npm - @prysmid/mcp - Versions diffs - 0.1.1 → 0.2.0 - Mend

@prysmid/mcp 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -15,32 +15,54 @@ Exposes the full Prysmid platform API as MCP tools so an agent can:
 - manage SMTP overrides
 - query subscription / billing state
-## Install
+## Tools
+The tool surface comes from three layers, merged at startup:
-> Pre-1.0 — distribution is via GitHub for now; `@prysmid/mcp` on npm is on the way.
+1. **Hand-written** (`src/tools/*.ts`) — polished schemas with rich
+   descriptions for the operations agents reach for first
+   (`list_workspaces`, `add_idp`, `create_oidc_app`, …).
+2. **Curated** (`src/tools/curated.ts`) — multi-step orchestrators an
+   agent would otherwise have to assemble itself:
+   `setup_prysmid_workspace`, `enable_google_login`, `prysmid_setup_check`.
+3. **Auto-generated** (`src/tools/generated/*.ts`) — one tool per
+   remaining REST operation, emitted by `scripts/generate-tools.ts` from
+   the live OpenAPI spec at `https://api.prysmid.com/openapi.json`.
+   Hand-written names always win on collision; near-duplicates
+   (handwritten `add_idp` vs generated `create_idp`) are resolved by an
+   explicit alias map in `src/index.ts`.
-Pin to a specific version (recommended):
+Regenerate after the API schema changes:
 ```bash
-claude mcp add prysmid -- npx -y github:PrysmID/mcp-server#v0.1.0
+npm run gen-tools
 ```
-Or float to the tip of `main`:
+## Install
 ```bash
-claude mcp add prysmid -- npx -y github:PrysmID/mcp-server
+claude mcp add prysmid -- npx -y @prysmid/mcp
 ```
-(or the equivalent for your agent)
+(or the equivalent for your agent — Cursor, Continue, etc.)
 For now, auth is bearer-token-only via env var:
 ```bash
-PRYSMID_API_TOKEN=ptkn_… npx -y github:PrysmID/mcp-server
+PRYSMID_API_TOKEN=ptkn_… npx -y @prysmid/mcp
 ```
 OAuth device flow with token caching at `~/.config/prysmid-mcp/token.json` (Unix) or `%APPDATA%/prysmid-mcp/token.json` (Windows) is queued for a follow-up release.
+### Alternative: install directly from GitHub
+Useful for testing a branch or a specific commit:
+```bash
+claude mcp add prysmid -- npx -y github:PrysmID/mcp-server#v0.2.0
+claude mcp add prysmid -- npx -y github:PrysmID/mcp-server          # tip of main
+```
 ## Configuration
 | Env var | Default | Notes |

package/dist/index.js CHANGED Viewed

@@ -577,6 +577,429 @@ var createWorkspace = defineTool({
 });
 var tools8 = [listWorkspaces, getWorkspace, createWorkspace];
+// src/tools/generated/apps.ts
+import { z as z9 } from "zod";
+var createApp = defineTool({
+  name: "create_app",
+  description: "Create App",
+  inputShape: {
+    workspace_id: z9.string().uuid(),
+    name: z9.string().min(1).max(200),
+    redirect_uris: z9.array(z9.string().url().min(1).max(2083)).describe("Where the IdP sends the user back after auth. At least one required."),
+    post_logout_redirect_uris: z9.array(z9.string().url().min(1).max(2083)).describe("Where the IdP sends the user after logout.").optional(),
+    app_type: z9.enum(["web", "spa", "native"]).describe("App kind, drives OIDC grant + auth_method defaults.\n\n- `web`: server-rendered confidential client. Gets a `client_secret`.\n- `spa`: single-page app (user-agent). Public, PKCE required, no secret.\n- `native`: desktop/mobile. Public, PKCE required, no secret.").optional(),
+    dev_mode: z9.boolean().describe("Relax HTTPS requirement on redirect_uris (allows http://localhost). Use only for local development; never in production.").default(false)
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: "POST", body: __body });
+  }
+});
+var deleteApp = defineTool({
+  name: "delete_app",
+  description: "Delete App",
+  inputShape: {
+    workspace_id: z9.string().uuid(),
+    app_id: z9.string()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, app_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps/${encodeURIComponent(String(app_id))}`, { method: "DELETE" });
+  }
+});
+var listApps2 = defineTool({
+  name: "list_apps",
+  description: "List Apps",
+  inputShape: {
+    workspace_id: z9.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: "GET" });
+  }
+});
+var generatedAppsTools = [
+  createApp,
+  deleteApp,
+  listApps2
+];
+// src/tools/generated/billing.ts
+import { z as z10 } from "zod";
+var billingCheckout = defineTool({
+  name: "billing_checkout",
+  description: "Checkout",
+  inputShape: {
+    workspace_id: z10.string().uuid(),
+    plan: z10.enum(["free", "pro", "enterprise"])
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/checkout`, { method: "POST", body: __body });
+  }
+});
+var billingGetState = defineTool({
+  name: "billing_get_state",
+  description: "Get State",
+  inputShape: {
+    workspace_id: z10.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing`, { method: "GET" });
+  }
+});
+var billingPortal = defineTool({
+  name: "billing_portal",
+  description: "Portal",
+  inputShape: {
+    workspace_id: z10.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/portal`, { method: "POST" });
+  }
+});
+var updateSpendingCap = defineTool({
+  name: "update_spending_cap",
+  description: "Update Spending Cap",
+  inputShape: {
+    workspace_id: z10.string().uuid(),
+    cents: z10.number().int().min(0).nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/spending-cap`, { method: "PATCH", body: __body });
+  }
+});
+var generatedBillingTools = [
+  billingCheckout,
+  billingGetState,
+  billingPortal,
+  updateSpendingCap
+];
+// src/tools/generated/branding.ts
+import { z as z11 } from "zod";
+var deleteLogo = defineTool({
+  name: "delete_logo",
+  description: "Delete Logo",
+  inputShape: {
+    workspace_id: z11.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding/logo`, { method: "DELETE" });
+  }
+});
+var getBranding2 = defineTool({
+  name: "get_branding",
+  description: "Get Branding",
+  inputShape: {
+    workspace_id: z11.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: "GET" });
+  }
+});
+var updateBranding2 = defineTool({
+  name: "update_branding",
+  description: "Update Branding",
+  inputShape: {
+    workspace_id: z11.string().uuid(),
+    primary_color: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    background_color: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    warn_color: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    font_color: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    primary_color_dark: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    background_color_dark: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    warn_color_dark: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    font_color_dark: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    hide_login_name_suffix: z11.boolean().nullable().optional(),
+    disable_watermark: z11.boolean().nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: "PATCH", body: __body });
+  }
+});
+var generatedBrandingTools = [
+  deleteLogo,
+  getBranding2,
+  updateBranding2
+];
+// src/tools/generated/idps.ts
+import { z as z12 } from "zod";
