npm - @propper-ai/cli - Versions diffs - 0.3.2 → 0.4.0 - Mend

@propper-ai/cli 0.3.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +5 -0
package/dist/bin/propper.js +47 -6
package/dist/bin/propper.js.map +1 -1
package/dist/{chunk-CBIH6V3I.js → chunk-XSRXBEWN.js} +2404 -2
package/dist/chunk-XSRXBEWN.js.map +1 -0
package/dist/generated/client.js +1 -1
package/package.json +1 -1
package/dist/chunk-CBIH6V3I.js.map +0 -1

package/dist/bin/propper.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/bin/propper.ts","../../src/output/printer.ts","../../src/output/format.ts","../../src/output/query.ts","../../src/runtime/program.ts","../../package.json","../../src/constants.ts","../../src/auth/oidc.ts","../../src/auth/token-store.ts","../../src/config/paths.ts","../../src/config/store.ts","../../src/auth/chain.ts","../../src/commands/auth/deps.ts","../../src/commands/auth/export.ts","../../src/commands/auth/login.ts","../../src/commands/auth/logout.ts","../../src/commands/auth/status.ts","../../src/commands/completion.ts","../../src/commands/configure/index.ts","../../src/runtime/dispatch.ts","../../src/manifest/types.ts","../../src/runtime/options.ts"],"sourcesContent":["#!/usr/bin/env node\nimport { CommanderError } from \"commander\";\nimport { manifest } from \"../generated/client.js\";\nimport { ApiError, AuthError, UsageError } from \"../http/errors.js\";\nimport { printError } from \"../output/printer.js\";\nimport { buildProgram } from \"../runtime/program.js\";\n\nfunction exitCodeFor(err: unknown): number {\n if (err instanceof UsageError) return 2;\n if (err instanceof AuthError) return 3;\n if (err instanceof ApiError) return 4;\n return 1;\n}\n\nasync function main(): Promise<void> {\n const argv = process.argv;\n const debug = argv.includes(\"--debug\");\n try {\n const program = buildProgram(manifest);\n program.exitOverride();\n\n // No arguments: show help and exit cleanly.\n if (argv.slice(2).length === 0) {\n program.outputHelp();\n return;\n }\n\n await program.parseAsync(argv);\n } catch (err) {\n // commander already printed help/version/usage errors before throwing.\n if (err instanceof CommanderError) {\n process.exitCode = err.exitCode === 0 ? 0 : 2;\n return;\n }\n const color = !argv.includes(\"--no-color\") && !process.env.NO_COLOR;\n printError(err, { debug, color });\n process.exitCode = exitCodeFor(err);\n }\n}\n\nvoid main();\n","import ora, { type Ora } from \"ora\";\nimport pc from \"picocolors\";\nimport { ApiError } from \"../http/errors.js\";\nimport { type OutputFormat, formatOutput, isOutputFormat } from \"./format.js\";\nimport { applyQuery } from \"./query.js\";\n\nexport interface Palette {\n red: (s: string) => string;\n green: (s: string) => string;\n yellow: (s: string) => string;\n dim: (s: string) => string;\n bold: (s: string) => string;\n}\n\nconst identity = (s: string) => s;\n\nexport function palette(enabled: boolean): Palette {\n if (!enabled)\n return { red: identity, green: identity, yellow: identity, dim: identity, bold: identity };\n return { red: pc.red, green: pc.green, yellow: pc.yellow, dim: pc.dim, bold: pc.bold };\n}\n\nexport interface RenderOptions {\n output: string;\n query?: string;\n}\n\n/** Apply --query then format. Falls back to json for unknown formats. /\nexport function renderResult(data: unknown, opts: RenderOptions): string {\n const filtered = applyQuery(data, opts.query);\n const format: OutputFormat = isOutputFormat(opts.output) ? opts.output : \"json\";\n return formatOutput(filtered, format);\n}\n\nexport function printResult(\n data: unknown,\n opts: RenderOptions,\n out: NodeJS.WritableStream = process.stdout,\n): void {\n out.write(`${renderResult(data, opts)}\\n`);\n}\n\nconst STATUS_TEXT: Record<number, string> = {\n 400: \"Bad Request\",\n 401: \"Unauthorized\",\n 403: \"Forbidden\",\n 404: \"Not Found\",\n 405: \"Method Not Allowed\",\n 409: \"Conflict\",\n 410: \"Gone\",\n 422: \"Unprocessable Entity\",\n 429: \"Too Many Requests\",\n 500: \"Internal Server Error\",\n 502: \"Bad Gateway\",\n 503: \"Service Unavailable\",\n 504: \"Gateway Timeout\",\n};\n\nfunction indent(text: string, pad = \" \"): string {\n return text\n .split(\"\\n\")\n .map((line) => `${pad}${line}`)\n .join(\"\\n\");\n}\n\n/\n The structured part of an error body worth showing below the message line:\n * a non-empty string (different from the message), a non-empty array, or an\n * object with keys beyond the already-shown message/error/code.\n /\nfunction extraBody(body: unknown, message: string): unknown \| undefined {\n if (body == null) return undefined;\n if (typeof body === \"string\") {\n const t = body.trim();\n return t && t !== message ? body : undefined;\n }\n if (Array.isArray(body)) return body.length ? body : undefined;\n if (typeof body === \"object\") {\n const rest: Record<string, unknown> = { ...(body as Record<string, unknown>) };\n for (const k of [\"message\", \"error\", \"code\"]) {\n if (typeof rest[k] === \"string\") delete rest[k];\n }\n return Object.keys(rest).length ? body : undefined;\n }\n return undefined;\n}\n\n/* Render an ApiError as a multi-line, actionable block. /\nexport function formatApiError(err: ApiError, colors: Palette): string {\n const statusText = STATUS_TEXT[err.status];\n const head = err.status\n ? `HTTP ${err.status}${statusText ? ` ${statusText}` : \"\"}`\n : \"Request failed\";\n const where = err.method && err.path ? ` on ${colors.bold(`${err.method} ${err.path}`)}` : \"\";\n const lines = [`${colors.red(\"error\")}: ${head}${where}`];\n\n const msg = err.message?.trim() ?? \"\";\n const generic = `${err.status} ${statusText ?? \"\"}`.trim();\n if (msg && msg !== generic && msg !== head) lines.push(` ${msg}`);\n\n const details = extraBody(err.body, msg);\n if (details !== undefined) {\n const rendered = typeof details === \"string\" ? details : JSON.stringify(details, null, 2);\n lines.push(colors.dim(indent(rendered)));\n }\n if (err.code) lines.push(colors.dim(` code: ${err.code}`));\n if (err.requestId) lines.push(colors.dim(` request id: ${err.requestId}`));\n if (err.operation) {\n lines.push(\n colors.dim(\n ` hint: run \\`propper ${err.operation} --help\\` for required parameters, or re-run with --debug`,\n ),\n );\n }\n return lines.join(\"\\n\");\n}\n\nexport function printError(\n err: unknown,\n opts: { debug?: boolean; color?: boolean } = {},\n out: NodeJS.WritableStream = process.stderr,\n): void {\n const colors = palette(opts.color ?? true);\n if (err instanceof ApiError) {\n out.write(`${formatApiError(err, colors)}\\n`);\n if (opts.debug && err.stack) out.write(`${colors.dim(err.stack)}\\n`);\n return;\n }\n const message = err instanceof Error ? err.message : String(err);\n out.write(`${colors.red(\"error\")}: ${message}\\n`);\n if (opts.debug && err instanceof Error && err.stack) out.write(`${colors.dim(err.stack)}\\n`);\n}\n\n/* A spinner that is a no-op when quiet or not attached to a TTY. /\nexport function makeSpinner(text: string, opts: { quiet?: boolean } = {}): Ora \| undefined {\n if (opts.quiet \|\| !process.stderr.isTTY) return undefined;\n return ora({ text, stream: process.stderr }).start();\n}\n","import Table from \"cli-table3\";\nimport { stringify as yamlStringify } from \"yaml\";\n\nexport type OutputFormat = \"json\" \| \"yaml\" \| \"table\" \| \"text\";\n\nexport const OUTPUT_FORMATS: OutputFormat[] = [\"json\", \"yaml\", \"table\", \"text\"];\n\nexport function isOutputFormat(value: string): value is OutputFormat {\n return (OUTPUT_FORMATS as string[]).includes(value);\n}\n\n/* Max width of a rendered table cell before it is truncated with an ellipsis. /\nconst MAX_CELL_WIDTH = 40;\n\n/* An array whose every element is a plain object (an empty array qualifies). /\nfunction isObjectArray(value: unknown): value is Record<string, unknown>[] {\n return (\n Array.isArray(value) &&\n value.every((d) => d !== null && typeof d === \"object\" && !Array.isArray(d))\n );\n}\n\n/* Conventional collection keys, preferred when an envelope has several arrays. /\nconst COLLECTION_KEYS = [\"data\", \"items\", \"results\", \"records\", \"rows\", \"list\"];\n\n/\n Resolve the array of records to tabularize. List endpoints wrap their rows in\n * an envelope object — `{ agreements: [...] }`, `{ data: [...], pagination:\n * {...} }`, etc. — so when the value isn't already a record array, unwrap its\n * object-array property. One array is unambiguous; with several (e.g. locker's\n * `{ data, documents, pagination }`) prefer a conventional collection key.\n * Returns null when there's no array — or several with no conventional key — so\n * the caller can fall back to JSON.\n /\nfunction collectionRows(data: unknown): Record<string, unknown>[] \| null {\n if (isObjectArray(data)) return data;\n if (data !== null && typeof data === \"object\" && !Array.isArray(data)) {\n const obj = data as Record<string, unknown>;\n const arrayKeys = Object.keys(obj).filter((k) => isObjectArray(obj[k]));\n const key =\n arrayKeys.length === 1 ? arrayKeys[0] : COLLECTION_KEYS.find((k) => arrayKeys.includes(k));\n if (key !== undefined) return obj[key] as Record<string, unknown>[];\n }\n return null;\n}\n\nfunction isEmpty(value: unknown): boolean {\n return (\n value === null \|\|\n value === undefined \|\|\n value === \"\" \|\|\n (Array.isArray(value) && value.length === 0)\n );\n}\n\n/* Full-fidelity scalar — used by text output (scripting); never truncated. /\nfunction scalar(value: unknown): string {\n if (value === null \|\| value === undefined) return \"\";\n if (typeof value === \"object\") return JSON.stringify(value);\n return String(value);\n}\n\n/* Compact, width-bounded cell for human-readable tables. /\nfunction tableCell(value: unknown): string {\n if (value === null \|\| value === undefined) return \"\";\n if (Array.isArray(value)) {\n return value.length === 0 ? \"\" : `${value.length} item${value.length === 1 ? \"\" : \"s\"}`;\n }\n if (typeof value === \"object\") return \"{…}\";\n const s = String(value);\n return s.length > MAX_CELL_WIDTH ? `${s.slice(0, MAX_CELL_WIDTH - 1)}…` : s;\n}\n\nfunction toTable(data: Record<string, unknown>[]): string {\n const allColumns = [...new Set(data.flatMap((row) => Object.keys(row)))];\n // Drop columns that are empty in every row so the table isn't padded out by\n // fields the API always returns null/empty. Keep all if that leaves nothing.\n const nonEmpty = allColumns.filter((c) => data.some((row) => !isEmpty(row[c])));\n const columns = nonEmpty.length > 0 ? nonEmpty : allColumns;\n const table = new Table({ head: columns });\n for (const row of data) table.push(columns.map((c) => tableCell(row[c])));\n return table.toString();\n}\n\nfunction toText(data: unknown): string {\n const rows = collectionRows(data);\n if (rows) {\n const columns = [...new Set(rows.flatMap((row) => Object.keys(row)))];\n return rows.map((row) => columns.map((c) => scalar(row[c])).join(\"\\t\")).join(\"\\n\");\n }\n if (Array.isArray(data)) {\n return data.map((item) => scalar(item)).join(\"\\n\");\n }\n if (data !== null && typeof data === \"object\") {\n return Object.entries(data as Record<string, unknown>)\n .map(([k, v]) => `${k}\\t${scalar(v)}`)\n .join(\"\\n\");\n }\n return scalar(data);\n}\n\n/* Render a value in the requested output format. /\nexport function formatOutput(data: unknown, format: OutputFormat): string {\n switch (format) {\n case \"yaml\":\n return yamlStringify(data).trimEnd();\n case \"table\": {\n const rows = collectionRows(data);\n if (!rows) return JSON.stringify(data, null, 2);\n return rows.length > 0 ? toTable(rows) : \"(no items)\";\n }\n case \"text\":\n return toText(data);\n default:\n return JSON.stringify(data, null, 2);\n }\n}\n","import as jmespath from \"jmespath\";\n\n/** Apply a JMESPath expression (AWS-CLI `--query`), or return data unchanged. /\nexport function applyQuery(data: unknown, expression?: string): unknown {\n if (!expression) return data;\n return jmespath.search(data, expression);\n}\n","import { Command } from \"commander\";\nimport { authExport as defaultAuthExport } from \"../commands/auth/export.js\";\nimport {\n loginClientCredentials as defaultLoginClientCredentials,\n loginPkce as defaultLoginPkce,\n loginWithToken as defaultLoginWithToken,\n} from \"../commands/auth/login.js\";\nimport { logout as defaultLogout } from \"../commands/auth/logout.js\";\nimport { authStatus as defaultAuthStatus } from \"../commands/auth/status.js\";\nimport {\n SUPPORTED_SHELLS,\n type Shell,\n completeArgs,\n completionScript,\n} from \"../commands/completion.js\";\nimport {\n configureGet as defaultConfigureGet,\n configureListProfiles as defaultConfigureListProfiles,\n configureSet as defaultConfigureSet,\n runConfigureWizard as defaultRunConfigureWizard,\n} from \"../commands/configure/index.js\";\nimport { CLI_VERSION, ENV } from \"../constants.js\";\nimport { UsageError } from \"../http/errors.js\";\nimport type { Manifest, OperationEntry } from \"../manifest/types.js\";\nimport { printResult } from \"../output/printer.js\";\nimport { dispatch as defaultDispatch } from \"./dispatch.js\";\nimport { type CliContext, buildContext as defaultBuildContext } from \"./options.js\";\n\nexport interface ProgramDeps {\n buildContext: (globals: Record<string, unknown>) => CliContext;\n dispatch: typeof defaultDispatch;\n auth: {\n loginWithToken: typeof defaultLoginWithToken;\n loginClientCredentials: typeof defaultLoginClientCredentials;\n loginPkce: typeof defaultLoginPkce;\n logout: typeof defaultLogout;\n authStatus: typeof defaultAuthStatus;\n authExport: typeof defaultAuthExport;\n };\n configure: {\n configureSet: typeof defaultConfigureSet;\n configureGet: typeof defaultConfigureGet;\n configureListProfiles: typeof defaultConfigureListProfiles;\n runConfigureWizard: typeof defaultRunConfigureWizard;\n };\n}\n\nexport const defaultProgramDeps: ProgramDeps = {\n buildContext: (globals) => defaultBuildContext(globals),\n dispatch: defaultDispatch,\n auth: {\n loginWithToken: defaultLoginWithToken,\n loginClientCredentials: defaultLoginClientCredentials,\n loginPkce: defaultLoginPkce,\n logout: defaultLogout,\n authStatus: defaultAuthStatus,\n authExport: defaultAuthExport,\n },\n configure: {\n configureSet: defaultConfigureSet,\n configureGet: defaultConfigureGet,\n configureListProfiles: defaultConfigureListProfiles,\n runConfigureWizard: defaultRunConfigureWizard,\n },\n};\n\n/* Attach the global options that every actionable command understands. /\nfunction addGlobalOptions(cmd: Command): Command {\n return cmd\n .option(\"--profile <name>\", \"Config profile to use\")\n .option(\"--output <format>\", \"Output format: json\|table\|yaml\|text\")\n .option(\"--query <jmespath>\", \"JMESPath filter expression (like AWS --query)\")\n .option(\"--base-url <url>\", \"Override the API base URL\")\n .option(\"--auth-base-url <url>\", \"Override the auth base URL\")\n .option(\"--client-id <id>\", \"Client-credentials (M2M) client id\")\n .option(\"--token <token>\", \"Bearer token (overrides stored credentials)\")\n .option(\"--no-color\", \"Disable colored output\")\n .option(\"--quiet\", \"Suppress spinners and non-essential output\")\n .option(\"--debug\", \"Print request/response debug info\");\n}\n\n/\n Top-level help footer documenting the environment-variable overrides the CLI\n * honors. Variable names come from the `ENV` constant so this can't drift from\n * what the CLI actually reads; `NO_COLOR` is a standard var handled in\n * `buildContext`. Flag column lists the equivalent command-line override.\n /\nfunction renderEnvHelp(): string {\n const rows: Array<{ name: string; desc: string; flag?: string }> = [\n { name: ENV.token, desc: \"Bearer token (overrides stored credentials)\" },\n { name: ENV.profile, desc: \"Active profile\", flag: \"--profile\" },\n { name: ENV.apiBaseUrl, desc: \"API base URL\", flag: \"--base-url\" },\n { name: ENV.authBaseUrl, desc: \"Auth base URL\", flag: \"--auth-base-url\" },\n { name: ENV.clientId, desc: \"Client-credentials (M2M) client id\", flag: \"--client-id\" },\n { name: ENV.clientSecret, desc: \"Client-credentials (M2M) client secret\" },\n { name: ENV.configDir, desc: \"Config directory (default ~/.propper)\" },\n { name: \"NO_COLOR\", desc: \"Disable colored output\", flag: \"--no-color\" },\n ];\n const nameWidth = Math.max(...rows.map((r) => r.name.length));\n const descWidth = Math.max(...rows.map((r) => r.desc.length));\n const lines = rows.map((r) => {\n const left = ` ${r.name.padEnd(nameWidth)} ${r.desc.padEnd(descWidth)}`;\n return r.flag ? `${left} (${r.flag})` : left.trimEnd();\n });\n return [\n \"Environment variables:\",\n ...lines,\n \"\",\n \"Precedence: command flags > environment variables > profile config > built-in defaults.\",\n ].join(\"\\n\");\n}\n\n/* Make a group command print its help (instead of erroring) when run bare. /\nfunction showHelpWhenEmpty(cmd: Command): Command {\n return cmd.action(() => cmd.help());\n}\n\nfunction addApiCommand(topicCmd: Command, entry: OperationEntry, deps: ProgramDeps): void {\n const cmd = topicCmd.command(entry.command);\n if (entry.summary) cmd.description(entry.summary);\n\n const added = new Set<string>();\n const add = (flag: string, desc: string, required = false): void => {\n const key = flag.split(\" \")[0] ?? flag;\n if (added.has(key)) return;\n added.add(key);\n if (required) cmd.requiredOption(flag, desc);\n else cmd.option(flag, desc);\n };\n\n for (const p of entry.pathParams) {\n add(`${p.flag} <value>`, p.description ?? `path parameter '${p.name}'`, true);\n }\n for (const p of entry.queryParams) {\n add(`${p.flag} <value>`, p.description ?? `query parameter '${p.name}'`);\n }\n for (const f of entry.bodyFields) {\n const desc = `${f.description ?? `body field '${f.name}'`}${f.required ? \" (required)\" : \"\"}`;\n add(f.type === \"boolean\" ? f.flag : `${f.flag} <value>`, desc);\n }\n if (entry.hasBody) {\n add(\"--input-json <json\|@file>\", \"Raw JSON body: a string, @file.json, or '-' for stdin\");\n }\n if (entry.fileField) {\n add(\"--file <path>\", `Local file for the '${entry.fileField}' field (base64-encoded)`);\n }\n if (entry.produces === \"binary\") {\n add(\"--output-file <path>\", \"Write the binary response to a file (else stdout)\");\n }\n if (entry.queryParams.some((p) => p.name === \"page\")) {\n add(\"--all\", \"Auto-paginate and return all pages\");\n }\n\n addGlobalOptions(cmd);\n cmd.action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n await deps.dispatch(entry, c.opts(), ctx);\n });\n}\n\nfunction registerApiTopics(program: Command, manifest: Manifest, deps: ProgramDeps): void {\n // Three-level tree: propper <api> <topic> <command>. APIs are namespaced\n // because topics overlap across specs (e.g. \"documents\"/\"templates\").\n const apiCmds = new Map<string, Command>();\n const topicCmds = new Map<string, Command>();\n\n for (const api of manifest.apis) {\n const title = api.title.replace(/\\sAPI$/i, \"\");\n const apiCmd = program.command(api.name).description(`${title} API`);\n showHelpWhenEmpty(apiCmd);\n apiCmds.set(api.name, apiCmd);\n }\n\n for (const entry of manifest.operations) {\n const apiCmd = apiCmds.get(entry.api);\n if (!apiCmd) continue;\n const topicKey = `${entry.api}:${entry.topic}`;\n let topicCmd = topicCmds.get(topicKey);\n if (!topicCmd) {\n topicCmd = apiCmd.command(entry.topic).description(`Manage ${entry.topic}`);\n showHelpWhenEmpty(topicCmd);\n topicCmds.set(topicKey, topicCmd);\n }\n addApiCommand(topicCmd, entry, deps);\n }\n}\n\nfunction registerAuth(program: Command, deps: ProgramDeps): void {\n const auth = program.command(\"auth\").description(\"Authenticate with Propper\");\n showHelpWhenEmpty(auth);\n\n const login = addGlobalOptions(auth.command(\"login\"))\n .description(\"Log in via browser (PKCE), --client-credentials, or --token\")\n .option(\"--client-credentials\", \"Use the OAuth client-credentials grant (CI)\")\n .option(\n \"--scope <scope>\",\n \"Space-separated OAuth scopes to request (defaults to the full propper-cli set)\",\n )\n .action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const o = c.opts();\n if (ctx.explicitToken) {\n deps.auth.loginWithToken(ctx, ctx.explicitToken);\n } else if (o.clientCredentials) {\n if (!ctx.clientId \|\| !ctx.clientSecret) {\n throw new UsageError(\n `Set a client id (--client-id / ${ENV.clientId} / \\`propper configure\\`) and ${ENV.clientSecret} to use --client-credentials.`,\n );\n }\n await deps.auth.loginClientCredentials(ctx, ctx.clientSecret, o.scope);\n } else {\n const { authorizeUrl } = await deps.auth.loginPkce(ctx, o.scope);\n process.stderr.write(`Opening browser to authorize...\\n ${authorizeUrl}\\n`);\n }\n process.stdout.write(`✓ Logged in to profile \"${ctx.profile}\".\\n`);\n });\n void login;\n\n addGlobalOptions(auth.command(\"logout\"))\n .description(\"Revoke and clear stored credentials\")\n .action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const ok = await deps.auth.logout(ctx);\n process.stdout.write(ok ? `✓ Logged out of \"${ctx.profile}\".\\n` : \"Nothing to log out of.\\n\");\n });\n\n addGlobalOptions(auth.command(\"status\"))\n .alias(\"whoami\")\n .description(\"Show the current identity and token status\")\n .action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const status = await deps.auth.authStatus(ctx);\n printResult(status, { output: ctx.output, query: ctx.query });\n });\n\n addGlobalOptions(auth.command(\"export\"))\n .option(\"--unmasked\", \"Reveal token, client id, and client secret values in full\")\n .description(\"Export the active profile's stored credentials (masked by default)\")\n .action((_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const data = deps.auth.authExport(ctx, { unmasked: Boolean(c.opts().unmasked) });\n printResult(data, { output: ctx.output, query: ctx.query });\n });\n}\n\nfunction registerConfigure(program: Command, deps: ProgramDeps): void {\n const configure = addGlobalOptions(program.command(\"configure\")).description(\n \"Configure profiles (base URLs, client id + secret, default output, token)\",\n );\n\n addGlobalOptions(configure.command(\"set\"))\n .argument(\"<key>\", \"Config key\")\n .argument(\"<value>\", \"Value\")\n .description(\"Set a profile value\")\n .action((key: string, value: string, _o, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n deps.configure.configureSet(ctx.profile, key, value);\n process.stdout.write(`✓ Set ${key} for profile \"${ctx.profile}\".\\n`);\n });\n\n addGlobalOptions(configure.command(\"get\"))\n .argument(\"<key>\", \"Config key\")\n .description(\"Get a profile value\")\n .action((key: string, _o, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const value = deps.configure.configureGet(ctx.profile, key);\n process.stdout.write(`${value ?? \"\"}\\n`);\n });\n\n addGlobalOptions(configure.command(\"list-profiles\"))\n .description(\"List configured profiles\")\n .action((_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n printResult(deps.configure.configureListProfiles(), {\n output: ctx.output,\n query: ctx.query,\n });\n });\n\n configure.action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n await deps.configure.runConfigureWizard(ctx);\n });\n}\n\nfunction registerCompletion(program: Command, manifest: Manifest): void {\n program\n .command(\"completion\")\n .argument(\"<shell>\", `shell to emit a completion script for (${SUPPORTED_SHELLS.join(\" \| \")})`)\n .description(\"Output a shell completion script\")\n .action((shell: string) => {\n if (!(SUPPORTED_SHELLS as readonly string[]).includes(shell)) {\n throw new UsageError(\n `Unsupported shell \"${shell}\". Use one of: ${SUPPORTED_SHELLS.join(\", \")}`,\n );\n }\n process.stdout.write(completionScript(shell as Shell));\n });\n\n // Hidden machinery the generated completion scripts call to list candidates.\n const complete = new Command(\"__complete\")\n .argument(\"[words...]\", \"tokens typed after `propper`\")\n .action((words: string[] = []) => {\n for (const candidate of completeArgs(words, manifest)) process.stdout.write(`${candidate}\\n`);\n });\n program.addCommand(complete, { hidden: true });\n}\n\n/** Build the full commander program from the manifest + hand-authored commands. /\nexport function buildProgram(manifest: Manifest, deps: ProgramDeps = defaultProgramDeps): Command {\n const program = new Command();\n program\n .name(\"propper\")\n .description(\"Propper CLI — AWS-style, OpenAPI-generated interface for the Propper APIs\")\n .version(CLI_VERSION, \"-V, --version\")\n .showHelpAfterError(\"(add --help for usage)\");\n addGlobalOptions(program);\n program.addHelpText(\"after\", `\\n${renderEnvHelp()}`);\n\n registerApiTopics(program, manifest, deps);\n registerAuth(program, deps);\n registerConfigure(program, deps);\n registerCompletion(program, manifest);\n\n return program;\n}\n","{\n \"name\": \"@propper-ai/cli\",\n \"version\": \"0.3.2\",\n \"description\": \"Propper CLI — an AWS-style, OpenAPI-generated command-line interface for the Propper Sign + Auth APIs\",\n \"type\": \"module\",\n \"license\": \"MIT\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/mypropper/propper-cli.git\"\n },\n \"homepage\": \"https://github.com/mypropper/propper-cli#readme\",\n \"bugs\": {\n \"url\": \"https://github.com/mypropper/propper-cli/issues\"\n },\n \"keywords\": [\n \"propper\",\n \"cli\",\n \"e-signature\",\n \"esignature\",\n \"esign\",\n \"sign\",\n \"signing\",\n \"docgen\",\n \"document-generation\",\n \"openapi\",\n \"sdk\",\n \"api\"\n ],\n \"bin\": {\n \"propper\": \"./dist/bin/propper.js\"\n },\n \"exports\": {\n \"./generated/client\": \"./dist/generated/client.js\",\n \"./package.json\": \"./package.json\"\n },\n \"files\": [\n \"dist\",\n \"README.md\"\n ],\n \"engines\": {\n \"node\": \">=20\"\n },\n \"scripts\": {\n \"build\": \"tsup\",\n \"dev\": \"tsx src/bin/propper.ts\",\n \"dev:setup-local\": \"npm install && npm run build && npm install -g .\",\n \"dev:link-local\": \"npm install && npm run build && npm link\",\n \"dev:uninstall-local\": \"npm uninstall -g @propper-ai/cli\",\n \"dev:reinstall-local\": \"npm run dev:uninstall-local; npm run dev:link-local && node scripts/install-completion.mjs\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\",\n \"lint\": \"biome check .\",\n \"lint:fix\": \"biome check --write .\",\n \"typecheck\": \"tsc --noEmit\",\n \"generate\": \"tsx scripts/generate.ts\",\n \"sync-spec\": \"tsx scripts/sync-spec.ts\",\n \"spec-diff\": \"tsx scripts/spec-diff.ts\",\n \"prepare\": \"husky\"\n },\n \"dependencies\": {\n \"cli-table3\": \"^0.6.5\",\n \"commander\": \"^12.1.0\",\n \"jmespath\": \"^0.16.0\",\n \"open\": \"^10.1.0\",\n \"ora\": \"^8.1.1\",\n \"picocolors\": \"^1.1.1\",\n \"yaml\": \"^2.6.1\"\n },\n \"devDependencies\": {\n \"@biomejs/biome\": \"^1.9.4\",\n \"@types/jmespath\": \"^0.15.2\",\n \"@types/node\": \"^20.17.6\",\n \"husky\": \"^9.1.7\",\n \"openapi-types\": \"^12.1.3\",\n \"tsup\": \"^8.3.5\",\n \"tsx\": \"^4.19.2\",\n \"typescript\": \"^5.7.2\",\n \"vitest\": \"^3.2.6\"\n }\n}\n","import pkg from \"../package.json\" with { type: \"json\" };\n\n/\n Build-time-ish constants. CLI_VERSION is derived from package.json — the\n * single source of truth that release-please bumps on release. esbuild inlines\n * this JSON import at build time, so the published binary carries the version\n * with no runtime file read. Never hand-edit a version here.\n /\nexport const CLI_VERSION = pkg.version;\n\nexport const USER_AGENT = `propper-cli/${CLI_VERSION}`;\n\nexport const DEFAULT_API_BASE_URL = \"https://api.propper.ai\";\nexport const DEFAULT_AUTH_BASE_URL = \"https://auth.propper.ai\";\n\n/\n Fixed public OAuth client_id for the browser PKCE Authorization Code flow\n * (and the refresh-token grant derived from it).\n \n This is immutable: it is the CLI's own public app identity, not a user\n * setting. It is never read from a flag, env var, or profile. (It must allow the\n * loopback redirect `http://127.0.0.1:<port>/callback`; replace this placeholder\n * with the official public CLI client_id once Propper registers one.)\n \n The user-configurable `client_id` (`--client-id` / `PROPPER_CLIENT_ID` /\n * `propper configure`) is a separate machine-to-machine (client-credentials)\n * client and is unrelated to this constant.