@openape/apes 0.5.2 → 0.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-JNBFNWUF.js → chunk-KXESKY4X.js} +66 -4
- package/dist/chunk-KXESKY4X.js.map +1 -0
- package/dist/cli.js +8 -4
- package/dist/cli.js.map +1 -1
- package/dist/index.js +1 -1
- package/dist/{server-5RAVUOJN.js → server-5ZRR26S4.js} +3 -3
- package/package.json +1 -1
- package/dist/chunk-JNBFNWUF.js.map +0 -1
- /package/dist/{server-5RAVUOJN.js.map → server-5ZRR26S4.js.map} +0 -0
|
@@ -113,6 +113,8 @@ function getRequesterIdentity() {
|
|
|
113
113
|
}
|
|
114
114
|
|
|
115
115
|
// src/http.ts
|
|
116
|
+
import consola from "consola";
|
|
117
|
+
var debug = process.argv.includes("--debug");
|
|
116
118
|
var ApiError = class extends Error {
|
|
117
119
|
constructor(statusCode, message, problemDetails) {
|
|
118
120
|
super(message);
|
|
@@ -154,10 +156,62 @@ async function getDelegationsEndpoint(idpUrl) {
|
|
|
154
156
|
const disco = await discoverEndpoints(idpUrl);
|
|
155
157
|
return disco.openape_delegations_endpoint || `${idpUrl}/api/delegations`;
|
|
156
158
|
}
|
|
159
|
+
async function refreshAgentToken() {
|
|
160
|
+
const auth = loadAuth();
|
|
161
|
+
if (!auth)
|
|
162
|
+
return null;
|
|
163
|
+
const config = loadConfig();
|
|
164
|
+
const keyPath = config.agent?.key;
|
|
165
|
+
if (!keyPath)
|
|
166
|
+
return null;
|
|
167
|
+
try {
|
|
168
|
+
const { readFileSync: readFileSync2 } = await import("fs");
|
|
169
|
+
const { sign } = await import("crypto");
|
|
170
|
+
const { homedir: homedir2 } = await import("os");
|
|
171
|
+
const { loadEd25519PrivateKey } = await import("./ssh-key-Q7KG4K25.js");
|
|
172
|
+
const resolved = keyPath.replace(/^~/, homedir2());
|
|
173
|
+
const keyContent = readFileSync2(resolved, "utf-8");
|
|
174
|
+
const privateKey = loadEd25519PrivateKey(keyContent);
|
|
175
|
+
const challengeUrl = await getAgentChallengeEndpoint(auth.idp);
|
|
176
|
+
const challengeResp = await fetch(challengeUrl, {
|
|
177
|
+
method: "POST",
|
|
178
|
+
headers: { "Content-Type": "application/json" },
|
|
179
|
+
body: JSON.stringify({ agent_id: auth.email })
|
|
180
|
+
});
|
|
181
|
+
if (!challengeResp.ok)
|
|
182
|
+
return null;
|
|
183
|
+
const { challenge } = await challengeResp.json();
|
|
184
|
+
const { Buffer } = await import("buffer");
|
|
185
|
+
const signature = sign(null, Buffer.from(challenge), privateKey).toString("base64");
|
|
186
|
+
const authenticateUrl = await getAgentAuthenticateEndpoint(auth.idp);
|
|
187
|
+
const authResp = await fetch(authenticateUrl, {
|
|
188
|
+
method: "POST",
|
|
189
|
+
headers: { "Content-Type": "application/json" },
|
|
190
|
+
body: JSON.stringify({ agent_id: auth.email, challenge, signature })
|
|
191
|
+
});
|
|
192
|
+
if (!authResp.ok)
|
|
193
|
+
return null;
|
|
194
|
+
const { token, expires_in } = await authResp.json();
|
|
195
|
+
saveAuth({
|
|
196
|
+
...auth,
|
|
197
|
+
access_token: token,
|
|
198
|
+
expires_at: Math.floor(Date.now() / 1e3) + (expires_in || 3600)
|
|
199
|
+
});
|
|
200
|
+
if (debug) {
|
|
201
|
+
consola.debug("Token refreshed via Ed25519 challenge-response");
|
|
202
|
+
}
|
|
203
|
+
return token;
|
|
204
|
+
} catch {
|
|
205
|
+
return null;
|
|
206
|
+
}
|
|
207
|
+
}
|
|
157
208
|
async function apiFetch(path, options = {}) {
|
|
158
|
-
|
|
209
|
+
let token = options.token || getAuthToken();
|
|
159
210
|
if (!token) {
|
|
160
|
-
|
|
211
|
+
token = await refreshAgentToken();
|
|
212
|
+
}
|
|
213
|
+
if (!token) {
|
|
214
|
+
throw new Error("Not authenticated (token expired). Run `apes login` first.");
|
|
161
215
|
}
|
|
162
216
|
let url;
|
|
163
217
|
if (path.startsWith("http")) {
|
|
@@ -169,15 +223,23 @@ async function apiFetch(path, options = {}) {
|
|
|
169
223
|
}
|
|
170
224
|
url = `${idp}${path}`;
|
|
171
225
|
}
|
|
226
|
+
const method = options.method || "GET";
|
|
172
227
|
const headers = {
|
|
173
228
|
"Authorization": `Bearer ${token}`,
|
|
174
229
|
"Content-Type": "application/json"
|
|
175
230
|
};
|
|
231
|
+
if (debug) {
|
|
232
|
+
consola.debug(`${method} ${url}`);
|
|
233
|
+
consola.debug(`Token: ${token.substring(0, 20)}...${token.substring(token.length - 10)}`);
|
|
234
|
+
}
|
|
176
235
|
const response = await fetch(url, {
|
|
177
|
-
method
|
|
236
|
+
method,
|
|
178
237
|
headers,
|
|
179
238
|
body: options.body ? JSON.stringify(options.body) : void 0
|
|
180
239
|
});
|
|
240
|
+
if (debug) {
|
|
241
|
+
consola.debug(`Response: ${response.status} ${response.statusText}`);
|
|
242
|
+
}
|
|
181
243
|
if (!response.ok) {
|
|
182
244
|
const contentType = response.headers.get("content-type") || "";
|
|
183
245
|
if (contentType.includes("application/problem+json") || contentType.includes("application/json")) {
|
|
@@ -213,4 +275,4 @@ export {
|
|
|
213
275
|
getDelegationsEndpoint,
|
|
214
276
|
apiFetch
|
|
215
277
|
};
|
|
216
|
-
//# sourceMappingURL=chunk-
|
|
278
|
+
//# sourceMappingURL=chunk-KXESKY4X.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/config.ts","../src/http.ts"],"sourcesContent":["import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'\nimport { homedir } from 'node:os'\nimport { join } from 'node:path'\n\nexport interface AuthData {\n idp: string\n access_token: string\n refresh_token?: string\n email: string\n expires_at: number\n}\n\nexport interface ApesConfig {\n defaults?: {\n idp?: string\n approval?: string\n }\n agent?: {\n key?: string\n email?: string\n }\n}\n\nconst CONFIG_DIR = join(homedir(), '.config', 'apes')\nconst AUTH_FILE = join(CONFIG_DIR, 'auth.json')\nconst CONFIG_FILE = join(CONFIG_DIR, 'config.toml')\n\nfunction ensureDir() {\n if (!existsSync(CONFIG_DIR)) {\n mkdirSync(CONFIG_DIR, { recursive: true })\n }\n}\n\nexport function loadAuth(): AuthData | null {\n if (!existsSync(AUTH_FILE))\n return null\n try {\n return JSON.parse(readFileSync(AUTH_FILE, 'utf-8'))\n }\n catch {\n return null\n }\n}\n\nexport function saveAuth(data: AuthData): void {\n ensureDir()\n writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), { mode: 0o600 })\n}\n\nexport function clearAuth(): void {\n if (existsSync(AUTH_FILE)) {\n writeFileSync(AUTH_FILE, '', { mode: 0o600 })\n }\n}\n\nexport function loadConfig(): ApesConfig {\n if (!existsSync(CONFIG_FILE))\n return {}\n try {\n return parseTOML(readFileSync(CONFIG_FILE, 'utf-8'))\n }\n catch {\n return {}\n }\n}\n\nfunction parseTOML(content: string): ApesConfig {\n const config: ApesConfig = {}\n let section = ''\n\n for (const line of content.split('\\n')) {\n const trimmed = line.trim()\n if (!trimmed || trimmed.startsWith('#'))\n continue\n\n const sectionMatch = trimmed.match(/^\\[(.+)\\]$/)\n if (sectionMatch) {\n section = sectionMatch[1]!\n continue\n }\n\n const kvMatch = trimmed.match(/^(\\w+)\\s*=\\s*\"(.+)\"$/)\n if (kvMatch) {\n const [, key, value] = kvMatch\n if (section === 'defaults') {\n config.defaults = config.defaults || {}\n ;(config.defaults as Record<string, string>)[key!] = value!\n }\n else if (section === 'agent') {\n config.agent = config.agent || {}\n ;(config.agent as Record<string, string>)[key!] = value!\n }\n }\n }\n\n return config\n}\n\nexport function saveConfig(config: ApesConfig): void {\n ensureDir()\n const lines: string[] = []\n\n if (config.defaults) {\n lines.push('[defaults]')\n for (const [key, value] of Object.entries(config.defaults)) {\n if (value)\n lines.push(`${key} = \"${value}\"`)\n }\n lines.push('')\n }\n\n if (config.agent) {\n lines.push('[agent]')\n for (const [key, value] of Object.entries(config.agent)) {\n if (value)\n lines.push(`${key} = \"${value}\"`)\n }\n lines.push('')\n }\n\n writeFileSync(CONFIG_FILE, lines.join('\\n'), { mode: 0o600 })\n}\n\nexport function getIdpUrl(explicit?: string): string | null {\n if (explicit)\n return explicit\n if (process.env.APES_IDP)\n return process.env.APES_IDP\n\n const auth = loadAuth()\n if (auth?.idp)\n return auth.idp\n\n const config = loadConfig()\n if (config.defaults?.idp)\n return config.defaults.idp\n\n return null\n}\n\nexport function getAuthToken(): string | null {\n const auth = loadAuth()\n if (!auth)\n return null\n\n // Check expiry (with 30s buffer)\n if (auth.expires_at && Date.now() / 1000 > auth.expires_at - 30) {\n return null // expired\n }\n\n return auth.access_token\n}\n\nexport function getRequesterIdentity(): string | null {\n return loadAuth()?.email ?? null\n}\n\nexport { CONFIG_DIR, AUTH_FILE }\n","import consola from 'consola'\nimport { getAuthToken, getIdpUrl, loadAuth, loadConfig, saveAuth } from './config'\n\nconst debug = process.argv.includes('--debug')\n\nexport class ApiError extends Error {\n constructor(public statusCode: number, message: string, public problemDetails?: Record<string, unknown>) {\n super(message)\n this.name = 'ApiError'\n }\n}\n\n// OIDC Discovery cache (one-time per CLI invocation)\nconst _discoveryCache: Record<string, Record<string, unknown>> = {}\n\nexport async function discoverEndpoints(idpUrl: string): Promise<Record<string, unknown>> {\n if (_discoveryCache[idpUrl]) {\n return _discoveryCache[idpUrl]\n }\n\n try {\n const response = await fetch(`${idpUrl}/.well-known/openid-configuration`)\n if (response.ok) {\n const data = await response.json() as Record<string, unknown>\n _discoveryCache[idpUrl] = data\n return data\n }\n }\n catch {}\n\n // Return empty if discovery fails (graceful degradation)\n _discoveryCache[idpUrl] = {}\n return {}\n}\n\nexport async function getGrantsEndpoint(idpUrl: string): Promise<string> {\n const disco = await discoverEndpoints(idpUrl)\n return (disco.openape_grants_endpoint as string) || `${idpUrl}/api/grants`\n}\n\nexport async function getAgentChallengeEndpoint(idpUrl: string): Promise<string> {\n const disco = await discoverEndpoints(idpUrl)\n return (disco.ddisa_agent_challenge_endpoint as string) || `${idpUrl}/api/agent/challenge`\n}\n\nexport async function getAgentAuthenticateEndpoint(idpUrl: string): Promise<string> {\n const disco = await discoverEndpoints(idpUrl)\n return (disco.ddisa_agent_authenticate_endpoint as string) || `${idpUrl}/api/agent/authenticate`\n}\n\nexport async function getDelegationsEndpoint(idpUrl: string): Promise<string> {\n const disco = await discoverEndpoints(idpUrl)\n return (disco.openape_delegations_endpoint as string) || `${idpUrl}/api/delegations`\n}\n\n/**\n * Re-authenticate an agent using Ed25519 challenge-response.\n * Called automatically when the token is expired.\n */\nasync function refreshAgentToken(): Promise<string | null> {\n const auth = loadAuth()\n if (!auth)\n return null\n\n const config = loadConfig()\n const keyPath = config.agent?.key\n if (!keyPath)\n return null\n\n try {\n const { readFileSync } = await import('node:fs')\n const { sign } = await import('node:crypto')\n const { homedir } = await import('node:os')\n const { loadEd25519PrivateKey } = await import('./ssh-key.js')\n\n const resolved = keyPath.replace(/^~/, homedir())\n const keyContent = readFileSync(resolved, 'utf-8')\n const privateKey = loadEd25519PrivateKey(keyContent)\n\n const challengeUrl = await getAgentChallengeEndpoint(auth.idp)\n const challengeResp = await fetch(challengeUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ agent_id: auth.email }),\n })\n\n if (!challengeResp.ok)\n return null\n\n const { challenge } = await challengeResp.json() as { challenge: string }\n const { Buffer } = await import('node:buffer')\n const signature = sign(null, Buffer.from(challenge), privateKey).toString('base64')\n\n const authenticateUrl = await getAgentAuthenticateEndpoint(auth.idp)\n const authResp = await fetch(authenticateUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ agent_id: auth.email, challenge, signature }),\n })\n\n if (!authResp.ok)\n return null\n\n const { token, expires_in } = await authResp.json() as { token: string, expires_in: number }\n\n saveAuth({\n ...auth,\n access_token: token,\n expires_at: Math.floor(Date.now() / 1000) + (expires_in || 3600),\n })\n\n if (debug) {\n consola.debug('Token refreshed via Ed25519 challenge-response')\n }\n\n return token\n }\n catch {\n return null\n }\n}\n\nexport async function apiFetch<T = unknown>(\n path: string,\n options: {\n method?: string\n body?: unknown\n idp?: string\n token?: string\n } = {},\n): Promise<T> {\n let token = options.token || getAuthToken()\n\n // Auto-refresh expired agent tokens\n if (!token) {\n token = await refreshAgentToken()\n }\n\n if (!token) {\n throw new Error('Not authenticated (token expired). Run `apes login` first.')\n }\n\n let url: string\n if (path.startsWith('http')) {\n url = path\n }\n else {\n const idp = options.idp || getIdpUrl()\n if (!idp) {\n throw new Error('No IdP URL configured. Run `apes login` first or pass --idp.')\n }\n url = `${idp}${path}`\n }\n const method = options.method || 'GET'\n const headers: Record<string, string> = {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': 'application/json',\n }\n\n if (debug) {\n consola.debug(`${method} ${url}`)\n consola.debug(`Token: ${token.substring(0, 20)}...${token.substring(token.length - 10)}`)\n }\n\n const response = await fetch(url, {\n method,\n headers,\n body: options.body ? JSON.stringify(options.body) : undefined,\n })\n\n if (debug) {\n consola.debug(`Response: ${response.status} ${response.statusText}`)\n }\n\n if (!response.ok) {\n const contentType = response.headers.get('content-type') || ''\n\n // Parse RFC 7807 Problem Details\n if (contentType.includes('application/problem+json') || contentType.includes('application/json')) {\n try {\n const problem = await response.json() as Record<string, unknown>\n const message = (problem.detail as string) || (problem.title as string) || `${response.status} ${response.statusText}`\n throw new ApiError(response.status, message, problem)\n }\n catch (e) {\n if (e instanceof ApiError)\n throw e\n }\n }\n\n const text = await response.text()\n throw new ApiError(response.status, text || `${response.status} ${response.statusText}`)\n }\n\n return response.json() as Promise<T>\n}\n"],"mappings":";;;AAAA,SAAS,YAAY,WAAW,cAAc,qBAAqB;AACnE,SAAS,eAAe;AACxB,SAAS,YAAY;AAqBrB,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,MAAM;AACpD,IAAM,YAAY,KAAK,YAAY,WAAW;AAC9C,IAAM,cAAc,KAAK,YAAY,aAAa;AAElD,SAAS,YAAY;AACnB,MAAI,CAAC,WAAW,UAAU,GAAG;AAC3B,cAAU,YAAY,EAAE,WAAW,KAAK,CAAC;AAAA,EAC3C;AACF;AAEO,SAAS,WAA4B;AAC1C,MAAI,CAAC,WAAW,SAAS;AACvB,WAAO;AACT,MAAI;AACF,WAAO,KAAK,MAAM,aAAa,WAAW,OAAO,CAAC;AAAA,EACpD,QACM;AACJ,WAAO;AAAA,EACT;AACF;AAEO,SAAS,SAAS,MAAsB;AAC7C,YAAU;AACV,gBAAc,WAAW,KAAK,UAAU,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AACzE;AAEO,SAAS,YAAkB;AAChC,MAAI,WAAW,SAAS,GAAG;AACzB,kBAAc,WAAW,IAAI,EAAE,MAAM,IAAM,CAAC;AAAA,EAC9C;AACF;AAEO,SAAS,aAAyB;AACvC,MAAI,CAAC,WAAW,WAAW;AACzB,WAAO,CAAC;AACV,MAAI;AACF,WAAO,UAAU,aAAa,aAAa,OAAO,CAAC;AAAA,EACrD,QACM;AACJ,WAAO,CAAC;AAAA,EACV;AACF;AAEA,SAAS,UAAU,SAA6B;AAC9C,QAAM,SAAqB,CAAC;AAC5B,MAAI,UAAU;AAEd,aAAW,QAAQ,QAAQ,MAAM,IAAI,GAAG;AACtC,UAAM,UAAU,KAAK,KAAK;AAC1B,QAAI,CAAC,WAAW,QAAQ,WAAW,GAAG;AACpC;AAEF,UAAM,eAAe,QAAQ,MAAM,YAAY;AAC/C,QAAI,cAAc;AAChB,gBAAU,aAAa,CAAC;AACxB;AAAA,IACF;AAEA,UAAM,UAAU,QAAQ,MAAM,sBAAsB;AACpD,QAAI,SAAS;AACX,YAAM,CAAC,EAAE,KAAK,KAAK,IAAI;AACvB,UAAI,YAAY,YAAY;AAC1B,eAAO,WAAW,OAAO,YAAY,CAAC;AACrC,QAAC,OAAO,SAAoC,GAAI,IAAI;AAAA,MACvD,WACS,YAAY,SAAS;AAC5B,eAAO,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAC,OAAO,MAAiC,GAAI,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,WAAW,QAA0B;AACnD,YAAU;AACV,QAAM,QAAkB,CAAC;AAEzB,MAAI,OAAO,UAAU;AACnB,UAAM,KAAK,YAAY;AACvB,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,QAAQ,GAAG;AAC1D,UAAI;AACF,cAAM,KAAK,GAAG,GAAG,OAAO,KAAK,GAAG;AAAA,IACpC;AACA,UAAM,KAAK,EAAE;AAAA,EACf;AAEA,MAAI,OAAO,OAAO;AAChB,UAAM,KAAK,SAAS;AACpB,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,KAAK,GAAG;AACvD,UAAI;AACF,cAAM,KAAK,GAAG,GAAG,OAAO,KAAK,GAAG;AAAA,IACpC;AACA,UAAM,KAAK,EAAE;AAAA,EACf;AAEA,gBAAc,aAAa,MAAM,KAAK,IAAI,GAAG,EAAE,MAAM,IAAM,CAAC;AAC9D;AAEO,SAAS,UAAU,UAAkC;AAC1D,MAAI;AACF,WAAO;AACT,MAAI,QAAQ,IAAI;AACd,WAAO,QAAQ,IAAI;AAErB,QAAM,OAAO,SAAS;AACtB,MAAI,MAAM;AACR,WAAO,KAAK;AAEd,QAAM,SAAS,WAAW;AAC1B,MAAI,OAAO,UAAU;AACnB,WAAO,OAAO,SAAS;AAEzB,SAAO;AACT;AAEO,SAAS,eAA8B;AAC5C,QAAM,OAAO,SAAS;AACtB,MAAI,CAAC;AACH,WAAO;AAGT,MAAI,KAAK,cAAc,KAAK,IAAI,IAAI,MAAO,KAAK,aAAa,IAAI;AAC/D,WAAO;AAAA,EACT;AAEA,SAAO,KAAK;AACd;AAEO,SAAS,uBAAsC;AACpD,SAAO,SAAS,GAAG,SAAS;AAC9B;;;AC3JA,OAAO,aAAa;AAGpB,IAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS;AAEtC,IAAM,WAAN,cAAuB,MAAM;AAAA,EAClC,YAAmB,YAAoB,SAAwB,gBAA0C;AACvG,UAAM,OAAO;AADI;AAA4C;AAE7D,SAAK,OAAO;AAAA,EACd;AACF;AAGA,IAAM,kBAA2D,CAAC;AAElE,eAAsB,kBAAkB,QAAkD;AACxF,MAAI,gBAAgB,MAAM,GAAG;AAC3B,WAAO,gBAAgB,MAAM;AAAA,EAC/B;AAEA,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,GAAG,MAAM,mCAAmC;AACzE,QAAI,SAAS,IAAI;AACf,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,sBAAgB,MAAM,IAAI;AAC1B,aAAO;AAAA,IACT;AAAA,EACF,QACM;AAAA,EAAC;AAGP,kBAAgB,MAAM,IAAI,CAAC;AAC3B,SAAO,CAAC;AACV;AAEA,eAAsB,kBAAkB,QAAiC;AACvE,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,2BAAsC,GAAG,MAAM;AAC/D;AAEA,eAAsB,0BAA0B,QAAiC;AAC/E,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,kCAA6C,GAAG,MAAM;AACtE;AAEA,eAAsB,6BAA6B,QAAiC;AAClF,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,qCAAgD,GAAG,MAAM;AACzE;AAEA,eAAsB,uBAAuB,QAAiC;AAC5E,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,gCAA2C,GAAG,MAAM;AACpE;AAMA,eAAe,oBAA4C;AACzD,QAAM,OAAO,SAAS;AACtB,MAAI,CAAC;AACH,WAAO;AAET,QAAM,SAAS,WAAW;AAC1B,QAAM,UAAU,OAAO,OAAO;AAC9B,MAAI,CAAC;AACH,WAAO;AAET,MAAI;AACF,UAAM,EAAE,cAAAA,cAAa,IAAI,MAAM,OAAO,IAAS;AAC/C,UAAM,EAAE,KAAK,IAAI,MAAM,OAAO,QAAa;AAC3C,UAAM,EAAE,SAAAC,SAAQ,IAAI,MAAM,OAAO,IAAS;AAC1C,UAAM,EAAE,sBAAsB,IAAI,MAAM,OAAO,uBAAc;AAE7D,UAAM,WAAW,QAAQ,QAAQ,MAAMA,SAAQ,CAAC;AAChD,UAAM,aAAaD,cAAa,UAAU,OAAO;AACjD,UAAM,aAAa,sBAAsB,UAAU;AAEnD,UAAM,eAAe,MAAM,0BAA0B,KAAK,GAAG;AAC7D,UAAM,gBAAgB,MAAM,MAAM,cAAc;AAAA,MAC9C,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,KAAK,MAAM,CAAC;AAAA,IAC/C,CAAC;AAED,QAAI,CAAC,cAAc;AACjB,aAAO;AAET,UAAM,EAAE,UAAU,IAAI,MAAM,cAAc,KAAK;AAC/C,UAAM,EAAE,OAAO,IAAI,MAAM,OAAO,QAAa;AAC7C,UAAM,YAAY,KAAK,MAAM,OAAO,KAAK,SAAS,GAAG,UAAU,EAAE,SAAS,QAAQ;AAElF,UAAM,kBAAkB,MAAM,6BAA6B,KAAK,GAAG;AACnE,UAAM,WAAW,MAAM,MAAM,iBAAiB;AAAA,MAC5C,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,KAAK,OAAO,WAAW,UAAU,CAAC;AAAA,IACrE,CAAC;AAED,QAAI,CAAC,SAAS;AACZ,aAAO;AAET,UAAM,EAAE,OAAO,WAAW,IAAI,MAAM,SAAS,KAAK;AAElD,aAAS;AAAA,MACP,GAAG;AAAA,MACH,cAAc;AAAA,MACd,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,cAAc;AAAA,IAC7D,CAAC;AAED,QAAI,OAAO;AACT,cAAQ,MAAM,gDAAgD;AAAA,IAChE;AAEA,WAAO;AAAA,EACT,QACM;AACJ,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,SACpB,MACA,UAKI,CAAC,GACO;AACZ,MAAI,QAAQ,QAAQ,SAAS,aAAa;AAG1C,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,kBAAkB;AAAA,EAClC;AAEA,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,4DAA4D;AAAA,EAC9E;AAEA,MAAI;AACJ,MAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,UAAM;AAAA,EACR,OACK;AACH,UAAM,MAAM,QAAQ,OAAO,UAAU;AACrC,QAAI,CAAC,KAAK;AACR,YAAM,IAAI,MAAM,8DAA8D;AAAA,IAChF;AACA,UAAM,GAAG,GAAG,GAAG,IAAI;AAAA,EACrB;AACA,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,UAAkC;AAAA,IACtC,iBAAiB,UAAU,KAAK;AAAA,IAChC,gBAAgB;AAAA,EAClB;AAEA,MAAI,OAAO;AACT,YAAQ,MAAM,GAAG,MAAM,IAAI,GAAG,EAAE;AAChC,YAAQ,MAAM,UAAU,MAAM,UAAU,GAAG,EAAE,CAAC,MAAM,MAAM,UAAU,MAAM,SAAS,EAAE,CAAC,EAAE;AAAA,EAC1F;AAEA,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC;AAAA,IACA;AAAA,IACA,MAAM,QAAQ,OAAO,KAAK,UAAU,QAAQ,IAAI,IAAI;AAAA,EACtD,CAAC;AAED,MAAI,OAAO;AACT,YAAQ,MAAM,aAAa,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,EACrE;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,cAAc,SAAS,QAAQ,IAAI,cAAc,KAAK;AAG5D,QAAI,YAAY,SAAS,0BAA0B,KAAK,YAAY,SAAS,kBAAkB,GAAG;AAChG,UAAI;AACF,cAAM,UAAU,MAAM,SAAS,KAAK;AACpC,cAAM,UAAW,QAAQ,UAAsB,QAAQ,SAAoB,GAAG,SAAS,MAAM,IAAI,SAAS,UAAU;AACpH,cAAM,IAAI,SAAS,SAAS,QAAQ,SAAS,OAAO;AAAA,MACtD,SACO,GAAG;AACR,YAAI,aAAa;AACf,gBAAM;AAAA,MACV;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,IAAI,SAAS,SAAS,QAAQ,QAAQ,GAAG,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,EACzF;AAEA,SAAO,SAAS,KAAK;AACvB;","names":["readFileSync","homedir"]}
|
package/dist/cli.js
CHANGED
|
@@ -19,7 +19,7 @@ import {
|
|
|
19
19
|
loadConfig,
|
|
20
20
|
saveAuth,
|
|
21
21
|
saveConfig
|
|
22
|
-
} from "./chunk-
|
|
22
|
+
} from "./chunk-KXESKY4X.js";
|
|
23
23
|
|
|
24
24
|
// src/cli.ts
|
|
25
25
|
import consola22 from "consola";
|
|
@@ -233,10 +233,14 @@ var whoamiCommand = defineCommand3({
|
|
|
233
233
|
}
|
|
234
234
|
const isAgent = auth.email.includes("agent+");
|
|
235
235
|
const expiresAt = new Date(auth.expires_at * 1e3).toISOString();
|
|
236
|
+
const isExpired = Date.now() / 1e3 > auth.expires_at;
|
|
236
237
|
console.log(`Email: ${auth.email}`);
|
|
237
238
|
console.log(`Type: ${isAgent ? "agent" : "human"}`);
|
|
238
239
|
console.log(`IdP: ${auth.idp}`);
|
|
239
|
-
console.log(`Token valid until
|
|
240
|
+
console.log(`Token: ${isExpired ? "\u26A0 EXPIRED" : "valid"} (until ${expiresAt})`);
|
|
241
|
+
if (isExpired) {
|
|
242
|
+
consola3.warn("Token is expired. Run `apes login` to re-authenticate.");
|
|
243
|
+
}
|
|
240
244
|
}
|
|
241
245
|
});
|
|
242
246
|
|
|
@@ -1806,7 +1810,7 @@ var mcpCommand = defineCommand21({
|
|
|
1806
1810
|
if (transport !== "stdio" && transport !== "sse") {
|
|
1807
1811
|
throw new Error('Transport must be "stdio" or "sse"');
|
|
1808
1812
|
}
|
|
1809
|
-
const { startMcpServer } = await import("./server-
|
|
1813
|
+
const { startMcpServer } = await import("./server-5ZRR26S4.js");
|
|
1810
1814
|
await startMcpServer(transport, port);
|
|
1811
1815
|
}
|
|
1812
1816
|
});
|
|
@@ -2223,7 +2227,7 @@ var configCommand = defineCommand25({
|
|
|
2223
2227
|
var main = defineCommand25({
|
|
2224
2228
|
meta: {
|
|
2225
2229
|
name: "apes",
|
|
2226
|
-
version: "0.5.
|
|
2230
|
+
version: "0.5.4",
|
|
2227
2231
|
description: "Unified CLI for OpenApe"
|
|
2228
2232
|
},
|
|
2229
2233
|
subCommands: {
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/cli.ts","../src/commands/auth/login.ts","../src/commands/auth/logout.ts","../src/commands/auth/whoami.ts","../src/commands/grants/list.ts","../src/commands/grants/inbox.ts","../src/commands/grants/status.ts","../src/commands/grants/request.ts","../src/commands/grants/request-capability.ts","../src/commands/grants/approve.ts","../src/commands/grants/deny.ts","../src/commands/grants/revoke.ts","../src/commands/grants/token.ts","../src/commands/grants/delegate.ts","../src/commands/grants/delegations.ts","../src/commands/adapter/index.ts","../src/commands/run.ts","../src/commands/explain.ts","../src/commands/config/get.ts","../src/commands/config/set.ts","../src/commands/fetch/index.ts","../src/commands/mcp/index.ts","../src/commands/init/index.ts","../src/commands/enroll.ts","../src/commands/dns-check.ts"],"sourcesContent":["import consola from 'consola'\nimport { defineCommand, runMain } from 'citty'\nimport { loginCommand } from './commands/auth/login'\nimport { logoutCommand } from './commands/auth/logout'\nimport { whoamiCommand } from './commands/auth/whoami'\nimport { listCommand } from './commands/grants/list'\nimport { inboxCommand } from './commands/grants/inbox'\nimport { statusCommand } from './commands/grants/status'\nimport { requestCommand } from './commands/grants/request'\nimport { requestCapabilityCommand } from './commands/grants/request-capability'\nimport { approveCommand } from './commands/grants/approve'\nimport { denyCommand } from './commands/grants/deny'\nimport { revokeCommand } from './commands/grants/revoke'\nimport { tokenCommand } from './commands/grants/token'\nimport { delegateCommand } from './commands/grants/delegate'\nimport { delegationsCommand } from './commands/grants/delegations'\nimport { adapterCommand } from './commands/adapter/index'\nimport { runCommand } from './commands/run'\nimport { explainCommand } from './commands/explain'\nimport { configGetCommand } from './commands/config/get'\nimport { configSetCommand } from './commands/config/set'\nimport { fetchCommand } from './commands/fetch/index'\nimport { mcpCommand } from './commands/mcp/index'\nimport { initCommand } from './commands/init/index'\nimport { enrollCommand } from './commands/enroll'\nimport { dnsCheckCommand } from './commands/dns-check'\nimport { ApiError } from './http'\n\nconst debug = process.argv.includes('--debug')\n\ndeclare const __VERSION__: string\n\nconst grantsCommand = defineCommand({\n meta: {\n name: 'grants',\n description: 'Grant management',\n },\n subCommands: {\n list: listCommand,\n inbox: inboxCommand,\n status: statusCommand,\n request: requestCommand,\n 'request-capability': requestCapabilityCommand,\n approve: approveCommand,\n deny: denyCommand,\n revoke: revokeCommand,\n token: tokenCommand,\n delegate: delegateCommand,\n delegations: delegationsCommand,\n },\n})\n\nconst configCommand = defineCommand({\n meta: {\n name: 'config',\n description: 'Configuration management',\n },\n subCommands: {\n get: configGetCommand,\n set: configSetCommand,\n },\n})\n\nconst main = defineCommand({\n meta: {\n name: 'apes',\n version: __VERSION__,\n description: 'Unified CLI for OpenApe',\n },\n subCommands: {\n init: initCommand,\n enroll: enrollCommand,\n 'dns-check': dnsCheckCommand,\n login: loginCommand,\n logout: logoutCommand,\n whoami: whoamiCommand,\n grants: grantsCommand,\n run: runCommand,\n explain: explainCommand,\n adapter: adapterCommand,\n config: configCommand,\n fetch: fetchCommand,\n mcp: mcpCommand,\n },\n})\n\nrunMain(main).catch((err) => {\n if (debug) {\n consola.error(err)\n }\n else {\n consola.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err))\n }\n process.exit(1)\n})\n","import { Buffer } from 'node:buffer'\nimport { execFile } from 'node:child_process'\nimport { createServer } from 'node:http'\nimport { defineCommand } from 'citty'\nimport { generateCodeChallenge, generateCodeVerifier } from '@openape/core'\nimport consola from 'consola'\nimport { loadConfig, saveAuth } from '../../config'\nimport { getAgentAuthenticateEndpoint, getAgentChallengeEndpoint } from '../../http'\n\nconst CALLBACK_PORT = 9876\nconst CLIENT_ID = 'grapes-cli'\n\nexport const loginCommand = defineCommand({\n meta: {\n name: 'login',\n description: 'Authenticate with an OpenApe IdP',\n },\n args: {\n idp: {\n type: 'string',\n description: 'IdP URL (e.g. https://id.openape.at)',\n },\n key: {\n type: 'string',\n description: 'Path to agent private key (agent mode)',\n },\n email: {\n type: 'string',\n description: 'Agent email (for DNS discovery)',\n },\n },\n async run({ args }) {\n const config = loadConfig()\n const idp = args.idp || process.env.APES_IDP || process.env.GRAPES_IDP || config.defaults?.idp\n\n if (!idp) {\n consola.error('IdP URL required. Use --idp <url> or set APES_IDP.')\n return process.exit(1)\n }\n\n if (args.key) {\n await loginWithKey(idp, args.key, args.email)\n }\n else {\n await loginWithPKCE(idp)\n }\n },\n})\n\nfunction openBrowser(url: string) {\n const cmd = process.platform === 'darwin' ? 'open' : process.platform === 'win32' ? 'start' : 'xdg-open'\n execFile(cmd, [url], () => {})\n}\n\nasync function loginWithPKCE(idp: string) {\n const codeVerifier = generateCodeVerifier()\n const codeChallenge = await generateCodeChallenge(codeVerifier)\n const redirectUri = `http://localhost:${CALLBACK_PORT}/callback`\n\n const state = crypto.randomUUID()\n const nonce = crypto.randomUUID()\n\n const authUrl = new URL(`${idp}/authorize`)\n authUrl.searchParams.set('response_type', 'code')\n authUrl.searchParams.set('client_id', CLIENT_ID)\n authUrl.searchParams.set('redirect_uri', redirectUri)\n authUrl.searchParams.set('code_challenge', codeChallenge)\n authUrl.searchParams.set('code_challenge_method', 'S256')\n authUrl.searchParams.set('state', state)\n authUrl.searchParams.set('nonce', nonce)\n authUrl.searchParams.set('scope', 'openid email profile offline_access')\n\n // Start local callback server\n const code = await new Promise<string>((resolve, reject) => {\n const server = createServer((req, res) => {\n const url = new URL(req.url!, `http://localhost:${CALLBACK_PORT}`)\n if (url.pathname === '/callback') {\n const authCode = url.searchParams.get('code')\n const error = url.searchParams.get('error')\n\n if (error) {\n res.writeHead(200, { 'Content-Type': 'text/html' })\n res.end('<h1>Login failed</h1><p>You can close this window.</p>')\n server.close()\n reject(new Error(`Auth error: ${error}`))\n return\n }\n\n if (authCode) {\n res.writeHead(200, { 'Content-Type': 'text/html' })\n res.end('<h1>Login successful!</h1><p>You can close this window.</p>')\n server.close()\n resolve(authCode)\n return\n }\n\n res.writeHead(400)\n res.end('Missing code')\n }\n else {\n res.writeHead(404)\n res.end()\n }\n })\n\n server.listen(CALLBACK_PORT, () => {\n consola.info(`Opening browser for login at ${idp}...`)\n openBrowser(authUrl.toString())\n })\n\n // Timeout after 5 minutes\n const timeout = setTimeout(() => {\n server.close()\n reject(new Error('Login timed out'))\n }, 300_000)\n timeout.unref()\n })\n\n // Exchange code for tokens\n const tokenResponse = await fetch(`${idp}/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n grant_type: 'authorization_code',\n code,\n code_verifier: codeVerifier,\n redirect_uri: redirectUri,\n client_id: CLIENT_ID,\n }),\n })\n\n if (!tokenResponse.ok) {\n const text = await tokenResponse.text()\n consola.error(`Token exchange failed: ${text}`)\n return process.exit(1)\n }\n\n const tokens = await tokenResponse.json() as {\n access_token?: string\n id_token?: string\n refresh_token?: string\n expires_in?: number\n assertion?: string\n }\n\n const accessToken = tokens.access_token || tokens.id_token || tokens.assertion\n if (!accessToken) {\n consola.error('No access token received')\n return process.exit(1)\n }\n\n // Decode JWT to get email\n const payload = JSON.parse(atob(accessToken.split('.')[1]!))\n\n saveAuth({\n idp,\n access_token: accessToken,\n ...(tokens.refresh_token ? { refresh_token: tokens.refresh_token } : {}),\n email: payload.email || payload.sub,\n expires_at: Math.floor(Date.now() / 1000) + (tokens.expires_in || 3600),\n })\n\n consola.success(`Logged in as ${payload.email || payload.sub}`)\n}\n\nasync function loginWithKey(idp: string, keyPath: string, email?: string) {\n const { readFileSync } = await import('node:fs')\n const { sign } = await import('node:crypto')\n const { loadEd25519PrivateKey } = await import('../../ssh-key.js')\n\n const agentEmail = email\n if (!agentEmail) {\n consola.error('Agent email required for key-based login. Use --email <agent-email>')\n return process.exit(1)\n }\n\n // Use challenge-response auth (endpoint resolved via OIDC discovery)\n const challengeUrl = await getAgentChallengeEndpoint(idp)\n const challengeResp = await fetch(challengeUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ agent_id: agentEmail }),\n })\n\n if (!challengeResp.ok) {\n consola.error(`Challenge failed: ${await challengeResp.text()}`)\n return process.exit(1)\n }\n\n const { challenge } = await challengeResp.json() as { challenge: string }\n\n // Sign challenge with Ed25519 private key (supports OpenSSH + PKCS8 format)\n const keyContent = readFileSync(keyPath, 'utf-8')\n const privateKey = loadEd25519PrivateKey(keyContent)\n const signature = sign(null, Buffer.from(challenge), privateKey).toString('base64')\n\n // Authenticate (endpoint resolved via OIDC discovery)\n const authenticateUrl = await getAgentAuthenticateEndpoint(idp)\n const authResp = await fetch(authenticateUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n agent_id: agentEmail,\n challenge,\n signature,\n }),\n })\n\n if (!authResp.ok) {\n consola.error(`Authentication failed: ${await authResp.text()}`)\n return process.exit(1)\n }\n\n const { token, expires_in } = await authResp.json() as { token: string, expires_in: number }\n\n saveAuth({\n idp,\n access_token: token,\n email: agentEmail,\n expires_at: Math.floor(Date.now() / 1000) + (expires_in || 3600),\n })\n\n consola.success(`Logged in as ${agentEmail} (agent)`)\n}\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { clearAuth } from '../../config'\n\nexport const logoutCommand = defineCommand({\n meta: {\n name: 'logout',\n description: 'Clear stored credentials',\n },\n run() {\n clearAuth()\n consola.success('Logged out.')