|
+
operationId: 'delete_company',
|
|
232
|
+
method: 'DELETE',
|
|
233
|
+
path: '/api/customers/companies/{id}',
|
|
234
|
+
summary: '',
|
|
235
|
+
description: '',
|
|
236
|
+
tags: [],
|
|
237
|
+
requiredFeatures: ['customers.companies.delete'],
|
|
238
|
+
parameters: [],
|
|
239
|
+
requestBodySchema: null,
|
|
240
|
+
deprecated: false,
|
|
241
|
+
},
|
|
242
|
+
})
|
|
243
|
+
})
|
|
244
|
+
})
|
|
@@ -9,11 +9,13 @@
|
|
|
9
9
|
*/
|
|
10
10
|
|
|
11
11
|
import { z } from 'zod'
|
|
12
|
+
import type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'
|
|
12
13
|
import { registerMcpTool } from './tool-registry'
|
|
13
14
|
import type { McpToolContext } from './types'
|
|
14
15
|
import { createSandbox } from './sandbox'
|
|
15
16
|
import { truncateResult } from './truncate'
|
|
16
|
-
import {
|
|
17
|
+
import { hasRequiredFeatures } from './auth'
|
|
18
|
+
import { getApiEndpoints, getRawOpenApiSpec, type ApiEndpoint } from './api-endpoint-index'
|
|
17
19
|
import {
|
|
18
20
|
getCachedEntityGraph,
|
|
19
21
|
inferModuleFromEntity,
|
|
@@ -38,6 +40,8 @@ let cachedCodeModeSpec: Record<string, unknown> | null = null
|
|
|
38
40
|
*/
|
|
39
41
|
let cachedCommonTypes: string | null = null
|
|
40
42
|
|
|
43
|
+
export const CODE_MODE_REQUIRED_FEATURES = ['ai_assistant.view'] as const
|
|
44
|
+
|
|
41
45
|
/**
|
|
42
46
|
* Build the merged spec object for the search tool.
|
|
43
47
|
*/
|
|
@@ -584,7 +588,7 @@ Use BEFORE execute to learn endpoint schemas for CREATE/UPDATE. Skip for common
|
|
|
584
588
|
'An async arrow function that queries spec, e.g. async () => spec.paths["/api/customers/companies"]'
|
|
585
589
|
),
|
|
586
590
|
}),
|
|
587
|
-
requiredFeatures: [],
|
|
591
|
+
requiredFeatures: [...CODE_MODE_REQUIRED_FEATURES],
|
|
588
592
|
handler: async (input: { code: string }, ctx: McpToolContext) => {
|
|
589
593
|
const codePreview = input.code.slice(0, 120).replace(/\n/g, ' ')
|
|
590
594
|
console.error(`[AI Usage] search: code="${codePreview}${input.code.length > 120 ? '...' : ''}"`)
|
|
@@ -672,7 +676,7 @@ RULES: For FIND/LIST → GET only (1 call). For UPDATE → PUT to collection pat
|
|
|
672
676
|
'Async arrow function. For reads: async () => api.request({ method: "GET", path: "/api/customers/companies" }). For updates: async () => api.request({ method: "PUT", path: "/api/customers/companies", body: { id: "<uuid>", name: "New Name" } }). id goes in BODY not URL.'
|
|
673
677
|
),
|
|
674
678
|
}),
|
|
675
|
-
requiredFeatures: [],
|
|
679
|
+
requiredFeatures: [...CODE_MODE_REQUIRED_FEATURES],
|
|
676
680
|
handler: async (input: { code: string }, ctx: McpToolContext) => {
|
|
677
681
|
const codePreview = input.code.slice(0, 120).replace(/\n/g, ' ')
|
|
678
682
|
console.error(`[AI Usage] execute: code="${codePreview}${input.code.length > 120 ? '...' : ''}" user=${ctx.userId || 'unknown'}`)
|
|
@@ -770,15 +774,29 @@ function createApiRequestFn(
|
|
|
770
774
|
|
|
771
775
|
const { method, path, query, body } = params
|
|
772
776
|
const callStart = Date.now()
|
|
777
|
+
const normalizedMethod = method.toUpperCase()
|
|
778
|
+
const apiPath = normalizeApiRequestPath(path)
|
|
779
|
+
const authorization = await authorizeCodeModeApiRequest(ctx, normalizedMethod, apiPath)
|
|
780
|
+
|
|
781
|
+
if (!authorization.allowed) {
|
|
782
|
+
const callDuration = Date.now() - callStart
|
|
783
|
+
console.error(
|
|
784
|
+
`[AI Usage] api.request: ${normalizedMethod} ${apiPath} → ${authorization.statusCode} in ${callDuration}ms (blocked by Code Mode RBAC)`
|
|
785
|
+
)
|
|
786
|
+
return {
|
|
787
|
+
success: false,
|
|
788
|
+
statusCode: authorization.statusCode,
|
|
789
|
+
error: authorization.error,
|
|
790
|
+
details: authorization.details,
|
|
791