\n /\nexport const OAUTH_CLIENT_ID = \"propper-cli\";\n\nexport const DEFAULT_PROFILE = \"default\";\nexport const DEFAULT_OUTPUT = \"json\";\n\nexport const ENV = {\n token: \"PROPPER_API_TOKEN\",\n profile: \"PROPPER_PROFILE\",\n apiBaseUrl: \"PROPPER_BASE_URL\",\n authBaseUrl: \"PROPPER_AUTH_BASE_URL\",\n /* Client-credentials (M2M) client id. /\n clientId: \"PROPPER_CLIENT_ID\",\n clientSecret: \"PROPPER_CLIENT_SECRET\",\n configDir: \"PROPPER_CONFIG_DIR\",\n} as const;\n","import { createHash, randomBytes } from \"node:crypto\";\n\nexport interface PkcePair {\n verifier: string;\n challenge: string;\n method: \"S256\";\n}\n\nexport interface Endpoints {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n introspection_endpoint: string;\n revocation_endpoint: string;\n}\n\nexport interface TokenResponse {\n access_token: string;\n token_type?: string;\n expires_in?: number;\n refresh_token?: string;\n scope?: string;\n id_token?: string;\n}\n\nexport interface UserInfo {\n sub?: string;\n email?: string;\n name?: string;\n preferred_username?: string;\n roles?: string[];\n org?: string;\n scope?: string;\n [key: string]: unknown;\n}\n\nexport interface IntrospectionResult {\n active: boolean;\n scope?: string;\n client_id?: string;\n sub?: string;\n exp?: number;\n [key: string]: unknown;\n}\n\nfunction base64url(buf: Buffer): string {\n return buf.toString(\"base64\").replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n\n/* Generate a PKCE verifier/challenge pair (RFC 7636, S256). /\nexport function generatePkce(): PkcePair {\n const verifier = base64url(randomBytes(32));\n const challenge = base64url(createHash(\"sha256\").update(verifier).digest());\n return { verifier, challenge, method: \"S256\" };\n}\n\n/* Conventional `/oauth2/` endpoints used when discovery is unavailable. /\nexport function fallbackEndpoints(authBaseUrl: string): Endpoints {\n const base = authBaseUrl.replace(/\\/$/, \"\");\n return {\n authorization_endpoint: `${base}/oauth2/authorize`,\n token_endpoint: `${base}/oauth2/token`,\n userinfo_endpoint: `${base}/oauth2/userinfo`,\n introspection_endpoint: `${base}/oauth2/introspect`,\n revocation_endpoint: `${base}/oauth2/revoke`,\n };\n}\n\n/** Fetch OIDC discovery doc, falling back to conventional endpoints on failure. /\nexport async function discover(\n authBaseUrl: string,\n fetchFn: typeof fetch = fetch,\n): Promise<Endpoints> {\n const base = authBaseUrl.replace(/\\/$/, \"\");\n const fallback = fallbackEndpoints(base);\n try {\n const res = await fetchFn(`${base}/.well-known/openid-configuration`);\n if (!res.ok) return fallback;\n const doc = (await res.json()) as Partial<Endpoints>;\n return {\n authorization_endpoint: doc.authorization_endpoint ?? fallback.authorization_endpoint,\n token_endpoint: doc.token_endpoint ?? fallback.token_endpoint,\n userinfo_endpoint: doc.userinfo_endpoint ?? fallback.userinfo_endpoint,\n introspection_endpoint: doc.introspection_endpoint ?? fallback.introspection_endpoint,\n revocation_endpoint: doc.revocation_endpoint ?? fallback.revocation_endpoint,\n };\n } catch {\n return fallback;\n }\n}\n\nasync function postForm(\n url: string,\n form: Record<string, string \| undefined>,\n fetchFn: typeof fetch,\n): Promise<Response> {\n const body = new URLSearchParams();\n for (const [k, v] of Object.entries(form)) if (v !== undefined) body.set(k, v);\n return fetchFn(url, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\", accept: \"application/json\" },\n body,\n });\n}\n\nasync function tokenCall(res: Response): Promise<TokenResponse> {\n const text = await res.text();\n if (!res.ok) {\n throw new Error(`Token request failed (${res.status}): ${text.slice(0, 300)}`);\n }\n return JSON.parse(text) as TokenResponse;\n}\n\nexport function buildAuthorizeUrl(opts: {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n scope: string;\n state: string;\n codeChallenge: string;\n}): string {\n const url = new URL(opts.authorizationEndpoint);\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"client_id\", opts.clientId);\n url.searchParams.set(\"redirect_uri\", opts.redirectUri);\n url.searchParams.set(\"scope\", opts.scope);\n url.searchParams.set(\"state\", opts.state);\n url.searchParams.set(\"code_challenge\", opts.codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n return url.toString();\n}\n\nexport function exchangeCode(\n opts: {\n tokenEndpoint: string;\n code: string;\n redirectUri: string;\n clientId: string;\n codeVerifier: string;\n clientSecret?: string;\n },\n fetchFn: typeof fetch = fetch,\n): Promise<TokenResponse> {\n return postForm(\n opts.tokenEndpoint,\n {\n grant_type: \"authorization_code\",\n code: opts.code,\n redirect_uri: opts.redirectUri,\n client_id: opts.clientId,\n code_verifier: opts.codeVerifier,\n client_secret: opts.clientSecret,\n },\n fetchFn,\n ).then(tokenCall);\n}\n\nexport function refresh(\n opts: { tokenEndpoint: string; refreshToken: string; clientId: string; clientSecret?: string },\n fetchFn: typeof fetch = fetch,\n): Promise<TokenResponse> {\n return postForm(\n opts.tokenEndpoint,\n {\n grant_type: \"refresh_token\",\n refresh_token: opts.refreshToken,\n client_id: opts.clientId,\n client_secret: opts.clientSecret,\n },\n fetchFn,\n ).then(tokenCall);\n}\n\nexport function clientCredentials(\n opts: { tokenEndpoint: string; clientId: string; clientSecret: string; scope?: string },\n fetchFn: typeof fetch = fetch,\n): Promise<TokenResponse> {\n return postForm(\n opts.tokenEndpoint,\n {\n grant_type: \"client_credentials\",\n client_id: opts.clientId,\n client_secret: opts.clientSecret,\n scope: opts.scope,\n },\n fetchFn,\n ).then(tokenCall);\n}\n\nexport async function revoke(\n opts: { revocationEndpoint: string; token: string; clientId: string; clientSecret?: string },\n fetchFn: typeof fetch = fetch,\n): Promise<void> {\n await postForm(\n opts.revocationEndpoint,\n { token: opts.token, client_id: opts.clientId, client_secret: opts.clientSecret },\n fetchFn,\n );\n}\n\nexport async function userinfo(\n opts: { userinfoEndpoint: string; accessToken: string },\n fetchFn: typeof fetch = fetch,\n): Promise<UserInfo> {\n const res = await fetchFn(opts.userinfoEndpoint, {\n headers: { authorization: `Bearer ${opts.accessToken}`, accept: \"application/json\" },\n });\n if (!res.ok) throw new Error(`userinfo failed (${res.status})`);\n return (await res.json()) as UserInfo;\n}\n\nexport async function introspect(\n opts: {\n introspectionEndpoint: string;\n token: string;\n clientId: string;\n clientSecret?: string;\n },\n fetchFn: typeof fetch = fetch,\n): Promise<IntrospectionResult> {\n const res = await postForm(\n opts.introspectionEndpoint,\n { token: opts.token, client_id: opts.clientId, client_secret: opts.clientSecret },\n fetchFn,\n );\n if (!res.ok) return { active: false };\n return (await res.json()) as IntrospectionResult;\n}\n","import { chmodSync, readFileSync, writeFileSync } from \"node:fs\";\nimport { credentialsFile } from \"../config/paths.js\";\nimport { ensureDirFor } from \"../config/store.js\";\n\nexport interface Credentials {\n /* Absent for secret-only entries written before the first grant. /\n access_token?: string;\n refresh_token?: string;\n /* Epoch milliseconds at which the access token expires. /\n expires_at?: number;\n scope?: string;\n /* Stored only for client-credentials profiles (CI). /\n client_secret?: string;\n}\n\ntype CredentialsFile = Record<string, Credentials>;\n\nfunction readAll(): CredentialsFile {\n try {\n return JSON.parse(readFileSync(credentialsFile(), \"utf8\")) as CredentialsFile;\n } catch {\n return {};\n }\n}\n\nfunction writeAll(all: CredentialsFile): void {\n const file = credentialsFile();\n ensureDirFor(file);\n // 0o600: readable/writable by owner only — these are bearer secrets.\n writeFileSync(file, `${JSON.stringify(all, null, 2)}\\n`, { mode: 0o600 });\n // Node only honors `mode` on creation; enforce it on every rewrite too.\n chmodSync(file, 0o600);\n}\n\nexport function readCredentials(profile: string): Credentials \| undefined {\n return readAll()[profile];\n}\n\nexport function writeCredentials(profile: string, creds: Credentials): void {\n const all = readAll();\n all[profile] = creds;\n writeAll(all);\n}\n\nexport function clearCredentials(profile: string): void {\n const all = readAll();\n delete all[profile];\n writeAll(all);\n}\n\n/* True when the access token is expired (or within `skewSec` of expiring). /\nexport function isExpired(creds: Credentials, skewSec = 60, now = Date.now()): boolean {\n if (!creds.expires_at) return false;\n return now >= creds.expires_at - skewSec 1000;\n}\n\n/** Convert an OAuth `expires_in` (seconds) to an absolute epoch-ms deadline. /\nexport function expiresAtFrom(expiresIn: number \| undefined, now = Date.now()): number \| undefined {\n return typeof expiresIn === \"number\" ? now + expiresIn 1000 : undefined;\n}\n","import { homedir } from \"node:os\";\nimport { join } from \"node:path\";\nimport { ENV } from \"../constants.js\";\n\n/** Root config directory: $PROPPER_CONFIG_DIR or ~/.propper. /\nexport function configDir(): string {\n return process.env[ENV.configDir] \|\| join(homedir(), \".propper\");\n}\n\nexport function configFile(): string {\n return join(configDir(), \"config.json\");\n}\n\nexport function credentialsFile(): string {\n return join(configDir(), \"credentials.json\");\n}\n","import { mkdirSync, readFileSync, writeFileSync } from \"node:fs\";\nimport { dirname } from \"node:path\";\nimport { configDir, configFile } from \"./paths.js\";\n\nexport interface ProfileConfig {\n api_base_url?: string;\n auth_base_url?: string;\n /* Client-credentials (M2M) client id. The OAuth login client is a constant. /\n client_id?: string;\n output?: string;\n}\n\nexport interface Config {\n default_profile?: string;\n profiles: Record<string, ProfileConfig>;\n}\n\n/* Non-secret profile keys settable via `configure set`. /\nexport const PROFILE_KEYS = [\"api_base_url\", \"auth_base_url\", \"client_id\", \"output\"] as const;\nexport type ProfileKey = (typeof PROFILE_KEYS)[number];\n\nexport function loadConfig(): Config {\n try {\n const raw = readFileSync(configFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<Config>;\n return { default_profile: parsed.default_profile, profiles: parsed.profiles ?? {} };\n } catch {\n return { profiles: {} };\n }\n}\n\nexport function saveConfig(config: Config): void {\n mkdirSync(configDir(), { recursive: true, mode: 0o700 });\n writeFileSync(configFile(), `${JSON.stringify(config, null, 2)}\\n`, { mode: 0o644 });\n}\n\nexport function getProfile(name: string): ProfileConfig {\n return loadConfig().profiles[name] ?? {};\n}\n\nexport function listProfiles(): string[] {\n return Object.keys(loadConfig().profiles).sort();\n}\n\nexport function setProfileValue(name: string, key: ProfileKey, value: string): void {\n const config = loadConfig();\n const profile = config.profiles[name] ?? {};\n profile[key] = value;\n config.profiles[name] = profile;\n if (!config.default_profile) config.default_profile = name;\n saveConfig(config);\n}\n\nexport function setDefaultProfile(name: string): void {\n const config = loadConfig();\n config.default_profile = name;\n if (!config.profiles[name]) config.profiles[name] = {};\n saveConfig(config);\n}\n\n/* Ensure parent dir exists for an arbitrary file under the config dir. /\nexport function ensureDirFor(filePath: string): void {\n mkdirSync(dirname(filePath), { recursive: true, mode: 0o700 });\n}\n","import { ENV, OAUTH_CLIENT_ID } from \"../constants.js\";\nimport { AuthError } from \"../http/errors.js\";\nimport {\n clientCredentials as defaultClientCredentials,\n discover as defaultDiscover,\n refresh as defaultRefresh,\n} from \"./oidc.js\";\nimport {\n type Credentials,\n readCredentials as defaultReadCredentials,\n writeCredentials as defaultWriteCredentials,\n expiresAtFrom,\n isExpired,\n} from \"./token-store.js\";\n\nexport interface ResolveDeps {\n readCredentials: (profile: string) => Credentials \| undefined;\n writeCredentials: (profile: string, creds: Credentials) => void;\n discover: typeof defaultDiscover;\n refresh: typeof defaultRefresh;\n clientCredentials: typeof defaultClientCredentials;\n}\n\nexport interface ResolveContext {\n /* Token passed explicitly via --token. Highest precedence. /\n explicitToken?: string;\n profile: string;\n authBaseUrl: string;\n /* Client-credentials (M2M) client id. The OAuth login client is a constant. /\n clientId?: string;\n clientSecret?: string;\n scope?: string;\n env?: NodeJS.ProcessEnv;\n fetchFn?: typeof fetch;\n deps?: Partial<ResolveDeps>;\n}\n\nexport type Provider = (ctx: ResolveContext, deps: ResolveDeps) => Promise<string \| null>;\n\nconst defaultDeps: ResolveDeps = {\n readCredentials: defaultReadCredentials,\n writeCredentials: defaultWriteCredentials,\n discover: defaultDiscover,\n refresh: defaultRefresh,\n clientCredentials: defaultClientCredentials,\n};\n\n/* 1. Explicit --token flag. /\nconst explicitProvider: Provider = async (ctx) => ctx.explicitToken ?? null;\n\n/* 2. PROPPER_API_TOKEN environment variable. /\nconst envProvider: Provider = async (ctx) => (ctx.env ?? process.env)[ENV.token] ?? null;\n\n/* 3. Stored OAuth tokens for the active profile, auto-refreshed when expired. /\nconst storedProvider: Provider = async (ctx, deps) => {\n const creds = deps.readCredentials(ctx.profile);\n if (!creds?.access_token) return null;\n if (!isExpired(creds)) return creds.access_token;\n if (!creds.refresh_token) return null;\n try {\n const endpoints = await deps.discover(ctx.authBaseUrl, ctx.fetchFn);\n // Refresh tokens only come from the PKCE browser login (the public OAuth\n // client); client-credentials grants don't issue them.\n const tok = await deps.refresh(\n {\n tokenEndpoint: endpoints.token_endpoint,\n refreshToken: creds.refresh_token,\n clientId: OAUTH_CLIENT_ID,\n },\n ctx.fetchFn,\n );\n const updated: Credentials = {\n access_token: tok.access_token,\n refresh_token: tok.refresh_token ?? creds.refresh_token,\n expires_at: expiresAtFrom(tok.expires_in),\n scope: tok.scope ?? creds.scope,\n client_secret: creds.client_secret,\n };\n deps.writeCredentials(ctx.profile, updated);\n return tok.access_token;\n } catch {\n return null;\n }\n};\n\n/* 4. Client-credentials grant (CI / service accounts), token cached. /\nconst clientCredentialsProvider: Provider = async (ctx, deps) => {\n if (!ctx.clientSecret \|\| !ctx.clientId) return null;\n const endpoints = await deps.discover(ctx.authBaseUrl, ctx.fetchFn);\n const tok = await deps.clientCredentials(\n {\n tokenEndpoint: endpoints.token_endpoint,\n clientId: ctx.clientId,\n clientSecret: ctx.clientSecret,\n scope: ctx.scope,\n },\n ctx.fetchFn,\n );\n deps.writeCredentials(ctx.profile, {\n access_token: tok.access_token,\n expires_at: expiresAtFrom(tok.expires_in),\n scope: tok.scope,\n client_secret: ctx.clientSecret,\n });\n return tok.access_token;\n};\n\n/* Ordered credential chain (AWS-style: first match wins). /\nexport const PROVIDERS: Provider[] = [\n explicitProvider,\n envProvider,\n storedProvider,\n clientCredentialsProvider,\n];\n\n/* Resolve a bearer token from the credential chain, or throw AuthError. /\nexport async function resolveToken(ctx: ResolveContext): Promise<string> {\n const deps = { ...defaultDeps, ...ctx.deps };\n for (const provider of PROVIDERS) {\n const token = await provider(ctx, deps);\n if (token) return token;\n }\n throw new AuthError(\n \"Not authenticated. Run `propper auth login`, or set PROPPER_API_TOKEN / client credentials.\",\n );\n}\n","import { resolveToken as defaultResolveToken } from \"../../auth/chain.js\";\nimport {\n clientCredentials as defaultClientCredentials,\n discover as defaultDiscover,\n exchangeCode as defaultExchangeCode,\n introspect as defaultIntrospect,\n revoke as defaultRevoke,\n userinfo as defaultUserinfo,\n} from \"../../auth/oidc.js\";\nimport {\n clearCredentials as defaultClearCredentials,\n readCredentials as defaultReadCredentials,\n writeCredentials as defaultWriteCredentials,\n} from \"../../auth/token-store.js\";\n\n/* Injectable seam for the auth commands (overridden in tests). /\nexport interface AuthDeps {\n resolveToken: typeof defaultResolveToken;\n discover: typeof defaultDiscover;\n exchangeCode: typeof defaultExchangeCode;\n clientCredentials: typeof defaultClientCredentials;\n revoke: typeof defaultRevoke;\n userinfo: typeof defaultUserinfo;\n introspect: typeof defaultIntrospect;\n readCredentials: typeof defaultReadCredentials;\n writeCredentials: typeof defaultWriteCredentials;\n clearCredentials: typeof defaultClearCredentials;\n /* Open a URL in the user's browser (loopback PKCE flow). /\n openBrowser: (url: string) => Promise<unknown>;\n}\n\nexport const defaultAuthDeps: AuthDeps = {\n resolveToken: defaultResolveToken,\n discover: defaultDiscover,\n exchangeCode: defaultExchangeCode,\n clientCredentials: defaultClientCredentials,\n revoke: defaultRevoke,\n userinfo: defaultUserinfo,\n introspect: defaultIntrospect,\n readCredentials: defaultReadCredentials,\n writeCredentials: defaultWriteCredentials,\n clearCredentials: defaultClearCredentials,\n openBrowser: async (url: string) => {\n const { default: open } = await import(\"open\");\n return open(url);\n },\n};\n","import type { CliContext } from \"../../runtime/options.js\";\nimport { type AuthDeps, defaultAuthDeps } from \"./deps.js\";\n\n/* The active profile's auth material, as dumped by `propper auth export`. /\nexport interface AuthExport {\n profile: string;\n api_base_url: string;\n auth_base_url: string;\n client_id?: string;\n client_secret?: string;\n access_token?: string;\n refresh_token?: string;\n /* ISO-8601 expiry of the stored access token, when known. /\n token_expires_at?: string;\n scope?: string;\n}\n\n/* Reveal first/last 4 of a secret; fully mask anything short enough to expose. /\nfunction mask(value: string): string {\n return value.length > 8 ? `${value.slice(0, 4)}…${value.slice(-4)}` : \"*\";\n}\n\n/\n * Export the active profile's stored credentials. Sensitive fields — the JWT\n * access/refresh tokens, the client-credentials client id, and the client\n * secret — are masked unless `opts.unmasked` is set. Reads only what is on\n * disk (plus flag/env overrides), so it never hits the network and is safe\n * when nothing is stored.\n /\nexport function authExport(\n ctx: CliContext,\n opts: { unmasked?: boolean } = {},\n deps: AuthDeps = defaultAuthDeps,\n): AuthExport {\n const creds = deps.readCredentials(ctx.profile) ?? {};\n const reveal = opts.unmasked === true;\n const secret = (value: string \| undefined): string \| undefined =>\n value === undefined ? undefined : reveal ? value : mask(value);\n\n return {\n profile: ctx.profile,\n api_base_url: ctx.apiBaseUrl,\n auth_base_url: ctx.authBaseUrl,\n client_id: secret(ctx.clientId),\n client_secret: secret(ctx.clientSecret ?? creds.client_secret),\n access_token: secret(ctx.explicitToken ?? creds.access_token),\n refresh_token: secret(creds.refresh_token),\n token_expires_at:\n typeof creds.expires_at === \"number\" ? new Date(creds.expires_at).toISOString() : undefined,\n scope: creds.scope,\n };\n}\n","import { randomBytes } from \"node:crypto\";\nimport { type Server, createServer } from \"node:http\";\nimport { buildAuthorizeUrl, generatePkce } from \"../../auth/oidc.js\";\nimport { type Credentials, expiresAtFrom } from \"../../auth/token-store.js\";\nimport { setProfileValue } from \"../../config/store.js\";\nimport { OAUTH_CLIENT_ID } from \"../../constants.js\";\nimport { UsageError } from \"../../http/errors.js\";\nimport type { CliContext } from \"../../runtime/options.js\";\nimport { type AuthDeps, defaultAuthDeps } from \"./deps.js\";\n\n/\n Default scopes requested at login. Mirrors the full `allowedScopes` of the\n * `propper-cli` OAuth client (see core/db/prisma/seed-data/common/oauth-clients.yaml).\n * `allowedScopes` is the ceiling the auth server intersects against — requesting\n * the whole set here means a fresh `propper auth login` can call every product\n * API (sign/click/docgen/locker) without re-authenticating with `--scope`.\n * Override with `--scope` / `--scopes` to request a narrower set.\n /\nexport const DEFAULT_SCOPE = [\n \"openid\",\n \"email\",\n \"profile\",\n \"offline_access\",\n \"sign:read\",\n \"sign:write\",\n \"click:read\",\n \"click:write\",\n \"docgen:read\",\n \"docgen:write\",\n \"locker:read\",\n \"locker:write\",\n \"org:read\",\n].join(\" \");\nconst PKCE_TIMEOUT_MS = 120_000;\n\n/* Persist the resolved endpoints (+ M2M client id, if any) for a self-contained profile. /\nfunction rememberProfile(ctx: CliContext): void {\n if (ctx.clientId) setProfileValue(ctx.profile, \"client_id\", ctx.clientId);\n setProfileValue(ctx.profile, \"auth_base_url\", ctx.authBaseUrl);\n setProfileValue(ctx.profile, \"api_base_url\", ctx.apiBaseUrl);\n}\n\n/* Paste-a-token login (fallback / CI). /\nexport function loginWithToken(\n ctx: CliContext,\n token: string,\n deps: AuthDeps = defaultAuthDeps,\n): Credentials {\n const creds: Credentials = { access_token: token };\n deps.writeCredentials(ctx.profile, creds);\n rememberProfile(ctx);\n return creds;\n}\n\n/* Client-credentials login (headless / service accounts). /\nexport async function loginClientCredentials(\n ctx: CliContext,\n clientSecret: string,\n scope = DEFAULT_SCOPE,\n deps: AuthDeps = defaultAuthDeps,\n): Promise<Credentials> {\n if (!ctx.clientId) {\n throw new UsageError(\n \"No client id configured. Set one via --client-id, PROPPER_CLIENT_ID, or `propper configure`.\",\n );\n }\n const endpoints = await deps.discover(ctx.authBaseUrl);\n const tok = await deps.clientCredentials({\n tokenEndpoint: endpoints.token_endpoint,\n clientId: ctx.clientId,\n clientSecret,\n scope,\n });\n const creds: Credentials = {\n access_token: tok.access_token,\n expires_at: expiresAtFrom(tok.expires_in),\n scope: tok.scope,\n client_secret: clientSecret,\n };\n deps.writeCredentials(ctx.profile, creds);\n rememberProfile(ctx);\n return creds;\n}\n\ninterface CallbackResult {\n code: string;\n state: string;\n}\n\n/* Wait for the OAuth redirect on a loopback server; resolve with the code. /\nfunction awaitCallback(server: Server, expectedState: string): Promise<CallbackResult> {\n return new Promise<CallbackResult>((resolve, reject) => {\n const timer = setTimeout(() => {\n server.close();\n reject(new Error(\"Timed out waiting for the browser callback.\"));\n }, PKCE_TIMEOUT_MS);\n\n server.on(\"request\", (req, res) => {\n const url = new URL(req.url ?? \"/\", \"http://127.0.0.1\");\n if (url.pathname !== \"/callback\") {\n res.writeHead(404).end();\n return;\n }\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n const error = url.searchParams.get(\"error\");\n res.writeHead(200, { \"content-type\": \"text/html\" });\n res.end(\n error\n ? `<h1>Login failed</h1><p>${error}</p>`\n : \"<h1>Login complete</h1><p>You can close this tab and return to the terminal.</p>\",\n );\n clearTimeout(timer);\n server.close();\n if (error \|\| !code \|\| !state) {\n reject(new Error(`Authorization failed: ${error ?? \"missing code/state\"}`));\n } else if (state !== expectedState) {\n reject(new Error(\"State mismatch (possible CSRF); aborting.\"));\n } else {\n resolve({ code, state });\n }\n });\n });\n}\n\nexport interface PkceLoginResult {\n creds: Credentials;\n authorizeUrl: string;\n}\n\n/* Browser-based Authorization Code + PKCE login over a loopback redirect. /\nexport async function loginPkce(\n ctx: CliContext,\n scope = DEFAULT_SCOPE,\n deps: AuthDeps = defaultAuthDeps,\n): Promise<PkceLoginResult> {\n const endpoints = await deps.discover(ctx.authBaseUrl);\n const pkce = generatePkce();\n const state = randomBytes(16).toString(\"hex\");\n\n const server = createServer();\n await new Promise<void>((resolve) => server.listen(0, \"127.0.0.1\", resolve));\n const address = server.address();\n if (!address \|\| typeof address === \"string\") {\n server.close();\n throw new Error(\"Could not bind a loopback port for the OAuth callback.\");\n }\n const redirectUri = `http://127.0.0.1:${address.port}/callback`;\n\n const authorizeUrl = buildAuthorizeUrl({\n authorizationEndpoint: endpoints.authorization_endpoint,\n clientId: OAUTH_CLIENT_ID,\n redirectUri,\n scope,\n state,\n codeChallenge: pkce.challenge,\n });\n\n const callbackPromise = awaitCallback(server, state);\n await deps.openBrowser(authorizeUrl);\n const { code } = await callbackPromise;\n\n const tok = await deps.exchangeCode({\n tokenEndpoint: endpoints.token_endpoint,\n code,\n redirectUri,\n clientId: OAUTH_CLIENT_ID,\n codeVerifier: pkce.verifier,\n });\n\n const creds: Credentials = {\n access_token: tok.access_token,\n refresh_token: tok.refresh_token,\n expires_at: expiresAtFrom(tok.expires_in),\n scope: tok.scope,\n };\n deps.writeCredentials(ctx.profile, creds);\n rememberProfile(ctx);\n return { creds, authorizeUrl };\n}\n","import { OAUTH_CLIENT_ID } from \"../../constants.js\";\nimport type { CliContext } from \"../../runtime/options.js\";\nimport { type AuthDeps, defaultAuthDeps } from \"./deps.js\";\n\n/* Revoke stored tokens (best-effort) and clear local credentials. /\nexport async function logout(ctx: CliContext, deps: AuthDeps = defaultAuthDeps): Promise<boolean> {\n const creds = deps.readCredentials(ctx.profile);\n if (!creds) return false;\n\n if (creds.access_token) {\n try {\n const endpoints = await deps.discover(ctx.authBaseUrl);\n // A stored client secret means a client-credentials token (revoke with the\n // M2M client); otherwise it's a PKCE token (revoke with the public client).\n await deps.revoke({\n revocationEndpoint: endpoints.revocation_endpoint,\n token: creds.refresh_token ?? creds.access_token,\n clientId: creds.client_secret && ctx.clientId ? ctx.clientId : OAUTH_CLIENT_ID,\n clientSecret: creds.client_secret,\n });\n } catch {\n // Best-effort: a failed revoke still clears local credentials.\n }\n }\n\n deps.clearCredentials(ctx.profile);\n return true;\n}\n","import { ENV, OAUTH_CLIENT_ID } from \"../../constants.js\";\nimport { AuthError } from \"../../http/errors.js\";\nimport type { CliContext } from \"../../runtime/options.js\";\nimport { type AuthDeps, defaultAuthDeps } from \"./deps.js\";\n\n/\n Caller identity, modeled on `aws sts get-caller-identity`: on success it\n * describes who you are and which credentials are in use; when no credentials\n * resolve, `authStatus` throws (the command exits non-zero) rather than\n * returning an \"unauthenticated\" object.\n /\nexport interface AuthStatus {\n profile: string;\n /* Where the active credential came from: flag \| env \| profile \| client-credentials. /\n source: string;\n apiBaseUrl: string;\n authBaseUrl: string;\n tokenMasked: string;\n user?: { sub?: string; email?: string; name?: string; roles?: string[]; org?: string };\n scopes?: string[];\n /* ISO-8601 expiry of the active access token, when known. /\n tokenExpiresAt?: string;\n}\n\nfunction maskToken(token: string): string {\n return token.length > 12 ? `${token.slice(0, 4)}…${token.slice(-4)}` : \"*\";\n}\n\nfunction detectSource(ctx: CliContext, deps: AuthDeps): string {\n if (ctx.explicitToken) return \"flag\";\n if (ctx.env[ENV.token]) return \"env\";\n if (deps.readCredentials(ctx.profile)?.access_token) return \"profile\";\n if (ctx.clientSecret) return \"client-credentials\";\n return \"none\";\n}\n\nfunction toScopes(scope: string \| undefined): string[] \| undefined {\n if (!scope) return undefined;\n const parts = scope.split(/\\s+/).filter(Boolean);\n return parts.length ? parts : undefined;\n}\n\n/ Resolve the active token and enrich it with userinfo + introspection. /\nexport async function authStatus(\n ctx: CliContext,\n deps: AuthDeps = defaultAuthDeps,\n): Promise<AuthStatus> {\n let token: string;\n try {\n token = await deps.resolveToken({\n explicitToken: ctx.explicitToken,\n profile: ctx.profile,\n authBaseUrl: ctx.authBaseUrl,\n clientId: ctx.clientId,\n clientSecret: ctx.clientSecret,\n env: ctx.env,\n });\n } catch {\n throw new AuthError(\n `Not authenticated for profile \"${ctx.profile}\". Run \\`propper auth login\\` to sign in.`,\n );\n }\n\n const result: AuthStatus = {\n profile: ctx.profile,\n source: detectSource(ctx, deps),\n apiBaseUrl: ctx.apiBaseUrl,\n authBaseUrl: ctx.authBaseUrl,\n tokenMasked: maskToken(token),\n };\n\n // Prefer the expiry recorded at login; introspection can refine it below.\n let expiresAtMs = deps.readCredentials(ctx.profile)?.expires_at;\n\n const endpoints = await deps.discover(ctx.authBaseUrl);\n try {\n const info = await deps.userinfo({\n userinfoEndpoint: endpoints.userinfo_endpoint,\n accessToken: token,\n });\n result.user = {\n sub: info.sub,\n email: info.email,\n name: info.name,\n roles: info.roles,\n org: info.org,\n };\n result.scopes = toScopes(info.scope);\n } catch {\n // userinfo is best-effort.\n }\n try {\n const intro = await deps.introspect({\n introspectionEndpoint: endpoints.introspection_endpoint,\n token,\n // Authenticate the introspection call with whichever client minted the\n // token: the M2M client when there's a secret, else the public OAuth client.\n clientId: ctx.clientSecret && ctx.clientId ? ctx.clientId : OAUTH_CLIENT_ID,\n clientSecret: ctx.clientSecret,\n });\n // Only trust introspection when it reports the token active; an inactive or\n // unauthorized introspection response shouldn't contradict a working token.\n if (intro.active) {\n result.scopes = result.scopes ?? toScopes(intro.scope);\n if (typeof intro.exp === \"number\") expiresAtMs = expiresAtMs ?? intro.exp 1000;\n }\n } catch {\n // introspection is best-effort.\n }\n\n if (typeof expiresAtMs === \"number\") result.tokenExpiresAt = new Date(expiresAtMs).toISOString();\n return result;\n}\n","import { PROFILE_KEYS } from \"../config/store.js\";\nimport type { Manifest, OperationEntry } from \"../manifest/types.js\";\n\nexport const SUPPORTED_SHELLS = [\"bash\", \"zsh\", \"fish\"] as const;\nexport type Shell = (typeof SUPPORTED_SHELLS)[number];\n\nconst GLOBAL_FLAGS = [\n \"--profile\",\n \"--output\",\n \"--query\",\n \"--base-url\",\n \"--auth-base-url\",\n \"--client-id\",\n \"--token\",\n \"--no-color\",\n \"--quiet\",\n \"--debug\",\n \"--help\",\n];\n\nconst STATIC_GROUPS: Record<string, string[]> = {\n auth: [\"login\", \"logout\", \"status\", \"whoami\", \"export\"],\n configure: [\"set\", \"get\", \"list-profiles\"],\n completion: [...SUPPORTED_SHELLS],\n};\n\nfunction operationFlags(entry: OperationEntry): string[] {\n const flags = [\n ...entry.pathParams.map((p) => p.flag),\n ...entry.queryParams.map((p) => p.flag),\n ...entry.bodyFields.map((f) => f.flag),\n ];\n if (entry.hasBody) flags.push(\"--input-json\");\n if (entry.fileField) flags.push(\"--file\");\n if (entry.produces === \"binary\") flags.push(\"--output-file\");\n if (entry.queryParams.some((p) => p.name === \"page\")) flags.push(\"--all\");\n return flags;\n}\n\nfunction uniq(values: string[]): string[] {\n return [...new Set(values)].sort();\n}\n\nfunction candidatesAt(path: string[], manifest: Manifest): string[] {\n const apiNames = manifest.apis.map((a) => a.name);\n if (path.length === 0) return uniq([...apiNames, ...Object.keys(STATIC_GROUPS)]);\n\n const head = path[0] ?? \"\";\n if (head in STATIC_GROUPS) {\n if (path.length === 1) return STATIC_GROUPS[head] ?? [];\n // `configure get\|set <TAB>` completes the profile config keys.