\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { loadAuth } from '../../config'\n\nexport const whoamiCommand = defineCommand({\n meta: {\n name: 'whoami',\n description: 'Show current identity',\n },\n run() {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const isAgent = auth.email.includes('agent+')\n const expiresAt = new Date(auth.expires_at * 1000).toISOString()\n\n console.log(`Email: ${auth.email}`)\n console.log(`Type: ${isAgent ? 'agent' : 'human'}`)\n console.log(`IdP: ${auth.idp}`)\n console.log(`Token valid until: ${expiresAt}`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\ninterface Grant {\n id: string\n type: string\n status: string\n requester: string\n owner: string\n request: {\n command?: string[]\n grant_type?: string\n reason?: string\n }\n created_at?: string\n}\n\ninterface PaginatedGrants {\n data: Grant[]\n pagination: {\n cursor: string | null\n has_more: boolean\n }\n}\n\nexport const listCommand = defineCommand({\n meta: {\n name: 'list',\n description: 'List your grants (as requester)',\n },\n args: {\n status: {\n type: 'string',\n description: 'Filter by status (pending, approved, denied, revoked, used)',\n },\n all: {\n type: 'boolean',\n description: 'Show all visible grants (not just your own)',\n default: false,\n },\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n limit: {\n type: 'string',\n description: 'Max results (default 20, max 100)',\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()\n if (!idp) {\n consola.error('No IdP URL configured. Run `apes login` first or pass --idp.')\n return process.exit(1)\n }\n\n const auth = loadAuth()\n\n const grantsUrl = await getGrantsEndpoint(idp)\n const params = new URLSearchParams()\n if (args.status)\n params.set('status', args.status)\n if (args.limit)\n params.set('limit', args.limit)\n const query = params.toString() ? `?${params.toString()}` : ''\n\n const response = await apiFetch<PaginatedGrants>(`${grantsUrl}${query}`)\n\n let grants = response.data\n\n // Filter to own grants unless --all\n if (!args.all && auth?.email) {\n grants = grants.filter(g => g.requester === auth.email)\n }\n\n if (args.json) {\n console.log(JSON.stringify(args.all ? response : { ...response, data: grants }, null, 2))\n return\n }\n\n if (grants.length === 0) {\n consola.info(args.all ? 'No grants found.' : 'No grants found. Use --all to see all visible grants.')\n return\n }\n\n for (const grant of grants) {\n const cmd = grant.request?.command?.join(' ') || '(no command)'\n const type = grant.request?.grant_type || grant.type\n console.log(`${grant.id} ${grant.status.padEnd(8)} ${type.padEnd(6)} ${cmd}`)\n if (grant.request?.reason) {\n console.log(` Reason: ${grant.request.reason}`)\n }\n }\n\n if (response.pagination.has_more) {\n consola.info('More results available. Use --limit or pagination cursor.')\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\ninterface Grant {\n id: string\n type: string\n status: string\n requester: string\n owner: string\n request: {\n command?: string[]\n grant_type?: string\n reason?: string\n }\n created_at?: string\n}\n\ninterface PaginatedGrants {\n data: Grant[]\n pagination: {\n cursor: string | null\n has_more: boolean\n }\n}\n\nexport const inboxCommand = defineCommand({\n meta: {\n name: 'inbox',\n description: 'Show grants awaiting your approval',\n },\n args: {\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n limit: {\n type: 'string',\n description: 'Max results (default 20, max 100)',\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()\n if (!idp) {\n consola.error('No IdP URL configured. Run `apes login` first.')\n return process.exit(1)\n }\n\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const grantsUrl = await getGrantsEndpoint(idp)\n const params = new URLSearchParams()\n params.set('status', 'pending')\n if (args.limit)\n params.set('limit', args.limit)\n const query = `?${params.toString()}`\n\n const response = await apiFetch<PaginatedGrants>(`${grantsUrl}${query}`)\n\n // Filter out own requests — inbox shows only grants from others\n const grants = response.data.filter(g => g.requester !== auth.email)\n\n if (args.json) {\n console.log(JSON.stringify({ ...response, data: grants }, null, 2))\n return\n }\n\n if (grants.length === 0) {\n consola.info('No pending grants to approve.')\n return\n }\n\n consola.info(`${grants.length} grant(s) awaiting approval:\\n`)\n\n for (const grant of grants) {\n const cmd = grant.request?.command?.join(' ') || '(no command)'\n const type = grant.request?.grant_type || grant.type\n console.log(`${grant.id} ${type.padEnd(6)} from ${grant.requester}`)\n console.log(` Command: ${cmd}`)\n if (grant.request?.reason) {\n console.log(` Reason: ${grant.request.reason}`)\n }\n if (grant.created_at) {\n console.log(` Created: ${grant.created_at}`)\n }\n console.log()\n }\n\n consola.info('Use `apes grants approve <id>` or `apes grants deny <id>` to respond.')\n },\n})\n","import { defineCommand } from 'citty'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\ninterface GrantDetail {\n id: string\n type: string\n status: string\n requester: string\n owner: string\n approver?: string\n request: {\n command?: string[]\n grant_type?: string\n reason?: string\n }\n created_at?: string\n decided_at?: string\n decided_by?: string\n expires_at?: string\n}\n\nexport const statusCommand = defineCommand({\n meta: {\n name: 'status',\n description: 'Show grant status',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID',\n required: true,\n },\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n const grant = await apiFetch<GrantDetail>(`${grantsUrl}/${args.id}`)\n\n if (args.json) {\n console.log(JSON.stringify(grant, null, 2))\n return\n }\n\n console.log(`Grant: ${grant.id}`)\n console.log(`Status: ${grant.status}`)\n console.log(`Type: ${grant.type}`)\n console.log(`Requester: ${grant.requester}`)\n console.log(`Owner: ${grant.owner}`)\n if (grant.approver)\n console.log(`Approver: ${grant.approver}`)\n if (grant.request?.command)\n console.log(`Command: ${grant.request.command.join(' ')}`)\n if (grant.request?.grant_type)\n console.log(`Approval: ${grant.request.grant_type}`)\n if (grant.request?.reason)\n console.log(`Reason: ${grant.request.reason}`)\n if (grant.decided_by)\n console.log(`Decided by: ${grant.decided_by}`)\n if (grant.decided_at)\n console.log(`Decided at: ${grant.decided_at}`)\n if (grant.expires_at)\n console.log(`Expires: ${grant.expires_at}`)\n },\n})\n","import { hostname } from 'node:os'\nimport { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { parseDuration } from '../../duration'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nexport const requestCommand = defineCommand({\n meta: {\n name: 'request',\n description: 'Request a new grant',\n },\n args: {\n command: {\n type: 'positional',\n description: 'Command to request permission for',\n required: true,\n },\n audience: {\n type: 'string',\n description: 'Service identifier (e.g. \"escapes\", \"proxy\")',\n required: true,\n },\n host: {\n type: 'string',\n description: 'Target host (default: system hostname)',\n },\n reason: {\n type: 'string',\n description: 'Reason for the request',\n },\n approval: {\n type: 'string',\n description: 'Approval type: once, timed, always',\n default: 'once',\n },\n duration: {\n type: 'string',\n description: 'Duration for timed grants (e.g. 30m, 1h, 7d)',\n },\n 'run-as': {\n type: 'string',\n description: 'Execute as this user (e.g. openclaw, root)',\n },\n wait: {\n type: 'boolean',\n description: 'Wait for approval',\n default: false,\n },\n },\n async run({ args }) {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n const command = args.command.split(' ')\n const targetHost = args.host || hostname()\n\n const duration = args.duration ? parseDuration(args.duration) : undefined\n\n const grant = await apiFetch<{ id: string, status: string }>(grantsUrl, {\n method: 'POST',\n body: {\n requester: auth.email,\n target_host: targetHost,\n audience: args.audience,\n grant_type: args.approval,\n command,\n reason: args.reason || command.join(' '),\n ...(duration != null ? { duration } : {}),\n ...(args['run-as'] ? { run_as: args['run-as'] } : {}),\n },\n })\n\n consola.success(`Grant requested: ${grant.id} (status: ${grant.status})`)\n\n if (args.wait) {\n consola.info('Waiting for approval...')\n await waitForApproval(grantsUrl, grant.id)\n }\n },\n})\n\nasync function waitForApproval(grantsUrl: string, grantId: string): Promise<void> {\n const maxWait = 300_000 // 5 minutes\n const interval = 3_000\n const start = Date.now()\n\n while (Date.now() - start < maxWait) {\n const grant = await apiFetch<{ status: string }>(`${grantsUrl}/${grantId}`)\n\n if (grant.status === 'approved') {\n consola.success('Grant approved!')\n return\n }\n if (grant.status === 'denied') {\n consola.error('Grant denied.')\n return process.exit(1)\n }\n if (grant.status === 'revoked') {\n consola.error('Grant revoked.')\n return process.exit(1)\n }\n\n await new Promise(r => setTimeout(r, interval))\n }\n\n consola.error('Timed out waiting for approval.')\n return process.exit(1)\n}\n","import { hostname } from 'node:os'\nimport { buildStructuredCliGrantRequest, loadAdapter, resolveCapabilityRequest } from '@openape/shapes'\nimport { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { parseDuration } from '../../duration'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nfunction parseCapabilityArgs(rawArgs: string[]): {\n cliId: string\n adapter?: string\n idp?: string\n approval: 'once' | 'timed' | 'always'\n reason?: string\n duration?: number\n runAs?: string\n wait: boolean\n resources: string[]\n selectors: string[]\n actions: string[]\n} {\n const tokens = [...rawArgs]\n if (tokens[0] === 'request-capability') {\n tokens.shift()\n }\n\n const cliId = tokens.shift()\n if (!cliId || cliId.startsWith('-')) {\n throw new Error('Missing CLI identifier')\n }\n\n const resources: string[] = []\n const selectors: string[] = []\n const actions: string[] = []\n let adapter: string | undefined\n let idp: string | undefined\n let approval: 'once' | 'timed' | 'always' = 'once'\n let reason: string | undefined\n let duration: number | undefined\n let runAs: string | undefined\n let wait = false\n\n for (let index = 0; index < tokens.length; index += 1) {\n const token = tokens[index]!\n const next = tokens[index + 1]\n switch (token) {\n case '--resource':\n if (!next)\n throw new Error('Missing value for --resource')\n resources.push(next)\n index += 1\n break\n case '--selector':\n if (!next)\n throw new Error('Missing value for --selector')\n selectors.push(next)\n index += 1\n break\n case '--action':\n if (!next)\n throw new Error('Missing value for --action')\n actions.push(next)\n index += 1\n break\n case '--adapter':\n if (!next)\n throw new Error('Missing value for --adapter')\n adapter = next\n index += 1\n break\n case '--idp':\n if (!next)\n throw new Error('Missing value for --idp')\n idp = next\n index += 1\n break\n case '--approval':\n if (!next || !['once', 'timed', 'always'].includes(next)) {\n throw new Error('Approval must be one of: once, timed, always')\n }\n approval = next as 'once' | 'timed' | 'always'\n index += 1\n break\n case '--reason':\n if (!next)\n throw new Error('Missing value for --reason')\n reason = next\n index += 1\n break\n case '--duration':\n if (!next)\n throw new Error('Missing value for --duration')\n duration = parseDuration(next)\n index += 1\n break\n case '--run-as':\n if (!next)\n throw new Error('Missing value for --run-as')\n runAs = next\n index += 1\n break\n case '--wait':\n wait = true\n break\n default:\n throw new Error(`Unknown argument: ${token}`)\n }\n }\n\n return {\n cliId,\n adapter,\n idp,\n approval,\n reason,\n duration,\n runAs,\n wait,\n resources,\n selectors,\n actions,\n }\n}\n\nasync function waitForApproval(grantsUrl: string, grantId: string): Promise<void> {\n const maxWait = 300_000\n const interval = 3_000\n const start = Date.now()\n\n while (Date.now() - start < maxWait) {\n const grant = await apiFetch<{ status: string }>(`${grantsUrl}/${grantId}`)\n if (grant.status === 'approved') {\n consola.success('Grant approved!')\n return\n }\n if (grant.status === 'denied') {\n consola.error('Grant denied.')\n process.exit(1)\n }\n if (grant.status === 'revoked') {\n consola.error('Grant revoked.')\n process.exit(1)\n }\n await new Promise(resolve => setTimeout(resolve, interval))\n }\n\n consola.error('Timed out waiting for approval.')\n process.exit(1)\n}\n\nexport const requestCapabilityCommand = defineCommand({\n meta: {\n name: 'request-capability',\n description: 'Request a structured CLI capability grant',\n },\n args: {\n 'cliId': {\n type: 'positional',\n description: 'CLI adapter identifier (e.g. docker, kubectl)',\n required: true,\n },\n 'resource': {\n type: 'string',\n description: 'Resource scope (repeatable)',\n },\n 'selector': {\n type: 'string',\n description: 'Selector filter (repeatable)',\n },\n 'action': {\n type: 'string',\n description: 'Action to permit (repeatable)',\n },\n 'adapter': {\n type: 'string',\n description: 'Explicit path to adapter TOML file',\n },\n 'idp': {\n type: 'string',\n description: 'IdP URL',\n },\n 'approval': {\n type: 'string',\n description: 'Approval type: once, timed, always',\n default: 'once',\n },\n 'reason': {\n type: 'string',\n description: 'Reason for the request',\n },\n 'duration': {\n type: 'string',\n description: 'Duration for timed grants (e.g. 30m, 1h, 7d)',\n },\n 'run-as': {\n type: 'string',\n description: 'Execute as this user (e.g. root)',\n },\n 'wait': {\n type: 'boolean',\n description: 'Wait for approval before returning',\n default: false,\n },\n },\n async run({ rawArgs }) {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const parsed = parseCapabilityArgs(rawArgs)\n const idp = getIdpUrl(parsed.idp)\n if (!idp) {\n consola.error('No IdP URL configured. Use --idp or log in first.')\n return process.exit(1)\n }\n\n const loaded = loadAdapter(parsed.cliId, parsed.adapter)\n const resolved = resolveCapabilityRequest(loaded, {\n resources: parsed.resources,\n selectors: parsed.selectors,\n actions: parsed.actions,\n })\n\n const { request } = await buildStructuredCliGrantRequest(resolved, {\n requester: auth.email,\n target_host: hostname(),\n grant_type: parsed.approval,\n ...(parsed.reason ? { reason: parsed.reason } : {}),\n })\n\n if (parsed.duration != null) {\n request.duration = parsed.duration\n }\n if (parsed.runAs) {\n request.run_as = parsed.runAs\n }\n\n const grantsUrl = await getGrantsEndpoint(idp)\n const grant = await apiFetch<{ id: string, status: string }>(grantsUrl, {\n method: 'POST',\n idp,\n body: request,\n })\n\n consola.success(`Grant requested: ${grant.id} (status: ${grant.status})`)\n\n if (parsed.wait) {\n consola.info('Waiting for approval...')\n await waitForApproval(grantsUrl, grant.id)\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nexport const approveCommand = defineCommand({\n meta: {\n name: 'approve',\n description: 'Approve a grant request',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID',\n required: true,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n await apiFetch(`${grantsUrl}/${args.id}/approve`, {\n method: 'POST',\n })\n consola.success(`Grant ${args.id} approved.`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nexport const denyCommand = defineCommand({\n meta: {\n name: 'deny',\n description: 'Deny a grant request',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID',\n required: true,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n await apiFetch(`${grantsUrl}/${args.id}/deny`, {\n method: 'POST',\n })\n consola.success(`Grant ${args.id} denied.`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\ninterface Grant {\n id: string\n status: string\n requester: string\n request: { command?: string[] }\n}\n\ninterface PaginatedGrants {\n data: Grant[]\n pagination: { cursor: string | null, has_more: boolean }\n}\n\ninterface BatchResult {\n id: string\n status: string\n success: boolean\n error?: { title: string }\n}\n\nexport const revokeCommand = defineCommand({\n meta: {\n name: 'revoke',\n description: 'Revoke one or more grants',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID(s) to revoke',\n required: false,\n },\n allPending: {\n type: 'boolean',\n description: 'Revoke all own pending grants',\n default: false,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n\n const explicitIds = args.id\n ? [String(args.id), ...args._].filter(Boolean)\n : []\n\n if (args.allPending && explicitIds.length > 0) {\n consola.error('Use either --all-pending or grant IDs, not both.')\n return process.exit(1)\n }\n\n let ids: string[]\n\n if (args.allPending) {\n const auth = loadAuth()\n const response = await apiFetch<PaginatedGrants>(\n `${grantsUrl}?status=pending&limit=100`,\n )\n const ownPending = auth?.email\n ? response.data.filter(g => g.requester === auth.email)\n : response.data\n if (ownPending.length === 0) {\n consola.info('No pending grants to revoke.')\n return\n }\n ids = ownPending.map(g => g.id)\n consola.info(`Found ${ids.length} pending grant(s) to revoke.`)\n }\n else if (explicitIds.length > 0) {\n ids = explicitIds\n }\n else {\n consola.error('Provide grant ID(s) or use --all-pending.')\n return process.exit(1)\n }\n\n // Single grant: use direct endpoint\n if (ids.length === 1) {\n await apiFetch(`${grantsUrl}/${ids[0]}/revoke`, { method: 'POST' })\n consola.success(`Grant ${ids[0]} revoked.`)\n return\n }\n\n // Multiple grants: use batch endpoint\n const operations = ids.map(id => ({ id, action: 'revoke' as const }))\n const { results } = await apiFetch<{ results: BatchResult[] }>(\n `${grantsUrl}/batch`,\n { method: 'POST', body: { operations } },\n )\n\n let succeeded = 0\n for (const r of results) {\n if (r.success) {\n consola.success(`Grant ${r.id} revoked.`)\n succeeded++\n }\n else {\n consola.error(`Grant ${r.id}: ${r.error?.title || 'Failed'}`)\n }\n }\n\n if (succeeded < results.length) {\n consola.info(`Revoked ${succeeded} of ${results.length} grants.`)\n process.exit(1)\n }\n else {\n consola.success(`All ${succeeded} grants revoked.`)\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nexport const tokenCommand = defineCommand({\n meta: {\n name: 'token',\n description: 'Get grant token JWT',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID',\n required: true,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n const result = await apiFetch<{ authz_jwt: string }>(`${grantsUrl}/${args.id}/token`, {\n method: 'POST',\n })\n\n if (!result.authz_jwt) {\n consola.error('No token received. Grant may not be approved.')\n return process.exit(1)\n }\n\n // Output raw token to stdout (pipeable)\n process.stdout.write(result.authz_jwt)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { apiFetch, getDelegationsEndpoint } from '../../http'\n\nexport const delegateCommand = defineCommand({\n meta: {\n name: 'delegate',\n description: 'Create a delegation',\n },\n args: {\n to: {\n type: 'string',\n description: 'Delegate email (who can act on your behalf)',\n required: true,\n },\n at: {\n type: 'string',\n description: 'Service/audience where delegation applies',\n required: true,\n },\n scopes: {\n type: 'string',\n description: 'Comma-separated scopes',\n },\n approval: {\n type: 'string',\n description: 'Approval type: once, timed, always',\n default: 'once',\n },\n expires: {\n type: 'string',\n description: 'Expiration date (ISO 8601)',\n },\n },\n async run({ args }) {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const idp = getIdpUrl()!\n const delegationsUrl = await getDelegationsEndpoint(idp)\n\n const body: Record<string, unknown> = {\n delegate: args.to,\n audience: args.at,\n approval: args.approval,\n }\n\n if (args.scopes) {\n body.scopes = args.scopes.split(',').map(s => s.trim())\n }\n\n if (args.expires) {\n body.expires_at = args.expires\n }\n\n const result = await apiFetch<{ id: string }>(delegationsUrl, {\n method: 'POST',\n body,\n })\n\n consola.success(`Delegation created: ${result.id}`)\n console.log(` Delegate: ${args.to}`)\n console.log(` Audience: ${args.at}`)\n if (args.scopes)\n console.log(` Scopes: ${args.scopes}`)\n console.log(` Approval: ${args.approval}`)\n if (args.expires)\n console.log(` Expires: ${args.expires}`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getDelegationsEndpoint } from '../../http'\n\ninterface Delegation {\n id: string\n delegator: string\n delegate: string\n audience: string\n scopes?: string[]\n approval: string\n created_at?: string\n expires_at?: string\n}\n\nexport const delegationsCommand = defineCommand({\n meta: {\n name: 'delegations',\n description: 'List delegations',\n },\n args: {\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const delegationsUrl = await getDelegationsEndpoint(idp)\n const delegations = await apiFetch<Delegation[]>(delegationsUrl)\n\n if (args.json) {\n console.log(JSON.stringify(delegations, null, 2))\n return\n }\n\n if (delegations.length === 0) {\n consola.info('No delegations found.')\n return\n }\n\n for (const d of delegations) {\n const scopes = d.scopes?.join(', ') || '(all)'\n const expires = d.expires_at ? ` expires ${d.expires_at}` : ''\n console.log(`${d.id} ${d.delegator} → ${d.delegate} at ${d.audience} [${scopes}]${expires}`)\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport {\n fetchRegistry,\n findAdapter,\n findConflictingAdapters,\n getInstalledDigest,\n installAdapter,\n isInstalled,\n loadAdapter,\n removeAdapter,\n searchAdapters,\n} from '@openape/shapes'\n\nexport const adapterCommand = defineCommand({\n meta: {\n name: 'adapter',\n description: 'Manage CLI adapters',\n },\n subCommands: {\n list: defineCommand({\n meta: {\n name: 'list',\n description: 'List available adapters',\n },\n args: {\n remote: {\n type: 'boolean',\n description: 'List adapters from the remote registry',\n default: false,\n },\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const forceRefresh = Boolean(args.refresh)\n if (args.remote) {\n const index = await fetchRegistry(forceRefresh)\n if (args.json) {\n process.stdout.write(`${JSON.stringify(index.adapters, null, 2)}\\n`)\n return\n }\n consola.info(`Registry: ${index.adapters.length} adapters (${index.generated_at})`)\n for (const a of index.adapters) {\n const installed = isInstalled(a.id, false) ? ' [installed]' : ''\n console.log(` ${a.id.padEnd(12)} ${a.name.padEnd(24)} ${a.category}${installed}`)\n }\n return\n }\n\n const index = await fetchRegistry(forceRefresh)\n const local: { id: string, source: string, digest: string }[] = []\n for (const a of index.adapters) {\n try {\n const loaded = loadAdapter(a.id)\n local.push({ id: a.id, source: loaded.source, digest: loaded.digest })\n }\n catch {\n // not installed locally\n }\n }\n\n if (args.json) {\n process.stdout.write(`${JSON.stringify(local, null, 2)}\\n`)\n return\n }\n\n if (local.length === 0) {\n consola.info('No adapters installed. Use `apes adapter list --remote` to see available adapters.')\n return\n }\n\n for (const a of local) {\n console.log(` ${a.id.padEnd(12)} ${a.source}`)\n }\n },\n }),\n\n install: defineCommand({\n meta: {\n name: 'install',\n description: 'Install an adapter from the registry',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID to install',\n required: true,\n },\n local: {\n type: 'boolean',\n description: 'Install to project-local .openape/ instead of ~/.openape/',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const ids = [String(args.id), ...args._].filter(Boolean)\n const local = Boolean(args.local)\n const index = await fetchRegistry(Boolean(args.refresh))\n\n for (const id of ids) {\n const entry = findAdapter(index, id)\n if (!entry) {\n consola.error(`Adapter \"${id}\" not found in registry. Use \\`apes adapter search ${id}\\` to search.`)\n continue\n }\n\n const conflicts = findConflictingAdapters(entry.executable, id)\n if (conflicts.length > 0) {\n for (const c of conflicts) {\n consola.warn(`Conflicting adapter found: ${c.path} (id: ${c.adapterId}, executable: ${c.executable})`)\n consola.warn(` Remove it with: apes adapter remove ${c.adapterId}`)\n }\n }\n\n const result = await installAdapter(entry, { local })\n const verb = result.updated ? 'Updated' : 'Installed'\n consola.success(`${verb} ${result.id} → ${result.path}`)\n consola.info(`Digest: ${result.digest}`)\n }\n },\n }),\n\n remove: defineCommand({\n meta: {\n name: 'remove',\n description: 'Remove an installed adapter',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID to remove',\n required: true,\n },\n local: {\n type: 'boolean',\n description: 'Remove from project-local .openape/',\n default: false,\n },\n },\n async run({ args }) {\n const ids = [String(args.id), ...args._].filter(Boolean)\n const local = Boolean(args.local)\n let failed = false\n\n for (const id of ids) {\n if (removeAdapter(id, local)) {\n consola.success(`Removed adapter: ${id}`)\n }\n else {\n consola.error(`Adapter \"${id}\" is not installed${local ? ' locally' : ''}`)\n failed = true\n }\n }\n\n if (failed)\n process.exit(1)\n },\n }),\n\n info: defineCommand({\n meta: {\n name: 'info',\n description: 'Show detailed adapter information',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID',\n required: true,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const id = String(args.id)\n const index = await fetchRegistry(Boolean(args.refresh))\n const entry = findAdapter(index, id)\n if (!entry)\n throw new Error(`Adapter \"${id}\" not found in registry`)\n\n console.log(`ID: ${entry.id}`)\n console.log(`Name: ${entry.name}`)\n console.log(`Description: ${entry.description}`)\n console.log(`Category: ${entry.category}`)\n console.log(`Tags: ${entry.tags.join(', ')}`)\n console.log(`Author: ${entry.author}`)\n console.log(`Executable: ${entry.executable}`)\n console.log(`Digest: ${entry.digest}`)\n console.log(`Min version: ${entry.min_shapes_version}`)\n console.log(`URL: ${entry.download_url}`)\n\n const localDigest = getInstalledDigest(id, false)\n if (localDigest) {\n const upToDate = localDigest === entry.digest\n console.log(`Installed: yes${upToDate ? ' (up to date)' : ' (update available)'}`)\n }\n else {\n console.log(`Installed: no`)\n }\n },\n }),\n\n search: defineCommand({\n meta: {\n name: 'search',\n description: 'Search adapters in the registry',\n },\n args: {\n query: {\n type: 'positional',\n description: 'Search query',\n required: true,\n },\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const query = String(args.query)\n const index = await fetchRegistry(Boolean(args.refresh))\n const results = searchAdapters(index, query)\n\n if (args.json) {\n process.stdout.write(`${JSON.stringify(results, null, 2)}\\n`)\n return\n }\n\n if (results.length === 0) {\n consola.info(`No adapters matching \"${query}\"`)\n return\n }\n\n for (const a of results) {\n console.log(` ${a.id.padEnd(12)} ${a.name.padEnd(24)} ${a.category}`)\n console.log(` ${a.description}`)\n }\n },\n }),\n\n update: defineCommand({\n meta: {\n name: 'update',\n description: 'Update installed adapters',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID (omit to update all)',\n },\n yes: {\n type: 'boolean',\n description: 'Skip confirmation',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: true,\n },\n },\n async run({ args }) {\n const index = await fetchRegistry(Boolean(args.refresh))\n const targetId = args.id ? String(args.id) : undefined\n const targets = targetId\n ? [targetId]\n : index.adapters.map(a => a.id).filter(id => isInstalled(id, false))\n\n if (targets.length === 0) {\n consola.info('No adapters installed to update.')\n return\n }\n\n for (const id of targets) {\n const entry = findAdapter(index, id)\n if (!entry) {\n consola.warn(`${id}: not found in registry, skipping`)\n continue\n }\n\n const localDigest = getInstalledDigest(id, false)\n if (localDigest === entry.digest) {\n consola.info(`${id}: already up to date`)\n continue\n }\n\n if (localDigest && !args.yes) {\n consola.warn(`${id}: digest will change — existing grants for this adapter will be invalidated`)\n consola.info(` Old: ${localDigest}`)\n consola.info(` New: ${entry.digest}`)\n consola.info(' Use --yes to confirm')\n continue\n }\n\n const result = await installAdapter(entry)\n consola.success(`Updated ${result.id} → ${result.path}`)\n }\n },\n }),\n\n verify: defineCommand({\n meta: {\n name: 'verify',\n description: 'Verify installed adapter against registry digest',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID',\n required: true,\n },\n local: {\n type: 'boolean',\n description: 'Check project-local adapter',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const id = String(args.id)\n const local = Boolean(args.local)\n const index = await fetchRegistry(Boolean(args.refresh))\n const entry = findAdapter(index, id)\n if (!entry)\n throw new Error(`Adapter \"${id}\" not found in registry`)\n\n const localDigest = getInstalledDigest(id, local)\n if (!localDigest)\n throw new Error(`Adapter \"${id}\" is not installed${local ? ' locally' : ''}`)\n\n if (localDigest === entry.digest) {\n consola.success(`${id}: digest matches registry`)\n }\n else {\n consola.error(`${id}: digest mismatch`)\n console.log(` Local: ${localDigest}`)\n console.log(` Registry: ${entry.digest}`)\n process.exit(1)\n }\n },\n }),\n },\n})\n","import { execFileSync } from 'node:child_process'\nimport { hostname } from 'node:os'\nimport { defineCommand } from 'citty'\nimport {\n createShapesGrant,\n extractOption,\n extractWrappedCommand,\n fetchGrantToken,\n findExistingGrant,\n loadAdapter,\n resolveCommand,\n verifyAndExecute,\n waitForGrantStatus,\n} from '@openape/shapes'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../config'\nimport { apiFetch, getGrantsEndpoint } from '../http'\n\nexport const runCommand = defineCommand({\n meta: {\n name: 'run',\n description: 'Execute a grant-secured command',\n },\n args: {\n 'approval': {\n type: 'string',\n description: 'Approval type: once, timed, always',\n default: 'once',\n },\n 'reason': {\n type: 'string',\n description: 'Reason for the grant request',\n },\n 'adapter': {\n type: 'string',\n description: 'Explicit path to adapter TOML file',\n },\n 'as': {\n type: 'string',\n description: 'Execute as this user (delegates to escapes)',\n },\n 'host': {\n type: 'string',\n description: 'Target host (default: system hostname)',\n },\n 'escapes-path': {\n type: 'string',\n description: 'Path to escapes binary',\n default: 'escapes',\n },\n 'idp': {\n type: 'string',\n description: 'IdP URL',\n },\n '_': {\n type: 'positional',\n description: 'Command to execute (after --)',\n required: false,\n },\n },\n async run({ rawArgs, args }) {\n const wrappedCommand = extractWrappedCommand(rawArgs ?? [])\n\n if (wrappedCommand.length > 0) {\n // Adapter mode: apes run [options] -- <cli> <args...>\n await runAdapterMode(wrappedCommand, rawArgs ?? [], args)\n }\n else {\n // Audience mode: apes run <audience> <action>\n // Extract audience and action from rawArgs (before --)\n const positionals = extractPositionals(rawArgs ?? [])\n if (positionals.length < 2)\n throw new Error('Usage: apes run -- <cli> <args...> OR apes run <audience> <action>')\n await runAudienceMode(positionals[0]!, positionals[1]!, args)\n }\n },\n})\n\nfunction extractPositionals(rawArgs: string[]): string[] {\n const positionals: string[] = []\n const delimiter = rawArgs.indexOf('--')\n const args = delimiter >= 0 ? rawArgs.slice(0, delimiter) : rawArgs\n\n for (let i = 0; i < args.length; i++) {\n const arg = args[i]!\n if (arg === 'run')\n continue\n if (arg.startsWith('--')) {\n i++ // skip flag value\n continue\n }\n positionals.push(arg)\n }\n return positionals\n}\n\nasync function runAdapterMode(\n command: string[],\n rawArgs: string[],\n args: Record<string, unknown>,\n) {\n const idp = getIdpUrl(args.idp as string | undefined)\n if (!idp)\n throw new Error('No IdP URL configured. Run `apes login` first or pass --idp.')