|
+
}
|
|
792
|
+
}
|
|
773
793
|
|
|
774
|
-
// Ensure path starts with /api
|
|
775
|
-
const apiPath = path.startsWith('/api') ? path : `/api${path}`
|
|
776
794
|
let url = `${baseUrl}${apiPath}`
|
|
777
795
|
|
|
778
796
|
// Build query parameters
|
|
779
797
|
const queryParams: Record<string, string> = { ...query }
|
|
780
798
|
|
|
781
|
-
if (
|
|
799
|
+
if (normalizedMethod === 'GET') {
|
|
782
800
|
if (ctx.tenantId) queryParams.tenantId = ctx.tenantId
|
|
783
801
|
if (ctx.organizationId) queryParams.organizationId = ctx.organizationId
|
|
784
802
|
}
|
|
@@ -790,7 +808,7 @@ function createApiRequestFn(
|
|
|
790
808
|
|
|
791
809
|
// Build request body with context injection
|
|
792
810
|
let requestBody: Record<string, unknown> | undefined
|
|
793
|
-
if (['POST', 'PUT', 'PATCH'].includes(
|
|
811
|
+
if (['POST', 'PUT', 'PATCH'].includes(normalizedMethod)) {
|
|
794
812
|
requestBody = { ...body }
|
|
795
813
|
if (ctx.tenantId) requestBody.tenantId = ctx.tenantId
|
|
796
814
|
if (ctx.organizationId) requestBody.organizationId = ctx.organizationId
|
|
@@ -806,7 +824,7 @@ function createApiRequestFn(
|
|
|
806
824
|
|
|
807
825
|
// Execute request using host fetch (not sandbox)
|
|
808
826
|
const response = await globalThis.fetch(url, {
|
|
809
|
-
method:
|
|
827
|
+
method: normalizedMethod,
|
|
810
828
|
headers,
|
|
811
829
|
body: requestBody ? JSON.stringify(requestBody) : undefined,
|
|
812
830
|
})
|
|
@@ -816,7 +834,7 @@ function createApiRequestFn(
|
|
|
816
834
|
const callDuration = Date.now() - callStart
|
|
817
835
|
|
|
818
836
|
if (!response.ok) {
|
|
819
|
-
console.error(`[AI Usage] api.request: ${
|
|
837
|
+
console.error(`[AI Usage] api.request: ${normalizedMethod} ${apiPath} → ${response.status} in ${callDuration}ms`)
|
|
820
838
|
|
|
821
839
|
// Format 400 validation errors into a clear fix instruction for the LLM
|
|
822
840
|
if (response.status === 400) {
|
|
@@ -835,10 +853,10 @@ function createApiRequestFn(
|
|
|
835
853
|
}
|
|
836
854
|
}
|
|
837
855
|
|
|
838
|
-
console.error(`[AI Usage] api.request: ${
|
|
856
|
+
console.error(`[AI Usage] api.request: ${normalizedMethod} ${apiPath} → ${response.status} in ${callDuration}ms (${responseText.length} bytes)`)
|
|
839
857
|
|
|
840
858
|
// Add mutation warning for non-GET calls
|
|
841
|
-
if (!['GET', 'HEAD', 'OPTIONS'].includes(
|
|
859
|
+
if (!['GET', 'HEAD', 'OPTIONS'].includes(normalizedMethod)) {
|
|
842
860
|
return {
|
|
843
861
|
success: true,
|
|
844
862
|
statusCode: response.status,
|
|
@@ -855,6 +873,124 @@ function createApiRequestFn(
|
|
|
855
873
|
}
|
|
856
874
|
}
|
|
857
875
|
|
|
876
|
+
type CodeModeApiAuthorization =
|
|
877
|
+
| { allowed: true; endpoint: ApiEndpoint }
|
|
878
|
+
| { allowed: false; statusCode: number; error: string; details?: Record<string, unknown> }
|
|
879
|
+
|
|
880
|
+
export async function authorizeCodeModeApiRequest(
|
|
881
|
+
ctx: McpToolContext,
|
|
882
|
+
method: string,
|
|
883
|
+
path: string
|
|
884
|
+
): Promise<CodeModeApiAuthorization> {
|
|
885
|
+
const normalizedMethod = method.toUpperCase()
|
|
886
|
+
const normalizedPath = normalizeApiRequestPath(path)
|
|
887
|
+
const endpoint = await findCodeModeApiEndpoint(normalizedMethod, normalizedPath)
|
|
888
|
+
|
|
889
|
+
if (!endpoint) {
|
|
890
|
+
return {
|
|
891
|
+
allowed: false,
|
|
892
|
+
statusCode: 403,
|
|
893
|
+
error: `Code Mode cannot call undocumented API endpoint ${normalizedMethod} ${normalizedPath}`,
|
|
894
|
+
}
|
|
895
|
+
}
|
|
896
|
+
|
|
897
|
+
const rbacService = resolveRbacService(ctx)
|
|
898
|
+
const requiredFeatures = endpoint.requiredFeatures ?? []
|
|
899
|
+
|
|
900
|
+
if (requiredFeatures.length > 0) {
|
|
901
|
+