+var createIdp = defineTool({
+  name: "create_idp",
+  description: "Create Idp",
+  inputShape: {
+    workspace_id: z12.string().uuid(),
+    type: z12.enum(["google", "github", "microsoft", "oidc"]),
+    name: z12.string().min(1).max(200),
+    client_id: z12.string().min(1),
+    client_secret: z12.string().min(1),
+    issuer: z12.string().url().min(1).max(2083).nullable().optional(),
+    tenant_id: z12.string().nullable().optional(),
+    scopes: z12.array(z12.string()).nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: "POST", body: __body });
+  }
+});
+var deleteIdp2 = defineTool({
+  name: "delete_idp",
+  description: "Delete Idp",
+  inputShape: {
+    workspace_id: z12.string().uuid(),
+    idp_id: z12.string()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, idp_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps/${encodeURIComponent(String(idp_id))}`, { method: "DELETE" });
+  }
+});
+var listIdps2 = defineTool({
+  name: "list_idps",
+  description: "List Idps",
+  inputShape: {
+    workspace_id: z12.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: "GET" });
+  }
+});
+var generatedIdpsTools = [
+  createIdp,
+  deleteIdp2,
+  listIdps2
+];
+// src/tools/generated/login-policy.ts
+import { z as z13 } from "zod";
+var getLoginPolicy2 = defineTool({
+  name: "get_login_policy",
+  description: "Get Login Policy",
+  inputShape: {
+    workspace_id: z13.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: "GET" });
+  }
+});
+var updateLoginPolicy2 = defineTool({
+  name: "update_login_policy",
+  description: "Update Login Policy",
+  inputShape: {
+    workspace_id: z13.string().uuid(),
+    allow_username_password: z13.boolean().nullable().optional(),
+    allow_register: z13.boolean().nullable().optional(),
+    allow_external_idp: z13.boolean().nullable().optional(),
+    force_mfa: z13.boolean().nullable().optional(),
+    passwordless_allowed: z13.boolean().nullable().optional(),
+    second_factors: z13.array(z13.enum(["otp", "u2f", "otp_email", "otp_sms"])).nullable().optional(),
+    multi_factors: z13.array(z13.enum(["u2f_verified"])).nullable().optional(),
+    hide_password_reset: z13.boolean().nullable().optional(),
+    ignore_unknown_usernames: z13.boolean().nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: "PATCH", body: __body });
+  }
+});
+var generatedLoginPolicyTools = [
+  getLoginPolicy2,
+  updateLoginPolicy2
+];
+// src/tools/generated/smtp.ts
+import { z as z14 } from "zod";
+var getSmtp = defineTool({
+  name: "get_smtp",
+  description: "Get Smtp",
+  inputShape: {
+    workspace_id: z14.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: "GET" });
+  }
+});
+var revertToPlatformDefault = defineTool({
+  name: "revert_to_platform_default",
+  description: "Revert To Platform Default",
+  inputShape: {
+    workspace_id: z14.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: "DELETE" });
+  }
+});
+var setCustomSmtp = defineTool({
+  name: "set_custom_smtp",
+  description: "Set Custom Smtp",
+  inputShape: {
+    workspace_id: z14.string().uuid(),
+    host: z14.string().min(1),
+    port: z14.number().int().min(1).max(65535),
+    tls: z14.boolean().default(true),
+    sender_address: z14.string().min(3).describe("Address that appears in the From header."),
+    sender_name: z14.string().min(1).max(200),
+    user: z14.string().min(1).describe("SMTP auth username."),
+    password: z14.string().min(1).describe("SMTP auth password / API key."),
+    reply_to_address: z14.string().describe("Optional Reply-To header.").default("")
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: "PUT", body: __body });
+  }
+});
+var generatedSmtpTools = [
+  getSmtp,
+  revertToPlatformDefault,
+  setCustomSmtp
+];
+// src/tools/generated/users.ts
+import { z as z15 } from "zod";
+var deleteUser2 = defineTool({
+  name: "delete_user",
+  description: "Delete User",
+  inputShape: {
+    workspace_id: z15.string().uuid(),
+    user_id: z15.string()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, user_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/${encodeURIComponent(String(user_id))}`, { method: "DELETE" });
+  }
+});
+var inviteUser2 = defineTool({
+  name: "invite_user",
+  description: "Invite User",
+  inputShape: {
+    workspace_id: z15.string().uuid(),
+    email: z15.string().max(320).regex(/^[^\s@]+@[^\s@]+\.[^\s@]+$/),
+    first_name: z15.string().min(1).max(100),
+    last_name: z15.string().min(1).max(100),
+    user_name: z15.string().nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/invite`, { method: "POST", body: __body });
+  }
+});
+var listUsers2 = defineTool({
+  name: "list_users",
+  description: "List Users",
+  inputShape: {
+    workspace_id: z15.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users`, { method: "GET" });
+  }
+});
+var generatedUsersTools = [
+  deleteUser2,
+  inviteUser2,
+  listUsers2
+];
+// src/tools/generated/workspaces.ts
+import { z as z16 } from "zod";
+var createWorkspace2 = defineTool({
+  name: "create_workspace",
+  description: "Create Workspace",
+  inputShape: {
+    slug: z16.string().min(3).max(63).regex(/^[a-z][a-z0-9-]*[a-z0-9]$/).describe("URL-safe lowercase slug. Becomes part of auth.<slug>.prysmid.com."),
+    display_name: z16.string().min(1).max(255),
+    plan: z16.enum(["free", "pro", "enterprise"]).optional()
+  },
+  handler: async (input, { client }) => {
+    return client.request(`/v1/workspaces`, { method: "POST", body: input });
+  }
+});
+var deleteWorkspace = defineTool({
+  name: "delete_workspace",
+  description: "Delete Workspace",
+  inputShape: {
+    workspace_id: z16.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: "DELETE" });
+  }
+});
+var getWorkspace2 = defineTool({
+  name: "get_workspace",
+  description: "Get Workspace",
+  inputShape: {
+    workspace_id: z16.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: "GET" });
+  }
+});
+var listWorkspaces2 = defineTool({
+  name: "list_workspaces",
+  description: "List Workspaces",
+  inputShape: {},
+  handler: async (_input, { client }) => {
+    return client.request(`/v1/workspaces`, { method: "GET" });
+  }
+});
+var retryProvisioning = defineTool({
+  name: "retry_provisioning",
+  description: "Retry Provisioning",
+  inputShape: {
+    workspace_id: z16.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/retry-provisioning`, { method: "POST" });
+  }
+});
+var updateWorkspace = defineTool({
+  name: "update_workspace",
+  description: "Update Workspace",
+  inputShape: {
+    workspace_id: z16.string().uuid(),
+    display_name: z16.string().min(1).max(255).nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: "PATCH", body: __body });
+  }
+});
+var generatedWorkspacesTools = [
+  createWorkspace2,
+  deleteWorkspace,
+  getWorkspace2,
+  listWorkspaces2,
+  retryProvisioning,
+  updateWorkspace
+];
+// src/tools/generated/index.ts
+var generatedTools = [
+  ...generatedAppsTools,
+  ...generatedBillingTools,
+  ...generatedBrandingTools,
+  ...generatedIdpsTools,
+  ...generatedLoginPolicyTools,