\n\n const adapterOpt = extractOption(rawArgs, 'adapter')\n const loaded = loadAdapter(command[0]!, adapterOpt)\n const resolved = await resolveCommand(loaded, command)\n const approval = (args.approval ?? 'once') as 'once' | 'timed' | 'always'\n\n // Try reusing an existing timed/always grant (findExistingGrant skips once grants)\n try {\n const existingGrantId = await findExistingGrant(resolved, idp)\n if (existingGrantId) {\n consola.info(`Reusing existing grant: ${existingGrantId}`)\n const token = await fetchGrantToken(idp, existingGrantId)\n await verifyAndExecute(token, resolved)\n return\n }\n }\n catch {\n // Fall through to creating a new grant\n }\n\n const grant = await createShapesGrant(resolved, {\n idp,\n approval,\n ...(args.reason ? { reason: args.reason as string } : {}),\n })\n\n consola.info(`Grant requested: ${grant.id}`)\n consola.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`)\n\n if (grant.similar_grants?.similar_grants?.length) {\n const n = grant.similar_grants.similar_grants.length\n consola.info('')\n consola.info(` Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`)\n if (grant.similar_grants.widened_details?.length) {\n const wider = grant.similar_grants.widened_details.map(d => d.permission).join(', ')\n consola.info(` Broader scope: ${wider}`)\n }\n consola.info('')\n }\n\n const status = await waitForGrantStatus(idp, grant.id)\n if (status !== 'approved')\n throw new Error(`Grant ${status}`)\n\n const token = await fetchGrantToken(idp, grant.id)\n await verifyAndExecute(token, resolved)\n}\n\nasync function runAudienceMode(\n audience: string,\n action: string,\n args: Record<string, unknown>,\n) {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const idp = getIdpUrl(args.idp as string | undefined)!\n const grantsUrl = await getGrantsEndpoint(idp)\n const command = action.split(' ')\n const targetHost = (args.host as string) || hostname()\n\n // Step 1: Request grant\n consola.info(`Requesting ${audience} grant on ${targetHost}: ${command.join(' ')}`)\n const grant = await apiFetch<{ id: string, status: string }>(grantsUrl, {\n method: 'POST',\n body: {\n requester: auth.email,\n target_host: targetHost,\n audience,\n grant_type: args.approval,\n command,\n reason: (args.reason as string) || command.join(' '),\n ...(args.as ? { run_as: args.as } : {}),\n },\n })\n consola.success(`Grant requested: ${grant.id}`)\n\n // Step 2: Wait for approval\n consola.info('Waiting for approval...')\n const maxWait = 300_000\n const interval = 3_000\n const start = Date.now()\n\n while (Date.now() - start < maxWait) {\n const status = await apiFetch<{ status: string }>(`${grantsUrl}/${grant.id}`)\n if (status.status === 'approved') {\n consola.success('Grant approved!')\n break\n }\n if (status.status === 'denied' || status.status === 'revoked') {\n consola.error(`Grant ${status.status}.`)\n return process.exit(1)\n }\n await new Promise(r => setTimeout(r, interval))\n }\n\n // Step 3: Get grant token\n consola.info('Fetching grant token...')\n const { authz_jwt } = await apiFetch<{ authz_jwt: string }>(`${grantsUrl}/${grant.id}/token`, {\n method: 'POST',\n })\n\n // Step 4: Execute or output token\n if (audience === 'escapes') {\n consola.info(`Executing: ${command.join(' ')}`)\n try {\n execFileSync((args['escapes-path'] as string) || 'escapes', ['--grant', authz_jwt, '--', ...command], {\n stdio: 'inherit',\n })\n }\n catch (err: unknown) {\n const exitCode = (err as { status?: number }).status || 1\n process.exit(exitCode)\n }\n }\n else {\n process.stdout.write(authz_jwt)\n }\n}\n","import { defineCommand } from 'citty'\nimport { extractOption, extractWrappedCommand, loadAdapter, resolveCommand } from '@openape/shapes'\n\nexport const explainCommand = defineCommand({\n meta: {\n name: 'explain',\n description: 'Show what permission a command would need',\n },\n args: {\n adapter: {\n type: 'string',\n description: 'Explicit path to adapter TOML file',\n },\n _: {\n type: 'positional',\n description: 'Wrapped command (after --)',\n required: false,\n },\n },\n async run({ rawArgs }) {\n const command = extractWrappedCommand(rawArgs ?? [])\n if (command.length === 0)\n throw new Error('Missing wrapped command. Usage: apes explain [--adapter <file>] -- <cli> ...')\n\n const adapterOpt = extractOption(rawArgs ?? [], 'adapter')\n const loaded = loadAdapter(command[0]!, adapterOpt)\n const resolved = await resolveCommand(loaded, command)\n\n process.stdout.write(`${JSON.stringify({\n adapter: resolved.adapter.cli.id,\n source: resolved.source,\n operation: resolved.detail.operation_id,\n display: resolved.detail.display,\n permission: resolved.permission,\n resource_chain: resolved.detail.resource_chain,\n exact_command: resolved.detail.constraints?.exact_command ?? false,\n adapter_digest: resolved.digest,\n }, null, 2)}\\n`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth, loadConfig } from '../../config'\n\nexport const configGetCommand = defineCommand({\n meta: {\n name: 'get',\n description: 'Get a configuration value',\n },\n args: {\n key: {\n type: 'positional',\n description: 'Config key: idp, email, defaults.idp, defaults.approval, agent.key, agent.email',\n required: true,\n },\n },\n run({ args }) {\n const key = args.key\n\n switch (key) {\n case 'idp': {\n const idp = getIdpUrl()\n if (idp)\n console.log(idp)\n else\n consola.info('No IdP configured.')\n break\n }\n case 'email': {\n const auth = loadAuth()\n if (auth?.email)\n console.log(auth.email)\n else\n consola.info('Not logged in.')\n break\n }\n default: {\n // Dot-notation: defaults.idp, defaults.approval, agent.key, agent.email\n const config = loadConfig()\n const parts = key.split('.')\n if (parts.length === 2) {\n const section = parts[0] as keyof typeof config\n const field = parts[1]!\n const sectionObj = config[section] as Record<string, string> | undefined\n if (sectionObj && field in sectionObj) {\n console.log(sectionObj[field])\n }\n else {\n consola.info(`Key \"${key}\" not set.`)\n }\n }\n else {\n consola.error(`Unknown key: \"${key}\". Use: idp, email, defaults.idp, defaults.approval, agent.key, agent.email`)\n process.exit(1)\n }\n }\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { loadConfig, saveConfig } from '../../config'\n\nexport const configSetCommand = defineCommand({\n meta: {\n name: 'set',\n description: 'Set a configuration value',\n },\n args: {\n key: {\n type: 'positional',\n description: 'Config key: defaults.idp, defaults.approval, agent.key, agent.email',\n required: true,\n },\n value: {\n type: 'positional',\n description: 'Value to set',\n required: true,\n },\n },\n run({ args }) {\n const key = args.key\n const value = args.value\n const config = loadConfig()\n\n const parts = key.split('.')\n if (parts.length !== 2) {\n consola.error(`Invalid key: \"${key}\". Use: defaults.idp, defaults.approval, agent.key, agent.email`)\n return process.exit(1)\n }\n\n const [section, field] = parts as [string, string]\n\n if (section === 'defaults') {\n config.defaults = config.defaults || {}\n ;(config.defaults as Record<string, string>)[field] = value\n }\n else if (section === 'agent') {\n config.agent = config.agent || {}\n ;(config.agent as Record<string, string>)[field] = value\n }\n else {\n consola.error(`Unknown section: \"${section}\". Use: defaults, agent`)\n return process.exit(1)\n }\n\n saveConfig(config)\n consola.success(`Set ${key} = ${value}`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getAuthToken } from '../../config'\n\nasync function doRequest(method: string, url: string, body: string | undefined, contentType: string, raw: boolean, showHeaders: boolean) {\n const token = getAuthToken()\n if (!token) {\n consola.error('Not authenticated. Run `apes login` first.')\n return process.exit(1)\n }\n\n const response = await fetch(url, {\n method,\n headers: {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': contentType,\n },\n body: body || undefined,\n })\n\n if (showHeaders) {\n console.log(`HTTP ${response.status} ${response.statusText}`)\n for (const [key, value] of response.headers.entries()) {\n console.log(`${key}: ${value}`)\n }\n console.log()\n }\n\n const respContentType = response.headers.get('content-type') || ''\n const text = await response.text()\n\n if (raw || !respContentType.includes('json')) {\n process.stdout.write(text)\n }\n else {\n try {\n console.log(JSON.stringify(JSON.parse(text), null, 2))\n }\n catch {\n process.stdout.write(text)\n }\n }\n\n if (!response.ok) {\n process.exit(1)\n }\n}\n\nexport const fetchCommand = defineCommand({\n meta: {\n name: 'fetch',\n description: 'Make authenticated HTTP requests',\n },\n subCommands: {\n get: defineCommand({\n meta: {\n name: 'get',\n description: 'GET request with auth token',\n },\n args: {\n url: {\n type: 'positional',\n description: 'URL to fetch',\n required: true,\n },\n raw: {\n type: 'boolean',\n description: 'Output raw response body',\n default: false,\n },\n headers: {\n type: 'boolean',\n description: 'Show response headers',\n default: false,\n },\n },\n async run({ args }) {\n await doRequest('GET', String(args.url), undefined, 'application/json', Boolean(args.raw), Boolean(args.headers))\n },\n }),\n\n post: defineCommand({\n meta: {\n name: 'post',\n description: 'POST request with auth token',\n },\n args: {\n url: {\n type: 'positional',\n description: 'URL to fetch',\n required: true,\n },\n body: {\n type: 'string',\n description: 'Request body (JSON string)',\n },\n 'content-type': {\n type: 'string',\n description: 'Content-Type header',\n default: 'application/json',\n },\n raw: {\n type: 'boolean',\n description: 'Output raw response body',\n default: false,\n },\n headers: {\n type: 'boolean',\n description: 'Show response headers',\n default: false,\n },\n },\n async run({ args }) {\n await doRequest('POST', String(args.url), args.body as string | undefined, String(args['content-type'] || 'application/json'), Boolean(args.raw), Boolean(args.headers))\n },\n }),\n },\n})\n","import { defineCommand } from 'citty'\n\nexport const mcpCommand = defineCommand({\n meta: {\n name: 'mcp',\n description: 'Start MCP server for AI agents',\n },\n args: {\n transport: {\n type: 'string',\n description: 'Transport type: stdio or sse',\n default: 'stdio',\n },\n port: {\n type: 'string',\n description: 'Port for SSE transport',\n default: '3001',\n },\n },\n async run({ args }) {\n const transport = (args.transport || 'stdio') as 'stdio' | 'sse'\n const port = Number.parseInt(String(args.port), 10)\n\n if (transport !== 'stdio' && transport !== 'sse') {\n throw new Error('Transport must be \"stdio\" or \"sse\"')\n }\n\n const { startMcpServer } = await import('./server.js')\n await startMcpServer(transport, port)\n },\n})\n","import { existsSync, copyFileSync, writeFileSync } from 'node:fs'\nimport { randomBytes } from 'node:crypto'\nimport { execFileSync } from 'node:child_process'\nimport { join } from 'node:path'\nimport { defineCommand } from 'citty'\nimport consola from 'consola'\n\nconst DEFAULT_IDP_URL = 'https://id.openape.at'\n\nasync function downloadTemplate(repo: string, targetDir: string) {\n const { downloadTemplate: gigetDownload } = await import('giget')\n await gigetDownload(`gh:${repo}`, { dir: targetDir, force: false })\n}\n\nfunction installDeps(dir: string) {\n const hasLockFile = (name: string) => existsSync(join(dir, name))\n\n if (hasLockFile('pnpm-lock.yaml')) {\n execFileSync('pnpm', ['install'], { cwd: dir, stdio: 'inherit' })\n }\n else if (hasLockFile('bun.lockb')) {\n execFileSync('bun', ['install'], { cwd: dir, stdio: 'inherit' })\n }\n else {\n execFileSync('npm', ['install'], { cwd: dir, stdio: 'inherit' })\n }\n}\n\nasync function promptChoice(message: string, choices: string[]): Promise<string> {\n const result = await consola.prompt(message, { type: 'select', options: choices })\n if (typeof result === 'symbol') {\n process.exit(0)\n }\n return result as string\n}\n\nasync function promptText(message: string, defaultValue?: string): Promise<string> {\n const result = await consola.prompt(message, { type: 'text', default: defaultValue, placeholder: defaultValue })\n if (typeof result === 'symbol') {\n process.exit(0)\n }\n return (result as string) || defaultValue || ''\n}\n\nexport const initCommand = defineCommand({\n meta: {\n name: 'init',\n description: 'Scaffold a new OpenApe project',\n },\n args: {\n sp: {\n type: 'boolean',\n description: 'Create a Service Provider app',\n },\n idp: {\n type: 'boolean',\n description: 'Create an Identity Provider app',\n },\n dir: {\n type: 'positional',\n description: 'Target directory',\n required: false,\n },\n },\n async run({ args }) {\n let mode: 'sp' | 'idp'\n\n if (args.sp) {\n mode = 'sp'\n }\n else if (args.idp) {\n mode = 'idp'\n }\n else {\n const choice = await promptChoice('What do you want to set up?', [\n 'SP — Add login to my app',\n 'IdP — Run my own Identity Provider',\n ])\n mode = choice.startsWith('SP') ? 'sp' : 'idp'\n }\n\n if (mode === 'sp') {\n await initSP(args.dir)\n }\n else {\n await initIdP(args.dir)\n }\n },\n})\n\nasync function initSP(targetDir?: string) {\n const dir = targetDir || 'my-app'\n\n if (existsSync(join(dir, 'package.json'))) {\n consola.error(`Directory \"${dir}\" already contains a project.`)\n return process.exit(1)\n }\n\n consola.start('Scaffolding SP starter...')\n await downloadTemplate('openape-ai/openape-sp-starter', dir)\n consola.success('Scaffolded from openape-sp-starter')\n\n consola.start('Installing dependencies...')\n installDeps(dir)\n consola.success('Dependencies installed')\n\n // Create .env from .env.example\n const envExample = join(dir, '.env.example')\n const envFile = join(dir, '.env')\n if (existsSync(envExample) && !existsSync(envFile)) {\n copyFileSync(envExample, envFile)\n consola.success(`\\`.env\\` created (using Free IdP at ${DEFAULT_IDP_URL})`)\n }\n\n console.log('')\n consola.box([\n `cd ${dir}`,\n 'npm run dev',\n '',\n 'Then open http://localhost:3001/login',\n ].join('\\n'))\n}\n\nasync function initIdP(targetDir?: string) {\n const dir = targetDir || 'my-idp'\n\n if (existsSync(join(dir, 'package.json'))) {\n consola.error(`Directory \"${dir}\" already contains a project.`)\n return process.exit(1)\n }\n\n // Interactive questions\n const domain = await promptText('Domain for the IdP', 'localhost')\n const storage = await promptChoice('Storage backend', [\n 'memory (dev only, data lost on restart)',\n 'fs (local filesystem)',\n 's3 (S3-compatible)',\n ])\n const adminEmail = await promptText('Admin email')\n\n consola.start('Scaffolding IdP starter...')\n await downloadTemplate('openape-ai/openape-idp-starter', dir)\n consola.success('Scaffolded from openape-idp-starter')\n\n consola.start('Installing dependencies...')\n installDeps(dir)\n consola.success('Dependencies installed')\n\n // Generate secrets\n const sessionSecret = randomBytes(32).toString('hex')\n const managementToken = randomBytes(32).toString('hex')\n consola.success('Secrets generated')\n\n // Determine origin/issuer\n const isLocalhost = domain === 'localhost'\n const origin = isLocalhost ? 'http://localhost:3000' : `https://${domain}`\n\n // Write .env\n const envContent = [\n '# Generated by apes init --idp',\n '',\n `NUXT_OPENAPE_SESSION_SECRET=${sessionSecret}`,\n `NUXT_OPENAPE_ADMIN_EMAILS=${adminEmail}`,\n `NUXT_OPENAPE_MANAGEMENT_TOKEN=${managementToken}`,\n `NUXT_OPENAPE_ISSUER=${origin}`,\n `NUXT_OPENAPE_RP_NAME=My Identity Provider`,\n `NUXT_OPENAPE_RP_ID=${domain}`,\n `NUXT_OPENAPE_RP_ORIGIN=${origin}`,\n ].join('\\n')\n\n writeFileSync(join(dir, '.env'), envContent + '\\n', { mode: 0o600 })\n consola.success('.env created')\n\n console.log('')\n consola.box([\n `cd ${dir}`,\n 'npm run dev',\n '',\n 'Then open http://localhost:3000/admin',\n '',\n ...(isLocalhost\n ? []\n : [\n 'For production:',\n ` 1. DNS TXT Record: _ddisa.${domain.replace(/^id\\./, '')} → \"v=ddisa1 idp=${origin}\"`,\n ` 2. Storage: switch to ${storage.includes('s3') ? 's3' : 'fs'} in nuxt.config.ts`,\n ' 3. Deploy: vercel deploy',\n ]),\n ].join('\\n'))\n}\n","import { Buffer } from 'node:buffer'\nimport { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs'\nimport { execFile } from 'node:child_process'\nimport { generateKeyPairSync, sign } from 'node:crypto'\nimport { dirname, resolve } from 'node:path'\nimport { homedir } from 'node:os'\nimport { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { loadEd25519PrivateKey } from '../ssh-key'\nimport { getAgentChallengeEndpoint, getAgentAuthenticateEndpoint } from '../http'\nimport { saveAuth, saveConfig, loadConfig } from '../config'\n\nconst DEFAULT_IDP_URL = 'https://id.openape.at'\nconst DEFAULT_KEY_PATH = '~/.ssh/id_ed25519'\nconst POLL_INTERVAL = 3000\nconst POLL_TIMEOUT = 300_000 // 5 minutes\n\nfunction resolvePath(p: string): string {\n return resolve(p.replace(/^~/, homedir()))\n}\n\nfunction openBrowser(url: string) {\n const cmd = process.platform === 'darwin' ? 'open' : process.platform === 'win32' ? 'start' : 'xdg-open'\n execFile(cmd, [url], () => {})\n}\n\nfunction readPublicKey(keyPath: string): string {\n const pubPath = `${keyPath}.pub`\n if (existsSync(pubPath)) {\n return readFileSync(pubPath, 'utf-8').trim()\n }\n\n // Derive public key from private key\n const keyContent = readFileSync(keyPath, 'utf-8')\n const privateKey = loadEd25519PrivateKey(keyContent)\n const jwk = privateKey.export({ format: 'jwk' }) as { x: string }\n const pubBytes = Buffer.from(jwk.x, 'base64url')\n\n // Format as OpenSSH public key\n const keyTypeStr = 'ssh-ed25519'\n const keyTypeLen = Buffer.alloc(4)\n keyTypeLen.writeUInt32BE(keyTypeStr.length)\n const pubKeyLen = Buffer.alloc(4)\n pubKeyLen.writeUInt32BE(pubBytes.length)\n const blob = Buffer.concat([keyTypeLen, Buffer.from(keyTypeStr), pubKeyLen, pubBytes])\n\n return `ssh-ed25519 ${blob.toString('base64')}`\n}\n\nfunction generateAndSaveKey(keyPath: string): string {\n const resolved = resolvePath(keyPath)\n const dir = dirname(resolved)\n\n if (!existsSync(dir)) {\n mkdirSync(dir, { recursive: true })\n }\n\n // Generate Ed25519 key pair\n const { publicKey, privateKey } = generateKeyPairSync('ed25519')\n\n // Export private key in PKCS8 PEM format (universally readable)\n const privatePem = privateKey.export({ type: 'pkcs8', format: 'pem' }) as string\n writeFileSync(resolved, privatePem, { mode: 0o600 })\n\n // Export public key in OpenSSH format\n const jwk = publicKey.export({ format: 'jwk' }) as { x: string }\n const pubBytes = Buffer.from(jwk.x, 'base64url')\n const keyTypeStr = 'ssh-ed25519'\n const keyTypeLen = Buffer.alloc(4)\n keyTypeLen.writeUInt32BE(keyTypeStr.length)\n const pubKeyLen = Buffer.alloc(4)\n pubKeyLen.writeUInt32BE(pubBytes.length)\n const blob = Buffer.concat([keyTypeLen, Buffer.from(keyTypeStr), pubKeyLen, pubBytes])\n const pubKeyStr = `ssh-ed25519 ${blob.toString('base64')}`\n\n writeFileSync(`${resolved}.pub`, `${pubKeyStr}\\n`, { mode: 0o644 })\n\n return pubKeyStr\n}\n\nasync function pollForEnrollment(\n idp: string,\n agentEmail: string,\n keyPath: string,\n): Promise<{ token: string, expiresIn: number }> {\n const resolvedKey = resolvePath(keyPath)\n const keyContent = readFileSync(resolvedKey, 'utf-8')\n const privateKey = loadEd25519PrivateKey(keyContent)\n\n const challengeUrl = await getAgentChallengeEndpoint(idp)\n const authenticateUrl = await getAgentAuthenticateEndpoint(idp)\n const startTime = Date.now()\n\n while (Date.now() - startTime < POLL_TIMEOUT) {\n try {\n // Try to get a challenge — if it works, agent is enrolled\n const challengeResp = await fetch(challengeUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ agent_id: agentEmail }),\n })\n\n if (challengeResp.ok) {\n const { challenge } = await challengeResp.json() as { challenge: string }\n const signature = sign(null, Buffer.from(challenge), privateKey).toString('base64')\n\n const authResp = await fetch(authenticateUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ agent_id: agentEmail, challenge, signature }),\n })\n\n if (authResp.ok) {\n const result = await authResp.json() as { token: string, expires_in: number }\n return { token: result.token, expiresIn: result.expires_in }\n }\n }\n }\n catch {\n // Ignore network errors during polling\n }\n\n await new Promise(resolve => setTimeout(resolve, POLL_INTERVAL))\n }\n\n throw new Error('Enrollment timed out. Please check the browser and try again.')\n}\n\nexport const enrollCommand = defineCommand({\n meta: {\n name: 'enroll',\n description: 'Enroll an agent with an Identity Provider',\n },\n args: {\n idp: {\n type: 'string',\n description: `IdP URL (default: ${DEFAULT_IDP_URL})`,\n },\n name: {\n type: 'string',\n description: 'Agent name',\n },\n key: {\n type: 'string',\n description: `Path to Ed25519 key (default: ${DEFAULT_KEY_PATH})`,\n },\n },\n async run({ args }) {\n // 1. Gather inputs\n const idp = args.idp\n || await consola.prompt('IdP URL', { type: 'text', default: DEFAULT_IDP_URL, placeholder: DEFAULT_IDP_URL }).then(r => typeof r === 'symbol' ? process.exit(0) : r) as string\n || DEFAULT_IDP_URL\n\n const agentName = args.name\n || await consola.prompt('Agent name', { type: 'text', placeholder: 'deploy-bot' }).then(r => typeof r === 'symbol' ? process.exit(0) : r) as string\n\n if (!agentName) {\n consola.error('Agent name is required.')\n return process.exit(1)\n }\n\n const keyPath = args.key\n || await consola.prompt('Ed25519 key', { type: 'text', default: DEFAULT_KEY_PATH, placeholder: DEFAULT_KEY_PATH }).then(r => typeof r === 'symbol' ? process.exit(0) : r) as string\n || DEFAULT_KEY_PATH\n\n // 2. Handle key\n const resolvedKey = resolvePath(keyPath)\n let publicKey: string\n\n if (existsSync(resolvedKey)) {\n publicKey = readPublicKey(resolvedKey)\n consola.success(`Using existing key ${keyPath}`)\n }\n else {\n consola.start(`Generating Ed25519 key pair at ${keyPath}...`)\n publicKey = generateAndSaveKey(keyPath)\n consola.success(`Key pair generated at ${keyPath}`)\n }\n\n // 3. Open browser for enrollment\n const encodedKey = encodeURIComponent(publicKey)\n const enrollUrl = `${idp}/enroll?name=${encodeURIComponent(agentName)}&key=${encodedKey}`\n\n consola.info('Opening browser for enrollment...')\n consola.info(`→ ${idp}/enroll`)\n openBrowser(enrollUrl)\n\n // 4. Determine expected agent email\n // For the free IdP, the email format is: {name}+{user_local}+{user_domain}@id.openape.at\n // For custom IdPs, the format varies. We'll try common patterns.\n // The polling will try the challenge endpoint which accepts email as agent_id.\n // We need to guess the email, or poll without knowing it.\n // Best approach: ask the user to confirm the email shown in browser.\n console.log('')\n const agentEmail = await consola.prompt(\n 'Agent email (shown in browser after enrollment)',\n { type: 'text', placeholder: `agent+${agentName}@...` },\n ).then(r => typeof r === 'symbol' ? process.exit(0) : r) as string\n\n if (!agentEmail) {\n consola.error('Agent email is required to verify enrollment.')\n return process.exit(1)\n }\n\n // 5. Poll for enrollment confirmation via challenge endpoint\n consola.start('Verifying enrollment...')\n const { token, expiresIn } = await pollForEnrollment(idp, agentEmail, keyPath)\n\n // 6. Save auth + config\n saveAuth({\n idp,\n access_token: token,\n email: agentEmail,\n expires_at: Math.floor(Date.now() / 1000) + (expiresIn || 3600),\n })\n\n const config = loadConfig()\n config.defaults = { ...config.defaults, idp }\n config.agent = { key: keyPath, email: agentEmail }\n saveConfig(config)\n\n consola.success(`Agent enrolled as ${agentEmail}`)\n consola.success('Config saved to ~/.config/apes/')\n\n console.log('')\n consola.info('Verify with: apes whoami')\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { resolveDDISA } from '@openape/core'\n\nexport const dnsCheckCommand = defineCommand({\n meta: {\n name: 'dns-check',\n description: 'Validate DDISA DNS TXT records for a domain',\n },\n args: {\n domain: {\n type: 'positional',\n description: 'Domain to check (e.g. example.com)',\n required: true,\n },\n },\n async run({ args }) {\n const domain = args.domain\n\n consola.start(`Checking _ddisa.${domain}...`)\n\n try {\n const result = await resolveDDISA(domain)\n\n if (!result) {\n consola.error(`No DDISA record found for ${domain}`)\n console.log('')\n console.log('To set up DDISA, add a DNS TXT record:')\n console.log(` _ddisa.${domain} TXT \"v=ddisa1 idp=https://id.${domain}\"`)\n return process.exit(1)\n }\n\n consola.success(`_ddisa.${domain} → ${result.idp}`)\n console.log('')\n console.log(` Version: ${result.version || 'ddisa1'}`)\n console.log(` IdP URL: ${result.idp}`)\n if (result.mode)\n console.log(` Mode: ${result.mode}`)\n if (result.priority !== undefined)\n console.log(` Priority: ${result.priority}`)\n\n // Try OIDC discovery on the IdP\n console.log('')\n consola.start(`Verifying IdP at ${result.idp}...`)\n\n const discoResp = await fetch(`${result.idp}/.well-known/openid-configuration`)\n\n if (!discoResp.ok) {\n consola.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`)\n return\n }\n\n const disco = await discoResp.json() as Record<string, unknown>\n\n consola.success(`IdP is reachable`)\n console.log(` Issuer: ${disco.issuer}`)\n console.log(` DDISA: v${disco.ddisa_version || '?'}`)\n\n if (disco.ddisa_auth_methods_supported) {\n console.log(` Auth: ${(disco.ddisa_auth_methods_supported as string[]).join(', ')}`)\n }\n\n if (disco.openape_grant_types_supported) {\n console.log(` Grants: ${(disco.openape_grant_types_supported as string[]).join(', ')}`)\n }\n }\n catch (err) {\n consola.error(`DNS check failed: ${err instanceof Error ? err.message : String(err)}`)\n return process.exit(1)\n }\n },\n})\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAOA,eAAa;AACpB,SAAS,iBAAAC,iBAAe,eAAe;;;ACDvC,SAAS,cAAc;AACvB,SAAS,gBAAgB;AACzB,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,uBAAuB,4BAA4B;AAC5D,OAAO,aAAa;AAIpB,IAAM,gBAAgB;AACtB,IAAM,YAAY;AAEX,IAAM,eAAe,cAAc;AAAA,EACxC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,SAAS,WAAW;AAC1B,UAAM,MAAM,KAAK,OAAO,QAAQ,IAAI,YAAY,QAAQ,IAAI,cAAc,OAAO,UAAU;AAE3F,QAAI,CAAC,KAAK;AACR,cAAQ,MAAM,oDAAoD;AAClE,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,QAAI,KAAK,KAAK;AACZ,YAAM,aAAa,KAAK,KAAK,KAAK,KAAK,KAAK;AAAA,IAC9C,OACK;AACH,YAAM,cAAc,GAAG;AAAA,IACzB;AAAA,EACF;AACF,CAAC;AAED,SAAS,YAAY,KAAa;AAChC,QAAM,MAAM,QAAQ,aAAa,WAAW,SAAS,QAAQ,aAAa,UAAU,UAAU;AAC9F,WAAS,KAAK,CAAC,GAAG,GAAG,MAAM;AAAA,EAAC,CAAC;AAC/B;AAEA,eAAe,cAAc,KAAa;AACxC,QAAM,eAAe,qBAAqB;AAC1C,QAAM,gBAAgB,MAAM,sBAAsB,YAAY;AAC9D,QAAM,cAAc,oBAAoB,aAAa;AAErD,QAAM,QAAQ,OAAO,WAAW;AAChC,QAAM,QAAQ,OAAO,WAAW;AAEhC,QAAM,UAAU,IAAI,IAAI,GAAG,GAAG,YAAY;AAC1C,UAAQ,aAAa,IAAI,iBAAiB,MAAM;AAChD,UAAQ,aAAa,IAAI,aAAa,SAAS;AAC/C,UAAQ,aAAa,IAAI,gBAAgB,WAAW;AACpD,UAAQ,aAAa,IAAI,kBAAkB,aAAa;AACxD,UAAQ,aAAa,IAAI,yBAAyB,MAAM;AACxD,UAAQ,aAAa,IAAI,SAAS,KAAK;AACvC,UAAQ,aAAa,IAAI,SAAS,KAAK;AACvC,UAAQ,aAAa,IAAI,SAAS,qCAAqC;AAGvE,QAAM,OAAO,MAAM,IAAI,QAAgB,CAACC,UAAS,WAAW;AAC1D,UAAM,SAAS,aAAa,CAAC,KAAK,QAAQ;AACxC,YAAM,MAAM,IAAI,IAAI,IAAI,KAAM,oBAAoB,aAAa,EAAE;AACjE,UAAI,IAAI,aAAa,aAAa;AAChC,cAAM,WAAW,IAAI,aAAa,IAAI,MAAM;AAC5C,cAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAE1C,YAAI,OAAO;AACT,cAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,cAAI,IAAI,wDAAwD;AAChE,iBAAO,MAAM;AACb,iBAAO,IAAI,MAAM,eAAe,KAAK,EAAE,CAAC;AACxC;AAAA,QACF;AAEA,YAAI,UAAU;AACZ,cAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,cAAI,IAAI,6DAA6D;AACrE,iBAAO,MAAM;AACb,UAAAA,SAAQ,QAAQ;AAChB;AAAA,QACF;AAEA,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI,cAAc;AAAA,MACxB,OACK;AACH,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AAAA,MACV;AAAA,IACF,CAAC;AAED,WAAO,OAAO,eAAe,MAAM;AACjC,cAAQ,KAAK,gCAAgC,GAAG,KAAK;AACrD,kBAAY,QAAQ,SAAS,CAAC;AAAA,IAChC,CAAC;AAGD,UAAM,UAAU,WAAW,MAAM;AAC/B,aAAO,MAAM;AACb,aAAO,IAAI,MAAM,iBAAiB,CAAC;AAAA,IACrC,GAAG,GAAO;AACV,YAAQ,MAAM;AAAA,EAChB,CAAC;AAGD,QAAM,gBAAgB,MAAM,MAAM,GAAG,GAAG,UAAU;AAAA,IAChD,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,YAAY;AAAA,MACZ;AAAA,MACA,eAAe;AAAA,MACf,cAAc;AAAA,MACd,WAAW;AAAA,IACb,CAAC;AAAA,EACH,CAAC;AAED,MAAI,CAAC,cAAc,IAAI;AACrB,UAAM,OAAO,MAAM,cAAc,KAAK;AACtC,YAAQ,MAAM,0BAA0B,IAAI,EAAE;AAC9C,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,SAAS,MAAM,cAAc,KAAK;AAQxC,QAAM,cAAc,OAAO,gBAAgB,OAAO,YAAY,OAAO;AACrE,MAAI,CAAC,aAAa;AAChB,YAAQ,MAAM,0BAA0B;AACxC,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAGA,QAAM,UAAU,KAAK,MAAM,KAAK,YAAY,MAAM,GAAG,EAAE,CAAC,CAAE,CAAC;AAE3D,WAAS;AAAA,IACP;AAAA,IACA,cAAc;AAAA,IACd,GAAI,OAAO,gBAAgB,EAAE,eAAe,OAAO,cAAc,IAAI,CAAC;AAAA,IACtE,OAAO,QAAQ,SAAS,QAAQ;AAAA,IAChC,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,cAAc;AAAA,EACpE,CAAC;AAED,UAAQ,QAAQ,gBAAgB,QAAQ,SAAS,QAAQ,GAAG,EAAE;AAChE;AAEA,eAAe,aAAa,KAAa,SAAiB,OAAgB;AACxE,QAAM,EAAE,cAAAC,cAAa,IAAI,MAAM,OAAO,IAAS;AAC/C,QAAM,EAAE,MAAAC,MAAK,IAAI,MAAM,OAAO,QAAa;AAC3C,QAAM,EAAE,uBAAAC,uBAAsB,IAAI,MAAM,OAAO,uBAAkB;AAEjE,QAAM,aAAa;AACnB,MAAI,CAAC,YAAY;AACf,YAAQ,MAAM,qEAAqE;AACnF,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAGA,QAAM,eAAe,MAAM,0BAA0B,GAAG;AACxD,QAAM,gBAAgB,MAAM,MAAM,cAAc;AAAA,IAC9C,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,WAAW,CAAC;AAAA,EAC/C,CAAC;AAED,MAAI,CAAC,cAAc,IAAI;AACrB,YAAQ,MAAM,qBAAqB,MAAM,cAAc,KAAK,CAAC,EAAE;AAC/D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,EAAE,UAAU,IAAI,MAAM,cAAc,KAAK;AAG/C,QAAM,aAAaF,cAAa,SAAS,OAAO;AAChD,QAAM,aAAaE,uBAAsB,UAAU;AACnD,QAAM,YAAYD,MAAK,MAAM,OAAO,KAAK,SAAS,GAAG,UAAU,EAAE,SAAS,QAAQ;AAGlF,QAAM,kBAAkB,MAAM,6BAA6B,GAAG;AAC9D,QAAM,WAAW,MAAM,MAAM,iBAAiB;AAAA,IAC5C,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,YAAQ,MAAM,0BAA0B,MAAM,SAAS,KAAK,CAAC,EAAE;AAC/D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,EAAE,OAAO,WAAW,IAAI,MAAM,SAAS,KAAK;AAElD,WAAS;AAAA,IACP;AAAA,IACA,cAAc;AAAA,IACd,OAAO;AAAA,IACP,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,cAAc;AAAA,EAC7D,CAAC;AAED,UAAQ,QAAQ,gBAAgB,UAAU,UAAU;AACtD;;;AC/NA,SAAS,iBAAAE,sBAAqB;AAC9B,OAAOC,cAAa;AAGb,IAAM,gBAAgBC,eAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AACJ,cAAU;AACV,IAAAC,SAAQ,QAAQ,aAAa;AAAA,EAC/B;AACF,CAAC;;;ACbD,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AAGb,IAAM,gBAAgBC,eAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AACJ,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAC,SAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,UAAU,KAAK,MAAM,SAAS,QAAQ;AAC5C,UAAM,YAAY,IAAI,KAAK,KAAK,aAAa,GAAI,EAAE,YAAY;AAE/D,YAAQ,IAAI,UAAU,KAAK,KAAK,EAAE;AAClC,YAAQ,IAAI,UAAU,UAAU,UAAU,OAAO,EAAE;AACnD,YAAQ,IAAI,UAAU,KAAK,GAAG,EAAE;AAChC,YAAQ,IAAI,sBAAsB,SAAS,EAAE;AAAA,EAC/C;AACF,CAAC;;;ACxBD,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AA0Bb,IAAM,cAAcC,eAAc;AAAA,EACvC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,QAAI,CAAC,KAAK;AACR,MAAAC,SAAQ,MAAM,8DAA8D;AAC5E,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,OAAO,SAAS;AAEtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,KAAK;AACP,aAAO,IAAI,UAAU,KAAK,MAAM;AAClC,QAAI,KAAK;AACP,aAAO,IAAI,SAAS,KAAK,KAAK;AAChC,UAAM,QAAQ,OAAO,SAAS,IAAI,IAAI,OAAO,SAAS,CAAC,KAAK;AAE5D,UAAM,WAAW,MAAM,SAA0B,GAAG,SAAS,GAAG,KAAK,EAAE;AAEvE,QAAI,SAAS,SAAS;AAGtB,QAAI,CAAC,KAAK,OAAO,MAAM,OAAO;AAC5B,eAAS,OAAO,OAAO,OAAK,EAAE,cAAc,KAAK,KAAK;AAAA,IACxD;AAEA,QAAI,KAAK,MAAM;AACb,cAAQ,IAAI,KAAK,UAAU,KAAK,MAAM,WAAW,EAAE,GAAG,UAAU,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC;AACxF;AAAA,IACF;AAEA,QAAI,OAAO,WAAW,GAAG;AACvB,MAAAA,SAAQ,KAAK,KAAK,MAAM,qBAAqB,uDAAuD;AACpG;AAAA,IACF;AAEA,eAAW,SAAS,QAAQ;AAC1B,YAAM,MAAM,MAAM,SAAS,SAAS,KAAK,GAAG,KAAK;AACjD,YAAM,OAAO,MAAM,SAAS,cAAc,MAAM;AAChD,cAAQ,IAAI,GAAG,MAAM,EAAE,KAAK,MAAM,OAAO,OAAO,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,KAAK,GAAG,EAAE;AAC/E,UAAI,MAAM,SAAS,QAAQ;AACzB,gBAAQ,IAAI,aAAa,MAAM,QAAQ,MAAM,EAAE;AAAA,MACjD;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,UAAU;AAChC,MAAAA,SAAQ,KAAK,2DAA2D;AAAA,IAC1E;AAAA,EACF;AACF,CAAC;;;ACrGD,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AA0Bb,IAAM,eAAeC,eAAc;AAAA,EACxC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,QAAI,CAAC,KAAK;AACR,MAAAC,SAAQ,MAAM,gDAAgD;AAC9D,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAA,SAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,SAAS;AAC9B,QAAI,KAAK;AACP,aAAO,IAAI,SAAS,KAAK,KAAK;AAChC,UAAM,QAAQ,IAAI,OAAO,SAAS,CAAC;AAEnC,UAAM,WAAW,MAAM,SAA0B,GAAG,SAAS,GAAG,KAAK,EAAE;AAGvE,UAAM,SAAS,SAAS,KAAK,OAAO,OAAK,EAAE,cAAc,KAAK,KAAK;AAEnE,QAAI,KAAK,MAAM;AACb,cAAQ,IAAI,KAAK,UAAU,EAAE,GAAG,UAAU,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC;AAClE;AAAA,IACF;AAEA,QAAI,OAAO,WAAW,GAAG;AACvB,MAAAA,SAAQ,KAAK,+BAA+B;AAC5C;AAAA,IACF;AAEA,IAAAA,SAAQ,KAAK,GAAG,OAAO,MAAM;AAAA,CAAgC;AAE7D,eAAW,SAAS,QAAQ;AAC1B,YAAM,MAAM,MAAM,SAAS,SAAS,KAAK,GAAG,KAAK;AACjD,YAAM,OAAO,MAAM,SAAS,cAAc,MAAM;AAChD,cAAQ,IAAI,GAAG,MAAM,EAAE,KAAK,KAAK,OAAO,CAAC,CAAC,UAAU,MAAM,SAAS,EAAE;AACrE,cAAQ,IAAI,cAAc,GAAG,EAAE;AAC/B,UAAI,MAAM,SAAS,QAAQ;AACzB,gBAAQ,IAAI,cAAc,MAAM,QAAQ,MAAM,EAAE;AAAA,MAClD;AACA,UAAI,MAAM,YAAY;AACpB,gBAAQ,IAAI,cAAc,MAAM,UAAU,EAAE;AAAA,MAC9C;AACA,cAAQ,IAAI;AAAA,IACd;AAEA,IAAAA,SAAQ,KAAK,uEAAuE;AAAA,EACtF;AACF,CAAC;;;AChGD,SAAS,iBAAAC,sBAAqB;AAsBvB,IAAM,gBAAgBC,eAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,QAAQ,MAAM,SAAsB,GAAG,SAAS,IAAI,KAAK,EAAE,EAAE;AAEnE,QAAI,KAAK,MAAM;AACb,cAAQ,IAAI,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAC1C;AAAA,IACF;AAEA,YAAQ,IAAI,cAAc,MAAM,EAAE,EAAE;AACpC,YAAQ,IAAI,cAAc,MAAM,MAAM,EAAE;AACxC,YAAQ,IAAI,cAAc,MAAM,IAAI,EAAE;AACtC,YAAQ,IAAI,cAAc,MAAM,SAAS,EAAE;AAC3C,YAAQ,IAAI,cAAc,MAAM,KAAK,EAAE;AACvC,QAAI,MAAM;AACR,cAAQ,IAAI,cAAc,MAAM,QAAQ,EAAE;AAC5C,QAAI,MAAM,SAAS;AACjB,cAAQ,IAAI,cAAc,MAAM,QAAQ,QAAQ,KAAK,GAAG,CAAC,EAAE;AAC7D,QAAI,MAAM,SAAS;AACjB,cAAQ,IAAI,cAAc,MAAM,QAAQ,UAAU,EAAE;AACtD,QAAI,MAAM,SAAS;AACjB,cAAQ,IAAI,cAAc,MAAM,QAAQ,MAAM,EAAE;AAClD,QAAI,MAAM;AACR,cAAQ,IAAI,eAAe,MAAM,UAAU,EAAE;AAC/C,QAAI,MAAM;AACR,cAAQ,IAAI,eAAe,MAAM,UAAU,EAAE;AAC/C,QAAI,MAAM;AACR,cAAQ,IAAI,cAAc,MAAM,UAAU,EAAE;AAAA,EAChD;AACF,CAAC;;;ACrED,SAAS,gBAAgB;AACzB,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AAKb,IAAM,iBAAiBC,eAAc;AAAA,EAC1C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,SAAS;AAAA,MACP,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAC,SAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,UAAU,KAAK,QAAQ,MAAM,GAAG;AACtC,UAAM,aAAa,KAAK,QAAQ,SAAS;AAEzC,UAAM,WAAW,KAAK,WAAW,cAAc,KAAK,QAAQ,IAAI;AAEhE,UAAM,QAAQ,MAAM,SAAyC,WAAW;AAAA,MACtE,QAAQ;AAAA,MACR,MAAM;AAAA,QACJ,WAAW,KAAK;AAAA,QAChB,aAAa;AAAA,QACb,UAAU,KAAK;AAAA,QACf,YAAY,KAAK;AAAA,QACjB;AAAA,QACA,QAAQ,KAAK,UAAU,QAAQ,KAAK,GAAG;AAAA,QACvC,GAAI,YAAY,OAAO,EAAE,SAAS,IAAI,CAAC;AAAA,QACvC,GAAI,KAAK,QAAQ,IAAI,EAAE,QAAQ,KAAK,QAAQ,EAAE,IAAI,CAAC;AAAA,MACrD;AAAA,IACF,CAAC;AAED,IAAAA,SAAQ,QAAQ,oBAAoB,MAAM,EAAE,aAAa,MAAM,MAAM,GAAG;AAExE,QAAI,KAAK,MAAM;AACb,MAAAA,SAAQ,KAAK,yBAAyB;AACtC,YAAM,gBAAgB,WAAW,MAAM,EAAE;AAAA,IAC3C;AAAA,EACF;AACF,CAAC;AAED,eAAe,gBAAgB,WAAmB,SAAgC;AAChF,QAAM,UAAU;AAChB,QAAM,WAAW;AACjB,QAAM,QAAQ,KAAK,IAAI;AAEvB,SAAO,KAAK,IAAI,IAAI,QAAQ,SAAS;AACnC,UAAM,QAAQ,MAAM,SAA6B,GAAG,SAAS,IAAI,OAAO,EAAE;AAE1E,QAAI,MAAM,WAAW,YAAY;AAC/B,MAAAA,SAAQ,QAAQ,iBAAiB;AACjC;AAAA,IACF;AACA,QAAI,MAAM,WAAW,UAAU;AAC7B,MAAAA,SAAQ,MAAM,eAAe;AAC7B,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AACA,QAAI,MAAM,WAAW,WAAW;AAC9B,MAAAA,SAAQ,MAAM,gBAAgB;AAC9B,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,IAAI,QAAQ,OAAK,WAAW,GAAG,QAAQ,CAAC;AAAA,EAChD;AAEA,EAAAA,SAAQ,MAAM,iCAAiC;AAC/C,SAAO,QAAQ,KAAK,CAAC;AACvB;;;ACjHA,SAAS,YAAAC,iBAAgB;AACzB,SAAS,gCAAgC,aAAa,gCAAgC;AACtF,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AAKpB,SAAS,oBAAoB,SAY3B;AACA,QAAM,SAAS,CAAC,GAAG,OAAO;AAC1B,MAAI,OAAO,CAAC,MAAM,sBAAsB;AACtC,WAAO,MAAM;AAAA,EACf;AAEA,QAAM,QAAQ,OAAO,MAAM;AAC3B,MAAI,CAAC,SAAS,MAAM,WAAW,GAAG,GAAG;AACnC,UAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AAEA,QAAM,YAAsB,CAAC;AAC7B,QAAM,YAAsB,CAAC;AAC7B,QAAM,UAAoB,CAAC;AAC3B,MAAI;AACJ,MAAI;AACJ,MAAI,WAAwC;AAC5C,MAAI;AACJ,MAAI;AACJ,MAAI;AACJ,MAAI,OAAO;AAEX,WAAS,QAAQ,GAAG,QAAQ,OAAO,QAAQ,SAAS,GAAG;AACrD,UAAM,QAAQ,OAAO,KAAK;AAC1B,UAAM,OAAO,OAAO,QAAQ,CAAC;AAC7B,YAAQ,OAAO;AAAA,MACb,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,8BAA8B;AAChD,kBAAU,KAAK,IAAI;AACnB,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,8BAA8B;AAChD,kBAAU,KAAK,IAAI;AACnB,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,4BAA4B;AAC9C,gBAAQ,KAAK,IAAI;AACjB,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,6BAA6B;AAC/C,kBAAU;AACV,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,yBAAyB;AAC3C,cAAM;AACN,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC,QAAQ,CAAC,CAAC,QAAQ,SAAS,QAAQ,EAAE,SAAS,IAAI,GAAG;AACxD,gBAAM,IAAI,MAAM,8CAA8C;AAAA,QAChE;AACA,mBAAW;AACX,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,4BAA4B;AAC9C,iBAAS;AACT,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,8BAA8B;AAChD,mBAAW,cAAc,IAAI;AAC7B,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,4BAA4B;AAC9C,gBAAQ;AACR,iBAAS;AACT;AAAA,MACF,KAAK;AACH,eAAO;AACP;AAAA,MACF;AACE,cAAM,IAAI,MAAM,qBAAqB,KAAK,EAAE;AAAA,IAChD;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAeC,iBAAgB,WAAmB,SAAgC;AAChF,QAAM,UAAU;AAChB,QAAM,WAAW;AACjB,QAAM,QAAQ,KAAK,IAAI;AAEvB,SAAO,KAAK,IAAI,IAAI,QAAQ,SAAS;AACnC,UAAM,QAAQ,MAAM,SAA6B,GAAG,SAAS,IAAI,OAAO,EAAE;AAC1E,QAAI,MAAM,WAAW,YAAY;AAC/B,MAAAC,SAAQ,QAAQ,iBAAiB;AACjC;AAAA,IACF;AACA,QAAI,MAAM,WAAW,UAAU;AAC7B,MAAAA,SAAQ,MAAM,eAAe;AAC7B,cAAQ,KAAK,CAAC;AAAA,IAChB;AACA,QAAI,MAAM,WAAW,WAAW;AAC9B,MAAAA,SAAQ,MAAM,gBAAgB;AAC9B,cAAQ,KAAK,CAAC;AAAA,IAChB;AACA,UAAM,IAAI,QAAQ,CAAAC,aAAW,WAAWA,UAAS,QAAQ,CAAC;AAAA,EAC5D;AAEA,EAAAD,SAAQ,MAAM,iCAAiC;AAC/C,UAAQ,KAAK,CAAC;AAChB;AAEO,IAAM,2BAA2BE,eAAc;AAAA,EACpD,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,SAAS;AAAA,MACP,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,WAAW;AAAA,MACT,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,QAAQ,GAAG;AACrB,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAF,SAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,SAAS,oBAAoB,OAAO;AAC1C,UAAM,MAAM,UAAU,OAAO,GAAG;AAChC,QAAI,CAAC,KAAK;AACR,MAAAA,SAAQ,MAAM,mDAAmD;AACjE,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,SAAS,YAAY,OAAO,OAAO,OAAO,OAAO;AACvD,UAAM,WAAW,yBAAyB,QAAQ;AAAA,MAChD,WAAW,OAAO;AAAA,MAClB,WAAW,OAAO;AAAA,MAClB,SAAS,OAAO;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,QAAQ,IAAI,MAAM,+BAA+B,UAAU;AAAA,MACjE,WAAW,KAAK;AAAA,MAChB,aAAaG,UAAS;AAAA,MACtB,YAAY,OAAO;AAAA,MACnB,GAAI,OAAO,SAAS,EAAE,QAAQ,OAAO,OAAO,IAAI,CAAC;AAAA,IACnD,CAAC;AAED,QAAI,OAAO,YAAY,MAAM;AAC3B,cAAQ,WAAW,OAAO;AAAA,IAC5B;AACA,QAAI,OAAO,OAAO;AAChB,cAAQ,SAAS,OAAO;AAAA,IAC1B;AAEA,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,QAAQ,MAAM,SAAyC,WAAW;AAAA,MACtE,QAAQ;AAAA,MACR;AAAA,MACA,MAAM;AAAA,IACR,CAAC;AAED,IAAAH,SAAQ,QAAQ,oBAAoB,MAAM,EAAE,aAAa,MAAM,MAAM,GAAG;AAExE,QAAI,OAAO,MAAM;AACf,MAAAA,SAAQ,KAAK,yBAAyB;AACtC,YAAMD,iBAAgB,WAAW,MAAM,EAAE;AAAA,IAC3C;AAAA,EACF;AACF,CAAC;;;AC7PD,SAAS,iBAAAK,sBAAqB;AAC9B,OAAOC,cAAa;AAIb,IAAM,iBAAiBC,eAAc;AAAA,EAC1C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,GAAG,SAAS,IAAI,KAAK,EAAE,YAAY;AAAA,MAChD,QAAQ;AAAA,IACV,CAAC;AACD,IAAAC,SAAQ,QAAQ,SAAS,KAAK,EAAE,YAAY;AAAA,EAC9C;AACF,CAAC;;;ACzBD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,cAAa;AAIb,IAAM,cAAcC,gBAAc;AAAA,EACvC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,GAAG,SAAS,IAAI,KAAK,EAAE,SAAS;AAAA,MAC7C,QAAQ;AAAA,IACV,CAAC;AACD,IAAAC,SAAQ,QAAQ,SAAS,KAAK,EAAE,UAAU;AAAA,EAC5C;AACF,CAAC;;;ACzBD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAuBb,IAAM,gBAAgBC,gBAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAE7C,UAAM,cAAc,KAAK,KACrB,CAAC,OAAO,KAAK,EAAE,GAAG,GAAG,KAAK,CAAC,EAAE,OAAO,OAAO,IAC3C,CAAC;AAEL,QAAI,KAAK,cAAc,YAAY,SAAS,GAAG;AAC7C,MAAAC,UAAQ,MAAM,kDAAkD;AAChE,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,QAAI;AAEJ,QAAI,KAAK,YAAY;AACnB,YAAM,OAAO,SAAS;AACtB,YAAM,WAAW,MAAM;AAAA,QACrB,GAAG,SAAS;AAAA,MACd;AACA,YAAM,aAAa,MAAM,QACrB,SAAS,KAAK,OAAO,OAAK,EAAE,cAAc,KAAK,KAAK,IACpD,SAAS;AACb,UAAI,WAAW,WAAW,GAAG;AAC3B,QAAAA,UAAQ,KAAK,8BAA8B;AAC3C;AAAA,MACF;AACA,YAAM,WAAW,IAAI,OAAK,EAAE,EAAE;AAC9B,MAAAA,UAAQ,KAAK,SAAS,IAAI,MAAM,8BAA8B;AAAA,IAChE,WACS,YAAY,SAAS,GAAG;AAC/B,YAAM;AAAA,IACR,OACK;AACH,MAAAA,UAAQ,MAAM,2CAA2C;AACzD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAGA,QAAI,IAAI,WAAW,GAAG;AACpB,YAAM,SAAS,GAAG,SAAS,IAAI,IAAI,CAAC,CAAC,WAAW,EAAE,QAAQ,OAAO,CAAC;AAClE,MAAAA,UAAQ,QAAQ,SAAS,IAAI,CAAC,CAAC,WAAW;AAC1C;AAAA,IACF;AAGA,UAAM,aAAa,IAAI,IAAI,SAAO,EAAE,IAAI,QAAQ,SAAkB,EAAE;AACpE,UAAM,EAAE,QAAQ,IAAI,MAAM;AAAA,MACxB,GAAG,SAAS;AAAA,MACZ,EAAE,QAAQ,QAAQ,MAAM,EAAE,WAAW,EAAE;AAAA,IACzC;AAEA,QAAI,YAAY;AAChB,eAAW,KAAK,SAAS;AACvB,UAAI,EAAE,SAAS;AACb,QAAAA,UAAQ,QAAQ,SAAS,EAAE,EAAE,WAAW;AACxC;AAAA,MACF,OACK;AACH,QAAAA,UAAQ,MAAM,SAAS,EAAE,EAAE,KAAK,EAAE,OAAO,SAAS,QAAQ,EAAE;AAAA,MAC9D;AAAA,IACF;AAEA,QAAI,YAAY,QAAQ,QAAQ;AAC9B,MAAAA,UAAQ,KAAK,WAAW,SAAS,OAAO,QAAQ,MAAM,UAAU;AAChE,cAAQ,KAAK,CAAC;AAAA,IAChB,OACK;AACH,MAAAA,UAAQ,QAAQ,OAAO,SAAS,kBAAkB;AAAA,IACpD;AAAA,EACF;AACF,CAAC;;;AChHD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAIb,IAAM,eAAeC,gBAAc;AAAA,EACxC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,MAAM,SAAgC,GAAG,SAAS,IAAI,KAAK,EAAE,UAAU;AAAA,MACpF,QAAQ;AAAA,IACV,CAAC;AAED,QAAI,CAAC,OAAO,WAAW;AACrB,MAAAC,UAAQ,MAAM,+CAA+C;AAC7D,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAGA,YAAQ,OAAO,MAAM,OAAO,SAAS;AAAA,EACvC;AACF,CAAC;;;AChCD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAIb,IAAM,kBAAkBC,gBAAc;AAAA,EAC3C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAC,UAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,MAAM,UAAU;AACtB,UAAM,iBAAiB,MAAM,uBAAuB,GAAG;AAEvD,UAAM,OAAgC;AAAA,MACpC,UAAU,KAAK;AAAA,MACf,UAAU,KAAK;AAAA,MACf,UAAU,KAAK;AAAA,IACjB;AAEA,QAAI,KAAK,QAAQ;AACf,WAAK,SAAS,KAAK,OAAO,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,IACxD;AAEA,QAAI,KAAK,SAAS;AAChB,WAAK,aAAa,KAAK;AAAA,IACzB;AAEA,UAAM,SAAS,MAAM,SAAyB,gBAAgB;AAAA,MAC5D,QAAQ;AAAA,MACR;AAAA,IACF,CAAC;AAED,IAAAA,UAAQ,QAAQ,uBAAuB,OAAO,EAAE,EAAE;AAClD,YAAQ,IAAI,eAAe,KAAK,EAAE,EAAE;AACpC,YAAQ,IAAI,eAAe,KAAK,EAAE,EAAE;AACpC,QAAI,KAAK;AACP,cAAQ,IAAI,eAAe,KAAK,MAAM,EAAE;AAC1C,YAAQ,IAAI,eAAe,KAAK,QAAQ,EAAE;AAC1C,QAAI,KAAK;AACP,cAAQ,IAAI,eAAe,KAAK,OAAO,EAAE;AAAA,EAC7C;AACF,CAAC;;;ACzED,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAeb,IAAM,qBAAqBC,gBAAc;AAAA,EAC9C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,iBAAiB,MAAM,uBAAuB,GAAG;AACvD,UAAM,cAAc,MAAM,SAAuB,cAAc;AAE/D,QAAI,KAAK,MAAM;AACb,cAAQ,IAAI,KAAK,UAAU,aAAa,MAAM,CAAC,CAAC;AAChD;AAAA,IACF;AAEA,QAAI,YAAY,WAAW,GAAG;AAC5B,MAAAC,UAAQ,KAAK,uBAAuB;AACpC;AAAA,IACF;AAEA,eAAW,KAAK,aAAa;AAC3B,YAAM,SAAS,EAAE,QAAQ,KAAK,IAAI,KAAK;AACvC,YAAM,UAAU,EAAE,aAAa,YAAY,EAAE,UAAU,KAAK;AAC5D,cAAQ,IAAI,GAAG,EAAE,EAAE,KAAK,EAAE,SAAS,WAAM,EAAE,QAAQ,QAAQ,EAAE,QAAQ,MAAM,MAAM,IAAI,OAAO,EAAE;AAAA,IAChG;AAAA,EACF;AACF,CAAC;;;ACjDD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AACpB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAAC;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEA,IAAM,iBAAiBF,gBAAc;AAAA,EAC1C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,MAAMA,gBAAc;AAAA,MAClB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,QAAQ;AAAA,UACN,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,MAAM;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,eAAe,QAAQ,KAAK,OAAO;AACzC,YAAI,KAAK,QAAQ;AACf,gBAAMG,SAAQ,MAAM,cAAc,YAAY;AAC9C,cAAI,KAAK,MAAM;AACb,oBAAQ,OAAO,MAAM,GAAG,KAAK,UAAUA,OAAM,UAAU,MAAM,CAAC,CAAC;AAAA,CAAI;AACnE;AAAA,UACF;AACA,UAAAF,UAAQ,KAAK,aAAaE,OAAM,SAAS,MAAM,cAAcA,OAAM,YAAY,GAAG;AAClF,qBAAW,KAAKA,OAAM,UAAU;AAC9B,kBAAM,YAAY,YAAY,EAAE,IAAI,KAAK,IAAI,iBAAiB;AAC9D,oBAAQ,IAAI,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC,IAAI,EAAE,QAAQ,GAAG,SAAS,EAAE;AAAA,UACnF;AACA;AAAA,QACF;AAEA,cAAM,QAAQ,MAAM,cAAc,YAAY;AAC9C,cAAM,QAA0D,CAAC;AACjE,mBAAW,KAAK,MAAM,UAAU;AAC9B,cAAI;AACF,kBAAM,SAASD,aAAY,EAAE,EAAE;AAC/B,kBAAM,KAAK,EAAE,IAAI,EAAE,IAAI,QAAQ,OAAO,QAAQ,QAAQ,OAAO,OAAO,CAAC;AAAA,UACvE,QACM;AAAA,UAEN;AAAA,QACF;AAEA,YAAI,KAAK,MAAM;AACb,kBAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC1D;AAAA,QACF;AAEA,YAAI,MAAM,WAAW,GAAG;AACtB,UAAAD,UAAQ,KAAK,oFAAoF;AACjG;AAAA,QACF;AAEA,mBAAW,KAAK,OAAO;AACrB,kBAAQ,IAAI,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE;AAAA,QAChD;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,SAASD,gBAAc;AAAA,MACrB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,OAAO;AAAA,UACL,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,MAAM,CAAC,OAAO,KAAK,EAAE,GAAG,GAAG,KAAK,CAAC,EAAE,OAAO,OAAO;AACvD,cAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AAEvD,mBAAW,MAAM,KAAK;AACpB,gBAAM,QAAQ,YAAY,OAAO,EAAE;AACnC,cAAI,CAAC,OAAO;AACV,YAAAC,UAAQ,MAAM,YAAY,EAAE,sDAAsD,EAAE,eAAe;AACnG;AAAA,UACF;AAEA,gBAAM,YAAY,wBAAwB,MAAM,YAAY,EAAE;AAC9D,cAAI,UAAU,SAAS,GAAG;AACxB,uBAAW,KAAK,WAAW;AACzB,cAAAA,UAAQ,KAAK,8BAA8B,EAAE,IAAI,SAAS,EAAE,SAAS,iBAAiB,EAAE,UAAU,GAAG;AACrG,cAAAA,UAAQ,KAAK,yCAAyC,EAAE,SAAS,EAAE;AAAA,YACrE;AAAA,UACF;AAEA,gBAAM,SAAS,MAAM,eAAe,OAAO,EAAE,MAAM,CAAC;AACpD,gBAAM,OAAO,OAAO,UAAU,YAAY;AAC1C,UAAAA,UAAQ,QAAQ,GAAG,IAAI,IAAI,OAAO,EAAE,WAAM,OAAO,IAAI,EAAE;AACvD,UAAAA,UAAQ,KAAK,WAAW,OAAO,MAAM,EAAE;AAAA,QACzC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,QAAQD,gBAAc;AAAA,MACpB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,OAAO;AAAA,UACL,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,MAAM,CAAC,OAAO,KAAK,EAAE,GAAG,GAAG,KAAK,CAAC,EAAE,OAAO,OAAO;AACvD,cAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,YAAI,SAAS;AAEb,mBAAW,MAAM,KAAK;AACpB,cAAI,cAAc,IAAI,KAAK,GAAG;AAC5B,YAAAC,UAAQ,QAAQ,oBAAoB,EAAE,EAAE;AAAA,UAC1C,OACK;AACH,YAAAA,UAAQ,MAAM,YAAY,EAAE,qBAAqB,QAAQ,aAAa,EAAE,EAAE;AAC1E,qBAAS;AAAA,UACX;AAAA,QACF;AAEA,YAAI;AACF,kBAAQ,KAAK,CAAC;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,IAED,MAAMD,gBAAc;AAAA,MAClB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,KAAK,OAAO,KAAK,EAAE;AACzB,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AACvD,cAAM,QAAQ,YAAY,OAAO,EAAE;AACnC,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,YAAY,EAAE,yBAAyB;AAEzD,gBAAQ,IAAI,gBAAgB,MAAM,EAAE,EAAE;AACtC,gBAAQ,IAAI,gBAAgB,MAAM,IAAI,EAAE;AACxC,gBAAQ,IAAI,gBAAgB,MAAM,WAAW,EAAE;AAC/C,gBAAQ,IAAI,gBAAgB,MAAM,QAAQ,EAAE;AAC5C,gBAAQ,IAAI,gBAAgB,MAAM,KAAK,KAAK,IAAI,CAAC,EAAE;AACnD,gBAAQ,IAAI,gBAAgB,MAAM,MAAM,EAAE;AAC1C,gBAAQ,IAAI,gBAAgB,MAAM,UAAU,EAAE;AAC9C,gBAAQ,IAAI,gBAAgB,MAAM,MAAM,EAAE;AAC1C,gBAAQ,IAAI,gBAAgB,MAAM,kBAAkB,EAAE;AACtD,gBAAQ,IAAI,gBAAgB,MAAM,YAAY,EAAE;AAEhD,cAAM,cAAc,mBAAmB,IAAI,KAAK;AAChD,YAAI,aAAa;AACf,gBAAM,WAAW,gBAAgB,MAAM;AACvC,kBAAQ,IAAI,mBAAmB,WAAW,kBAAkB,qBAAqB,EAAE;AAAA,QACrF,OACK;AACH,kBAAQ,IAAI,iBAAiB;AAAA,QAC/B;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,QAAQA,gBAAc;AAAA,MACpB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,OAAO;AAAA,UACL,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,MAAM;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,QAAQ,OAAO,KAAK,KAAK;AAC/B,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AACvD,cAAM,UAAU,eAAe,OAAO,KAAK;AAE3C,YAAI,KAAK,MAAM;AACb,kBAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAAA,QACF;AAEA,YAAI,QAAQ,WAAW,GAAG;AACxB,UAAAC,UAAQ,KAAK,yBAAyB,KAAK,GAAG;AAC9C;AAAA,QACF;AAEA,mBAAW,KAAK,SAAS;AACvB,kBAAQ,IAAI,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE;AACrE,kBAAQ,IAAI,OAAO,EAAE,WAAW,EAAE;AAAA,QACpC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,QAAQD,gBAAc;AAAA,MACpB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,QACA,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AACvD,cAAM,WAAW,KAAK,KAAK,OAAO,KAAK,EAAE,IAAI;AAC7C,cAAM,UAAU,WACZ,CAAC,QAAQ,IACT,MAAM,SAAS,IAAI,OAAK,EAAE,EAAE,EAAE,OAAO,QAAM,YAAY,IAAI,KAAK,CAAC;AAErE,YAAI,QAAQ,WAAW,GAAG;AACxB,UAAAC,UAAQ,KAAK,kCAAkC;AAC/C;AAAA,QACF;AAEA,mBAAW,MAAM,SAAS;AACxB,gBAAM,QAAQ,YAAY,OAAO,EAAE;AACnC,cAAI,CAAC,OAAO;AACV,YAAAA,UAAQ,KAAK,GAAG,EAAE,mCAAmC;AACrD;AAAA,UACF;AAEA,gBAAM,cAAc,mBAAmB,IAAI,KAAK;AAChD,cAAI,gBAAgB,MAAM,QAAQ;AAChC,YAAAA,UAAQ,KAAK,GAAG,EAAE,sBAAsB;AACxC;AAAA,UACF;AAEA,cAAI,eAAe,CAAC,KAAK,KAAK;AAC5B,YAAAA,UAAQ,KAAK,GAAG,EAAE,kFAA6E;AAC/F,YAAAA,UAAQ,KAAK,UAAU,WAAW,EAAE;AACpC,YAAAA,UAAQ,KAAK,UAAU,MAAM,MAAM,EAAE;AACrC,YAAAA,UAAQ,KAAK,wBAAwB;AACrC;AAAA,UACF;AAEA,gBAAM,SAAS,MAAM,eAAe,KAAK;AACzC,UAAAA,UAAQ,QAAQ,WAAW,OAAO,EAAE,WAAM,OAAO,IAAI,EAAE;AAAA,QACzD;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,QAAQD,gBAAc;AAAA,MACpB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,OAAO;AAAA,UACL,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,KAAK,OAAO,KAAK,EAAE;AACzB,cAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AACvD,cAAM,QAAQ,YAAY,OAAO,EAAE;AACnC,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,YAAY,EAAE,yBAAyB;AAEzD,cAAM,cAAc,mBAAmB,IAAI,KAAK;AAChD,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,YAAY,EAAE,qBAAqB,QAAQ,aAAa,EAAE,EAAE;AAE9E,YAAI,gBAAgB,MAAM,QAAQ;AAChC,UAAAC,UAAQ,QAAQ,GAAG,EAAE,2BAA2B;AAAA,QAClD,OACK;AACH,UAAAA,UAAQ,MAAM,GAAG,EAAE,mBAAmB;AACtC,kBAAQ,IAAI,eAAe,WAAW,EAAE;AACxC,kBAAQ,IAAI,eAAe,MAAM,MAAM,EAAE;AACzC,kBAAQ,KAAK,CAAC;AAAA,QAChB;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;;;ACjXD,SAAS,oBAAoB;AAC7B,SAAS,YAAAG,iBAAgB;AACzB,SAAS,iBAAAC,uBAAqB;AAC9B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAAC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,OAAOC,eAAa;AAIb,IAAM,aAAaC,gBAAc;AAAA,EACtC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,WAAW;AAAA,MACT,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,gBAAgB;AAAA,MACd,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,SAAS,KAAK,GAAG;AAC3B,UAAM,iBAAiB,sBAAsB,WAAW,CAAC,CAAC;AAE1D,QAAI,eAAe,SAAS,GAAG;AAE7B,YAAM,eAAe,gBAAgB,WAAW,CAAC,GAAG,IAAI;AAAA,IAC1D,OACK;AAGH,YAAM,cAAc,mBAAmB,WAAW,CAAC,CAAC;AACpD,UAAI,YAAY,SAAS;AACvB,cAAM,IAAI,MAAM,sEAAsE;AACxF,YAAM,gBAAgB,YAAY,CAAC,GAAI,YAAY,CAAC,GAAI,IAAI;AAAA,IAC9D;AAAA,EACF;AACF,CAAC;AAED,SAAS,mBAAmB,SAA6B;AACvD,QAAM,cAAwB,CAAC;AAC/B,QAAM,YAAY,QAAQ,QAAQ,IAAI;AACtC,QAAM,OAAO,aAAa,IAAI,QAAQ,MAAM,GAAG,SAAS,IAAI;AAE5D,WAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AACpC,UAAM,MAAM,KAAK,CAAC;AAClB,QAAI,QAAQ;AACV;AACF,QAAI,IAAI,WAAW,IAAI,GAAG;AACxB;AACA;AAAA,IACF;AACA,gBAAY,KAAK,GAAG;AAAA,EACtB;AACA,SAAO;AACT;AAEA,eAAe,eACb,SACA,SACA,MACA;AACA,QAAM,MAAM,UAAU,KAAK,GAAyB;AACpD,MAAI,CAAC;AACH,UAAM,IAAI,MAAM,8DAA8D;AAEhF,QAAM,aAAa,cAAc,SAAS,SAAS;AACnD,QAAM,SAASC,aAAY,QAAQ,CAAC,GAAI,UAAU;AAClD,QAAM,WAAW,MAAM,eAAe,QAAQ,OAAO;AACrD,QAAM,WAAY,KAAK,YAAY;AAGnC,MAAI;AACF,UAAM,kBAAkB,MAAM,kBAAkB,UAAU,GAAG;AAC7D,QAAI,iBAAiB;AACnB,MAAAC,UAAQ,KAAK,2BAA2B,eAAe,EAAE;AACzD,YAAMC,SAAQ,MAAM,gBAAgB,KAAK,eAAe;AACxD,YAAM,iBAAiBA,QAAO,QAAQ;AACtC;AAAA,IACF;AAAA,EACF,QACM;AAAA,EAEN;AAEA,QAAM,QAAQ,MAAM,kBAAkB,UAAU;AAAA,IAC9C;AAAA,IACA;AAAA,IACA,GAAI,KAAK,SAAS,EAAE,QAAQ,KAAK,OAAiB,IAAI,CAAC;AAAA,EACzD,CAAC;AAED,EAAAD,UAAQ,KAAK,oBAAoB,MAAM,EAAE,EAAE;AAC3C,EAAAA,UAAQ,KAAK,eAAe,GAAG,4BAA4B,MAAM,EAAE,EAAE;AAErE,MAAI,MAAM,gBAAgB,gBAAgB,QAAQ;AAChD,UAAM,IAAI,MAAM,eAAe,eAAe;AAC9C,IAAAA,UAAQ,KAAK,EAAE;AACf,IAAAA,UAAQ,KAAK,6BAA6B,CAAC,sEAAsE;AACjH,QAAI,MAAM,eAAe,iBAAiB,QAAQ;AAChD,YAAM,QAAQ,MAAM,eAAe,gBAAgB,IAAI,OAAK,EAAE,UAAU,EAAE,KAAK,IAAI;AACnF,MAAAA,UAAQ,KAAK,oBAAoB,KAAK,EAAE;AAAA,IAC1C;AACA,IAAAA,UAAQ,KAAK,EAAE;AAAA,EACjB;AAEA,QAAM,SAAS,MAAM,mBAAmB,KAAK,MAAM,EAAE;AACrD,MAAI,WAAW;AACb,UAAM,IAAI,MAAM,SAAS,MAAM,EAAE;AAEnC,QAAM,QAAQ,MAAM,gBAAgB,KAAK,MAAM,EAAE;AACjD,QAAM,iBAAiB,OAAO,QAAQ;AACxC;AAEA,eAAe,gBACb,UACA,QACA,MACA;AACA,QAAM,OAAO,SAAS;AACtB,MAAI,CAAC,MAAM;AACT,IAAAA,UAAQ,MAAM,wCAAwC;AACtD,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,MAAM,UAAU,KAAK,GAAyB;AACpD,QAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,QAAM,UAAU,OAAO,MAAM,GAAG;AAChC,QAAM,aAAc,KAAK,QAAmBE,UAAS;AAGrD,EAAAF,UAAQ,KAAK,cAAc,QAAQ,aAAa,UAAU,KAAK,QAAQ,KAAK,GAAG,CAAC,EAAE;AAClF,QAAM,QAAQ,MAAM,SAAyC,WAAW;AAAA,IACtE,QAAQ;AAAA,IACR,MAAM;AAAA,MACJ,WAAW,KAAK;AAAA,MAChB,aAAa;AAAA,MACb;AAAA,MACA,YAAY,KAAK;AAAA,MACjB;AAAA,MACA,QAAS,KAAK,UAAqB,QAAQ,KAAK,GAAG;AAAA,MACnD,GAAI,KAAK,KAAK,EAAE,QAAQ,KAAK,GAAG,IAAI,CAAC;AAAA,IACvC;AAAA,EACF,CAAC;AACD,EAAAA,UAAQ,QAAQ,oBAAoB,MAAM,EAAE,EAAE;AAG9C,EAAAA,UAAQ,KAAK,yBAAyB;AACtC,QAAM,UAAU;AAChB,QAAM,WAAW;AACjB,QAAM,QAAQ,KAAK,IAAI;AAEvB,SAAO,KAAK,IAAI,IAAI,QAAQ,SAAS;AACnC,UAAM,SAAS,MAAM,SAA6B,GAAG,SAAS,IAAI,MAAM,EAAE,EAAE;AAC5E,QAAI,OAAO,WAAW,YAAY;AAChC,MAAAA,UAAQ,QAAQ,iBAAiB;AACjC;AAAA,IACF;AACA,QAAI,OAAO,WAAW,YAAY,OAAO,WAAW,WAAW;AAC7D,MAAAA,UAAQ,MAAM,SAAS,OAAO,MAAM,GAAG;AACvC,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AACA,UAAM,IAAI,QAAQ,OAAK,WAAW,GAAG,QAAQ,CAAC;AAAA,EAChD;AAGA,EAAAA,UAAQ,KAAK,yBAAyB;AACtC,QAAM,EAAE,UAAU,IAAI,MAAM,SAAgC,GAAG,SAAS,IAAI,MAAM,EAAE,UAAU;AAAA,IAC5F,QAAQ;AAAA,EACV,CAAC;AAGD,MAAI,aAAa,WAAW;AAC1B,IAAAA,UAAQ,KAAK,cAAc,QAAQ,KAAK,GAAG,CAAC,EAAE;AAC9C,QAAI;AACF,mBAAc,KAAK,cAAc,KAAgB,WAAW,CAAC,WAAW,WAAW,MAAM,GAAG,OAAO,GAAG;AAAA,QACpG,OAAO;AAAA,MACT,CAAC;AAAA,IACH,SACO,KAAc;AACnB,YAAM,WAAY,IAA4B,UAAU;AACxD,cAAQ,KAAK,QAAQ;AAAA,IACvB;AAAA,EACF,OACK;AACH,YAAQ,OAAO,MAAM,SAAS;AAAA,EAChC;AACF;;;ACjOA,SAAS,iBAAAG,uBAAqB;AAC9B,SAAS,iBAAAC,gBAAe,yBAAAC,wBAAuB,eAAAC,cAAa,kBAAAC,uBAAsB;AAE3E,IAAM,iBAAiBJ,gBAAc;AAAA,EAC1C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,SAAS;AAAA,MACP,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,GAAG;AAAA,MACD,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,QAAQ,GAAG;AACrB,UAAM,UAAUE,uBAAsB,WAAW,CAAC,CAAC;AACnD,QAAI,QAAQ,WAAW;AACrB,YAAM,IAAI,MAAM,8EAA8E;AAEhG,UAAM,aAAaD,eAAc,WAAW,CAAC,GAAG,SAAS;AACzD,UAAM,SAASE,aAAY,QAAQ,CAAC,GAAI,UAAU;AAClD,UAAM,WAAW,MAAMC,gBAAe,QAAQ,OAAO;AAErD,YAAQ,OAAO,MAAM,GAAG,KAAK,UAAU;AAAA,MACrC,SAAS,SAAS,QAAQ,IAAI;AAAA,MAC9B,QAAQ,SAAS;AAAA,MACjB,WAAW,SAAS,OAAO;AAAA,MAC3B,SAAS,SAAS,OAAO;AAAA,MACzB,YAAY,SAAS;AAAA,MACrB,gBAAgB,SAAS,OAAO;AAAA,MAChC,eAAe,SAAS,OAAO,aAAa,iBAAiB;AAAA,MAC7D,gBAAgB,SAAS;AAAA,IAC3B,GAAG,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,EACjB;AACF,CAAC;;;ACvCD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAGb,IAAM,mBAAmBC,gBAAc;AAAA,EAC5C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,IAAI,EAAE,KAAK,GAAG;AACZ,UAAM,MAAM,KAAK;AAEjB,YAAQ,KAAK;AAAA,MACX,KAAK,OAAO;AACV,cAAM,MAAM,UAAU;AACtB,YAAI;AACF,kBAAQ,IAAI,GAAG;AAAA;AAEf,UAAAC,UAAQ,KAAK,oBAAoB;AACnC;AAAA,MACF;AAAA,MACA,KAAK,SAAS;AACZ,cAAM,OAAO,SAAS;AACtB,YAAI,MAAM;AACR,kBAAQ,IAAI,KAAK,KAAK;AAAA;AAEtB,UAAAA,UAAQ,KAAK,gBAAgB;AAC/B;AAAA,MACF;AAAA,MACA,SAAS;AAEP,cAAM,SAAS,WAAW;AAC1B,cAAM,QAAQ,IAAI,MAAM,GAAG;AAC3B,YAAI,MAAM,WAAW,GAAG;AACtB,gBAAM,UAAU,MAAM,CAAC;AACvB,gBAAM,QAAQ,MAAM,CAAC;AACrB,gBAAM,aAAa,OAAO,OAAO;AACjC,cAAI,cAAc,SAAS,YAAY;AACrC,oBAAQ,IAAI,WAAW,KAAK,CAAC;AAAA,UAC/B,OACK;AACH,YAAAA,UAAQ,KAAK,QAAQ,GAAG,YAAY;AAAA,UACtC;AAAA,QACF,OACK;AACH,UAAAA,UAAQ,MAAM,iBAAiB,GAAG,6EAA6E;AAC/G,kBAAQ,KAAK,CAAC;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AC1DD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAGb,IAAM,mBAAmBC,gBAAc;AAAA,EAC5C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,IAAI,EAAE,KAAK,GAAG;AACZ,UAAM,MAAM,KAAK;AACjB,UAAM,QAAQ,KAAK;AACnB,UAAM,SAAS,WAAW;AAE1B,UAAM,QAAQ,IAAI,MAAM,GAAG;AAC3B,QAAI,MAAM,WAAW,GAAG;AACtB,MAAAC,UAAQ,MAAM,iBAAiB,GAAG,iEAAiE;AACnG,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,CAAC,SAAS,KAAK,IAAI;AAEzB,QAAI,YAAY,YAAY;AAC1B,aAAO,WAAW,OAAO,YAAY,CAAC;AACrC,MAAC,OAAO,SAAoC,KAAK,IAAI;AAAA,IACxD,WACS,YAAY,SAAS;AAC5B,aAAO,QAAQ,OAAO,SAAS,CAAC;AAC/B,MAAC,OAAO,MAAiC,KAAK,IAAI;AAAA,IACrD,OACK;AACH,MAAAA,UAAQ,MAAM,qBAAqB,OAAO,yBAAyB;AACnE,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,eAAW,MAAM;AACjB,IAAAA,UAAQ,QAAQ,OAAO,GAAG,MAAM,KAAK,EAAE;AAAA,EACzC;AACF,CAAC;;;AClDD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAGpB,eAAe,UAAU,QAAgB,KAAa,MAA0B,aAAqB,KAAc,aAAsB;AACvI,QAAM,QAAQ,aAAa;AAC3B,MAAI,CAAC,OAAO;AACV,IAAAC,UAAQ,MAAM,4CAA4C;AAC1D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC;AAAA,IACA,SAAS;AAAA,MACP,iBAAiB,UAAU,KAAK;AAAA,MAChC,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ;AAAA,EAChB,CAAC;AAED,MAAI,aAAa;AACf,YAAQ,IAAI,QAAQ,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAC5D,eAAW,CAAC,KAAK,KAAK,KAAK,SAAS,QAAQ,QAAQ,GAAG;AACrD,cAAQ,IAAI,GAAG,GAAG,KAAK,KAAK,EAAE;AAAA,IAChC;AACA,YAAQ,IAAI;AAAA,EACd;AAEA,QAAM,kBAAkB,SAAS,QAAQ,IAAI,cAAc,KAAK;AAChE,QAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,MAAI,OAAO,CAAC,gBAAgB,SAAS,MAAM,GAAG;AAC5C,YAAQ,OAAO,MAAM,IAAI;AAAA,EAC3B,OACK;AACH,QAAI;AACF,cAAQ,IAAI,KAAK,UAAU,KAAK,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC;AAAA,IACvD,QACM;AACJ,cAAQ,OAAO,MAAM,IAAI;AAAA,IAC3B;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF;AAEO,IAAM,eAAeC,gBAAc;AAAA,EACxC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,KAAKA,gBAAc;AAAA,MACjB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,UAAU,OAAO,OAAO,KAAK,GAAG,GAAG,QAAW,oBAAoB,QAAQ,KAAK,GAAG,GAAG,QAAQ,KAAK,OAAO,CAAC;AAAA,MAClH;AAAA,IACF,CAAC;AAAA,IAED,MAAMA,gBAAc;AAAA,MAClB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,MAAM;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,QACA,gBAAgB;AAAA,UACd,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,UAAU,QAAQ,OAAO,KAAK,GAAG,GAAG,KAAK,MAA4B,OAAO,KAAK,cAAc,KAAK,kBAAkB,GAAG,QAAQ,KAAK,GAAG,GAAG,QAAQ,KAAK,OAAO,CAAC;AAAA,MACzK;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;;;ACrHD,SAAS,iBAAAC,uBAAqB;AAEvB,IAAM,aAAaA,gBAAc;AAAA,EACtC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,WAAW;AAAA,MACT,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,YAAa,KAAK,aAAa;AACrC,UAAM,OAAO,OAAO,SAAS,OAAO,KAAK,IAAI,GAAG,EAAE;AAElD,QAAI,cAAc,WAAW,cAAc,OAAO;AAChD,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACtD;AAEA,UAAM,EAAE,eAAe,IAAI,MAAM,OAAO,sBAAa;AACrD,UAAM,eAAe,WAAW,IAAI;AAAA,EACtC;AACF,CAAC;;;AC9BD,SAAS,YAAY,cAAc,qBAAqB;AACxD,SAAS,mBAAmB;AAC5B,SAAS,gBAAAC,qBAAoB;AAC7B,SAAS,YAAY;AACrB,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAEpB,IAAM,kBAAkB;AAExB,eAAe,iBAAiB,MAAc,WAAmB;AAC/D,QAAM,EAAE,kBAAkB,cAAc,IAAI,MAAM,OAAO,OAAO;AAChE,QAAM,cAAc,MAAM,IAAI,IAAI,EAAE,KAAK,WAAW,OAAO,MAAM,CAAC;AACpE;AAEA,SAAS,YAAY,KAAa;AAChC,QAAM,cAAc,CAAC,SAAiB,WAAW,KAAK,KAAK,IAAI,CAAC;AAEhE,MAAI,YAAY,gBAAgB,GAAG;AACjC,IAAAF,cAAa,QAAQ,CAAC,SAAS,GAAG,EAAE,KAAK,KAAK,OAAO,UAAU,CAAC;AAAA,EAClE,WACS,YAAY,WAAW,GAAG;AACjC,IAAAA,cAAa,OAAO,CAAC,SAAS,GAAG,EAAE,KAAK,KAAK,OAAO,UAAU,CAAC;AAAA,EACjE,OACK;AACH,IAAAA,cAAa,OAAO,CAAC,SAAS,GAAG,EAAE,KAAK,KAAK,OAAO,UAAU,CAAC;AAAA,EACjE;AACF;AAEA,eAAe,aAAa,SAAiB,SAAoC;AAC/E,QAAM,SAAS,MAAME,UAAQ,OAAO,SAAS,EAAE,MAAM,UAAU,SAAS,QAAQ,CAAC;AACjF,MAAI,OAAO,WAAW,UAAU;AAC9B,YAAQ,KAAK,CAAC;AAAA,EAChB;AACA,SAAO;AACT;AAEA,eAAe,WAAW,SAAiB,cAAwC;AACjF,QAAM,SAAS,MAAMA,UAAQ,OAAO,SAAS,EAAE,MAAM,QAAQ,SAAS,cAAc,aAAa,aAAa,CAAC;AAC/G,MAAI,OAAO,WAAW,UAAU;AAC9B,YAAQ,KAAK,CAAC;AAAA,EAChB;AACA,SAAQ,UAAqB,gBAAgB;AAC/C;AAEO,IAAM,cAAcD,gBAAc;AAAA,EACvC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,QAAI;AAEJ,QAAI,KAAK,IAAI;AACX,aAAO;AAAA,IACT,WACS,KAAK,KAAK;AACjB,aAAO;AAAA,IACT,OACK;AACH,YAAM,SAAS,MAAM,aAAa,+BAA+B;AAAA,QAC/D;AAAA,QACA;AAAA,MACF,CAAC;AACD,aAAO,OAAO,WAAW,IAAI,IAAI,OAAO;AAAA,IAC1C;AAEA,QAAI,SAAS,MAAM;AACjB,YAAM,OAAO,KAAK,GAAG;AAAA,IACvB,OACK;AACH,YAAM,QAAQ,KAAK,GAAG;AAAA,IACxB;AAAA,EACF;AACF,CAAC;AAED,eAAe,OAAO,WAAoB;AACxC,QAAM,MAAM,aAAa;AAEzB,MAAI,WAAW,KAAK,KAAK,cAAc,CAAC,GAAG;AACzC,IAAAC,UAAQ,MAAM,cAAc,GAAG,+BAA+B;AAC9D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,EAAAA,UAAQ,MAAM,2BAA2B;AACzC,QAAM,iBAAiB,iCAAiC,GAAG;AAC3D,EAAAA,UAAQ,QAAQ,oCAAoC;AAEpD,EAAAA,UAAQ,MAAM,4BAA4B;AAC1C,cAAY,GAAG;AACf,EAAAA,UAAQ,QAAQ,wBAAwB;AAGxC,QAAM,aAAa,KAAK,KAAK,cAAc;AAC3C,QAAM,UAAU,KAAK,KAAK,MAAM;AAChC,MAAI,WAAW,UAAU,KAAK,CAAC,WAAW,OAAO,GAAG;AAClD,iBAAa,YAAY,OAAO;AAChC,IAAAA,UAAQ,QAAQ,uCAAuC,eAAe,GAAG;AAAA,EAC3E;AAEA,UAAQ,IAAI,EAAE;AACd,EAAAA,UAAQ,IAAI;AAAA,IACV,MAAM,GAAG;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,EACF,EAAE,KAAK,IAAI,CAAC;AACd;AAEA,eAAe,QAAQ,WAAoB;AACzC,QAAM,MAAM,aAAa;AAEzB,MAAI,WAAW,KAAK,KAAK,cAAc,CAAC,GAAG;AACzC,IAAAA,UAAQ,MAAM,cAAc,GAAG,+BAA+B;AAC9D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAGA,QAAM,SAAS,MAAM,WAAW,sBAAsB,WAAW;AACjE,QAAM,UAAU,MAAM,aAAa,mBAAmB;AAAA,IACpD;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,aAAa,MAAM,WAAW,aAAa;AAEjD,EAAAA,UAAQ,MAAM,4BAA4B;AAC1C,QAAM,iBAAiB,kCAAkC,GAAG;AAC5D,EAAAA,UAAQ,QAAQ,qCAAqC;AAErD,EAAAA,UAAQ,MAAM,4BAA4B;AAC1C,cAAY,GAAG;AACf,EAAAA,UAAQ,QAAQ,wBAAwB;AAGxC,QAAM,gBAAgB,YAAY,EAAE,EAAE,SAAS,KAAK;AACpD,QAAM,kBAAkB,YAAY,EAAE,EAAE,SAAS,KAAK;AACtD,EAAAA,UAAQ,QAAQ,mBAAmB;AAGnC,QAAM,cAAc,WAAW;AAC/B,QAAM,SAAS,cAAc,0BAA0B,WAAW,MAAM;AAGxE,QAAM,aAAa;AAAA,IACjB;AAAA,IACA;AAAA,IACA,+BAA+B,aAAa;AAAA,IAC5C,6BAA6B,UAAU;AAAA,IACvC,iCAAiC,eAAe;AAAA,IAChD,uBAAuB,MAAM;AAAA,IAC7B;AAAA,IACA,sBAAsB,MAAM;AAAA,IAC5B,0BAA0B,MAAM;AAAA,EAClC,EAAE,KAAK,IAAI;AAEX,gBAAc,KAAK,KAAK,MAAM,GAAG,aAAa,MAAM,EAAE,MAAM,IAAM,CAAC;AACnE,EAAAA,UAAQ,QAAQ,cAAc;AAE9B,UAAQ,IAAI,EAAE;AACd,EAAAA,UAAQ,IAAI;AAAA,IACV,MAAM,GAAG;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,GAAI,cACA,CAAC,IACD;AAAA,MACE;AAAA,MACA,+BAA+B,OAAO,QAAQ,SAAS,EAAE,CAAC,yBAAoB,MAAM;AAAA,MACpF,2BAA2B,QAAQ,SAAS,IAAI,IAAI,OAAO,IAAI;AAAA,MAC/D;AAAA,IACF;AAAA,EACN,EAAE,KAAK,IAAI,CAAC;AACd;;;AC7LA,SAAS,UAAAC,eAAc;AACvB,SAAS,cAAAC,aAAY,cAAc,iBAAAC,gBAAe,iBAAiB;AACnE,SAAS,YAAAC,iBAAgB;AACzB,SAAS,qBAAqB,YAAY;AAC1C,SAAS,SAAS,eAAe;AACjC,SAAS,eAAe;AACxB,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAKpB,IAAMC,mBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,gBAAgB;AACtB,IAAM,eAAe;AAErB,SAAS,YAAY,GAAmB;AACtC,SAAO,QAAQ,EAAE,QAAQ,MAAM,QAAQ,CAAC,CAAC;AAC3C;AAEA,SAASC,aAAY,KAAa;AAChC,QAAM,MAAM,QAAQ,aAAa,WAAW,SAAS,QAAQ,aAAa,UAAU,UAAU;AAC9F,EAAAC,UAAS,KAAK,CAAC,GAAG,GAAG,MAAM;AAAA,EAAC,CAAC;AAC/B;AAEA,SAAS,cAAc,SAAyB;AAC9C,QAAM,UAAU,GAAG,OAAO;AAC1B,MAAIC,YAAW,OAAO,GAAG;AACvB,WAAO,aAAa,SAAS,OAAO,EAAE,KAAK;AAAA,EAC7C;AAGA,QAAM,aAAa,aAAa,SAAS,OAAO;AAChD,QAAM,aAAa,sBAAsB,UAAU;AACnD,QAAM,MAAM,WAAW,OAAO,EAAE,QAAQ,MAAM,CAAC;AAC/C,QAAM,WAAWC,QAAO,KAAK,IAAI,GAAG,WAAW;AAG/C,QAAM,aAAa;AACnB,QAAM,aAAaA,QAAO,MAAM,CAAC;AACjC,aAAW,cAAc,WAAW,MAAM;AAC1C,QAAM,YAAYA,QAAO,MAAM,CAAC;AAChC,YAAU,cAAc,SAAS,MAAM;AACvC,QAAM,OAAOA,QAAO,OAAO,CAAC,YAAYA,QAAO,KAAK,UAAU,GAAG,WAAW,QAAQ,CAAC;AAErF,SAAO,eAAe,KAAK,SAAS,QAAQ,CAAC;AAC/C;AAEA,SAAS,mBAAmB,SAAyB;AACnD,QAAM,WAAW,YAAY,OAAO;AACpC,QAAM,MAAM,QAAQ,QAAQ;AAE5B,MAAI,CAACD,YAAW,GAAG,GAAG;AACpB,cAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAAA,EACpC;AAGA,QAAM,EAAE,WAAW,WAAW,IAAI,oBAAoB,SAAS;AAG/D,QAAM,aAAa,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC;AACrE,EAAAE,eAAc,UAAU,YAAY,EAAE,MAAM,IAAM,CAAC;AAGnD,QAAM,MAAM,UAAU,OAAO,EAAE,QAAQ,MAAM,CAAC;AAC9C,QAAM,WAAWD,QAAO,KAAK,IAAI,GAAG,WAAW;AAC/C,QAAM,aAAa;AACnB,QAAM,aAAaA,QAAO,MAAM,CAAC;AACjC,aAAW,cAAc,WAAW,MAAM;AAC1C,QAAM,YAAYA,QAAO,MAAM,CAAC;AAChC,YAAU,cAAc,SAAS,MAAM;AACvC,QAAM,OAAOA,QAAO,OAAO,CAAC,YAAYA,QAAO,KAAK,UAAU,GAAG,WAAW,QAAQ,CAAC;AACrF,QAAM,YAAY,eAAe,KAAK,SAAS,QAAQ,CAAC;AAExD,EAAAC,eAAc,GAAG,QAAQ,QAAQ,GAAG,SAAS;AAAA,GAAM,EAAE,MAAM,IAAM,CAAC;AAElE,SAAO;AACT;AAEA,eAAe,kBACb,KACA,YACA,SAC+C;AAC/C,QAAM,cAAc,YAAY,OAAO;AACvC,QAAM,aAAa,aAAa,aAAa,OAAO;AACpD,QAAM,aAAa,sBAAsB,UAAU;AAEnD,QAAM,eAAe,MAAM,0BAA0B,GAAG;AACxD,QAAM,kBAAkB,MAAM,6BAA6B,GAAG;AAC9D,QAAM,YAAY,KAAK,IAAI;AAE3B,SAAO,KAAK,IAAI,IAAI,YAAY,cAAc;AAC5C,QAAI;AAEF,YAAM,gBAAgB,MAAM,MAAM,cAAc;AAAA,QAC9C,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,WAAW,CAAC;AAAA,MAC/C,CAAC;AAED,UAAI,cAAc,IAAI;AACpB,cAAM,EAAE,UAAU,IAAI,MAAM,cAAc,KAAK;AAC/C,cAAM,YAAY,KAAK,MAAMD,QAAO,KAAK,SAAS,GAAG,UAAU,EAAE,SAAS,QAAQ;AAElF,cAAM,WAAW,MAAM,MAAM,iBAAiB;AAAA,UAC5C,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,UAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,YAAY,WAAW,UAAU,CAAC;AAAA,QACrE,CAAC;AAED,YAAI,SAAS,IAAI;AACf,gBAAM,SAAS,MAAM,SAAS,KAAK;AACnC,iBAAO,EAAE,OAAO,OAAO,OAAO,WAAW,OAAO,WAAW;AAAA,QAC7D;AAAA,MACF;AAAA,IACF,QACM;AAAA,IAEN;AAEA,UAAM,IAAI,QAAQ,CAAAE,aAAW,WAAWA,UAAS,aAAa,CAAC;AAAA,EACjE;AAEA,QAAM,IAAI,MAAM,+DAA+D;AACjF;AAEO,IAAM,gBAAgBC,gBAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa,qBAAqBP,gBAAe;AAAA,IACnD;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa,iCAAiC,gBAAgB;AAAA,IAChE;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAElB,UAAM,MAAM,KAAK,OACZ,MAAMQ,UAAQ,OAAO,WAAW,EAAE,MAAM,QAAQ,SAASR,kBAAiB,aAAaA,iBAAgB,CAAC,EAAE,KAAK,OAAK,OAAO,MAAM,WAAW,QAAQ,KAAK,CAAC,IAAI,CAAC,KAC/JA;AAEL,UAAM,YAAY,KAAK,QAClB,MAAMQ,UAAQ,OAAO,cAAc,EAAE,MAAM,QAAQ,aAAa,aAAa,CAAC,EAAE,KAAK,OAAK,OAAO,MAAM,WAAW,QAAQ,KAAK,CAAC,IAAI,CAAC;AAE1I,QAAI,CAAC,WAAW;AACd,MAAAA,UAAQ,MAAM,yBAAyB;AACvC,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,UAAU,KAAK,OAChB,MAAMA,UAAQ,OAAO,eAAe,EAAE,MAAM,QAAQ,SAAS,kBAAkB,aAAa,iBAAiB,CAAC,EAAE,KAAK,OAAK,OAAO,MAAM,WAAW,QAAQ,KAAK,CAAC,IAAI,CAAC,KACrK;AAGL,UAAM,cAAc,YAAY,OAAO;AACvC,QAAI;AAEJ,QAAIL,YAAW,WAAW,GAAG;AAC3B,kBAAY,cAAc,WAAW;AACrC,MAAAK,UAAQ,QAAQ,sBAAsB,OAAO,EAAE;AAAA,IACjD,OACK;AACH,MAAAA,UAAQ,MAAM,kCAAkC,OAAO,KAAK;AAC5D,kBAAY,mBAAmB,OAAO;AACtC,MAAAA,UAAQ,QAAQ,yBAAyB,OAAO,EAAE;AAAA,IACpD;AAGA,UAAM,aAAa,mBAAmB,SAAS;AAC/C,UAAM,YAAY,GAAG,GAAG,gBAAgB,mBAAmB,SAAS,CAAC,QAAQ,UAAU;AAEvF,IAAAA,UAAQ,KAAK,mCAAmC;AAChD,IAAAA,UAAQ,KAAK,UAAK,GAAG,SAAS;AAC9B,IAAAP,aAAY,SAAS;AAQrB,YAAQ,IAAI,EAAE;AACd,UAAM,aAAa,MAAMO,UAAQ;AAAA,MAC/B;AAAA,MACA,EAAE,MAAM,QAAQ,aAAa,SAAS,SAAS,OAAO;AAAA,IACxD,EAAE,KAAK,OAAK,OAAO,MAAM,WAAW,QAAQ,KAAK,CAAC,IAAI,CAAC;AAEvD,QAAI,CAAC,YAAY;AACf,MAAAA,UAAQ,MAAM,+CAA+C;AAC7D,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAGA,IAAAA,UAAQ,MAAM,yBAAyB;AACvC,UAAM,EAAE,OAAO,UAAU,IAAI,MAAM,kBAAkB,KAAK,YAAY,OAAO;AAG7E,aAAS;AAAA,MACP;AAAA,MACA,cAAc;AAAA,MACd,OAAO;AAAA,MACP,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,aAAa;AAAA,IAC5D,CAAC;AAED,UAAM,SAAS,WAAW;AAC1B,WAAO,WAAW,EAAE,GAAG,OAAO,UAAU,IAAI;AAC5C,WAAO,QAAQ,EAAE,KAAK,SAAS,OAAO,WAAW;AACjD,eAAW,MAAM;AAEjB,IAAAA,UAAQ,QAAQ,qBAAqB,UAAU,EAAE;AACjD,IAAAA,UAAQ,QAAQ,iCAAiC;AAEjD,YAAQ,IAAI,EAAE;AACd,IAAAA,UAAQ,KAAK,0BAA0B;AAAA,EACzC;AACF,CAAC;;;ACnOD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AACpB,SAAS,oBAAoB;AAEtB,IAAM,kBAAkBD,gBAAc;AAAA,EAC3C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,SAAS,KAAK;AAEpB,IAAAC,UAAQ,MAAM,mBAAmB,MAAM,KAAK;AAE5C,QAAI;AACF,YAAM,SAAS,MAAM,aAAa,MAAM;AAExC,UAAI,CAAC,QAAQ;AACX,QAAAA,UAAQ,MAAM,6BAA6B,MAAM,EAAE;AACnD,gBAAQ,IAAI,EAAE;AACd,gBAAQ,IAAI,wCAAwC;AACpD,gBAAQ,IAAI,YAAY,MAAM,iCAAiC,MAAM,GAAG;AACxE,eAAO,QAAQ,KAAK,CAAC;AAAA,MACvB;AAEA,MAAAA,UAAQ,QAAQ,UAAU,MAAM,WAAM,OAAO,GAAG,EAAE;AAClD,cAAQ,IAAI,EAAE;AACd,cAAQ,IAAI,eAAe,OAAO,WAAW,QAAQ,EAAE;AACvD,cAAQ,IAAI,eAAe,OAAO,GAAG,EAAE;AACvC,UAAI,OAAO;AACT,gBAAQ,IAAI,eAAe,OAAO,IAAI,EAAE;AAC1C,UAAI,OAAO,aAAa;AACtB,gBAAQ,IAAI,eAAe,OAAO,QAAQ,EAAE;AAG9C,cAAQ,IAAI,EAAE;AACd,MAAAA,UAAQ,MAAM,oBAAoB,OAAO,GAAG,KAAK;AAEjD,YAAM,YAAY,MAAM,MAAM,GAAG,OAAO,GAAG,mCAAmC;AAE9E,UAAI,CAAC,UAAU,IAAI;AACjB,QAAAA,UAAQ,KAAK,yBAAyB,UAAU,MAAM,4BAA4B,OAAO,GAAG,GAAG;AAC/F;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,UAAU,KAAK;AAEnC,MAAAA,UAAQ,QAAQ,kBAAkB;AAClC,cAAQ,IAAI,eAAe,MAAM,MAAM,EAAE;AACzC,cAAQ,IAAI,gBAAgB,MAAM,iBAAiB,GAAG,EAAE;AAExD,UAAI,MAAM,8BAA8B;AACtC,gBAAQ,IAAI,eAAgB,MAAM,6BAA0C,KAAK,IAAI,CAAC,EAAE;AAAA,MAC1F;AAEA,UAAI,MAAM,+BAA+B;AACvC,gBAAQ,IAAI,eAAgB,MAAM,8BAA2C,KAAK,IAAI,CAAC,EAAE;AAAA,MAC3F;AAAA,IACF,SACO,KAAK;AACV,MAAAA,UAAQ,MAAM,qBAAqB,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE;AACrF,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAAA,EACF;AACF,CAAC;;;AxB3CD,IAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS;AAI7C,IAAM,gBAAgBC,gBAAc;AAAA,EAClC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,MAAM;AAAA,IACN,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,sBAAsB;AAAA,IACtB,SAAS;AAAA,IACT,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF,CAAC;AAED,IAAM,gBAAgBA,gBAAc;AAAA,EAClC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,KAAK;AAAA,IACL,KAAK;AAAA,EACP;AACF,CAAC;AAED,IAAM,OAAOA,gBAAc;AAAA,EACzB,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,KAAK;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,KAAK;AAAA,EACP;AACF,CAAC;AAED,QAAQ,IAAI,EAAE,MAAM,CAAC,QAAQ;AAC3B,MAAI,OAAO;AACT,IAAAC,UAAQ,MAAM,GAAG;AAAA,EACnB,OACK;AACH,IAAAA,UAAQ,MAAM,eAAe,WAAW,IAAI,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,EACxG;AACA,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["consola","defineCommand","resolve","readFileSync","sign","loadEd25519PrivateKey","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","defineCommand","defineCommand","consola","defineCommand","consola","hostname","defineCommand","consola","waitForApproval","consola","resolve","defineCommand","hostname","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","loadAdapter","index","hostname","defineCommand","loadAdapter","consola","defineCommand","loadAdapter","consola","token","hostname","defineCommand","extractOption","extractWrappedCommand","loadAdapter","resolveCommand","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","consola","defineCommand","defineCommand","execFileSync","defineCommand","consola","Buffer","existsSync","writeFileSync","execFile","defineCommand","consola","DEFAULT_IDP_URL","openBrowser","execFile","existsSync","Buffer","writeFileSync","resolve","defineCommand","consola","defineCommand","consola","defineCommand","consola"]}