if (hasRequiredFeatures(requiredFeatures, ctx.userFeatures, ctx.isSuperAdmin, rbacService)) {
|
|
902
|
+
return { allowed: true, endpoint }
|
|
903
|
+
}
|
|
904
|
+
|
|
905
|
+
return {
|
|
906
|
+
allowed: false,
|
|
907
|
+
statusCode: 403,
|
|
908
|
+
error: `Insufficient permissions for ${normalizedMethod} ${normalizedPath}`,
|
|
909
|
+
details: { requiredFeatures, operationId: endpoint.operationId },
|
|
910
|
+
}
|
|
911
|
+
}
|
|
912
|
+
|
|
913
|
+
if (isUnsafeHttpMethod(normalizedMethod)) {
|
|
914
|
+
return {
|
|
915
|
+
allowed: false,
|
|
916
|
+
statusCode: 403,
|
|
917
|
+
error: `Code Mode cannot call mutation endpoint without declared required features: ${normalizedMethod} ${normalizedPath}`,
|
|
918
|
+
details: { operationId: endpoint.operationId },
|
|
919
|
+
}
|
|
920
|
+
}
|
|
921
|
+
|
|
922
|
+
return { allowed: true, endpoint }
|
|
923
|
+
}
|
|
924
|
+
|
|
925
|
+
function resolveRbacService(ctx: McpToolContext): RbacService | undefined {
|
|
926
|
+
try {
|
|
927
|
+
return ctx.container.resolve('rbacService') as RbacService
|
|
928
|
+
} catch {
|
|
929
|
+
return undefined
|
|
930
|
+
}
|
|
931
|
+
}
|
|
932
|
+
|
|
933
|
+
async function findCodeModeApiEndpoint(
|
|
934
|
+
method: string,
|
|
935
|
+
path: string
|
|
936
|
+
): Promise<ApiEndpoint | null> {
|
|
937
|
+
const endpoints = await getApiEndpoints()
|
|
938
|
+
const exactMatch = endpoints.find((endpoint) => endpoint.method === method && endpoint.path === path)
|
|
939
|
+
if (exactMatch) {
|
|
940
|
+
return exactMatch
|
|
941
|
+
}
|
|
942
|
+
|
|
943
|
+
return endpoints.find((endpoint) => endpoint.method === method && matchApiEndpointPath(endpoint.path, path)) ?? null
|
|
944
|
+
}
|
|
945
|
+
|
|
946
|
+
export function matchApiEndpointPath(endpointPath: string, requestPath: string): boolean {
|
|
947
|
+
const normalizedEndpointPath = normalizeApiRequestPath(endpointPath)
|
|
948
|
+
const normalizedRequestPath = normalizeApiRequestPath(requestPath)
|
|
949
|
+
|
|
950
|
+
if (normalizedEndpointPath === normalizedRequestPath) {
|
|
951
|
+
return true
|
|
952
|
+
}
|
|
953
|
+
|
|
954
|
+
const endpointSegments = normalizedEndpointPath.split('/').filter(Boolean)
|
|
955
|
+
const requestSegments = normalizedRequestPath.split('/').filter(Boolean)
|
|
956
|
+
|
|
957
|
+
if (endpointSegments.length !== requestSegments.length) {
|
|
958
|
+
return false
|
|
959
|
+
}
|
|
960
|
+
|
|
961
|
+
return endpointSegments.every((segment, index) => {
|
|
962
|
+
if (isPathParameterSegment(segment)) {
|
|
963
|
+
return requestSegments[index].length > 0
|
|
964
|
+
}
|
|
965
|
+
return segment === requestSegments[index]
|
|
966
|
+
})
|
|
967
|
+
}
|
|
968
|
+
|
|
969
|
+
function normalizeApiRequestPath(path: string): string {
|
|
970
|
+
const [rawPath] = path.split('?')
|
|
971
|
+
const normalizedPath = rawPath.startsWith('/api')
|
|
972
|
+
? rawPath
|
|
973
|
+
: `/api${rawPath.startsWith('/') ? rawPath : `/${rawPath}`}`
|
|
974
|
+
|
|
975
|
+
if (normalizedPath.length > 1 && normalizedPath.endsWith('/')) {
|
|
976
|
+
return normalizedPath.slice(0, -1)
|
|
977
|
+
}
|
|
978
|
+
|
|
979
|
+
return normalizedPath
|
|
980
|
+
}
|
|
981
|
+
|
|
982
|
+
function isPathParameterSegment(segment: string): boolean {
|
|
983
|
+
return (
|
|
984
|
+
(segment.startsWith('{') && segment.endsWith('}')) ||
|
|
985
|
+
(segment.startsWith('[') && segment.endsWith(']')) ||
|
|
986
|
+
segment.startsWith(':')
|
|
987
|
+
)
|
|
988
|
+
}
|
|
989
|
+
|
|
990
|
+
function isUnsafeHttpMethod(method: string): boolean {
|
|
991
|
+
return !['GET', 'HEAD', 'OPTIONS'].includes(method.toUpperCase())
|
|
992
|
+
}
|
|
993
|
+
|
|
858
994
|
function tryParseJson(text: string): unknown {
|
|
859
995
|
try {
|
|
860
996
|
return JSON.parse(text)
|