\n if (head === \"configure\" && path.length === 2 && (path[1] === \"get\" \|\| path[1] === \"set\")) {\n return uniq([...PROFILE_KEYS, \"client_secret\"]);\n }\n return [];\n }\n if (!apiNames.includes(head)) return [];\n\n if (path.length === 1) {\n return uniq(manifest.operations.filter((o) => o.api === head).map((o) => o.topic));\n }\n if (path.length === 2) {\n return uniq(\n manifest.operations\n .filter((o) => o.api === head && o.topic === path[1])\n .map((o) => o.command),\n );\n }\n const entry = manifest.operations.find(\n (o) => o.api === head && o.topic === path[1] && o.command === path[2],\n );\n return uniq([...(entry ? operationFlags(entry) : []), ...GLOBAL_FLAGS]);\n}\n\n/*\n Compute completion candidates for the NEXT position, given only the already\n * completed words (the word currently being typed is NOT included). The shell\n * filters the returned candidates by the current prefix itself — this avoids\n * re-suggesting an already-typed token (e.g. `propper sign <tab>` -> topics,\n * never `sign` again).\n /\nexport function completeArgs(completedWords: string[], manifest: Manifest): string[] {\n const path = completedWords.filter((w) => !w.startsWith(\"-\"));\n return candidatesAt(path, manifest);\n}\n\n/* Emit a shell completion script that delegates to `propper __complete`. /\nexport function completionScript(shell: Shell): string {\n if (shell === \"bash\") {\n return `# propper bash completion\n_propper_complete() {\n local cur completed candidates\n cur=\"\\${COMP_WORDS[COMP_CWORD]}\"\n completed=(\"\\${COMP_WORDS[@]:1:COMP_CWORD-1}\")\n candidates=\"$(propper __complete \"\\${completed[@]}\" 2>/dev/null)\"\n local IFS=$'\\\\n'\n COMPREPLY=( $(compgen -W \"\\${candidates}\" -- \"\\${cur}\") )\n}\ncomplete -F _propper_complete propper\n`;\n }\n if (shell === \"zsh\") {\n return `#compdef propper\n_propper() {\n local -a candidates\n candidates=(\"\\${(@f)$(propper __complete \\${words[2,CURRENT-1]} 2>/dev/null)}\")\n compadd -- $candidates\n}\ncompdef _propper propper\n`;\n }\n return `# propper fish completion\nfunction __propper_complete\n set -l tokens (commandline -opc)\n propper __complete $tokens[2..-1]\nend\ncomplete -c propper -f -a '(__propper_complete)'\n`;\n}\n","import { createInterface } from \"node:readline/promises\";\nimport { type Credentials, readCredentials, writeCredentials } from \"../../auth/token-store.js\";\nimport {\n PROFILE_KEYS,\n type ProfileKey,\n getProfile,\n listProfiles,\n loadConfig,\n setProfileValue,\n} from \"../../config/store.js\";\nimport { UsageError } from \"../../http/errors.js\";\nimport type { CliContext } from \"../../runtime/options.js\";\n\n/* Secret keys persisted in the chmod-600 credentials store, not config.json. /\nconst SECRET_KEYS = [\"client_secret\"] as const;\ntype SecretKey = (typeof SECRET_KEYS)[number];\n\nconst ALL_KEYS = [...PROFILE_KEYS, ...SECRET_KEYS];\n\n/\n Keys whose values are OAuth identifiers/secrets — opaque tokens that never\n * legitimately contain whitespace. Their values are stripped of all whitespace\n * (spaces, tabs, newlines, carriage returns) so a pasted value with a stray\n * trailing newline / wrapped line can't silently break auth.\n /\nconst CREDENTIAL_KEYS = new Set<string>([\"client_id\", \"client_secret\"]);\n\n/* Remove all whitespace (incl. newlines and carriage returns) from a credential. /\nexport function cleanCredential(value: string): string {\n return value.replace(/\\s+/g, \"\");\n}\n\n/\n Masked preview of a stored secret for the wizard's prompt default: enough of\n * the ends to be identifiable, with the middle elided (e.g. `super…ue123`).\n * Reveals first/last 5 for long secrets, degrades to first/last 3, and fully\n * masks anything short enough that a preview would expose most of it.\n /\nexport function maskSecret(secret: string): string {\n const n = secret.length;\n if (n >= 14) return `${secret.slice(0, 5)}…${secret.slice(-5)}`;\n if (n > 6) return `${secret.slice(0, 3)}…${secret.slice(-3)}`;\n return \"*\";\n}\n\nfunction isSecretKey(key: string): key is SecretKey {\n return (SECRET_KEYS as readonly string[]).includes(key);\n}\n\nfunction assertKey(key: string): asserts key is ProfileKey {\n if (!(PROFILE_KEYS as readonly string[]).includes(key)) {\n throw new UsageError(`Unknown config key \"${key}\". Valid keys: ${ALL_KEYS.join(\", \")}`);\n }\n}\n\n/ Merge a client secret into the profile's credentials entry (preserves tokens). /\nfunction writeClientSecret(profile: string, secret: string): void {\n const existing: Credentials = readCredentials(profile) ?? {};\n writeCredentials(profile, { ...existing, client_secret: cleanCredential(secret) });\n}\n\nexport function configureSet(profile: string, key: string, value: string): void {\n const v = CREDENTIAL_KEYS.has(key) ? cleanCredential(value) : value;\n if (isSecretKey(key)) {\n writeClientSecret(profile, v);\n return;\n }\n assertKey(key);\n setProfileValue(profile, key, v);\n}\n\nexport function configureGet(profile: string, key: string): string \| undefined {\n if (isSecretKey(key)) {\n return readCredentials(profile)?.client_secret;\n }\n assertKey(key);\n return getProfile(profile)[key];\n}\n\nexport interface ProfileSummary {\n profile: string;\n default: boolean;\n api_base_url?: string;\n auth_base_url?: string;\n client_id?: string;\n output?: string;\n}\n\n/* Profile records for `configure list-profiles` — tabular-friendly. /\nexport function configureListProfiles(): ProfileSummary[] {\n const { default_profile } = loadConfig();\n return listProfiles().map((profile) => {\n const p = getProfile(profile);\n return {\n profile,\n default: profile === default_profile,\n api_base_url: p.api_base_url,\n auth_base_url: p.auth_base_url,\n client_id: p.client_id,\n output: p.output,\n };\n });\n}\n\n/* Interactive `propper configure` wizard. Returns the keys that were written. /\nexport async function runConfigureWizard(\n ctx: CliContext,\n input: NodeJS.ReadableStream = process.stdin,\n output: NodeJS.WritableStream = process.stdout,\n): Promise<string[]> {\n const rl = createInterface({ input, output });\n const written: string[] = [];\n try {\n const ask = async (label: string, current: string \| undefined): Promise<string> => {\n const suffix = current ? ` [${current}]` : \"\";\n const answer = (await rl.question(`${label}${suffix}: `)).trim();\n return answer \|\| current \|\| \"\";\n };\n\n const current = getProfile(ctx.profile);\n const apiBaseUrl = await ask(\"API base URL\", current.api_base_url ?? ctx.apiBaseUrl);\n const authBaseUrl = await ask(\"Auth base URL\", current.auth_base_url ?? ctx.authBaseUrl);\n // The browser-login client is a fixed app constant; the only configurable\n // identity is the client-credentials (M2M) client id + secret.\n const clientId = cleanCredential(\n await ask(\"Client id (client-credentials / M2M)\", current.client_id ?? ctx.clientId),\n );\n\n // Secret: never echo the full stored value; show a masked preview (first/last\n // 3 chars) as the default if one exists.\n const existingSecret = readCredentials(ctx.profile)?.client_secret;\n const secretLabel = existingSecret\n ? `Client secret [${maskSecret(existingSecret)}]`\n : \"Client secret (optional, blank to skip)\";\n const secretAnswer = cleanCredential(await rl.question(`${secretLabel}: `));\n\n const token = (await rl.question(\"API token (optional, blank to skip): \")).trim();\n const out = await ask(\"Default output (json/table/yaml/text)\", current.output ?? ctx.output);\n\n for (const [key, value] of [\n [\"api_base_url\", apiBaseUrl],\n [\"auth_base_url\", authBaseUrl],\n [\"client_id\", clientId],\n [\"output\", out],\n ] as [ProfileKey, string][]) {\n if (value) {\n setProfileValue(ctx.profile, key, value);\n written.push(key);\n }\n }\n if (secretAnswer) {\n writeClientSecret(ctx.profile, secretAnswer);\n written.push(\"client_secret\");\n }\n if (token) {\n const existing: Credentials = readCredentials(ctx.profile) ?? {};\n writeCredentials(ctx.profile, { ...existing, access_token: token });\n written.push(\"token\");\n }\n return written;\n } finally {\n rl.close();\n }\n}\n","import { Buffer } from \"node:buffer\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\nimport { resolveToken as defaultResolveToken } from \"../auth/chain.js\";\nimport { callOperation } from \"../generated/client.js\";\nimport type { HttpResponse, OperationRequest, RequestContext } from \"../http/client.js\";\nimport { UsageError } from \"../http/errors.js\";\nimport { type BodyFieldSpec, type OperationEntry, camelCase } from \"../manifest/types.js\";\nimport { printResult } from \"../output/printer.js\";\nimport { type CliContext, makeRequestContext } from \"./options.js\";\n\n/* commander stores `--agreement-id` under the key `agreementId`. /\nexport function flagKey(flag: string): string {\n return camelCase(flag.replace(/^--/, \"\"));\n}\n\nexport interface DispatchDeps {\n resolveToken: typeof defaultResolveToken;\n call: (\n entry: OperationEntry,\n req: OperationRequest,\n ctx: RequestContext,\n ) => Promise<HttpResponse>;\n readFile: (path: string) => Buffer;\n writeFile: (path: string, data: Buffer) => void;\n stdout: NodeJS.WritableStream;\n}\n\nexport const defaultDispatchDeps: DispatchDeps = {\n resolveToken: defaultResolveToken,\n call: (entry, req, ctx) => callOperation(entry.api, entry.operationId, req, ctx),\n readFile: (path) => readFileSync(path),\n writeFile: (path, data) => writeFileSync(path, data),\n stdout: process.stdout,\n};\n\nfunction coerce(value: unknown, type: BodyFieldSpec[\"type\"]): unknown {\n if (type === \"boolean\") return value === true \|\| value === \"true\";\n if (type === \"number\" \|\| type === \"integer\") return Number(value);\n return String(value);\n}\n\nfunction readInputJson(raw: string, deps: DispatchDeps): Record<string, unknown> {\n const text =\n raw === \"-\"\n ? readFileSync(0, \"utf8\")\n : raw.startsWith(\"@\")\n ? deps.readFile(raw.slice(1)).toString(\"utf8\")\n : raw;\n try {\n return JSON.parse(text) as Record<string, unknown>;\n } catch (err) {\n throw new UsageError(`--input-json is not valid JSON: ${(err as Error).message}`);\n }\n}\n\nfunction buildRequest(\n entry: OperationEntry,\n flags: Record<string, unknown>,\n deps: DispatchDeps,\n): OperationRequest {\n const pathParams: Record<string, string> = {};\n for (const p of entry.pathParams) {\n const value = flags[flagKey(p.flag)];\n if (value === undefined \|\| value === \"\") {\n throw new UsageError(`Missing required option ${p.flag}`);\n }\n pathParams[p.name] = String(value);\n }\n\n const query: Record<string, string \| number \| boolean \| undefined> = {};\n for (const p of entry.queryParams) {\n const value = flags[flagKey(p.flag)];\n if (value !== undefined) query[p.name] = value as string \| number \| boolean;\n }\n\n let body: Record<string, unknown> \| undefined;\n if (entry.hasBody) {\n body = {};\n const inputJson = flags.inputJson;\n if (typeof inputJson === \"string\") Object.assign(body, readInputJson(inputJson, deps));\n for (const field of entry.bodyFields) {\n const value = flags[flagKey(field.flag)];\n if (value !== undefined) body[field.name] = coerce(value, field.type);\n }\n if (entry.fileField && typeof flags.file === \"string\") {\n body[entry.fileField] = deps.readFile(flags.file).toString(\"base64\");\n }\n if (Object.keys(body).length === 0) body = undefined;\n }\n\n return { pathParams, query, body };\n}\n\nfunction pageItems(data: unknown): unknown[] \| undefined {\n if (Array.isArray(data)) return data;\n if (data && typeof data === \"object\") {\n for (const key of [\"data\", \"items\", \"results\", \"agreements\", \"templates\", \"recipients\"]) {\n const value = (data as Record<string, unknown>)[key];\n if (Array.isArray(value)) return value;\n }\n }\n return undefined;\n}\n\nconst MAX_PAGES = 50;\n\n/* Execute one CLI operation: build request, resolve auth, call, render output. /\nexport async function dispatch(\n entry: OperationEntry,\n flags: Record<string, unknown>,\n ctx: CliContext,\n deps: DispatchDeps = defaultDispatchDeps,\n): Promise<void> {\n const token = await deps.resolveToken({\n explicitToken: ctx.explicitToken,\n profile: ctx.profile,\n authBaseUrl: ctx.authBaseUrl,\n clientId: ctx.clientId,\n clientSecret: ctx.clientSecret,\n env: ctx.env,\n });\n const reqCtx = makeRequestContext(ctx, token);\n const req = buildRequest(entry, flags, deps);\n\n // --all: auto-paginate list endpoints that accept a `page` query param.\n const canPaginate = entry.queryParams.some((p) => p.name === \"page\");\n if (flags.all && canPaginate && entry.produces === \"json\") {\n const collected: unknown[] = [];\n for (let page = 1; page <= MAX_PAGES; page++) {\n const res = await deps.call(entry, { ...req, query: { ...req.query, page } }, reqCtx);\n const items = pageItems(res.data);\n if (!items \|\| items.length === 0) break;\n collected.push(...items);\n const limit = Number(req.query?.limit ?? items.length);\n if (items.length < limit) break;\n }\n printResult(collected, { output: ctx.output, query: ctx.query }, deps.stdout);\n return;\n }\n\n const res = await deps.call(entry, req, reqCtx);\n\n if (entry.produces === \"binary\") {\n const bytes = res.bytes ?? Buffer.alloc(0);\n if (typeof flags.outputFile === \"string\") {\n deps.writeFile(flags.outputFile, bytes);\n deps.stdout.write(`Saved ${bytes.length} bytes to ${flags.outputFile}\\n`);\n } else {\n deps.stdout.write(bytes);\n }\n return;\n }\n\n printResult(res.data, { output: ctx.output, query: ctx.query }, deps.stdout);\n}\n","/\n Command-manifest contracts + the pure naming logic that turns OpenAPI\n * operations into CLI commands.\n \n The Propper specs do NOT declare `operationId`s, so command and topic names\n * are derived from the HTTP method + path (with a small override table for the\n * handful of cases where the generic rule produces an awkward name), and a\n * stable synthetic `operationId` is computed as `camel(topic) + Pascal(command)`.\n /\n\nexport type HttpMethod = \"GET\" \| \"POST\" \| \"PUT\" \| \"PATCH\" \| \"DELETE\";\n\nexport interface ParamSpec {\n /* Real name used to substitute into the path / as the query key. /\n name: string;\n in: \"path\" \| \"query\";\n /* CLI flag, e.g. \"--agreement-id\". /\n flag: string;\n required: boolean;\n description?: string;\n}\n\nexport interface BodyFieldSpec {\n name: string;\n flag: string;\n type: \"string\" \| \"number\" \| \"integer\" \| \"boolean\";\n required: boolean;\n description?: string;\n}\n\nexport interface OperationEntry {\n /* API namespace (CLI top-level group), e.g. \"sign\", \"docgen\", \"locker\". /\n api: string;\n operationId: string;\n topic: string;\n command: string;\n method: HttpMethod;\n path: string;\n summary?: string;\n description?: string;\n pathParams: ParamSpec[];\n queryParams: ParamSpec[];\n hasBody: boolean;\n bodyFields: BodyFieldSpec[];\n /* Body field (string) that `--file <path>` populates with base64 contents. /\n fileField?: string;\n produces: \"json\" \| \"binary\";\n consumes: \"json\" \| \"none\";\n}\n\nexport interface ApiInfo {\n /* CLI namespace, e.g. \"sign\". /\n name: string;\n /* OpenAPI info.title, e.g. \"Sign API\". /\n title: string;\n /* servers[0].url for this spec. /\n baseUrl: string;\n}\n\nexport interface Manifest {\n /* Manifest schema version (bumped when the shape changes). /\n version: string;\n /* Human label: spec titles this was generated from. /\n generatedFrom: string;\n /* Shared product API base URL (all current product specs use api.propper.ai). /\n apiBaseUrl: string;\n /* The APIs (top-level command groups) included in this manifest. /\n apis: ApiInfo[];\n operations: OperationEntry[];\n}\n\nexport const MANIFEST_VERSION = \"1\";\n\n/* \"agreementId\" -> \"agreement-id\"; \"download-url\" -> \"download-url\". /\nexport function kebabCase(input: string): string {\n return input\n .replace(/([a-z0-9])([A-Z])/g, \"$1-$2\")\n .replace(/[\\s_]+/g, \"-\")\n .replace(/-+/g, \"-\")\n .toLowerCase();\n}\n\nexport function camelCase(input: string): string {\n const parts = kebabCase(input).split(\"-\").filter(Boolean);\n return parts.map((p, i) => (i === 0 ? p : p.charAt(0).toUpperCase() + p.slice(1))).join(\"\");\n}\n\nexport function pascalCase(input: string): string {\n const c = camelCase(input);\n return c ? c.charAt(0).toUpperCase() + c.slice(1) : c;\n}\n\n/* CLI flag for a parameter name, e.g. \"agreementId\" -> \"--agreement-id\". /\nexport function paramFlag(name: string): string {\n return `--${kebabCase(name)}`;\n}\n\n/* Stable synthetic operationId from a (topic, command) pair. /\nexport function synthOperationId(topic: string, command: string): string {\n return camelCase(topic) + pascalCase(command);\n}\n\n/\n Overrides keyed by `\"<METHOD> <path>\"` for operations where the generic rule\n * would produce an awkward command name.\n /\nexport const COMMAND_OVERRIDES: Record<string, string> = {\n \"POST /v1/sign/agreements/{id}/recipients\": \"add\",\n \"PUT /v1/sign/agreements/{id}/annotations\": \"set-annotations\",\n \"POST /v1/sign/agreements/{agreementId}/documents\": \"upload\",\n \"GET /v1/sign/agreements/{agreementId}/documents/{documentId}/content\": \"download\",\n \"GET /v1/sign/agreements/{agreementId}/audit\": \"trail\",\n \"GET /v1/sign/agreements/{agreementId}/audit/pdf\": \"certificate\",\n};\n\n/* Topic name (CLI noun) from an OpenAPI tag, e.g. \"Agreements\" -> \"agreements\". /\nexport function deriveTopic(tag: string): string {\n return kebabCase(tag);\n}\n\n/\n Derive the command (verb) for an operation from its method + path.\n * Honors COMMAND_OVERRIDES first, then applies generic REST conventions.\n /\nexport function deriveCommand(\n method: HttpMethod,\n path: string,\n topic: string,\n overrides: Record<string, string> = COMMAND_OVERRIDES,\n): string {\n const override = overrides[`${method} ${path}`];\n if (override) return override;\n\n const segs = path.split(\"/\").filter(Boolean);\n const last = segs[segs.length - 1] ?? \"\";\n const lastIsParam = last.startsWith(\"{\");\n\n if (lastIsParam) {\n switch (method) {\n case \"GET\":\n return \"get\";\n case \"PUT\":\n case \"PATCH\":\n return \"update\";\n case \"DELETE\":\n return \"delete\";\n default:\n return \"create\";\n }\n }\n\n // Collection endpoint (last segment is the topic noun itself).\n if (last === topic) {\n if (method === \"GET\") return \"list\";\n if (method === \"POST\") return \"create\";\n return method.toLowerCase();\n }\n\n // Action / sub-resource literal, e.g. \"send\", \"void\", \"export\", \"download-url\".\n return kebabCase(last);\n}\n","import { readCredentials } from \"../auth/token-store.js\";\nimport { getProfile, loadConfig } from \"../config/store.js\";\nimport {\n DEFAULT_API_BASE_URL,\n DEFAULT_AUTH_BASE_URL,\n DEFAULT_OUTPUT,\n DEFAULT_PROFILE,\n ENV,\n USER_AGENT,\n} from \"../constants.js\";\nimport { manifest } from \"../generated/client.js\";\nimport type { RequestContext } from \"../http/client.js\";\n\n/* Global flags parsed by commander (kebab flags become camelCase keys). /\nexport interface GlobalOptions {\n profile?: string;\n output?: string;\n query?: string;\n baseUrl?: string;\n authBaseUrl?: string;\n /* --client-id: the client-credentials (M2M) client id. /\n clientId?: string;\n token?: string;\n color?: boolean; // commander sets `false` for --no-color\n quiet?: boolean;\n debug?: boolean;\n}\n\n/* Fully-resolved per-invocation context (flags > env > profile > defaults). /\nexport interface CliContext {\n profile: string;\n apiBaseUrl: string;\n authBaseUrl: string;\n /\n Client-credentials (M2M) client id, or undefined. The OAuth login client is\n * the immutable `OAUTH_CLIENT_ID` constant and is not part of the context.\n /\n clientId?: string;\n clientSecret?: string;\n output: string;\n query?: string;\n color: boolean;\n quiet: boolean;\n debug: boolean;\n explicitToken?: string;\n env: NodeJS.ProcessEnv;\n}\n\nexport function buildContext(\n globals: GlobalOptions,\n env: NodeJS.ProcessEnv = process.env,\n): CliContext {\n const profile =\n globals.profile \|\| env[ENV.profile] \|\| loadConfig().default_profile \|\| DEFAULT_PROFILE;\n const cfg = getProfile(profile);\n\n return {\n profile,\n apiBaseUrl:\n globals.baseUrl \|\|\n env[ENV.apiBaseUrl] \|\|\n cfg.api_base_url \|\|\n manifest.apiBaseUrl \|\|\n DEFAULT_API_BASE_URL,\n authBaseUrl:\n globals.authBaseUrl \|\| env[ENV.authBaseUrl] \|\| cfg.auth_base_url \|\| DEFAULT_AUTH_BASE_URL,\n // Client-credentials (M2M) client id: flag > env > profile. Optional.\n clientId: globals.clientId \|\| env[ENV.clientId] \|\| cfg.client_id \|\| undefined,\n clientSecret: env[ENV.clientSecret] \|\| readCredentials(profile)?.client_secret \|\| undefined,\n output: globals.output \|\| cfg.output \|\| DEFAULT_OUTPUT,\n query: globals.query,\n color: globals.color !== false && !env.NO_COLOR,\n quiet: Boolean(globals.quiet),\n debug: Boolean(globals.debug),\n explicitToken: globals.token,\n env,\n };\n}\n\n/* Build the http RequestContext for a resolved CliContext + token. */\nexport function makeRequestContext(ctx: CliContext, token: string): RequestContext {\n return {\n apiBaseUrl: ctx.apiBaseUrl,\n token,\n userAgent: USER_AGENT,\n debug: ctx.debug,\n };\n}\n"],"mappings":";;;;;;;;;;AACA,SAAS,sBAAsB;;;ACD/B,OAAO,SAAuB;AAC9B,OAAO,QAAQ;;;ACDf,OAAO,WAAW;AAClB,SAAS,aAAa,qBAAqB;AAIpC,IAAM,iBAAiC,CAAC,QAAQ,QAAQ,SAAS,MAAM;AAEvE,SAAS,eAAe,OAAsC;AACnE,SAAQ,eAA4B,SAAS,KAAK;AACpD;AAGA,IAAM,iBAAiB;AAGvB,SAAS,cAAc,OAAoD;AACzE,SACE,MAAM,QAAQ,KAAK,KACnB,MAAM,MAAM,CAAC,MAAM,MAAM,QAAQ,OAAO,MAAM,YAAY,CAAC,MAAM,QAAQ,CAAC,CAAC;AAE/E;AAGA,IAAM,kBAAkB,CAAC,QAAQ,SAAS,WAAW,WAAW,QAAQ,MAAM;AAW9E,SAAS,eAAe,MAAiD;AACvE,MAAI,cAAc,IAAI,EAAG,QAAO;AAChC,MAAI,SAAS,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,QAAQ,IAAI,GAAG;AACrE,UAAM,MAAM;AACZ,UAAM,YAAY,OAAO,KAAK,GAAG,EAAE,OAAO,CAAC,MAAM,cAAc,IAAI,CAAC,CAAC,CAAC;AACtE,UAAM,MACJ,UAAU,WAAW,IAAI,UAAU,CAAC,IAAI,gBAAgB,KAAK,CAAC,MAAM,UAAU,SAAS,CAAC,CAAC;AAC3F,QAAI,QAAQ,OAAW,QAAO,IAAI,GAAG;AAAA,EACvC;AACA,SAAO;AACT;AAEA,SAAS,QAAQ,OAAyB;AACxC,SACE,UAAU,QACV,UAAU,UACV,UAAU,MACT,MAAM,QAAQ,KAAK,KAAK,MAAM,WAAW;AAE9C;AAGA,SAAS,OAAO,OAAwB;AACtC,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO;AAClD,MAAI,OAAO,UAAU,SAAU,QAAO,KAAK,UAAU,KAAK;AAC1D,SAAO,OAAO,KAAK;AACrB;AAGA,SAAS,UAAU,OAAwB;AACzC,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO;AAClD,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,WAAW,IAAI,KAAK,GAAG,MAAM,MAAM,QAAQ,MAAM,WAAW,IAAI,KAAK,GAAG;AAAA,EACvF;AACA,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,QAAM,IAAI,OAAO,KAAK;AACtB,SAAO,EAAE,SAAS,iBAAiB,GAAG,EAAE,MAAM,GAAG,iBAAiB,CAAC,CAAC,WAAM;AAC5E;AAEA,SAAS,QAAQ,MAAyC;AACxD,QAAM,aAAa,CAAC,GAAG,IAAI,IAAI,KAAK,QAAQ,CAAC,QAAQ,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC;AAGvE,QAAM,WAAW,WAAW,OAAO,CAAC,MAAM,KAAK,KAAK,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;AAC9E,QAAM,UAAU,SAAS,SAAS,IAAI,WAAW;AACjD,QAAM,QAAQ,IAAI,MAAM,EAAE,MAAM,QAAQ,CAAC;AACzC,aAAW,OAAO,KAAM,OAAM,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC;AACxE,SAAO,MAAM,SAAS;AACxB;AAEA,SAAS,OAAO,MAAuB;AACrC,QAAM,OAAO,eAAe,IAAI;AAChC,MAAI,MAAM;AACR,UAAM,UAAU,CAAC,GAAG,IAAI,IAAI,KAAK,QAAQ,CAAC,QAAQ,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC;AACpE,WAAO,KAAK,IAAI,CAAC,QAAQ,QAAQ,IAAI,CAAC,MAAM,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,GAAI,CAAC,EAAE,KAAK,IAAI;AAAA,EACnF;AACA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,KAAK,IAAI,CAAC,SAAS,OAAO,IAAI,CAAC,EAAE,KAAK,IAAI;AAAA,EACnD;AACA,MAAI,SAAS,QAAQ,OAAO,SAAS,UAAU;AAC7C,WAAO,OAAO,QAAQ,IAA+B,EAClD,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,IAAK,OAAO,CAAC,CAAC,EAAE,EACpC,KAAK,IAAI;AAAA,EACd;AACA,SAAO,OAAO,IAAI;AACpB;AAGO,SAAS,aAAa,MAAe,QAA8B;AACxE,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,cAAc,IAAI,EAAE,QAAQ;AAAA,IACrC,KAAK,SAAS;AACZ,YAAM,OAAO,eAAe,IAAI;AAChC,UAAI,CAAC,KAAM,QAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAC9C,aAAO,KAAK,SAAS,IAAI,QAAQ,IAAI,IAAI;AAAA,IAC3C;AAAA,IACA,KAAK;AACH,aAAO,OAAO,IAAI;AAAA,IACpB;AACE,aAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAAA,EACvC;AACF;;;ACpHA,YAAY,cAAc;AAGnB,SAAS,WAAW,MAAe,YAA8B;AACtE,MAAI,CAAC,WAAY,QAAO;AACxB,SAAgB,gBAAO,MAAM,UAAU;AACzC;;;AFQA,IAAM,WAAW,CAAC,MAAc;AAEzB,SAAS,QAAQ,SAA2B;AACjD,MAAI,CAAC;AACH,WAAO,EAAE,KAAK,UAAU,OAAO,UAAU,QAAQ,UAAU,KAAK,UAAU,MAAM,SAAS;AAC3F,SAAO,EAAE,KAAK,GAAG,KAAK,OAAO,GAAG,OAAO,QAAQ,GAAG,QAAQ,KAAK,GAAG,KAAK,MAAM,GAAG,KAAK;AACvF;AAQO,SAAS,aAAa,MAAe,MAA6B;AACvE,QAAM,WAAW,WAAW,MAAM,KAAK,KAAK;AAC5C,QAAM,SAAuB,eAAe,KAAK,MAAM,IAAI,KAAK,SAAS;AACzE,SAAO,aAAa,UAAU,MAAM;AACtC;AAEO,SAAS,YACd,MACA,MACA,MAA6B,QAAQ,QAC/B;AACN,MAAI,MAAM,GAAG,aAAa,MAAM,IAAI,CAAC;AAAA,CAAI;AAC3C;AAEA,IAAM,cAAsC;AAAA,EAC1C,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AACP;AAEA,SAAS,OAAO,MAAc,MAAM,MAAc;AAChD,SAAO,KACJ,MAAM,IAAI,EACV,IAAI,CAAC,SAAS,GAAG,GAAG,GAAG,IAAI,EAAE,EAC7B,KAAK,IAAI;AACd;AAOA,SAAS,UAAU,MAAe,SAAsC;AACtE,MAAI,QAAQ,KAAM,QAAO;AACzB,MAAI,OAAO,SAAS,UAAU;AAC5B,UAAM,IAAI,KAAK,KAAK;AACpB,WAAO,KAAK,MAAM,UAAU,OAAO;AAAA,EACrC;AACA,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO,KAAK,SAAS,OAAO;AACrD,MAAI,OAAO,SAAS,UAAU;AAC5B,UAAM,OAAgC,EAAE,GAAI,KAAiC;AAC7E,eAAW,KAAK,CAAC,WAAW,SAAS,MAAM,GAAG;AAC5C,UAAI,OAAO,KAAK,CAAC,MAAM,SAAU,QAAO,KAAK,CAAC;AAAA,IAChD;AACA,WAAO,OAAO,KAAK,IAAI,EAAE,SAAS,OAAO;AAAA,EAC3C;AACA,SAAO;AACT;AAGO,SAAS,eAAe,KAAe,QAAyB;AACrE,QAAM,aAAa,YAAY,IAAI,MAAM;AACzC,QAAM,OAAO,IAAI,SACb,QAAQ,IAAI,MAAM,GAAG,aAAa,IAAI,UAAU,KAAK,EAAE,KACvD;AACJ,QAAM,QAAQ,IAAI,UAAU,IAAI,OAAO,OAAO,OAAO,KAAK,GAAG,IAAI,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC,KAAK;AAC3F,QAAM,QAAQ,CAAC,GAAG,OAAO,IAAI,OAAO,CAAC,KAAK,IAAI,GAAG,KAAK,EAAE;AAExD,QAAM,MAAM,IAAI,SAAS,KAAK,KAAK;AACnC,QAAM,UAAU,GAAG,IAAI,MAAM,IAAI,cAAc,EAAE,GAAG,KAAK;AACzD,MAAI,OAAO,QAAQ,WAAW,QAAQ,KAAM,OAAM,KAAK,KAAK,GAAG,EAAE;AAEjE,QAAM,UAAU,UAAU,IAAI,MAAM,GAAG;AACvC,MAAI,YAAY,QAAW;AACzB,UAAM,WAAW,OAAO,YAAY,WAAW,UAAU,KAAK,UAAU,SAAS,MAAM,CAAC;AACxF,UAAM,KAAK,OAAO,IAAI,OAAO,QAAQ,CAAC,CAAC;AAAA,EACzC;AACA,MAAI,IAAI,KAAM,OAAM,KAAK,OAAO,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;AAC1D,MAAI,IAAI,UAAW,OAAM,KAAK,OAAO,IAAI,iBAAiB,IAAI,SAAS,EAAE,CAAC;AAC1E,MAAI,IAAI,WAAW;AACjB,UAAM;AAAA,MACJ,OAAO;AAAA,QACL,yBAAyB,IAAI,SAAS;AAAA,MACxC;AAAA,IACF;AAAA,EACF;AACA,SAAO,MAAM,KAAK,IAAI;AACxB;AAEO,SAAS,WACd,KACA,OAA6C,CAAC,GAC9C,MAA6B,QAAQ,QAC/B;AACN,QAAM,SAAS,QAAQ,KAAK,SAAS,IAAI;AACzC,MAAI,eAAe,UAAU;AAC3B,QAAI,MAAM,GAAG,eAAe,KAAK,MAAM,CAAC;AAAA,CAAI;AAC5C,QAAI,KAAK,SAAS,IAAI,MAAO,KAAI,MAAM,GAAG,OAAO,IAAI,IAAI,KAAK,CAAC;AAAA,CAAI;AACnE;AAAA,EACF;AACA,QAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,MAAI,MAAM,GAAG,OAAO,IAAI,OAAO,CAAC,KAAK,OAAO;AAAA,CAAI;AAChD,MAAI,KAAK,SAAS,eAAe,SAAS,IAAI,MAAO,KAAI,MAAM,GAAG,OAAO,IAAI,IAAI,KAAK,CAAC;AAAA,CAAI;AAC7F;;;AGnIA,SAAS,eAAe;;;ACAxB;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,aAAe;AAAA,EACf,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,YAAc;AAAA,IACZ,MAAQ;AAAA,IACR,KAAO;AAAA,EACT;AAAA,EACA,UAAY;AAAA,EACZ,MAAQ;AAAA,IACN,KAAO;AAAA,EACT;AAAA,EACA,UAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EACA,KAAO;AAAA,IACL,SAAW;AAAA,EACb;AAAA,EACA,SAAW;AAAA,IACT,sBAAsB;AAAA,IACtB,kBAAkB;AAAA,EACpB;AAAA,EACA,OAAS;AAAA,IACP;AAAA,IACA;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,MAAQ;AAAA,EACV;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,KAAO;AAAA,IACP,mBAAmB;AAAA,IACnB,kBAAkB;AAAA,IAClB,uBAAuB;AAAA,IACvB,uBAAuB;AAAA,IACvB,MAAQ;AAAA,IACR,cAAc;AAAA,IACd,MAAQ;AAAA,IACR,YAAY;AAAA,IACZ,WAAa;AAAA,IACb,UAAY;AAAA,IACZ,aAAa;AAAA,IACb,aAAa;AAAA,IACb,SAAW;AAAA,EACb;AAAA,EACA,cAAgB;AAAA,IACd,cAAc;AAAA,IACd,WAAa;AAAA,IACb,UAAY;AAAA,IACZ,MAAQ;AAAA,IACR,KAAO;AAAA,IACP,YAAc;AAAA,IACd,MAAQ;AAAA,EACV;AAAA,EACA,iBAAmB;AAAA,IACjB,kBAAkB;AAAA,IAClB,mBAAmB;AAAA,IACnB,eAAe;AAAA,IACf,OAAS;AAAA,IACT,iBAAiB;AAAA,IACjB,MAAQ;AAAA,IACR,KAAO;AAAA,IACP,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AACF;;;ACvEO,IAAM,cAAc,gBAAI;AAExB,IAAM,aAAa,eAAe,WAAW;AAE7C,IAAM,uBAAuB;AAC7B,IAAM,wBAAwB;AAe9B,IAAM,kBAAkB;AAExB,IAAM,kBAAkB;AACxB,IAAM,iBAAiB;AAEvB,IAAM,MAAM;AAAA,EACjB,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,aAAa;AAAA;AAAA,EAEb,UAAU;AAAA,EACV,cAAc;AAAA,EACd,WAAW;AACb;;;AC1CA,SAAS,YAAY,mBAAmB;AA6CxC,SAAS,UAAU,KAAqB;AACtC,SAAO,IAAI,SAAS,QAAQ,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AACzF;AAGO,SAAS,eAAyB;AACvC,QAAM,WAAW,UAAU,YAAY,EAAE,CAAC;AAC1C,QAAM,YAAY,UAAU,WAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,CAAC;AAC1E,SAAO,EAAE,UAAU,WAAW,QAAQ,OAAO;AAC/C;AAGO,SAAS,kBAAkB,aAAgC;AAChE,QAAM,OAAO,YAAY,QAAQ,OAAO,EAAE;AAC1C,SAAO;AAAA,IACL,wBAAwB,GAAG,IAAI;AAAA,IAC/B,gBAAgB,GAAG,IAAI;AAAA,IACvB,mBAAmB,GAAG,IAAI;AAAA,IAC1B,wBAAwB,GAAG,IAAI;AAAA,IAC/B,qBAAqB,GAAG,IAAI;AAAA,EAC9B;AACF;AAGA,eAAsB,SACpB,aACA,UAAwB,OACJ;AACpB,QAAM,OAAO,YAAY,QAAQ,OAAO,EAAE;AAC1C,QAAM,WAAW,kBAAkB,IAAI;AACvC,MAAI;AACF,UAAM,MAAM,MAAM,QAAQ,GAAG,IAAI,mCAAmC;AACpE,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,UAAM,MAAO,MAAM,IAAI,KAAK;AAC5B,WAAO;AAAA,MACL,wBAAwB,IAAI,0BAA0B,SAAS;AAAA,MAC/D,gBAAgB,IAAI,kBAAkB,SAAS;AAAA,MAC/C,mBAAmB,IAAI,qBAAqB,SAAS;AAAA,MACrD,wBAAwB,IAAI,0BAA0B,SAAS;AAAA,MAC/D,qBAAqB,IAAI,uBAAuB,SAAS;AAAA,IAC3D;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAe,SACb,KACA,MACA,SACmB;AACnB,QAAM,OAAO,IAAI,gBAAgB;AACjC,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,IAAI,EAAG,KAAI,MAAM,OAAW,MAAK,IAAI,GAAG,CAAC;AAC7E,SAAO,QAAQ,KAAK;AAAA,IAClB,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,qCAAqC,QAAQ,mBAAmB;AAAA,IAC3F;AAAA,EACF,CAAC;AACH;AAEA,eAAe,UAAU,KAAuC;AAC9D,QAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,yBAAyB,IAAI,MAAM,MAAM,KAAK,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,EAC/E;AACA,SAAO,KAAK,MAAM,IAAI;AACxB;AAEO,SAAS,kBAAkB,MAOvB;AACT,QAAM,MAAM,IAAI,IAAI,KAAK,qBAAqB;AAC9C,MAAI,aAAa,IAAI,iBAAiB,MAAM;AAC5C,MAAI,aAAa,IAAI,aAAa,KAAK,QAAQ;AAC/C,MAAI,aAAa,IAAI,gBAAgB,KAAK,WAAW;AACrD,MAAI,aAAa,IAAI,SAAS,KAAK,KAAK;AACxC,MAAI,aAAa,IAAI,SAAS,KAAK,KAAK;AACxC,MAAI,aAAa,IAAI,kBAAkB,KAAK,aAAa;AACzD,MAAI,aAAa,IAAI,yBAAyB,MAAM;AACpD,SAAO,IAAI,SAAS;AACtB;AAEO,SAAS,aACd,MAQA,UAAwB,OACA;AACxB,SAAO;AAAA,IACL,KAAK;AAAA,IACL;AAAA,MACE,YAAY;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,cAAc,KAAK;AAAA,MACnB,WAAW,KAAK;AAAA,MAChB,eAAe,KAAK;AAAA,MACpB,eAAe,KAAK;AAAA,IACtB;AAAA,IACA;AAAA,EACF,EAAE,KAAK,SAAS;AAClB;AAEO,SAAS,QACd,MACA,UAAwB,OACA;AACxB,SAAO;AAAA,IACL,KAAK;AAAA,IACL;AAAA,MACE,YAAY;AAAA,MACZ,eAAe,KAAK;AAAA,MACpB,WAAW,KAAK;AAAA,MAChB,eAAe,KAAK;AAAA,IACtB;AAAA,IACA;AAAA,EACF,EAAE,KAAK,SAAS;AAClB;AAEO,SAAS,kBACd,MACA,UAAwB,OACA;AACxB,SAAO;AAAA,IACL,KAAK;AAAA,IACL;AAAA,MACE,YAAY;AAAA,MACZ,WAAW,KAAK;AAAA,MAChB,eAAe,KAAK;AAAA,MACpB,OAAO,KAAK;AAAA,IACd;AAAA,IACA;AAAA,EACF,EAAE,KAAK,SAAS;AAClB;AAEA,eAAsB,OACpB,MACA,UAAwB,OACT;AACf,QAAM;AAAA,IACJ,KAAK;AAAA,IACL,EAAE,OAAO,KAAK,OAAO,WAAW,KAAK,UAAU,eAAe,KAAK,aAAa;AAAA,IAChF;AAAA,EACF;AACF;AAEA,eAAsB,SACpB,MACA,UAAwB,OACL;AACnB,QAAM,MAAM,MAAM,QAAQ,KAAK,kBAAkB;AAAA,IAC/C,SAAS,EAAE,eAAe,UAAU,KAAK,WAAW,IAAI,QAAQ,mBAAmB;AAAA,EACrF,CAAC;AACD,MAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,oBAAoB,IAAI,MAAM,GAAG;AAC9D,SAAQ,MAAM,IAAI,KAAK;AACzB;AAEA,eAAsB,WACpB,MAMA,UAAwB,OACM;AAC9B,QAAM,MAAM,MAAM;AAAA,IAChB,KAAK;AAAA,IACL,EAAE,OAAO,KAAK,OAAO,WAAW,KAAK,UAAU,eAAe,KAAK,aAAa;AAAA,IAChF;AAAA,EACF;AACA,MAAI,CAAC,IAAI,GAAI,QAAO,EAAE,QAAQ,MAAM;AACpC,SAAQ,MAAM,IAAI,KAAK;AACzB;;;ACnOA,SAAS,WAAW,gBAAAA,eAAc,iBAAAC,sBAAqB;;;ACAvD,SAAS,eAAe;AACxB,SAAS,YAAY;AAId,SAAS,YAAoB;AAClC,SAAO,QAAQ,IAAI,IAAI,SAAS,KAAK,KAAK,QAAQ,GAAG,UAAU;AACjE;AAEO,SAAS,aAAqB;AACnC,SAAO,KAAK,UAAU,GAAG,aAAa;AACxC;AAEO,SAAS,kBAA0B;AACxC,SAAO,KAAK,UAAU,GAAG,kBAAkB;AAC7C;;;ACfA,SAAS,WAAW,cAAc,qBAAqB;AACvD,SAAS,eAAe;AAiBjB,IAAM,eAAe,CAAC,gBAAgB,iBAAiB,aAAa,QAAQ;AAG5E,SAAS,aAAqB;AACnC,MAAI;AACF,UAAM,MAAM,aAAa,WAAW,GAAG,MAAM;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO,EAAE,iBAAiB,OAAO,iBAAiB,UAAU,OAAO,YAAY,CAAC,EAAE;AAAA,EACpF,QAAQ;AACN,WAAO,EAAE,UAAU,CAAC,EAAE;AAAA,EACxB;AACF;AAEO,SAAS,WAAW,QAAsB;AAC/C,YAAU,UAAU,GAAG,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACvD,gBAAc,WAAW,GAAG,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,GAAM,EAAE,MAAM,IAAM,CAAC;AACrF;AAEO,SAAS,WAAW,MAA6B;AACtD,SAAO,WAAW,EAAE,SAAS,IAAI,KAAK,CAAC;AACzC;AAEO,SAAS,eAAyB;AACvC,SAAO,OAAO,KAAK,WAAW,EAAE,QAAQ,EAAE,KAAK;AACjD;AAEO,SAAS,gBAAgB,MAAc,KAAiB,OAAqB;AAClF,QAAM,SAAS,WAAW;AAC1B,QAAM,UAAU,OAAO,SAAS,IAAI,KAAK,CAAC;AAC1C,UAAQ,GAAG,IAAI;AACf,SAAO,SAAS,IAAI,IAAI;AACxB,MAAI,CAAC,OAAO,gBAAiB,QAAO,kBAAkB;AACtD,aAAW,MAAM;AACnB;AAUO,SAAS,aAAa,UAAwB;AACnD,YAAU,QAAQ,QAAQ,GAAG,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAC/D;;;AF9CA,SAAS,UAA2B;AAClC,MAAI;AACF,WAAO,KAAK,MAAMC,cAAa,gBAAgB,GAAG,MAAM,CAAC;AAAA,EAC3D,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,SAAS,SAAS,KAA4B;AAC5C,QAAM,OAAO,gBAAgB;AAC7B,eAAa,IAAI;AAEjB,EAAAC,eAAc,MAAM,GAAG,KAAK,UAAU,KAAK,MAAM,CAAC,CAAC;AAAA,GAAM,EAAE,MAAM,IAAM,CAAC;AAExE,YAAU,MAAM,GAAK;AACvB;AAEO,SAAS,gBAAgB,SAA0C;AACxE,SAAO,QAAQ,EAAE,OAAO;AAC1B;AAEO,SAAS,iBAAiB,SAAiB,OAA0B;AAC1E,QAAM,MAAM,QAAQ;AACpB,MAAI,OAAO,IAAI;AACf,WAAS,GAAG;AACd;AAEO,SAAS,iBAAiB,SAAuB;AACtD,QAAM,MAAM,QAAQ;AACpB,SAAO,IAAI,OAAO;AAClB,WAAS,GAAG;AACd;AAGO,SAAS,UAAU,OAAoB,UAAU,IAAI,MAAM,KAAK,IAAI,GAAY;AACrF,MAAI,CAAC,MAAM,WAAY,QAAO;AAC9B,SAAO,OAAO,MAAM,aAAa,UAAU;AAC7C;AAGO,SAAS,cAAc,WAA+B,MAAM,KAAK,IAAI,GAAuB;AACjG,SAAO,OAAO,cAAc,WAAW,MAAM,YAAY,MAAO;AAClE;;;AGpBA,IAAM,cAA2B;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,IAAM,mBAA6B,OAAO,QAAQ,IAAI,iBAAiB;AAGvE,IAAM,cAAwB,OAAO,SAAS,IAAI,OAAO,QAAQ,KAAK,IAAI,KAAK,KAAK;AAGpF,IAAM,iBAA2B,OAAO,KAAK,SAAS;AACpD,QAAM,QAAQ,KAAK,gBAAgB,IAAI,OAAO;AAC9C,MAAI,CAAC,OAAO,aAAc,QAAO;AACjC,MAAI,CAAC,UAAU,KAAK,EAAG,QAAO,MAAM;AACpC,MAAI,CAAC,MAAM,cAAe,QAAO;AACjC,MAAI;AACF,UAAM,YAAY,MAAM,KAAK,SAAS,IAAI,aAAa,IAAI,OAAO;AAGlE,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB;AAAA,QACE,eAAe,UAAU;AAAA,QACzB,cAAc,MAAM;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,IACN;AACA,UAAM,UAAuB;AAAA,MAC3B,cAAc,IAAI;AAAA,MAClB,eAAe,IAAI,iBAAiB,MAAM;AAAA,MAC1C,YAAY,cAAc,IAAI,UAAU;AAAA,MACxC,OAAO,IAAI,SAAS,MAAM;AAAA,MAC1B,eAAe,MAAM;AAAA,IACvB;AACA,SAAK,iBAAiB,IAAI,SAAS,OAAO;AAC1C,WAAO,IAAI;AAAA,EACb,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,IAAM,4BAAsC,OAAO,KAAK,SAAS;AAC/D,MAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,SAAU,QAAO;AAC/C,QAAM,YAAY,MAAM,KAAK,SAAS,IAAI,aAAa,IAAI,OAAO;AAClE,QAAM,MAAM,MAAM,KAAK;AAAA,IACrB;AAAA,MACE,eAAe,UAAU;AAAA,MACzB,UAAU,IAAI;AAAA,MACd,cAAc,IAAI;AAAA,MAClB,OAAO,IAAI;AAAA,IACb;AAAA,IACA,IAAI;AAAA,EACN;AACA,OAAK,iBAAiB,IAAI,SAAS;AAAA,IACjC,cAAc,IAAI;AAAA,IAClB,YAAY,cAAc,IAAI,UAAU;AAAA,IACxC,OAAO,IAAI;AAAA,IACX,eAAe,IAAI;AAAA,EACrB,CAAC;AACD,SAAO,IAAI;AACb;AAGO,IAAM,YAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,eAAsB,aAAa,KAAsC;AACvE,QAAM,OAAO,EAAE,GAAG,aAAa,GAAG,IAAI,KAAK;AAC3C,aAAW,YAAY,WAAW;AAChC,UAAM,QAAQ,MAAM,SAAS,KAAK,IAAI;AACtC,QAAI,MAAO,QAAO;AAAA,EACpB;AACA,QAAM,IAAI;AAAA,IACR;AAAA,EACF;AACF;;;AC9FO,IAAM,kBAA4B;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,aAAa,OAAO,QAAgB;AAClC,UAAM,EAAE,SAAS,KAAK,IAAI,MAAM,OAAO,MAAM;AAC7C,WAAO,KAAK,GAAG;AAAA,EACjB;AACF;;;AC5BA,SAAS,KAAK,OAAuB;AACnC,SAAO,MAAM,SAAS,IAAI,GAAG,MAAM,MAAM,GAAG,CAAC,CAAC,SAAI,MAAM,MAAM,EAAE,CAAC,KAAK;AACxE;AASO,SAAS,WACd,KACA,OAA+B,CAAC,GAChC,OAAiB,iBACL;AACZ,QAAM,QAAQ,KAAK,gBAAgB,IAAI,OAAO,KAAK,CAAC;AACpD,QAAM,SAAS,KAAK,aAAa;AACjC,QAAM,SAAS,CAAC,UACd,UAAU,SAAY,SAAY,SAAS,QAAQ,KAAK,KAAK;AAE/D,SAAO;AAAA,IACL,SAAS,IAAI;AAAA,IACb,cAAc,IAAI;AAAA,IAClB,eAAe,IAAI;AAAA,IACnB,WAAW,OAAO,IAAI,QAAQ;AAAA,IAC9B,eAAe,OAAO,IAAI,gBAAgB,MAAM,aAAa;AAAA,IAC7D,cAAc,OAAO,IAAI,iBAAiB,MAAM,YAAY;AAAA,IAC5D,eAAe,OAAO,MAAM,aAAa;AAAA,IACzC,kBACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,EAAE,YAAY,IAAI;AAAA,IACpF,OAAO,MAAM;AAAA,EACf;AACF;;;ACnDA,SAAS,eAAAC,oBAAmB;AAC5B,SAAsB,oBAAoB;AAiBnC,IAAM,gBAAgB;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,GAAG;AACV,IAAM,kBAAkB;AAGxB,SAAS,gBAAgB,KAAuB;AAC9C,MAAI,IAAI,SAAU,iBAAgB,IAAI,SAAS,aAAa,IAAI,QAAQ;AACxE,kBAAgB,IAAI,SAAS,iBAAiB,IAAI,WAAW;AAC7D,kBAAgB,IAAI,SAAS,gBAAgB,IAAI,UAAU;AAC7D;AAGO,SAAS,eACd,KACA,OACA,OAAiB,iBACJ;AACb,QAAM,QAAqB,EAAE,cAAc,MAAM;AACjD,OAAK,iBAAiB,IAAI,SAAS,KAAK;AACxC,kBAAgB,GAAG;AACnB,SAAO;AACT;AAGA,eAAsB,uBACpB,KACA,cACA,QAAQ,eACR,OAAiB,iBACK;AACtB,MAAI,CAAC,IAAI,UAAU;AACjB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,YAAY,MAAM,KAAK,SAAS,IAAI,WAAW;AACrD,QAAM,MAAM,MAAM,KAAK,kBAAkB;AAAA,IACvC,eAAe,UAAU;AAAA,IACzB,UAAU,IAAI;AAAA,IACd;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,QAAqB;AAAA,IACzB,cAAc,IAAI;AAAA,IAClB,YAAY,cAAc,IAAI,UAAU;AAAA,IACxC,OAAO,IAAI;AAAA,IACX,eAAe;AAAA,EACjB;AACA,OAAK,iBAAiB,IAAI,SAAS,KAAK;AACxC,kBAAgB,GAAG;AACnB,SAAO;AACT;AAQA,SAAS,cAAc,QAAgB,eAAgD;AACrF,SAAO,IAAI,QAAwB,CAAC,SAAS,WAAW;AACtD,UAAM,QAAQ,WAAW,MAAM;AAC7B,aAAO,MAAM;AACb,aAAO,IAAI,MAAM,6CAA6C,CAAC;AAAA,IACjE,GAAG,eAAe;AAElB,WAAO,GAAG,WAAW,CAAC,KAAK,QAAQ;AACjC,YAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,UAAI,IAAI,aAAa,aAAa;AAChC,YAAI,UAAU,GAAG,EAAE,IAAI;AACvB;AAAA,MACF;AACA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,UAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,UAAI;AAAA,QACF,QACI,2BAA2B,KAAK,SAChC;AAAA,MACN;AACA,mBAAa,KAAK;AAClB,aAAO,MAAM;AACb,UAAI,SAAS,CAAC,QAAQ,CAAC,OAAO;AAC5B,eAAO,IAAI,MAAM,yBAAyB,SAAS,oBAAoB,EAAE,CAAC;AAAA,MAC5E,WAAW,UAAU,eAAe;AAClC,eAAO,IAAI,MAAM,2CAA2C,CAAC;AAAA,MAC/D,OAAO;AACL,gBAAQ,EAAE,MAAM,MAAM,CAAC;AAAA,MACzB;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AACH;AAQA,eAAsB,UACpB,KACA,QAAQ,eACR,OAAiB,iBACS;AAC1B,QAAM,YAAY,MAAM,KAAK,SAAS,IAAI,WAAW;AACrD,QAAM,OAAO,aAAa;AAC1B,QAAM,QAAQC,aAAY,EAAE,EAAE,SAAS,KAAK;AAE5C,QAAM,SAAS,aAAa;AAC5B,QAAM,IAAI,QAAc,CAAC,YAAY,OAAO,OAAO,GAAG,aAAa,OAAO,CAAC;AAC3E,QAAM,UAAU,OAAO,QAAQ;AAC/B,MAAI,CAAC,WAAW,OAAO,YAAY,UAAU;AAC3C,WAAO,MAAM;AACb,UAAM,IAAI,MAAM,wDAAwD;AAAA,EAC1E;AACA,QAAM,cAAc,oBAAoB,QAAQ,IAAI;AAEpD,QAAM,eAAe,kBAAkB;AAAA,IACrC,uBAAuB,UAAU;AAAA,IACjC,UAAU;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,IACA,eAAe,KAAK;AAAA,EACtB,CAAC;AAED,QAAM,kBAAkB,cAAc,QAAQ,KAAK;AACnD,QAAM,KAAK,YAAY,YAAY;AACnC,QAAM,EAAE,KAAK,IAAI,MAAM;AAEvB,QAAM,MAAM,MAAM,KAAK,aAAa;AAAA,IAClC,eAAe,UAAU;AAAA,IACzB;AAAA,IACA;AAAA,IACA,UAAU;AAAA,IACV,cAAc,KAAK;AAAA,EACrB,CAAC;AAED,QAAM,QAAqB;AAAA,IACzB,cAAc,IAAI;AAAA,IAClB,eAAe,IAAI;AAAA,IACnB,YAAY,cAAc,IAAI,UAAU;AAAA,IACxC,OAAO,IAAI;AAAA,EACb;AACA,OAAK,iBAAiB,IAAI,SAAS,KAAK;AACxC,kBAAgB,GAAG;AACnB,SAAO,EAAE,OAAO,aAAa;AAC/B;;;AC9KA,eAAsB,OAAO,KAAiB,OAAiB,iBAAmC;AAChG,QAAM,QAAQ,KAAK,gBAAgB,IAAI,OAAO;AAC9C,MAAI,CAAC,MAAO,QAAO;AAEnB,MAAI,MAAM,cAAc;AACtB,QAAI;AACF,YAAM,YAAY,MAAM,KAAK,SAAS,IAAI,WAAW;AAGrD,YAAM,KAAK,OAAO;AAAA,QAChB,oBAAoB,UAAU;AAAA,QAC9B,OAAO,MAAM,iBAAiB,MAAM;AAAA,QACpC,UAAU,MAAM,iBAAiB,IAAI,WAAW,IAAI,WAAW;AAAA,QAC/D,cAAc,MAAM;AAAA,MACtB,CAAC;AAAA,IACH,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,OAAK,iBAAiB,IAAI,OAAO;AACjC,SAAO;AACT;;;ACHA,SAAS,UAAU,OAAuB;AACxC,SAAO,MAAM,SAAS,KAAK,GAAG,MAAM,MAAM,GAAG,CAAC,CAAC,SAAI,MAAM,MAAM,EAAE,CAAC,KAAK;AACzE;AAEA,SAAS,aAAa,KAAiB,MAAwB;AAC7D,MAAI,IAAI,cAAe,QAAO;AAC9B,MAAI,IAAI,IAAI,IAAI,KAAK,EAAG,QAAO;AAC/B,MAAI,KAAK,gBAAgB,IAAI,OAAO,GAAG,aAAc,QAAO;AAC5D,MAAI,IAAI,aAAc,QAAO;AAC7B,SAAO;AACT;AAEA,SAAS,SAAS,OAAiD;AACjE,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,QAAQ,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO;AAC/C,SAAO,MAAM,SAAS,QAAQ;AAChC;AAGA,eAAsB,WACpB,KACA,OAAiB,iBACI;AACrB,MAAI;AACJ,MAAI;AACF,YAAQ,MAAM,KAAK,aAAa;AAAA,MAC9B,eAAe,IAAI;AAAA,MACnB,SAAS,IAAI;AAAA,MACb,aAAa,IAAI;AAAA,MACjB,UAAU,IAAI;AAAA,MACd,cAAc,IAAI;AAAA,MAClB,KAAK,IAAI;AAAA,IACX,CAAC;AAAA,EACH,QAAQ;AACN,UAAM,IAAI;AAAA,MACR,kCAAkC,IAAI,OAAO;AAAA,IAC/C;AAAA,EACF;AAEA,QAAM,SAAqB;AAAA,IACzB,SAAS,IAAI;AAAA,IACb,QAAQ,aAAa,KAAK,IAAI;AAAA,IAC9B,YAAY,IAAI;AAAA,IAChB,aAAa,IAAI;AAAA,IACjB,aAAa,UAAU,KAAK;AAAA,EAC9B;AAGA,MAAI,cAAc,KAAK,gBAAgB,IAAI,OAAO,GAAG;AAErD,QAAM,YAAY,MAAM,KAAK,SAAS,IAAI,WAAW;AACrD,MAAI;AACF,UAAM,OAAO,MAAM,KAAK,SAAS;AAAA,MAC/B,kBAAkB,UAAU;AAAA,MAC5B,aAAa;AAAA,IACf,CAAC;AACD,WAAO,OAAO;AAAA,MACZ,KAAK,KAAK;AAAA,MACV,OAAO,KAAK;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,OAAO,KAAK;AAAA,MACZ,KAAK,KAAK;AAAA,IACZ;AACA,WAAO,SAAS,SAAS,KAAK,KAAK;AAAA,EACrC,QAAQ;AAAA,EAER;AACA,MAAI;AACF,UAAM,QAAQ,MAAM,KAAK,WAAW;AAAA,MAClC,uBAAuB,UAAU;AAAA,MACjC;AAAA;AAAA;AAAA,MAGA,UAAU,IAAI,gBAAgB,IAAI,WAAW,IAAI,WAAW;AAAA,MAC5D,cAAc,IAAI;AAAA,IACpB,CAAC;AAGD,QAAI,MAAM,QAAQ;AAChB,aAAO,SAAS,OAAO,UAAU,SAAS,MAAM,KAAK;AACrD,UAAI,OAAO,MAAM,QAAQ,SAAU,eAAc,eAAe,MAAM,MAAM;AAAA,IAC9E;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,MAAI,OAAO,gBAAgB,SAAU,QAAO,iBAAiB,IAAI,KAAK,WAAW,EAAE,YAAY;AAC/F,SAAO;AACT;;;AC7GO,IAAM,mBAAmB,CAAC,QAAQ,OAAO,MAAM;AAGtD,IAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,gBAA0C;AAAA,EAC9C,MAAM,CAAC,SAAS,UAAU,UAAU,UAAU,QAAQ;AAAA,EACtD,WAAW,CAAC,OAAO,OAAO,eAAe;AAAA,EACzC,YAAY,CAAC,GAAG,gBAAgB;AAClC;AAEA,SAAS,eAAe,OAAiC;AACvD,QAAM,QAAQ;AAAA,IACZ,GAAG,MAAM,WAAW,IAAI,CAAC,MAAM,EAAE,IAAI;AAAA,IACrC,GAAG,MAAM,YAAY,IAAI,CAAC,MAAM,EAAE,IAAI;AAAA,IACtC,GAAG,MAAM,WAAW,IAAI,CAAC,MAAM,EAAE,IAAI;AAAA,EACvC;AACA,MAAI,MAAM,QAAS,OAAM,KAAK,cAAc;AAC5C,MAAI,MAAM,UAAW,OAAM,KAAK,QAAQ;AACxC,MAAI,MAAM,aAAa,SAAU,OAAM,KAAK,eAAe;AAC3D,MAAI,MAAM,YAAY,KAAK,CAAC,MAAM,EAAE,SAAS,MAAM,EAAG,OAAM,KAAK,OAAO;AACxE,SAAO;AACT;AAEA,SAAS,KAAK,QAA4B;AACxC,SAAO,CAAC,GAAG,IAAI,IAAI,MAAM,CAAC,EAAE,KAAK;AACnC;AAEA,SAAS,aAAa,MAAgBC,WAA8B;AAClE,QAAM,WAAWA,UAAS,KAAK,IAAI,CAAC,MAAM,EAAE,IAAI;AAChD,MAAI,KAAK,WAAW,EAAG,QAAO,KAAK,CAAC,GAAG,UAAU,GAAG,OAAO,KAAK,aAAa,CAAC,CAAC;AAE/E,QAAM,OAAO,KAAK,CAAC,KAAK;AACxB,MAAI,QAAQ,eAAe;AACzB,QAAI,KAAK,WAAW,EAAG,QAAO,cAAc,IAAI,KAAK,CAAC;AAEtD,QAAI,SAAS,eAAe,KAAK,WAAW,MAAM,KAAK,CAAC,MAAM,SAAS,KAAK,CAAC,MAAM,QAAQ;AACzF,aAAO,KAAK,CAAC,GAAG,cAAc,eAAe,CAAC;AAAA,IAChD;AACA,WAAO,CAAC;AAAA,EACV;AACA,MAAI,CAAC,SAAS,SAAS,IAAI,EAAG,QAAO,CAAC;AAEtC,MAAI,KAAK,WAAW,GAAG;AACrB,WAAO,KAAKA,UAAS,WAAW,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC;AAAA,EACnF;AACA,MAAI,KAAK,WAAW,GAAG;AACrB,WAAO;AAAA,MACLA,UAAS,WACN,OAAO,CAAC,MAAM,EAAE,QAAQ,QAAQ,EAAE,UAAU,KAAK,CAAC,CAAC,EACnD,IAAI,CAAC,MAAM,EAAE,OAAO;AAAA,IACzB;AAAA,EACF;AACA,QAAM,QAAQA,UAAS,WAAW;AAAA,IAChC,CAAC,MAAM,EAAE,QAAQ,QAAQ,EAAE,UAAU,KAAK,CAAC,KAAK,EAAE,YAAY,KAAK,CAAC;AAAA,EACtE;AACA,SAAO,KAAK,CAAC,GAAI,QAAQ,eAAe,KAAK,IAAI,CAAC,GAAI,GAAG,YAAY,CAAC;AACxE;AASO,SAAS,aAAa,gBAA0BA,WAA8B;AACnF,QAAM,OAAO,eAAe,OAAO,CAAC,MAAM,CAAC,EAAE,WAAW,GAAG,CAAC;AAC5D,SAAO,aAAa,MAAMA,SAAQ;AACpC;AAGO,SAAS,iBAAiB,OAAsB;AACrD,MAAI,UAAU,QAAQ;AACpB,WAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWT;AACA,MAAI,UAAU,OAAO;AACnB,WAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQT;AACA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAOT;;;ACtHA,SAAS,uBAAuB;AAchC,IAAM,cAAc,CAAC,eAAe;AAGpC,IAAM,WAAW,CAAC,GAAG,cAAc,GAAG,WAAW;AAQjD,IAAM,kBAAkB,oBAAI,IAAY,CAAC,aAAa,eAAe,CAAC;AAG/D,SAAS,gBAAgB,OAAuB;AACrD,SAAO,MAAM,QAAQ,QAAQ,EAAE;AACjC;AAQO,SAAS,WAAW,QAAwB;AACjD,QAAM,IAAI,OAAO;AACjB,MAAI,KAAK,GAAI,QAAO,GAAG,OAAO,MAAM,GAAG,CAAC,CAAC,SAAI,OAAO,MAAM,EAAE,CAAC;AAC7D,MAAI,IAAI,EAAG,QAAO,GAAG,OAAO,MAAM,GAAG,CAAC,CAAC,SAAI,OAAO,MAAM,EAAE,CAAC;AAC3D,SAAO;AACT;AAEA,SAAS,YAAY,KAA+B;AAClD,SAAQ,YAAkC,SAAS,GAAG;AACxD;AAEA,SAAS,UAAU,KAAwC;AACzD,MAAI,CAAE,aAAmC,SAAS,GAAG,GAAG;AACtD,UAAM,IAAI,WAAW,uBAAuB,GAAG,kBAAkB,SAAS,KAAK,IAAI,CAAC,EAAE;AAAA,EACxF;AACF;AAGA,SAAS,kBAAkB,SAAiB,QAAsB;AAChE,QAAM,WAAwB,gBAAgB,OAAO,KAAK,CAAC;AAC3D,mBAAiB,SAAS,EAAE,GAAG,UAAU,eAAe,gBAAgB,MAAM,EAAE,CAAC;AACnF;AAEO,SAAS,aAAa,SAAiB,KAAa,OAAqB;AAC9E,QAAM,IAAI,gBAAgB,IAAI,GAAG,IAAI,gBAAgB,KAAK,IAAI;AAC9D,MAAI,YAAY,GAAG,GAAG;AACpB,sBAAkB,SAAS,CAAC;AAC5B;AAAA,EACF;AACA,YAAU,GAAG;AACb,kBAAgB,SAAS,KAAK,CAAC;AACjC;AAEO,SAAS,aAAa,SAAiB,KAAiC;AAC7E,MAAI,YAAY,GAAG,GAAG;AACpB,WAAO,gBAAgB,OAAO,GAAG;AAAA,EACnC;AACA,YAAU,GAAG;AACb,SAAO,WAAW,OAAO,EAAE,GAAG;AAChC;AAYO,SAAS,wBAA0C;AACxD,QAAM,EAAE,gBAAgB,IAAI,WAAW;AACvC,SAAO,aAAa,EAAE,IAAI,CAAC,YAAY;AACrC,UAAM,IAAI,WAAW,OAAO;AAC5B,WAAO;AAAA,MACL;AAAA,MACA,SAAS,YAAY;AAAA,MACrB,cAAc,EAAE;AAAA,MAChB,eAAe,EAAE;AAAA,MACjB,WAAW,EAAE;AAAA,MACb,QAAQ,EAAE;AAAA,IACZ;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,mBACpB,KACA,QAA+B,QAAQ,OACvC,SAAgC,QAAQ,QACrB;AACnB,QAAM,KAAK,gBAAgB,EAAE,OAAO,OAAO,CAAC;AAC5C,QAAM,UAAoB,CAAC;AAC3B,MAAI;AACF,UAAM,MAAM,OAAO,OAAeC,aAAiD;AACjF,YAAM,SAASA,WAAU,KAAKA,QAAO,MAAM;AAC3C,YAAM,UAAU,MAAM,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM,IAAI,GAAG,KAAK;AAC/D,aAAO,UAAUA,YAAW;AAAA,IAC9B;AAEA,UAAM,UAAU,WAAW,IAAI,OAAO;AACtC,UAAM,aAAa,MAAM,IAAI,gBAAgB,QAAQ,gBAAgB,IAAI,UAAU;AACnF,UAAM,cAAc,MAAM,IAAI,iBAAiB,QAAQ,iBAAiB,IAAI,WAAW;AAGvF,UAAM,WAAW;AAAA,MACf,MAAM,IAAI,wCAAwC,QAAQ,aAAa,IAAI,QAAQ;AAAA,IACrF;AAIA,UAAM,iBAAiB,gBAAgB,IAAI,OAAO,GAAG;AACrD,UAAM,cAAc,iBAChB,kBAAkB,WAAW,cAAc,CAAC,MAC5C;AACJ,UAAM,eAAe,gBAAgB,MAAM,GAAG,SAAS,GAAG,WAAW,IAAI,CAAC;AAE1E,UAAM,SAAS,MAAM,GAAG,SAAS,uCAAuC,GAAG,KAAK;AAChF,UAAM,MAAM,MAAM,IAAI,yCAAyC,QAAQ,UAAU,IAAI,MAAM;AAE3F,eAAW,CAAC,KAAK,KAAK,KAAK;AAAA,MACzB,CAAC,gBAAgB,UAAU;AAAA,MAC3B,CAAC,iBAAiB,WAAW;AAAA,MAC7B,CAAC,aAAa,QAAQ;AAAA,MACtB,CAAC,UAAU,GAAG;AAAA,IAChB,GAA6B;AAC3B,UAAI,OAAO;AACT,wBAAgB,IAAI,SAAS,KAAK,KAAK;AACvC,gBAAQ,KAAK,GAAG;AAAA,MAClB;AAAA,IACF;AACA,QAAI,cAAc;AAChB,wBAAkB,IAAI,SAAS,YAAY;AAC3C,cAAQ,KAAK,eAAe;AAAA,IAC9B;AACA,QAAI,OAAO;AACT,YAAM,WAAwB,gBAAgB,IAAI,OAAO,KAAK,CAAC;AAC/D,uBAAiB,IAAI,SAAS,EAAE,GAAG,UAAU,cAAc,MAAM,CAAC;AAClE,cAAQ,KAAK,OAAO;AAAA,IACtB;AACA,WAAO;AAAA,EACT,UAAE;AACA,OAAG,MAAM;AAAA,EACX;AACF;;;ACnKA,SAAS,cAAc;AACvB,SAAS,gBAAAC,eAAc,iBAAAC,sBAAqB;;;ACyErC,SAAS,UAAU,OAAuB;AAC/C,SAAO,MACJ,QAAQ,sBAAsB,OAAO,EACrC,QAAQ,WAAW,GAAG,EACtB,QAAQ,OAAO,GAAG,EAClB,YAAY;AACjB;AAEO,SAAS,UAAU,OAAuB;AAC/C,QAAM,QAAQ,UAAU,KAAK,EAAE,MAAM,GAAG,EAAE,OAAO,OAAO;AACxD,SAAO,MAAM,IAAI,CAAC,GAAG,MAAO,MAAM,IAAI,IAAI,EAAE,OAAO,CAAC,EAAE,YAAY,IAAI,EAAE,MAAM,CAAC,CAAE,EAAE,KAAK,EAAE;AAC5F;;;ACrCO,SAAS,aACd,SACA,MAAyB,QAAQ,KACrB;AACZ,QAAM,UACJ,QAAQ,WAAW,IAAI,IAAI,OAAO,KAAK,WAAW,EAAE,mBAAmB;AACzE,QAAM,MAAM,WAAW,OAAO;AAE9B,SAAO;AAAA,IACL;AAAA,IACA,YACE,QAAQ,WACR,IAAI,IAAI,UAAU,KAClB,IAAI,gBACJ,SAAS,cACT;AAAA,IACF,aACE,QAAQ,eAAe,IAAI,IAAI,WAAW,KAAK,IAAI,iBAAiB;AAAA;AAAA,IAEtE,UAAU,QAAQ,YAAY,IAAI,IAAI,QAAQ,KAAK,IAAI,aAAa;AAAA,IACpE,cAAc,IAAI,IAAI,YAAY,KAAK,gBAAgB,OAAO,GAAG,iBAAiB;AAAA,IAClF,QAAQ,QAAQ,UAAU,IAAI,UAAU;AAAA,IACxC,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ,UAAU,SAAS,CAAC,IAAI;AAAA,IACvC,OAAO,QAAQ,QAAQ,KAAK;AAAA,IAC5B,OAAO,QAAQ,QAAQ,KAAK;AAAA,IAC5B,eAAe,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;AAGO,SAAS,mBAAmB,KAAiB,OAA+B;AACjF,SAAO;AAAA,IACL,YAAY,IAAI;AAAA,IAChB;AAAA,IACA,WAAW;AAAA,IACX,OAAO,IAAI;AAAA,EACb;AACF;;;AF5EO,SAAS,QAAQ,MAAsB;AAC5C,SAAO,UAAU,KAAK,QAAQ,OAAO,EAAE,CAAC;AAC1C;AAcO,IAAM,sBAAoC;AAAA,EAC/C;AAAA,EACA,MAAM,CAAC,OAAO,KAAK,QAAQ,cAAc,MAAM,KAAK,MAAM,aAAa,KAAK,GAAG;AAAA,EAC/E,UAAU,CAAC,SAASC,cAAa,IAAI;AAAA,EACrC,WAAW,CAAC,MAAM,SAASC,eAAc,MAAM,IAAI;AAAA,EACnD,QAAQ,QAAQ;AAClB;AAEA,SAAS,OAAO,OAAgB,MAAsC;AACpE,MAAI,SAAS,UAAW,QAAO,UAAU,QAAQ,UAAU;AAC3D,MAAI,SAAS,YAAY,SAAS,UAAW,QAAO,OAAO,KAAK;AAChE,SAAO,OAAO,KAAK;AACrB;AAEA,SAAS,cAAc,KAAa,MAA6C;AAC/E,QAAM,OACJ,QAAQ,MACJD,cAAa,GAAG,MAAM,IACtB,IAAI,WAAW,GAAG,IAChB,KAAK,SAAS,IAAI,MAAM,CAAC,CAAC,EAAE,SAAS,MAAM,IAC3C;AACR,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,SAAS,KAAK;AACZ,UAAM,IAAI,WAAW,mCAAoC,IAAc,OAAO,EAAE;AAAA,EAClF;AACF;AAEA,SAAS,aACP,OACA,OACA,MACkB;AAClB,QAAM,aAAqC,CAAC;AAC5C,aAAW,KAAK,MAAM,YAAY;AAChC,UAAM,QAAQ,MAAM,QAAQ,EAAE,IAAI,CAAC;AACnC,QAAI,UAAU,UAAa,UAAU,IAAI;AACvC,YAAM,IAAI,WAAW,2BAA2B,EAAE,IAAI,EAAE;AAAA,IAC1D;AACA,eAAW,EAAE,IAAI,IAAI,OAAO,KAAK;AAAA,EACnC;AAEA,QAAM,QAA+D,CAAC;AACtE,aAAW,KAAK,MAAM,aAAa;AACjC,UAAM,QAAQ,MAAM,QAAQ,EAAE,IAAI,CAAC;AACnC,QAAI,UAAU,OAAW,OAAM,EAAE,IAAI,IAAI;AAAA,EAC3C;AAEA,MAAI;AACJ,MAAI,MAAM,SAAS;AACjB,WAAO,CAAC;AACR,UAAM,YAAY,MAAM;AACxB,QAAI,OAAO,cAAc,SAAU,QAAO,OAAO,MAAM,cAAc,WAAW,IAAI,CAAC;AACrF,eAAW,SAAS,MAAM,YAAY;AACpC,YAAM,QAAQ,MAAM,QAAQ,MAAM,IAAI,CAAC;AACvC,UAAI,UAAU,OAAW,MAAK,MAAM,IAAI,IAAI,OAAO,OAAO,MAAM,IAAI;AAAA,IACtE;AACA,QAAI,MAAM,aAAa,OAAO,MAAM,SAAS,UAAU;AACrD,WAAK,MAAM,SAAS,IAAI,KAAK,SAAS,MAAM,IAAI,EAAE,SAAS,QAAQ;AAAA,IACrE;AACA,QAAI,OAAO,KAAK,IAAI,EAAE,WAAW,EAAG,QAAO;AAAA,EAC7C;AAEA,SAAO,EAAE,YAAY,OAAO,KAAK;AACnC;AAEA,SAAS,UAAU,MAAsC;AACvD,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO;AAChC,MAAI,QAAQ,OAAO,SAAS,UAAU;AACpC,eAAW,OAAO,CAAC,QAAQ,SAAS,WAAW,cAAc,aAAa,YAAY,GAAG;AACvF,YAAM,QAAS,KAAiC,GAAG;AACnD,UAAI,MAAM,QAAQ,KAAK,EAAG,QAAO;AAAA,IACnC;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAM,YAAY;AAGlB,eAAsB,SACpB,OACA,OACA,KACA,OAAqB,qBACN;AACf,QAAM,QAAQ,MAAM,KAAK,aAAa;AAAA,IACpC,eAAe,IAAI;AAAA,IACnB,SAAS,IAAI;AAAA,IACb,aAAa,IAAI;AAAA,IACjB,UAAU,IAAI;AAAA,IACd,cAAc,IAAI;AAAA,IAClB,KAAK,IAAI;AAAA,EACX,CAAC;AACD,QAAM,SAAS,mBAAmB,KAAK,KAAK;AAC5C,QAAM,MAAM,aAAa,OAAO,OAAO,IAAI;AAG3C,QAAM,cAAc,MAAM,YAAY,KAAK,CAAC,MAAM,EAAE,SAAS,MAAM;AACnE,MAAI,MAAM,OAAO,eAAe,MAAM,aAAa,QAAQ;AACzD,UAAM,YAAuB,CAAC;AAC9B,aAAS,OAAO,GAAG,QAAQ,WAAW,QAAQ;AAC5C,YAAME,OAAM,MAAM,KAAK,KAAK,OAAO,EAAE,GAAG,KAAK,OAAO,EAAE,GAAG,IAAI,OAAO,KAAK,EAAE,GAAG,MAAM;AACpF,YAAM,QAAQ,UAAUA,KAAI,IAAI;AAChC,UAAI,CAAC,SAAS,MAAM,WAAW,EAAG;AAClC,gBAAU,KAAK,GAAG,KAAK;AACvB,YAAM,QAAQ,OAAO,IAAI,OAAO,SAAS,MAAM,MAAM;AACrD,UAAI,MAAM,SAAS,MAAO;AAAA,IAC5B;AACA,gBAAY,WAAW,EAAE,QAAQ,IAAI,QAAQ,OAAO,IAAI,MAAM,GAAG,KAAK,MAAM;AAC5E;AAAA,EACF;AAEA,QAAM,MAAM,MAAM,KAAK,KAAK,OAAO,KAAK,MAAM;AAE9C,MAAI,MAAM,aAAa,UAAU;AAC/B,UAAM,QAAQ,IAAI,SAAS,OAAO,MAAM,CAAC;AACzC,QAAI,OAAO,MAAM,eAAe,UAAU;AACxC,WAAK,UAAU,MAAM,YAAY,KAAK;AACtC,WAAK,OAAO,MAAM,SAAS,MAAM,MAAM,aAAa,MAAM,UAAU;AAAA,CAAI;AAAA,IAC1E,OAAO;AACL,WAAK,OAAO,MAAM,KAAK;AAAA,IACzB;AACA;AAAA,EACF;AAEA,cAAY,IAAI,MAAM,EAAE,QAAQ,IAAI,QAAQ,OAAO,IAAI,MAAM,GAAG,KAAK,MAAM;AAC7E;;;Af3GO,IAAM,qBAAkC;AAAA,EAC7C,cAAc,CAAC,YAAY,aAAoB,OAAO;AAAA,EACtD;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EACA,WAAW;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,KAAuB;AAC/C,SAAO,IACJ,OAAO,oBAAoB,uBAAuB,EAClD,OAAO,qBAAqB,qCAAqC,EACjE,OAAO,sBAAsB,+CAA+C,EAC5E,OAAO,oBAAoB,2BAA2B,EACtD,OAAO,yBAAyB,4BAA4B,EAC5D,OAAO,oBAAoB,oCAAoC,EAC/D,OAAO,mBAAmB,6CAA6C,EACvE,OAAO,cAAc,wBAAwB,EAC7C,OAAO,WAAW,4CAA4C,EAC9D,OAAO,WAAW,mCAAmC;AAC1D;AAQA,SAAS,gBAAwB;AAC/B,QAAM,OAA6D;AAAA,IACjE,EAAE,MAAM,IAAI,OAAO,MAAM,8CAA8C;AAAA,IACvE,EAAE,MAAM,IAAI,SAAS,MAAM,kBAAkB,MAAM,YAAY;AAAA,IAC/D,EAAE,MAAM,IAAI,YAAY,MAAM,gBAAgB,MAAM,aAAa;AAAA,IACjE,EAAE,MAAM,IAAI,aAAa,MAAM,iBAAiB,MAAM,kBAAkB;AAAA,IACxE,EAAE,MAAM,IAAI,UAAU,MAAM,sCAAsC,MAAM,cAAc;AAAA,IACtF,EAAE,MAAM,IAAI,cAAc,MAAM,yCAAyC;AAAA,IACzE,EAAE,MAAM,IAAI,WAAW,MAAM,wCAAwC;AAAA,IACrE,EAAE,MAAM,YAAY,MAAM,0BAA0B,MAAM,aAAa;AAAA,EACzE;AACA,QAAM,YAAY,KAAK,IAAI,GAAG,KAAK,IAAI,CAAC,MAAM,EAAE,KAAK,MAAM,CAAC;AAC5D,QAAM,YAAY,KAAK,IAAI,GAAG,KAAK,IAAI,CAAC,MAAM,EAAE,KAAK,MAAM,CAAC;AAC5D,QAAM,QAAQ,KAAK,IAAI,CAAC,MAAM;AAC5B,UAAM,OAAO,KAAK,EAAE,KAAK,OAAO,SAAS,CAAC,KAAK,EAAE,KAAK,OAAO,SAAS,CAAC;AACvE,WAAO,EAAE,OAAO,GAAG,IAAI,MAAM,EAAE,IAAI,MAAM,KAAK,QAAQ;AAAA,EACxD,CAAC;AACD,SAAO;AAAA,IACL;AAAA,IACA,GAAG;AAAA,IACH;AAAA,IACA;AAAA,EACF,EAAE,KAAK,IAAI;AACb;AAGA,SAAS,kBAAkB,KAAuB;AAChD,SAAO,IAAI,OAAO,MAAM,IAAI,KAAK,CAAC;AACpC;AAEA,SAAS,cAAc,UAAmB,OAAuB,MAAyB;AACxF,QAAM,MAAM,SAAS,QAAQ,MAAM,OAAO;AAC1C,MAAI,MAAM,QAAS,KAAI,YAAY,MAAM,OAAO;AAEhD,QAAM,QAAQ,oBAAI,IAAY;AAC9B,QAAM,MAAM,CAAC,MAAc,MAAc,WAAW,UAAgB;AAClE,UAAM,MAAM,KAAK,MAAM,GAAG,EAAE,CAAC,KAAK;AAClC,QAAI,MAAM,IAAI,GAAG,EAAG;AACpB,UAAM,IAAI,GAAG;AACb,QAAI,SAAU,KAAI,eAAe,MAAM,IAAI;AAAA,QACtC,KAAI,OAAO,MAAM,IAAI;AAAA,EAC5B;AAEA,aAAW,KAAK,MAAM,YAAY;AAChC,QAAI,GAAG,EAAE,IAAI,YAAY,EAAE,eAAe,mBAAmB,EAAE,IAAI,KAAK,IAAI;AAAA,EAC9E;AACA,aAAW,KAAK,MAAM,aAAa;AACjC,QAAI,GAAG,EAAE,IAAI,YAAY,EAAE,eAAe,oBAAoB,EAAE,IAAI,GAAG;AAAA,EACzE;AACA,aAAW,KAAK,MAAM,YAAY;AAChC,UAAM,OAAO,GAAG,EAAE,eAAe,eAAe,EAAE,IAAI,GAAG,GAAG,EAAE,WAAW,gBAAgB,EAAE;AAC3F,QAAI,EAAE,SAAS,YAAY,EAAE,OAAO,GAAG,EAAE,IAAI,YAAY,IAAI;AAAA,EAC/D;AACA,MAAI,MAAM,SAAS;AACjB,QAAI,6BAA6B,uDAAuD;AAAA,EAC1F;AACA,MAAI,MAAM,WAAW;AACnB,QAAI,iBAAiB,uBAAuB,MAAM,SAAS,0BAA0B;AAAA,EACvF;AACA,MAAI,MAAM,aAAa,UAAU;AAC/B,QAAI,wBAAwB,mDAAmD;AAAA,EACjF;AACA,MAAI,MAAM,YAAY,KAAK,CAAC,MAAM,EAAE,SAAS,MAAM,GAAG;AACpD,QAAI,SAAS,oCAAoC;AAAA,EACnD;AAEA,mBAAiB,GAAG;AACpB,MAAI,OAAO,OAAO,OAAO,MAAe;AACtC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,KAAK,SAAS,OAAO,EAAE,KAAK,GAAG,GAAG;AAAA,EAC1C,CAAC;AACH;AAEA,SAAS,kBAAkB,SAAkBC,WAAoB,MAAyB;AAGxF,QAAM,UAAU,oBAAI,IAAqB;AACzC,QAAM,YAAY,oBAAI,IAAqB;AAE3C,aAAW,OAAOA,UAAS,MAAM;AAC/B,UAAM,QAAQ,IAAI,MAAM,QAAQ,YAAY,EAAE;AAC9C,UAAM,SAAS,QAAQ,QAAQ,IAAI,IAAI,EAAE,YAAY,GAAG,KAAK,MAAM;AACnE,sBAAkB,MAAM;AACxB,YAAQ,IAAI,IAAI,MAAM,MAAM;AAAA,EAC9B;AAEA,aAAW,SAASA,UAAS,YAAY;AACvC,UAAM,SAAS,QAAQ,IAAI,MAAM,GAAG;AACpC,QAAI,CAAC,OAAQ;AACb,UAAM,WAAW,GAAG,MAAM,GAAG,IAAI,MAAM,KAAK;AAC5C,QAAI,WAAW,UAAU,IAAI,QAAQ;AACrC,QAAI,CAAC,UAAU;AACb,iBAAW,OAAO,QAAQ,MAAM,KAAK,EAAE,YAAY,UAAU,MAAM,KAAK,EAAE;AAC1E,wBAAkB,QAAQ;AAC1B,gBAAU,IAAI,UAAU,QAAQ;AAAA,IAClC;AACA,kBAAc,UAAU,OAAO,IAAI;AAAA,EACrC;AACF;AAEA,SAAS,aAAa,SAAkB,MAAyB;AAC/D,QAAM,OAAO,QAAQ,QAAQ,MAAM,EAAE,YAAY,2BAA2B;AAC5E,oBAAkB,IAAI;AAEtB,QAAM,QAAQ,iBAAiB,KAAK,QAAQ,OAAO,CAAC,EACjD,YAAY,6DAA6D,EACzE,OAAO,wBAAwB,6CAA6C,EAC5E;AAAA,IACC;AAAA,IACA;AAAA,EACF,EACC,OAAO,OAAO,OAAO,MAAe;AACnC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,IAAI,EAAE,KAAK;AACjB,QAAI,IAAI,eAAe;AACrB,WAAK,KAAK,eAAe,KAAK,IAAI,aAAa;AAAA,IACjD,WAAW,EAAE,mBAAmB;AAC9B,UAAI,CAAC,IAAI,YAAY,CAAC,IAAI,cAAc;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,IAAI,QAAQ,iCAAiC,IAAI,YAAY;AAAA,QACjG;AAAA,MACF;AACA,YAAM,KAAK,KAAK,uBAAuB,KAAK,IAAI,cAAc,EAAE,KAAK;AAAA,IACvE,OAAO;AACL,YAAM,EAAE,aAAa,IAAI,MAAM,KAAK,KAAK,UAAU,KAAK,EAAE,KAAK;AAC/D,cAAQ,OAAO,MAAM;AAAA,IAAsC,YAAY;AAAA,CAAI;AAAA,IAC7E;AACA,YAAQ,OAAO,MAAM,gCAA2B,IAAI,OAAO;AAAA,CAAM;AAAA,EACnE,CAAC;AACH,OAAK;AAEL,mBAAiB,KAAK,QAAQ,QAAQ,CAAC,EACpC,YAAY,qCAAqC,EACjD,OAAO,OAAO,OAAO,MAAe;AACnC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,KAAK,MAAM,KAAK,KAAK,OAAO,GAAG;AACrC,YAAQ,OAAO,MAAM,KAAK,yBAAoB,IAAI,OAAO;AAAA,IAAS,0BAA0B;AAAA,EAC9F,CAAC;AAEH,mBAAiB,KAAK,QAAQ,QAAQ,CAAC,EACpC,MAAM,QAAQ,EACd,YAAY,4CAA4C,EACxD,OAAO,OAAO,OAAO,MAAe;AACnC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,SAAS,MAAM,KAAK,KAAK,WAAW,GAAG;AAC7C,gBAAY,QAAQ,EAAE,QAAQ,IAAI,QAAQ,OAAO,IAAI,MAAM,CAAC;AAAA,EAC9D,CAAC;AAEH,mBAAiB,KAAK,QAAQ,QAAQ,CAAC,EACpC,OAAO,cAAc,2DAA2D,EAChF,YAAY,oEAAoE,EAChF,OAAO,CAAC,OAAO,MAAe;AAC7B,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,OAAO,KAAK,KAAK,WAAW,KAAK,EAAE,UAAU,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC/E,gBAAY,MAAM,EAAE,QAAQ,IAAI,QAAQ,OAAO,IAAI,MAAM,CAAC;AAAA,EAC5D,CAAC;AACL;AAEA,SAAS,kBAAkB,SAAkB,MAAyB;AACpE,QAAM,YAAY,iBAAiB,QAAQ,QAAQ,WAAW,CAAC,EAAE;AAAA,IAC/D;AAAA,EACF;AAEA,mBAAiB,UAAU,QAAQ,KAAK,CAAC,EACtC,SAAS,SAAS,YAAY,EAC9B,SAAS,WAAW,OAAO,EAC3B,YAAY,qBAAqB,EACjC,OAAO,CAAC,KAAa,OAAe,IAAI,MAAe;AACtD,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,SAAK,UAAU,aAAa,IAAI,SAAS,KAAK,KAAK;AACnD,YAAQ,OAAO,MAAM,cAAS,GAAG,iBAAiB,IAAI,OAAO;AAAA,CAAM;AAAA,EACrE,CAAC;AAEH,mBAAiB,UAAU,QAAQ,KAAK,CAAC,EACtC,SAAS,SAAS,YAAY,EAC9B,YAAY,qBAAqB,EACjC,OAAO,CAAC,KAAa,IAAI,MAAe;AACvC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,QAAQ,KAAK,UAAU,aAAa,IAAI,SAAS,GAAG;AAC1D,YAAQ,OAAO,MAAM,GAAG,SAAS,EAAE;AAAA,CAAI;AAAA,EACzC,CAAC;AAEH,mBAAiB,UAAU,QAAQ,eAAe,CAAC,EAChD,YAAY,0BAA0B,EACtC,OAAO,CAAC,OAAO,MAAe;AAC7B,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,gBAAY,KAAK,UAAU,sBAAsB,GAAG;AAAA,MAClD,QAAQ,IAAI;AAAA,MACZ,OAAO,IAAI;AAAA,IACb,CAAC;AAAA,EACH,CAAC;AAEH,YAAU,OAAO,OAAO,OAAO,MAAe;AAC5C,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,KAAK,UAAU,mBAAmB,GAAG;AAAA,EAC7C,CAAC;AACH;AAEA,SAAS,mBAAmB,SAAkBA,WAA0B;AACtE,UACG,QAAQ,YAAY,EACpB,SAAS,WAAW,0CAA0C,iBAAiB,KAAK,KAAK,CAAC,GAAG,EAC7F,YAAY,kCAAkC,EAC9C,OAAO,CAAC,UAAkB;AACzB,QAAI,CAAE,iBAAuC,SAAS,KAAK,GAAG;AAC5D,YAAM,IAAI;AAAA,QACR,sBAAsB,KAAK,kBAAkB,iBAAiB,KAAK,IAAI,CAAC;AAAA,MAC1E;AAAA,IACF;AACA,YAAQ,OAAO,MAAM,iBAAiB,KAAc,CAAC;AAAA,EACvD,CAAC;AAGH,QAAM,WAAW,IAAI,QAAQ,YAAY,EACtC,SAAS,cAAc,8BAA8B,EACrD,OAAO,CAAC,QAAkB,CAAC,MAAM;AAChC,eAAW,aAAa,aAAa,OAAOA,SAAQ,EAAG,SAAQ,OAAO,MAAM,GAAG,SAAS;AAAA,CAAI;AAAA,EAC9F,CAAC;AACH,UAAQ,WAAW,UAAU,EAAE,QAAQ,KAAK,CAAC;AAC/C;AAGO,SAAS,aAAaA,WAAoB,OAAoB,oBAA6B;AAChG,QAAM,UAAU,IAAI,QAAQ;AAC5B,UACG,KAAK,SAAS,EACd,YAAY,gFAA2E,EACvF,QAAQ,aAAa,eAAe,EACpC,mBAAmB,wBAAwB;AAC9C,mBAAiB,OAAO;AACxB,UAAQ,YAAY,SAAS;AAAA,EAAK,cAAc,CAAC,EAAE;AAEnD,oBAAkB,SAASA,WAAU,IAAI;AACzC,eAAa,SAAS,IAAI;AAC1B,oBAAkB,SAAS,IAAI;AAC/B,qBAAmB,SAASA,SAAQ;AAEpC,SAAO;AACT;;;AJ9TA,SAAS,YAAY,KAAsB;AACzC,MAAI,eAAe,WAAY,QAAO;AACtC,MAAI,eAAe,UAAW,QAAO;AACrC,MAAI,eAAe,SAAU,QAAO;AACpC,SAAO;AACT;AAEA,eAAe,OAAsB;AACnC,QAAM,OAAO,QAAQ;AACrB,QAAM,QAAQ,KAAK,SAAS,SAAS;AACrC,MAAI;AACF,UAAM,UAAU,aAAa,QAAQ;AACrC,YAAQ,aAAa;AAGrB,QAAI,KAAK,MAAM,CAAC,EAAE,WAAW,GAAG;AAC9B,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,UAAM,QAAQ,WAAW,IAAI;AAAA,EAC/B,SAAS,KAAK;AAEZ,QAAI,eAAe,gBAAgB;AACjC,cAAQ,WAAW,IAAI,aAAa,IAAI,IAAI;AAC5C;AAAA,IACF;AACA,UAAM,QAAQ,CAAC,KAAK,SAAS,YAAY,KAAK,CAAC,QAAQ,IAAI;AAC3D,eAAW,KAAK,EAAE,OAAO,MAAM,CAAC;AAChC,YAAQ,WAAW,YAAY,GAAG;AAAA,EACpC;AACF;AAEA,KAAK,KAAK;","names":["readFileSync","writeFileSync","readFileSync","writeFileSync","randomBytes","randomBytes","manifest","current","readFileSync","writeFileSync","readFileSync","writeFileSync","res","manifest"]}