|
|
1
|
+
{"version":3,"sources":["../src/cli.ts","../src/commands/auth/login.ts","../src/commands/auth/logout.ts","../src/commands/auth/whoami.ts","../src/commands/grants/list.ts","../src/commands/grants/inbox.ts","../src/commands/grants/status.ts","../src/commands/grants/request.ts","../src/commands/grants/request-capability.ts","../src/commands/grants/approve.ts","../src/commands/grants/deny.ts","../src/commands/grants/revoke.ts","../src/commands/grants/token.ts","../src/commands/grants/delegate.ts","../src/commands/grants/delegations.ts","../src/commands/adapter/index.ts","../src/commands/run.ts","../src/commands/explain.ts","../src/commands/config/get.ts","../src/commands/config/set.ts","../src/commands/fetch/index.ts","../src/commands/mcp/index.ts","../src/commands/init/index.ts","../src/commands/enroll.ts","../src/commands/dns-check.ts"],"sourcesContent":["import consola from 'consola'\nimport { defineCommand, runMain } from 'citty'\nimport { loginCommand } from './commands/auth/login'\nimport { logoutCommand } from './commands/auth/logout'\nimport { whoamiCommand } from './commands/auth/whoami'\nimport { listCommand } from './commands/grants/list'\nimport { inboxCommand } from './commands/grants/inbox'\nimport { statusCommand } from './commands/grants/status'\nimport { requestCommand } from './commands/grants/request'\nimport { requestCapabilityCommand } from './commands/grants/request-capability'\nimport { approveCommand } from './commands/grants/approve'\nimport { denyCommand } from './commands/grants/deny'\nimport { revokeCommand } from './commands/grants/revoke'\nimport { tokenCommand } from './commands/grants/token'\nimport { delegateCommand } from './commands/grants/delegate'\nimport { delegationsCommand } from './commands/grants/delegations'\nimport { adapterCommand } from './commands/adapter/index'\nimport { runCommand } from './commands/run'\nimport { explainCommand } from './commands/explain'\nimport { configGetCommand } from './commands/config/get'\nimport { configSetCommand } from './commands/config/set'\nimport { fetchCommand } from './commands/fetch/index'\nimport { mcpCommand } from './commands/mcp/index'\nimport { initCommand } from './commands/init/index'\nimport { enrollCommand } from './commands/enroll'\nimport { dnsCheckCommand } from './commands/dns-check'\nimport { ApiError } from './http'\n\nconst debug = process.argv.includes('--debug')\n\ndeclare const __VERSION__: string\n\nconst grantsCommand = defineCommand({\n meta: {\n name: 'grants',\n description: 'Grant management',\n },\n subCommands: {\n list: listCommand,\n inbox: inboxCommand,\n status: statusCommand,\n request: requestCommand,\n 'request-capability': requestCapabilityCommand,\n approve: approveCommand,\n deny: denyCommand,\n revoke: revokeCommand,\n token: tokenCommand,\n delegate: delegateCommand,\n delegations: delegationsCommand,\n },\n})\n\nconst configCommand = defineCommand({\n meta: {\n name: 'config',\n description: 'Configuration management',\n },\n subCommands: {\n get: configGetCommand,\n set: configSetCommand,\n },\n})\n\nconst main = defineCommand({\n meta: {\n name: 'apes',\n version: __VERSION__,\n description: 'Unified CLI for OpenApe',\n },\n subCommands: {\n init: initCommand,\n enroll: enrollCommand,\n 'dns-check': dnsCheckCommand,\n login: loginCommand,\n logout: logoutCommand,\n whoami: whoamiCommand,\n grants: grantsCommand,\n run: runCommand,\n explain: explainCommand,\n adapter: adapterCommand,\n config: configCommand,\n fetch: fetchCommand,\n mcp: mcpCommand,\n },\n})\n\nrunMain(main).catch((err) => {\n if (debug) {\n consola.error(err)\n }\n else {\n consola.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err))\n }\n process.exit(1)\n})\n","import { Buffer } from 'node:buffer'\nimport { execFile } from 'node:child_process'\nimport { createServer } from 'node:http'\nimport { defineCommand } from 'citty'\nimport { generateCodeChallenge, generateCodeVerifier } from '@openape/core'\nimport consola from 'consola'\nimport { loadConfig, saveAuth } from '../../config'\nimport { getAgentAuthenticateEndpoint, getAgentChallengeEndpoint } from '../../http'\n\nconst CALLBACK_PORT = 9876\nconst CLIENT_ID = 'grapes-cli'\n\nexport const loginCommand = defineCommand({\n meta: {\n name: 'login',\n description: 'Authenticate with an OpenApe IdP',\n },\n args: {\n idp: {\n type: 'string',\n description: 'IdP URL (e.g. https://id.openape.at)',\n },\n key: {\n type: 'string',\n description: 'Path to agent private key (agent mode)',\n },\n email: {\n type: 'string',\n description: 'Agent email (for DNS discovery)',\n },\n },\n async run({ args }) {\n const config = loadConfig()\n const idp = args.idp || process.env.APES_IDP || process.env.GRAPES_IDP || config.defaults?.idp\n\n if (!idp) {\n consola.error('IdP URL required. Use --idp <url> or set APES_IDP.')\n return process.exit(1)\n }\n\n if (args.key) {\n await loginWithKey(idp, args.key, args.email)\n }\n else {\n await loginWithPKCE(idp)\n }\n },\n})\n\nfunction openBrowser(url: string) {\n const cmd = process.platform === 'darwin' ? 'open' : process.platform === 'win32' ? 'start' : 'xdg-open'\n execFile(cmd, [url], () => {})\n}\n\nasync function loginWithPKCE(idp: string) {\n const codeVerifier = generateCodeVerifier()\n const codeChallenge = await generateCodeChallenge(codeVerifier)\n const redirectUri = `http://localhost:${CALLBACK_PORT}/callback`\n\n const state = crypto.randomUUID()\n const nonce = crypto.randomUUID()\n\n const authUrl = new URL(`${idp}/authorize`)\n authUrl.searchParams.set('response_type', 'code')\n authUrl.searchParams.set('client_id', CLIENT_ID)\n authUrl.searchParams.set('redirect_uri', redirectUri)\n authUrl.searchParams.set('code_challenge', codeChallenge)\n authUrl.searchParams.set('code_challenge_method', 'S256')\n authUrl.searchParams.set('state', state)\n authUrl.searchParams.set('nonce', nonce)\n authUrl.searchParams.set('scope', 'openid email profile offline_access')\n\n // Start local callback server\n const code = await new Promise<string>((resolve, reject) => {\n const server = createServer((req, res) => {\n const url = new URL(req.url!, `http://localhost:${CALLBACK_PORT}`)\n if (url.pathname === '/callback') {\n const authCode = url.searchParams.get('code')\n const error = url.searchParams.get('error')\n\n if (error) {\n res.writeHead(200, { 'Content-Type': 'text/html' })\n res.end('<h1>Login failed</h1><p>You can close this window.</p>')\n server.close()\n reject(new Error(`Auth error: ${error}`))\n return\n }\n\n if (authCode) {\n res.writeHead(200, { 'Content-Type': 'text/html' })\n res.end('<h1>Login successful!</h1><p>You can close this window.</p>')\n server.close()\n resolve(authCode)\n return\n }\n\n res.writeHead(400)\n res.end('Missing code')\n }\n else {\n res.writeHead(404)\n res.end()\n }\n })\n\n server.listen(CALLBACK_PORT, () => {\n consola.info(`Opening browser for login at ${idp}...`)\n openBrowser(authUrl.toString())\n })\n\n // Timeout after 5 minutes\n const timeout = setTimeout(() => {\n server.close()\n reject(new Error('Login timed out'))\n }, 300_000)\n timeout.unref()\n })\n\n // Exchange code for tokens\n const tokenResponse = await fetch(`${idp}/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n grant_type: 'authorization_code',\n code,\n code_verifier: codeVerifier,\n redirect_uri: redirectUri,\n client_id: CLIENT_ID,\n }),\n })\n\n if (!tokenResponse.ok) {\n const text = await tokenResponse.text()\n consola.error(`Token exchange failed: ${text}`)\n return process.exit(1)\n }\n\n const tokens = await tokenResponse.json() as {\n access_token?: string\n id_token?: string\n refresh_token?: string\n expires_in?: number\n assertion?: string\n }\n\n const accessToken = tokens.access_token || tokens.id_token || tokens.assertion\n if (!accessToken) {\n consola.error('No access token received')\n return process.exit(1)\n }\n\n // Decode JWT to get email\n const payload = JSON.parse(atob(accessToken.split('.')[1]!))\n\n saveAuth({\n idp,\n access_token: accessToken,\n ...(tokens.refresh_token ? { refresh_token: tokens.refresh_token } : {}),\n email: payload.email || payload.sub,\n expires_at: Math.floor(Date.now() / 1000) + (tokens.expires_in || 3600),\n })\n\n consola.success(`Logged in as ${payload.email || payload.sub}`)\n}\n\nasync function loginWithKey(idp: string, keyPath: string, email?: string) {\n const { readFileSync } = await import('node:fs')\n const { sign } = await import('node:crypto')\n const { loadEd25519PrivateKey } = await import('../../ssh-key.js')\n\n const agentEmail = email\n if (!agentEmail) {\n consola.error('Agent email required for key-based login. Use --email <agent-email>')\n return process.exit(1)\n }\n\n // Use challenge-response auth (endpoint resolved via OIDC discovery)\n const challengeUrl = await getAgentChallengeEndpoint(idp)\n const challengeResp = await fetch(challengeUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ agent_id: agentEmail }),\n })\n\n if (!challengeResp.ok) {\n consola.error(`Challenge failed: ${await challengeResp.text()}`)\n return process.exit(1)\n }\n\n const { challenge } = await challengeResp.json() as { challenge: string }\n\n // Sign challenge with Ed25519 private key (supports OpenSSH + PKCS8 format)\n const keyContent = readFileSync(keyPath, 'utf-8')\n const privateKey = loadEd25519PrivateKey(keyContent)\n const signature = sign(null, Buffer.from(challenge), privateKey).toString('base64')\n\n // Authenticate (endpoint resolved via OIDC discovery)\n const authenticateUrl = await getAgentAuthenticateEndpoint(idp)\n const authResp = await fetch(authenticateUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n agent_id: agentEmail,\n challenge,\n signature,\n }),\n })\n\n if (!authResp.ok) {\n consola.error(`Authentication failed: ${await authResp.text()}`)\n return process.exit(1)\n }\n\n const { token, expires_in } = await authResp.json() as { token: string, expires_in: number }\n\n saveAuth({\n idp,\n access_token: token,\n email: agentEmail,\n expires_at: Math.floor(Date.now() / 1000) + (expires_in || 3600),\n })\n\n consola.success(`Logged in as ${agentEmail} (agent)`)\n}\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { clearAuth } from '../../config'\n\nexport const logoutCommand = defineCommand({\n meta: {\n name: 'logout',\n description: 'Clear stored credentials',\n },\n run() {\n clearAuth()\n consola.success('Logged out.')\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { loadAuth } from '../../config'\n\nexport const whoamiCommand = defineCommand({\n meta: {\n name: 'whoami',\n description: 'Show current identity',\n },\n run() {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const isAgent = auth.email.includes('agent+')\n const expiresAt = new Date(auth.expires_at * 1000).toISOString()\n const isExpired = Date.now() / 1000 > auth.expires_at\n\n console.log(`Email: ${auth.email}`)\n console.log(`Type: ${isAgent ? 'agent' : 'human'}`)\n console.log(`IdP: ${auth.idp}`)\n console.log(`Token: ${isExpired ? '⚠ EXPIRED' : 'valid'} (until ${expiresAt})`)\n\n if (isExpired) {\n consola.warn('Token is expired. Run `apes login` to re-authenticate.')\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\ninterface Grant {\n id: string\n type: string\n status: string\n requester: string\n owner: string\n request: {\n command?: string[]\n grant_type?: string\n reason?: string\n }\n created_at?: string\n}\n\ninterface PaginatedGrants {\n data: Grant[]\n pagination: {\n cursor: string | null\n has_more: boolean\n }\n}\n\nexport const listCommand = defineCommand({\n meta: {\n name: 'list',\n description: 'List your grants (as requester)',\n },\n args: {\n status: {\n type: 'string',\n description: 'Filter by status (pending, approved, denied, revoked, used)',\n },\n all: {\n type: 'boolean',\n description: 'Show all visible grants (not just your own)',\n default: false,\n },\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n limit: {\n type: 'string',\n description: 'Max results (default 20, max 100)',\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()\n if (!idp) {\n consola.error('No IdP URL configured. Run `apes login` first or pass --idp.')\n return process.exit(1)\n }\n\n const auth = loadAuth()\n\n const grantsUrl = await getGrantsEndpoint(idp)\n const params = new URLSearchParams()\n if (args.status)\n params.set('status', args.status)\n if (args.limit)\n params.set('limit', args.limit)\n const query = params.toString() ? `?${params.toString()}` : ''\n\n const response = await apiFetch<PaginatedGrants>(`${grantsUrl}${query}`)\n\n let grants = response.data\n\n // Filter to own grants unless --all\n if (!args.all && auth?.email) {\n grants = grants.filter(g => g.requester === auth.email)\n }\n\n if (args.json) {\n console.log(JSON.stringify(args.all ? response : { ...response, data: grants }, null, 2))\n return\n }\n\n if (grants.length === 0) {\n consola.info(args.all ? 'No grants found.' : 'No grants found. Use --all to see all visible grants.')\n return\n }\n\n for (const grant of grants) {\n const cmd = grant.request?.command?.join(' ') || '(no command)'\n const type = grant.request?.grant_type || grant.type\n console.log(`${grant.id} ${grant.status.padEnd(8)} ${type.padEnd(6)} ${cmd}`)\n if (grant.request?.reason) {\n console.log(` Reason: ${grant.request.reason}`)\n }\n }\n\n if (response.pagination.has_more) {\n consola.info('More results available. Use --limit or pagination cursor.')\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\ninterface Grant {\n id: string\n type: string\n status: string\n requester: string\n owner: string\n request: {\n command?: string[]\n grant_type?: string\n reason?: string\n }\n created_at?: string\n}\n\ninterface PaginatedGrants {\n data: Grant[]\n pagination: {\n cursor: string | null\n has_more: boolean\n }\n}\n\nexport const inboxCommand = defineCommand({\n meta: {\n name: 'inbox',\n description: 'Show grants awaiting your approval',\n },\n args: {\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n limit: {\n type: 'string',\n description: 'Max results (default 20, max 100)',\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()\n if (!idp) {\n consola.error('No IdP URL configured. Run `apes login` first.')\n return process.exit(1)\n }\n\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const grantsUrl = await getGrantsEndpoint(idp)\n const params = new URLSearchParams()\n params.set('status', 'pending')\n if (args.limit)\n params.set('limit', args.limit)\n const query = `?${params.toString()}`\n\n const response = await apiFetch<PaginatedGrants>(`${grantsUrl}${query}`)\n\n // Filter out own requests — inbox shows only grants from others\n const grants = response.data.filter(g => g.requester !== auth.email)\n\n if (args.json) {\n console.log(JSON.stringify({ ...response, data: grants }, null, 2))\n return\n }\n\n if (grants.length === 0) {\n consola.info('No pending grants to approve.')\n return\n }\n\n consola.info(`${grants.length} grant(s) awaiting approval:\\n`)\n\n for (const grant of grants) {\n const cmd = grant.request?.command?.join(' ') || '(no command)'\n const type = grant.request?.grant_type || grant.type\n console.log(`${grant.id} ${type.padEnd(6)} from ${grant.requester}`)\n console.log(` Command: ${cmd}`)\n if (grant.request?.reason) {\n console.log(` Reason: ${grant.request.reason}`)\n }\n if (grant.created_at) {\n console.log(` Created: ${grant.created_at}`)\n }\n console.log()\n }\n\n consola.info('Use `apes grants approve <id>` or `apes grants deny <id>` to respond.')\n },\n})\n","import { defineCommand } from 'citty'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\ninterface GrantDetail {\n id: string\n type: string\n status: string\n requester: string\n owner: string\n approver?: string\n request: {\n command?: string[]\n grant_type?: string\n reason?: string\n }\n created_at?: string\n decided_at?: string\n decided_by?: string\n expires_at?: string\n}\n\nexport const statusCommand = defineCommand({\n meta: {\n name: 'status',\n description: 'Show grant status',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID',\n required: true,\n },\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n const grant = await apiFetch<GrantDetail>(`${grantsUrl}/${args.id}`)\n\n if (args.json) {\n console.log(JSON.stringify(grant, null, 2))\n return\n }\n\n console.log(`Grant: ${grant.id}`)\n console.log(`Status: ${grant.status}`)\n console.log(`Type: ${grant.type}`)\n console.log(`Requester: ${grant.requester}`)\n console.log(`Owner: ${grant.owner}`)\n if (grant.approver)\n console.log(`Approver: ${grant.approver}`)\n if (grant.request?.command)\n console.log(`Command: ${grant.request.command.join(' ')}`)\n if (grant.request?.grant_type)\n console.log(`Approval: ${grant.request.grant_type}`)\n if (grant.request?.reason)\n console.log(`Reason: ${grant.request.reason}`)\n if (grant.decided_by)\n console.log(`Decided by: ${grant.decided_by}`)\n if (grant.decided_at)\n console.log(`Decided at: ${grant.decided_at}`)\n if (grant.expires_at)\n console.log(`Expires: ${grant.expires_at}`)\n },\n})\n","import { hostname } from 'node:os'\nimport { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { parseDuration } from '../../duration'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nexport const requestCommand = defineCommand({\n meta: {\n name: 'request',\n description: 'Request a new grant',\n },\n args: {\n command: {\n type: 'positional',\n description: 'Command to request permission for',\n required: true,\n },\n audience: {\n type: 'string',\n description: 'Service identifier (e.g. \"escapes\", \"proxy\")',\n required: true,\n },\n host: {\n type: 'string',\n description: 'Target host (default: system hostname)',\n },\n reason: {\n type: 'string',\n description: 'Reason for the request',\n },\n approval: {\n type: 'string',\n description: 'Approval type: once, timed, always',\n default: 'once',\n },\n duration: {\n type: 'string',\n description: 'Duration for timed grants (e.g. 30m, 1h, 7d)',\n },\n 'run-as': {\n type: 'string',\n description: 'Execute as this user (e.g. openclaw, root)',\n },\n wait: {\n type: 'boolean',\n description: 'Wait for approval',\n default: false,\n },\n },\n async run({ args }) {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n const command = args.command.split(' ')\n const targetHost = args.host || hostname()\n\n const duration = args.duration ? parseDuration(args.duration) : undefined\n\n const grant = await apiFetch<{ id: string, status: string }>(grantsUrl, {\n method: 'POST',\n body: {\n requester: auth.email,\n target_host: targetHost,\n audience: args.audience,\n grant_type: args.approval,\n command,\n reason: args.reason || command.join(' '),\n ...(duration != null ? { duration } : {}),\n ...(args['run-as'] ? { run_as: args['run-as'] } : {}),\n },\n })\n\n consola.success(`Grant requested: ${grant.id} (status: ${grant.status})`)\n\n if (args.wait) {\n consola.info('Waiting for approval...')\n await waitForApproval(grantsUrl, grant.id)\n }\n },\n})\n\nasync function waitForApproval(grantsUrl: string, grantId: string): Promise<void> {\n const maxWait = 300_000 // 5 minutes\n const interval = 3_000\n const start = Date.now()\n\n while (Date.now() - start < maxWait) {\n const grant = await apiFetch<{ status: string }>(`${grantsUrl}/${grantId}`)\n\n if (grant.status === 'approved') {\n consola.success('Grant approved!')\n return\n }\n if (grant.status === 'denied') {\n consola.error('Grant denied.')\n return process.exit(1)\n }\n if (grant.status === 'revoked') {\n consola.error('Grant revoked.')\n return process.exit(1)\n }\n\n await new Promise(r => setTimeout(r, interval))\n }\n\n consola.error('Timed out waiting for approval.')\n return process.exit(1)\n}\n","import { hostname } from 'node:os'\nimport { buildStructuredCliGrantRequest, loadAdapter, resolveCapabilityRequest } from '@openape/shapes'\nimport { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { parseDuration } from '../../duration'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nfunction parseCapabilityArgs(rawArgs: string[]): {\n cliId: string\n adapter?: string\n idp?: string\n approval: 'once' | 'timed' | 'always'\n reason?: string\n duration?: number\n runAs?: string\n wait: boolean\n resources: string[]\n selectors: string[]\n actions: string[]\n} {\n const tokens = [...rawArgs]\n if (tokens[0] === 'request-capability') {\n tokens.shift()\n }\n\n const cliId = tokens.shift()\n if (!cliId || cliId.startsWith('-')) {\n throw new Error('Missing CLI identifier')\n }\n\n const resources: string[] = []\n const selectors: string[] = []\n const actions: string[] = []\n let adapter: string | undefined\n let idp: string | undefined\n let approval: 'once' | 'timed' | 'always' = 'once'\n let reason: string | undefined\n let duration: number | undefined\n let runAs: string | undefined\n let wait = false\n\n for (let index = 0; index < tokens.length; index += 1) {\n const token = tokens[index]!\n const next = tokens[index + 1]\n switch (token) {\n case '--resource':\n if (!next)\n throw new Error('Missing value for --resource')\n resources.push(next)\n index += 1\n break\n case '--selector':\n if (!next)\n throw new Error('Missing value for --selector')\n selectors.push(next)\n index += 1\n break\n case '--action':\n if (!next)\n throw new Error('Missing value for --action')\n actions.push(next)\n index += 1\n break\n case '--adapter':\n if (!next)\n throw new Error('Missing value for --adapter')\n adapter = next\n index += 1\n break\n case '--idp':\n if (!next)\n throw new Error('Missing value for --idp')\n idp = next\n index += 1\n break\n case '--approval':\n if (!next || !['once', 'timed', 'always'].includes(next)) {\n throw new Error('Approval must be one of: once, timed, always')\n }\n approval = next as 'once' | 'timed' | 'always'\n index += 1\n break\n case '--reason':\n if (!next)\n throw new Error('Missing value for --reason')\n reason = next\n index += 1\n break\n case '--duration':\n if (!next)\n throw new Error('Missing value for --duration')\n duration = parseDuration(next)\n index += 1\n break\n case '--run-as':\n if (!next)\n throw new Error('Missing value for --run-as')\n runAs = next\n index += 1\n break\n case '--wait':\n wait = true\n break\n default:\n throw new Error(`Unknown argument: ${token}`)\n }\n }\n\n return {\n cliId,\n adapter,\n idp,\n approval,\n reason,\n duration,\n runAs,\n wait,\n resources,\n selectors,\n actions,\n }\n}\n\nasync function waitForApproval(grantsUrl: string, grantId: string): Promise<void> {\n const maxWait = 300_000\n const interval = 3_000\n const start = Date.now()\n\n while (Date.now() - start < maxWait) {\n const grant = await apiFetch<{ status: string }>(`${grantsUrl}/${grantId}`)\n if (grant.status === 'approved') {\n consola.success('Grant approved!')\n return\n }\n if (grant.status === 'denied') {\n consola.error('Grant denied.')\n process.exit(1)\n }\n if (grant.status === 'revoked') {\n consola.error('Grant revoked.')\n process.exit(1)\n }\n await new Promise(resolve => setTimeout(resolve, interval))\n }\n\n consola.error('Timed out waiting for approval.')\n process.exit(1)\n}\n\nexport const requestCapabilityCommand = defineCommand({\n meta: {\n name: 'request-capability',\n description: 'Request a structured CLI capability grant',\n },\n args: {\n 'cliId': {\n type: 'positional',\n description: 'CLI adapter identifier (e.g. docker, kubectl)',\n required: true,\n },\n 'resource': {\n type: 'string',\n description: 'Resource scope (repeatable)',\n },\n 'selector': {\n type: 'string',\n description: 'Selector filter (repeatable)',\n },\n 'action': {\n type: 'string',\n description: 'Action to permit (repeatable)',\n },\n 'adapter': {\n type: 'string',\n description: 'Explicit path to adapter TOML file',\n },\n 'idp': {\n type: 'string',\n description: 'IdP URL',\n },\n 'approval': {\n type: 'string',\n description: 'Approval type: once, timed, always',\n default: 'once',\n },\n 'reason': {\n type: 'string',\n description: 'Reason for the request',\n },\n 'duration': {\n type: 'string',\n description: 'Duration for timed grants (e.g. 30m, 1h, 7d)',\n },\n 'run-as': {\n type: 'string',\n description: 'Execute as this user (e.g. root)',\n },\n 'wait': {\n type: 'boolean',\n description: 'Wait for approval before returning',\n default: false,\n },\n },\n async run({ rawArgs }) {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const parsed = parseCapabilityArgs(rawArgs)\n const idp = getIdpUrl(parsed.idp)\n if (!idp) {\n consola.error('No IdP URL configured. Use --idp or log in first.')\n return process.exit(1)\n }\n\n const loaded = loadAdapter(parsed.cliId, parsed.adapter)\n const resolved = resolveCapabilityRequest(loaded, {\n resources: parsed.resources,\n selectors: parsed.selectors,\n actions: parsed.actions,\n })\n\n const { request } = await buildStructuredCliGrantRequest(resolved, {\n requester: auth.email,\n target_host: hostname(),\n grant_type: parsed.approval,\n ...(parsed.reason ? { reason: parsed.reason } : {}),\n })\n\n if (parsed.duration != null) {\n request.duration = parsed.duration\n }\n if (parsed.runAs) {\n request.run_as = parsed.runAs\n }\n\n const grantsUrl = await getGrantsEndpoint(idp)\n const grant = await apiFetch<{ id: string, status: string }>(grantsUrl, {\n method: 'POST',\n idp,\n body: request,\n })\n\n consola.success(`Grant requested: ${grant.id} (status: ${grant.status})`)\n\n if (parsed.wait) {\n consola.info('Waiting for approval...')\n await waitForApproval(grantsUrl, grant.id)\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nexport const approveCommand = defineCommand({\n meta: {\n name: 'approve',\n description: 'Approve a grant request',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID',\n required: true,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n await apiFetch(`${grantsUrl}/${args.id}/approve`, {\n method: 'POST',\n })\n consola.success(`Grant ${args.id} approved.`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nexport const denyCommand = defineCommand({\n meta: {\n name: 'deny',\n description: 'Deny a grant request',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID',\n required: true,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n await apiFetch(`${grantsUrl}/${args.id}/deny`, {\n method: 'POST',\n })\n consola.success(`Grant ${args.id} denied.`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\ninterface Grant {\n id: string\n status: string\n requester: string\n request: { command?: string[] }\n}\n\ninterface PaginatedGrants {\n data: Grant[]\n pagination: { cursor: string | null, has_more: boolean }\n}\n\ninterface BatchResult {\n id: string\n status: string\n success: boolean\n error?: { title: string }\n}\n\nexport const revokeCommand = defineCommand({\n meta: {\n name: 'revoke',\n description: 'Revoke one or more grants',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID(s) to revoke',\n required: false,\n },\n allPending: {\n type: 'boolean',\n description: 'Revoke all own pending grants',\n default: false,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n\n const explicitIds = args.id\n ? [String(args.id), ...args._].filter(Boolean)\n : []\n\n if (args.allPending && explicitIds.length > 0) {\n consola.error('Use either --all-pending or grant IDs, not both.')\n return process.exit(1)\n }\n\n let ids: string[]\n\n if (args.allPending) {\n const auth = loadAuth()\n const response = await apiFetch<PaginatedGrants>(\n `${grantsUrl}?status=pending&limit=100`,\n )\n const ownPending = auth?.email\n ? response.data.filter(g => g.requester === auth.email)\n : response.data\n if (ownPending.length === 0) {\n consola.info('No pending grants to revoke.')\n return\n }\n ids = ownPending.map(g => g.id)\n consola.info(`Found ${ids.length} pending grant(s) to revoke.`)\n }\n else if (explicitIds.length > 0) {\n ids = explicitIds\n }\n else {\n consola.error('Provide grant ID(s) or use --all-pending.')\n return process.exit(1)\n }\n\n // Single grant: use direct endpoint\n if (ids.length === 1) {\n await apiFetch(`${grantsUrl}/${ids[0]}/revoke`, { method: 'POST' })\n consola.success(`Grant ${ids[0]} revoked.