+  ...generatedSmtpTools,
+  ...generatedUsersTools,
+  ...generatedWorkspacesTools
+];
 // src/index.ts
 import { readFileSync } from "fs";
 import { fileURLToPath } from "url";
@@ -593,15 +1016,18 @@ function readVersion() {
     return "0.0.0";
   }
 }
-async function main() {
-  const cfg = loadConfig();
-  const log = makeLogger(cfg);
-  const client = new PrysmidClient(cfg, log);
-  const server = new McpServer({
-    name: SERVER_NAME,
-    version: readVersion()
-  });
-  const allTools = [
+var GENERATED_ALIASES = {
+  // generated name → handwritten that already covers it
+  create_idp: "add_idp",
+  create_app: "create_oidc_app",
+  delete_app: "delete_oidc_app",
+  update_spending_cap: "set_spending_cap",
+  billing_checkout: "start_billing_checkout",
+  billing_portal: "start_billing_portal",
+  billing_get_state: "get_billing"
+};
+function composeToolset() {
+  const handwrittenAndCurated = [
     ...tools8,
     ...tools,
     ...tools5,
@@ -610,7 +1036,26 @@ async function main() {
     ...tools3,
     ...tools2,
     ...tools4
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
   ];
+  const handwrittenNames = new Set(handwrittenAndCurated.map((t) => t.name));
+  const filteredGenerated = generatedTools.filter((t) => {
+    if (handwrittenNames.has(t.name)) return false;
+    const alias = GENERATED_ALIASES[t.name];
+    if (alias && handwrittenNames.has(alias)) return false;
+    return true;
+  });
+  return [...handwrittenAndCurated, ...filteredGenerated];
+}
+async function main() {
+  const cfg = loadConfig();
+  const log = makeLogger(cfg);
+  const client = new PrysmidClient(cfg, log);
+  const server = new McpServer({
+    name: SERVER_NAME,
+    version: readVersion()
+  });
+  const allTools = composeToolset();
   registerAll(server, { client, log }, allTools);
   log.info(`prysmid-mcp starting`, {
     apiBase: cfg.apiBase,
@@ -620,12 +1065,15 @@ async function main() {
   const transport = new StdioServerTransport();
   await server.connect(transport);
 }
-main().catch((err) => {
-  process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}
+if (!process.env.VITEST) {
+  main().catch((err) => {
+    process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}
 `);
-  process.exit(1);
-});
+    process.exit(1);
+  });
+}
 export {
+  composeToolset,
   main
 };
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/client.ts","../src/config.ts","../src/logger.ts","../src/tools/registry.ts","../src/tools/apps.ts","../src/tools/billing.ts","../src/tools/branding.ts","../src/tools/curated.ts","../src/tools/idps.ts","../src/tools/login_policy.ts","../src/tools/users.ts","../src/tools/workspaces.ts"],"sourcesContent":["/*\n Entrypoint — boots an MCP server over stdio with the full Prysmid tool set.\n \n MCP transport contract:\n * - JSON-RPC over stdin/stdout\n * - stdout is RESERVED for protocol bytes; logs go to stderr (see logger.ts)\n * - one process == one client; the agent spawns a fresh server per session\n /\nimport { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { PrysmidClient } from \"./client.js\";\nimport { loadConfig } from \"./config.js\";\nimport { makeLogger } from \"./logger.js\";\nimport { registerAll } from \"./tools/registry.js\";\nimport { tools as appsTools } from \"./tools/apps.js\";\nimport { tools as billingTools } from \"./tools/billing.js\";\nimport { tools as brandingTools } from \"./tools/branding.js\";\nimport { tools as curatedTools } from \"./tools/curated.js\";\nimport { tools as idpsTools } from \"./tools/idps.js\";\nimport { tools as loginPolicyTools } from \"./tools/login_policy.js\";\nimport { tools as usersTools } from \"./tools/users.js\";\nimport { tools as workspaceTools } from \"./tools/workspaces.js\";\n\nimport { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, resolve } from \"node:path\";\n\nconst SERVER_NAME = \"prysmid\";\n\nfunction readVersion(): string {\n try {\n const here = dirname(fileURLToPath(import.meta.url));\n const pkg = JSON.parse(\n readFileSync(resolve(here, \"..\", \"package.json\"), \"utf8\"),\n );\n return typeof pkg.version === \"string\" ? pkg.version : \"0.0.0\";\n } catch {\n return \"0.0.0\";\n }\n}\n\nexport async function main(): Promise<void> {\n const cfg = loadConfig();\n const log = makeLogger(cfg);\n const client = new PrysmidClient(cfg, log);\n\n const server = new McpServer({\n name: SERVER_NAME,\n version: readVersion(),\n });\n\n const allTools = [\n ...workspaceTools,\n ...appsTools,\n ...idpsTools,\n ...loginPolicyTools,\n ...usersTools,\n ...brandingTools,\n ...billingTools,\n ...curatedTools,\n ];\n\n registerAll(server, { client, log }, allTools);\n\n log.info(`prysmid-mcp starting`, {\n apiBase: cfg.apiBase,\n tools: allTools.length,\n authMode: cfg.apiToken ? \"bearer\" : \"none\",\n });\n\n const transport = new StdioServerTransport();\n await server.connect(transport);\n}\n\n// This module is only ever invoked as the package bin (MCP servers run as a\n// process per session). Cross-platform `import.meta.url === file://<argv[1]>`\n// is fragile (Windows backslash vs forward slash; symlinked paths) so we\n// just always boot.\nmain().catch((err) => {\n process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}\\n`);\n process.exit(1);\n});\n","/\n Prysmid API client — thin fetch wrapper that adds auth + maps errors.\n \n Auth model (MVP): static bearer via `PRYSMID_API_TOKEN`. Device-flow OAuth\n * lives in `auth.ts` and produces a token compatible with this client.\n /\nimport type { Config } from \"./config.js\";\nimport type { Logger } from \"./logger.js\";\n\nexport class PrysmidApiError extends Error {\n constructor(\n message: string,\n public readonly status: number,\n public readonly body: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"PrysmidApiError\";\n }\n}\n\nexport interface RequestOptions {\n method?: \"GET\" \| \"POST\" \| \"PUT\" \| \"PATCH\" \| \"DELETE\";\n body?: unknown;\n query?: Record<string, string \| number \| boolean \| undefined>;\n}\n\nexport class PrysmidClient {\n constructor(\n private readonly cfg: Config,\n private readonly log: Logger,\n ) {}\n\n async request<T = unknown>(path: string, opts: RequestOptions = {}): Promise<T> {\n if (!this.cfg.apiToken) {\n throw new PrysmidApiError(\n \"No PRYSMID_API_TOKEN configured. Set the env var or run device-flow login.\",\n 401,\n \"\",\n \"auth.no_token\",\n );\n }\n\n const url = new URL(this.cfg.apiBase + path);\n if (opts.query) {\n for (const [k, v] of Object.entries(opts.query)) {\n if (v !== undefined) url.searchParams.set(k, String(v));\n }\n }\n\n const method = opts.method ?? \"GET\";\n const headers: Record<string, string> = {\n Authorization: `Bearer ${this.cfg.apiToken}`,\n Accept: \"application/json\",\n };\n if (opts.body !