1	+ {"version":3,"sources":["../../src/bin/propper.ts","../../src/output/printer.ts","../../src/output/format.ts","../../src/output/query.ts","../../src/runtime/program.ts","../../package.json","../../src/constants.ts","../../src/auth/oidc.ts","../../src/auth/token-store.ts","../../src/config/paths.ts","../../src/config/store.ts","../../src/auth/chain.ts","../../src/commands/auth/deps.ts","../../src/commands/auth/export.ts","../../src/commands/auth/login.ts","../../src/commands/auth/logout.ts","../../src/commands/auth/status.ts","../../src/commands/completion.ts","../../src/commands/configure/index.ts","../../src/runtime/dispatch.ts","../../src/manifest/types.ts","../../src/runtime/options.ts"],"sourcesContent":["#!/usr/bin/env node\nimport { CommanderError } from \"commander\";\nimport { manifest } from \"../generated/client.js\";\nimport { ApiError, AuthError, UsageError } from \"../http/errors.js\";\nimport { printError } from \"../output/printer.js\";\nimport { buildProgram } from \"../runtime/program.js\";\n\nfunction exitCodeFor(err: unknown): number {\n if (err instanceof UsageError) return 2;\n if (err instanceof AuthError) return 3;\n if (err instanceof ApiError) return 4;\n return 1;\n}\n\nasync function main(): Promise<void> {\n const argv = process.argv;\n const debug = argv.includes(\"--debug\");\n try {\n const program = buildProgram(manifest);\n program.exitOverride();\n\n // No arguments: show help and exit cleanly.\n if (argv.slice(2).length === 0) {\n program.outputHelp();\n return;\n }\n\n await program.parseAsync(argv);\n } catch (err) {\n // commander already printed help/version/usage errors before throwing.\n if (err instanceof CommanderError) {\n process.exitCode = err.exitCode === 0 ? 0 : 2;\n return;\n }\n const color = !argv.includes(\"--no-color\") && !process.env.NO_COLOR;\n printError(err, { debug, color });\n process.exitCode = exitCodeFor(err);\n }\n}\n\nvoid main();\n","import ora, { type Ora } from \"ora\";\nimport pc from \"picocolors\";\nimport { ApiError } from \"../http/errors.js\";\nimport { type OutputFormat, formatOutput, isOutputFormat } from \"./format.js\";\nimport { applyQuery } from \"./query.js\";\n\nexport interface Palette {\n red: (s: string) => string;\n green: (s: string) => string;\n yellow: (s: string) => string;\n dim: (s: string) => string;\n bold: (s: string) => string;\n}\n\nconst identity = (s: string) => s;\n\nexport function palette(enabled: boolean): Palette {\n if (!enabled)\n return { red: identity, green: identity, yellow: identity, dim: identity, bold: identity };\n return { red: pc.red, green: pc.green, yellow: pc.yellow, dim: pc.dim, bold: pc.bold };\n}\n\nexport interface RenderOptions {\n output: string;\n query?: string;\n}\n\n/** Apply --query then format. Falls back to json for unknown formats. /\nexport function renderResult(data: unknown, opts: RenderOptions): string {\n const filtered = applyQuery(data, opts.query);\n const format: OutputFormat = isOutputFormat(opts.output) ? opts.output : \"json\";\n return formatOutput(filtered, format);\n}\n\nexport function printResult(\n data: unknown,\n opts: RenderOptions,\n out: NodeJS.WritableStream = process.stdout,\n): void {\n out.write(`${renderResult(data, opts)}\\n`);\n}\n\nconst STATUS_TEXT: Record<number, string> = {\n 400: \"Bad Request\",\n 401: \"Unauthorized\",\n 403: \"Forbidden\",\n 404: \"Not Found\",\n 405: \"Method Not Allowed\",\n 409: \"Conflict\",\n 410: \"Gone\",\n 422: \"Unprocessable Entity\",\n 429: \"Too Many Requests\",\n 500: \"Internal Server Error\",\n 502: \"Bad Gateway\",\n 503: \"Service Unavailable\",\n 504: \"Gateway Timeout\",\n};\n\nfunction indent(text: string, pad = \" \"): string {\n return text\n .split(\"\\n\")\n .map((line) => `${pad}${line}`)\n .join(\"\\n\");\n}\n\n/\n The structured part of an error body worth showing below the message line:\n * a non-empty string (different from the message), a non-empty array, or an\n * object with keys beyond the already-shown message/error/code.\n /\nfunction extraBody(body: unknown, message: string): unknown \| undefined {\n if (body == null) return undefined;\n if (typeof body === \"string\") {\n const t = body.trim();\n return t && t !== message ? body : undefined;\n }\n if (Array.isArray(body)) return body.length ? body : undefined;\n if (typeof body === \"object\") {\n const rest: Record<string, unknown> = { ...(body as Record<string, unknown>) };\n for (const k of [\"message\", \"error\", \"code\"]) {\n if (typeof rest[k] === \"string\") delete rest[k];\n }\n return Object.keys(rest).length ? body : undefined;\n }\n return undefined;\n}\n\n/* Render an ApiError as a multi-line, actionable block. /\nexport function formatApiError(err: ApiError, colors: Palette): string {\n const statusText = STATUS_TEXT[err.status];\n const head = err.status\n ? `HTTP ${err.status}${statusText ? ` ${statusText}` : \"\"}`\n : \"Request failed\";\n const where = err.method && err.path ? ` on ${colors.bold(`${err.method} ${err.path}`)}` : \"\";\n const lines = [`${colors.red(\"error\")}: ${head}${where}`];\n\n const msg = err.message?.trim() ?? \"\";\n const generic = `${err.status} ${statusText ?? \"\"}`.trim();\n if (msg && msg !== generic && msg !== head) lines.push(` ${msg}`);\n\n const details = extraBody(err.body, msg);\n if (details !== undefined) {\n const rendered = typeof details === \"string\" ? details : JSON.stringify(details, null, 2);\n lines.push(colors.dim(indent(rendered)));\n }\n if (err.code) lines.push(colors.dim(` code: ${err.code}`));\n if (err.requestId) lines.push(colors.dim(` request id: ${err.requestId}`));\n if (err.operation) {\n lines.push(\n colors.dim(\n ` hint: run \\`propper ${err.operation} --help\\` for required parameters, or re-run with --debug`,\n ),\n );\n }\n return lines.join(\"\\n\");\n}\n\nexport function printError(\n err: unknown,\n opts: { debug?: boolean; color?: boolean } = {},\n out: NodeJS.WritableStream = process.stderr,\n): void {\n const colors = palette(opts.color ?? true);\n if (err instanceof ApiError) {\n out.write(`${formatApiError(err, colors)}\\n`);\n if (opts.debug && err.stack) out.write(`${colors.dim(err.stack)}\\n`);\n return;\n }\n const message = err instanceof Error ? err.message : String(err);\n out.write(`${colors.red(\"error\")}: ${message}\\n`);\n if (opts.debug && err instanceof Error && err.stack) out.write(`${colors.dim(err.stack)}\\n`);\n}\n\n/* A spinner that is a no-op when quiet or not attached to a TTY. /\nexport function makeSpinner(text: string, opts: { quiet?: boolean } = {}): Ora \| undefined {\n if (opts.quiet \|\| !process.stderr.isTTY) return undefined;\n return ora({ text, stream: process.stderr }).start();\n}\n","import Table from \"cli-table3\";\nimport { stringify as yamlStringify } from \"yaml\";\n\nexport type OutputFormat = \"json\" \| \"yaml\" \| \"table\" \| \"text\";\n\nexport const OUTPUT_FORMATS: OutputFormat[] = [\"json\", \"yaml\", \"table\", \"text\"];\n\nexport function isOutputFormat(value: string): value is OutputFormat {\n return (OUTPUT_FORMATS as string[]).includes(value);\n}\n\n/* Max width of a rendered table cell before it is truncated with an ellipsis. /\nconst MAX_CELL_WIDTH = 40;\n\n/* An array whose every element is a plain object (an empty array qualifies). /\nfunction isObjectArray(value: unknown): value is Record<string, unknown>[] {\n return (\n Array.isArray(value) &&\n value.every((d) => d !== null && typeof d === \"object\" && !Array.isArray(d))\n );\n}\n\n/* Conventional collection keys, preferred when an envelope has several arrays. /\nconst COLLECTION_KEYS = [\"data\", \"items\", \"results\", \"records\", \"rows\", \"list\"];\n\n/\n Resolve the array of records to tabularize. List endpoints wrap their rows in\n * an envelope object — `{ agreements: [...] }`, `{ data: [...], pagination:\n * {...} }`, etc. — so when the value isn't already a record array, unwrap its\n * object-array property. Prefer a conventional collection key (`data`, …); else\n * unwrap a lone array, but only when it is the whole payload — a response like a\n * chat reply `{ answer, sources: [...], … }` keeps its scalar `answer` content,\n * so it stays a single object (the caller renders it as a key/value table).\n * Returns null when there's no unwrappable collection.\n /\nfunction collectionRows(data: unknown): Record<string, unknown>[] \| null {\n if (isObjectArray(data)) return data;\n if (data !== null && typeof data === \"object\" && !Array.isArray(data)) {\n const obj = data as Record<string, unknown>;\n const arrayKeys = Object.keys(obj).filter((k) => isObjectArray(obj[k]));\n // A conventional collection key is an unambiguous list wrapper — unwrap it\n // even alongside scalar metadata (e.g. locker lists carry a sibling `orgId`).\n const conventional = COLLECTION_KEYS.find((k) => arrayKeys.includes(k));\n if (conventional !== undefined) return obj[conventional] as Record<string, unknown>[];\n // Otherwise unwrap a lone array only when it is the whole payload. A chat\n // reply `{ answer, sources: [...], … }` has one object-array (`sources`) but\n // its content is the scalar `answer`, so it must not be flattened to sources.\n const soleKey = arrayKeys.length === 1 ? arrayKeys[0] : undefined;\n if (soleKey !== undefined && !hasScalarContent(obj, soleKey)) {\n return obj[soleKey] as Record<string, unknown>[];\n }\n }\n return null;\n}\n\nfunction isEmpty(value: unknown): boolean {\n return (\n value === null \|\|\n value === undefined \|\|\n value === \"\" \|\|\n (Array.isArray(value) && value.length === 0)\n );\n}\n\n/* True if the object has a non-empty primitive field other than `excludeKey`. /\nfunction hasScalarContent(obj: Record<string, unknown>, excludeKey: string): boolean {\n return Object.entries(obj).some(\n ([k, v]) =>\n k !== excludeKey &&\n (typeof v === \"string\" \|\| typeof v === \"number\" \|\| typeof v === \"boolean\") &&\n !isEmpty(v),\n );\n}\n\n/* Full-fidelity scalar — used by text output (scripting); never truncated. /\nfunction scalar(value: unknown): string {\n if (value === null \|\| value === undefined) return \"\";\n if (typeof value === \"object\") return JSON.stringify(value);\n return String(value);\n}\n\n/* Compact, width-bounded cell for human-readable tables. /\nfunction tableCell(value: unknown): string {\n if (value === null \|\| value === undefined) return \"\";\n if (Array.isArray(value)) {\n return value.length === 0 ? \"\" : `${value.length} item${value.length === 1 ? \"\" : \"s\"}`;\n }\n if (typeof value === \"object\") return \"{…}\";\n const s = String(value);\n return s.length > MAX_CELL_WIDTH ? `${s.slice(0, MAX_CELL_WIDTH - 1)}…` : s;\n}\n\nfunction toTable(data: Record<string, unknown>[]): string {\n const allColumns = [...new Set(data.flatMap((row) => Object.keys(row)))];\n // Drop columns that are empty in every row so the table isn't padded out by\n // fields the API always returns null/empty. Keep all if that leaves nothing.\n const nonEmpty = allColumns.filter((c) => data.some((row) => !isEmpty(row[c])));\n const columns = nonEmpty.length > 0 ? nonEmpty : allColumns;\n const table = new Table({ head: columns });\n for (const row of data) table.push(columns.map((c) => tableCell(row[c])));\n return table.toString();\n}\n\n/* Max width of the value column in a key/value table before it word-wraps. /\nconst MAX_VALUE_WIDTH = 60;\n\nconst longestLine = (s: string): number => Math.max(0, ...s.split(\"\\n\").map((l) => l.length));\n\n/\n Full-fidelity cell for a key/value table: scalars are shown in full (the\n * value may be the payload, e.g. a chat `answer`, so the table wraps rather than\n * truncates them); arrays are summarized by count; nested objects render as\n * compact JSON (e.g. `tokenUsage`).\n /\nfunction objectValueCell(value: unknown): string {\n if (value === null \|\| value === undefined) return \"\";\n if (Array.isArray(value)) {\n return value.length === 0 ? \"\" : `${value.length} item${value.length === 1 ? \"\" : \"s\"}`;\n }\n if (typeof value === \"object\") return JSON.stringify(value);\n return String(value);\n}\n\n/\n Render a single object as a two-column key/value table — used for responses\n * that aren't collections (e.g. a chat reply, a get-by-id result). Empty fields\n * are dropped (kept if that leaves nothing); the value column word-wraps so long\n * content like a full `answer` stays readable instead of overflowing.\n /\nfunction toObjectTable(obj: Record<string, unknown>): string {\n const entries = Object.entries(obj);\n const shown = entries.filter(([, v]) => !isEmpty(v));\n const rows = (shown.length > 0 ? shown : entries).map(\n ([k, v]) => [k, objectValueCell(v)] as [string, string],\n );\n const keyWidth = Math.max(\"field\".length, ...rows.map(([k]) => k.length));\n const valueWidth = Math.min(\n MAX_VALUE_WIDTH,\n Math.max(\"value\".length, ...rows.map(([, v]) => longestLine(v))),\n );\n const table = new Table({\n head: [\"field\", \"value\"],\n colWidths: [keyWidth + 2, valueWidth + 2],\n wordWrap: true,\n });\n for (const row of rows) table.push(row);\n return table.toString();\n}\n\nfunction toText(data: unknown): string {\n const rows = collectionRows(data);\n if (rows) {\n const columns = [...new Set(rows.flatMap((row) => Object.keys(row)))];\n return rows.map((row) => columns.map((c) => scalar(row[c])).join(\"\\t\")).join(\"\\n\");\n }\n if (Array.isArray(data)) {\n return data.map((item) => scalar(item)).join(\"\\n\");\n }\n if (data !== null && typeof data === \"object\") {\n return Object.entries(data as Record<string, unknown>)\n .map(([k, v]) => `${k}\\t${scalar(v)}`)\n .join(\"\\n\");\n }\n return scalar(data);\n}\n\n/* Render a value in the requested output format. /\nexport function formatOutput(data: unknown, format: OutputFormat): string {\n switch (format) {\n case \"yaml\":\n return yamlStringify(data).trimEnd();\n case \"table\": {\n const rows = collectionRows(data);\n if (rows) return rows.length > 0 ? toTable(rows) : \"(no items)\";\n // Not a collection: render a single object as a key/value table; fall back\n // to JSON for scalars and arrays of non-objects.\n if (data !== null && typeof data === \"object\" && !Array.isArray(data)) {\n return toObjectTable(data as Record<string, unknown>);\n }\n return JSON.stringify(data, null, 2);\n }\n case \"text\":\n return toText(data);\n default:\n return JSON.stringify(data, null, 2);\n }\n}\n","import as jmespath from \"jmespath\";\n\n/** Apply a JMESPath expression (AWS-CLI `--query`), or return data unchanged. /\nexport function applyQuery(data: unknown, expression?: string): unknown {\n if (!expression) return data;\n return jmespath.search(data, expression);\n}\n","import { Command } from \"commander\";\nimport { authExport as defaultAuthExport } from \"../commands/auth/export.js\";\nimport {\n loginClientCredentials as defaultLoginClientCredentials,\n loginPkce as defaultLoginPkce,\n loginWithToken as defaultLoginWithToken,\n} from \"../commands/auth/login.js\";\nimport { logout as defaultLogout } from \"../commands/auth/logout.js\";\nimport { authStatus as defaultAuthStatus } from \"../commands/auth/status.js\";\nimport {\n SUPPORTED_SHELLS,\n type Shell,\n completeArgs,\n completionScript,\n} from \"../commands/completion.js\";\nimport {\n configureGet as defaultConfigureGet,\n configureListProfiles as defaultConfigureListProfiles,\n configureSet as defaultConfigureSet,\n runConfigureWizard as defaultRunConfigureWizard,\n} from \"../commands/configure/index.js\";\nimport { CLI_VERSION, ENV } from \"../constants.js\";\nimport { UsageError } from \"../http/errors.js\";\nimport type { Manifest, OperationEntry } from \"../manifest/types.js\";\nimport { printResult } from \"../output/printer.js\";\nimport { dispatch as defaultDispatch } from \"./dispatch.js\";\nimport { type CliContext, buildContext as defaultBuildContext } from \"./options.js\";\n\nexport interface ProgramDeps {\n buildContext: (globals: Record<string, unknown>) => CliContext;\n dispatch: typeof defaultDispatch;\n auth: {\n loginWithToken: typeof defaultLoginWithToken;\n loginClientCredentials: typeof defaultLoginClientCredentials;\n loginPkce: typeof defaultLoginPkce;\n logout: typeof defaultLogout;\n authStatus: typeof defaultAuthStatus;\n authExport: typeof defaultAuthExport;\n };\n configure: {\n configureSet: typeof defaultConfigureSet;\n configureGet: typeof defaultConfigureGet;\n configureListProfiles: typeof defaultConfigureListProfiles;\n runConfigureWizard: typeof defaultRunConfigureWizard;\n };\n}\n\nexport const defaultProgramDeps: ProgramDeps = {\n buildContext: (globals) => defaultBuildContext(globals),\n dispatch: defaultDispatch,\n auth: {\n loginWithToken: defaultLoginWithToken,\n loginClientCredentials: defaultLoginClientCredentials,\n loginPkce: defaultLoginPkce,\n logout: defaultLogout,\n authStatus: defaultAuthStatus,\n authExport: defaultAuthExport,\n },\n configure: {\n configureSet: defaultConfigureSet,\n configureGet: defaultConfigureGet,\n configureListProfiles: defaultConfigureListProfiles,\n runConfigureWizard: defaultRunConfigureWizard,\n },\n};\n\n/* Attach the global options that every actionable command understands. /\nfunction addGlobalOptions(cmd: Command): Command {\n return cmd\n .option(\"--profile <name>\", \"Config profile to use\")\n .option(\"--output <format>\", \"Output format: json\|table\|yaml\|text\")\n .option(\"--query <jmespath>\", \"JMESPath filter expression (like AWS --query)\")\n .option(\"--base-url <url>\", \"Override the API base URL\")\n .option(\"--auth-base-url <url>\", \"Override the auth base URL\")\n .option(\"--client-id <id>\", \"Client-credentials (M2M) client id\")\n .option(\"--token <token>\", \"Bearer token (overrides stored credentials)\")\n .option(\"--no-color\", \"Disable colored output\")\n .option(\"--quiet\", \"Suppress spinners and non-essential output\")\n .option(\"--debug\", \"Print request/response debug info\");\n}\n\n/\n Top-level help footer documenting the environment-variable overrides the CLI\n * honors. Variable names come from the `ENV` constant so this can't drift from\n * what the CLI actually reads; `NO_COLOR` is a standard var handled in\n * `buildContext`. Flag column lists the equivalent command-line override.\n /\nfunction renderEnvHelp(): string {\n const rows: Array<{ name: string; desc: string; flag?: string }> = [\n { name: ENV.token, desc: \"Bearer token (overrides stored credentials)\" },\n { name: ENV.profile, desc: \"Active profile\", flag: \"--profile\" },\n { name: ENV.apiBaseUrl, desc: \"API base URL\", flag: \"--base-url\" },\n { name: ENV.authBaseUrl, desc: \"Auth base URL\", flag: \"--auth-base-url\" },\n { name: ENV.clientId, desc: \"Client-credentials (M2M) client id\", flag: \"--client-id\" },\n { name: ENV.clientSecret, desc: \"Client-credentials (M2M) client secret\" },\n { name: ENV.configDir, desc: \"Config directory (default ~/.propper)\" },\n { name: \"NO_COLOR\", desc: \"Disable colored output\", flag: \"--no-color\" },\n ];\n const nameWidth = Math.max(...rows.map((r) => r.name.length));\n const descWidth = Math.max(...rows.map((r) => r.desc.length));\n const lines = rows.map((r) => {\n const left = ` ${r.name.padEnd(nameWidth)} ${r.desc.padEnd(descWidth)}`;\n return r.flag ? `${left} (${r.flag})` : left.trimEnd();\n });\n return [\n \"Environment variables:\",\n ...lines,\n \"\",\n \"Precedence: command flags > environment variables > profile config > built-in defaults.\",\n ].join(\"\\n\");\n}\n\n/* Make a group command print its help (instead of erroring) when run bare. /\nfunction showHelpWhenEmpty(cmd: Command): Command {\n return cmd.action(() => cmd.help());\n}\n\nfunction addApiCommand(topicCmd: Command, entry: OperationEntry, deps: ProgramDeps): void {\n const cmd = topicCmd.command(entry.command);\n if (entry.summary) cmd.description(entry.summary);\n\n const added = new Set<string>();\n const add = (flag: string, desc: string, required = false): void => {\n const key = flag.split(\" \")[0] ?? flag;\n if (added.has(key)) return;\n added.add(key);\n if (required) cmd.requiredOption(flag, desc);\n else cmd.option(flag, desc);\n };\n\n for (const p of entry.pathParams) {\n add(`${p.flag} <value>`, p.description ?? `path parameter '${p.name}'`, true);\n }\n for (const p of entry.queryParams) {\n add(`${p.flag} <value>`, p.description ?? `query parameter '${p.name}'`);\n }\n for (const f of entry.bodyFields) {\n const desc = `${f.description ?? `body field '${f.name}'`}${f.required ? \" (required)\" : \"\"}`;\n add(f.type === \"boolean\" ? f.flag : `${f.flag} <value>`, desc);\n }\n if (entry.hasBody) {\n add(\"--input-json <json\|@file>\", \"Raw JSON body: a string, @file.json, or '-' for stdin\");\n }\n if (entry.fileField) {\n add(\"--file <path>\", `Local file for the '${entry.fileField}' field (base64-encoded)`);\n }\n if (entry.produces === \"binary\") {\n add(\"--output-file <path>\", \"Write the binary response to a file (else stdout)\");\n }\n if (entry.queryParams.some((p) => p.name === \"page\")) {\n add(\"--all\", \"Auto-paginate and return all pages\");\n }\n\n addGlobalOptions(cmd);\n cmd.action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n await deps.dispatch(entry, c.opts(), ctx);\n });\n}\n\nfunction registerApiTopics(program: Command, manifest: Manifest, deps: ProgramDeps): void {\n // Three-level tree: propper <api> <topic> <command>. APIs are namespaced\n // because topics overlap across specs (e.g. \"documents\"/\"templates\").\n const apiCmds = new Map<string, Command>();\n const topicCmds = new Map<string, Command>();\n\n for (const api of manifest.apis) {\n const title = api.title.replace(/\\sAPI$/i, \"\");\n const apiCmd = program.command(api.name).description(`${title} API`);\n showHelpWhenEmpty(apiCmd);\n apiCmds.set(api.name, apiCmd);\n }\n\n for (const entry of manifest.operations) {\n const apiCmd = apiCmds.get(entry.api);\n if (!apiCmd) continue;\n const topicKey = `${entry.api}:${entry.topic}`;\n let topicCmd = topicCmds.get(topicKey);\n if (!topicCmd) {\n topicCmd = apiCmd.command(entry.topic).description(`Manage ${entry.topic}`);\n showHelpWhenEmpty(topicCmd);\n topicCmds.set(topicKey, topicCmd);\n }\n addApiCommand(topicCmd, entry, deps);\n }\n}\n\nfunction registerAuth(program: Command, deps: ProgramDeps): void {\n const auth = program.command(\"auth\").description(\"Authenticate with Propper\");\n showHelpWhenEmpty(auth);\n\n const login = addGlobalOptions(auth.command(\"login\"))\n .description(\"Log in via browser (PKCE), --client-credentials, or --token\")\n .option(\"--client-credentials\", \"Use the OAuth client-credentials grant (CI)\")\n .option(\n \"--scope <scope>\",\n \"Space-separated OAuth scopes to request (defaults to the full propper-cli set)\",\n )\n .action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const o = c.opts();\n if (ctx.explicitToken) {\n deps.auth.loginWithToken(ctx, ctx.explicitToken);\n } else if (o.clientCredentials) {\n if (!ctx.clientId \|\| !ctx.clientSecret) {\n throw new UsageError(\n `Set a client id (--client-id / ${ENV.clientId} / \\`propper configure\\`) and ${ENV.clientSecret} to use --client-credentials.`,\n );\n }\n await deps.auth.loginClientCredentials(ctx, ctx.clientSecret, o.scope);\n } else {\n const { authorizeUrl } = await deps.auth.loginPkce(ctx, o.scope);\n process.stderr.write(`Opening browser to authorize...\\n ${authorizeUrl}\\n`);\n }\n process.stdout.write(`✓ Logged in to profile \"${ctx.profile}\".\\n`);\n });\n void login;\n\n addGlobalOptions(auth.command(\"logout\"))\n .description(\"Revoke and clear stored credentials\")\n .action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const ok = await deps.auth.logout(ctx);\n process.stdout.write(ok ? `✓ Logged out of \"${ctx.profile}\".\\n` : \"Nothing to log out of.\\n\");\n });\n\n addGlobalOptions(auth.command(\"status\"))\n .alias(\"whoami\")\n .description(\"Show the current identity and token status\")\n .action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const status = await deps.auth.authStatus(ctx);\n printResult(status, { output: ctx.output, query: ctx.query });\n });\n\n addGlobalOptions(auth.command(\"export\"))\n .option(\"--unmasked\", \"Reveal token, client id, and client secret values in full\")\n .description(\"Export the active profile's stored credentials (masked by default)\")\n .action((_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const data = deps.auth.authExport(ctx, { unmasked: Boolean(c.opts().unmasked) });\n printResult(data, { output: ctx.output, query: ctx.query });\n });\n}\n\nfunction registerConfigure(program: Command, deps: ProgramDeps): void {\n const configure = addGlobalOptions(program.command(\"configure\")).description(\n \"Configure profiles (base URLs, client id + secret, default output, token)\",\n );\n\n addGlobalOptions(configure.command(\"set\"))\n .argument(\"<key>\", \"Config key\")\n .argument(\"<value>\", \"Value\")\n .description(\"Set a profile value\")\n .action((key: string, value: string, _o, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n deps.configure.configureSet(ctx.profile, key, value);\n process.stdout.write(`✓ Set ${key} for profile \"${ctx.profile}\".\\n`);\n });\n\n addGlobalOptions(configure.command(\"get\"))\n .argument(\"<key>\", \"Config key\")\n .description(\"Get a profile value\")\n .action((key: string, _o, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n const value = deps.configure.configureGet(ctx.profile, key);\n process.stdout.write(`${value ?? \"\"}\\n`);\n });\n\n addGlobalOptions(configure.command(\"list-profiles\"))\n .description(\"List configured profiles\")\n .action((_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n printResult(deps.configure.configureListProfiles(), {\n output: ctx.output,\n query: ctx.query,\n });\n });\n\n configure.action(async (_opts, c: Command) => {\n const ctx = deps.buildContext(c.optsWithGlobals());\n await deps.configure.runConfigureWizard(ctx);\n });\n}\n\nfunction registerCompletion(program: Command, manifest: Manifest): void {\n program\n .command(\"completion\")\n .argument(\"<shell>\", `shell to emit a completion script for (${SUPPORTED_SHELLS.join(\" \| \")})`)\n .description(\"Output a shell completion script\")\n .action((shell: string) => {\n if (!(SUPPORTED_SHELLS as readonly string[]).includes(shell)) {\n throw new UsageError(\n `Unsupported shell \"${shell}\". Use one of: ${SUPPORTED_SHELLS.join(\", \")}`,\n );\n }\n process.stdout.write(completionScript(shell as Shell));\n });\n\n // Hidden machinery the generated completion scripts call to list candidates.\n const complete = new Command(\"__complete\")\n .argument(\"[words...]\", \"tokens typed after `propper`\")\n .action((words: string[] = []) => {\n for (const candidate of completeArgs(words, manifest)) process.stdout.write(`${candidate}\\n`);\n });\n program.addCommand(complete, { hidden: true });\n}\n\n/** Build the full commander program from the manifest + hand-authored commands. /\nexport function buildProgram(manifest: Manifest, deps: ProgramDeps = defaultProgramDeps): Command {\n const program = new Command();\n program\n .name(\"propper\")\n .description(\"Propper CLI — AWS-style, OpenAPI-generated interface for the Propper APIs\")\n .version(CLI_VERSION, \"-V, --version\")\n .showHelpAfterError(\"(add --help for usage)\");\n addGlobalOptions(program);\n program.addHelpText(\"after\", `\\n${renderEnvHelp()}`);\n\n registerApiTopics(program, manifest, deps);\n registerAuth(program, deps);\n registerConfigure(program, deps);\n registerCompletion(program, manifest);\n\n return program;\n}\n","{\n \"name\": \"@propper-ai/cli\",\n \"version\": \"0.4.0\",\n \"description\": \"Propper CLI — an AWS-style, OpenAPI-generated command-line interface for the Propper Sign + Auth APIs\",\n \"type\": \"module\",\n \"license\": \"MIT\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/mypropper/propper-cli.git\"\n },\n \"homepage\": \"https://github.com/mypropper/propper-cli#readme\",\n \"bugs\": {\n \"url\": \"https://github.com/mypropper/propper-cli/issues\"\n },\n \"keywords\": [\n \"propper\",\n \"cli\",\n \"e-signature\",\n \"esignature\",\n \"esign\",\n \"sign\",\n \"signing\",\n \"docgen\",\n \"document-generation\",\n \"openapi\",\n \"sdk\",\n \"api\"\n ],\n \"bin\": {\n \"propper\": \"./dist/bin/propper.js\"\n },\n \"exports\": {\n \"./generated/client\": \"./dist/generated/client.js\",\n \"./package.json\": \"./package.json\"\n },\n \"files\": [\n \"dist\",\n \"README.md\"\n ],\n \"engines\": {\n \"node\": \">=20\"\n },\n \"scripts\": {\n \"build\": \"tsup\",\n \"dev\": \"tsx src/bin/propper.ts\",\n \"dev:setup-local\": \"npm install && npm run build && npm install -g .\",\n \"dev:link-local\": \"npm install && npm run build && npm link\",\n \"dev:uninstall-local\": \"npm uninstall -g @propper-ai/cli\",\n \"dev:reinstall-local\": \"npm run dev:uninstall-local; npm run dev:link-local && node scripts/install-completion.mjs\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\",\n \"lint\": \"biome check .\",\n \"lint:fix\": \"biome check --write .\",\n \"typecheck\": \"tsc --noEmit\",\n \"generate\": \"tsx scripts/generate.ts\",\n \"sync-spec\": \"tsx scripts/sync-spec.ts\",\n \"spec-diff\": \"tsx scripts/spec-diff.ts\",\n \"prepare\": \"husky\"\n },\n \"dependencies\": {\n \"cli-table3\": \"^0.6.5\",\n \"commander\": \"^12.1.0\",\n \"jmespath\": \"^0.16.0\",\n \"open\": \"^10.1.0\",\n \"ora\": \"^8.1.1\",\n \"picocolors\": \"^1.1.1\",\n \"yaml\": \"^2.6.1\"\n },\n \"devDependencies\": {\n \"@biomejs/biome\": \"^1.9.4\",\n \"@types/jmespath\": \"^0.15.2\",\n \"@types/node\": \"^20.17.6\",\n \"husky\": \"^9.1.7\",\n \"openapi-types\": \"^12.1.3\",\n \"tsup\": \"^8.3.5\",\n \"tsx\": \"^4.19.2\",\n \"typescript\": \"^5.7.2\",\n \"vitest\": \"^3.2.6\"\n }\n}\n","import pkg from \"../package.json\" with { type: \"json\" };\n\n/\n Build-time-ish constants. CLI_VERSION is derived from package.json — the\n * single source of truth that release-please bumps on release. esbuild inlines\n * this JSON import at build time, so the published binary carries the version\n * with no runtime file read. Never hand-edit a version here.\n /\nexport const CLI_VERSION = pkg.version;\n\nexport const USER_AGENT = `propper-cli/${CLI_VERSION}`;\n\nexport const DEFAULT_API_BASE_URL = \"https://api.propper.ai\";\nexport const DEFAULT_AUTH_BASE_URL = \"https://auth.propper.ai\";\n\n/\n Fixed public OAuth client_id for the browser PKCE Authorization Code flow\n * (and the refresh-token grant derived from it).\n \n This is immutable: it is the CLI's own public app identity, not a user\n * setting. It is never read from a flag, env var, or profile. (It must allow the\n * loopback redirect `http://127.0.0.1:<port>/callback`; replace this placeholder\n * with the official public CLI client_id once Propper registers one.)\n \n The user-configurable `client_id` (`--client-id` / `PROPPER_CLIENT_ID` /\n * `propper configure`) is a separate machine-to-machine (client-credentials)\n * client and is unrelated to this constant.