`)\n return\n }\n\n // Multiple grants: use batch endpoint\n const operations = ids.map(id => ({ id, action: 'revoke' as const }))\n const { results } = await apiFetch<{ results: BatchResult[] }>(\n `${grantsUrl}/batch`,\n { method: 'POST', body: { operations } },\n )\n\n let succeeded = 0\n for (const r of results) {\n if (r.success) {\n consola.success(`Grant ${r.id} revoked.`)\n succeeded++\n }\n else {\n consola.error(`Grant ${r.id}: ${r.error?.title || 'Failed'}`)\n }\n }\n\n if (succeeded < results.length) {\n consola.info(`Revoked ${succeeded} of ${results.length} grants.`)\n process.exit(1)\n }\n else {\n consola.success(`All ${succeeded} grants revoked.`)\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getGrantsEndpoint } from '../../http'\n\nexport const tokenCommand = defineCommand({\n meta: {\n name: 'token',\n description: 'Get grant token JWT',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Grant ID',\n required: true,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const grantsUrl = await getGrantsEndpoint(idp)\n const result = await apiFetch<{ authz_jwt: string }>(`${grantsUrl}/${args.id}/token`, {\n method: 'POST',\n })\n\n if (!result.authz_jwt) {\n consola.error('No token received. Grant may not be approved.')\n return process.exit(1)\n }\n\n // Output raw token to stdout (pipeable)\n process.stdout.write(result.authz_jwt)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../../config'\nimport { apiFetch, getDelegationsEndpoint } from '../../http'\n\nexport const delegateCommand = defineCommand({\n meta: {\n name: 'delegate',\n description: 'Create a delegation',\n },\n args: {\n to: {\n type: 'string',\n description: 'Delegate email (who can act on your behalf)',\n required: true,\n },\n at: {\n type: 'string',\n description: 'Service/audience where delegation applies',\n required: true,\n },\n scopes: {\n type: 'string',\n description: 'Comma-separated scopes',\n },\n approval: {\n type: 'string',\n description: 'Approval type: once, timed, always',\n default: 'once',\n },\n expires: {\n type: 'string',\n description: 'Expiration date (ISO 8601)',\n },\n },\n async run({ args }) {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const idp = getIdpUrl()!\n const delegationsUrl = await getDelegationsEndpoint(idp)\n\n const body: Record<string, unknown> = {\n delegate: args.to,\n audience: args.at,\n approval: args.approval,\n }\n\n if (args.scopes) {\n body.scopes = args.scopes.split(',').map(s => s.trim())\n }\n\n if (args.expires) {\n body.expires_at = args.expires\n }\n\n const result = await apiFetch<{ id: string }>(delegationsUrl, {\n method: 'POST',\n body,\n })\n\n consola.success(`Delegation created: ${result.id}`)\n console.log(` Delegate: ${args.to}`)\n console.log(` Audience: ${args.at}`)\n if (args.scopes)\n console.log(` Scopes: ${args.scopes}`)\n console.log(` Approval: ${args.approval}`)\n if (args.expires)\n console.log(` Expires: ${args.expires}`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl } from '../../config'\nimport { apiFetch, getDelegationsEndpoint } from '../../http'\n\ninterface Delegation {\n id: string\n delegator: string\n delegate: string\n audience: string\n scopes?: string[]\n approval: string\n created_at?: string\n expires_at?: string\n}\n\nexport const delegationsCommand = defineCommand({\n meta: {\n name: 'delegations',\n description: 'List delegations',\n },\n args: {\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n },\n async run({ args }) {\n const idp = getIdpUrl()!\n const delegationsUrl = await getDelegationsEndpoint(idp)\n const delegations = await apiFetch<Delegation[]>(delegationsUrl)\n\n if (args.json) {\n console.log(JSON.stringify(delegations, null, 2))\n return\n }\n\n if (delegations.length === 0) {\n consola.info('No delegations found.')\n return\n }\n\n for (const d of delegations) {\n const scopes = d.scopes?.join(', ') || '(all)'\n const expires = d.expires_at ? ` expires ${d.expires_at}` : ''\n console.log(`${d.id} ${d.delegator} → ${d.delegate} at ${d.audience} [${scopes}]${expires}`)\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport {\n fetchRegistry,\n findAdapter,\n findConflictingAdapters,\n getInstalledDigest,\n installAdapter,\n isInstalled,\n loadAdapter,\n removeAdapter,\n searchAdapters,\n} from '@openape/shapes'\n\nexport const adapterCommand = defineCommand({\n meta: {\n name: 'adapter',\n description: 'Manage CLI adapters',\n },\n subCommands: {\n list: defineCommand({\n meta: {\n name: 'list',\n description: 'List available adapters',\n },\n args: {\n remote: {\n type: 'boolean',\n description: 'List adapters from the remote registry',\n default: false,\n },\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const forceRefresh = Boolean(args.refresh)\n if (args.remote) {\n const index = await fetchRegistry(forceRefresh)\n if (args.json) {\n process.stdout.write(`${JSON.stringify(index.adapters, null, 2)}\\n`)\n return\n }\n consola.info(`Registry: ${index.adapters.length} adapters (${index.generated_at})`)\n for (const a of index.adapters) {\n const installed = isInstalled(a.id, false) ? ' [installed]' : ''\n console.log(` ${a.id.padEnd(12)} ${a.name.padEnd(24)} ${a.category}${installed}`)\n }\n return\n }\n\n const index = await fetchRegistry(forceRefresh)\n const local: { id: string, source: string, digest: string }[] = []\n for (const a of index.adapters) {\n try {\n const loaded = loadAdapter(a.id)\n local.push({ id: a.id, source: loaded.source, digest: loaded.digest })\n }\n catch {\n // not installed locally\n }\n }\n\n if (args.json) {\n process.stdout.write(`${JSON.stringify(local, null, 2)}\\n`)\n return\n }\n\n if (local.length === 0) {\n consola.info('No adapters installed. Use `apes adapter list --remote` to see available adapters.')\n return\n }\n\n for (const a of local) {\n console.log(` ${a.id.padEnd(12)} ${a.source}`)\n }\n },\n }),\n\n install: defineCommand({\n meta: {\n name: 'install',\n description: 'Install an adapter from the registry',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID to install',\n required: true,\n },\n local: {\n type: 'boolean',\n description: 'Install to project-local .openape/ instead of ~/.openape/',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const ids = [String(args.id), ...args._].filter(Boolean)\n const local = Boolean(args.local)\n const index = await fetchRegistry(Boolean(args.refresh))\n\n for (const id of ids) {\n const entry = findAdapter(index, id)\n if (!entry) {\n consola.error(`Adapter \"${id}\" not found in registry. Use \\`apes adapter search ${id}\\` to search.`)\n continue\n }\n\n const conflicts = findConflictingAdapters(entry.executable, id)\n if (conflicts.length > 0) {\n for (const c of conflicts) {\n consola.warn(`Conflicting adapter found: ${c.path} (id: ${c.adapterId}, executable: ${c.executable})`)\n consola.warn(` Remove it with: apes adapter remove ${c.adapterId}`)\n }\n }\n\n const result = await installAdapter(entry, { local })\n const verb = result.updated ? 'Updated' : 'Installed'\n consola.success(`${verb} ${result.id} → ${result.path}`)\n consola.info(`Digest: ${result.digest}`)\n }\n },\n }),\n\n remove: defineCommand({\n meta: {\n name: 'remove',\n description: 'Remove an installed adapter',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID to remove',\n required: true,\n },\n local: {\n type: 'boolean',\n description: 'Remove from project-local .openape/',\n default: false,\n },\n },\n async run({ args }) {\n const ids = [String(args.id), ...args._].filter(Boolean)\n const local = Boolean(args.local)\n let failed = false\n\n for (const id of ids) {\n if (removeAdapter(id, local)) {\n consola.success(`Removed adapter: ${id}`)\n }\n else {\n consola.error(`Adapter \"${id}\" is not installed${local ? ' locally' : ''}`)\n failed = true\n }\n }\n\n if (failed)\n process.exit(1)\n },\n }),\n\n info: defineCommand({\n meta: {\n name: 'info',\n description: 'Show detailed adapter information',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID',\n required: true,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const id = String(args.id)\n const index = await fetchRegistry(Boolean(args.refresh))\n const entry = findAdapter(index, id)\n if (!entry)\n throw new Error(`Adapter \"${id}\" not found in registry`)\n\n console.log(`ID: ${entry.id}`)\n console.log(`Name: ${entry.name}`)\n console.log(`Description: ${entry.description}`)\n console.log(`Category: ${entry.category}`)\n console.log(`Tags: ${entry.tags.join(', ')}`)\n console.log(`Author: ${entry.author}`)\n console.log(`Executable: ${entry.executable}`)\n console.log(`Digest: ${entry.digest}`)\n console.log(`Min version: ${entry.min_shapes_version}`)\n console.log(`URL: ${entry.download_url}`)\n\n const localDigest = getInstalledDigest(id, false)\n if (localDigest) {\n const upToDate = localDigest === entry.digest\n console.log(`Installed: yes${upToDate ? ' (up to date)' : ' (update available)'}`)\n }\n else {\n console.log(`Installed: no`)\n }\n },\n }),\n\n search: defineCommand({\n meta: {\n name: 'search',\n description: 'Search adapters in the registry',\n },\n args: {\n query: {\n type: 'positional',\n description: 'Search query',\n required: true,\n },\n json: {\n type: 'boolean',\n description: 'Output as JSON',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const query = String(args.query)\n const index = await fetchRegistry(Boolean(args.refresh))\n const results = searchAdapters(index, query)\n\n if (args.json) {\n process.stdout.write(`${JSON.stringify(results, null, 2)}\\n`)\n return\n }\n\n if (results.length === 0) {\n consola.info(`No adapters matching \"${query}\"`)\n return\n }\n\n for (const a of results) {\n console.log(` ${a.id.padEnd(12)} ${a.name.padEnd(24)} ${a.category}`)\n console.log(` ${a.description}`)\n }\n },\n }),\n\n update: defineCommand({\n meta: {\n name: 'update',\n description: 'Update installed adapters',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID (omit to update all)',\n },\n yes: {\n type: 'boolean',\n description: 'Skip confirmation',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: true,\n },\n },\n async run({ args }) {\n const index = await fetchRegistry(Boolean(args.refresh))\n const targetId = args.id ? String(args.id) : undefined\n const targets = targetId\n ? [targetId]\n : index.adapters.map(a => a.id).filter(id => isInstalled(id, false))\n\n if (targets.length === 0) {\n consola.info('No adapters installed to update.')\n return\n }\n\n for (const id of targets) {\n const entry = findAdapter(index, id)\n if (!entry) {\n consola.warn(`${id}: not found in registry, skipping`)\n continue\n }\n\n const localDigest = getInstalledDigest(id, false)\n if (localDigest === entry.digest) {\n consola.info(`${id}: already up to date`)\n continue\n }\n\n if (localDigest && !args.yes) {\n consola.warn(`${id}: digest will change — existing grants for this adapter will be invalidated`)\n consola.info(` Old: ${localDigest}`)\n consola.info(` New: ${entry.digest}`)\n consola.info(' Use --yes to confirm')\n continue\n }\n\n const result = await installAdapter(entry)\n consola.success(`Updated ${result.id} → ${result.path}`)\n }\n },\n }),\n\n verify: defineCommand({\n meta: {\n name: 'verify',\n description: 'Verify installed adapter against registry digest',\n },\n args: {\n id: {\n type: 'positional',\n description: 'Adapter ID',\n required: true,\n },\n local: {\n type: 'boolean',\n description: 'Check project-local adapter',\n default: false,\n },\n refresh: {\n type: 'boolean',\n description: 'Force refresh the registry cache',\n default: false,\n },\n },\n async run({ args }) {\n const id = String(args.id)\n const local = Boolean(args.local)\n const index = await fetchRegistry(Boolean(args.refresh))\n const entry = findAdapter(index, id)\n if (!entry)\n throw new Error(`Adapter \"${id}\" not found in registry`)\n\n const localDigest = getInstalledDigest(id, local)\n if (!localDigest)\n throw new Error(`Adapter \"${id}\" is not installed${local ? ' locally' : ''}`)\n\n if (localDigest === entry.digest) {\n consola.success(`${id}: digest matches registry`)\n }\n else {\n consola.error(`${id}: digest mismatch`)\n console.log(` Local: ${localDigest}`)\n console.log(` Registry: ${entry.digest}`)\n process.exit(1)\n }\n },\n }),\n },\n})\n","import { execFileSync } from 'node:child_process'\nimport { hostname } from 'node:os'\nimport { defineCommand } from 'citty'\nimport {\n createShapesGrant,\n extractOption,\n extractWrappedCommand,\n fetchGrantToken,\n findExistingGrant,\n loadAdapter,\n resolveCommand,\n verifyAndExecute,\n waitForGrantStatus,\n} from '@openape/shapes'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth } from '../config'\nimport { apiFetch, getGrantsEndpoint } from '../http'\n\nexport const runCommand = defineCommand({\n meta: {\n name: 'run',\n description: 'Execute a grant-secured command',\n },\n args: {\n 'approval': {\n type: 'string',\n description: 'Approval type: once, timed, always',\n default: 'once',\n },\n 'reason': {\n type: 'string',\n description: 'Reason for the grant request',\n },\n 'adapter': {\n type: 'string',\n description: 'Explicit path to adapter TOML file',\n },\n 'as': {\n type: 'string',\n description: 'Execute as this user (delegates to escapes)',\n },\n 'host': {\n type: 'string',\n description: 'Target host (default: system hostname)',\n },\n 'escapes-path': {\n type: 'string',\n description: 'Path to escapes binary',\n default: 'escapes',\n },\n 'idp': {\n type: 'string',\n description: 'IdP URL',\n },\n '_': {\n type: 'positional',\n description: 'Command to execute (after --)',\n required: false,\n },\n },\n async run({ rawArgs, args }) {\n const wrappedCommand = extractWrappedCommand(rawArgs ?? [])\n\n if (wrappedCommand.length > 0) {\n // Adapter mode: apes run [options] -- <cli> <args...>\n await runAdapterMode(wrappedCommand, rawArgs ?? [], args)\n }\n else {\n // Audience mode: apes run <audience> <action>\n // Extract audience and action from rawArgs (before --)\n const positionals = extractPositionals(rawArgs ?? [])\n if (positionals.length < 2)\n throw new Error('Usage: apes run -- <cli> <args...> OR apes run <audience> <action>')\n await runAudienceMode(positionals[0]!, positionals[1]!, args)\n }\n },\n})\n\nfunction extractPositionals(rawArgs: string[]): string[] {\n const positionals: string[] = []\n const delimiter = rawArgs.indexOf('--')\n const args = delimiter >= 0 ? rawArgs.slice(0, delimiter) : rawArgs\n\n for (let i = 0; i < args.length; i++) {\n const arg = args[i]!\n if (arg === 'run')\n continue\n if (arg.startsWith('--')) {\n i++ // skip flag value\n continue\n }\n positionals.push(arg)\n }\n return positionals\n}\n\nasync function runAdapterMode(\n command: string[],\n rawArgs: string[],\n args: Record<string, unknown>,\n) {\n const idp = getIdpUrl(args.idp as string | undefined)\n if (!idp)\n throw new Error('No IdP URL configured. Run `apes login` first or pass --idp.')\n\n const adapterOpt = extractOption(rawArgs, 'adapter')\n const loaded = loadAdapter(command[0]!, adapterOpt)\n const resolved = await resolveCommand(loaded, command)\n const approval = (args.approval ?? 'once') as 'once' | 'timed' | 'always'\n\n // Try reusing an existing timed/always grant (findExistingGrant skips once grants)\n try {\n const existingGrantId = await findExistingGrant(resolved, idp)\n if (existingGrantId) {\n consola.info(`Reusing existing grant: ${existingGrantId}`)\n const token = await fetchGrantToken(idp, existingGrantId)\n await verifyAndExecute(token, resolved)\n return\n }\n }\n catch {\n // Fall through to creating a new grant\n }\n\n const grant = await createShapesGrant(resolved, {\n idp,\n approval,\n ...(args.reason ? { reason: args.reason as string } : {}),\n })\n\n consola.info(`Grant requested: ${grant.id}`)\n consola.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`)\n\n if (grant.similar_grants?.similar_grants?.length) {\n const n = grant.similar_grants.similar_grants.length\n consola.info('')\n consola.info(` Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`)\n if (grant.similar_grants.widened_details?.length) {\n const wider = grant.similar_grants.widened_details.map(d => d.permission).join(', ')\n consola.info(` Broader scope: ${wider}`)\n }\n consola.info('')\n }\n\n const status = await waitForGrantStatus(idp, grant.id)\n if (status !== 'approved')\n throw new Error(`Grant ${status}`)\n\n const token = await fetchGrantToken(idp, grant.id)\n await verifyAndExecute(token, resolved)\n}\n\nasync function runAudienceMode(\n audience: string,\n action: string,\n args: Record<string, unknown>,\n) {\n const auth = loadAuth()\n if (!auth) {\n consola.error('Not logged in. Run `apes login` first.')\n return process.exit(1)\n }\n\n const idp = getIdpUrl(args.idp as string | undefined)!\n const grantsUrl = await getGrantsEndpoint(idp)\n const command = action.split(' ')\n const targetHost = (args.host as string) || hostname()\n\n // Step 1: Request grant\n consola.info(`Requesting ${audience} grant on ${targetHost}: ${command.join(' ')}`)\n const grant = await apiFetch<{ id: string, status: string }>(grantsUrl, {\n method: 'POST',\n body: {\n requester: auth.email,\n target_host: targetHost,\n audience,\n grant_type: args.approval,\n command,\n reason: (args.reason as string) || command.join(' '),\n ...(args.as ? { run_as: args.as } : {}),\n },\n })\n consola.success(`Grant requested: ${grant.id}`)\n\n // Step 2: Wait for approval\n consola.info('Waiting for approval...')\n const maxWait = 300_000\n const interval = 3_000\n const start = Date.now()\n\n while (Date.now() - start < maxWait) {\n const status = await apiFetch<{ status: string }>(`${grantsUrl}/${grant.id}`)\n if (status.status === 'approved') {\n consola.success('Grant approved!')\n break\n }\n if (status.status === 'denied' || status.status === 'revoked') {\n consola.error(`Grant ${status.status}.`)\n return process.exit(1)\n }\n await new Promise(r => setTimeout(r, interval))\n }\n\n // Step 3: Get grant token\n consola.info('Fetching grant token...')\n const { authz_jwt } = await apiFetch<{ authz_jwt: string }>(`${grantsUrl}/${grant.id}/token`, {\n method: 'POST',\n })\n\n // Step 4: Execute or output token\n if (audience === 'escapes') {\n consola.info(`Executing: ${command.join(' ')}`)\n try {\n execFileSync((args['escapes-path'] as string) || 'escapes', ['--grant', authz_jwt, '--', ...command], {\n stdio: 'inherit',\n })\n }\n catch (err: unknown) {\n const exitCode = (err as { status?: number }).status || 1\n process.exit(exitCode)\n }\n }\n else {\n process.stdout.write(authz_jwt)\n }\n}\n","import { defineCommand } from 'citty'\nimport { extractOption, extractWrappedCommand, loadAdapter, resolveCommand } from '@openape/shapes'\n\nexport const explainCommand = defineCommand({\n meta: {\n name: 'explain',\n description: 'Show what permission a command would need',\n },\n args: {\n adapter: {\n type: 'string',\n description: 'Explicit path to adapter TOML file',\n },\n _: {\n type: 'positional',\n description: 'Wrapped command (after --)',\n required: false,\n },\n },\n async run({ rawArgs }) {\n const command = extractWrappedCommand(rawArgs ?? [])\n if (command.length === 0)\n throw new Error('Missing wrapped command. Usage: apes explain [--adapter <file>] -- <cli> ...')\n\n const adapterOpt = extractOption(rawArgs ?? [], 'adapter')\n const loaded = loadAdapter(command[0]!, adapterOpt)\n const resolved = await resolveCommand(loaded, command)\n\n process.stdout.write(`${JSON.stringify({\n adapter: resolved.adapter.cli.id,\n source: resolved.source,\n operation: resolved.detail.operation_id,\n display: resolved.detail.display,\n permission: resolved.permission,\n resource_chain: resolved.detail.resource_chain,\n exact_command: resolved.detail.constraints?.exact_command ?? false,\n adapter_digest: resolved.digest,\n }, null, 2)}\\n`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getIdpUrl, loadAuth, loadConfig } from '../../config'\n\nexport const configGetCommand = defineCommand({\n meta: {\n name: 'get',\n description: 'Get a configuration value',\n },\n args: {\n key: {\n type: 'positional',\n description: 'Config key: idp, email, defaults.idp, defaults.approval, agent.key, agent.email',\n required: true,\n },\n },\n run({ args }) {\n const key = args.key\n\n switch (key) {\n case 'idp': {\n const idp = getIdpUrl()\n if (idp)\n console.log(idp)\n else\n consola.info('No IdP configured.')\n break\n }\n case 'email': {\n const auth = loadAuth()\n if (auth?.email)\n console.log(auth.email)\n else\n consola.info('Not logged in.')\n break\n }\n default: {\n // Dot-notation: defaults.idp, defaults.approval, agent.key, agent.email\n const config = loadConfig()\n const parts = key.split('.')\n if (parts.length === 2) {\n const section = parts[0] as keyof typeof config\n const field = parts[1]!\n const sectionObj = config[section] as Record<string, string> | undefined\n if (sectionObj && field in sectionObj) {\n console.log(sectionObj[field])\n }\n else {\n consola.info(`Key \"${key}\" not set.`)\n }\n }\n else {\n consola.error(`Unknown key: \"${key}\". Use: idp, email, defaults.idp, defaults.approval, agent.key, agent.email`)\n process.exit(1)\n }\n }\n }\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { loadConfig, saveConfig } from '../../config'\n\nexport const configSetCommand = defineCommand({\n meta: {\n name: 'set',\n description: 'Set a configuration value',\n },\n args: {\n key: {\n type: 'positional',\n description: 'Config key: defaults.idp, defaults.approval, agent.key, agent.email',\n required: true,\n },\n value: {\n type: 'positional',\n description: 'Value to set',\n required: true,\n },\n },\n run({ args }) {\n const key = args.key\n const value = args.value\n const config = loadConfig()\n\n const parts = key.split('.')\n if (parts.length !== 2) {\n consola.error(`Invalid key: \"${key}\". Use: defaults.idp, defaults.approval, agent.key, agent.email`)\n return process.exit(1)\n }\n\n const [section, field] = parts as [string, string]\n\n if (section === 'defaults') {\n config.defaults = config.defaults || {}\n ;(config.defaults as Record<string, string>)[field] = value\n }\n else if (section === 'agent') {\n config.agent = config.agent || {}\n ;(config.agent as Record<string, string>)[field] = value\n }\n else {\n consola.error(`Unknown section: \"${section}\". Use: defaults, agent`)\n return process.exit(1)\n }\n\n saveConfig(config)\n consola.success(`Set ${key} = ${value}`)\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { getAuthToken } from '../../config'\n\nasync function doRequest(method: string, url: string, body: string | undefined, contentType: string, raw: boolean, showHeaders: boolean) {\n const token = getAuthToken()\n if (!token) {\n consola.error('Not authenticated. Run `apes login` first.')\n return process.exit(1)\n }\n\n const response = await fetch(url, {\n method,\n headers: {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': contentType,\n },\n body: body || undefined,\n })\n\n if (showHeaders) {\n console.log(`HTTP ${response.status} ${response.statusText}`)\n for (const [key, value] of response.headers.entries()) {\n console.log(`${key}: ${value}`)\n }\n console.log()\n }\n\n const respContentType = response.headers.get('content-type') || ''\n const text = await response.text()\n\n if (raw || !respContentType.includes('json')) {\n process.stdout.write(text)\n }\n else {\n try {\n console.log(JSON.stringify(JSON.parse(text), null, 2))\n }\n catch {\n process.stdout.write(text)\n }\n }\n\n if (!response.ok) {\n process.exit(1)\n }\n}\n\nexport const fetchCommand = defineCommand({\n meta: {\n name: 'fetch',\n description: 'Make authenticated HTTP requests',\n },\n subCommands: {\n get: defineCommand({\n meta: {\n name: 'get',\n description: 'GET request with auth token',\n },\n args: {\n url: {\n type: 'positional',\n description: 'URL to fetch',\n required: true,\n },\n raw: {\n type: 'boolean',\n description: 'Output raw response body',\n default: false,\n },\n headers: {\n type: 'boolean',\n description: 'Show response headers',\n default: false,\n },\n },\n async run({ args }) {\n await doRequest('GET', String(args.url), undefined, 'application/json', Boolean(args.raw), Boolean(args.headers))\n },\n }),\n\n post: defineCommand({\n meta: {\n name: 'post',\n description: 'POST request with auth token',\n },\n args: {\n url: {\n type: 'positional',\n description: 'URL to fetch',\n required: true,\n },\n body: {\n type: 'string',\n description: 'Request body (JSON string)',\n },\n 'content-type': {\n type: 'string',\n description: 'Content-Type header',\n default: 'application/json',\n },\n raw: {\n type: 'boolean',\n description: 'Output raw response body',\n default: false,\n },\n headers: {\n type: 'boolean',\n description: 'Show response headers',\n default: false,\n },\n },\n async run({ args }) {\n await doRequest('POST', String(args.url), args.body as string | undefined, String(args['content-type'] || 'application/json'), Boolean(args.raw), Boolean(args.headers))\n },\n }),\n },\n})\n","import { defineCommand } from 'citty'\n\nexport const mcpCommand = defineCommand({\n meta: {\n name: 'mcp',\n description: 'Start MCP server for AI agents',\n },\n args: {\n transport: {\n type: 'string',\n description: 'Transport type: stdio or sse',\n default: 'stdio',\n },\n port: {\n type: 'string',\n description: 'Port for SSE transport',\n default: '3001',\n },\n },\n async run({ args }) {\n const transport = (args.transport || 'stdio') as 'stdio' | 'sse'\n const port = Number.parseInt(String(args.port), 10)\n\n if (transport !== 'stdio' && transport !== 'sse') {\n throw new Error('Transport must be \"stdio\" or \"sse\"')\n }\n\n const { startMcpServer } = await import('./server.js')\n await startMcpServer(transport, port)\n },\n})\n","import { existsSync, copyFileSync, writeFileSync } from 'node:fs'\nimport { randomBytes } from 'node:crypto'\nimport { execFileSync } from 'node:child_process'\nimport { join } from 'node:path'\nimport { defineCommand } from 'citty'\nimport consola from 'consola'\n\nconst DEFAULT_IDP_URL = 'https://id.openape.at'\n\nasync function downloadTemplate(repo: string, targetDir: string) {\n const { downloadTemplate: gigetDownload } = await import('giget')\n await gigetDownload(`gh:${repo}`, { dir: targetDir, force: false })\n}\n\nfunction installDeps(dir: string) {\n const hasLockFile = (name: string) => existsSync(join(dir, name))\n\n if (hasLockFile('pnpm-lock.yaml')) {\n execFileSync('pnpm', ['install'], { cwd: dir, stdio: 'inherit' })\n }\n else if (hasLockFile('bun.lockb')) {\n execFileSync('bun', ['install'], { cwd: dir, stdio: 'inherit' })\n }\n else {\n execFileSync('npm', ['install'], { cwd: dir, stdio: 'inherit' })\n }\n}\n\nasync function promptChoice(message: string, choices: string[]): Promise<string> {\n const result = await consola.prompt(message, { type: 'select', options: choices })\n if (typeof result === 'symbol') {\n process.exit(0)\n }\n return result as string\n}\n\nasync function promptText(message: string, defaultValue?: string): Promise<string> {\n const result = await consola.prompt(message, { type: 'text', default: defaultValue, placeholder: defaultValue })\n if (typeof result === 'symbol') {\n process.exit(0)\n }\n return (result as string) || defaultValue || ''\n}\n\nexport const initCommand = defineCommand({\n meta: {\n name: 'init',\n description: 'Scaffold a new OpenApe project',\n },\n args: {\n sp: {\n type: 'boolean',\n description: 'Create a Service Provider app',\n },\n idp: {\n type: 'boolean',\n description: 'Create an Identity Provider app',\n },\n dir: {\n type: 'positional',\n description: 'Target directory',\n required: false,\n },\n },\n async run({ args }) {\n let mode: 'sp' | 'idp'\n\n if (args.sp) {\n mode = 'sp'\n }\n else if (args.idp) {\n mode = 'idp'\n }\n else {\n const choice = await promptChoice('What do you want to set up?', [\n 'SP — Add login to my app',\n 'IdP — Run my own Identity Provider',\n ])\n mode = choice.startsWith('SP') ? 'sp' : 'idp'\n }\n\n if (mode === 'sp') {\n await initSP(args.dir)\n }\n else {\n await initIdP(args.dir)\n }\n },\n})\n\nasync function initSP(targetDir?: string) {\n const dir = targetDir || 'my-app'\n\n if (existsSync(join(dir, 'package.json'))) {\n consola.error(`Directory \"${dir}\" already contains a project.`)\n return process.exit(1)\n }\n\n consola.start('Scaffolding SP starter...')\n await downloadTemplate('openape-ai/openape-sp-starter', dir)\n consola.success('Scaffolded from openape-sp-starter')\n\n consola.start('Installing dependencies...')\n installDeps(dir)\n consola.success('Dependencies installed')\n\n // Create .env from .env.example\n const envExample = join(dir, '.env.example')\n const envFile = join(dir, '.env')\n if (existsSync(envExample) && !existsSync(envFile)) {\n copyFileSync(envExample, envFile)\n consola.success(`\\`.env\\` created (using Free IdP at ${DEFAULT_IDP_URL})`)\n }\n\n console.log('')\n consola.box([\n `cd ${dir}`,\n 'npm run dev',\n '',\n 'Then open http://localhost:3001/login',\n ].join('\\n'))\n}\n\nasync function initIdP(targetDir?: string) {\n const dir = targetDir || 'my-idp'\n\n if (existsSync(join(dir, 'package.json'))) {\n consola.error(`Directory \"${dir}\" already contains a project.`)\n return process.exit(1)\n }\n\n // Interactive questions\n const domain = await promptText('Domain for the IdP', 'localhost')\n const storage = await promptChoice('Storage backend', [\n 'memory (dev only, data lost on restart)',\n 'fs (local filesystem)',\n 's3 (S3-compatible)',\n ])\n const adminEmail = await promptText('Admin email')\n\n consola.start('Scaffolding IdP starter...')\n await downloadTemplate('openape-ai/openape-idp-starter', dir)\n consola.success('Scaffolded from openape-idp-starter')\n\n consola.start('Installing dependencies...')\n installDeps(dir)\n consola.success('Dependencies installed')\n\n // Generate secrets\n const sessionSecret = randomBytes(32).toString('hex')\n const managementToken = randomBytes(32).toString('hex')\n consola.success('Secrets generated')\n\n // Determine origin/issuer\n const isLocalhost = domain === 'localhost'\n const origin = isLocalhost ? 'http://localhost:3000' : `https://${domain}`\n\n // Write .env\n const envContent = [\n '# Generated by apes init --idp',\n '',\n `NUXT_OPENAPE_SESSION_SECRET=${sessionSecret}`,\n `NUXT_OPENAPE_ADMIN_EMAILS=${adminEmail}`,\n `NUXT_OPENAPE_MANAGEMENT_TOKEN=${managementToken}`,\n `NUXT_OPENAPE_ISSUER=${origin}`,\n `NUXT_OPENAPE_RP_NAME=My Identity Provider`,\n `NUXT_OPENAPE_RP_ID=${domain}`,\n `NUXT_OPENAPE_RP_ORIGIN=${origin}`,\n ].join('\\n')\n\n writeFileSync(join(dir, '.env'), envContent + '\\n', { mode: 0o600 })\n consola.success('.env created')\n\n console.log('')\n consola.box([\n `cd ${dir}`,\n 'npm run dev',\n '',\n 'Then open http://localhost:3000/admin',\n '',\n ...(isLocalhost\n ? []\n : [\n 'For production:',\n ` 1. DNS TXT Record: _ddisa.${domain.replace(/^id\\./, '')} → \"v=ddisa1 idp=${origin}\"`,\n ` 2. Storage: switch to ${storage.includes('s3') ? 's3' : 'fs'} in nuxt.config.ts`,\n ' 3. Deploy: vercel deploy',\n ]),\n ].join('\\n'))\n}\n","import { Buffer } from 'node:buffer'\nimport { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs'\nimport { execFile } from 'node:child_process'\nimport { generateKeyPairSync, sign } from 'node:crypto'\nimport { dirname, resolve } from 'node:path'\nimport { homedir } from 'node:os'\nimport { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { loadEd25519PrivateKey } from '../ssh-key'\nimport { getAgentChallengeEndpoint, getAgentAuthenticateEndpoint } from '../http'\nimport { saveAuth, saveConfig, loadConfig } from '../config'\n\nconst DEFAULT_IDP_URL = 'https://id.openape.at'\nconst DEFAULT_KEY_PATH = '~/.ssh/id_ed25519'\nconst POLL_INTERVAL = 3000\nconst POLL_TIMEOUT = 300_000 // 5 minutes\n\nfunction resolvePath(p: string): string {\n return resolve(p.replace(/^~/, homedir()))\n}\n\nfunction openBrowser(url: string) {\n const cmd = process.platform === 'darwin' ? 'open' : process.platform === 'win32' ? 