== undefined) headers[\"Content-Type\"] = \"application/json\";\n\n this.log.debug(`HTTP ${method} ${url.pathname}`);\n const res = await fetch(url, {\n method,\n headers,\n body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n });\n\n const text = await res.text();\n if (!res.ok) {\n let code: string \| undefined;\n try {\n const parsed = JSON.parse(text);\n code = typeof parsed?.error === \"string\" ? parsed.error : parsed?.code;\n } catch {\n // body wasn't JSON\n }\n throw new PrysmidApiError(\n `Prysmid API ${res.status} on ${method} ${path}`,\n res.status,\n text,\n code,\n );\n }\n\n if (text === \"\") return undefined as T;\n try {\n return JSON.parse(text) as T;\n } catch {\n return text as unknown as T;\n }\n }\n}\n","/\n Runtime configuration. Pulled from env at startup; immutable thereafter.\n \n The MCP runs as a long-lived stdio process — env reads happen once.\n /\n\nexport interface Config {\n apiBase: string;\n apiToken: string \| null;\n logLevel: \"debug\" \| \"info\" \| \"warn\" \| \"error\";\n}\n\nconst DEFAULT_API_BASE = \"https://api.prysmid.com\";\n\nexport function loadConfig(env: NodeJS.ProcessEnv = process.env): Config {\n const apiBase = (env.PRYSMID_API_BASE ?? DEFAULT_API_BASE).replace(/\\/+$/, \"\");\n const apiToken = env.PRYSMID_API_TOKEN?.trim() \|\| null;\n const rawLevel = (env.PRYSMID_MCP_LOG_LEVEL ?? \"info\").toLowerCase();\n const logLevel: Config[\"logLevel\"] =\n rawLevel === \"debug\" \|\| rawLevel === \"warn\" \|\| rawLevel === \"error\"\n ? rawLevel\n : \"info\";\n return { apiBase, apiToken, logLevel };\n}\n","/\n stderr-only logger. MCP servers MUST NOT write to stdout — that channel\n * is reserved for the JSON-RPC protocol; any stray byte breaks the agent.\n /\nimport type { Config } from \"./config.js\";\n\nconst ORDER = { debug: 10, info: 20, warn: 30, error: 40 } as const;\n\nexport interface Logger {\n debug: (msg: string, extra?: unknown) => void;\n info: (msg: string, extra?: unknown) => void;\n warn: (msg: string, extra?: unknown) => void;\n error: (msg: string, extra?: unknown) => void;\n}\n\nexport function makeLogger(cfg: Pick<Config, \"logLevel\">): Logger {\n const threshold = ORDER[cfg.logLevel];\n\n function emit(level: keyof typeof ORDER, msg: string, extra?: unknown) {\n if (ORDER[level] < threshold) return;\n const ts = new Date().toISOString();\n const payload = extra === undefined ? \"\" : ` ${safeJSON(extra)}`;\n process.stderr.write(`${ts} ${level.toUpperCase()} ${msg}${payload}\\n`);\n }\n\n return {\n debug: (m, e) => emit(\"debug\", m, e),\n info: (m, e) => emit(\"info\", m, e),\n warn: (m, e) => emit(\"warn\", m, e),\n error: (m, e) => emit(\"error\", m, e),\n };\n}\n\nfunction safeJSON(x: unknown): string {\n try {\n return JSON.stringify(x);\n } catch {\n return String(x);\n }\n}\n","/\n Tool registry — single place where every MCP tool lives. Each tool exports\n * its input schema (Zod) + handler; `registerAll` wires them into the SDK.\n \n Two flavors of tools coexist:\n * - generated: 1:1 with REST endpoints, produced by `scripts/generate-tools.ts`\n * (lives under `tools/generated/` once the script runs)\n - curated: high-level orchestrators a human/agent actually wants to call,\n * e.g. `setup_prysmid_workspace(company_name)` that combines several\n * endpoints. These live under `tools/curated/`.\n \n * Both share the same `Tool` shape so the registry is uniform.\n /\nimport type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { z } from \"zod\";\n\nimport type { PrysmidClient } from \"../client.js\";\nimport type { Logger } from \"../logger.js\";\n\nexport interface ToolContext {\n client: PrysmidClient;\n log: Logger;\n}\n\nexport interface ToolDef<I extends z.ZodRawShape> {\n name: string;\n description: string;\n inputShape: I;\n /\n Handler returns plain JSON-able output. The SDK serializes it into\n * MCP `content` blocks; we wrap to text by default (most MCP UIs render it\n * better than structured content).\n /\n handler: (\n input: z.infer<z.ZodObject<I>>,\n ctx: ToolContext,\n ) => Promise<unknown>;\n}\n\nexport function defineTool<I extends z.ZodRawShape>(t: ToolDef<I>): ToolDef<I> {\n return t;\n}\n\n// `ToolDef<any>` here intentionally — the array is heterogeneous (each tool\n// has its own input shape) and the SDK's registerTool only cares about the\n// runtime Zod object, not compile-time type inference. Without `any` there's\n// no single ZodRawShape that satisfies every entry simultaneously.\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function registerAll(\n server: McpServer,\n ctx: ToolContext,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n tools: ReadonlyArray<ToolDef<any>>,\n): void {\n for (const tool of tools) {\n server.registerTool(\n tool.name,\n {\n description: tool.description,\n inputSchema: tool.inputShape,\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async (input: any) => {\n try {\n const result = await tool.handler(input, ctx);\n return {\n content: [\n {\n type: \"text\" as const,\n text:\n typeof result === \"string\"\n ? result\n : JSON.stringify(result, null, 2),\n },\n ],\n };\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n ctx.log.error(`tool ${tool.name} failed`, { message });\n return {\n isError: true,\n content: [\n { type: \"text\" as const, text: `error: ${message}` },\n ],\n };\n }\n },\n );\n }\n}\n","/\n OIDC application tools — list, create, delete on a workspace's apps.\n * Apps are the integration unit: each one represents one downstream service\n * (web app, mobile app, CLI) that authenticates via Prysmid.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List all OIDC apps in a workspace.\",\n inputShape: {\n workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/apps`),\n});\n\nexport const createOidcApp = defineTool({\n name: \"create_oidc_app\",\n description:\n \"Create an OIDC application in a workspace. Returns client_id (and client_secret if confidential). Use auth_method=NONE for SPA/PKCE; use BASIC for confidential web apps.\",\n inputShape: {\n workspace: z.string().min(1),\n name: z.string().min(1).max(255),\n redirect_uris: z.array(z.string().url()).min(1),\n post_logout_redirect_uris: z.array(z.string().url()).optional(),\n app_type: z\n .enum([\n \"OIDC_APP_TYPE_WEB\",\n \"OIDC_APP_TYPE_USER_AGENT\",\n \"OIDC_APP_TYPE_NATIVE\",\n ])\n .default(\"OIDC_APP_TYPE_WEB\"),\n auth_method: z\n .enum([\n \"OIDC_AUTH_METHOD_TYPE_NONE\",\n \"OIDC_AUTH_METHOD_TYPE_BASIC\",\n \"OIDC_AUTH_METHOD_TYPE_POST\",\n ])\n .default(\"OIDC_AUTH_METHOD_TYPE_NONE\"),\n dev_mode: z\n .boolean()\n .default(false)\n .describe(\n \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteOidcApp = defineTool({\n name: \"delete_oidc_app\",\n description: \"Delete an OIDC app. Idempotent — 404 returns success.\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n },\n handler: async ({ workspace, app_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listApps, createOidcApp, deleteOidcApp] as const;\n","/\n Billing tools — read state, manage spending cap, generate Stripe portal URL.\n * Checkout/upgrade flow returns a Stripe-hosted URL; the agent surfaces it to\n * the user for them to navigate (we don't process payment data here).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBilling = defineTool({\n name: \"get_billing\",\n description:\n \"Get current billing state: plan, subscription status, current period, spending_cap_cents, signups_blocked.