\n /\nexport const OAUTH_CLIENT_ID = \"propper-cli\";\n\nexport const DEFAULT_PROFILE = \"default\";\nexport const DEFAULT_OUTPUT = \"json\";\n\nexport const ENV = {\n token: \"PROPPER_API_TOKEN\",\n profile: \"PROPPER_PROFILE\",\n apiBaseUrl: \"PROPPER_BASE_URL\",\n authBaseUrl: \"PROPPER_AUTH_BASE_URL\",\n /* Client-credentials (M2M) client id. /\n clientId: \"PROPPER_CLIENT_ID\",\n clientSecret: \"PROPPER_CLIENT_SECRET\",\n configDir: \"PROPPER_CONFIG_DIR\",\n} as const;\n","import { createHash, randomBytes } from \"node:crypto\";\n\nexport interface PkcePair {\n verifier: string;\n challenge: string;\n method: \"S256\";\n}\n\nexport interface Endpoints {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n introspection_endpoint: string;\n revocation_endpoint: string;\n}\n\nexport interface TokenResponse {\n access_token: string;\n token_type?: string;\n expires_in?: number;\n refresh_token?: string;\n scope?: string;\n id_token?: string;\n}\n\nexport interface UserInfo {\n sub?: string;\n email?: string;\n name?: string;\n preferred_username?: string;\n roles?: string[];\n org?: string;\n scope?: string;\n [key: string]: unknown;\n}\n\nexport interface IntrospectionResult {\n active: boolean;\n scope?: string;\n client_id?: string;\n sub?: string;\n exp?: number;\n [key: string]: unknown;\n}\n\nfunction base64url(buf: Buffer): string {\n return buf.toString(\"base64\").replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n\n/* Generate a PKCE verifier/challenge pair (RFC 7636, S256). /\nexport function generatePkce(): PkcePair {\n const verifier = base64url(randomBytes(32));\n const challenge = base64url(createHash(\"sha256\").update(verifier).digest());\n return { verifier, challenge, method: \"S256\" };\n}\n\n/* Conventional `/oauth2/` endpoints used when discovery is unavailable. /\nexport function fallbackEndpoints(authBaseUrl: string): Endpoints {\n const base = authBaseUrl.replace(/\\/$/, \"\");\n return {\n authorization_endpoint: `${base}/oauth2/authorize`,\n token_endpoint: `${base}/oauth2/token`,\n userinfo_endpoint: `${base}/oauth2/userinfo`,\n introspection_endpoint: `${base}/oauth2/introspect`,\n revocation_endpoint: `${base}/oauth2/revoke`,\n };\n}\n\n/** Fetch OIDC discovery doc, falling back to conventional endpoints on failure. /\nexport async function discover(\n authBaseUrl: string,\n fetchFn: typeof fetch = fetch,\n): Promise<Endpoints> {\n const base = authBaseUrl.replace(/\\/$/, \"\");\n const fallback = fallbackEndpoints(base);\n try {\n const res = await fetchFn(`${base}/.well-known/openid-configuration`);\n if (!res.ok) return fallback;\n const doc = (await res.json()) as Partial<Endpoints>;\n return {\n authorization_endpoint: doc.authorization_endpoint ?? fallback.authorization_endpoint,\n token_endpoint: doc.token_endpoint ?? fallback.token_endpoint,\n userinfo_endpoint: doc.userinfo_endpoint ?? fallback.userinfo_endpoint,\n introspection_endpoint: doc.introspection_endpoint ?? fallback.introspection_endpoint,\n revocation_endpoint: doc.revocation_endpoint ?? fallback.revocation_endpoint,\n };\n } catch {\n return fallback;\n }\n}\n\nasync function postForm(\n url: string,\n form: Record<string, string \| undefined>,\n fetchFn: typeof fetch,\n): Promise<Response> {\n const body = new URLSearchParams();\n for (const [k, v] of Object.entries(form)) if (v !== undefined) body.set(k, v);\n return fetchFn(url, {\n method: \"POST\",\n headers: { \"content-type\": \"application/x-www-form-urlencoded\", accept: \"application/json\" },\n body,\n });\n}\n\nasync function tokenCall(res: Response): Promise<TokenResponse> {\n const text = await res.text();\n if (!res.ok) {\n throw new Error(`Token request failed (${res.status}): ${text.slice(0, 300)}`);\n }\n return JSON.parse(text) as TokenResponse;\n}\n\nexport function buildAuthorizeUrl(opts: {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n scope: string;\n state: string;\n codeChallenge: string;\n}): string {\n const url = new URL(opts.authorizationEndpoint);\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"client_id\", opts.clientId);\n url.searchParams.set(\"redirect_uri\", opts.redirectUri);\n url.searchParams.set(\"scope\", opts.scope);\n url.searchParams.set(\"state\", opts.state);\n url.searchParams.set(\"code_challenge\", opts.codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n return url.toString();\n}\n\nexport function exchangeCode(\n opts: {\n tokenEndpoint: string;\n code: string;\n redirectUri: string;\n clientId: string;\n codeVerifier: string;\n clientSecret?: string;\n },\n fetchFn: typeof fetch = fetch,\n): Promise<TokenResponse> {\n return postForm(\n opts.tokenEndpoint,\n {\n grant_type: \"authorization_code\",\n code: opts.code,\n redirect_uri: opts.redirectUri,\n client_id: opts.clientId,\n code_verifier: opts.codeVerifier,\n client_secret: opts.clientSecret,\n },\n fetchFn,\n ).then(tokenCall);\n}\n\nexport function refresh(\n opts: { tokenEndpoint: string; refreshToken: string; clientId: string; clientSecret?: string },\n fetchFn: typeof fetch = fetch,\n): Promise<TokenResponse> {\n return postForm(\n opts.tokenEndpoint,\n {\n grant_type: \"refresh_token\",\n refresh_token: opts.refreshToken,\n client_id: opts.clientId,\n client_secret: opts.clientSecret,\n },\n fetchFn,\n ).then(tokenCall);\n}\n\nexport function clientCredentials(\n opts: { tokenEndpoint: string; clientId: string; clientSecret: string; scope?: string },\n fetchFn: typeof fetch = fetch,\n): Promise<TokenResponse> {\n return postForm(\n opts.tokenEndpoint,\n {\n grant_type: \"client_credentials\",\n client_id: opts.clientId,\n client_secret: opts.clientSecret,\n scope: opts.scope,\n },\n fetchFn,\n ).then(tokenCall);\n}\n\nexport async function revoke(\n opts: { revocationEndpoint: string; token: string; clientId: string; clientSecret?: string },\n fetchFn: typeof fetch = fetch,\n): Promise<void> {\n await postForm(\n opts.revocationEndpoint,\n { token: opts.token, client_id: opts.clientId, client_secret: opts.clientSecret },\n fetchFn,\n );\n}\n\nexport async function userinfo(\n opts: { userinfoEndpoint: string; accessToken: string },\n fetchFn: typeof fetch = fetch,\n): Promise<UserInfo> {\n const res = await fetchFn(opts.userinfoEndpoint, {\n headers: { authorization: `Bearer ${opts.accessToken}`, accept: \"application/json\" },\n });\n if (!res.ok) throw new Error(`userinfo failed (${res.status})`);\n return (await res.json()) as UserInfo;\n}\n\nexport async function introspect(\n opts: {\n introspectionEndpoint: string;\n token: string;\n clientId: string;\n clientSecret?: string;\n },\n fetchFn: typeof fetch = fetch,\n): Promise<IntrospectionResult> {\n const res = await postForm(\n opts.introspectionEndpoint,\n { token: opts.token, client_id: opts.clientId, client_secret: opts.clientSecret },\n fetchFn,\n );\n if (!res.ok) return { active: false };\n return (await res.json()) as IntrospectionResult;\n}\n","import { chmodSync, readFileSync, writeFileSync } from \"node:fs\";\nimport { credentialsFile } from \"../config/paths.js\";\nimport { ensureDirFor } from \"../config/store.js\";\n\nexport interface Credentials {\n /* Absent for secret-only entries written before the first grant. /\n access_token?: string;\n refresh_token?: string;\n /* Epoch milliseconds at which the access token expires. /\n expires_at?: number;\n scope?: string;\n /* Stored only for client-credentials profiles (CI). /\n client_secret?: string;\n}\n\ntype CredentialsFile = Record<string, Credentials>;\n\nfunction readAll(): CredentialsFile {\n try {\n return JSON.parse(readFileSync(credentialsFile(), \"utf8\")) as CredentialsFile;\n } catch {\n return {};\n }\n}\n\nfunction writeAll(all: CredentialsFile): void {\n const file = credentialsFile();\n ensureDirFor(file);\n // 0o600: readable/writable by owner only — these are bearer secrets.\n writeFileSync(file, `${JSON.stringify(all, null, 2)}\\n`, { mode: 0o600 });\n // Node only honors `mode` on creation; enforce it on every rewrite too.\n chmodSync(file, 0o600);\n}\n\nexport function readCredentials(profile: string): Credentials \| undefined {\n return readAll()[profile];\n}\n\nexport function writeCredentials(profile: string, creds: Credentials): void {\n const all = readAll();\n all[profile] = creds;\n writeAll(all);\n}\n\nexport function clearCredentials(profile: string): void {\n const all = readAll();\n delete all[profile];\n writeAll(all);\n}\n\n/* True when the access token is expired (or within `skewSec` of expiring). /\nexport function isExpired(creds: Credentials, skewSec = 60, now = Date.now()): boolean {\n if (!creds.expires_at) return false;\n return now >= creds.expires_at - skewSec 1000;\n}\n\n/** Convert an OAuth `expires_in` (seconds) to an absolute epoch-ms deadline. /\nexport function expiresAtFrom(expiresIn: number \| undefined, now = Date.now()): number \| undefined {\n return typeof expiresIn === \"number\" ? now + expiresIn 1000 : undefined;\n}\n","import { homedir } from \"node:os\";\nimport { join } from \"node:path\";\nimport { ENV } from \"../constants.js\";\n\n/** Root config directory: $PROPPER_CONFIG_DIR or ~/.propper. /\nexport function configDir(): string {\n return process.env[ENV.configDir] \|\| join(homedir(), \".propper\");\n}\n\nexport function configFile(): string {\n return join(configDir(), \"config.json\");\n}\n\nexport function credentialsFile(): string {\n return join(configDir(), \"credentials.json\");\n}\n","import { mkdirSync, readFileSync, writeFileSync } from \"node:fs\";\nimport { dirname } from \"node:path\";\nimport { configDir, configFile } from \"./paths.js\";\n\nexport interface ProfileConfig {\n api_base_url?: string;\n auth_base_url?: string;\n /* Client-credentials (M2M) client id. The OAuth login client is a constant. /\n client_id?: string;\n output?: string;\n}\n\nexport interface Config {\n default_profile?: string;\n profiles: Record<string, ProfileConfig>;\n}\n\n/* Non-secret profile keys settable via `configure set`. /\nexport const PROFILE_KEYS = [\"api_base_url\", \"auth_base_url\", \"client_id\", \"output\"] as const;\nexport type ProfileKey = (typeof PROFILE_KEYS)[number];\n\nexport function loadConfig(): Config {\n try {\n const raw = readFileSync(configFile(), \"utf8\");\n const parsed = JSON.parse(raw) as Partial<Config>;\n return { default_profile: parsed.default_profile, profiles: parsed.profiles ?? {} };\n } catch {\n return { profiles: {} };\n }\n}\n\nexport function saveConfig(config: Config): void {\n mkdirSync(configDir(), { recursive: true, mode: 0o700 });\n writeFileSync(configFile(), `${JSON.stringify(config, null, 2)}\\n`, { mode: 0o644 });\n}\n\nexport function getProfile(name: string): ProfileConfig {\n return loadConfig().profiles[name] ?? {};\n}\n\nexport function listProfiles(): string[] {\n return Object.keys(loadConfig().profiles).sort();\n}\n\nexport function setProfileValue(name: string, key: ProfileKey, value: string): void {\n const config = loadConfig();\n const profile = config.profiles[name] ?? {};\n profile[key] = value;\n config.profiles[name] = profile;\n if (!config.default_profile) config.default_profile = name;\n saveConfig(config);\n}\n\nexport function setDefaultProfile(name: string): void {\n const config = loadConfig();\n config.default_profile = name;\n if (!config.profiles[name]) config.profiles[name] = {};\n saveConfig(config);\n}\n\n/* Ensure parent dir exists for an arbitrary file under the config dir. /\nexport function ensureDirFor(filePath: string): void {\n mkdirSync(dirname(filePath), { recursive: true, mode: 0o700 });\n}\n","import { ENV, OAUTH_CLIENT_ID } from \"../constants.js\";\nimport { AuthError } from \"../http/errors.js\";\nimport {\n clientCredentials as defaultClientCredentials,\n discover as defaultDiscover,\n refresh as defaultRefresh,\n} from \"./oidc.js\";\nimport {\n type Credentials,\n readCredentials as defaultReadCredentials,\n writeCredentials as defaultWriteCredentials,\n expiresAtFrom,\n isExpired,\n} from \"./token-store.js\";\n\nexport interface ResolveDeps {\n readCredentials: (profile: string) => Credentials \| undefined;\n writeCredentials: (profile: string, creds: Credentials) => void;\n discover: typeof defaultDiscover;\n refresh: typeof defaultRefresh;\n clientCredentials: typeof defaultClientCredentials;\n}\n\nexport interface ResolveContext {\n /* Token passed explicitly via --token. Highest precedence. /\n explicitToken?: string;\n profile: string;\n authBaseUrl: string;\n /* Client-credentials (M2M) client id. The OAuth login client is a constant. /\n clientId?: string;\n clientSecret?: string;\n scope?: string;\n env?: NodeJS.ProcessEnv;\n fetchFn?: typeof fetch;\n deps?: Partial<ResolveDeps>;\n}\n\nexport type Provider = (ctx: ResolveContext, deps: ResolveDeps) => Promise<string \| null>;\n\nconst defaultDeps: ResolveDeps = {\n readCredentials: defaultReadCredentials,\n writeCredentials: defaultWriteCredentials,\n discover: defaultDiscover,\n refresh: defaultRefresh,\n clientCredentials: defaultClientCredentials,\n};\n\n/* 1. Explicit --token flag. /\nconst explicitProvider: Provider = async (ctx) => ctx.explicitToken ?? null;\n\n/* 2. PROPPER_API_TOKEN environment variable. /\nconst envProvider: Provider = async (ctx) => (ctx.env ?? process.env)[ENV.token] ?? null;\n\n/* 3. Stored OAuth tokens for the active profile, auto-refreshed when expired. /\nconst storedProvider: Provider = async (ctx, deps) => {\n const creds = deps.readCredentials(ctx.profile);\n if (!creds?.access_token) return null;\n if (!isExpired(creds)) return creds.access_token;\n if (!creds.refresh_token) return null;\n try {\n const endpoints = await deps.discover(ctx.authBaseUrl, ctx.fetchFn);\n // Refresh tokens only come from the PKCE browser login (the public OAuth\n // client); client-credentials grants don't issue them.\n const tok = await deps.refresh(\n {\n tokenEndpoint: endpoints.token_endpoint,\n refreshToken: creds.refresh_token,\n clientId: OAUTH_CLIENT_ID,\n },\n ctx.fetchFn,\n );\n const updated: Credentials = {\n access_token: tok.access_token,\n refresh_token: tok.refresh_token ?? creds.refresh_token,\n expires_at: expiresAtFrom(tok.expires_in),\n scope: tok.scope ?? creds.scope,\n client_secret: creds.client_secret,\n };\n deps.writeCredentials(ctx.profile, updated);\n return tok.access_token;\n } catch {\n return null;\n }\n};\n\n/* 4. Client-credentials grant (CI / service accounts), token cached. /\nconst clientCredentialsProvider: Provider = async (ctx, deps) => {\n if (!ctx.clientSecret \|\| !ctx.clientId) return null;\n const endpoints = await deps.discover(ctx.authBaseUrl, ctx.fetchFn);\n const tok = await deps.clientCredentials(\n {\n tokenEndpoint: endpoints.token_endpoint,\n clientId: ctx.clientId,\n clientSecret: ctx.clientSecret,\n scope: ctx.scope,\n },\n ctx.fetchFn,\n );\n deps.writeCredentials(ctx.profile, {\n access_token: tok.access_token,\n expires_at: expiresAtFrom(tok.expires_in),\n scope: tok.scope,\n client_secret: ctx.clientSecret,\n });\n return tok.access_token;\n};\n\n/* Ordered credential chain (AWS-style: first match wins). /\nexport const PROVIDERS: Provider[] = [\n explicitProvider,\n envProvider,\n storedProvider,\n clientCredentialsProvider,\n];\n\n/* Resolve a bearer token from the credential chain, or throw AuthError. /\nexport async function resolveToken(ctx: ResolveContext): Promise<string> {\n const deps = { ...defaultDeps, ...ctx.deps };\n for (const provider of PROVIDERS) {\n const token = await provider(ctx, deps);\n if (token) return token;\n }\n throw new AuthError(\n \"Not authenticated. Run `propper auth login`, or set PROPPER_API_TOKEN / client credentials.\",\n );\n}\n","import { resolveToken as defaultResolveToken } from \"../../auth/chain.js\";\nimport {\n clientCredentials as defaultClientCredentials,\n discover as defaultDiscover,\n exchangeCode as defaultExchangeCode,\n introspect as defaultIntrospect,\n revoke as defaultRevoke,\n userinfo as defaultUserinfo,\n} from \"../../auth/oidc.js\";\nimport {\n clearCredentials as defaultClearCredentials,\n readCredentials as defaultReadCredentials,\n writeCredentials as defaultWriteCredentials,\n} from \"../../auth/token-store.js\";\n\n/* Injectable seam for the auth commands (overridden in tests). /\nexport interface AuthDeps {\n resolveToken: typeof defaultResolveToken;\n discover: typeof defaultDiscover;\n exchangeCode: typeof defaultExchangeCode;\n clientCredentials: typeof defaultClientCredentials;\n revoke: typeof defaultRevoke;\n userinfo: typeof defaultUserinfo;\n introspect: typeof defaultIntrospect;\n readCredentials: typeof defaultReadCredentials;\n writeCredentials: typeof defaultWriteCredentials;\n clearCredentials: typeof defaultClearCredentials;\n /* Open a URL in the user's browser (loopback PKCE flow). /\n openBrowser: (url: string) => Promise<unknown>;\n}\n\nexport const defaultAuthDeps: AuthDeps = {\n resolveToken: defaultResolveToken,\n discover: defaultDiscover,\n exchangeCode: defaultExchangeCode,\n clientCredentials: defaultClientCredentials,\n revoke: defaultRevoke,\n userinfo: defaultUserinfo,\n introspect: defaultIntrospect,\n readCredentials: defaultReadCredentials,\n writeCredentials: defaultWriteCredentials,\n clearCredentials: defaultClearCredentials,\n openBrowser: async (url: string) => {\n const { default: open } = await import(\"open\");\n return open(url);\n },\n};\n","import type { CliContext } from \"../../runtime/options.js\";\nimport { type AuthDeps, defaultAuthDeps } from \"./deps.js\";\n\n/* The active profile's auth material, as dumped by `propper auth export`. /\nexport interface AuthExport {\n profile: string;\n api_base_url: string;\n auth_base_url: string;\n client_id?: string;\n client_secret?: string;\n access_token?: string;\n refresh_token?: string;\n /* ISO-8601 expiry of the stored access token, when known. /\n token_expires_at?: string;\n scope?: string;\n}\n\n/* Reveal first/last 4 of a secret; fully mask anything short enough to expose. /\nfunction mask(value: string): string {\n return value.length > 8 ? `${value.slice(0, 4)}…${value.slice(-4)}` : \"*\";\n}\n\n/\n * Export the active profile's stored credentials. Sensitive fields — the JWT\n * access/refresh tokens, the client-credentials client id, and the client\n * secret — are masked unless `opts.unmasked` is set. Reads only what is on\n * disk (plus flag/env overrides), so it never hits the network and is safe\n * when nothing is stored.\n /\nexport function authExport(\n ctx: CliContext,\n opts: { unmasked?: boolean } = {},\n deps: AuthDeps = defaultAuthDeps,\n): AuthExport {\n const creds = deps.readCredentials(ctx.profile) ?? {};\n const reveal = opts.unmasked === true;\n const secret = (value: string \| undefined): string \| undefined =>\n value === undefined ? undefined : reveal ? value : mask(value);\n\n return {\n profile: ctx.profile,\n api_base_url: ctx.apiBaseUrl,\n auth_base_url: ctx.authBaseUrl,\n client_id: secret(ctx.clientId),\n client_secret: secret(ctx.clientSecret ?? creds.client_secret),\n access_token: secret(ctx.explicitToken ?? creds.access_token),\n refresh_token: secret(creds.refresh_token),\n token_expires_at:\n typeof creds.expires_at === \"number\" ? new Date(creds.expires_at).toISOString() : undefined,\n scope: creds.scope,\n };\n}\n","import { randomBytes } from \"node:crypto\";\nimport { type Server, createServer } from \"node:http\";\nimport { buildAuthorizeUrl, generatePkce } from \"../../auth/oidc.js\";\nimport { type Credentials, expiresAtFrom } from \"../../auth/token-store.js\";\nimport { setProfileValue } from \"../../config/store.js\";\nimport { OAUTH_CLIENT_ID } from \"../../constants.js\";\nimport { UsageError } from \"../../http/errors.js\";\nimport type { CliContext } from \"../../runtime/options.js\";\nimport { type AuthDeps, defaultAuthDeps } from \"./deps.js\";\n\n/\n Default scopes requested at login. Mirrors the full `allowedScopes` of the\n * `propper-cli` OAuth client (see core/db/prisma/seed-data/common/oauth-clients.yaml).\n * `allowedScopes` is the ceiling the auth server intersects against — requesting\n * the whole set here means a fresh `propper auth login` can call every product\n * API (sign/click/docgen/locker) without re-authenticating with `--scope`.\n * Override with `--scope` / `--scopes` to request a narrower set.\n /\nexport const DEFAULT_SCOPE = [\n \"openid\",\n \"email\",\n \"profile\",\n \"offline_access\",\n \"sign:read\",\n \"sign:write\",\n \"click:read\",\n \"click:write\",\n \"docgen:read\",\n \"docgen:write\",\n \"locker:read\",\n \"locker:write\",\n \"org:read\",\n].join(\" \");\nconst PKCE_TIMEOUT_MS = 120_000;\n\n/* Persist the resolved endpoints (+ M2M client id, if any) for a self-contained profile. /\nfunction rememberProfile(ctx: CliContext): void {\n if (ctx.clientId) setProfileValue(ctx.profile, \"client_id\", ctx.clientId);\n setProfileValue(ctx.profile, \"auth_base_url\", ctx.authBaseUrl);\n setProfileValue(ctx.profile, \"api_base_url\", ctx.apiBaseUrl);\n}\n\n/* Paste-a-token login (fallback / CI). /\nexport function loginWithToken(\n ctx: CliContext,\n token: string,\n deps: AuthDeps = defaultAuthDeps,\n): Credentials {\n const creds: Credentials = { access_token: token };\n deps.writeCredentials(ctx.profile, creds);\n rememberProfile(ctx);\n return creds;\n}\n\n/* Client-credentials login (headless / service accounts). /\nexport async function loginClientCredentials(\n ctx: CliContext,\n clientSecret: string,\n scope = DEFAULT_SCOPE,\n deps: AuthDeps = defaultAuthDeps,\n): Promise<Credentials> {\n if (!ctx.clientId) {\n throw new UsageError(\n \"No client id configured. Set one via --client-id, PROPPER_CLIENT_ID, or `propper configure`.\",\n );\n }\n const endpoints = await deps.discover(ctx.authBaseUrl);\n const tok = await deps.clientCredentials({\n tokenEndpoint: endpoints.token_endpoint,\n clientId: ctx.clientId,\n clientSecret,\n scope,\n });\n const creds: Credentials = {\n access_token: tok.access_token,\n expires_at: expiresAtFrom(tok.expires_in),\n scope: tok.scope,\n client_secret: clientSecret,\n };\n deps.writeCredentials(ctx.profile, creds);\n rememberProfile(ctx);\n return creds;\n}\n\ninterface CallbackResult {\n code: string;\n state: string;\n}\n\n/* Wait for the OAuth redirect on a loopback server; resolve with the code. /\nfunction awaitCallback(server: Server, expectedState: string): Promise<CallbackResult> {\n return new Promise<CallbackResult>((resolve, reject) => {\n const timer = setTimeout(() => {\n server.close();\n reject(new Error(\"Timed out waiting for the browser callback.\"));\n }, PKCE_TIMEOUT_MS);\n\n server.on(\"request\", (req, res) => {\n const url = new URL(req.url ?? \"/\", \"http://127.0.0.1\");\n if (url.pathname !== \"/callback\") {\n res.writeHead(404).end();\n return;\n }\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n const error = url.searchParams.get(\"error\");\n res.writeHead(200, { \"content-type\": \"text/html\" });\n res.end(\n error\n ? `<h1>Login failed</h1><p>${error}</p>`\n : \"<h1>Login complete</h1><p>You can close this tab and return to the terminal.</p>\",\n );\n clearTimeout(timer);\n server.close();\n if (error \|\| !code \|\| !state) {\n reject(new Error(`Authorization failed: ${error ?? \"missing code/state\"}`));\n } else if (state !== expectedState) {\n reject(new Error(\"State mismatch (possible CSRF); aborting.\"));\n } else {\n resolve({ code, state });\n }\n });\n });\n}\n\nexport interface PkceLoginResult {\n creds: Credentials;\n authorizeUrl: string;\n}\n\n/* Browser-based Authorization Code + PKCE login over a loopback redirect. /\nexport async function loginPkce(\n ctx: CliContext,\n scope = DEFAULT_SCOPE,\n deps: AuthDeps = defaultAuthDeps,\n): Promise<PkceLoginResult> {\n const endpoints = await deps.discover(ctx.authBaseUrl);\n const pkce = generatePkce();\n const state = randomBytes(16).toString(\"hex\");\n\n const server = createServer();\n await new Promise<void>((resolve) => server.listen(0, \"127.0.0.1\", resolve));\n const address = server.address();\n if (!address \|\| typeof address === \"string\") {\n server.close();\n throw new Error(\"Could not bind a loopback port for the OAuth callback.\");\n }\n const redirectUri = `http://127.0.0.1:${address.port}/callback`;\n\n const authorizeUrl = buildAuthorizeUrl({\n authorizationEndpoint: endpoints.authorization_endpoint,\n clientId: OAUTH_CLIENT_ID,\n redirectUri,\n scope,\n state,\n codeChallenge: pkce.challenge,\n });\n\n const callbackPromise = awaitCallback(server, state);\n await deps.openBrowser(authorizeUrl);\n const { code } = await callbackPromise;\n\n const tok = await deps.exchangeCode({\n tokenEndpoint: endpoints.token_endpoint,\n code,\n redirectUri,\n clientId: OAUTH_CLIENT_ID,\n codeVerifier: pkce.verifier,\n });\n\n const creds: Credentials = {\n access_token: tok.access_token,\n refresh_token: tok.refresh_token,\n expires_at: expiresAtFrom(tok.expires_in),\n scope: tok.scope,\n };\n deps.writeCredentials(ctx.profile, creds);\n rememberProfile(ctx);\n return { creds, authorizeUrl };\n}\n","import { OAUTH_CLIENT_ID } from \"../../constants.js\";\nimport type { CliContext } from \"../../runtime/options.js\";\nimport { type AuthDeps, defaultAuthDeps } from \"./deps.js\";\n\n/* Revoke stored tokens (best-effort) and clear local credentials. /\nexport async function logout(ctx: CliContext, deps: AuthDeps = defaultAuthDeps): Promise<boolean> {\n const creds = deps.readCredentials(ctx.profile);\n if (!creds) return false;\n\n if (creds.access_token) {\n try {\n const endpoints = await deps.discover(ctx.authBaseUrl);\n // A stored client secret means a client-credentials token (revoke with the\n // M2M client); otherwise it's a PKCE token (revoke with the public client).\n await deps.revoke({\n revocationEndpoint: endpoints.revocation_endpoint,\n token: creds.refresh_token ?? creds.access_token,\n clientId: creds.client_secret && ctx.clientId ? ctx.clientId : OAUTH_CLIENT_ID,\n clientSecret: creds.client_secret,\n });\n } catch {\n // Best-effort: a failed revoke still clears local credentials.\n }\n }\n\n deps.clearCredentials(ctx.profile);\n return true;\n}\n","import { ENV, OAUTH_CLIENT_ID } from \"../../constants.js\";\nimport { AuthError } from \"../../http/errors.js\";\nimport type { CliContext } from \"../../runtime/options.js\";\nimport { type AuthDeps, defaultAuthDeps } from \"./deps.js\";\n\n/\n Caller identity, modeled on `aws sts get-caller-identity`: on success it\n * describes who you are and which credentials are in use; when no credentials\n * resolve, `authStatus` throws (the command exits non-zero) rather than\n * returning an \"unauthenticated\" object.\n /\nexport interface AuthStatus {\n profile: string;\n /* Where the active credential came from: flag \| env \| profile \| client-credentials. /\n source: string;\n apiBaseUrl: string;\n authBaseUrl: string;\n tokenMasked: string;\n user?: { sub?: string; email?: string; name?: string; roles?: string[]; org?: string };\n scopes?: string[];\n /* ISO-8601 expiry of the active access token, when known. /\n tokenExpiresAt?: string;\n}\n\nfunction maskToken(token: string): string {\n return token.length > 12 ? `${token.slice(0, 4)}…${token.slice(-4)}` : \"*\";\n}\n\nfunction detectSource(ctx: CliContext, deps: AuthDeps): string {\n if (ctx.explicitToken) return \"flag\";\n if (ctx.env[ENV.token]) return \"env\";\n if (deps.readCredentials(ctx.profile)?.access_token) return \"profile\";\n if (ctx.clientSecret) return \"client-credentials\";\n return \"none\";\n}\n\nfunction toScopes(scope: string \| undefined): string[] \| undefined {\n if (!scope) return undefined;\n const parts = scope.split(/\\s+/).filter(Boolean);\n return parts.length ? parts : undefined;\n}\n\n/ Resolve the active token and enrich it with userinfo + introspection. /\nexport async function authStatus(\n ctx: CliContext,\n deps: AuthDeps = defaultAuthDeps,\n): Promise<AuthStatus> {\n let token: string;\n try {\n token = await deps.resolveToken({\n explicitToken: ctx.explicitToken,\n profile: ctx.profile,\n authBaseUrl: ctx.authBaseUrl,\n clientId: ctx.clientId,\n clientSecret: ctx.clientSecret,\n env: ctx.env,\n });\n } catch {\n throw new AuthError(\n `Not authenticated for profile \"${ctx.profile}\". Run \\`propper auth login\\` to sign in.`,\n );\n }\n\n const result: AuthStatus = {\n profile: ctx.profile,\n source: detectSource(ctx, deps),\n apiBaseUrl: ctx.apiBaseUrl,\n authBaseUrl: ctx.authBaseUrl,\n tokenMasked: maskToken(token),\n };\n\n // Prefer the expiry recorded at login; introspection can refine it below.\n let expiresAtMs = deps.readCredentials(ctx.profile)?.expires_at;\n\n const endpoints = await deps.discover(ctx.authBaseUrl);\n try {\n const info = await deps.userinfo({\n userinfoEndpoint: endpoints.userinfo_endpoint,\n accessToken: token,\n });\n result.user = {\n sub: info.sub,\n email: info.email,\n name: info.name,\n roles: info.roles,\n org: info.org,\n };\n result.scopes = toScopes(info.scope);\n } catch {\n // userinfo is best-effort.\n }\n try {\n const intro = await deps.introspect({\n introspectionEndpoint: endpoints.introspection_endpoint,\n token,\n // Authenticate the introspection call with whichever client minted the\n // token: the M2M client when there's a secret, else the public OAuth client.\n clientId: ctx.clientSecret && ctx.clientId ? ctx.clientId : OAUTH_CLIENT_ID,\n clientSecret: ctx.clientSecret,\n });\n // Only trust introspection when it reports the token active; an inactive or\n // unauthorized introspection response shouldn't contradict a working token.\n if (intro.active) {\n result.scopes = result.scopes ?? toScopes(intro.scope);\n if (typeof intro.exp === \"number\") expiresAtMs = expiresAtMs ?? intro.exp 1000;\n }\n } catch {\n // introspection is best-effort.\n }\n\n if (typeof expiresAtMs === \"number\") result.tokenExpiresAt = new Date(expiresAtMs).toISOString();\n return result;\n}\n","import { PROFILE_KEYS } from \"../config/store.js\";\nimport type { Manifest, OperationEntry } from \"../manifest/types.js\";\n\nexport const SUPPORTED_SHELLS = [\"bash\", \"zsh\", \"fish\"] as const;\nexport type Shell = (typeof SUPPORTED_SHELLS)[number];\n\nconst GLOBAL_FLAGS = [\n \"--profile\",\n \"--output\",\n \"--query\",\n \"--base-url\",\n \"--auth-base-url\",\n \"--client-id\",\n \"--token\",\n \"--no-color\",\n \"--quiet\",\n \"--debug\",\n \"--help\",\n];\n\nconst STATIC_GROUPS: Record<string, string[]> = {\n auth: [\"login\", \"logout\", \"status\", \"whoami\", \"export\"],\n configure: [\"set\", \"get\", \"list-profiles\"],\n completion: [...SUPPORTED_SHELLS],\n};\n\nfunction operationFlags(entry: OperationEntry): string[] {\n const flags = [\n ...entry.pathParams.map((p) => p.flag),\n ...entry.queryParams.map((p) => p.flag),\n ...entry.bodyFields.map((f) => f.flag),\n ];\n if (entry.hasBody) flags.push(\"--input-json\");\n if (entry.fileField) flags.push(\"--file\");\n if (entry.produces === \"binary\") flags.push(\"--output-file\");\n if (entry.queryParams.some((p) => p.name === \"page\")) flags.push(\"--all\");\n return flags;\n}\n\nfunction uniq(values: string[]): string[] {\n return [...new Set(values)].sort();\n}\n\nfunction candidatesAt(path: string[], manifest: Manifest): string[] {\n const apiNames = manifest.apis.map((a) => a.name);\n if (path.length === 0) return uniq([...apiNames, ...Object.keys(STATIC_GROUPS)]);\n\n const head = path[0] ?? \"\";\n if (head in STATIC_GROUPS) {\n if (path.length === 1) return STATIC_GROUPS[head] ?? [];\n // `configure get\|set <TAB>` completes the profile config keys.