'start' : 'xdg-open'\n execFile(cmd, [url], () => {})\n}\n\nfunction readPublicKey(keyPath: string): string {\n const pubPath = `${keyPath}.pub`\n if (existsSync(pubPath)) {\n return readFileSync(pubPath, 'utf-8').trim()\n }\n\n // Derive public key from private key\n const keyContent = readFileSync(keyPath, 'utf-8')\n const privateKey = loadEd25519PrivateKey(keyContent)\n const jwk = privateKey.export({ format: 'jwk' }) as { x: string }\n const pubBytes = Buffer.from(jwk.x, 'base64url')\n\n // Format as OpenSSH public key\n const keyTypeStr = 'ssh-ed25519'\n const keyTypeLen = Buffer.alloc(4)\n keyTypeLen.writeUInt32BE(keyTypeStr.length)\n const pubKeyLen = Buffer.alloc(4)\n pubKeyLen.writeUInt32BE(pubBytes.length)\n const blob = Buffer.concat([keyTypeLen, Buffer.from(keyTypeStr), pubKeyLen, pubBytes])\n\n return `ssh-ed25519 ${blob.toString('base64')}`\n}\n\nfunction generateAndSaveKey(keyPath: string): string {\n const resolved = resolvePath(keyPath)\n const dir = dirname(resolved)\n\n if (!existsSync(dir)) {\n mkdirSync(dir, { recursive: true })\n }\n\n // Generate Ed25519 key pair\n const { publicKey, privateKey } = generateKeyPairSync('ed25519')\n\n // Export private key in PKCS8 PEM format (universally readable)\n const privatePem = privateKey.export({ type: 'pkcs8', format: 'pem' }) as string\n writeFileSync(resolved, privatePem, { mode: 0o600 })\n\n // Export public key in OpenSSH format\n const jwk = publicKey.export({ format: 'jwk' }) as { x: string }\n const pubBytes = Buffer.from(jwk.x, 'base64url')\n const keyTypeStr = 'ssh-ed25519'\n const keyTypeLen = Buffer.alloc(4)\n keyTypeLen.writeUInt32BE(keyTypeStr.length)\n const pubKeyLen = Buffer.alloc(4)\n pubKeyLen.writeUInt32BE(pubBytes.length)\n const blob = Buffer.concat([keyTypeLen, Buffer.from(keyTypeStr), pubKeyLen, pubBytes])\n const pubKeyStr = `ssh-ed25519 ${blob.toString('base64')}`\n\n writeFileSync(`${resolved}.pub`, `${pubKeyStr}\\n`, { mode: 0o644 })\n\n return pubKeyStr\n}\n\nasync function pollForEnrollment(\n idp: string,\n agentEmail: string,\n keyPath: string,\n): Promise<{ token: string, expiresIn: number }> {\n const resolvedKey = resolvePath(keyPath)\n const keyContent = readFileSync(resolvedKey, 'utf-8')\n const privateKey = loadEd25519PrivateKey(keyContent)\n\n const challengeUrl = await getAgentChallengeEndpoint(idp)\n const authenticateUrl = await getAgentAuthenticateEndpoint(idp)\n const startTime = Date.now()\n\n while (Date.now() - startTime < POLL_TIMEOUT) {\n try {\n // Try to get a challenge — if it works, agent is enrolled\n const challengeResp = await fetch(challengeUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ agent_id: agentEmail }),\n })\n\n if (challengeResp.ok) {\n const { challenge } = await challengeResp.json() as { challenge: string }\n const signature = sign(null, Buffer.from(challenge), privateKey).toString('base64')\n\n const authResp = await fetch(authenticateUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ agent_id: agentEmail, challenge, signature }),\n })\n\n if (authResp.ok) {\n const result = await authResp.json() as { token: string, expires_in: number }\n return { token: result.token, expiresIn: result.expires_in }\n }\n }\n }\n catch {\n // Ignore network errors during polling\n }\n\n await new Promise(resolve => setTimeout(resolve, POLL_INTERVAL))\n }\n\n throw new Error('Enrollment timed out. Please check the browser and try again.')\n}\n\nexport const enrollCommand = defineCommand({\n meta: {\n name: 'enroll',\n description: 'Enroll an agent with an Identity Provider',\n },\n args: {\n idp: {\n type: 'string',\n description: `IdP URL (default: ${DEFAULT_IDP_URL})`,\n },\n name: {\n type: 'string',\n description: 'Agent name',\n },\n key: {\n type: 'string',\n description: `Path to Ed25519 key (default: ${DEFAULT_KEY_PATH})`,\n },\n },\n async run({ args }) {\n // 1. Gather inputs\n const idp = args.idp\n || await consola.prompt('IdP URL', { type: 'text', default: DEFAULT_IDP_URL, placeholder: DEFAULT_IDP_URL }).then(r => typeof r === 'symbol' ? process.exit(0) : r) as string\n || DEFAULT_IDP_URL\n\n const agentName = args.name\n || await consola.prompt('Agent name', { type: 'text', placeholder: 'deploy-bot' }).then(r => typeof r === 'symbol' ? process.exit(0) : r) as string\n\n if (!agentName) {\n consola.error('Agent name is required.')\n return process.exit(1)\n }\n\n const keyPath = args.key\n || await consola.prompt('Ed25519 key', { type: 'text', default: DEFAULT_KEY_PATH, placeholder: DEFAULT_KEY_PATH }).then(r => typeof r === 'symbol' ? process.exit(0) : r) as string\n || DEFAULT_KEY_PATH\n\n // 2. Handle key\n const resolvedKey = resolvePath(keyPath)\n let publicKey: string\n\n if (existsSync(resolvedKey)) {\n publicKey = readPublicKey(resolvedKey)\n consola.success(`Using existing key ${keyPath}`)\n }\n else {\n consola.start(`Generating Ed25519 key pair at ${keyPath}...`)\n publicKey = generateAndSaveKey(keyPath)\n consola.success(`Key pair generated at ${keyPath}`)\n }\n\n // 3. Open browser for enrollment\n const encodedKey = encodeURIComponent(publicKey)\n const enrollUrl = `${idp}/enroll?name=${encodeURIComponent(agentName)}&key=${encodedKey}`\n\n consola.info('Opening browser for enrollment...')\n consola.info(`→ ${idp}/enroll`)\n openBrowser(enrollUrl)\n\n // 4. Determine expected agent email\n // For the free IdP, the email format is: {name}+{user_local}+{user_domain}@id.openape.at\n // For custom IdPs, the format varies. We'll try common patterns.\n // The polling will try the challenge endpoint which accepts email as agent_id.\n // We need to guess the email, or poll without knowing it.\n // Best approach: ask the user to confirm the email shown in browser.\n console.log('')\n const agentEmail = await consola.prompt(\n 'Agent email (shown in browser after enrollment)',\n { type: 'text', placeholder: `agent+${agentName}@...` },\n ).then(r => typeof r === 'symbol' ? process.exit(0) : r) as string\n\n if (!agentEmail) {\n consola.error('Agent email is required to verify enrollment.')\n return process.exit(1)\n }\n\n // 5. Poll for enrollment confirmation via challenge endpoint\n consola.start('Verifying enrollment...')\n const { token, expiresIn } = await pollForEnrollment(idp, agentEmail, keyPath)\n\n // 6. Save auth + config\n saveAuth({\n idp,\n access_token: token,\n email: agentEmail,\n expires_at: Math.floor(Date.now() / 1000) + (expiresIn || 3600),\n })\n\n const config = loadConfig()\n config.defaults = { ...config.defaults, idp }\n config.agent = { key: keyPath, email: agentEmail }\n saveConfig(config)\n\n consola.success(`Agent enrolled as ${agentEmail}`)\n consola.success('Config saved to ~/.config/apes/')\n\n console.log('')\n consola.info('Verify with: apes whoami')\n },\n})\n","import { defineCommand } from 'citty'\nimport consola from 'consola'\nimport { resolveDDISA } from '@openape/core'\n\nexport const dnsCheckCommand = defineCommand({\n meta: {\n name: 'dns-check',\n description: 'Validate DDISA DNS TXT records for a domain',\n },\n args: {\n domain: {\n type: 'positional',\n description: 'Domain to check (e.g. example.com)',\n required: true,\n },\n },\n async run({ args }) {\n const domain = args.domain\n\n consola.start(`Checking _ddisa.${domain}...`)\n\n try {\n const result = await resolveDDISA(domain)\n\n if (!result) {\n consola.error(`No DDISA record found for ${domain}`)\n console.log('')\n console.log('To set up DDISA, add a DNS TXT record:')\n console.log(` _ddisa.${domain} TXT \"v=ddisa1 idp=https://id.${domain}\"`)\n return process.exit(1)\n }\n\n consola.success(`_ddisa.${domain} → ${result.idp}`)\n console.log('')\n console.log(` Version: ${result.version || 'ddisa1'}`)\n console.log(` IdP URL: ${result.idp}`)\n if (result.mode)\n console.log(` Mode: ${result.mode}`)\n if (result.priority !== undefined)\n console.log(` Priority: ${result.priority}`)\n\n // Try OIDC discovery on the IdP\n console.log('')\n consola.start(`Verifying IdP at ${result.idp}...`)\n\n const discoResp = await fetch(`${result.idp}/.well-known/openid-configuration`)\n\n if (!discoResp.ok) {\n consola.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`)\n return\n }\n\n const disco = await discoResp.json() as Record<string, unknown>\n\n consola.success(`IdP is reachable`)\n console.log(` Issuer: ${disco.issuer}`)\n console.log(` DDISA: v${disco.ddisa_version || '?'}`)\n\n if (disco.ddisa_auth_methods_supported) {\n console.log(` Auth: ${(disco.ddisa_auth_methods_supported as string[]).join(', ')}`)\n }\n\n if (disco.openape_grant_types_supported) {\n console.log(` Grants: ${(disco.openape_grant_types_supported as string[]).join(', ')}`)\n }\n }\n catch (err) {\n consola.error(`DNS check failed: ${err instanceof Error ? err.message : String(err)}`)\n return process.exit(1)\n }\n },\n})\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAOA,eAAa;AACpB,SAAS,iBAAAC,iBAAe,eAAe;;;ACDvC,SAAS,cAAc;AACvB,SAAS,gBAAgB;AACzB,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,uBAAuB,4BAA4B;AAC5D,OAAO,aAAa;AAIpB,IAAM,gBAAgB;AACtB,IAAM,YAAY;AAEX,IAAM,eAAe,cAAc;AAAA,EACxC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,SAAS,WAAW;AAC1B,UAAM,MAAM,KAAK,OAAO,QAAQ,IAAI,YAAY,QAAQ,IAAI,cAAc,OAAO,UAAU;AAE3F,QAAI,CAAC,KAAK;AACR,cAAQ,MAAM,oDAAoD;AAClE,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,QAAI,KAAK,KAAK;AACZ,YAAM,aAAa,KAAK,KAAK,KAAK,KAAK,KAAK;AAAA,IAC9C,OACK;AACH,YAAM,cAAc,GAAG;AAAA,IACzB;AAAA,EACF;AACF,CAAC;AAED,SAAS,YAAY,KAAa;AAChC,QAAM,MAAM,QAAQ,aAAa,WAAW,SAAS,QAAQ,aAAa,UAAU,UAAU;AAC9F,WAAS,KAAK,CAAC,GAAG,GAAG,MAAM;AAAA,EAAC,CAAC;AAC/B;AAEA,eAAe,cAAc,KAAa;AACxC,QAAM,eAAe,qBAAqB;AAC1C,QAAM,gBAAgB,MAAM,sBAAsB,YAAY;AAC9D,QAAM,cAAc,oBAAoB,aAAa;AAErD,QAAM,QAAQ,OAAO,WAAW;AAChC,QAAM,QAAQ,OAAO,WAAW;AAEhC,QAAM,UAAU,IAAI,IAAI,GAAG,GAAG,YAAY;AAC1C,UAAQ,aAAa,IAAI,iBAAiB,MAAM;AAChD,UAAQ,aAAa,IAAI,aAAa,SAAS;AAC/C,UAAQ,aAAa,IAAI,gBAAgB,WAAW;AACpD,UAAQ,aAAa,IAAI,kBAAkB,aAAa;AACxD,UAAQ,aAAa,IAAI,yBAAyB,MAAM;AACxD,UAAQ,aAAa,IAAI,SAAS,KAAK;AACvC,UAAQ,aAAa,IAAI,SAAS,KAAK;AACvC,UAAQ,aAAa,IAAI,SAAS,qCAAqC;AAGvE,QAAM,OAAO,MAAM,IAAI,QAAgB,CAACC,UAAS,WAAW;AAC1D,UAAM,SAAS,aAAa,CAAC,KAAK,QAAQ;AACxC,YAAM,MAAM,IAAI,IAAI,IAAI,KAAM,oBAAoB,aAAa,EAAE;AACjE,UAAI,IAAI,aAAa,aAAa;AAChC,cAAM,WAAW,IAAI,aAAa,IAAI,MAAM;AAC5C,cAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAE1C,YAAI,OAAO;AACT,cAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,cAAI,IAAI,wDAAwD;AAChE,iBAAO,MAAM;AACb,iBAAO,IAAI,MAAM,eAAe,KAAK,EAAE,CAAC;AACxC;AAAA,QACF;AAEA,YAAI,UAAU;AACZ,cAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,cAAI,IAAI,6DAA6D;AACrE,iBAAO,MAAM;AACb,UAAAA,SAAQ,QAAQ;AAChB;AAAA,QACF;AAEA,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI,cAAc;AAAA,MACxB,OACK;AACH,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AAAA,MACV;AAAA,IACF,CAAC;AAED,WAAO,OAAO,eAAe,MAAM;AACjC,cAAQ,KAAK,gCAAgC,GAAG,KAAK;AACrD,kBAAY,QAAQ,SAAS,CAAC;AAAA,IAChC,CAAC;AAGD,UAAM,UAAU,WAAW,MAAM;AAC/B,aAAO,MAAM;AACb,aAAO,IAAI,MAAM,iBAAiB,CAAC;AAAA,IACrC,GAAG,GAAO;AACV,YAAQ,MAAM;AAAA,EAChB,CAAC;AAGD,QAAM,gBAAgB,MAAM,MAAM,GAAG,GAAG,UAAU;AAAA,IAChD,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,YAAY;AAAA,MACZ;AAAA,MACA,eAAe;AAAA,MACf,cAAc;AAAA,MACd,WAAW;AAAA,IACb,CAAC;AAAA,EACH,CAAC;AAED,MAAI,CAAC,cAAc,IAAI;AACrB,UAAM,OAAO,MAAM,cAAc,KAAK;AACtC,YAAQ,MAAM,0BAA0B,IAAI,EAAE;AAC9C,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,SAAS,MAAM,cAAc,KAAK;AAQxC,QAAM,cAAc,OAAO,gBAAgB,OAAO,YAAY,OAAO;AACrE,MAAI,CAAC,aAAa;AAChB,YAAQ,MAAM,0BAA0B;AACxC,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAGA,QAAM,UAAU,KAAK,MAAM,KAAK,YAAY,MAAM,GAAG,EAAE,CAAC,CAAE,CAAC;AAE3D,WAAS;AAAA,IACP;AAAA,IACA,cAAc;AAAA,IACd,GAAI,OAAO,gBAAgB,EAAE,eAAe,OAAO,cAAc,IAAI,CAAC;AAAA,IACtE,OAAO,QAAQ,SAAS,QAAQ;AAAA,IAChC,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,cAAc;AAAA,EACpE,CAAC;AAED,UAAQ,QAAQ,gBAAgB,QAAQ,SAAS,QAAQ,GAAG,EAAE;AAChE;AAEA,eAAe,aAAa,KAAa,SAAiB,OAAgB;AACxE,QAAM,EAAE,cAAAC,cAAa,IAAI,MAAM,OAAO,IAAS;AAC/C,QAAM,EAAE,MAAAC,MAAK,IAAI,MAAM,OAAO,QAAa;AAC3C,QAAM,EAAE,uBAAAC,uBAAsB,IAAI,MAAM,OAAO,uBAAkB;AAEjE,QAAM,aAAa;AACnB,MAAI,CAAC,YAAY;AACf,YAAQ,MAAM,qEAAqE;AACnF,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAGA,QAAM,eAAe,MAAM,0BAA0B,GAAG;AACxD,QAAM,gBAAgB,MAAM,MAAM,cAAc;AAAA,IAC9C,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,WAAW,CAAC;AAAA,EAC/C,CAAC;AAED,MAAI,CAAC,cAAc,IAAI;AACrB,YAAQ,MAAM,qBAAqB,MAAM,cAAc,KAAK,CAAC,EAAE;AAC/D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,EAAE,UAAU,IAAI,MAAM,cAAc,KAAK;AAG/C,QAAM,aAAaF,cAAa,SAAS,OAAO;AAChD,QAAM,aAAaE,uBAAsB,UAAU;AACnD,QAAM,YAAYD,MAAK,MAAM,OAAO,KAAK,SAAS,GAAG,UAAU,EAAE,SAAS,QAAQ;AAGlF,QAAM,kBAAkB,MAAM,6BAA6B,GAAG;AAC9D,QAAM,WAAW,MAAM,MAAM,iBAAiB;AAAA,IAC5C,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,UAAU;AAAA,MACV;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,YAAQ,MAAM,0BAA0B,MAAM,SAAS,KAAK,CAAC,EAAE;AAC/D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,EAAE,OAAO,WAAW,IAAI,MAAM,SAAS,KAAK;AAElD,WAAS;AAAA,IACP;AAAA,IACA,cAAc;AAAA,IACd,OAAO;AAAA,IACP,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,cAAc;AAAA,EAC7D,CAAC;AAED,UAAQ,QAAQ,gBAAgB,UAAU,UAAU;AACtD;;;AC/NA,SAAS,iBAAAE,sBAAqB;AAC9B,OAAOC,cAAa;AAGb,IAAM,gBAAgBC,eAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AACJ,cAAU;AACV,IAAAC,SAAQ,QAAQ,aAAa;AAAA,EAC/B;AACF,CAAC;;;ACbD,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AAGb,IAAM,gBAAgBC,eAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AACJ,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAC,SAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,UAAU,KAAK,MAAM,SAAS,QAAQ;AAC5C,UAAM,YAAY,IAAI,KAAK,KAAK,aAAa,GAAI,EAAE,YAAY;AAC/D,UAAM,YAAY,KAAK,IAAI,IAAI,MAAO,KAAK;AAE3C,YAAQ,IAAI,UAAU,KAAK,KAAK,EAAE;AAClC,YAAQ,IAAI,UAAU,UAAU,UAAU,OAAO,EAAE;AACnD,YAAQ,IAAI,UAAU,KAAK,GAAG,EAAE;AAChC,YAAQ,IAAI,UAAU,YAAY,mBAAc,OAAO,WAAW,SAAS,GAAG;AAE9E,QAAI,WAAW;AACb,MAAAA,SAAQ,KAAK,wDAAwD;AAAA,IACvE;AAAA,EACF;AACF,CAAC;;;AC7BD,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AA0Bb,IAAM,cAAcC,eAAc;AAAA,EACvC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,QAAI,CAAC,KAAK;AACR,MAAAC,SAAQ,MAAM,8DAA8D;AAC5E,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,OAAO,SAAS;AAEtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,KAAK;AACP,aAAO,IAAI,UAAU,KAAK,MAAM;AAClC,QAAI,KAAK;AACP,aAAO,IAAI,SAAS,KAAK,KAAK;AAChC,UAAM,QAAQ,OAAO,SAAS,IAAI,IAAI,OAAO,SAAS,CAAC,KAAK;AAE5D,UAAM,WAAW,MAAM,SAA0B,GAAG,SAAS,GAAG,KAAK,EAAE;AAEvE,QAAI,SAAS,SAAS;AAGtB,QAAI,CAAC,KAAK,OAAO,MAAM,OAAO;AAC5B,eAAS,OAAO,OAAO,OAAK,EAAE,cAAc,KAAK,KAAK;AAAA,IACxD;AAEA,QAAI,KAAK,MAAM;AACb,cAAQ,IAAI,KAAK,UAAU,KAAK,MAAM,WAAW,EAAE,GAAG,UAAU,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC;AACxF;AAAA,IACF;AAEA,QAAI,OAAO,WAAW,GAAG;AACvB,MAAAA,SAAQ,KAAK,KAAK,MAAM,qBAAqB,uDAAuD;AACpG;AAAA,IACF;AAEA,eAAW,SAAS,QAAQ;AAC1B,YAAM,MAAM,MAAM,SAAS,SAAS,KAAK,GAAG,KAAK;AACjD,YAAM,OAAO,MAAM,SAAS,cAAc,MAAM;AAChD,cAAQ,IAAI,GAAG,MAAM,EAAE,KAAK,MAAM,OAAO,OAAO,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,KAAK,GAAG,EAAE;AAC/E,UAAI,MAAM,SAAS,QAAQ;AACzB,gBAAQ,IAAI,aAAa,MAAM,QAAQ,MAAM,EAAE;AAAA,MACjD;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,UAAU;AAChC,MAAAA,SAAQ,KAAK,2DAA2D;AAAA,IAC1E;AAAA,EACF;AACF,CAAC;;;ACrGD,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AA0Bb,IAAM,eAAeC,eAAc;AAAA,EACxC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,QAAI,CAAC,KAAK;AACR,MAAAC,SAAQ,MAAM,gDAAgD;AAC9D,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAA,SAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,SAAS;AAC9B,QAAI,KAAK;AACP,aAAO,IAAI,SAAS,KAAK,KAAK;AAChC,UAAM,QAAQ,IAAI,OAAO,SAAS,CAAC;AAEnC,UAAM,WAAW,MAAM,SAA0B,GAAG,SAAS,GAAG,KAAK,EAAE;AAGvE,UAAM,SAAS,SAAS,KAAK,OAAO,OAAK,EAAE,cAAc,KAAK,KAAK;AAEnE,QAAI,KAAK,MAAM;AACb,cAAQ,IAAI,KAAK,UAAU,EAAE,GAAG,UAAU,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC;AAClE;AAAA,IACF;AAEA,QAAI,OAAO,WAAW,GAAG;AACvB,MAAAA,SAAQ,KAAK,+BAA+B;AAC5C;AAAA,IACF;AAEA,IAAAA,SAAQ,KAAK,GAAG,OAAO,MAAM;AAAA,CAAgC;AAE7D,eAAW,SAAS,QAAQ;AAC1B,YAAM,MAAM,MAAM,SAAS,SAAS,KAAK,GAAG,KAAK;AACjD,YAAM,OAAO,MAAM,SAAS,cAAc,MAAM;AAChD,cAAQ,IAAI,GAAG,MAAM,EAAE,KAAK,KAAK,OAAO,CAAC,CAAC,UAAU,MAAM,SAAS,EAAE;AACrE,cAAQ,IAAI,cAAc,GAAG,EAAE;AAC/B,UAAI,MAAM,SAAS,QAAQ;AACzB,gBAAQ,IAAI,cAAc,MAAM,QAAQ,MAAM,EAAE;AAAA,MAClD;AACA,UAAI,MAAM,YAAY;AACpB,gBAAQ,IAAI,cAAc,MAAM,UAAU,EAAE;AAAA,MAC9C;AACA,cAAQ,IAAI;AAAA,IACd;AAEA,IAAAA,SAAQ,KAAK,uEAAuE;AAAA,EACtF;AACF,CAAC;;;AChGD,SAAS,iBAAAC,sBAAqB;AAsBvB,IAAM,gBAAgBC,eAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,QAAQ,MAAM,SAAsB,GAAG,SAAS,IAAI,KAAK,EAAE,EAAE;AAEnE,QAAI,KAAK,MAAM;AACb,cAAQ,IAAI,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAC1C;AAAA,IACF;AAEA,YAAQ,IAAI,cAAc,MAAM,EAAE,EAAE;AACpC,YAAQ,IAAI,cAAc,MAAM,MAAM,EAAE;AACxC,YAAQ,IAAI,cAAc,MAAM,IAAI,EAAE;AACtC,YAAQ,IAAI,cAAc,MAAM,SAAS,EAAE;AAC3C,YAAQ,IAAI,cAAc,MAAM,KAAK,EAAE;AACvC,QAAI,MAAM;AACR,cAAQ,IAAI,cAAc,MAAM,QAAQ,EAAE;AAC5C,QAAI,MAAM,SAAS;AACjB,cAAQ,IAAI,cAAc,MAAM,QAAQ,QAAQ,KAAK,GAAG,CAAC,EAAE;AAC7D,QAAI,MAAM,SAAS;AACjB,cAAQ,IAAI,cAAc,MAAM,QAAQ,UAAU,EAAE;AACtD,QAAI,MAAM,SAAS;AACjB,cAAQ,IAAI,cAAc,MAAM,QAAQ,MAAM,EAAE;AAClD,QAAI,MAAM;AACR,cAAQ,IAAI,eAAe,MAAM,UAAU,EAAE;AAC/C,QAAI,MAAM;AACR,cAAQ,IAAI,eAAe,MAAM,UAAU,EAAE;AAC/C,QAAI,MAAM;AACR,cAAQ,IAAI,cAAc,MAAM,UAAU,EAAE;AAAA,EAChD;AACF,CAAC;;;ACrED,SAAS,gBAAgB;AACzB,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AAKb,IAAM,iBAAiBC,eAAc;AAAA,EAC1C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,SAAS;AAAA,MACP,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAC,SAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,UAAU,KAAK,QAAQ,MAAM,GAAG;AACtC,UAAM,aAAa,KAAK,QAAQ,SAAS;AAEzC,UAAM,WAAW,KAAK,WAAW,cAAc,KAAK,QAAQ,IAAI;AAEhE,UAAM,QAAQ,MAAM,SAAyC,WAAW;AAAA,MACtE,QAAQ;AAAA,MACR,MAAM;AAAA,QACJ,WAAW,KAAK;AAAA,QAChB,aAAa;AAAA,QACb,UAAU,KAAK;AAAA,QACf,YAAY,KAAK;AAAA,QACjB;AAAA,QACA,QAAQ,KAAK,UAAU,QAAQ,KAAK,GAAG;AAAA,QACvC,GAAI,YAAY,OAAO,EAAE,SAAS,IAAI,CAAC;AAAA,QACvC,GAAI,KAAK,QAAQ,IAAI,EAAE,QAAQ,KAAK,QAAQ,EAAE,IAAI,CAAC;AAAA,MACrD;AAAA,IACF,CAAC;AAED,IAAAA,SAAQ,QAAQ,oBAAoB,MAAM,EAAE,aAAa,MAAM,MAAM,GAAG;AAExE,QAAI,KAAK,MAAM;AACb,MAAAA,SAAQ,KAAK,yBAAyB;AACtC,YAAM,gBAAgB,WAAW,MAAM,EAAE;AAAA,IAC3C;AAAA,EACF;AACF,CAAC;AAED,eAAe,gBAAgB,WAAmB,SAAgC;AAChF,QAAM,UAAU;AAChB,QAAM,WAAW;AACjB,QAAM,QAAQ,KAAK,IAAI;AAEvB,SAAO,KAAK,IAAI,IAAI,QAAQ,SAAS;AACnC,UAAM,QAAQ,MAAM,SAA6B,GAAG,SAAS,IAAI,OAAO,EAAE;AAE1E,QAAI,MAAM,WAAW,YAAY;AAC/B,MAAAA,SAAQ,QAAQ,iBAAiB;AACjC;AAAA,IACF;AACA,QAAI,MAAM,WAAW,UAAU;AAC7B,MAAAA,SAAQ,MAAM,eAAe;AAC7B,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AACA,QAAI,MAAM,WAAW,WAAW;AAC9B,MAAAA,SAAQ,MAAM,gBAAgB;AAC9B,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,IAAI,QAAQ,OAAK,WAAW,GAAG,QAAQ,CAAC;AAAA,EAChD;AAEA,EAAAA,SAAQ,MAAM,iCAAiC;AAC/C,SAAO,QAAQ,KAAK,CAAC;AACvB;;;ACjHA,SAAS,YAAAC,iBAAgB;AACzB,SAAS,gCAAgC,aAAa,gCAAgC;AACtF,SAAS,iBAAAC,sBAAqB;AAC9B,OAAOC,cAAa;AAKpB,SAAS,oBAAoB,SAY3B;AACA,QAAM,SAAS,CAAC,GAAG,OAAO;AAC1B,MAAI,OAAO,CAAC,MAAM,sBAAsB;AACtC,WAAO,MAAM;AAAA,EACf;AAEA,QAAM,QAAQ,OAAO,MAAM;AAC3B,MAAI,CAAC,SAAS,MAAM,WAAW,GAAG,GAAG;AACnC,UAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AAEA,QAAM,YAAsB,CAAC;AAC7B,QAAM,YAAsB,CAAC;AAC7B,QAAM,UAAoB,CAAC;AAC3B,MAAI;AACJ,MAAI;AACJ,MAAI,WAAwC;AAC5C,MAAI;AACJ,MAAI;AACJ,MAAI;AACJ,MAAI,OAAO;AAEX,WAAS,QAAQ,GAAG,QAAQ,OAAO,QAAQ,SAAS,GAAG;AACrD,UAAM,QAAQ,OAAO,KAAK;AAC1B,UAAM,OAAO,OAAO,QAAQ,CAAC;AAC7B,YAAQ,OAAO;AAAA,MACb,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,8BAA8B;AAChD,kBAAU,KAAK,IAAI;AACnB,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,8BAA8B;AAChD,kBAAU,KAAK,IAAI;AACnB,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,4BAA4B;AAC9C,gBAAQ,KAAK,IAAI;AACjB,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,6BAA6B;AAC/C,kBAAU;AACV,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,yBAAyB;AAC3C,cAAM;AACN,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC,QAAQ,CAAC,CAAC,QAAQ,SAAS,QAAQ,EAAE,SAAS,IAAI,GAAG;AACxD,gBAAM,IAAI,MAAM,8CAA8C;AAAA,QAChE;AACA,mBAAW;AACX,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,4BAA4B;AAC9C,iBAAS;AACT,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,8BAA8B;AAChD,mBAAW,cAAc,IAAI;AAC7B,iBAAS;AACT;AAAA,MACF,KAAK;AACH,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,4BAA4B;AAC9C,gBAAQ;AACR,iBAAS;AACT;AAAA,MACF,KAAK;AACH,eAAO;AACP;AAAA,MACF;AACE,cAAM,IAAI,MAAM,qBAAqB,KAAK,EAAE;AAAA,IAChD;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAeC,iBAAgB,WAAmB,SAAgC;AAChF,QAAM,UAAU;AAChB,QAAM,WAAW;AACjB,QAAM,QAAQ,KAAK,IAAI;AAEvB,SAAO,KAAK,IAAI,IAAI,QAAQ,SAAS;AACnC,UAAM,QAAQ,MAAM,SAA6B,GAAG,SAAS,IAAI,OAAO,EAAE;AAC1E,QAAI,MAAM,WAAW,YAAY;AAC/B,MAAAC,SAAQ,QAAQ,iBAAiB;AACjC;AAAA,IACF;AACA,QAAI,MAAM,WAAW,UAAU;AAC7B,MAAAA,SAAQ,MAAM,eAAe;AAC7B,cAAQ,KAAK,CAAC;AAAA,IAChB;AACA,QAAI,MAAM,WAAW,WAAW;AAC9B,MAAAA,SAAQ,MAAM,gBAAgB;AAC9B,cAAQ,KAAK,CAAC;AAAA,IAChB;AACA,UAAM,IAAI,QAAQ,CAAAC,aAAW,WAAWA,UAAS,QAAQ,CAAC;AAAA,EAC5D;AAEA,EAAAD,SAAQ,MAAM,iCAAiC;AAC/C,UAAQ,KAAK,CAAC;AAChB;AAEO,IAAM,2BAA2BE,eAAc;AAAA,EACpD,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,SAAS;AAAA,MACP,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,WAAW;AAAA,MACT,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,QAAQ,GAAG;AACrB,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAF,SAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,SAAS,oBAAoB,OAAO;AAC1C,UAAM,MAAM,UAAU,OAAO,GAAG;AAChC,QAAI,CAAC,KAAK;AACR,MAAAA,SAAQ,MAAM,mDAAmD;AACjE,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,SAAS,YAAY,OAAO,OAAO,OAAO,OAAO;AACvD,UAAM,WAAW,yBAAyB,QAAQ;AAAA,MAChD,WAAW,OAAO;AAAA,MAClB,WAAW,OAAO;AAAA,MAClB,SAAS,OAAO;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,QAAQ,IAAI,MAAM,+BAA+B,UAAU;AAAA,MACjE,WAAW,KAAK;AAAA,MAChB,aAAaG,UAAS;AAAA,MACtB,YAAY,OAAO;AAAA,MACnB,GAAI,OAAO,SAAS,EAAE,QAAQ,OAAO,OAAO,IAAI,CAAC;AAAA,IACnD,CAAC;AAED,QAAI,OAAO,YAAY,MAAM;AAC3B,cAAQ,WAAW,OAAO;AAAA,IAC5B;AACA,QAAI,OAAO,OAAO;AAChB,cAAQ,SAAS,OAAO;AAAA,IAC1B;AAEA,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,QAAQ,MAAM,SAAyC,WAAW;AAAA,MACtE,QAAQ;AAAA,MACR;AAAA,MACA,MAAM;AAAA,IACR,CAAC;AAED,IAAAH,SAAQ,QAAQ,oBAAoB,MAAM,EAAE,aAAa,MAAM,MAAM,GAAG;AAExE,QAAI,OAAO,MAAM;AACf,MAAAA,SAAQ,KAAK,yBAAyB;AACtC,YAAMD,iBAAgB,WAAW,MAAM,EAAE;AAAA,IAC3C;AAAA,EACF;AACF,CAAC;;;AC7PD,SAAS,iBAAAK,sBAAqB;AAC9B,OAAOC,cAAa;AAIb,IAAM,iBAAiBC,eAAc;AAAA,EAC1C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,GAAG,SAAS,IAAI,KAAK,EAAE,YAAY;AAAA,MAChD,QAAQ;AAAA,IACV,CAAC;AACD,IAAAC,SAAQ,QAAQ,SAAS,KAAK,EAAE,YAAY;AAAA,EAC9C;AACF,CAAC;;;ACzBD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,cAAa;AAIb,IAAM,cAAcC,gBAAc;AAAA,EACvC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,GAAG,SAAS,IAAI,KAAK,EAAE,SAAS;AAAA,MAC7C,QAAQ;AAAA,IACV,CAAC;AACD,IAAAC,SAAQ,QAAQ,SAAS,KAAK,EAAE,UAAU;AAAA,EAC5C;AACF,CAAC;;;ACzBD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAuBb,IAAM,gBAAgBC,gBAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAE7C,UAAM,cAAc,KAAK,KACrB,CAAC,OAAO,KAAK,EAAE,GAAG,GAAG,KAAK,CAAC,EAAE,OAAO,OAAO,IAC3C,CAAC;AAEL,QAAI,KAAK,cAAc,YAAY,SAAS,GAAG;AAC7C,MAAAC,UAAQ,MAAM,kDAAkD;AAChE,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,QAAI;AAEJ,QAAI,KAAK,YAAY;AACnB,YAAM,OAAO,SAAS;AACtB,YAAM,WAAW,MAAM;AAAA,QACrB,GAAG,SAAS;AAAA,MACd;AACA,YAAM,aAAa,MAAM,QACrB,SAAS,KAAK,OAAO,OAAK,EAAE,cAAc,KAAK,KAAK,IACpD,SAAS;AACb,UAAI,WAAW,WAAW,GAAG;AAC3B,QAAAA,UAAQ,KAAK,8BAA8B;AAC3C;AAAA,MACF;AACA,YAAM,WAAW,IAAI,OAAK,EAAE,EAAE;AAC9B,MAAAA,UAAQ,KAAK,SAAS,IAAI,MAAM,8BAA8B;AAAA,IAChE,WACS,YAAY,SAAS,GAAG;AAC/B,YAAM;AAAA,IACR,OACK;AACH,MAAAA,UAAQ,MAAM,2CAA2C;AACzD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAGA,QAAI,IAAI,WAAW,GAAG;AACpB,YAAM,SAAS,GAAG,SAAS,IAAI,IAAI,CAAC,CAAC,WAAW,EAAE,QAAQ,OAAO,CAAC;AAClE,MAAAA,UAAQ,QAAQ,SAAS,IAAI,CAAC,CAAC,WAAW;AAC1C;AAAA,IACF;AAGA,UAAM,aAAa,IAAI,IAAI,SAAO,EAAE,IAAI,QAAQ,SAAkB,EAAE;AACpE,UAAM,EAAE,QAAQ,IAAI,MAAM;AAAA,MACxB,GAAG,SAAS;AAAA,MACZ,EAAE,QAAQ,QAAQ,MAAM,EAAE,WAAW,EAAE;AAAA,IACzC;AAEA,QAAI,YAAY;AAChB,eAAW,KAAK,SAAS;AACvB,UAAI,EAAE,SAAS;AACb,QAAAA,UAAQ,QAAQ,SAAS,EAAE,EAAE,WAAW;AACxC;AAAA,MACF,OACK;AACH,QAAAA,UAAQ,MAAM,SAAS,EAAE,EAAE,KAAK,EAAE,OAAO,SAAS,QAAQ,EAAE;AAAA,MAC9D;AAAA,IACF;AAEA,QAAI,YAAY,QAAQ,QAAQ;AAC9B,MAAAA,UAAQ,KAAK,WAAW,SAAS,OAAO,QAAQ,MAAM,UAAU;AAChE,cAAQ,KAAK,CAAC;AAAA,IAChB,OACK;AACH,MAAAA,UAAQ,QAAQ,OAAO,SAAS,kBAAkB;AAAA,IACpD;AAAA,EACF;AACF,CAAC;;;AChHD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAIb,IAAM,eAAeC,gBAAc;AAAA,EACxC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,UAAM,SAAS,MAAM,SAAgC,GAAG,SAAS,IAAI,KAAK,EAAE,UAAU;AAAA,MACpF,QAAQ;AAAA,IACV,CAAC;AAED,QAAI,CAAC,OAAO,WAAW;AACrB,MAAAC,UAAQ,MAAM,+CAA+C;AAC7D,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAGA,YAAQ,OAAO,MAAM,OAAO,SAAS;AAAA,EACvC;AACF,CAAC;;;AChCD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAIb,IAAM,kBAAkBC,gBAAc;AAAA,EAC3C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,OAAO,SAAS;AACtB,QAAI,CAAC,MAAM;AACT,MAAAC,UAAQ,MAAM,wCAAwC;AACtD,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,MAAM,UAAU;AACtB,UAAM,iBAAiB,MAAM,uBAAuB,GAAG;AAEvD,UAAM,OAAgC;AAAA,MACpC,UAAU,KAAK;AAAA,MACf,UAAU,KAAK;AAAA,MACf,UAAU,KAAK;AAAA,IACjB;AAEA,QAAI,KAAK,QAAQ;AACf,WAAK,SAAS,KAAK,OAAO,MAAM,GAAG,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AAAA,IACxD;AAEA,QAAI,KAAK,SAAS;AAChB,WAAK,aAAa,KAAK;AAAA,IACzB;AAEA,UAAM,SAAS,MAAM,SAAyB,gBAAgB;AAAA,MAC5D,QAAQ;AAAA,MACR;AAAA,IACF,CAAC;AAED,IAAAA,UAAQ,QAAQ,uBAAuB,OAAO,EAAE,EAAE;AAClD,YAAQ,IAAI,eAAe,KAAK,EAAE,EAAE;AACpC,YAAQ,IAAI,eAAe,KAAK,EAAE,EAAE;AACpC,QAAI,KAAK;AACP,cAAQ,IAAI,eAAe,KAAK,MAAM,EAAE;AAC1C,YAAQ,IAAI,eAAe,KAAK,QAAQ,EAAE;AAC1C,QAAI,KAAK;AACP,cAAQ,IAAI,eAAe,KAAK,OAAO,EAAE;AAAA,EAC7C;AACF,CAAC;;;ACzED,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAeb,IAAM,qBAAqBC,gBAAc;AAAA,EAC9C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,MAAM,UAAU;AACtB,UAAM,iBAAiB,MAAM,uBAAuB,GAAG;AACvD,UAAM,cAAc,MAAM,SAAuB,cAAc;AAE/D,QAAI,KAAK,MAAM;AACb,cAAQ,IAAI,KAAK,UAAU,aAAa,MAAM,CAAC,CAAC;AAChD;AAAA,IACF;AAEA,QAAI,YAAY,WAAW,GAAG;AAC5B,MAAAC,UAAQ,KAAK,uBAAuB;AACpC;AAAA,IACF;AAEA,eAAW,KAAK,aAAa;AAC3B,YAAM,SAAS,EAAE,QAAQ,KAAK,IAAI,KAAK;AACvC,YAAM,UAAU,EAAE,aAAa,YAAY,EAAE,UAAU,KAAK;AAC5D,cAAQ,IAAI,GAAG,EAAE,EAAE,KAAK,EAAE,SAAS,WAAM,EAAE,QAAQ,QAAQ,EAAE,QAAQ,MAAM,MAAM,IAAI,OAAO,EAAE;AAAA,IAChG;AAAA,EACF;AACF,CAAC;;;ACjDD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AACpB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAAC;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEA,IAAM,iBAAiBF,gBAAc;AAAA,EAC1C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,MAAMA,gBAAc;AAAA,MAClB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,QAAQ;AAAA,UACN,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,MAAM;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,eAAe,QAAQ,KAAK,OAAO;AACzC,YAAI,KAAK,QAAQ;AACf,gBAAMG,SAAQ,MAAM,cAAc,YAAY;AAC9C,cAAI,KAAK,MAAM;AACb,oBAAQ,OAAO,MAAM,GAAG,KAAK,UAAUA,OAAM,UAAU,MAAM,CAAC,CAAC;AAAA,CAAI;AACnE;AAAA,UACF;AACA,UAAAF,UAAQ,KAAK,aAAaE,OAAM,SAAS,MAAM,cAAcA,OAAM,YAAY,GAAG;AAClF,qBAAW,KAAKA,OAAM,UAAU;AAC9B,kBAAM,YAAY,YAAY,EAAE,IAAI,KAAK,IAAI,iBAAiB;AAC9D,oBAAQ,IAAI,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC,IAAI,EAAE,QAAQ,GAAG,SAAS,EAAE;AAAA,UACnF;AACA;AAAA,QACF;AAEA,cAAM,QAAQ,MAAM,cAAc,YAAY;AAC9C,cAAM,QAA0D,CAAC;AACjE,mBAAW,KAAK,MAAM,UAAU;AAC9B,cAAI;AACF,kBAAM,SAASD,aAAY,EAAE,EAAE;AAC/B,kBAAM,KAAK,EAAE,IAAI,EAAE,IAAI,QAAQ,OAAO,QAAQ,QAAQ,OAAO,OAAO,CAAC;AAAA,UACvE,QACM;AAAA,UAEN;AAAA,QACF;AAEA,YAAI,KAAK,MAAM;AACb,kBAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,CAAI;AAC1D;AAAA,QACF;AAEA,YAAI,MAAM,WAAW,GAAG;AACtB,UAAAD,UAAQ,KAAK,oFAAoF;AACjG;AAAA,QACF;AAEA,mBAAW,KAAK,OAAO;AACrB,kBAAQ,IAAI,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE;AAAA,QAChD;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,SAASD,gBAAc;AAAA,MACrB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,OAAO;AAAA,UACL,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,MAAM,CAAC,OAAO,KAAK,EAAE,GAAG,GAAG,KAAK,CAAC,EAAE,OAAO,OAAO;AACvD,cAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AAEvD,mBAAW,MAAM,KAAK;AACpB,gBAAM,QAAQ,YAAY,OAAO,EAAE;AACnC,cAAI,CAAC,OAAO;AACV,YAAAC,UAAQ,MAAM,YAAY,EAAE,sDAAsD,EAAE,eAAe;AACnG;AAAA,UACF;AAEA,gBAAM,YAAY,wBAAwB,MAAM,YAAY,EAAE;AAC9D,cAAI,UAAU,SAAS,GAAG;AACxB,uBAAW,KAAK,WAAW;AACzB,cAAAA,UAAQ,KAAK,8BAA8B,EAAE,IAAI,SAAS,EAAE,SAAS,iBAAiB,EAAE,UAAU,GAAG;AACrG,cAAAA,UAAQ,KAAK,yCAAyC,EAAE,SAAS,EAAE;AAAA,YACrE;AAAA,UACF;AAEA,gBAAM,SAAS,MAAM,eAAe,OAAO,EAAE,MAAM,CAAC;AACpD,gBAAM,OAAO,OAAO,UAAU,YAAY;AAC1C,UAAAA,UAAQ,QAAQ,GAAG,IAAI,IAAI,OAAO,EAAE,WAAM,OAAO,IAAI,EAAE;AACvD,UAAAA,UAAQ,KAAK,WAAW,OAAO,MAAM,EAAE;AAAA,QACzC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,QAAQD,gBAAc;AAAA,MACpB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,OAAO;AAAA,UACL,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,MAAM,CAAC,OAAO,KAAK,EAAE,GAAG,GAAG,KAAK,CAAC,EAAE,OAAO,OAAO;AACvD,cAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,YAAI,SAAS;AAEb,mBAAW,MAAM,KAAK;AACpB,cAAI,cAAc,IAAI,KAAK,GAAG;AAC5B,YAAAC,UAAQ,QAAQ,oBAAoB,EAAE,EAAE;AAAA,UAC1C,OACK;AACH,YAAAA,UAAQ,MAAM,YAAY,EAAE,qBAAqB,QAAQ,aAAa,EAAE,EAAE;AAC1E,qBAAS;AAAA,UACX;AAAA,QACF;AAEA,YAAI;AACF,kBAAQ,KAAK,CAAC;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,IAED,MAAMD,gBAAc;AAAA,MAClB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,KAAK,OAAO,KAAK,EAAE;AACzB,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AACvD,cAAM,QAAQ,YAAY,OAAO,EAAE;AACnC,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,YAAY,EAAE,yBAAyB;AAEzD,gBAAQ,IAAI,gBAAgB,MAAM,EAAE,EAAE;AACtC,gBAAQ,IAAI,gBAAgB,MAAM,IAAI,EAAE;AACxC,gBAAQ,IAAI,gBAAgB,MAAM,WAAW,EAAE;AAC/C,gBAAQ,IAAI,gBAAgB,MAAM,QAAQ,EAAE;AAC5C,gBAAQ,IAAI,gBAAgB,MAAM,KAAK,KAAK,IAAI,CAAC,EAAE;AACnD,gBAAQ,IAAI,gBAAgB,MAAM,MAAM,EAAE;AAC1C,gBAAQ,IAAI,gBAAgB,MAAM,UAAU,EAAE;AAC9C,gBAAQ,IAAI,gBAAgB,MAAM,MAAM,EAAE;AAC1C,gBAAQ,IAAI,gBAAgB,MAAM,kBAAkB,EAAE;AACtD,gBAAQ,IAAI,gBAAgB,MAAM,YAAY,EAAE;AAEhD,cAAM,cAAc,mBAAmB,IAAI,KAAK;AAChD,YAAI,aAAa;AACf,gBAAM,WAAW,gBAAgB,MAAM;AACvC,kBAAQ,IAAI,mBAAmB,WAAW,kBAAkB,qBAAqB,EAAE;AAAA,QACrF,OACK;AACH,kBAAQ,IAAI,iBAAiB;AAAA,QAC/B;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,QAAQA,gBAAc;AAAA,MACpB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,OAAO;AAAA,UACL,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,MAAM;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,QAAQ,OAAO,KAAK,KAAK;AAC/B,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AACvD,cAAM,UAAU,eAAe,OAAO,KAAK;AAE3C,YAAI,KAAK,MAAM;AACb,kBAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAAA,CAAI;AAC5D;AAAA,QACF;AAEA,YAAI,QAAQ,WAAW,GAAG;AACxB,UAAAC,UAAQ,KAAK,yBAAyB,KAAK,GAAG;AAC9C;AAAA,QACF;AAEA,mBAAW,KAAK,SAAS;AACvB,kBAAQ,IAAI,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE;AACrE,kBAAQ,IAAI,OAAO,EAAE,WAAW,EAAE;AAAA,QACpC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,QAAQD,gBAAc;AAAA,MACpB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,QACA,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AACvD,cAAM,WAAW,KAAK,KAAK,OAAO,KAAK,EAAE,IAAI;AAC7C,cAAM,UAAU,WACZ,CAAC,QAAQ,IACT,MAAM,SAAS,IAAI,OAAK,EAAE,EAAE,EAAE,OAAO,QAAM,YAAY,IAAI,KAAK,CAAC;AAErE,YAAI,QAAQ,WAAW,GAAG;AACxB,UAAAC,UAAQ,KAAK,kCAAkC;AAC/C;AAAA,QACF;AAEA,mBAAW,MAAM,SAAS;AACxB,gBAAM,QAAQ,YAAY,OAAO,EAAE;AACnC,cAAI,CAAC,OAAO;AACV,YAAAA,UAAQ,KAAK,GAAG,EAAE,mCAAmC;AACrD;AAAA,UACF;AAEA,gBAAM,cAAc,mBAAmB,IAAI,KAAK;AAChD,cAAI,gBAAgB,MAAM,QAAQ;AAChC,YAAAA,UAAQ,KAAK,GAAG,EAAE,sBAAsB;AACxC;AAAA,UACF;AAEA,cAAI,eAAe,CAAC,KAAK,KAAK;AAC5B,YAAAA,UAAQ,KAAK,GAAG,EAAE,kFAA6E;AAC/F,YAAAA,UAAQ,KAAK,UAAU,WAAW,EAAE;AACpC,YAAAA,UAAQ,KAAK,UAAU,MAAM,MAAM,EAAE;AACrC,YAAAA,UAAQ,KAAK,wBAAwB;AACrC;AAAA,UACF;AAEA,gBAAM,SAAS,MAAM,eAAe,KAAK;AACzC,UAAAA,UAAQ,QAAQ,WAAW,OAAO,EAAE,WAAM,OAAO,IAAI,EAAE;AAAA,QACzD;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IAED,QAAQD,gBAAc;AAAA,MACpB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,IAAI;AAAA,UACF,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,OAAO;AAAA,UACL,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,KAAK,OAAO,KAAK,EAAE;AACzB,cAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,cAAM,QAAQ,MAAM,cAAc,QAAQ,KAAK,OAAO,CAAC;AACvD,cAAM,QAAQ,YAAY,OAAO,EAAE;AACnC,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,YAAY,EAAE,yBAAyB;AAEzD,cAAM,cAAc,mBAAmB,IAAI,KAAK;AAChD,YAAI,CAAC;AACH,gBAAM,IAAI,MAAM,YAAY,EAAE,qBAAqB,QAAQ,aAAa,EAAE,EAAE;AAE9E,YAAI,gBAAgB,MAAM,QAAQ;AAChC,UAAAC,UAAQ,QAAQ,GAAG,EAAE,2BAA2B;AAAA,QAClD,OACK;AACH,UAAAA,UAAQ,MAAM,GAAG,EAAE,mBAAmB;AACtC,kBAAQ,IAAI,eAAe,WAAW,EAAE;AACxC,kBAAQ,IAAI,eAAe,MAAM,MAAM,EAAE;AACzC,kBAAQ,KAAK,CAAC;AAAA,QAChB;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;;;ACjXD,SAAS,oBAAoB;AAC7B,SAAS,YAAAG,iBAAgB;AACzB,SAAS,iBAAAC,uBAAqB;AAC9B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAAC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