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing`,\n ),\n});\n\nexport const setSpendingCap = defineTool({\n name: \"set_spending_cap\",\n description:\n \"Cap monthly Pro overage spend (cents). Pass null to remove cap (unlimited). When projected overage exceeds cap, signups_blocked flips on.\",\n inputShape: {\n workspace: z.string().min(1),\n spending_cap_cents: z\n .number()\n .int()\n .min(0)\n .max(10_000_000)\n .nullable()\n .describe(\"Max overage cents per period; null = unlimited\"),\n },\n handler: async ({ workspace, spending_cap_cents }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/spending-cap`,\n { method: \"PATCH\", body: { spending_cap_cents } },\n ),\n});\n\nexport const startCheckout = defineTool({\n name: \"start_billing_checkout\",\n description:\n \"Create a Stripe Checkout session for upgrading. Returns the URL the user must visit. Plan must be `pro` (Free has no checkout; Enterprise is sales-only).\",\n inputShape: {\n workspace: z.string().min(1),\n plan: z.enum([\"pro\"]),\n },\n handler: async ({ workspace, plan }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/checkout`,\n { method: \"POST\", body: { plan } },\n ),\n});\n\nexport const startBillingPortal = defineTool({\n name: \"start_billing_portal\",\n description:\n \"Create a Stripe customer-portal session URL where the user manages payment methods, downloads invoices, cancels subscription.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/portal`,\n { method: \"POST\" },\n ),\n});\n\nexport const tools = [\n getBilling,\n setSpendingCap,\n startCheckout,\n startBillingPortal,\n] as const;\n","/\n Branding tools — colors, fonts, logo for the login page. Logo upload is\n * out of MCP scope (multipart binary uploads don't fit MCP tool semantics\n * cleanly); use the dashboard or API directly for that.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description:\n \"Return the workspace's active branding policy (colors, fonts, hide-prysmid-watermark flag, logo URLs).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n ),\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description:\n \"Update branding colors and watermark. Hex colors as `#RRGGBB`. Activates the policy after update — change shows on next login screen render.\",\n inputShape: {\n workspace: z.string().min(1),\n primary_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n background_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n warn_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n font_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n disable_watermark: z\n .boolean()\n .optional()\n .describe(\n \"Hide 'Powered by Prysmid' on the login screen (Pro+ only — Free silently ignored).\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getBranding, updateBranding] as const;\n","/\n Curated high-level tools — the ones agents would naturally reach for to\n * accomplish a goal in one call, instead of orchestrating 4 raw endpoints.\n \n Keep these small: each represents one end-user intent (\"set up a workspace\n * with Google login\"). Branch logic and prompts stay on the agent side; this\n * file only owns the API choreography.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst SetupWorkspaceOutput = z.object({\n workspace_id: z.string(),\n slug: z.string(),\n auth_domain: z.string(),\n state: z.string(),\n});\n\nexport const setupPrysmidWorkspace = defineTool({\n name: \"setup_prysmid_workspace\",\n description:\n \"Create a new workspace and wait until it's fully provisioned (Zitadel instance, SMTP, DNS). Returns the live auth_domain ready to integrate.\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/),\n display_name: z.string().min(1),\n timeout_seconds: z\n .number()\n .int()\n .min(10)\n .max(300)\n .default(120)\n .describe(\"Max time to wait for provisioning before returning.\"),\n },\n handler: async (\n { slug, display_name, timeout_seconds },\n { client, log },\n ) => {\n const created = (await client.request(\"/v1/workspaces\", {\n method: \"POST\",\n body: { slug, display_name },\n })) as { id: string; slug: string; state: string; auth_domain?: string };\n\n const deadline = Date.now() + timeout_seconds 1000;\n while (Date.now() < deadline) {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(created.id)}`,\n )) as {\n id: string;\n slug: string;\n state: string;\n auth_domain?: string;\n provisioning_error?: string;\n };\n if (ws.state === \"active\") {\n return SetupWorkspaceOutput.parse({\n workspace_id: ws.id,\n slug: ws.slug,\n auth_domain: ws.auth_domain ?? `auth.${ws.slug}.prysmid.com`,\n state: ws.state,\n });\n }\n if (ws.state === \"provisioning_failed\") {\n throw new Error(\n `Workspace provisioning failed: ${ws.provisioning_error ?? \"unknown reason\"}`,\n );\n }\n log.debug(`workspace ${created.id} state=${ws.state}, polling…`);\n await sleep(3000);\n }\n throw new Error(\n `Workspace did not reach state=active within ${timeout_seconds}s`,\n );\n },\n});\n\nfunction sleep(ms: number) {\n return new Promise((r) => setTimeout(r, ms));\n}\n\nexport const enableGoogleLogin = defineTool({\n name: \"enable_google_login\",\n description:\n \"Add Google as an identity provider on a workspace and enable external IdPs in the login policy. Hands you a checklist if external IdPs were already disabled — agent should confirm before flipping that flag.\",\n inputShape: {\n workspace: z.string().min(1),\n google_client_id: z.string().min(1),\n google_client_secret: z.string().min(1),\n name: z.string().default(\"Google\"),\n },\n handler: async (\n { workspace, google_client_id, google_client_secret, name },\n { client },\n ) => {\n const idp = await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n {\n method: \"POST\",\n body: {\n provider: \"google\",\n name,\n config: {\n client_id: google_client_id,\n client_secret: google_client_secret,\n },\n },\n },\n );\n\n // Force-enable external IdP toggle in case the workspace had it off.\n await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body: { allow_external_idp: true } },\n );\n\n return { idp, login_policy: \"allow_external_idp=true\" };\n },\n});\n\ninterface SetupCheckItem {\n ok: boolean;\n name: string;\n details?: string;\n}\n\nexport const prysmidSetupCheck = defineTool({\n name: \"prysmid_setup_check\",\n description:\n \"Run a readiness checklist on a workspace: state=active, ≥1 OIDC app, ≥1 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable. Returns pass/fail per item plus a summary verdict.