\n if (head === \"configure\" && path.length === 2 && (path[1] === \"get\" \|\| path[1] === \"set\")) {\n return uniq([...PROFILE_KEYS, \"client_secret\"]);\n }\n return [];\n }\n if (!apiNames.includes(head)) return [];\n\n if (path.length === 1) {\n return uniq(manifest.operations.filter((o) => o.api === head).map((o) => o.topic));\n }\n if (path.length === 2) {\n return uniq(\n manifest.operations\n .filter((o) => o.api === head && o.topic === path[1])\n .map((o) => o.command),\n );\n }\n const entry = manifest.operations.find(\n (o) => o.api === head && o.topic === path[1] && o.command === path[2],\n );\n return uniq([...(entry ? operationFlags(entry) : []), ...GLOBAL_FLAGS]);\n}\n\n/*\n Compute completion candidates for the NEXT position, given only the already\n * completed words (the word currently being typed is NOT included). The shell\n * filters the returned candidates by the current prefix itself — this avoids\n * re-suggesting an already-typed token (e.g. `propper sign <tab>` -> topics,\n * never `sign` again).\n /\nexport function completeArgs(completedWords: string[], manifest: Manifest): string[] {\n const path = completedWords.filter((w) => !w.startsWith(\"-\"));\n return candidatesAt(path, manifest);\n}\n\n/* Emit a shell completion script that delegates to `propper __complete`. /\nexport function completionScript(shell: Shell): string {\n if (shell === \"bash\") {\n return `# propper bash completion\n_propper_complete() {\n local cur completed candidates\n cur=\"\\${COMP_WORDS[COMP_CWORD]}\"\n completed=(\"\\${COMP_WORDS[@]:1:COMP_CWORD-1}\")\n candidates=\"$(propper __complete \"\\${completed[@]}\" 2>/dev/null)\"\n local IFS=$'\\\\n'\n COMPREPLY=( $(compgen -W \"\\${candidates}\" -- \"\\${cur}\") )\n}\ncomplete -F _propper_complete propper\n`;\n }\n if (shell === \"zsh\") {\n return `#compdef propper\n_propper() {\n local -a candidates\n candidates=(\"\\${(@f)$(propper __complete \\${words[2,CURRENT-1]} 2>/dev/null)}\")\n compadd -- $candidates\n}\ncompdef _propper propper\n`;\n }\n return `# propper fish completion\nfunction __propper_complete\n set -l tokens (commandline -opc)\n propper __complete $tokens[2..-1]\nend\ncomplete -c propper -f -a '(__propper_complete)'\n`;\n}\n","import { createInterface } from \"node:readline/promises\";\nimport { type Credentials, readCredentials, writeCredentials } from \"../../auth/token-store.js\";\nimport {\n PROFILE_KEYS,\n type ProfileKey,\n getProfile,\n listProfiles,\n loadConfig,\n setProfileValue,\n} from \"../../config/store.js\";\nimport { UsageError } from \"../../http/errors.js\";\nimport type { CliContext } from \"../../runtime/options.js\";\n\n/* Secret keys persisted in the chmod-600 credentials store, not config.json. /\nconst SECRET_KEYS = [\"client_secret\"] as const;\ntype SecretKey = (typeof SECRET_KEYS)[number];\n\nconst ALL_KEYS = [...PROFILE_KEYS, ...SECRET_KEYS];\n\n/\n Keys whose values are OAuth identifiers/secrets — opaque tokens that never\n * legitimately contain whitespace. Their values are stripped of all whitespace\n * (spaces, tabs, newlines, carriage returns) so a pasted value with a stray\n * trailing newline / wrapped line can't silently break auth.\n /\nconst CREDENTIAL_KEYS = new Set<string>([\"client_id\", \"client_secret\"]);\n\n/* Remove all whitespace (incl. newlines and carriage returns) from a credential. /\nexport function cleanCredential(value: string): string {\n return value.replace(/\\s+/g, \"\");\n}\n\n/\n Masked preview of a stored secret for the wizard's prompt default: enough of\n * the ends to be identifiable, with the middle elided (e.g. `super…ue123`).\n * Reveals first/last 5 for long secrets, degrades to first/last 3, and fully\n * masks anything short enough that a preview would expose most of it.\n /\nexport function maskSecret(secret: string): string {\n const n = secret.length;\n if (n >= 14) return `${secret.slice(0, 5)}…${secret.slice(-5)}`;\n if (n > 6) return `${secret.slice(0, 3)}…${secret.slice(-3)}`;\n return \"*\";\n}\n\nfunction isSecretKey(key: string): key is SecretKey {\n return (SECRET_KEYS as readonly string[]).includes(key);\n}\n\nfunction assertKey(key: string): asserts key is ProfileKey {\n if (!(PROFILE_KEYS as readonly string[]).includes(key)) {\n throw new UsageError(`Unknown config key \"${key}\". Valid keys: ${ALL_KEYS.join(\", \")}`);\n }\n}\n\n/ Merge a client secret into the profile's credentials entry (preserves tokens). /\nfunction writeClientSecret(profile: string, secret: string): void {\n const existing: Credentials = readCredentials(profile) ?? {};\n writeCredentials(profile, { ...existing, client_secret: cleanCredential(secret) });\n}\n\nexport function configureSet(profile: string, key: string, value: string): void {\n const v = CREDENTIAL_KEYS.has(key) ? cleanCredential(value) : value;\n if (isSecretKey(key)) {\n writeClientSecret(profile, v);\n return;\n }\n assertKey(key);\n setProfileValue(profile, key, v);\n}\n\nexport function configureGet(profile: string, key: string): string \| undefined {\n if (isSecretKey(key)) {\n return readCredentials(profile)?.client_secret;\n }\n assertKey(key);\n return getProfile(profile)[key];\n}\n\nexport interface ProfileSummary {\n profile: string;\n default: boolean;\n api_base_url?: string;\n auth_base_url?: string;\n client_id?: string;\n output?: string;\n}\n\n/* Profile records for `configure list-profiles` — tabular-friendly. /\nexport function configureListProfiles(): ProfileSummary[] {\n const { default_profile } = loadConfig();\n return listProfiles().map((profile) => {\n const p = getProfile(profile);\n return {\n profile,\n default: profile === default_profile,\n api_base_url: p.api_base_url,\n auth_base_url: p.auth_base_url,\n client_id: p.client_id,\n output: p.output,\n };\n });\n}\n\n/* Interactive `propper configure` wizard. Returns the keys that were written. /\nexport async function runConfigureWizard(\n ctx: CliContext,\n input: NodeJS.ReadableStream = process.stdin,\n output: NodeJS.WritableStream = process.stdout,\n): Promise<string[]> {\n const rl = createInterface({ input, output });\n const written: string[] = [];\n try {\n const ask = async (label: string, current: string \| undefined): Promise<string> => {\n const suffix = current ? ` [${current}]` : \"\";\n const answer = (await rl.question(`${label}${suffix}: `)).trim();\n return answer \|\| current \|\| \"\";\n };\n\n const current = getProfile(ctx.profile);\n const apiBaseUrl = await ask(\"API base URL\", current.api_base_url ?? ctx.apiBaseUrl);\n const authBaseUrl = await ask(\"Auth base URL\", current.auth_base_url ?? ctx.authBaseUrl);\n // The browser-login client is a fixed app constant; the only configurable\n // identity is the client-credentials (M2M) client id + secret.\n const clientId = cleanCredential(\n await ask(\"Client id (client-credentials / M2M)\", current.client_id ?? ctx.clientId),\n );\n\n // Secret: never echo the full stored value; show a masked preview (first/last\n // 3 chars) as the default if one exists.\n const existingSecret = readCredentials(ctx.profile)?.client_secret;\n const secretLabel = existingSecret\n ? `Client secret [${maskSecret(existingSecret)}]`\n : \"Client secret (optional, blank to skip)\";\n const secretAnswer = cleanCredential(await rl.question(`${secretLabel}: `));\n\n const token = (await rl.question(\"API token (optional, blank to skip): \")).trim();\n const out = await ask(\"Default output (json/table/yaml/text)\", current.output ?? ctx.output);\n\n for (const [key, value] of [\n [\"api_base_url\", apiBaseUrl],\n [\"auth_base_url\", authBaseUrl],\n [\"client_id\", clientId],\n [\"output\", out],\n ] as [ProfileKey, string][]) {\n if (value) {\n setProfileValue(ctx.profile, key, value);\n written.push(key);\n }\n }\n if (secretAnswer) {\n writeClientSecret(ctx.profile, secretAnswer);\n written.push(\"client_secret\");\n }\n if (token) {\n const existing: Credentials = readCredentials(ctx.profile) ?? {};\n writeCredentials(ctx.profile, { ...existing, access_token: token });\n written.push(\"token\");\n }\n return written;\n } finally {\n rl.close();\n }\n}\n","import { Buffer } from \"node:buffer\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\nimport { resolveToken as defaultResolveToken } from \"../auth/chain.js\";\nimport { callOperation } from \"../generated/client.js\";\nimport type { HttpResponse, OperationRequest, RequestContext } from \"../http/client.js\";\nimport { UsageError } from \"../http/errors.js\";\nimport { type BodyFieldSpec, type OperationEntry, camelCase } from \"../manifest/types.js\";\nimport { printResult } from \"../output/printer.js\";\nimport { type CliContext, makeRequestContext } from \"./options.js\";\n\n/* commander stores `--agreement-id` under the key `agreementId`. /\nexport function flagKey(flag: string): string {\n return camelCase(flag.replace(/^--/, \"\"));\n}\n\nexport interface DispatchDeps {\n resolveToken: typeof defaultResolveToken;\n call: (\n entry: OperationEntry,\n req: OperationRequest,\n ctx: RequestContext,\n ) => Promise<HttpResponse>;\n readFile: (path: string) => Buffer;\n writeFile: (path: string, data: Buffer) => void;\n stdout: NodeJS.WritableStream;\n}\n\nexport const defaultDispatchDeps: DispatchDeps = {\n resolveToken: defaultResolveToken,\n call: (entry, req, ctx) => callOperation(entry.api, entry.operationId, req, ctx),\n readFile: (path) => readFileSync(path),\n writeFile: (path, data) => writeFileSync(path, data),\n stdout: process.stdout,\n};\n\nfunction coerce(value: unknown, type: BodyFieldSpec[\"type\"]): unknown {\n if (type === \"boolean\") return value === true \|\| value === \"true\";\n if (type === \"number\" \|\| type === \"integer\") return Number(value);\n return String(value);\n}\n\nfunction readInputJson(raw: string, deps: DispatchDeps): Record<string, unknown> {\n const text =\n raw === \"-\"\n ? readFileSync(0, \"utf8\")\n : raw.startsWith(\"@\")\n ? deps.readFile(raw.slice(1)).toString(\"utf8\")\n : raw;\n try {\n return JSON.parse(text) as Record<string, unknown>;\n } catch (err) {\n throw new UsageError(`--input-json is not valid JSON: ${(err as Error).message}`);\n }\n}\n\nfunction buildRequest(\n entry: OperationEntry,\n flags: Record<string, unknown>,\n deps: DispatchDeps,\n): OperationRequest {\n const pathParams: Record<string, string> = {};\n for (const p of entry.pathParams) {\n const value = flags[flagKey(p.flag)];\n if (value === undefined \|\| value === \"\") {\n throw new UsageError(`Missing required option ${p.flag}`);\n }\n pathParams[p.name] = String(value);\n }\n\n const query: Record<string, string \| number \| boolean \| undefined> = {};\n for (const p of entry.queryParams) {\n const value = flags[flagKey(p.flag)];\n if (value !== undefined) query[p.name] = value as string \| number \| boolean;\n }\n\n let body: Record<string, unknown> \| undefined;\n if (entry.hasBody) {\n body = {};\n const inputJson = flags.inputJson;\n if (typeof inputJson === \"string\") Object.assign(body, readInputJson(inputJson, deps));\n for (const field of entry.bodyFields) {\n const value = flags[flagKey(field.flag)];\n if (value !== undefined) body[field.name] = coerce(value, field.type);\n }\n if (entry.fileField && typeof flags.file === \"string\") {\n body[entry.fileField] = deps.readFile(flags.file).toString(\"base64\");\n }\n if (Object.keys(body).length === 0) body = undefined;\n }\n\n return { pathParams, query, body };\n}\n\nfunction pageItems(data: unknown): unknown[] \| undefined {\n if (Array.isArray(data)) return data;\n if (data && typeof data === \"object\") {\n for (const key of [\"data\", \"items\", \"results\", \"agreements\", \"templates\", \"recipients\"]) {\n const value = (data as Record<string, unknown>)[key];\n if (Array.isArray(value)) return value;\n }\n }\n return undefined;\n}\n\nconst MAX_PAGES = 50;\n\n/* Execute one CLI operation: build request, resolve auth, call, render output. /\nexport async function dispatch(\n entry: OperationEntry,\n flags: Record<string, unknown>,\n ctx: CliContext,\n deps: DispatchDeps = defaultDispatchDeps,\n): Promise<void> {\n const token = await deps.resolveToken({\n explicitToken: ctx.explicitToken,\n profile: ctx.profile,\n authBaseUrl: ctx.authBaseUrl,\n clientId: ctx.clientId,\n clientSecret: ctx.clientSecret,\n env: ctx.env,\n });\n const reqCtx = makeRequestContext(ctx, token);\n const req = buildRequest(entry, flags, deps);\n\n // --all: auto-paginate list endpoints that accept a `page` query param.\n const canPaginate = entry.queryParams.some((p) => p.name === \"page\");\n if (flags.all && canPaginate && entry.produces === \"json\") {\n const collected: unknown[] = [];\n for (let page = 1; page <= MAX_PAGES; page++) {\n const res = await deps.call(entry, { ...req, query: { ...req.query, page } }, reqCtx);\n const items = pageItems(res.data);\n if (!items \|\| items.length === 0) break;\n collected.push(...items);\n const limit = Number(req.query?.limit ?? items.length);\n if (items.length < limit) break;\n }\n printResult(collected, { output: ctx.output, query: ctx.query }, deps.stdout);\n return;\n }\n\n const res = await deps.call(entry, req, reqCtx);\n\n if (entry.produces === \"binary\") {\n const bytes = res.bytes ?? Buffer.alloc(0);\n if (typeof flags.outputFile === \"string\") {\n deps.writeFile(flags.outputFile, bytes);\n deps.stdout.write(`Saved ${bytes.length} bytes to ${flags.outputFile}\\n`);\n } else {\n deps.stdout.write(bytes);\n }\n return;\n }\n\n printResult(res.data, { output: ctx.output, query: ctx.query }, deps.stdout);\n}\n","/\n Command-manifest contracts + the pure naming logic that turns OpenAPI\n * operations into CLI commands.\n \n The Propper specs do NOT declare `operationId`s, so command and topic names\n * are derived from the HTTP method + path (with a small override table for the\n * handful of cases where the generic rule produces an awkward name), and a\n * stable synthetic `operationId` is computed as `camel(topic) + Pascal(command)`.\n /\n\nexport type HttpMethod = \"GET\" \| \"POST\" \| \"PUT\" \| \"PATCH\" \| \"DELETE\";\n\nexport interface ParamSpec {\n /* Real name used to substitute into the path / as the query key. /\n name: string;\n in: \"path\" \| \"query\";\n /* CLI flag, e.g. \"--agreement-id\". /\n flag: string;\n required: boolean;\n description?: string;\n}\n\nexport interface BodyFieldSpec {\n name: string;\n flag: string;\n type: \"string\" \| \"number\" \| \"integer\" \| \"boolean\";\n required: boolean;\n description?: string;\n}\n\nexport interface OperationEntry {\n /* API namespace (CLI top-level group), e.g. \"sign\", \"docgen\", \"locker\". /\n api: string;\n operationId: string;\n topic: string;\n command: string;\n method: HttpMethod;\n path: string;\n summary?: string;\n description?: string;\n pathParams: ParamSpec[];\n queryParams: ParamSpec[];\n hasBody: boolean;\n bodyFields: BodyFieldSpec[];\n /* Body field (string) that `--file <path>` populates with base64 contents. /\n fileField?: string;\n produces: \"json\" \| \"binary\";\n consumes: \"json\" \| \"none\";\n}\n\nexport interface ApiInfo {\n /* CLI namespace, e.g. \"sign\". /\n name: string;\n /* OpenAPI info.title, e.g. \"Sign API\". /\n title: string;\n /* servers[0].url for this spec. /\n baseUrl: string;\n}\n\nexport interface Manifest {\n /* Manifest schema version (bumped when the shape changes). /\n version: string;\n /* Human label: spec titles this was generated from. /\n generatedFrom: string;\n /* Shared product API base URL (all current product specs use api.propper.ai). /\n apiBaseUrl: string;\n /* The APIs (top-level command groups) included in this manifest. /\n apis: ApiInfo[];\n operations: OperationEntry[];\n}\n\nexport const MANIFEST_VERSION = \"1\";\n\n/* \"agreementId\" -> \"agreement-id\"; \"download-url\" -> \"download-url\". /\nexport function kebabCase(input: string): string {\n return input\n .replace(/([a-z0-9])([A-Z])/g, \"$1-$2\")\n .replace(/[\\s_]+/g, \"-\")\n .replace(/-+/g, \"-\")\n .toLowerCase();\n}\n\nexport function camelCase(input: string): string {\n const parts = kebabCase(input).split(\"-\").filter(Boolean);\n return parts.map((p, i) => (i === 0 ? p : p.charAt(0).toUpperCase() + p.slice(1))).join(\"\");\n}\n\nexport function pascalCase(input: string): string {\n const c = camelCase(input);\n return c ? c.charAt(0).toUpperCase() + c.slice(1) : c;\n}\n\n/* CLI flag for a parameter name, e.g. \"agreementId\" -> \"--agreement-id\". /\nexport function paramFlag(name: string): string {\n return `--${kebabCase(name)}`;\n}\n\n/\n Flags reserved by the program's global options, the per-command runtime flags\n * (`--input-json`, `--file`, `--output-file`, `--all`), and commander's built-in\n * `--help` / `--version`. Operation params and body fields are attached to the\n * same command as these and share one option namespace, so a generated flag that\n * collided would crash commander (duplicate registration) and be indistinguishable\n * from the global value at dispatch time. Keep in sync with `addGlobalOptions`.\n /\nexport const RESERVED_FLAGS = new Set<string>([\n \"--profile\",\n \"--output\",\n \"--query\",\n \"--base-url\",\n \"--auth-base-url\",\n \"--client-id\",\n \"--token\",\n \"--color\",\n \"--no-color\",\n \"--quiet\",\n \"--debug\",\n \"--help\",\n \"--version\",\n \"--input-json\",\n \"--file\",\n \"--output-file\",\n \"--all\",\n]);\n\n/\n Disambiguate an operation flag that collides with a reserved CLI flag by\n * prefixing it with its parameter location (e.g. a body field `token` becomes\n * `--body-token`). Non-colliding flags are returned unchanged, so the common case\n * keeps its clean `--name`. Only the CLI flag changes — the underlying spec field\n * name is preserved on the ParamSpec/BodyFieldSpec, so the wire request is unaffected.\n /\nexport function safeFlag(flag: string, location: \"path\" \| \"query\" \| \"body\"): string {\n return RESERVED_FLAGS.has(flag) ? `--${location}-${flag.replace(/^--/, \"\")}` : flag;\n}\n\n/* Stable synthetic operationId from a (topic, command) pair. /\nexport function synthOperationId(topic: string, command: string): string {\n return camelCase(topic) + pascalCase(command);\n}\n\n/\n Overrides keyed by `\"<METHOD> <path>\"` for operations where the generic rule\n * would produce an awkward command name.\n /\nexport const COMMAND_OVERRIDES: Record<string, string> = {\n \"POST /v1/sign/agreements/{id}/recipients\": \"add\",\n \"PUT /v1/sign/agreements/{id}/annotations\": \"set-annotations\",\n \"POST /v1/sign/agreements/{agreementId}/documents\": \"upload\",\n \"GET /v1/sign/agreements/{agreementId}/documents/{documentId}/content\": \"download\",\n \"GET /v1/sign/agreements/{agreementId}/audit\": \"trail\",\n \"GET /v1/sign/agreements/{agreementId}/audit/pdf\": \"certificate\",\n};\n\n/* Topic name (CLI noun) from an OpenAPI tag, e.g. \"Agreements\" -> \"agreements\". /\nexport function deriveTopic(tag: string): string {\n return kebabCase(tag);\n}\n\n/\n Derive the command (verb) for an operation from its method + path.\n * Honors COMMAND_OVERRIDES first, then applies generic REST conventions.\n /\nexport function deriveCommand(\n method: HttpMethod,\n path: string,\n topic: string,\n overrides: Record<string, string> = COMMAND_OVERRIDES,\n): string {\n const override = overrides[`${method} ${path}`];\n if (override) return override;\n\n const segs = path.split(\"/\").filter(Boolean);\n const last = segs[segs.length - 1] ?? \"\";\n const lastIsParam = last.startsWith(\"{\");\n\n if (lastIsParam) {\n switch (method) {\n case \"GET\":\n return \"get\";\n case \"PUT\":\n case \"PATCH\":\n return \"update\";\n case \"DELETE\":\n return \"delete\";\n default:\n return \"create\";\n }\n }\n\n // Collection endpoint (last segment is the topic noun itself).\n if (last === topic) {\n if (method === \"GET\") return \"list\";\n if (method === \"POST\") return \"create\";\n return method.toLowerCase();\n }\n\n // Action / sub-resource literal, e.g. \"send\", \"void\", \"export\", \"download-url\".\n return kebabCase(last);\n}\n","import { readCredentials } from \"../auth/token-store.js\";\nimport { getProfile, loadConfig } from \"../config/store.js\";\nimport {\n DEFAULT_API_BASE_URL,\n DEFAULT_AUTH_BASE_URL,\n DEFAULT_OUTPUT,\n DEFAULT_PROFILE,\n ENV,\n USER_AGENT,\n} from \"../constants.js\";\nimport { manifest } from \"../generated/client.js\";\nimport type { RequestContext } from \"../http/client.js\";\n\n/* Global flags parsed by commander (kebab flags become camelCase keys). /\nexport interface GlobalOptions {\n profile?: string;\n output?: string;\n query?: string;\n baseUrl?: string;\n authBaseUrl?: string;\n /* --client-id: the client-credentials (M2M) client id. /\n clientId?: string;\n token?: string;\n color?: boolean; // commander sets `false` for --no-color\n quiet?: boolean;\n debug?: boolean;\n}\n\n/* Fully-resolved per-invocation context (flags > env > profile > defaults). /\nexport interface CliContext {\n profile: string;\n apiBaseUrl: string;\n authBaseUrl: string;\n /\n Client-credentials (M2M) client id, or undefined. The OAuth login client is\n * the immutable `OAUTH_CLIENT_ID` constant and is not part of the context.\n /\n clientId?: string;\n clientSecret?: string;\n output: string;\n query?: string;\n color: boolean;\n quiet: boolean;\n debug: boolean;\n explicitToken?: string;\n env: NodeJS.ProcessEnv;\n}\n\nexport function buildContext(\n globals: GlobalOptions,\n env: NodeJS.ProcessEnv = process.env,\n): CliContext {\n const profile =\n globals.profile \|\| env[ENV.profile] \|\| loadConfig().default_profile \|\| DEFAULT_PROFILE;\n const cfg = getProfile(profile);\n\n return {\n profile,\n apiBaseUrl:\n globals.baseUrl \|\|\n env[ENV.apiBaseUrl] \|\|\n cfg.api_base_url \|\|\n manifest.apiBaseUrl \|\|\n DEFAULT_API_BASE_URL,\n authBaseUrl:\n globals.authBaseUrl \|\| env[ENV.authBaseUrl] \|\| cfg.auth_base_url \|\| DEFAULT_AUTH_BASE_URL,\n // Client-credentials (M2M) client id: flag > env > profile. Optional.\n clientId: globals.clientId \|\| env[ENV.clientId] \|\| cfg.client_id \|\| undefined,\n clientSecret: env[ENV.clientSecret] \|\| readCredentials(profile)?.client_secret \|\| undefined,\n output: globals.output \|\| cfg.output \|\| DEFAULT_OUTPUT,\n query: globals.query,\n color: globals.color !== false && !env.NO_COLOR,\n quiet: Boolean(globals.quiet),\n debug: Boolean(globals.debug),\n explicitToken: globals.token,\n env,\n };\n}\n\n/* Build the http RequestContext for a resolved CliContext + token. */\nexport function makeRequestContext(ctx: CliContext, token: string): RequestContext {\n return {\n apiBaseUrl: ctx.apiBaseUrl,\n token,\n userAgent: USER_AGENT,\n debug: ctx.debug,\n };\n}\n"],"mappings":";;;;;;;;;;AACA,SAAS,sBAAsB;;;ACD/B,OAAO,SAAuB;AAC9B,OAAO,QAAQ;;;ACDf,OAAO,WAAW;AAClB,SAAS,aAAa,qBAAqB;AAIpC,IAAM,iBAAiC,CAAC,QAAQ,QAAQ,SAAS,MAAM;AAEvE,SAAS,eAAe,OAAsC;AACnE,SAAQ,eAA4B,SAAS,KAAK;AACpD;AAGA,IAAM,iBAAiB;AAGvB,SAAS,cAAc,OAAoD;AACzE,SACE,MAAM,QAAQ,KAAK,KACnB,MAAM,MAAM,CAAC,MAAM,MAAM,QAAQ,OAAO,MAAM,YAAY,CAAC,MAAM,QAAQ,CAAC,CAAC;AAE/E;AAGA,IAAM,kBAAkB,CAAC,QAAQ,SAAS,WAAW,WAAW,QAAQ,MAAM;AAY9E,SAAS,eAAe,MAAiD;AACvE,MAAI,cAAc,IAAI,EAAG,QAAO;AAChC,MAAI,SAAS,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,QAAQ,IAAI,GAAG;AACrE,UAAM,MAAM;AACZ,UAAM,YAAY,OAAO,KAAK,GAAG,EAAE,OAAO,CAAC,MAAM,cAAc,IAAI,CAAC,CAAC,CAAC;AAGtE,UAAM,eAAe,gBAAgB,KAAK,CAAC,MAAM,UAAU,SAAS,CAAC,CAAC;AACtE,QAAI,iBAAiB,OAAW,QAAO,IAAI,YAAY;AAIvD,UAAM,UAAU,UAAU,WAAW,IAAI,UAAU,CAAC,IAAI;AACxD,QAAI,YAAY,UAAa,CAAC,iBAAiB,KAAK,OAAO,GAAG;AAC5D,aAAO,IAAI,OAAO;AAAA,IACpB;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,QAAQ,OAAyB;AACxC,SACE,UAAU,QACV,UAAU,UACV,UAAU,MACT,MAAM,QAAQ,KAAK,KAAK,MAAM,WAAW;AAE9C;AAGA,SAAS,iBAAiB,KAA8B,YAA6B;AACnF,SAAO,OAAO,QAAQ,GAAG,EAAE;AAAA,IACzB,CAAC,CAAC,GAAG,CAAC,MACJ,MAAM,eACL,OAAO,MAAM,YAAY,OAAO,MAAM,YAAY,OAAO,MAAM,cAChE,CAAC,QAAQ,CAAC;AAAA,EACd;AACF;AAGA,SAAS,OAAO,OAAwB;AACtC,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO;AAClD,MAAI,OAAO,UAAU,SAAU,QAAO,KAAK,UAAU,KAAK;AAC1D,SAAO,OAAO,KAAK;AACrB;AAGA,SAAS,UAAU,OAAwB;AACzC,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO;AAClD,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,WAAW,IAAI,KAAK,GAAG,MAAM,MAAM,QAAQ,MAAM,WAAW,IAAI,KAAK,GAAG;AAAA,EACvF;AACA,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,QAAM,IAAI,OAAO,KAAK;AACtB,SAAO,EAAE,SAAS,iBAAiB,GAAG,EAAE,MAAM,GAAG,iBAAiB,CAAC,CAAC,WAAM;AAC5E;AAEA,SAAS,QAAQ,MAAyC;AACxD,QAAM,aAAa,CAAC,GAAG,IAAI,IAAI,KAAK,QAAQ,CAAC,QAAQ,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC;AAGvE,QAAM,WAAW,WAAW,OAAO,CAAC,MAAM,KAAK,KAAK,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;AAC9E,QAAM,UAAU,SAAS,SAAS,IAAI,WAAW;AACjD,QAAM,QAAQ,IAAI,MAAM,EAAE,MAAM,QAAQ,CAAC;AACzC,aAAW,OAAO,KAAM,OAAM,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC;AACxE,SAAO,MAAM,SAAS;AACxB;AAGA,IAAM,kBAAkB;AAExB,IAAM,cAAc,CAAC,MAAsB,KAAK,IAAI,GAAG,GAAG,EAAE,MAAM,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;AAQ5F,SAAS,gBAAgB,OAAwB;AAC/C,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO;AAClD,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,WAAW,IAAI,KAAK,GAAG,MAAM,MAAM,QAAQ,MAAM,WAAW,IAAI,KAAK,GAAG;AAAA,EACvF;AACA,MAAI,OAAO,UAAU,SAAU,QAAO,KAAK,UAAU,KAAK;AAC1D,SAAO,OAAO,KAAK;AACrB;AAQA,SAAS,cAAc,KAAsC;AAC3D,QAAM,UAAU,OAAO,QAAQ,GAAG;AAClC,QAAM,QAAQ,QAAQ,OAAO,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACnD,QAAM,QAAQ,MAAM,SAAS,IAAI,QAAQ,SAAS;AAAA,IAChD,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,gBAAgB,CAAC,CAAC;AAAA,EACpC;AACA,QAAM,WAAW,KAAK,IAAI,QAAQ,QAAQ,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC;AACxE,QAAM,aAAa,KAAK;AAAA,IACtB;AAAA,IACA,KAAK,IAAI,QAAQ,QAAQ,GAAG,KAAK,IAAI,CAAC,CAAC,EAAE,CAAC,MAAM,YAAY,CAAC,CAAC,CAAC;AAAA,EACjE;AACA,QAAM,QAAQ,IAAI,MAAM;AAAA,IACtB,MAAM,CAAC,SAAS,OAAO;AAAA,IACvB,WAAW,CAAC,WAAW,GAAG,aAAa,CAAC;AAAA,IACxC,UAAU;AAAA,EACZ,CAAC;AACD,aAAW,OAAO,KAAM,OAAM,KAAK,GAAG;AACtC,SAAO,MAAM,SAAS;AACxB;AAEA,SAAS,OAAO,MAAuB;AACrC,QAAM,OAAO,eAAe,IAAI;AAChC,MAAI,MAAM;AACR,UAAM,UAAU,CAAC,GAAG,IAAI,IAAI,KAAK,QAAQ,CAAC,QAAQ,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC;AACpE,WAAO,KAAK,IAAI,CAAC,QAAQ,QAAQ,IAAI,CAAC,MAAM,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,GAAI,CAAC,EAAE,KAAK,IAAI;AAAA,EACnF;AACA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,KAAK,IAAI,CAAC,SAAS,OAAO,IAAI,CAAC,EAAE,KAAK,IAAI;AAAA,EACnD;AACA,MAAI,SAAS,QAAQ,OAAO,SAAS,UAAU;AAC7C,WAAO,OAAO,QAAQ,IAA+B,EAClD,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,IAAK,OAAO,CAAC,CAAC,EAAE,EACpC,KAAK,IAAI;AAAA,EACd;AACA,SAAO,OAAO,IAAI;AACpB;AAGO,SAAS,aAAa,MAAe,QAA8B;AACxE,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,cAAc,IAAI,EAAE,QAAQ;AAAA,IACrC,KAAK,SAAS;AACZ,YAAM,OAAO,eAAe,IAAI;AAChC,UAAI,KAAM,QAAO,KAAK,SAAS,IAAI,QAAQ,IAAI,IAAI;AAGnD,UAAI,SAAS,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,QAAQ,IAAI,GAAG;AACrE,eAAO,cAAc,IAA+B;AAAA,MACtD;AACA,aAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAAA,IACrC;AAAA,IACA,KAAK;AACH,aAAO,OAAO,IAAI;AAAA,IACpB;AACE,aAAO,KAAK,UAAU,MAAM,MAAM,CAAC;AAAA,EACvC;AACF;;;AC1LA,YAAY,cAAc;AAGnB,SAAS,WAAW,MAAe,YAA8B;AACtE,MAAI,CAAC,WAAY,QAAO;AACxB,SAAgB,gBAAO,MAAM,UAAU;AACzC;;;AFQA,IAAM,WAAW,CAAC,MAAc;AAEzB,SAAS,QAAQ,SAA2B;AACjD,MAAI,CAAC;AACH,WAAO,EAAE,KAAK,UAAU,OAAO,UAAU,QAAQ,UAAU,KAAK,UAAU,MAAM,SAAS;AAC3F,SAAO,EAAE,KAAK,GAAG,KAAK,OAAO,GAAG,OAAO,QAAQ,GAAG,QAAQ,KAAK,GAAG,KAAK,MAAM,GAAG,KAAK;AACvF;AAQO,SAAS,aAAa,MAAe,MAA6B;AACvE,QAAM,WAAW,WAAW,MAAM,KAAK,KAAK;AAC5C,QAAM,SAAuB,eAAe,KAAK,MAAM,IAAI,KAAK,SAAS;AACzE,SAAO,aAAa,UAAU,MAAM;AACtC;AAEO,SAAS,YACd,MACA,MACA,MAA6B,QAAQ,QAC/B;AACN,MAAI,MAAM,GAAG,aAAa,MAAM,IAAI,CAAC;AAAA,CAAI;AAC3C;AAEA,IAAM,cAAsC;AAAA,EAC1C,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AACP;AAEA,SAAS,OAAO,MAAc,MAAM,MAAc;AAChD,SAAO,KACJ,MAAM,IAAI,EACV,IAAI,CAAC,SAAS,GAAG,GAAG,GAAG,IAAI,EAAE,EAC7B,KAAK,IAAI;AACd;AAOA,SAAS,UAAU,MAAe,SAAsC;AACtE,MAAI,QAAQ,KAAM,QAAO;AACzB,MAAI,OAAO,SAAS,UAAU;AAC5B,UAAM,IAAI,KAAK,KAAK;AACpB,WAAO,KAAK,MAAM,UAAU,OAAO;AAAA,EACrC;AACA,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO,KAAK,SAAS,OAAO;AACrD,MAAI,OAAO,SAAS,UAAU;AAC5B,UAAM,OAAgC,EAAE,GAAI,KAAiC;AAC7E,eAAW,KAAK,CAAC,WAAW,SAAS,MAAM,GAAG;AAC5C,UAAI,OAAO,KAAK,CAAC,MAAM,SAAU,QAAO,KAAK,CAAC;AAAA,IAChD;AACA,WAAO,OAAO,KAAK,IAAI,EAAE,SAAS,OAAO;AAAA,EAC3C;AACA,SAAO;AACT;AAGO,SAAS,eAAe,KAAe,QAAyB;AACrE,QAAM,aAAa,YAAY,IAAI,MAAM;AACzC,QAAM,OAAO,IAAI,SACb,QAAQ,IAAI,MAAM,GAAG,aAAa,IAAI,UAAU,KAAK,EAAE,KACvD;AACJ,QAAM,QAAQ,IAAI,UAAU,IAAI,OAAO,OAAO,OAAO,KAAK,GAAG,IAAI,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC,KAAK;AAC3F,QAAM,QAAQ,CAAC,GAAG,OAAO,IAAI,OAAO,CAAC,KAAK,IAAI,GAAG,KAAK,EAAE;AAExD,QAAM,MAAM,IAAI,SAAS,KAAK,KAAK;AACnC,QAAM,UAAU,GAAG,IAAI,MAAM,IAAI,cAAc,EAAE,GAAG,KAAK;AACzD,MAAI,OAAO,QAAQ,WAAW,QAAQ,KAAM,OAAM,KAAK,KAAK,GAAG,EAAE;AAEjE,QAAM,UAAU,UAAU,IAAI,MAAM,GAAG;AACvC,MAAI,YAAY,QAAW;AACzB,UAAM,WAAW,OAAO,YAAY,WAAW,UAAU,KAAK,UAAU,SAAS,MAAM,CAAC;AACxF,UAAM,KAAK,OAAO,IAAI,OAAO,QAAQ,CAAC,CAAC;AAAA,EACzC;AACA,MAAI,IAAI,KAAM,OAAM,KAAK,OAAO,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;AAC1D,MAAI,IAAI,UAAW,OAAM,KAAK,OAAO,IAAI,iBAAiB,IAAI,SAAS,EAAE,CAAC;AAC1E,MAAI,IAAI,WAAW;AACjB,UAAM;AAAA,MACJ,OAAO;AAAA,QACL,yBAAyB,IAAI,SAAS;AAAA,MACxC;AAAA,IACF;AAAA,EACF;AACA,SAAO,MAAM,KAAK,IAAI;AACxB;AAEO,SAAS,WACd,KACA,OAA6C,CAAC,GAC9C,MAA6B,QAAQ,QAC/B;AACN,QAAM,SAAS,QAAQ,KAAK,SAAS,IAAI;AACzC,MAAI,eAAe,UAAU;AAC3B,QAAI,MAAM,GAAG,eAAe,KAAK,MAAM,CAAC;AAAA,CAAI;AAC5C,QAAI,KAAK,SAAS,IAAI,MAAO,KAAI,MAAM,GAAG,OAAO,IAAI,IAAI,KAAK,CAAC;AAAA,CAAI;AACnE;AAAA,EACF;AACA,QAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,MAAI,MAAM,GAAG,OAAO,IAAI,OAAO,CAAC,KAAK,OAAO;AAAA,CAAI;AAChD,MAAI,KAAK,SAAS,eAAe,SAAS,IAAI,MAAO,KAAI,MAAM,GAAG,OAAO,IAAI,IAAI,KAAK,CAAC;AAAA,CAAI;AAC7F;;;AGnIA,SAAS,eAAe;;;ACAxB;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,aAAe;