,OAAOC,eAAa;AAIb,IAAM,aAAaC,gBAAc;AAAA,EACtC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,YAAY;AAAA,MACV,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,WAAW;AAAA,MACT,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,gBAAgB;AAAA,MACd,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,SAAS,KAAK,GAAG;AAC3B,UAAM,iBAAiB,sBAAsB,WAAW,CAAC,CAAC;AAE1D,QAAI,eAAe,SAAS,GAAG;AAE7B,YAAM,eAAe,gBAAgB,WAAW,CAAC,GAAG,IAAI;AAAA,IAC1D,OACK;AAGH,YAAM,cAAc,mBAAmB,WAAW,CAAC,CAAC;AACpD,UAAI,YAAY,SAAS;AACvB,cAAM,IAAI,MAAM,sEAAsE;AACxF,YAAM,gBAAgB,YAAY,CAAC,GAAI,YAAY,CAAC,GAAI,IAAI;AAAA,IAC9D;AAAA,EACF;AACF,CAAC;AAED,SAAS,mBAAmB,SAA6B;AACvD,QAAM,cAAwB,CAAC;AAC/B,QAAM,YAAY,QAAQ,QAAQ,IAAI;AACtC,QAAM,OAAO,aAAa,IAAI,QAAQ,MAAM,GAAG,SAAS,IAAI;AAE5D,WAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AACpC,UAAM,MAAM,KAAK,CAAC;AAClB,QAAI,QAAQ;AACV;AACF,QAAI,IAAI,WAAW,IAAI,GAAG;AACxB;AACA;AAAA,IACF;AACA,gBAAY,KAAK,GAAG;AAAA,EACtB;AACA,SAAO;AACT;AAEA,eAAe,eACb,SACA,SACA,MACA;AACA,QAAM,MAAM,UAAU,KAAK,GAAyB;AACpD,MAAI,CAAC;AACH,UAAM,IAAI,MAAM,8DAA8D;AAEhF,QAAM,aAAa,cAAc,SAAS,SAAS;AACnD,QAAM,SAASC,aAAY,QAAQ,CAAC,GAAI,UAAU;AAClD,QAAM,WAAW,MAAM,eAAe,QAAQ,OAAO;AACrD,QAAM,WAAY,KAAK,YAAY;AAGnC,MAAI;AACF,UAAM,kBAAkB,MAAM,kBAAkB,UAAU,GAAG;AAC7D,QAAI,iBAAiB;AACnB,MAAAC,UAAQ,KAAK,2BAA2B,eAAe,EAAE;AACzD,YAAMC,SAAQ,MAAM,gBAAgB,KAAK,eAAe;AACxD,YAAM,iBAAiBA,QAAO,QAAQ;AACtC;AAAA,IACF;AAAA,EACF,QACM;AAAA,EAEN;AAEA,QAAM,QAAQ,MAAM,kBAAkB,UAAU;AAAA,IAC9C;AAAA,IACA;AAAA,IACA,GAAI,KAAK,SAAS,EAAE,QAAQ,KAAK,OAAiB,IAAI,CAAC;AAAA,EACzD,CAAC;AAED,EAAAD,UAAQ,KAAK,oBAAoB,MAAM,EAAE,EAAE;AAC3C,EAAAA,UAAQ,KAAK,eAAe,GAAG,4BAA4B,MAAM,EAAE,EAAE;AAErE,MAAI,MAAM,gBAAgB,gBAAgB,QAAQ;AAChD,UAAM,IAAI,MAAM,eAAe,eAAe;AAC9C,IAAAA,UAAQ,KAAK,EAAE;AACf,IAAAA,UAAQ,KAAK,6BAA6B,CAAC,sEAAsE;AACjH,QAAI,MAAM,eAAe,iBAAiB,QAAQ;AAChD,YAAM,QAAQ,MAAM,eAAe,gBAAgB,IAAI,OAAK,EAAE,UAAU,EAAE,KAAK,IAAI;AACnF,MAAAA,UAAQ,KAAK,oBAAoB,KAAK,EAAE;AAAA,IAC1C;AACA,IAAAA,UAAQ,KAAK,EAAE;AAAA,EACjB;AAEA,QAAM,SAAS,MAAM,mBAAmB,KAAK,MAAM,EAAE;AACrD,MAAI,WAAW;AACb,UAAM,IAAI,MAAM,SAAS,MAAM,EAAE;AAEnC,QAAM,QAAQ,MAAM,gBAAgB,KAAK,MAAM,EAAE;AACjD,QAAM,iBAAiB,OAAO,QAAQ;AACxC;AAEA,eAAe,gBACb,UACA,QACA,MACA;AACA,QAAM,OAAO,SAAS;AACtB,MAAI,CAAC,MAAM;AACT,IAAAA,UAAQ,MAAM,wCAAwC;AACtD,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,MAAM,UAAU,KAAK,GAAyB;AACpD,QAAM,YAAY,MAAM,kBAAkB,GAAG;AAC7C,QAAM,UAAU,OAAO,MAAM,GAAG;AAChC,QAAM,aAAc,KAAK,QAAmBE,UAAS;AAGrD,EAAAF,UAAQ,KAAK,cAAc,QAAQ,aAAa,UAAU,KAAK,QAAQ,KAAK,GAAG,CAAC,EAAE;AAClF,QAAM,QAAQ,MAAM,SAAyC,WAAW;AAAA,IACtE,QAAQ;AAAA,IACR,MAAM;AAAA,MACJ,WAAW,KAAK;AAAA,MAChB,aAAa;AAAA,MACb;AAAA,MACA,YAAY,KAAK;AAAA,MACjB;AAAA,MACA,QAAS,KAAK,UAAqB,QAAQ,KAAK,GAAG;AAAA,MACnD,GAAI,KAAK,KAAK,EAAE,QAAQ,KAAK,GAAG,IAAI,CAAC;AAAA,IACvC;AAAA,EACF,CAAC;AACD,EAAAA,UAAQ,QAAQ,oBAAoB,MAAM,EAAE,EAAE;AAG9C,EAAAA,UAAQ,KAAK,yBAAyB;AACtC,QAAM,UAAU;AAChB,QAAM,WAAW;AACjB,QAAM,QAAQ,KAAK,IAAI;AAEvB,SAAO,KAAK,IAAI,IAAI,QAAQ,SAAS;AACnC,UAAM,SAAS,MAAM,SAA6B,GAAG,SAAS,IAAI,MAAM,EAAE,EAAE;AAC5E,QAAI,OAAO,WAAW,YAAY;AAChC,MAAAA,UAAQ,QAAQ,iBAAiB;AACjC;AAAA,IACF;AACA,QAAI,OAAO,WAAW,YAAY,OAAO,WAAW,WAAW;AAC7D,MAAAA,UAAQ,MAAM,SAAS,OAAO,MAAM,GAAG;AACvC,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AACA,UAAM,IAAI,QAAQ,OAAK,WAAW,GAAG,QAAQ,CAAC;AAAA,EAChD;AAGA,EAAAA,UAAQ,KAAK,yBAAyB;AACtC,QAAM,EAAE,UAAU,IAAI,MAAM,SAAgC,GAAG,SAAS,IAAI,MAAM,EAAE,UAAU;AAAA,IAC5F,QAAQ;AAAA,EACV,CAAC;AAGD,MAAI,aAAa,WAAW;AAC1B,IAAAA,UAAQ,KAAK,cAAc,QAAQ,KAAK,GAAG,CAAC,EAAE;AAC9C,QAAI;AACF,mBAAc,KAAK,cAAc,KAAgB,WAAW,CAAC,WAAW,WAAW,MAAM,GAAG,OAAO,GAAG;AAAA,QACpG,OAAO;AAAA,MACT,CAAC;AAAA,IACH,SACO,KAAc;AACnB,YAAM,WAAY,IAA4B,UAAU;AACxD,cAAQ,KAAK,QAAQ;AAAA,IACvB;AAAA,EACF,OACK;AACH,YAAQ,OAAO,MAAM,SAAS;AAAA,EAChC;AACF;;;ACjOA,SAAS,iBAAAG,uBAAqB;AAC9B,SAAS,iBAAAC,gBAAe,yBAAAC,wBAAuB,eAAAC,cAAa,kBAAAC,uBAAsB;AAE3E,IAAM,iBAAiBJ,gBAAc;AAAA,EAC1C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,SAAS;AAAA,MACP,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,GAAG;AAAA,MACD,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,QAAQ,GAAG;AACrB,UAAM,UAAUE,uBAAsB,WAAW,CAAC,CAAC;AACnD,QAAI,QAAQ,WAAW;AACrB,YAAM,IAAI,MAAM,8EAA8E;AAEhG,UAAM,aAAaD,eAAc,WAAW,CAAC,GAAG,SAAS;AACzD,UAAM,SAASE,aAAY,QAAQ,CAAC,GAAI,UAAU;AAClD,UAAM,WAAW,MAAMC,gBAAe,QAAQ,OAAO;AAErD,YAAQ,OAAO,MAAM,GAAG,KAAK,UAAU;AAAA,MACrC,SAAS,SAAS,QAAQ,IAAI;AAAA,MAC9B,QAAQ,SAAS;AAAA,MACjB,WAAW,SAAS,OAAO;AAAA,MAC3B,SAAS,SAAS,OAAO;AAAA,MACzB,YAAY,SAAS;AAAA,MACrB,gBAAgB,SAAS,OAAO;AAAA,MAChC,eAAe,SAAS,OAAO,aAAa,iBAAiB;AAAA,MAC7D,gBAAgB,SAAS;AAAA,IAC3B,GAAG,MAAM,CAAC,CAAC;AAAA,CAAI;AAAA,EACjB;AACF,CAAC;;;ACvCD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAGb,IAAM,mBAAmBC,gBAAc;AAAA,EAC5C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,IAAI,EAAE,KAAK,GAAG;AACZ,UAAM,MAAM,KAAK;AAEjB,YAAQ,KAAK;AAAA,MACX,KAAK,OAAO;AACV,cAAM,MAAM,UAAU;AACtB,YAAI;AACF,kBAAQ,IAAI,GAAG;AAAA;AAEf,UAAAC,UAAQ,KAAK,oBAAoB;AACnC;AAAA,MACF;AAAA,MACA,KAAK,SAAS;AACZ,cAAM,OAAO,SAAS;AACtB,YAAI,MAAM;AACR,kBAAQ,IAAI,KAAK,KAAK;AAAA;AAEtB,UAAAA,UAAQ,KAAK,gBAAgB;AAC/B;AAAA,MACF;AAAA,MACA,SAAS;AAEP,cAAM,SAAS,WAAW;AAC1B,cAAM,QAAQ,IAAI,MAAM,GAAG;AAC3B,YAAI,MAAM,WAAW,GAAG;AACtB,gBAAM,UAAU,MAAM,CAAC;AACvB,gBAAM,QAAQ,MAAM,CAAC;AACrB,gBAAM,aAAa,OAAO,OAAO;AACjC,cAAI,cAAc,SAAS,YAAY;AACrC,oBAAQ,IAAI,WAAW,KAAK,CAAC;AAAA,UAC/B,OACK;AACH,YAAAA,UAAQ,KAAK,QAAQ,GAAG,YAAY;AAAA,UACtC;AAAA,QACF,OACK;AACH,UAAAA,UAAQ,MAAM,iBAAiB,GAAG,6EAA6E;AAC/G,kBAAQ,KAAK,CAAC;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF,CAAC;;;AC1DD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAGb,IAAM,mBAAmBC,gBAAc;AAAA,EAC5C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,IAAI,EAAE,KAAK,GAAG;AACZ,UAAM,MAAM,KAAK;AACjB,UAAM,QAAQ,KAAK;AACnB,UAAM,SAAS,WAAW;AAE1B,UAAM,QAAQ,IAAI,MAAM,GAAG;AAC3B,QAAI,MAAM,WAAW,GAAG;AACtB,MAAAC,UAAQ,MAAM,iBAAiB,GAAG,iEAAiE;AACnG,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,CAAC,SAAS,KAAK,IAAI;AAEzB,QAAI,YAAY,YAAY;AAC1B,aAAO,WAAW,OAAO,YAAY,CAAC;AACrC,MAAC,OAAO,SAAoC,KAAK,IAAI;AAAA,IACxD,WACS,YAAY,SAAS;AAC5B,aAAO,QAAQ,OAAO,SAAS,CAAC;AAC/B,MAAC,OAAO,MAAiC,KAAK,IAAI;AAAA,IACrD,OACK;AACH,MAAAA,UAAQ,MAAM,qBAAqB,OAAO,yBAAyB;AACnE,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,eAAW,MAAM;AACjB,IAAAA,UAAQ,QAAQ,OAAO,GAAG,MAAM,KAAK,EAAE;AAAA,EACzC;AACF,CAAC;;;AClDD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAGpB,eAAe,UAAU,QAAgB,KAAa,MAA0B,aAAqB,KAAc,aAAsB;AACvI,QAAM,QAAQ,aAAa;AAC3B,MAAI,CAAC,OAAO;AACV,IAAAC,UAAQ,MAAM,4CAA4C;AAC1D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC;AAAA,IACA,SAAS;AAAA,MACP,iBAAiB,UAAU,KAAK;AAAA,MAChC,gBAAgB;AAAA,IAClB;AAAA,IACA,MAAM,QAAQ;AAAA,EAChB,CAAC;AAED,MAAI,aAAa;AACf,YAAQ,IAAI,QAAQ,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAC5D,eAAW,CAAC,KAAK,KAAK,KAAK,SAAS,QAAQ,QAAQ,GAAG;AACrD,cAAQ,IAAI,GAAG,GAAG,KAAK,KAAK,EAAE;AAAA,IAChC;AACA,YAAQ,IAAI;AAAA,EACd;AAEA,QAAM,kBAAkB,SAAS,QAAQ,IAAI,cAAc,KAAK;AAChE,QAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,MAAI,OAAO,CAAC,gBAAgB,SAAS,MAAM,GAAG;AAC5C,YAAQ,OAAO,MAAM,IAAI;AAAA,EAC3B,OACK;AACH,QAAI;AACF,cAAQ,IAAI,KAAK,UAAU,KAAK,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC;AAAA,IACvD,QACM;AACJ,cAAQ,OAAO,MAAM,IAAI;AAAA,IAC3B;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF;AAEO,IAAM,eAAeC,gBAAc;AAAA,EACxC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,KAAKA,gBAAc;AAAA,MACjB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,UAAU,OAAO,OAAO,KAAK,GAAG,GAAG,QAAW,oBAAoB,QAAQ,KAAK,GAAG,GAAG,QAAQ,KAAK,OAAO,CAAC;AAAA,MAClH;AAAA,IACF,CAAC;AAAA,IAED,MAAMA,gBAAc;AAAA,MAClB,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA,MAAM;AAAA,QACJ,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,UAAU;AAAA,QACZ;AAAA,QACA,MAAM;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,QACA,gBAAgB;AAAA,UACd,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,KAAK;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,QACA,SAAS;AAAA,UACP,MAAM;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,cAAM,UAAU,QAAQ,OAAO,KAAK,GAAG,GAAG,KAAK,MAA4B,OAAO,KAAK,cAAc,KAAK,kBAAkB,GAAG,QAAQ,KAAK,GAAG,GAAG,QAAQ,KAAK,OAAO,CAAC;AAAA,MACzK;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;;;ACrHD,SAAS,iBAAAC,uBAAqB;AAEvB,IAAM,aAAaA,gBAAc;AAAA,EACtC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,WAAW;AAAA,MACT,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,YAAa,KAAK,aAAa;AACrC,UAAM,OAAO,OAAO,SAAS,OAAO,KAAK,IAAI,GAAG,EAAE;AAElD,QAAI,cAAc,WAAW,cAAc,OAAO;AAChD,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACtD;AAEA,UAAM,EAAE,eAAe,IAAI,MAAM,OAAO,sBAAa;AACrD,UAAM,eAAe,WAAW,IAAI;AAAA,EACtC;AACF,CAAC;;;AC9BD,SAAS,YAAY,cAAc,qBAAqB;AACxD,SAAS,mBAAmB;AAC5B,SAAS,gBAAAC,qBAAoB;AAC7B,SAAS,YAAY;AACrB,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAEpB,IAAM,kBAAkB;AAExB,eAAe,iBAAiB,MAAc,WAAmB;AAC/D,QAAM,EAAE,kBAAkB,cAAc,IAAI,MAAM,OAAO,OAAO;AAChE,QAAM,cAAc,MAAM,IAAI,IAAI,EAAE,KAAK,WAAW,OAAO,MAAM,CAAC;AACpE;AAEA,SAAS,YAAY,KAAa;AAChC,QAAM,cAAc,CAAC,SAAiB,WAAW,KAAK,KAAK,IAAI,CAAC;AAEhE,MAAI,YAAY,gBAAgB,GAAG;AACjC,IAAAF,cAAa,QAAQ,CAAC,SAAS,GAAG,EAAE,KAAK,KAAK,OAAO,UAAU,CAAC;AAAA,EAClE,WACS,YAAY,WAAW,GAAG;AACjC,IAAAA,cAAa,OAAO,CAAC,SAAS,GAAG,EAAE,KAAK,KAAK,OAAO,UAAU,CAAC;AAAA,EACjE,OACK;AACH,IAAAA,cAAa,OAAO,CAAC,SAAS,GAAG,EAAE,KAAK,KAAK,OAAO,UAAU,CAAC;AAAA,EACjE;AACF;AAEA,eAAe,aAAa,SAAiB,SAAoC;AAC/E,QAAM,SAAS,MAAME,UAAQ,OAAO,SAAS,EAAE,MAAM,UAAU,SAAS,QAAQ,CAAC;AACjF,MAAI,OAAO,WAAW,UAAU;AAC9B,YAAQ,KAAK,CAAC;AAAA,EAChB;AACA,SAAO;AACT;AAEA,eAAe,WAAW,SAAiB,cAAwC;AACjF,QAAM,SAAS,MAAMA,UAAQ,OAAO,SAAS,EAAE,MAAM,QAAQ,SAAS,cAAc,aAAa,aAAa,CAAC;AAC/G,MAAI,OAAO,WAAW,UAAU;AAC9B,YAAQ,KAAK,CAAC;AAAA,EAChB;AACA,SAAQ,UAAqB,gBAAgB;AAC/C;AAEO,IAAM,cAAcD,gBAAc;AAAA,EACvC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,MACF,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,QAAI;AAEJ,QAAI,KAAK,IAAI;AACX,aAAO;AAAA,IACT,WACS,KAAK,KAAK;AACjB,aAAO;AAAA,IACT,OACK;AACH,YAAM,SAAS,MAAM,aAAa,+BAA+B;AAAA,QAC/D;AAAA,QACA;AAAA,MACF,CAAC;AACD,aAAO,OAAO,WAAW,IAAI,IAAI,OAAO;AAAA,IAC1C;AAEA,QAAI,SAAS,MAAM;AACjB,YAAM,OAAO,KAAK,GAAG;AAAA,IACvB,OACK;AACH,YAAM,QAAQ,KAAK,GAAG;AAAA,IACxB;AAAA,EACF;AACF,CAAC;AAED,eAAe,OAAO,WAAoB;AACxC,QAAM,MAAM,aAAa;AAEzB,MAAI,WAAW,KAAK,KAAK,cAAc,CAAC,GAAG;AACzC,IAAAC,UAAQ,MAAM,cAAc,GAAG,+BAA+B;AAC9D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAEA,EAAAA,UAAQ,MAAM,2BAA2B;AACzC,QAAM,iBAAiB,iCAAiC,GAAG;AAC3D,EAAAA,UAAQ,QAAQ,oCAAoC;AAEpD,EAAAA,UAAQ,MAAM,4BAA4B;AAC1C,cAAY,GAAG;AACf,EAAAA,UAAQ,QAAQ,wBAAwB;AAGxC,QAAM,aAAa,KAAK,KAAK,cAAc;AAC3C,QAAM,UAAU,KAAK,KAAK,MAAM;AAChC,MAAI,WAAW,UAAU,KAAK,CAAC,WAAW,OAAO,GAAG;AAClD,iBAAa,YAAY,OAAO;AAChC,IAAAA,UAAQ,QAAQ,uCAAuC,eAAe,GAAG;AAAA,EAC3E;AAEA,UAAQ,IAAI,EAAE;AACd,EAAAA,UAAQ,IAAI;AAAA,IACV,MAAM,GAAG;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,EACF,EAAE,KAAK,IAAI,CAAC;AACd;AAEA,eAAe,QAAQ,WAAoB;AACzC,QAAM,MAAM,aAAa;AAEzB,MAAI,WAAW,KAAK,KAAK,cAAc,CAAC,GAAG;AACzC,IAAAA,UAAQ,MAAM,cAAc,GAAG,+BAA+B;AAC9D,WAAO,QAAQ,KAAK,CAAC;AAAA,EACvB;AAGA,QAAM,SAAS,MAAM,WAAW,sBAAsB,WAAW;AACjE,QAAM,UAAU,MAAM,aAAa,mBAAmB;AAAA,IACpD;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,aAAa,MAAM,WAAW,aAAa;AAEjD,EAAAA,UAAQ,MAAM,4BAA4B;AAC1C,QAAM,iBAAiB,kCAAkC,GAAG;AAC5D,EAAAA,UAAQ,QAAQ,qCAAqC;AAErD,EAAAA,UAAQ,MAAM,4BAA4B;AAC1C,cAAY,GAAG;AACf,EAAAA,UAAQ,QAAQ,wBAAwB;AAGxC,QAAM,gBAAgB,YAAY,EAAE,EAAE,SAAS,KAAK;AACpD,QAAM,kBAAkB,YAAY,EAAE,EAAE,SAAS,KAAK;AACtD,EAAAA,UAAQ,QAAQ,mBAAmB;AAGnC,QAAM,cAAc,WAAW;AAC/B,QAAM,SAAS,cAAc,0BAA0B,WAAW,MAAM;AAGxE,QAAM,aAAa;AAAA,IACjB;AAAA,IACA;AAAA,IACA,+BAA+B,aAAa;AAAA,IAC5C,6BAA6B,UAAU;AAAA,IACvC,iCAAiC,eAAe;AAAA,IAChD,uBAAuB,MAAM;AAAA,IAC7B;AAAA,IACA,sBAAsB,MAAM;AAAA,IAC5B,0BAA0B,MAAM;AAAA,EAClC,EAAE,KAAK,IAAI;AAEX,gBAAc,KAAK,KAAK,MAAM,GAAG,aAAa,MAAM,EAAE,MAAM,IAAM,CAAC;AACnE,EAAAA,UAAQ,QAAQ,cAAc;AAE9B,UAAQ,IAAI,EAAE;AACd,EAAAA,UAAQ,IAAI;AAAA,IACV,MAAM,GAAG;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,GAAI,cACA,CAAC,IACD;AAAA,MACE;AAAA,MACA,+BAA+B,OAAO,QAAQ,SAAS,EAAE,CAAC,yBAAoB,MAAM;AAAA,MACpF,2BAA2B,QAAQ,SAAS,IAAI,IAAI,OAAO,IAAI;AAAA,MAC/D;AAAA,IACF;AAAA,EACN,EAAE,KAAK,IAAI,CAAC;AACd;;;AC7LA,SAAS,UAAAC,eAAc;AACvB,SAAS,cAAAC,aAAY,cAAc,iBAAAC,gBAAe,iBAAiB;AACnE,SAAS,YAAAC,iBAAgB;AACzB,SAAS,qBAAqB,YAAY;AAC1C,SAAS,SAAS,eAAe;AACjC,SAAS,eAAe;AACxB,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AAKpB,IAAMC,mBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,gBAAgB;AACtB,IAAM,eAAe;AAErB,SAAS,YAAY,GAAmB;AACtC,SAAO,QAAQ,EAAE,QAAQ,MAAM,QAAQ,CAAC,CAAC;AAC3C;AAEA,SAASC,aAAY,KAAa;AAChC,QAAM,MAAM,QAAQ,aAAa,WAAW,SAAS,QAAQ,aAAa,UAAU,UAAU;AAC9F,EAAAC,UAAS,KAAK,CAAC,GAAG,GAAG,MAAM;AAAA,EAAC,CAAC;AAC/B;AAEA,SAAS,cAAc,SAAyB;AAC9C,QAAM,UAAU,GAAG,OAAO;AAC1B,MAAIC,YAAW,OAAO,GAAG;AACvB,WAAO,aAAa,SAAS,OAAO,EAAE,KAAK;AAAA,EAC7C;AAGA,QAAM,aAAa,aAAa,SAAS,OAAO;AAChD,QAAM,aAAa,sBAAsB,UAAU;AACnD,QAAM,MAAM,WAAW,OAAO,EAAE,QAAQ,MAAM,CAAC;AAC/C,QAAM,WAAWC,QAAO,KAAK,IAAI,GAAG,WAAW;AAG/C,QAAM,aAAa;AACnB,QAAM,aAAaA,QAAO,MAAM,CAAC;AACjC,aAAW,cAAc,WAAW,MAAM;AAC1C,QAAM,YAAYA,QAAO,MAAM,CAAC;AAChC,YAAU,cAAc,SAAS,MAAM;AACvC,QAAM,OAAOA,QAAO,OAAO,CAAC,YAAYA,QAAO,KAAK,UAAU,GAAG,WAAW,QAAQ,CAAC;AAErF,SAAO,eAAe,KAAK,SAAS,QAAQ,CAAC;AAC/C;AAEA,SAAS,mBAAmB,SAAyB;AACnD,QAAM,WAAW,YAAY,OAAO;AACpC,QAAM,MAAM,QAAQ,QAAQ;AAE5B,MAAI,CAACD,YAAW,GAAG,GAAG;AACpB,cAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAAA,EACpC;AAGA,QAAM,EAAE,WAAW,WAAW,IAAI,oBAAoB,SAAS;AAG/D,QAAM,aAAa,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC;AACrE,EAAAE,eAAc,UAAU,YAAY,EAAE,MAAM,IAAM,CAAC;AAGnD,QAAM,MAAM,UAAU,OAAO,EAAE,QAAQ,MAAM,CAAC;AAC9C,QAAM,WAAWD,QAAO,KAAK,IAAI,GAAG,WAAW;AAC/C,QAAM,aAAa;AACnB,QAAM,aAAaA,QAAO,MAAM,CAAC;AACjC,aAAW,cAAc,WAAW,MAAM;AAC1C,QAAM,YAAYA,QAAO,MAAM,CAAC;AAChC,YAAU,cAAc,SAAS,MAAM;AACvC,QAAM,OAAOA,QAAO,OAAO,CAAC,YAAYA,QAAO,KAAK,UAAU,GAAG,WAAW,QAAQ,CAAC;AACrF,QAAM,YAAY,eAAe,KAAK,SAAS,QAAQ,CAAC;AAExD,EAAAC,eAAc,GAAG,QAAQ,QAAQ,GAAG,SAAS;AAAA,GAAM,EAAE,MAAM,IAAM,CAAC;AAElE,SAAO;AACT;AAEA,eAAe,kBACb,KACA,YACA,SAC+C;AAC/C,QAAM,cAAc,YAAY,OAAO;AACvC,QAAM,aAAa,aAAa,aAAa,OAAO;AACpD,QAAM,aAAa,sBAAsB,UAAU;AAEnD,QAAM,eAAe,MAAM,0BAA0B,GAAG;AACxD,QAAM,kBAAkB,MAAM,6BAA6B,GAAG;AAC9D,QAAM,YAAY,KAAK,IAAI;AAE3B,SAAO,KAAK,IAAI,IAAI,YAAY,cAAc;AAC5C,QAAI;AAEF,YAAM,gBAAgB,MAAM,MAAM,cAAc;AAAA,QAC9C,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,WAAW,CAAC;AAAA,MAC/C,CAAC;AAED,UAAI,cAAc,IAAI;AACpB,cAAM,EAAE,UAAU,IAAI,MAAM,cAAc,KAAK;AAC/C,cAAM,YAAY,KAAK,MAAMD,QAAO,KAAK,SAAS,GAAG,UAAU,EAAE,SAAS,QAAQ;AAElF,cAAM,WAAW,MAAM,MAAM,iBAAiB;AAAA,UAC5C,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,UAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,YAAY,WAAW,UAAU,CAAC;AAAA,QACrE,CAAC;AAED,YAAI,SAAS,IAAI;AACf,gBAAM,SAAS,MAAM,SAAS,KAAK;AACnC,iBAAO,EAAE,OAAO,OAAO,OAAO,WAAW,OAAO,WAAW;AAAA,QAC7D;AAAA,MACF;AAAA,IACF,QACM;AAAA,IAEN;AAEA,UAAM,IAAI,QAAQ,CAAAE,aAAW,WAAWA,UAAS,aAAa,CAAC;AAAA,EACjE;AAEA,QAAM,IAAI,MAAM,+DAA+D;AACjF;AAEO,IAAM,gBAAgBC,gBAAc;AAAA,EACzC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa,qBAAqBP,gBAAe;AAAA,IACnD;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,KAAK;AAAA,MACH,MAAM;AAAA,MACN,aAAa,iCAAiC,gBAAgB;AAAA,IAChE;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAElB,UAAM,MAAM,KAAK,OACZ,MAAMQ,UAAQ,OAAO,WAAW,EAAE,MAAM,QAAQ,SAASR,kBAAiB,aAAaA,iBAAgB,CAAC,EAAE,KAAK,OAAK,OAAO,MAAM,WAAW,QAAQ,KAAK,CAAC,IAAI,CAAC,KAC/JA;AAEL,UAAM,YAAY,KAAK,QAClB,MAAMQ,UAAQ,OAAO,cAAc,EAAE,MAAM,QAAQ,aAAa,aAAa,CAAC,EAAE,KAAK,OAAK,OAAO,MAAM,WAAW,QAAQ,KAAK,CAAC,IAAI,CAAC;AAE1I,QAAI,CAAC,WAAW;AACd,MAAAA,UAAQ,MAAM,yBAAyB;AACvC,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAEA,UAAM,UAAU,KAAK,OAChB,MAAMA,UAAQ,OAAO,eAAe,EAAE,MAAM,QAAQ,SAAS,kBAAkB,aAAa,iBAAiB,CAAC,EAAE,KAAK,OAAK,OAAO,MAAM,WAAW,QAAQ,KAAK,CAAC,IAAI,CAAC,KACrK;AAGL,UAAM,cAAc,YAAY,OAAO;AACvC,QAAI;AAEJ,QAAIL,YAAW,WAAW,GAAG;AAC3B,kBAAY,cAAc,WAAW;AACrC,MAAAK,UAAQ,QAAQ,sBAAsB,OAAO,EAAE;AAAA,IACjD,OACK;AACH,MAAAA,UAAQ,MAAM,kCAAkC,OAAO,KAAK;AAC5D,kBAAY,mBAAmB,OAAO;AACtC,MAAAA,UAAQ,QAAQ,yBAAyB,OAAO,EAAE;AAAA,IACpD;AAGA,UAAM,aAAa,mBAAmB,SAAS;AAC/C,UAAM,YAAY,GAAG,GAAG,gBAAgB,mBAAmB,SAAS,CAAC,QAAQ,UAAU;AAEvF,IAAAA,UAAQ,KAAK,mCAAmC;AAChD,IAAAA,UAAQ,KAAK,UAAK,GAAG,SAAS;AAC9B,IAAAP,aAAY,SAAS;AAQrB,YAAQ,IAAI,EAAE;AACd,UAAM,aAAa,MAAMO,UAAQ;AAAA,MAC/B;AAAA,MACA,EAAE,MAAM,QAAQ,aAAa,SAAS,SAAS,OAAO;AAAA,IACxD,EAAE,KAAK,OAAK,OAAO,MAAM,WAAW,QAAQ,KAAK,CAAC,IAAI,CAAC;AAEvD,QAAI,CAAC,YAAY;AACf,MAAAA,UAAQ,MAAM,+CAA+C;AAC7D,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAGA,IAAAA,UAAQ,MAAM,yBAAyB;AACvC,UAAM,EAAE,OAAO,UAAU,IAAI,MAAM,kBAAkB,KAAK,YAAY,OAAO;AAG7E,aAAS;AAAA,MACP;AAAA,MACA,cAAc;AAAA,MACd,OAAO;AAAA,MACP,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,aAAa;AAAA,IAC5D,CAAC;AAED,UAAM,SAAS,WAAW;AAC1B,WAAO,WAAW,EAAE,GAAG,OAAO,UAAU,IAAI;AAC5C,WAAO,QAAQ,EAAE,KAAK,SAAS,OAAO,WAAW;AACjD,eAAW,MAAM;AAEjB,IAAAA,UAAQ,QAAQ,qBAAqB,UAAU,EAAE;AACjD,IAAAA,UAAQ,QAAQ,iCAAiC;AAEjD,YAAQ,IAAI,EAAE;AACd,IAAAA,UAAQ,KAAK,0BAA0B;AAAA,EACzC;AACF,CAAC;;;ACnOD,SAAS,iBAAAC,uBAAqB;AAC9B,OAAOC,eAAa;AACpB,SAAS,oBAAoB;AAEtB,IAAM,kBAAkBD,gBAAc;AAAA,EAC3C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,MAAM;AAAA,IACJ,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,aAAa;AAAA,MACb,UAAU;AAAA,IACZ;AAAA,EACF;AAAA,EACA,MAAM,IAAI,EAAE,KAAK,GAAG;AAClB,UAAM,SAAS,KAAK;AAEpB,IAAAC,UAAQ,MAAM,mBAAmB,MAAM,KAAK;AAE5C,QAAI;AACF,YAAM,SAAS,MAAM,aAAa,MAAM;AAExC,UAAI,CAAC,QAAQ;AACX,QAAAA,UAAQ,MAAM,6BAA6B,MAAM,EAAE;AACnD,gBAAQ,IAAI,EAAE;AACd,gBAAQ,IAAI,wCAAwC;AACpD,gBAAQ,IAAI,YAAY,MAAM,iCAAiC,MAAM,GAAG;AACxE,eAAO,QAAQ,KAAK,CAAC;AAAA,MACvB;AAEA,MAAAA,UAAQ,QAAQ,UAAU,MAAM,WAAM,OAAO,GAAG,EAAE;AAClD,cAAQ,IAAI,EAAE;AACd,cAAQ,IAAI,eAAe,OAAO,WAAW,QAAQ,EAAE;AACvD,cAAQ,IAAI,eAAe,OAAO,GAAG,EAAE;AACvC,UAAI,OAAO;AACT,gBAAQ,IAAI,eAAe,OAAO,IAAI,EAAE;AAC1C,UAAI,OAAO,aAAa;AACtB,gBAAQ,IAAI,eAAe,OAAO,QAAQ,EAAE;AAG9C,cAAQ,IAAI,EAAE;AACd,MAAAA,UAAQ,MAAM,oBAAoB,OAAO,GAAG,KAAK;AAEjD,YAAM,YAAY,MAAM,MAAM,GAAG,OAAO,GAAG,mCAAmC;AAE9E,UAAI,CAAC,UAAU,IAAI;AACjB,QAAAA,UAAQ,KAAK,yBAAyB,UAAU,MAAM,4BAA4B,OAAO,GAAG,GAAG;AAC/F;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,UAAU,KAAK;AAEnC,MAAAA,UAAQ,QAAQ,kBAAkB;AAClC,cAAQ,IAAI,eAAe,MAAM,MAAM,EAAE;AACzC,cAAQ,IAAI,gBAAgB,MAAM,iBAAiB,GAAG,EAAE;AAExD,UAAI,MAAM,8BAA8B;AACtC,gBAAQ,IAAI,eAAgB,MAAM,6BAA0C,KAAK,IAAI,CAAC,EAAE;AAAA,MAC1F;AAEA,UAAI,MAAM,+BAA+B;AACvC,gBAAQ,IAAI,eAAgB,MAAM,8BAA2C,KAAK,IAAI,CAAC,EAAE;AAAA,MAC3F;AAAA,IACF,SACO,KAAK;AACV,MAAAA,UAAQ,MAAM,qBAAqB,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE;AACrF,aAAO,QAAQ,KAAK,CAAC;AAAA,IACvB;AAAA,EACF;AACF,CAAC;;;AxB3CD,IAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS;AAI7C,IAAM,gBAAgBC,gBAAc;AAAA,EAClC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,MAAM;AAAA,IACN,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,sBAAsB;AAAA,IACtB,SAAS;AAAA,IACT,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF,CAAC;AAED,IAAM,gBAAgBA,gBAAc;AAAA,EAClC,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,KAAK;AAAA,IACL,KAAK;AAAA,EACP;AACF,CAAC;AAED,IAAM,OAAOA,gBAAc;AAAA,EACzB,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,aAAa;AAAA,IACX,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,KAAK;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,IACT,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,KAAK;AAAA,EACP;AACF,CAAC;AAED,QAAQ,IAAI,EAAE,MAAM,CAAC,QAAQ;AAC3B,MAAI,OAAO;AACT,IAAAC,UAAQ,MAAM,GAAG;AAAA,EACnB,OACK;AACH,IAAAA,UAAQ,MAAM,eAAe,WAAW,IAAI,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,EACxG;AACA,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["consola","defineCommand","resolve","readFileSync","sign","loadEd25519PrivateKey","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","defineCommand","defineCommand","consola","defineCommand","consola","hostname","defineCommand","consola","waitForApproval","consola","resolve","defineCommand","hostname","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","loadAdapter","index","hostname","defineCommand","loadAdapter","consola","defineCommand","loadAdapter","consola","token","hostname","defineCommand","extractOption","extractWrappedCommand","loadAdapter","resolveCommand","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","defineCommand","consola","consola","defineCommand","defineCommand","execFileSync","defineCommand","consola","Buffer","existsSync","writeFileSync","execFile","defineCommand","consola","DEFAULT_IDP_URL","openBrowser","execFile","existsSync","Buffer","writeFileSync","resolve","defineCommand","consola","defineCommand","consola","defineCommand","consola"]}
|
package/dist/index.js
CHANGED
|
@@ -5,7 +5,7 @@ import {
|
|
|
5
5
|
getGrantsEndpoint,
|
|
6
6
|
getIdpUrl,
|
|
7
7
|
getRequesterIdentity
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-KXESKY4X.js";
|
|
9
9
|
|
|
10
10
|
// src/commands/mcp/server.ts
|
|
11
11
|
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
@@ -302,7 +302,7 @@ function registerAdapterTools(server) {
|
|
|
302
302
|
async function startMcpServer(transport, port) {
|
|
303
303
|
const server = new McpServer({
|
|
304
304
|
name: "apes",
|
|
305
|
-
version: true ? "0.5.
|
|
305
|
+
version: true ? "0.5.4" : "0.1.0"
|
|
306
306
|
});
|
|
307
307
|
registerStaticTools(server);
|
|
308
308
|
registerAdapterTools(server);
|
|
@@ -330,4 +330,4 @@ async function startMcpServer(transport, port) {
|
|
|
330
330
|
export {
|
|
331
331
|
startMcpServer
|
|
332
332
|
};
|
|
333
|
-
//# sourceMappingURL=server-
|
|
333
|
+
//# sourceMappingURL=server-5ZRR26S4.js.map
|
package/package.json
CHANGED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/config.ts","../src/http.ts"],"sourcesContent":["import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'\nimport { homedir } from 'node:os'\nimport { join } from 'node:path'\n\nexport interface AuthData {\n idp: string\n access_token: string\n refresh_token?: string\n email: string\n expires_at: number\n}\n\nexport interface ApesConfig {\n defaults?: {\n idp?: string\n approval?: string\n }\n agent?: {\n key?: string\n email?: string\n }\n}\n\nconst CONFIG_DIR = join(homedir(), '.config', 'apes')\nconst AUTH_FILE = join(CONFIG_DIR, 'auth.json')\nconst CONFIG_FILE = join(CONFIG_DIR, 'config.toml')\n\nfunction ensureDir() {\n if (!existsSync(CONFIG_DIR)) {\n mkdirSync(CONFIG_DIR, { recursive: true })\n }\n}\n\nexport function loadAuth(): AuthData | null {\n if (!existsSync(AUTH_FILE))\n return null\n try {\n return JSON.parse(readFileSync(AUTH_FILE, 'utf-8'))\n }\n catch {\n return null\n }\n}\n\nexport function saveAuth(data: AuthData): void {\n ensureDir()\n writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), { mode: 0o600 })\n}\n\nexport function clearAuth(): void {\n if (existsSync(AUTH_FILE)) {\n writeFileSync(AUTH_FILE, '', { mode: 0o600 })\n }\n}\n\nexport function loadConfig(): ApesConfig {\n if (!existsSync(CONFIG_FILE))\n return {}\n try {\n return parseTOML(readFileSync(CONFIG_FILE, 'utf-8'))\n }\n catch {\n return {}\n }\n}\n\nfunction parseTOML(content: string): ApesConfig {\n const config: ApesConfig = {}\n let section = ''\n\n for (const line of content.split('\\n')) {\n const trimmed = line.trim()\n if (!trimmed || trimmed.startsWith('#'))\n continue\n\n const sectionMatch = trimmed.match(/^\\[(.+)\\]$/)\n if (sectionMatch) {\n section = sectionMatch[1]!\n continue\n }\n\n const kvMatch = trimmed.match(/^(\\w+)\\s*=\\s*\"(.+)\"$/)\n if (kvMatch) {\n const [, key, value] = kvMatch\n if (section === 'defaults') {\n config.defaults = config.defaults || {}\n ;(config.defaults as Record<string, string>)[key!] = value!\n }\n else if (section === 'agent') {\n config.agent = config.agent || {}\n ;(config.agent as Record<string, string>)[key!] = value!\n }\n }\n }\n\n return config\n}\n\nexport function saveConfig(config: ApesConfig): void {\n ensureDir()\n const lines: string[] = []\n\n if (config.defaults) {\n lines.push('[defaults]')\n for (const [key, value] of Object.entries(config.defaults)) {\n if (value)\n lines.push(`${key} = \"${value}\"`)\n }\n lines.push('')\n }\n\n if (config.agent) {\n lines.push('[agent]')\n for (const [key, value] of Object.entries(config.agent)) {\n if (value)\n lines.push(`${key} = \"${value}\"`)\n }\n lines.push('')\n }\n\n writeFileSync(CONFIG_FILE, lines.join('\\n'), { mode: 0o600 })\n}\n\nexport function getIdpUrl(explicit?: string): string | null {\n if (explicit)\n return explicit\n if (process.env.APES_IDP)\n return process.env.APES_IDP\n\n const auth = loadAuth()\n if (auth?.idp)\n return auth.idp\n\n const config = loadConfig()\n if (config.defaults?.idp)\n return config.defaults.idp\n\n return null\n}\n\nexport function getAuthToken(): string | null {\n const auth = loadAuth()\n if (!auth)\n return null\n\n // Check expiry (with 30s buffer)\n if (auth.expires_at && Date.now() / 1000 > auth.expires_at - 30) {\n return null // expired\n }\n\n return auth.access_token\n}\n\nexport function getRequesterIdentity(): string | null {\n return loadAuth()?.email ?? null\n}\n\nexport { CONFIG_DIR, AUTH_FILE }\n","import { getAuthToken, getIdpUrl } from './config'\n\nexport class ApiError extends Error {\n constructor(public statusCode: number, message: string, public problemDetails?: Record<string, unknown>) {\n super(message)\n this.name = 'ApiError'\n }\n}\n\n// OIDC Discovery cache (one-time per CLI invocation)\nconst _discoveryCache: Record<string, Record<string, unknown>> = {}\n\nexport async function discoverEndpoints(idpUrl: string): Promise<Record<string, unknown>> {\n if (_discoveryCache[idpUrl]) {\n return _discoveryCache[idpUrl]\n }\n\n try {\n const response = await fetch(`${idpUrl}/.well-known/openid-configuration`)\n if (response.ok) {\n const data = await response.json() as Record<string, unknown>\n _discoveryCache[idpUrl] = data\n return data\n }\n }\n catch {}\n\n // Return empty if discovery fails (graceful degradation)\n _discoveryCache[idpUrl] = {}\n return {}\n}\n\nexport async function getGrantsEndpoint(idpUrl: string): Promise<string> {\n const disco = await discoverEndpoints(idpUrl)\n return (disco.openape_grants_endpoint as string) || `${idpUrl}/api/grants`\n}\n\nexport async function getAgentChallengeEndpoint(idpUrl: string): Promise<string> {\n const disco = await discoverEndpoints(idpUrl)\n return (disco.ddisa_agent_challenge_endpoint as string) || `${idpUrl}/api/agent/challenge`\n}\n\nexport async function getAgentAuthenticateEndpoint(idpUrl: string): Promise<string> {\n const disco = await discoverEndpoints(idpUrl)\n return (disco.ddisa_agent_authenticate_endpoint as string) || `${idpUrl}/api/agent/authenticate`\n}\n\nexport async function getDelegationsEndpoint(idpUrl: string): Promise<string> {\n const disco = await discoverEndpoints(idpUrl)\n return (disco.openape_delegations_endpoint as string) || `${idpUrl}/api/delegations`\n}\n\nexport async function apiFetch<T = unknown>(\n path: string,\n options: {\n method?: string\n body?: unknown\n idp?: string\n token?: string\n } = {},\n): Promise<T> {\n const token = options.token || getAuthToken()\n if (!token) {\n throw new Error('Not authenticated. Run `apes login` first.')\n }\n\n let url: string\n if (path.startsWith('http')) {\n url = path\n }\n else {\n const idp = options.idp || getIdpUrl()\n if (!idp) {\n throw new Error('No IdP URL configured. Run `apes login` first or pass --idp.')\n }\n url = `${idp}${path}`\n }\n const headers: Record<string, string> = {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': 'application/json',\n }\n\n const response = await fetch(url, {\n method: options.method || 'GET',\n headers,\n body: options.body ? JSON.stringify(options.body) : undefined,\n })\n\n if (!response.ok) {\n const contentType = response.headers.get('content-type') || ''\n\n // Parse RFC 7807 Problem Details\n if (contentType.includes('application/problem+json') || contentType.includes('application/json')) {\n try {\n const problem = await response.json() as Record<string, unknown>\n const message = (problem.detail as string) || (problem.title as string) || `${response.status} ${response.statusText}`\n throw new ApiError(response.status, message, problem)\n }\n catch (e) {\n if (e instanceof ApiError)\n throw e\n }\n }\n\n const text = await response.text()\n throw new ApiError(response.status, text || `${response.status} ${response.statusText}`)\n }\n\n return response.json() as Promise<T>\n}\n"],"mappings":";;;AAAA,SAAS,YAAY,WAAW,cAAc,qBAAqB;AACnE,SAAS,eAAe;AACxB,SAAS,YAAY;AAqBrB,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,MAAM;AACpD,IAAM,YAAY,KAAK,YAAY,WAAW;AAC9C,IAAM,cAAc,KAAK,YAAY,aAAa;AAElD,SAAS,YAAY;AACnB,MAAI,CAAC,WAAW,UAAU,GAAG;AAC3B,cAAU,YAAY,EAAE,WAAW,KAAK,CAAC;AAAA,EAC3C;AACF;AAEO,SAAS,WAA4B;AAC1C,MAAI,CAAC,WAAW,SAAS;AACvB,WAAO;AACT,MAAI;AACF,WAAO,KAAK,MAAM,aAAa,WAAW,OAAO,CAAC;AAAA,EACpD,QACM;AACJ,WAAO;AAAA,EACT;AACF;AAEO,SAAS,SAAS,MAAsB;AAC7C,YAAU;AACV,gBAAc,WAAW,KAAK,UAAU,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AACzE;AAEO,SAAS,YAAkB;AAChC,MAAI,WAAW,SAAS,GAAG;AACzB,kBAAc,WAAW,IAAI,EAAE,MAAM,IAAM,CAAC;AAAA,EAC9C;AACF;AAEO,SAAS,aAAyB;AACvC,MAAI,CAAC,WAAW,WAAW;AACzB,WAAO,CAAC;AACV,MAAI;AACF,WAAO,UAAU,aAAa,aAAa,OAAO,CAAC;AAAA,EACrD,QACM;AACJ,WAAO,CAAC;AAAA,EACV;AACF;AAEA,SAAS,UAAU,SAA6B;AAC9C,QAAM,SAAqB,CAAC;AAC5B,MAAI,UAAU;AAEd,aAAW,QAAQ,QAAQ,MAAM,IAAI,GAAG;AACtC,UAAM,UAAU,KAAK,KAAK;AAC1B,QAAI,CAAC,WAAW,QAAQ,WAAW,GAAG;AACpC;AAEF,UAAM,eAAe,QAAQ,MAAM,YAAY;AAC/C,QAAI,cAAc;AAChB,gBAAU,aAAa,CAAC;AACxB;AAAA,IACF;AAEA,UAAM,UAAU,QAAQ,MAAM,sBAAsB;AACpD,QAAI,SAAS;AACX,YAAM,CAAC,EAAE,KAAK,KAAK,IAAI;AACvB,UAAI,YAAY,YAAY;AAC1B,eAAO,WAAW,OAAO,YAAY,CAAC;AACrC,QAAC,OAAO,SAAoC,GAAI,IAAI;AAAA,MACvD,WACS,YAAY,SAAS;AAC5B,eAAO,QAAQ,OAAO,SAAS,CAAC;AAC/B,QAAC,OAAO,MAAiC,GAAI,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,WAAW,QAA0B;AACnD,YAAU;AACV,QAAM,QAAkB,CAAC;AAEzB,MAAI,OAAO,UAAU;AACnB,UAAM,KAAK,YAAY;AACvB,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,QAAQ,GAAG;AAC1D,UAAI;AACF,cAAM,KAAK,GAAG,GAAG,OAAO,KAAK,GAAG;AAAA,IACpC;AACA,UAAM,KAAK,EAAE;AAAA,EACf;AAEA,MAAI,OAAO,OAAO;AAChB,UAAM,KAAK,SAAS;AACpB,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,KAAK,GAAG;AACvD,UAAI;AACF,cAAM,KAAK,GAAG,GAAG,OAAO,KAAK,GAAG;AAAA,IACpC;AACA,UAAM,KAAK,EAAE;AAAA,EACf;AAEA,gBAAc,aAAa,MAAM,KAAK,IAAI,GAAG,EAAE,MAAM,IAAM,CAAC;AAC9D;AAEO,SAAS,UAAU,UAAkC;AAC1D,MAAI;AACF,WAAO;AACT,MAAI,QAAQ,IAAI;AACd,WAAO,QAAQ,IAAI;AAErB,QAAM,OAAO,SAAS;AACtB,MAAI,MAAM;AACR,WAAO,KAAK;AAEd,QAAM,SAAS,WAAW;AAC1B,MAAI,OAAO,UAAU;AACnB,WAAO,OAAO,SAAS;AAEzB,SAAO;AACT;AAEO,SAAS,eAA8B;AAC5C,QAAM,OAAO,SAAS;AACtB,MAAI,CAAC;AACH,WAAO;AAGT,MAAI,KAAK,cAAc,KAAK,IAAI,IAAI,MAAO,KAAK,aAAa,IAAI;AAC/D,WAAO;AAAA,EACT;AAEA,SAAO,KAAK;AACd;AAEO,SAAS,uBAAsC;AACpD,SAAO,SAAS,GAAG,SAAS;AAC9B;;;ACzJO,IAAM,WAAN,cAAuB,MAAM;AAAA,EAClC,YAAmB,YAAoB,SAAwB,gBAA0C;AACvG,UAAM,OAAO;AADI;AAA4C;AAE7D,SAAK,OAAO;AAAA,EACd;AACF;AAGA,IAAM,kBAA2D,CAAC;AAElE,eAAsB,kBAAkB,QAAkD;AACxF,MAAI,gBAAgB,MAAM,GAAG;AAC3B,WAAO,gBAAgB,MAAM;AAAA,EAC/B;AAEA,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,GAAG,MAAM,mCAAmC;AACzE,QAAI,SAAS,IAAI;AACf,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,sBAAgB,MAAM,IAAI;AAC1B,aAAO;AAAA,IACT;AAAA,EACF,QACM;AAAA,EAAC;AAGP,kBAAgB,MAAM,IAAI,CAAC;AAC3B,SAAO,CAAC;AACV;AAEA,eAAsB,kBAAkB,QAAiC;AACvE,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,2BAAsC,GAAG,MAAM;AAC/D;AAEA,eAAsB,0BAA0B,QAAiC;AAC/E,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,kCAA6C,GAAG,MAAM;AACtE;AAEA,eAAsB,6BAA6B,QAAiC;AAClF,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,qCAAgD,GAAG,MAAM;AACzE;AAEA,eAAsB,uBAAuB,QAAiC;AAC5E,QAAM,QAAQ,MAAM,kBAAkB,MAAM;AAC5C,SAAQ,MAAM,gCAA2C,GAAG,MAAM;AACpE;AAEA,eAAsB,SACpB,MACA,UAKI,CAAC,GACO;AACZ,QAAM,QAAQ,QAAQ,SAAS,aAAa;AAC5C,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AAEA,MAAI;AACJ,MAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,UAAM;AAAA,EACR,OACK;AACH,UAAM,MAAM,QAAQ,OAAO,UAAU;AACrC,QAAI,CAAC,KAAK;AACR,YAAM,IAAI,MAAM,8DAA8D;AAAA,IAChF;AACA,UAAM,GAAG,GAAG,GAAG,IAAI;AAAA,EACrB;AACA,QAAM,UAAkC;AAAA,IACtC,iBAAiB,UAAU,KAAK;AAAA,IAChC,gBAAgB;AAAA,EAClB;AAEA,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC,QAAQ,QAAQ,UAAU;AAAA,IAC1B;AAAA,IACA,MAAM,QAAQ,OAAO,KAAK,UAAU,QAAQ,IAAI,IAAI;AAAA,EACtD,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,cAAc,SAAS,QAAQ,IAAI,cAAc,KAAK;AAG5D,QAAI,YAAY,SAAS,0BAA0B,KAAK,YAAY,SAAS,kBAAkB,GAAG;AAChG,UAAI;AACF,cAAM,UAAU,MAAM,SAAS,KAAK;AACpC,cAAM,UAAW,QAAQ,UAAsB,QAAQ,SAAoB,GAAG,SAAS,MAAM,IAAI,SAAS,UAAU;AACpH,cAAM,IAAI,SAAS,SAAS,QAAQ,SAAS,OAAO;AAAA,MACtD,SACO,GAAG;AACR,YAAI,aAAa;AACf,gBAAM;AAAA,MACV;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,IAAI,SAAS,SAAS,QAAQ,QAAQ,GAAG,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,EACzF;AAEA,SAAO,SAAS,KAAK;AACvB;","names":[]}
|
|
File without changes
|