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) => {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}`,\n )) as { state: string; auth_domain?: string };\n const apps = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n )) as unknown[];\n const idps = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n )) as unknown[];\n const policy = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n )) as {\n allow_username_password?: boolean;\n allow_register?: boolean;\n allow_external_idp?: boolean;\n force_mfa?: boolean;\n };\n const branding = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n )) as { primary_color?: string };\n\n const checks: SetupCheckItem[] = [\n {\n ok: ws.state === \"active\",\n name: \"workspace_active\",\n details: `state=${ws.state}`,\n },\n {\n ok: apps.length > 0,\n name: \"has_at_least_one_app\",\n details: `${apps.length} apps`,\n },\n {\n ok:\n idps.length > 0 \|\|\n (policy.allow_username_password === true &&\n policy.allow_register === true),\n name: \"users_can_sign_in\",\n details:\n idps.length > 0\n ? `${idps.length} idps`\n : \"no idps; must allow username+password+register\",\n },\n {\n ok: !!branding.primary_color,\n name: \"branding_primary_color_set\",\n },\n {\n ok: policy.force_mfa === true \|\| idps.length > 0,\n name: \"auth_strength_reasonable\",\n details: policy.force_mfa\n ? \"force_mfa=true\"\n : \"MFA off but external IdP present\",\n },\n ];\n const verdict = checks.every((c) => c.ok) ? \"ready\" : \"incomplete\";\n return { verdict, checks };\n },\n});\n\nexport const tools = [\n setupPrysmidWorkspace,\n enableGoogleLogin,\n prysmidSetupCheck,\n] as const;\n","/*\n Identity provider tools — Google, GitHub, Microsoft, generic OIDC.\n * Each create_* operation atomically: creates the IdP config AND adds it to\n * the login policy so it appears on the login screen. The Prysmid API\n * encapsulates that two-step lifecycle behind a single endpoint.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description:\n \"List identity providers (Google/GitHub/Microsoft/OIDC) configured on a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/idps`),\n});\n\nexport const addIdp = defineTool({\n name: \"add_idp\",\n description:\n \"Add an identity provider to the workspace and attach it to the login policy in one atomic call. Provider-specific fields go in `config`.\",\n inputShape: {\n workspace: z.string().min(1),\n provider: z.enum([\"google\", \"github\", \"azure_ad\", \"oidc\"]),\n name: z.string().min(1).describe(\"Display name shown on login screen\"),\n config: z\n .object({\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n scopes: z.array(z.string()).optional(),\n issuer: z\n .string()\n .url()\n .optional()\n .describe(\"Required for `oidc`; ignored otherwise\"),\n tenant_id: z\n .string()\n .optional()\n .describe(\n \"Required for `azure_ad` to lock to a specific Microsoft tenant\",\n ),\n })\n .describe(\"Provider-specific OAuth config\"),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description:\n \"Remove an identity provider. Strips it from the login policy then deletes the config. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listIdps, addIdp, deleteIdp] as const;\n","/\n Login policy tools — control which authentication methods are allowed,\n * MFA enforcement, lockout thresholds. Patches are merge semantics on the\n * server side; only fields you set are changed.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description:\n \"Return the workspace's current login policy (password rules, MFA, IdPs allowed, lockout, etc.).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n ),\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description:\n \"Update the login policy. PATCH semantics — only fields you pass are changed; other policy fields stay as they were.\",\n inputShape: {\n workspace: z.string().min(1),\n allow_username_password: z.boolean().optional(),\n allow_register: z.boolean().optional(),\n allow_external_idp: z.boolean().optional(),\n force_mfa: z\n .boolean()\n .optional()\n .describe(\"Require any second factor at login\"),\n passwordless_type: z\n .enum([\n \"PASSWORDLESS_TYPE_NOT_ALLOWED\",\n \"PASSWORDLESS_TYPE_ALLOWED\",\n ])\n .optional()\n .describe(\"Enables passkey-first when set to ALLOWED\"),\n max_password_attempts: z.number().int().min(0).max(20).optional(),\n lockout_password_attempts: z.number().int().min(0).max(20).optional(),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getLoginPolicy, updateLoginPolicy] as const;\n","/\n User tools — list, invite (sends Zitadel init email), delete.\n * Invite is the primary creation path; users set their own password via the\n * email link. Direct user creation with pre-set credentials is intentionally\n * not exposed here.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List human users in a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n limit: z.number().int().min(1).max(500).default(100),\n },\n handler: async ({ workspace, limit }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users`,\n { query: { limit } },\n ),\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description:\n \"Invite a user by email. Idempotent by email — re-inviting an existing user is a no-op. Triggers a Zitadel init email with a 'set your password' link.\",\n inputShape: {\n workspace: z.string().min(1),\n email: z\n .string()\n .regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/, \"must be a valid email\"),\n first_name: z.string().min(1),\n last_name: z.string().min(1),\n preferred_language: z\n .string()\n .length(2)\n .default(\"en\")\n .describe(\"ISO 639-1, e.g. en/es/pt\"),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/invite`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete a user by id. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n user_id: z.string().min(1),\n },\n handler: async ({ workspace, user_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/${encodeURIComponent(user_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listUsers, inviteUser, deleteUser] as const;\n","/\n Hand-written workspace tools. These are the ones agents reach for first;\n * the rest of the surface is auto-generated from OpenAPI in a later pass.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description:\n \"List Prysmid workspaces accessible to the current API token. Returns an array of {id, slug, display_name, plan, state}.\",\n inputShape: {},\n handler: async (_input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"GET\" }),\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get a single workspace by slug or id.\",\n inputShape: {\n workspace: z\n .string()\n .min(1)\n .describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}`),\n});\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description:\n \"Create a new Prysmid workspace. Provisioning runs in the background; the response returns immediately with state=provisioning. Poll `get_workspace` until state=active (~30s).\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/, \"lowercase alphanumeric and hyphens only\")\n .describe(\"Subdomain-safe slug — becomes auth.