AAAA,EACf,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,YAAc;AAAA,IACZ,MAAQ;AAAA,IACR,KAAO;AAAA,EACT;AAAA,EACA,UAAY;AAAA,EACZ,MAAQ;AAAA,IACN,KAAO;AAAA,EACT;AAAA,EACA,UAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EACA,KAAO;AAAA,IACL,SAAW;AAAA,EACb;AAAA,EACA,SAAW;AAAA,IACT,sBAAsB;AAAA,IACtB,kBAAkB;AAAA,EACpB;AAAA,EACA,OAAS;AAAA,IACP;AAAA,IACA;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,MAAQ;AAAA,EACV;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,KAAO;AAAA,IACP,mBAAmB;AAAA,IACnB,kBAAkB;AAAA,IAClB,uBAAuB;AAAA,IACvB,uBAAuB;AAAA,IACvB,MAAQ;AAAA,IACR,cAAc;AAAA,IACd,MAAQ;AAAA,IACR,YAAY;AAAA,IACZ,WAAa;AAAA,IACb,UAAY;AAAA,IACZ,aAAa;AAAA,IACb,aAAa;AAAA,IACb,SAAW;AAAA,EACb;AAAA,EACA,cAAgB;AAAA,IACd,cAAc;AAAA,IACd,WAAa;AAAA,IACb,UAAY;AAAA,IACZ,MAAQ;AAAA,IACR,KAAO;AAAA,IACP,YAAc;AAAA,IACd,MAAQ;AAAA,EACV;AAAA,EACA,iBAAmB;AAAA,IACjB,kBAAkB;AAAA,IAClB,mBAAmB;AAAA,IACnB,eAAe;AAAA,IACf,OAAS;AAAA,IACT,iBAAiB;AAAA,IACjB,MAAQ;AAAA,IACR,KAAO;AAAA,IACP,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AACF;;;ACvEO,IAAM,cAAc,gBAAI;AAExB,IAAM,aAAa,eAAe,WAAW;AAE7C,IAAM,uBAAuB;AAC7B,IAAM,wBAAwB;AAe9B,IAAM,kBAAkB;AAExB,IAAM,kBAAkB;AACxB,IAAM,iBAAiB;AAEvB,IAAM,MAAM;AAAA,EACjB,OAAO;AAAA,EACP,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,aAAa;AAAA;AAAA,EAEb,UAAU;AAAA,EACV,cAAc;AAAA,EACd,WAAW;AACb;;;AC1CA,SAAS,YAAY,mBAAmB;AA6CxC,SAAS,UAAU,KAAqB;AACtC,SAAO,IAAI,SAAS,QAAQ,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AACzF;AAGO,SAAS,eAAyB;AACvC,QAAM,WAAW,UAAU,YAAY,EAAE,CAAC;AAC1C,QAAM,YAAY,UAAU,WAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,CAAC;AAC1E,SAAO,EAAE,UAAU,WAAW,QAAQ,OAAO;AAC/C;AAGO,SAAS,kBAAkB,aAAgC;AAChE,QAAM,OAAO,YAAY,QAAQ,OAAO,EAAE;AAC1C,SAAO;AAAA,IACL,wBAAwB,GAAG,IAAI;AAAA,IAC/B,gBAAgB,GAAG,IAAI;AAAA,IACvB,mBAAmB,GAAG,IAAI;AAAA,IAC1B,wBAAwB,GAAG,IAAI;AAAA,IAC/B,qBAAqB,GAAG,IAAI;AAAA,EAC9B;AACF;AAGA,eAAsB,SACpB,aACA,UAAwB,OACJ;AACpB,QAAM,OAAO,YAAY,QAAQ,OAAO,EAAE;AAC1C,QAAM,WAAW,kBAAkB,IAAI;AACvC,MAAI;AACF,UAAM,MAAM,MAAM,QAAQ,GAAG,IAAI,mCAAmC;AACpE,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,UAAM,MAAO,MAAM,IAAI,KAAK;AAC5B,WAAO;AAAA,MACL,wBAAwB,IAAI,0BAA0B,SAAS;AAAA,MAC/D,gBAAgB,IAAI,kBAAkB,SAAS;AAAA,MAC/C,mBAAmB,IAAI,qBAAqB,SAAS;AAAA,MACrD,wBAAwB,IAAI,0BAA0B,SAAS;AAAA,MAC/D,qBAAqB,IAAI,uBAAuB,SAAS;AAAA,IAC3D;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAe,SACb,KACA,MACA,SACmB;AACnB,QAAM,OAAO,IAAI,gBAAgB;AACjC,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,IAAI,EAAG,KAAI,MAAM,OAAW,MAAK,IAAI,GAAG,CAAC;AAC7E,SAAO,QAAQ,KAAK;AAAA,IAClB,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,qCAAqC,QAAQ,mBAAmB;AAAA,IAC3F;AAAA,EACF,CAAC;AACH;AAEA,eAAe,UAAU,KAAuC;AAC9D,QAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,yBAAyB,IAAI,MAAM,MAAM,KAAK,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,EAC/E;AACA,SAAO,KAAK,MAAM,IAAI;AACxB;AAEO,SAAS,kBAAkB,MAOvB;AACT,QAAM,MAAM,IAAI,IAAI,KAAK,qBAAqB;AAC9C,MAAI,aAAa,IAAI,iBAAiB,MAAM;AAC5C,MAAI,aAAa,IAAI,aAAa,KAAK,QAAQ;AAC/C,MAAI,aAAa,IAAI,gBAAgB,KAAK,WAAW;AACrD,MAAI,aAAa,IAAI,SAAS,KAAK,KAAK;AACxC,MAAI,aAAa,IAAI,SAAS,KAAK,KAAK;AACxC,MAAI,aAAa,IAAI,kBAAkB,KAAK,aAAa;AACzD,MAAI,aAAa,IAAI,yBAAyB,MAAM;AACpD,SAAO,IAAI,SAAS;AACtB;AAEO,SAAS,aACd,MAQA,UAAwB,OACA;AACxB,SAAO;AAAA,IACL,KAAK;AAAA,IACL;AAAA,MACE,YAAY;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,cAAc,KAAK;AAAA,MACnB,WAAW,KAAK;AAAA,MAChB,eAAe,KAAK;AAAA,MACpB,eAAe,KAAK;AAAA,IACtB;AAAA,IACA;AAAA,EACF,EAAE,KAAK,SAAS;AAClB;AAEO,SAAS,QACd,MACA,UAAwB,OACA;AACxB,SAAO;AAAA,IACL,KAAK;AAAA,IACL;AAAA,MACE,YAAY;AAAA,MACZ,eAAe,KAAK;AAAA,MACpB,WAAW,KAAK;AAAA,MAChB,eAAe,KAAK;AAAA,IACtB;AAAA,IACA;AAAA,EACF,EAAE,KAAK,SAAS;AAClB;AAEO,SAAS,kBACd,MACA,UAAwB,OACA;AACxB,SAAO;AAAA,IACL,KAAK;AAAA,IACL;AAAA,MACE,YAAY;AAAA,MACZ,WAAW,KAAK;AAAA,MAChB,eAAe,KAAK;AAAA,MACpB,OAAO,KAAK;AAAA,IACd;AAAA,IACA;AAAA,EACF,EAAE,KAAK,SAAS;AAClB;AAEA,eAAsB,OACpB,MACA,UAAwB,OACT;AACf,QAAM;AAAA,IACJ,KAAK;AAAA,IACL,EAAE,OAAO,KAAK,OAAO,WAAW,KAAK,UAAU,eAAe,KAAK,aAAa;AAAA,IAChF;AAAA,EACF;AACF;AAEA,eAAsB,SACpB,MACA,UAAwB,OACL;AACnB,QAAM,MAAM,MAAM,QAAQ,KAAK,kBAAkB;AAAA,IAC/C,SAAS,EAAE,eAAe,UAAU,KAAK,WAAW,IAAI,QAAQ,mBAAmB;AAAA,EACrF,CAAC;AACD,MAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,oBAAoB,IAAI,MAAM,GAAG;AAC9D,SAAQ,MAAM,IAAI,KAAK;AACzB;AAEA,eAAsB,WACpB,MAMA,UAAwB,OACM;AAC9B,QAAM,MAAM,MAAM;AAAA,IAChB,KAAK;AAAA,IACL,EAAE,OAAO,KAAK,OAAO,WAAW,KAAK,UAAU,eAAe,KAAK,aAAa;AAAA,IAChF;AAAA,EACF;AACA,MAAI,CAAC,IAAI,GAAI,QAAO,EAAE,QAAQ,MAAM;AACpC,SAAQ,MAAM,IAAI,KAAK;AACzB;;;ACnOA,SAAS,WAAW,gBAAAA,eAAc,iBAAAC,sBAAqB;;;ACAvD,SAAS,eAAe;AACxB,SAAS,YAAY;AAId,SAAS,YAAoB;AAClC,SAAO,QAAQ,IAAI,IAAI,SAAS,KAAK,KAAK,QAAQ,GAAG,UAAU;AACjE;AAEO,SAAS,aAAqB;AACnC,SAAO,KAAK,UAAU,GAAG,aAAa;AACxC;AAEO,SAAS,kBAA0B;AACxC,SAAO,KAAK,UAAU,GAAG,kBAAkB;AAC7C;;;ACfA,SAAS,WAAW,cAAc,qBAAqB;AACvD,SAAS,eAAe;AAiBjB,IAAM,eAAe,CAAC,gBAAgB,iBAAiB,aAAa,QAAQ;AAG5E,SAAS,aAAqB;AACnC,MAAI;AACF,UAAM,MAAM,aAAa,WAAW,GAAG,MAAM;AAC7C,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO,EAAE,iBAAiB,OAAO,iBAAiB,UAAU,OAAO,YAAY,CAAC,EAAE;AAAA,EACpF,QAAQ;AACN,WAAO,EAAE,UAAU,CAAC,EAAE;AAAA,EACxB;AACF;AAEO,SAAS,WAAW,QAAsB;AAC/C,YAAU,UAAU,GAAG,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACvD,gBAAc,WAAW,GAAG,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,GAAM,EAAE,MAAM,IAAM,CAAC;AACrF;AAEO,SAAS,WAAW,MAA6B;AACtD,SAAO,WAAW,EAAE,SAAS,IAAI,KAAK,CAAC;AACzC;AAEO,SAAS,eAAyB;AACvC,SAAO,OAAO,KAAK,WAAW,EAAE,QAAQ,EAAE,KAAK;AACjD;AAEO,SAAS,gBAAgB,MAAc,KAAiB,OAAqB;AAClF,QAAM,SAAS,WAAW;AAC1B,QAAM,UAAU,OAAO,SAAS,IAAI,KAAK,CAAC;AAC1C,UAAQ,GAAG,IAAI;AACf,SAAO,SAAS,IAAI,IAAI;AACxB,MAAI,CAAC,OAAO,gBAAiB,QAAO,kBAAkB;AACtD,aAAW,MAAM;AACnB;AAUO,SAAS,aAAa,UAAwB;AACnD,YAAU,QAAQ,QAAQ,GAAG,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAC/D;;;AF9CA,SAAS,UAA2B;AAClC,MAAI;AACF,WAAO,KAAK,MAAMC,cAAa,gBAAgB,GAAG,MAAM,CAAC;AAAA,EAC3D,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,SAAS,SAAS,KAA4B;AAC5C,QAAM,OAAO,gBAAgB;AAC7B,eAAa,IAAI;AAEjB,EAAAC,eAAc,MAAM,GAAG,KAAK,UAAU,KAAK,MAAM,CAAC,CAAC;AAAA,GAAM,EAAE,MAAM,IAAM,CAAC;AAExE,YAAU,MAAM,GAAK;AACvB;AAEO,SAAS,gBAAgB,SAA0C;AACxE,SAAO,QAAQ,EAAE,OAAO;AAC1B;AAEO,SAAS,iBAAiB,SAAiB,OAA0B;AAC1E,QAAM,MAAM,QAAQ;AACpB,MAAI,OAAO,IAAI;AACf,WAAS,GAAG;AACd;AAEO,SAAS,iBAAiB,SAAuB;AACtD,QAAM,MAAM,QAAQ;AACpB,SAAO,IAAI,OAAO;AAClB,WAAS,GAAG;AACd;AAGO,SAAS,UAAU,OAAoB,UAAU,IAAI,MAAM,KAAK,IAAI,GAAY;AACrF,MAAI,CAAC,MAAM,WAAY,QAAO;AAC9B,SAAO,OAAO,MAAM,aAAa,UAAU;AAC7C;AAGO,SAAS,cAAc,WAA+B,MAAM,KAAK,IAAI,GAAuB;AACjG,SAAO,OAAO,cAAc,WAAW,MAAM,YAAY,MAAO;AAClE;;;AGpBA,IAAM,cAA2B;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,IAAM,mBAA6B,OAAO,QAAQ,IAAI,iBAAiB;AAGvE,IAAM,cAAwB,OAAO,SAAS,IAAI,OAAO,QAAQ,KAAK,IAAI,KAAK,KAAK;AAGpF,IAAM,iBAA2B,OAAO,KAAK,SAAS;AACpD,QAAM,QAAQ,KAAK,gBAAgB,IAAI,OAAO;AAC9C,MAAI,CAAC,OAAO,aAAc,QAAO;AACjC,MAAI,CAAC,UAAU,KAAK,EAAG,QAAO,MAAM;AACpC,MAAI,CAAC,MAAM,cAAe,QAAO;AACjC,MAAI;AACF,UAAM,YAAY,MAAM,KAAK,SAAS,IAAI,aAAa,IAAI,OAAO;AAGlE,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB;AAAA,QACE,eAAe,UAAU;AAAA,QACzB,cAAc,MAAM;AAAA,QACpB,UAAU;AAAA,MACZ;AAAA,MACA,IAAI;AAAA,IACN;AACA,UAAM,UAAuB;AAAA,MAC3B,cAAc,IAAI;AAAA,MAClB,eAAe,IAAI,iBAAiB,MAAM;AAAA,MAC1C,YAAY,cAAc,IAAI,UAAU;AAAA,MACxC,OAAO,IAAI,SAAS,MAAM;AAAA,MAC1B,eAAe,MAAM;AAAA,IACvB;AACA,SAAK,iBAAiB,IAAI,SAAS,OAAO;AAC1C,WAAO,IAAI;AAAA,EACb,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,IAAM,4BAAsC,OAAO,KAAK,SAAS;AAC/D,MAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,SAAU,QAAO;AAC/C,QAAM,YAAY,MAAM,KAAK,SAAS,IAAI,aAAa,IAAI,OAAO;AAClE,QAAM,MAAM,MAAM,KAAK;AAAA,IACrB;AAAA,MACE,eAAe,UAAU;AAAA,MACzB,UAAU,IAAI;AAAA,MACd,cAAc,IAAI;AAAA,MAClB,OAAO,IAAI;AAAA,IACb;AAAA,IACA,IAAI;AAAA,EACN;AACA,OAAK,iBAAiB,IAAI,SAAS;AAAA,IACjC,cAAc,IAAI;AAAA,IAClB,YAAY,cAAc,IAAI,UAAU;AAAA,IACxC,OAAO,IAAI;AAAA,IACX,eAAe,IAAI;AAAA,EACrB,CAAC;AACD,SAAO,IAAI;AACb;AAGO,IAAM,YAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,eAAsB,aAAa,KAAsC;AACvE,QAAM,OAAO,EAAE,GAAG,aAAa,GAAG,IAAI,KAAK;AAC3C,aAAW,YAAY,WAAW;AAChC,UAAM,QAAQ,MAAM,SAAS,KAAK,IAAI;AACtC,QAAI,MAAO,QAAO;AAAA,EACpB;AACA,QAAM,IAAI;AAAA,IACR;AAAA,EACF;AACF;;;AC9FO,IAAM,kBAA4B;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,aAAa,OAAO,QAAgB;AAClC,UAAM,EAAE,SAAS,KAAK,IAAI,MAAM,OAAO,MAAM;AAC7C,WAAO,KAAK,GAAG;AAAA,EACjB;AACF;;;AC5BA,SAAS,KAAK,OAAuB;AACnC,SAAO,MAAM,SAAS,IAAI,GAAG,MAAM,MAAM,GAAG,CAAC,CAAC,SAAI,MAAM,MAAM,EAAE,CAAC,KAAK;AACxE;AASO,SAAS,WACd,KACA,OAA+B,CAAC,GAChC,OAAiB,iBACL;AACZ,QAAM,QAAQ,KAAK,gBAAgB,IAAI,OAAO,KAAK,CAAC;AACpD,QAAM,SAAS,KAAK,aAAa;AACjC,QAAM,SAAS,CAAC,UACd,UAAU,SAAY,SAAY,SAAS,QAAQ,KAAK,KAAK;AAE/D,SAAO;AAAA,IACL,SAAS,IAAI;AAAA,IACb,cAAc,IAAI;AAAA,IAClB,eAAe,IAAI;AAAA,IACnB,WAAW,OAAO,IAAI,QAAQ;AAAA,IAC9B,eAAe,OAAO,IAAI,gBAAgB,MAAM,aAAa;AAAA,IAC7D,cAAc,OAAO,IAAI,iBAAiB,MAAM,YAAY;AAAA,IAC5D,eAAe,OAAO,MAAM,aAAa;AAAA,IACzC,kBACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,EAAE,YAAY,IAAI;AAAA,IACpF,OAAO,MAAM;AAAA,EACf;AACF;;;ACnDA,SAAS,eAAAC,oBAAmB;AAC5B,SAAsB,oBAAoB;AAiBnC,IAAM,gBAAgB;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,GAAG;AACV,IAAM,kBAAkB;AAGxB,SAAS,gBAAgB,KAAuB;AAC9C,MAAI,IAAI,SAAU,iBAAgB,IAAI,SAAS,aAAa,IAAI,QAAQ;AACxE,kBAAgB,IAAI,SAAS,iBAAiB,IAAI,WAAW;AAC7D,kBAAgB,IAAI,SAAS,gBAAgB,IAAI,UAAU;AAC7D;AAGO,SAAS,eACd,KACA,OACA,OAAiB,iBACJ;AACb,QAAM,QAAqB,EAAE,cAAc,MAAM;AACjD,OAAK,iBAAiB,IAAI,SAAS,KAAK;AACxC,kBAAgB,GAAG;AACnB,SAAO;AACT;AAGA,eAAsB,uBACpB,KACA,cACA,QAAQ,eACR,OAAiB,iBACK;AACtB,MAAI,CAAC,IAAI,UAAU;AACjB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,YAAY,MAAM,KAAK,SAAS,IAAI,WAAW;AACrD,QAAM,MAAM,MAAM,KAAK,kBAAkB;AAAA,IACvC,eAAe,UAAU;AAAA,IACzB,UAAU,IAAI;AAAA,IACd;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,QAAqB;AAAA,IACzB,cAAc,IAAI;AAAA,IAClB,YAAY,cAAc,IAAI,UAAU;AAAA,IACxC,OAAO,IAAI;AAAA,IACX,eAAe;AAAA,EACjB;AACA,OAAK,iBAAiB,IAAI,SAAS,KAAK;AACxC,kBAAgB,GAAG;AACnB,SAAO;AACT;AAQA,SAAS,cAAc,QAAgB,eAAgD;AACrF,SAAO,IAAI,QAAwB,CAAC,SAAS,WAAW;AACtD,UAAM,QAAQ,WAAW,MAAM;AAC7B,aAAO,MAAM;AACb,aAAO,IAAI,MAAM,6CAA6C,CAAC;AAAA,IACjE,GAAG,eAAe;AAElB,WAAO,GAAG,WAAW,CAAC,KAAK,QAAQ;AACjC,YAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,UAAI,IAAI,aAAa,aAAa;AAChC,YAAI,UAAU,GAAG,EAAE,IAAI;AACvB;AAAA,MACF;AACA,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,UAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,UAAI;AAAA,QACF,QACI,2BAA2B,KAAK,SAChC;AAAA,MACN;AACA,mBAAa,KAAK;AAClB,aAAO,MAAM;AACb,UAAI,SAAS,CAAC,QAAQ,CAAC,OAAO;AAC5B,eAAO,IAAI,MAAM,yBAAyB,SAAS,oBAAoB,EAAE,CAAC;AAAA,MAC5E,WAAW,UAAU,eAAe;AAClC,eAAO,IAAI,MAAM,2CAA2C,CAAC;AAAA,MAC/D,OAAO;AACL,gBAAQ,EAAE,MAAM,MAAM,CAAC;AAAA,MACzB;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AACH;AAQA,eAAsB,UACpB,KACA,QAAQ,eACR,OAAiB,iBACS;AAC1B,QAAM,YAAY,MAAM,KAAK,SAAS,IAAI,WAAW;AACrD,QAAM,OAAO,aAAa;AAC1B,QAAM,QAAQC,aAAY,EAAE,EAAE,SAAS,KAAK;AAE5C,QAAM,SAAS,aAAa;AAC5B,QAAM,IAAI,QAAc,CAAC,YAAY,OAAO,OAAO,GAAG,aAAa,OAAO,CAAC;AAC3E,QAAM,UAAU,OAAO,QAAQ;AAC/B,MAAI,CAAC,WAAW,OAAO,YAAY,UAAU;AAC3C,WAAO,MAAM;AACb,UAAM,IAAI,MAAM,wDAAwD;AAAA,EAC1E;AACA,QAAM,cAAc,oBAAoB,QAAQ,IAAI;AAEpD,QAAM,eAAe,kBAAkB;AAAA,IACrC,uBAAuB,UAAU;AAAA,IACjC,UAAU;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,IACA,eAAe,KAAK;AAAA,EACtB,CAAC;AAED,QAAM,kBAAkB,cAAc,QAAQ,KAAK;AACnD,QAAM,KAAK,YAAY,YAAY;AACnC,QAAM,EAAE,KAAK,IAAI,MAAM;AAEvB,QAAM,MAAM,MAAM,KAAK,aAAa;AAAA,IAClC,eAAe,UAAU;AAAA,IACzB;AAAA,IACA;AAAA,IACA,UAAU;AAAA,IACV,cAAc,KAAK;AAAA,EACrB,CAAC;AAED,QAAM,QAAqB;AAAA,IACzB,cAAc,IAAI;AAAA,IAClB,eAAe,IAAI;AAAA,IACnB,YAAY,cAAc,IAAI,UAAU;AAAA,IACxC,OAAO,IAAI;AAAA,EACb;AACA,OAAK,iBAAiB,IAAI,SAAS,KAAK;AACxC,kBAAgB,GAAG;AACnB,SAAO,EAAE,OAAO,aAAa;AAC/B;;;AC9KA,eAAsB,OAAO,KAAiB,OAAiB,iBAAmC;AAChG,QAAM,QAAQ,KAAK,gBAAgB,IAAI,OAAO;AAC9C,MAAI,CAAC,MAAO,QAAO;AAEnB,MAAI,MAAM,cAAc;AACtB,QAAI;AACF,YAAM,YAAY,MAAM,KAAK,SAAS,IAAI,WAAW;AAGrD,YAAM,KAAK,OAAO;AAAA,QAChB,oBAAoB,UAAU;AAAA,QAC9B,OAAO,MAAM,iBAAiB,MAAM;AAAA,QACpC,UAAU,MAAM,iBAAiB,IAAI,WAAW,IAAI,WAAW;AAAA,QAC/D,cAAc,MAAM;AAAA,MACtB,CAAC;AAAA,IACH,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,OAAK,iBAAiB,IAAI,OAAO;AACjC,SAAO;AACT;;;ACHA,SAAS,UAAU,OAAuB;AACxC,SAAO,MAAM,SAAS,KAAK,GAAG,MAAM,MAAM,GAAG,CAAC,CAAC,SAAI,MAAM,MAAM,EAAE,CAAC,KAAK;AACzE;AAEA,SAAS,aAAa,KAAiB,MAAwB;AAC7D,MAAI,IAAI,cAAe,QAAO;AAC9B,MAAI,IAAI,IAAI,IAAI,KAAK,EAAG,QAAO;AAC/B,MAAI,KAAK,gBAAgB,IAAI,OAAO,GAAG,aAAc,QAAO;AAC5D,MAAI,IAAI,aAAc,QAAO;AAC7B,SAAO;AACT;AAEA,SAAS,SAAS,OAAiD;AACjE,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,QAAQ,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO;AAC/C,SAAO,MAAM,SAAS,QAAQ;AAChC;AAGA,eAAsB,WACpB,KACA,OAAiB,iBACI;AACrB,MAAI;AACJ,MAAI;AACF,YAAQ,MAAM,KAAK,aAAa;AAAA,MAC9B,eAAe,IAAI;AAAA,MACnB,SAAS,IAAI;AAAA,MACb,aAAa,IAAI;AAAA,MACjB,UAAU,IAAI;AAAA,MACd,cAAc,IAAI;AAAA,MAClB,KAAK,IAAI;AAAA,IACX,CAAC;AAAA,EACH,QAAQ;AACN,UAAM,IAAI;AAAA,MACR,kCAAkC,IAAI,OAAO;AAAA,IAC/C;AAAA,EACF;AAEA,QAAM,SAAqB;AAAA,IACzB,SAAS,IAAI;AAAA,IACb,QAAQ,aAAa,KAAK,IAAI;AAAA,IAC9B,YAAY,IAAI;AAAA,IAChB,aAAa,IAAI;AAAA,IACjB,aAAa,UAAU,KAAK;AAAA,EAC9B;AAGA,MAAI,cAAc,KAAK,gBAAgB,IAAI,OAAO,GAAG;AAErD,QAAM,YAAY,MAAM,KAAK,SAAS,IAAI,WAAW;AACrD,MAAI;AACF,UAAM,OAAO,MAAM,KAAK,SAAS;AAAA,MAC/B,kBAAkB,UAAU;AAAA,MAC5B,aAAa;AAAA,IACf,CAAC;AACD,WAAO,OAAO;AAAA,MACZ,KAAK,KAAK;AAAA,MACV,OAAO,KAAK;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,OAAO,KAAK;AAAA,MACZ,KAAK,KAAK;AAAA,IACZ;AACA,WAAO,SAAS,SAAS,KAAK,KAAK;AAAA,EACrC,QAAQ;AAAA,EAER;AACA,MAAI;AACF,UAAM,QAAQ,MAAM,KAAK,WAAW;AAAA,MAClC,uBAAuB,UAAU;AAAA,MACjC;AAAA;AAAA;AAAA,MAGA,UAAU,IAAI,gBAAgB,IAAI,WAAW,IAAI,WAAW;AAAA,MAC5D,cAAc,IAAI;AAAA,IACpB,CAAC;AAGD,QAAI,MAAM,QAAQ;AAChB,aAAO,SAAS,OAAO,UAAU,SAAS,MAAM,KAAK;AACrD,UAAI,OAAO,MAAM,QAAQ,SAAU,eAAc,eAAe,MAAM,MAAM;AAAA,IAC9E;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,MAAI,OAAO,gBAAgB,SAAU,QAAO,iBAAiB,IAAI,KAAK,WAAW,EAAE,YAAY;AAC/F,SAAO;AACT;;;AC7GO,IAAM,mBAAmB,CAAC,QAAQ,OAAO,MAAM;AAGtD,IAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,gBAA0C;AAAA,EAC9C,MAAM,CAAC,SAAS,UAAU,UAAU,UAAU,QAAQ;AAAA,EACtD,WAAW,CAAC,OAAO,OAAO,eAAe;AAAA,EACzC,YAAY,CAAC,GAAG,gBAAgB;AAClC;AAEA,SAAS,eAAe,OAAiC;AACvD,QAAM,QAAQ;AAAA,IACZ,GAAG,MAAM,WAAW,IAAI,CAAC,MAAM,EAAE,IAAI;AAAA,IACrC,GAAG,MAAM,YAAY,IAAI,CAAC,MAAM,EAAE,IAAI;AAAA,IACtC,GAAG,MAAM,WAAW,IAAI,CAAC,MAAM,EAAE,IAAI;AAAA,EACvC;AACA,MAAI,MAAM,QAAS,OAAM,KAAK,cAAc;AAC5C,MAAI,MAAM,UAAW,OAAM,KAAK,QAAQ;AACxC,MAAI,MAAM,aAAa,SAAU,OAAM,KAAK,eAAe;AAC3D,MAAI,MAAM,YAAY,KAAK,CAAC,MAAM,EAAE,SAAS,MAAM,EAAG,OAAM,KAAK,OAAO;AACxE,SAAO;AACT;AAEA,SAAS,KAAK,QAA4B;AACxC,SAAO,CAAC,GAAG,IAAI,IAAI,MAAM,CAAC,EAAE,KAAK;AACnC;AAEA,SAAS,aAAa,MAAgBC,WAA8B;AAClE,QAAM,WAAWA,UAAS,KAAK,IAAI,CAAC,MAAM,EAAE,IAAI;AAChD,MAAI,KAAK,WAAW,EAAG,QAAO,KAAK,CAAC,GAAG,UAAU,GAAG,OAAO,KAAK,aAAa,CAAC,CAAC;AAE/E,QAAM,OAAO,KAAK,CAAC,KAAK;AACxB,MAAI,QAAQ,eAAe;AACzB,QAAI,KAAK,WAAW,EAAG,QAAO,cAAc,IAAI,KAAK,CAAC;AAEtD,QAAI,SAAS,eAAe,KAAK,WAAW,MAAM,KAAK,CAAC,MAAM,SAAS,KAAK,CAAC,MAAM,QAAQ;AACzF,aAAO,KAAK,CAAC,GAAG,cAAc,eAAe,CAAC;AAAA,IAChD;AACA,WAAO,CAAC;AAAA,EACV;AACA,MAAI,CAAC,SAAS,SAAS,IAAI,EAAG,QAAO,CAAC;AAEtC,MAAI,KAAK,WAAW,GAAG;AACrB,WAAO,KAAKA,UAAS,WAAW,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC;AAAA,EACnF;AACA,MAAI,KAAK,WAAW,GAAG;AACrB,WAAO;AAAA,MACLA,UAAS,WACN,OAAO,CAAC,MAAM,EAAE,QAAQ,QAAQ,EAAE,UAAU,KAAK,CAAC,CAAC,EACnD,IAAI,CAAC,MAAM,EAAE,OAAO;AAAA,IACzB;AAAA,EACF;AACA,QAAM,QAAQA,UAAS,WAAW;AAAA,IAChC,CAAC,MAAM,EAAE,QAAQ,QAAQ,EAAE,UAAU,KAAK,CAAC,KAAK,EAAE,YAAY,KAAK,CAAC;AAAA,EACtE;AACA,SAAO,KAAK,CAAC,GAAI,QAAQ,eAAe,KAAK,IAAI,CAAC,GAAI,GAAG,YAAY,CAAC;AACxE;AASO,SAAS,aAAa,gBAA0BA,WAA8B;AACnF,QAAM,OAAO,eAAe,OAAO,CAAC,MAAM,CAAC,EAAE,WAAW,GAAG,CAAC;AAC5D,SAAO,aAAa,MAAMA,SAAQ;AACpC;AAGO,SAAS,iBAAiB,OAAsB;AACrD,MAAI,UAAU,QAAQ;AACpB,WAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWT;AACA,MAAI,UAAU,OAAO;AACnB,WAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQT;AACA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAOT;;;ACtHA,SAAS,uBAAuB;AAchC,IAAM,cAAc,CAAC,eAAe;AAGpC,IAAM,WAAW,CAAC,GAAG,cAAc,GAAG,WAAW;AAQjD,IAAM,kBAAkB,oBAAI,IAAY,CAAC,aAAa,eAAe,CAAC;AAG/D,SAAS,gBAAgB,OAAuB;AACrD,SAAO,MAAM,QAAQ,QAAQ,EAAE;AACjC;AAQO,SAAS,WAAW,QAAwB;AACjD,QAAM,IAAI,OAAO;AACjB,MAAI,KAAK,GAAI,QAAO,GAAG,OAAO,MAAM,GAAG,CAAC,CAAC,SAAI,OAAO,MAAM,EAAE,CAAC;AAC7D,MAAI,IAAI,EAAG,QAAO,GAAG,OAAO,MAAM,GAAG,CAAC,CAAC,SAAI,OAAO,MAAM,EAAE,CAAC;AAC3D,SAAO;AACT;AAEA,SAAS,YAAY,KAA+B;AAClD,SAAQ,YAAkC,SAAS,GAAG;AACxD;AAEA,SAAS,UAAU,KAAwC;AACzD,MAAI,CAAE,aAAmC,SAAS,GAAG,GAAG;AACtD,UAAM,IAAI,WAAW,uBAAuB,GAAG,kBAAkB,SAAS,KAAK,IAAI,CAAC,EAAE;AAAA,EACxF;AACF;AAGA,SAAS,kBAAkB,SAAiB,QAAsB;AAChE,QAAM,WAAwB,gBAAgB,OAAO,KAAK,CAAC;AAC3D,mBAAiB,SAAS,EAAE,GAAG,UAAU,eAAe,gBAAgB,MAAM,EAAE,CAAC;AACnF;AAEO,SAAS,aAAa,SAAiB,KAAa,OAAqB;AAC9E,QAAM,IAAI,gBAAgB,IAAI,GAAG,IAAI,gBAAgB,KAAK,IAAI;AAC9D,MAAI,YAAY,GAAG,GAAG;AACpB,sBAAkB,SAAS,CAAC;AAC5B;AAAA,EACF;AACA,YAAU,GAAG;AACb,kBAAgB,SAAS,KAAK,CAAC;AACjC;AAEO,SAAS,aAAa,SAAiB,KAAiC;AAC7E,MAAI,YAAY,GAAG,GAAG;AACpB,WAAO,gBAAgB,OAAO,GAAG;AAAA,EACnC;AACA,YAAU,GAAG;AACb,SAAO,WAAW,OAAO,EAAE,GAAG;AAChC;AAYO,SAAS,wBAA0C;AACxD,QAAM,EAAE,gBAAgB,IAAI,WAAW;AACvC,SAAO,aAAa,EAAE,IAAI,CAAC,YAAY;AACrC,UAAM,IAAI,WAAW,OAAO;AAC5B,WAAO;AAAA,MACL;AAAA,MACA,SAAS,YAAY;AAAA,MACrB,cAAc,EAAE;AAAA,MAChB,eAAe,EAAE;AAAA,MACjB,WAAW,EAAE;AAAA,MACb,QAAQ,EAAE;AAAA,IACZ;AAAA,EACF,CAAC;AACH;AAGA,eAAsB,mBACpB,KACA,QAA+B,QAAQ,OACvC,SAAgC,QAAQ,QACrB;AACnB,QAAM,KAAK,gBAAgB,EAAE,OAAO,OAAO,CAAC;AAC5C,QAAM,UAAoB,CAAC;AAC3B,MAAI;AACF,UAAM,MAAM,OAAO,OAAeC,aAAiD;AACjF,YAAM,SAASA,WAAU,KAAKA,QAAO,MAAM;AAC3C,YAAM,UAAU,MAAM,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM,IAAI,GAAG,KAAK;AAC/D,aAAO,UAAUA,YAAW;AAAA,IAC9B;AAEA,UAAM,UAAU,WAAW,IAAI,OAAO;AACtC,UAAM,aAAa,MAAM,IAAI,gBAAgB,QAAQ,gBAAgB,IAAI,UAAU;AACnF,UAAM,cAAc,MAAM,IAAI,iBAAiB,QAAQ,iBAAiB,IAAI,WAAW;AAGvF,UAAM,WAAW;AAAA,MACf,MAAM,IAAI,wCAAwC,QAAQ,aAAa,IAAI,QAAQ;AAAA,IACrF;AAIA,UAAM,iBAAiB,gBAAgB,IAAI,OAAO,GAAG;AACrD,UAAM,cAAc,iBAChB,kBAAkB,WAAW,cAAc,CAAC,MAC5C;AACJ,UAAM,eAAe,gBAAgB,MAAM,GAAG,SAAS,GAAG,WAAW,IAAI,CAAC;AAE1E,UAAM,SAAS,MAAM,GAAG,SAAS,uCAAuC,GAAG,KAAK;AAChF,UAAM,MAAM,MAAM,IAAI,yCAAyC,QAAQ,UAAU,IAAI,MAAM;AAE3F,eAAW,CAAC,KAAK,KAAK,KAAK;AAAA,MACzB,CAAC,gBAAgB,UAAU;AAAA,MAC3B,CAAC,iBAAiB,WAAW;AAAA,MAC7B,CAAC,aAAa,QAAQ;AAAA,MACtB,CAAC,UAAU,GAAG;AAAA,IAChB,GAA6B;AAC3B,UAAI,OAAO;AACT,wBAAgB,IAAI,SAAS,KAAK,KAAK;AACvC,gBAAQ,KAAK,GAAG;AAAA,MAClB;AAAA,IACF;AACA,QAAI,cAAc;AAChB,wBAAkB,IAAI,SAAS,YAAY;AAC3C,cAAQ,KAAK,eAAe;AAAA,IAC9B;AACA,QAAI,OAAO;AACT,YAAM,WAAwB,gBAAgB,IAAI,OAAO,KAAK,CAAC;AAC/D,uBAAiB,IAAI,SAAS,EAAE,GAAG,UAAU,cAAc,MAAM,CAAC;AAClE,cAAQ,KAAK,OAAO;AAAA,IACtB;AACA,WAAO;AAAA,EACT,UAAE;AACA,OAAG,MAAM;AAAA,EACX;AACF;;;ACnKA,SAAS,cAAc;AACvB,SAAS,gBAAAC,eAAc,iBAAAC,sBAAqB;;;ACyErC,SAAS,UAAU,OAAuB;AAC/C,SAAO,MACJ,QAAQ,sBAAsB,OAAO,EACrC,QAAQ,WAAW,GAAG,EACtB,QAAQ,OAAO,GAAG,EAClB,YAAY;AACjB;AAEO,SAAS,UAAU,OAAuB;AAC/C,QAAM,QAAQ,UAAU,KAAK,EAAE,MAAM,GAAG,EAAE,OAAO,OAAO;AACxD,SAAO,MAAM,IAAI,CAAC,GAAG,MAAO,MAAM,IAAI,IAAI,EAAE,OAAO,CAAC,EAAE,YAAY,IAAI,EAAE,MAAM,CAAC,CAAE,EAAE,KAAK,EAAE;AAC5F;;;ACrCO,SAAS,aACd,SACA,MAAyB,QAAQ,KACrB;AACZ,QAAM,UACJ,QAAQ,WAAW,IAAI,IAAI,OAAO,KAAK,WAAW,EAAE,mBAAmB;AACzE,QAAM,MAAM,WAAW,OAAO;AAE9B,SAAO;AAAA,IACL;AAAA,IACA,YACE,QAAQ,WACR,IAAI,IAAI,UAAU,KAClB,IAAI,gBACJ,SAAS,cACT;AAAA,IACF,aACE,QAAQ,eAAe,IAAI,IAAI,WAAW,KAAK,IAAI,iBAAiB;AAAA;AAAA,IAEtE,UAAU,QAAQ,YAAY,IAAI,IAAI,QAAQ,KAAK,IAAI,aAAa;AAAA,IACpE,cAAc,IAAI,IAAI,YAAY,KAAK,gBAAgB,OAAO,GAAG,iBAAiB;AAAA,IAClF,QAAQ,QAAQ,UAAU,IAAI,UAAU;AAAA,IACxC,OAAO,QAAQ;AAAA,IACf,OAAO,QAAQ,UAAU,SAAS,CAAC,IAAI;AAAA,IACvC,OAAO,QAAQ,QAAQ,KAAK;AAAA,IAC5B,OAAO,QAAQ,QAAQ,KAAK;AAAA,IAC5B,eAAe,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;AAGO,SAAS,mBAAmB,KAAiB,OAA+B;AACjF,SAAO;AAAA,IACL,YAAY,IAAI;AAAA,IAChB;AAAA,IACA,WAAW;AAAA,IACX,OAAO,IAAI;AAAA,EACb;AACF;;;AF5EO,SAAS,QAAQ,MAAsB;AAC5C,SAAO,UAAU,KAAK,QAAQ,OAAO,EAAE,CAAC;AAC1C;AAcO,IAAM,sBAAoC;AAAA,EAC/C;AAAA,EACA,MAAM,CAAC,OAAO,KAAK,QAAQ,cAAc,MAAM,KAAK,MAAM,aAAa,KAAK,GAAG;AAAA,EAC/E,UAAU,CAAC,SAASC,cAAa,IAAI;AAAA,EACrC,WAAW,CAAC,MAAM,SAASC,eAAc,MAAM,IAAI;AAAA,EACnD,QAAQ,QAAQ;AAClB;AAEA,SAAS,OAAO,OAAgB,MAAsC;AACpE,MAAI,SAAS,UAAW,QAAO,UAAU,QAAQ,UAAU;AAC3D,MAAI,SAAS,YAAY,SAAS,UAAW,QAAO,OAAO,KAAK;AAChE,SAAO,OAAO,KAAK;AACrB;AAEA,SAAS,cAAc,KAAa,MAA6C;AAC/E,QAAM,OACJ,QAAQ,MACJD,cAAa,GAAG,MAAM,IACtB,IAAI,WAAW,GAAG,IAChB,KAAK,SAAS,IAAI,MAAM,CAAC,CAAC,EAAE,SAAS,MAAM,IAC3C;AACR,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,SAAS,KAAK;AACZ,UAAM,IAAI,WAAW,mCAAoC,IAAc,OAAO,EAAE;AAAA,EAClF;AACF;AAEA,SAAS,aACP,OACA,OACA,MACkB;AAClB,QAAM,aAAqC,CAAC;AAC5C,aAAW,KAAK,MAAM,YAAY;AAChC,UAAM,QAAQ,MAAM,QAAQ,EAAE,IAAI,CAAC;AACnC,QAAI,UAAU,UAAa,UAAU,IAAI;AACvC,YAAM,IAAI,WAAW,2BAA2B,EAAE,IAAI,EAAE;AAAA,IAC1D;AACA,eAAW,EAAE,IAAI,IAAI,OAAO,KAAK;AAAA,EACnC;AAEA,QAAM,QAA+D,CAAC;AACtE,aAAW,KAAK,MAAM,aAAa;AACjC,UAAM,QAAQ,MAAM,QAAQ,EAAE,IAAI,CAAC;AACnC,QAAI,UAAU,OAAW,OAAM,EAAE,IAAI,IAAI;AAAA,EAC3C;AAEA,MAAI;AACJ,MAAI,MAAM,SAAS;AACjB,WAAO,CAAC;AACR,UAAM,YAAY,MAAM;AACxB,QAAI,OAAO,cAAc,SAAU,QAAO,OAAO,MAAM,cAAc,WAAW,IAAI,CAAC;AACrF,eAAW,SAAS,MAAM,YAAY;AACpC,YAAM,QAAQ,MAAM,QAAQ,MAAM,IAAI,CAAC;AACvC,UAAI,UAAU,OAAW,MAAK,MAAM,IAAI,IAAI,OAAO,OAAO,MAAM,IAAI;AAAA,IACtE;AACA,QAAI,MAAM,aAAa,OAAO,MAAM,SAAS,UAAU;AACrD,WAAK,MAAM,SAAS,IAAI,KAAK,SAAS,MAAM,IAAI,EAAE,SAAS,QAAQ;AAAA,IACrE;AACA,QAAI,OAAO,KAAK,IAAI,EAAE,WAAW,EAAG,QAAO;AAAA,EAC7C;AAEA,SAAO,EAAE,YAAY,OAAO,KAAK;AACnC;AAEA,SAAS,UAAU,MAAsC;AACvD,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO;AAChC,MAAI,QAAQ,OAAO,SAAS,UAAU;AACpC,eAAW,OAAO,CAAC,QAAQ,SAAS,WAAW,cAAc,aAAa,YAAY,GAAG;AACvF,YAAM,QAAS,KAAiC,GAAG;AACnD,UAAI,MAAM,QAAQ,KAAK,EAAG,QAAO;AAAA,IACnC;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAM,YAAY;AAGlB,eAAsB,SACpB,OACA,OACA,KACA,OAAqB,qBACN;AACf,QAAM,QAAQ,MAAM,KAAK,aAAa;AAAA,IACpC,eAAe,IAAI;AAAA,IACnB,SAAS,IAAI;AAAA,IACb,aAAa,IAAI;AAAA,IACjB,UAAU,IAAI;AAAA,IACd,cAAc,IAAI;AAAA,IAClB,KAAK,IAAI;AAAA,EACX,CAAC;AACD,QAAM,SAAS,mBAAmB,KAAK,KAAK;AAC5C,QAAM,MAAM,aAAa,OAAO,OAAO,IAAI;AAG3C,QAAM,cAAc,MAAM,YAAY,KAAK,CAAC,MAAM,EAAE,SAAS,MAAM;AACnE,MAAI,MAAM,OAAO,eAAe,MAAM,aAAa,QAAQ;AACzD,UAAM,YAAuB,CAAC;AAC9B,aAAS,OAAO,GAAG,QAAQ,WAAW,QAAQ;AAC5C,YAAME,OAAM,MAAM,KAAK,KAAK,OAAO,EAAE,GAAG,KAAK,OAAO,EAAE,GAAG,IAAI,OAAO,KAAK,EAAE,GAAG,MAAM;AACpF,YAAM,QAAQ,UAAUA,KAAI,IAAI;AAChC,UAAI,CAAC,SAAS,MAAM,WAAW,EAAG;AAClC,gBAAU,KAAK,GAAG,KAAK;AACvB,YAAM,QAAQ,OAAO,IAAI,OAAO,SAAS,MAAM,MAAM;AACrD,UAAI,MAAM,SAAS,MAAO;AAAA,IAC5B;AACA,gBAAY,WAAW,EAAE,QAAQ,IAAI,QAAQ,OAAO,IAAI,MAAM,GAAG,KAAK,MAAM;AAC5E;AAAA,EACF;AAEA,QAAM,MAAM,MAAM,KAAK,KAAK,OAAO,KAAK,MAAM;AAE9C,MAAI,MAAM,aAAa,UAAU;AAC/B,UAAM,QAAQ,IAAI,SAAS,OAAO,MAAM,CAAC;AACzC,QAAI,OAAO,MAAM,eAAe,UAAU;AACxC,WAAK,UAAU,MAAM,YAAY,KAAK;AACtC,WAAK,OAAO,MAAM,SAAS,MAAM,MAAM,aAAa,MAAM,UAAU;AAAA,CAAI;AAAA,IAC1E,OAAO;AACL,WAAK,OAAO,MAAM,KAAK;AAAA,IACzB;AACA;AAAA,EACF;AAEA,cAAY,IAAI,MAAM,EAAE,QAAQ,IAAI,QAAQ,OAAO,IAAI,MAAM,GAAG,KAAK,MAAM;AAC7E;;;Af3GO,IAAM,qBAAkC;AAAA,EAC7C,cAAc,CAAC,YAAY,aAAoB,OAAO;AAAA,EACtD;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EACA,WAAW;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAGA,SAAS,iBAAiB,KAAuB;AAC/C,SAAO,IACJ,OAAO,oBAAoB,uBAAuB,EAClD,OAAO,qBAAqB,qCAAqC,EACjE,OAAO,sBAAsB,+CAA+C,EAC5E,OAAO,oBAAoB,2BAA2B,EACtD,OAAO,yBAAyB,4BAA4B,EAC5D,OAAO,oBAAoB,oCAAoC,EAC/D,OAAO,mBAAmB,6CAA6C,EACvE,OAAO,cAAc,wBAAwB,EAC7C,OAAO,WAAW,4CAA4C,EAC9D,OAAO,WAAW,mCAAmC;AAC1D;AAQA,SAAS,gBAAwB;AAC/B,QAAM,OAA6D;AAAA,IACjE,EAAE,MAAM,IAAI,OAAO,MAAM,8CAA8C;AAAA,IACvE,EAAE,MAAM,IAAI,SAAS,MAAM,kBAAkB,MAAM,YAAY;AAAA,IAC/D,EAAE,MAAM,IAAI,YAAY,MAAM,gBAAgB,MAAM,aAAa;AAAA,IACjE,EAAE,MAAM,IAAI,aAAa,MAAM,iBAAiB,MAAM,kBAAkB;AAAA,IACxE,EAAE,MAAM,IAAI,UAAU,MAAM,sCAAsC,MAAM,cAAc;AAAA,IACtF,EAAE,MAAM,IAAI,cAAc,MAAM,yCAAyC;AAAA,IACzE,EAAE,MAAM,IAAI,WAAW,MAAM,wCAAwC;AAAA,IACrE,EAAE,MAAM,YAAY,MAAM,0BAA0B,MAAM,aAAa;AAAA,EACzE;AACA,QAAM,YAAY,KAAK,IAAI,GAAG,KAAK,IAAI,CAAC,MAAM,EAAE,KAAK,MAAM,CAAC;AAC5D,QAAM,YAAY,KAAK,IAAI,GAAG,KAAK,IAAI,CAAC,MAAM,EAAE,KAAK,MAAM,CAAC;AAC5D,QAAM,QAAQ,KAAK,IAAI,CAAC,MAAM;AAC5B,UAAM,OAAO,KAAK,EAAE,KAAK,OAAO,SAAS,CAAC,KAAK,EAAE,KAAK,OAAO,SAAS,CAAC;AACvE,WAAO,EAAE,OAAO,GAAG,IAAI,MAAM,EAAE,IAAI,MAAM,KAAK,QAAQ;AAAA,EACxD,CAAC;AACD,SAAO;AAAA,IACL;AAAA,IACA,GAAG;AAAA,IACH;AAAA,IACA;AAAA,EACF,EAAE,KAAK,IAAI;AACb;AAGA,SAAS,kBAAkB,KAAuB;AAChD,SAAO,IAAI,OAAO,MAAM,IAAI,KAAK,CAAC;AACpC;AAEA,SAAS,cAAc,UAAmB,OAAuB,MAAyB;AACxF,QAAM,MAAM,SAAS,QAAQ,MAAM,OAAO;AAC1C,MAAI,MAAM,QAAS,KAAI,YAAY,MAAM,OAAO;AAEhD,QAAM,QAAQ,oBAAI,IAAY;AAC9B,QAAM,MAAM,CAAC,MAAc,MAAc,WAAW,UAAgB;AAClE,UAAM,MAAM,KAAK,MAAM,GAAG,EAAE,CAAC,KAAK;AAClC,QAAI,MAAM,IAAI,GAAG,EAAG;AACpB,UAAM,IAAI,GAAG;AACb,QAAI,SAAU,KAAI,eAAe,MAAM,IAAI;AAAA,QACtC,KAAI,OAAO,MAAM,IAAI;AAAA,EAC5B;AAEA,aAAW,KAAK,MAAM,YAAY;AAChC,QAAI,GAAG,EAAE,IAAI,YAAY,EAAE,eAAe,mBAAmB,EAAE,IAAI,KAAK,IAAI;AAAA,EAC9E;AACA,aAAW,KAAK,MAAM,aAAa;AACjC,QAAI,GAAG,EAAE,IAAI,YAAY,EAAE,eAAe,oBAAoB,EAAE,IAAI,GAAG;AAAA,EACzE;AACA,aAAW,KAAK,MAAM,YAAY;AAChC,UAAM,OAAO,GAAG,EAAE,eAAe,eAAe,EAAE,IAAI,GAAG,GAAG,EAAE,WAAW,gBAAgB,EAAE;AAC3F,QAAI,EAAE,SAAS,YAAY,EAAE,OAAO,GAAG,EAAE,IAAI,YAAY,IAAI;AAAA,EAC/D;AACA,MAAI,MAAM,SAAS;AACjB,QAAI,6BAA6B,uDAAuD;AAAA,EAC1F;AACA,MAAI,MAAM,WAAW;AACnB,QAAI,iBAAiB,uBAAuB,MAAM,SAAS,0BAA0B;AAAA,EACvF;AACA,MAAI,MAAM,aAAa,UAAU;AAC/B,QAAI,wBAAwB,mDAAmD;AAAA,EACjF;AACA,MAAI,MAAM,YAAY,KAAK,CAAC,MAAM,EAAE,SAAS,MAAM,GAAG;AACpD,QAAI,SAAS,oCAAoC;AAAA,EACnD;AAEA,mBAAiB,GAAG;AACpB,MAAI,OAAO,OAAO,OAAO,MAAe;AACtC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,KAAK,SAAS,OAAO,EAAE,KAAK,GAAG,GAAG;AAAA,EAC1C,CAAC;AACH;AAEA,SAAS,kBAAkB,SAAkBC,WAAoB,MAAyB;AAGxF,QAAM,UAAU,oBAAI,IAAqB;AACzC,QAAM,YAAY,oBAAI,IAAqB;AAE3C,aAAW,OAAOA,UAAS,MAAM;AAC/B,UAAM,QAAQ,IAAI,MAAM,QAAQ,YAAY,EAAE;AAC9C,UAAM,SAAS,QAAQ,QAAQ,IAAI,IAAI,EAAE,YAAY,GAAG,KAAK,MAAM;AACnE,sBAAkB,MAAM;AACxB,YAAQ,IAAI,IAAI,MAAM,MAAM;AAAA,EAC9B;AAEA,aAAW,SAASA,UAAS,YAAY;AACvC,UAAM,SAAS,QAAQ,IAAI,MAAM,GAAG;AACpC,QAAI,CAAC,OAAQ;AACb,UAAM,WAAW,GAAG,MAAM,GAAG,IAAI,MAAM,KAAK;AAC5C,QAAI,WAAW,UAAU,IAAI,QAAQ;AACrC,QAAI,CAAC,UAAU;AACb,iBAAW,OAAO,QAAQ,MAAM,KAAK,EAAE,YAAY,UAAU,MAAM,KAAK,EAAE;AAC1E,wBAAkB,QAAQ;AAC1B,gBAAU,IAAI,UAAU,QAAQ;AAAA,IAClC;AACA,kBAAc,UAAU,OAAO,IAAI;AAAA,EACrC;AACF;AAEA,SAAS,aAAa,SAAkB,MAAyB;AAC/D,QAAM,OAAO,QAAQ,QAAQ,MAAM,EAAE,YAAY,2BAA2B;AAC5E,oBAAkB,IAAI;AAEtB,QAAM,QAAQ,iBAAiB,KAAK,QAAQ,OAAO,CAAC,EACjD,YAAY,6DAA6D,EACzE,OAAO,wBAAwB,6CAA6C,EAC5E;AAAA,IACC;AAAA,IACA;AAAA,EACF,EACC,OAAO,OAAO,OAAO,MAAe;AACnC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,IAAI,EAAE,KAAK;AACjB,QAAI,IAAI,eAAe;AACrB,WAAK,KAAK,eAAe,KAAK,IAAI,aAAa;AAAA,IACjD,WAAW,EAAE,mBAAmB;AAC9B,UAAI,CAAC,IAAI,YAAY,CAAC,IAAI,cAAc;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,IAAI,QAAQ,iCAAiC,IAAI,YAAY;AAAA,QACjG;AAAA,MACF;AACA,YAAM,KAAK,KAAK,uBAAuB,KAAK,IAAI,cAAc,EAAE,KAAK;AAAA,IACvE,OAAO;AACL,YAAM,EAAE,aAAa,IAAI,MAAM,KAAK,KAAK,UAAU,KAAK,EAAE,KAAK;AAC/D,cAAQ,OAAO,MAAM;AAAA,IAAsC,YAAY;AAAA,CAAI;AAAA,IAC7E;AACA,YAAQ,OAAO,MAAM,gCAA2B,IAAI,OAAO;AAAA,CAAM;AAAA,EACnE,CAAC;AACH,OAAK;AAEL,mBAAiB,KAAK,QAAQ,QAAQ,CAAC,EACpC,YAAY,qCAAqC,EACjD,OAAO,OAAO,OAAO,MAAe;AACnC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,KAAK,MAAM,KAAK,KAAK,OAAO,GAAG;AACrC,YAAQ,OAAO,MAAM,KAAK,yBAAoB,IAAI,OAAO;AAAA,IAAS,0BAA0B;AAAA,EAC9F,CAAC;AAEH,mBAAiB,KAAK,QAAQ,QAAQ,CAAC,EACpC,MAAM,QAAQ,EACd,YAAY,4CAA4C,EACxD,OAAO,OAAO,OAAO,MAAe;AACnC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,SAAS,MAAM,KAAK,KAAK,WAAW,GAAG;AAC7C,gBAAY,QAAQ,EAAE,QAAQ,IAAI,QAAQ,OAAO,IAAI,MAAM,CAAC;AAAA,EAC9D,CAAC;AAEH,mBAAiB,KAAK,QAAQ,QAAQ,CAAC,EACpC,OAAO,cAAc,2DAA2D,EAChF,YAAY,oEAAoE,EAChF,OAAO,CAAC,OAAO,MAAe;AAC7B,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,OAAO,KAAK,KAAK,WAAW,KAAK,EAAE,UAAU,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC/E,gBAAY,MAAM,EAAE,QAAQ,IAAI,QAAQ,OAAO,IAAI,MAAM,CAAC;AAAA,EAC5D,CAAC;AACL;AAEA,SAAS,kBAAkB,SAAkB,MAAyB;AACpE,QAAM,YAAY,iBAAiB,QAAQ,QAAQ,WAAW,CAAC,EAAE;AAAA,IAC/D;AAAA,EACF;AAEA,mBAAiB,UAAU,QAAQ,KAAK,CAAC,EACtC,SAAS,SAAS,YAAY,EAC9B,SAAS,WAAW,OAAO,EAC3B,YAAY,qBAAqB,EACjC,OAAO,CAAC,KAAa,OAAe,IAAI,MAAe;AACtD,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,SAAK,UAAU,aAAa,IAAI,SAAS,KAAK,KAAK;AACnD,YAAQ,OAAO,MAAM,cAAS,GAAG,iBAAiB,IAAI,OAAO;AAAA,CAAM;AAAA,EACrE,CAAC;AAEH,mBAAiB,UAAU,QAAQ,KAAK,CAAC,EACtC,SAAS,SAAS,YAAY,EAC9B,YAAY,qBAAqB,EACjC,OAAO,CAAC,KAAa,IAAI,MAAe;AACvC,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,QAAQ,KAAK,UAAU,aAAa,IAAI,SAAS,GAAG;AAC1D,YAAQ,OAAO,MAAM,GAAG,SAAS,EAAE;AAAA,CAAI;AAAA,EACzC,CAAC;AAEH,mBAAiB,UAAU,QAAQ,eAAe,CAAC,EAChD,YAAY,0BAA0B,EACtC,OAAO,CAAC,OAAO,MAAe;AAC7B,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,gBAAY,KAAK,UAAU,sBAAsB,GAAG;AAAA,MAClD,QAAQ,IAAI;AAAA,MACZ,OAAO,IAAI;AAAA,IACb,CAAC;AAAA,EACH,CAAC;AAEH,YAAU,OAAO,OAAO,OAAO,MAAe;AAC5C,UAAM,MAAM,KAAK,aAAa,EAAE,gBAAgB,CAAC;AACjD,UAAM,KAAK,UAAU,mBAAmB,GAAG;AAAA,EAC7C,CAAC;AACH;AAEA,SAAS,mBAAmB,SAAkBA,WAA0B;AACtE,UACG,QAAQ,YAAY,EACpB,SAAS,WAAW,0CAA0C,iBAAiB,KAAK,KAAK,CAAC,GAAG,EAC7F,YAAY,kCAAkC,EAC9C,OAAO,CAAC,UAAkB;AACzB,QAAI,CAAE,iBAAuC,SAAS,KAAK,GAAG;AAC5D,YAAM,IAAI;AAAA,QACR,sBAAsB,KAAK,kBAAkB,iBAAiB,KAAK,IAAI,CAAC;AAAA,MAC1E;AAAA,IACF;AACA,YAAQ,OAAO,MAAM,iBAAiB,KAAc,CAAC;AAAA,EACvD,CAAC;AAGH,QAAM,WAAW,IAAI,QAAQ,YAAY,EACtC,SAAS,cAAc,8BAA8B,EACrD,OAAO,CAAC,QAAkB,CAAC,MAAM;AAChC,eAAW,aAAa,aAAa,OAAOA,SAAQ,EAAG,SAAQ,OAAO,MAAM,GAAG,SAAS;AAAA,CAAI;AAAA,EAC9F,CAAC;AACH,UAAQ,WAAW,UAAU,EAAE,QAAQ,KAAK,CAAC;AAC/C;AAGO,SAAS,aAAaA,WAAoB,OAAoB,oBAA6B;AAChG,QAAM,UAAU,IAAI,QAAQ;AAC5B,UACG,KAAK,SAAS,EACd,YAAY,gFAA2E,EACvF,QAAQ,aAAa,eAAe,EACpC,mBAAmB,wBAAwB;AAC9C,mBAAiB,OAAO;AACxB,UAAQ,YAAY,SAAS;AAAA,EAAK,cAAc,CAAC,EAAE;AAEnD,oBAAkB,SAASA,WAAU,IAAI;AACzC,eAAa,SAAS,IAAI;AAC1B,oBAAkB,SAAS,IAAI;AAC/B,qBAAmB,SAASA,SAAQ;AAEpC,SAAO;AACT;;;AJ9TA,SAAS,YAAY,KAAsB;AACzC,MAAI,eAAe,WAAY,QAAO;AACtC,MAAI,eAAe,UAAW,QAAO;AACrC,MAAI,eAAe,SAAU,QAAO;AACpC,SAAO;AACT;AAEA,eAAe,OAAsB;AACnC,QAAM,OAAO,QAAQ;AACrB,QAAM,QAAQ,KAAK,SAAS,SAAS;AACrC,MAAI;AACF,UAAM,UAAU,aAAa,QAAQ;AACrC,YAAQ,aAAa;AAGrB,QAAI,KAAK,MAAM,CAAC,EAAE,WAAW,GAAG;AAC9B,cAAQ,WAAW;AACnB;AAAA,IACF;AAEA,UAAM,QAAQ,WAAW,IAAI;AAAA,EAC/B,SAAS,KAAK;AAEZ,QAAI,eAAe,gBAAgB;AACjC,cAAQ,WAAW,IAAI,aAAa,IAAI,IAAI;AAC5C;AAAA,IACF;AACA,UAAM,QAAQ,CAAC,KAAK,SAAS,YAAY,KAAK,CAAC,QAAQ,IAAI;AAC3D,eAAW,KAAK,EAAE,OAAO,MAAM,CAAC;AAChC,YAAQ,WAAW,YAAY,GAAG;AAAA,EACpC;AACF;AAEA,KAAK,KAAK;","names":["readFileSync","writeFileSync","readFileSync","writeFileSync","randomBytes","randomBytes","manifest","current","readFileSync","writeFileSync","readFileSync","writeFileSync","res","manifest"]}