<slug>.prysmid.com\"),\n display_name: z.string().min(1).max(255),\n },\n handler: async (input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"POST\", body: input }),\n});\n\nexport const tools = [listWorkspaces, getWorkspace, createWorkspace] as const;\n"],"mappings":";;;AAQA,SAAS,iBAAiB;AAC1B,SAAS,4BAA4B;;;ACA9B,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EANkB;AAAA,EACA;AAAA,EACA;AAKpB;AAQO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YACmB,KACA,KACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAqB,MAAc,OAAuB,CAAC,GAAe;AAC9E,QAAI,CAAC,KAAK,IAAI,UAAU;AACtB,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,KAAK,IAAI,UAAU,IAAI;AAC3C,QAAI,KAAK,OAAO;AACd,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,KAAK,GAAG;AAC/C,YAAI,MAAM,OAAW,KAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,MACxD;AAAA,IACF;AAEA,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAkC;AAAA,MACtC,eAAe,UAAU,KAAK,IAAI,QAAQ;AAAA,MAC1C,QAAQ;AAAA,IACV;AACA,QAAI,KAAK,SAAS,OAAW,SAAQ,cAAc,IAAI;AAEvD,SAAK,IAAI,MAAM,QAAQ,MAAM,IAAI,IAAI,QAAQ,EAAE;AAC/C,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,IAC9D,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,UAAI;AACJ,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,eAAO,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ,QAAQ;AAAA,MACpE,QAAQ;AAAA,MAER;AACA,YAAM,IAAI;AAAA,QACR,eAAe,IAAI,MAAM,OAAO,MAAM,IAAI,IAAI;AAAA,QAC9C,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS,GAAI,QAAO;AACxB,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;AC5EA,IAAM,mBAAmB;AAElB,SAAS,WAAW,MAAyB,QAAQ,KAAa;AACvE,QAAM,WAAW,IAAI,oBAAoB,kBAAkB,QAAQ,QAAQ,EAAE;AAC7E,QAAM,WAAW,IAAI,mBAAmB,KAAK,KAAK;AAClD,QAAM,YAAY,IAAI,yBAAyB,QAAQ,YAAY;AACnE,QAAM,WACJ,aAAa,WAAW,aAAa,UAAU,aAAa,UACxD,WACA;AACN,SAAO,EAAE,SAAS,UAAU,SAAS;AACvC;;;ACjBA,IAAM,QAAQ,EAAE,OAAO,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,GAAG;AASlD,SAAS,WAAW,KAAuC;AAChE,QAAM,YAAY,MAAM,IAAI,QAAQ;AAEpC,WAAS,KAAK,OAA2B,KAAa,OAAiB;AACrE,QAAI,MAAM,KAAK,IAAI,UAAW;AAC9B,UAAM,MAAK,oBAAI,KAAK,GAAE,YAAY;AAClC,UAAM,UAAU,UAAU,SAAY,KAAK,IAAI,SAAS,KAAK,CAAC;AAC9D,YAAQ,OAAO,MAAM,GAAG,EAAE,IAAI,MAAM,YAAY,CAAC,IAAI,GAAG,GAAG,OAAO;AAAA,CAAI;AAAA,EACxE;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,IACnC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,EACrC;AACF;AAEA,SAAS,SAAS,GAAoB;AACpC,MAAI;AACF,WAAO,KAAK,UAAU,CAAC;AAAA,EACzB,QAAQ;AACN,WAAO,OAAO,CAAC;AAAA,EACjB;AACF;;;ACAO,SAAS,WAAoC,GAA2B;AAC7E,SAAO;AACT;AAOO,SAAS,YACd,QACA,KAEAA,QACM;AACN,aAAW,QAAQA,QAAO;AACxB,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,QACE,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,MACpB;AAAA;AAAA,MAEA,OAAO,UAAe;AACpB,YAAI;AACF,gBAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,GAAG;AAC5C,iBAAO;AAAA,YACL,SAAS;AAAA,cACP;AAAA,gBACE,MAAM;AAAA,gBACN,MACE,OAAO,WAAW,WACd,SACA,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,cACtC;AAAA,YACF;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,cAAI,IAAI,MAAM,QAAQ,KAAK,IAAI,WAAW,EAAE,QAAQ,CAAC;AACrD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,SAAS;AAAA,cACP,EAAE,MAAM,QAAiB,MAAM,UAAU,OAAO,GAAG;AAAA,YACrD;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACpFA,SAAS,SAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,EAChE;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC;AAAA,IAC9C,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,UAAU,EACP,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EACA,QAAQ,mBAAmB;AAAA,IAC9B,aAAa,EACV,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EACA,QAAQ,4BAA4B;AAAA,IACvC,UAAU,EACP,QAAQ,EACR,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,QAAQ,CAAC,UAAU,eAAe,aAAa;;;ACjE5D,SAAS,KAAAC,UAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAU,EACd,SAAS,EACT,SAAS,gDAAgD;AAAA,EAC9D;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,mBAAmB,GAAG,EAAE,OAAO,MAC1D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,mBAAmB,EAAE;AAAA,EAClD;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GAAE,KAAK,CAAC,KAAK,CAAC;AAAA,EACtB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,KAAK,GAAG,EAAE,OAAO,MAC5C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,MAAM,EAAE,KAAK,EAAE;AAAA,EACnC;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACxEA,SAAS,KAAAC,UAAS;AAIX,IAAM,cAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GACZ,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,kBAAkBA,GACf,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,aAAa,cAAc;;;AClDjD,SAAS,KAAAC,UAAS;AAIlB,IAAM,uBAAuBC,GAAE,OAAO;AAAA,EACpC,cAAcA,GAAE,OAAO;AAAA,EACvB,MAAMA,GAAE,OAAO;AAAA,EACf,aAAaA,GAAE,OAAO;AAAA,EACtB,OAAOA,GAAE,OAAO;AAClB,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,cAAc;AAAA,IACvB,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC9B,iBAAiBA,GACd,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,IAAI,GAAG,EACP,QAAQ,GAAG,EACX,SAAS,qDAAqD;AAAA,EACnE;AAAA,EACA,SAAS,OACP,EAAE,MAAM,cAAc,gBAAgB,GACtC,EAAE,QAAQ,IAAI,MACX;AACH,UAAM,UAAW,MAAM,OAAO,QAAQ,kBAAkB;AAAA,MACtD,QAAQ;AAAA,MACR,MAAM,EAAE,MAAM,aAAa;AAAA,IAC7B,CAAC;AAED,UAAM,WAAW,KAAK,IAAI,IAAI,kBAAkB;AAChD,WAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,YAAM,KAAM,MAAM,OAAO;AAAA,QACvB,kBAAkB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAClD;AAOA,UAAI,GAAG,UAAU,UAAU;AACzB,eAAO,qBAAqB,MAAM;AAAA,UAChC,cAAc,GAAG;AAAA,UACjB,MAAM,GAAG;AAAA,UACT,aAAa,GAAG,eAAe,QAAQ,GAAG,IAAI;AAAA,UAC9C,OAAO,GAAG;AAAA,QACZ,CAAC;AAAA,MACH;AACA,UAAI,GAAG,UAAU,uBAAuB;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,GAAG,sBAAsB,gBAAgB;AAAA,QAC7E;AAAA,MACF;AACA,UAAI,MAAM,aAAa,QAAQ,EAAE,UAAU,GAAG,KAAK,iBAAY;AAC/D,YAAM,MAAM,GAAI;AAAA,IAClB;AACA,UAAM,IAAI;AAAA,MACR,+CAA+C,eAAe;AAAA,IAChE;AAAA,EACF;AACF,CAAC;AAED,SAAS,MAAM,IAAY;AACzB,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAClC,sBAAsBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtC,MAAMA,GAAE,OAAO,EAAE,QAAQ,QAAQ;AAAA,EACnC;AAAA,EACA,SAAS,OACP,EAAE,WAAW,kBAAkB,sBAAsB,KAAK,GAC1D,EAAE,OAAO,MACN;AACH,UAAM,MAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,UAAU;AAAA,UACV;AAAA,UACA,QAAQ;AAAA,YACN,WAAW;AAAA,YACX,eAAe;AAAA,UACjB;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,UAAM,OAAO;AAAA,MACX,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,oBAAoB,KAAK,EAAE;AAAA,IACxD;AAEA,WAAO,EAAE,KAAK,cAAc,0BAA0B;AAAA,EACxD;AACF,CAAC;AAQM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MAAM;AAC5C,UAAM,KAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,OAAQ,MAAM,OAAO;AAAA,MACzB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,OAAQ,MAAM,OAAO;AAAA,MACzB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,SAAU,MAAM,OAAO;AAAA,MAC3B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAMA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAEA,UAAM,SAA2B;AAAA,MAC/B;AAAA,QACE,IAAI,GAAG,UAAU;AAAA,QACjB,MAAM;AAAA,QACN,SAAS,SAAS,GAAG,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,QACE,IAAI,KAAK,SAAS;AAAA,QAClB,MAAM;AAAA,QACN,SAAS,GAAG,KAAK,MAAM;AAAA,MACzB;AAAA,MACA;AAAA,QACE,IACE,KAAK,SAAS,KACb,OAAO,4BAA4B,QAClC,OAAO,mBAAmB;AAAA,QAC9B,MAAM;AAAA,QACN,SACE,KAAK,SAAS,IACV,GAAG,KAAK,MAAM,UACd;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,CAAC,CAAC,SAAS;AAAA,QACf,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,OAAO,cAAc,QAAQ,KAAK,SAAS;AAAA,QAC/C,MAAM;AAAA,QACN,SAAS,OAAO,YACZ,mBACA;AAAA,MACN;AAAA,IACF;AACA,UAAM,UAAU,OAAO,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,UAAU;AACtD,WAAO,EAAE,SAAS,OAAO;AAAA,EAC3B;AACF,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AACF;;;ACnMA,SAAS,KAAAC,UAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,UAAUA,GAAE,KAAK,CAAC,UAAU,UAAU,YAAY,MAAM,CAAC;AAAA,IACzD,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,oCAAoC;AAAA,IACrE,QAAQA,GACL,OAAO;AAAA,MACN,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MAC3B,eAAeA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MAC/B,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,MACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,wCAAwC;AAAA,MACpD,WAAWA,GACR,OAAO,EACP,SAAS,EACT;AAAA,QACC;AAAA,MACF;AAAA,IACJ,CAAC,EACA,SAAS,gCAAgC;AAAA,EAC9C;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,UAAU,QAAQ,SAAS;;;ACjEjD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,yBAAyBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9C,gBAAgBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACrC,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACzC,WAAWA,GACR,QAAQ,EACR,SAAS,EACT,SAAS,oCAAoC;AAAA,IAChD,mBAAmBA,GAChB,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,IACF,CAAC,EACA,SAAS,EACT,SAAS,2CAA2C;AAAA,IACvD,uBAAuBA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,IAChE,2BAA2BA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,EACtE;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,iBAAiB;;;AC9CvD,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,GAAG;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,MAAM,GAAG,EAAE,OAAO,MAC7C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,MAAM,EAAE;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GACJ,OAAO,EACP,MAAM,8BAA8B,uBAAuB;AAAA,IAC9D,YAAYA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC5B,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,OAAO,CAAC,EACR,QAAQ,IAAI,EACZ,SAAS,0BAA0B;AAAA,EACxC;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,SAASA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,UAAU,mBAAmB,OAAO,CAAC;AAAA,IACpF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,WAAW,YAAY,UAAU;;;AC1DvD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAC/B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AACtD,CAAC;AAEM,IAAM,eAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GACR,OAAO,EACP,IAAI,CAAC,EACL,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,EAAE;AACpE,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,gBAAgB,yCAAyC,EAC/D,SAAS,4DAAuD;AAAA,IACnE,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACzC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAC9B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AACpE,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,cAAc,eAAe;;;AZvBnE,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,SAAS,eAAe;AAEjC,IAAM,cAAc;AAEpB,SAAS,cAAsB;AAC7B,MAAI;AACF,UAAM,OAAO,QAAQ,cAAc,YAAY,GAAG,CAAC;AACnD,UAAM,MAAM,KAAK;AAAA,MACf,aAAa,QAAQ,MAAM,MAAM,cAAc,GAAG,MAAM;AAAA,IAC1D;AACA,WAAO,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,OAAsB;AAC1C,QAAM,MAAM,WAAW;AACvB,QAAM,MAAM,WAAW,GAAG;AAC1B,QAAM,SAAS,IAAI,cAAc,KAAK,GAAG;AAEzC,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,MAAM;AAAA,IACN,SAAS,YAAY;AAAA,EACvB,CAAC;AAED,QAAM,WAAW;AAAA,IACf,GAAGC;AAAA,IACH,GAAG;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,EACL;AAEA,cAAY,QAAQ,EAAE,QAAQ,IAAI,GAAG,QAAQ;AAE7C,MAAI,KAAK,wBAAwB;AAAA,IAC/B,SAAS,IAAI;AAAA,IACb,OAAO,SAAS;AAAA,IAChB,UAAU,IAAI,WAAW,WAAW;AAAA,EACtC,CAAC;AAED,QAAM,YAAY,IAAI,qBAAqB;AAC3C,QAAM,OAAO,QAAQ,SAAS;AAChC;AAMA,KAAK,EAAE,MAAM,CAAC,QAAQ;AACpB,UAAQ,OAAO,MAAM,UAAU,eAAe,QAAQ,IAAI,QAAQ,GAAG;AAAA,CAAI;AACzE,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","tools"]}
1	+ {"version":3,"sources":["../src/index.ts","../src/client.ts","../src/config.ts","../src/logger.ts","../src/tools/registry.ts","../src/tools/apps.ts","../src/tools/billing.ts","../src/tools/branding.ts","../src/tools/curated.ts","../src/tools/idps.ts","../src/tools/login_policy.ts","../src/tools/users.ts","../src/tools/workspaces.ts","../src/tools/generated/apps.ts","../src/tools/generated/billing.ts","../src/tools/generated/branding.ts","../src/tools/generated/idps.ts","../src/tools/generated/login-policy.ts","../src/tools/generated/smtp.ts","../src/tools/generated/users.ts","../src/tools/generated/workspaces.ts","../src/tools/generated/index.ts"],"sourcesContent":["/*\n Entrypoint — boots an MCP server over stdio with the full Prysmid tool set.\n \n Three layers of tools:\n * 1. handwritten — `src/tools/{apps,users,...}.ts`. Polished schemas,\n * curated descriptions, the canonical surface.\n * 2. curated — `src/tools/curated.ts`. Multi-step orchestrators (e.g.\n * `setup_prysmid_workspace`).\n * 3. generated — `src/tools/generated/.ts`. Auto-emitted from the live\n OpenAPI spec by `scripts/generate-tools.ts`. Covers everything else.\n \n Merge rule: handwritten and curated names always win. A generated tool\n * with the same `name` as one of them is dropped silently — the handwritten\n * version is the source of truth.\n \n MCP transport contract:\n * - JSON-RPC over stdin/stdout\n * - stdout is RESERVED for protocol bytes; logs go to stderr (see logger.ts)\n * - one process == one client; the agent spawns a fresh server per session\n /\nimport { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { PrysmidClient } from \"./client.js\";\nimport { loadConfig } from \"./config.js\";\nimport { makeLogger } from \"./logger.js\";\nimport { registerAll, type ToolDef } from \"./tools/registry.js\";\nimport { tools as appsTools } from \"./tools/apps.js\";\nimport { tools as billingTools } from \"./tools/billing.js\";\nimport { tools as brandingTools } from \"./tools/branding.js\";\nimport { tools as curatedTools } from \"./tools/curated.js\";\nimport { tools as idpsTools } from \"./tools/idps.js\";\nimport { tools as loginPolicyTools } from \"./tools/login_policy.js\";\nimport { tools as usersTools } from \"./tools/users.js\";\nimport { tools as workspaceTools } from \"./tools/workspaces.js\";\nimport { generatedTools } from \"./tools/generated/index.js\";\n\nimport { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, resolve } from \"node:path\";\n\nconst SERVER_NAME = \"prysmid\";\n\nfunction readVersion(): string {\n try {\n const here = dirname(fileURLToPath(import.meta.url));\n const pkg = JSON.parse(\n readFileSync(resolve(here, \"..\", \"package.json\"), \"utf8\"),\n );\n return typeof pkg.version === \"string\" ? pkg.version : \"0.0.0\";\n } catch {\n return \"0.0.0\";\n }\n}\n\n/\n Map of generated tool names that are superseded by a hand-written tool\n * with a different name (because the hand-written name is more agent-\n * friendly than what FastAPI's operationId produced). Without this, the\n * agent would see two near-duplicates: e.g. `add_idp` (curated) AND\n * `create_idp` (generated) for the same endpoint.\n \n Keep the LHS in sync with what the generator emits — if you rename a\n * hand-written tool, update this table.\n /\nconst GENERATED_ALIASES: Readonly<Record<string, string>> = {\n // generated name → handwritten that already covers it\n create_idp: \"add_idp\",\n create_app: \"create_oidc_app\",\n delete_app: \"delete_oidc_app\",\n update_spending_cap: \"set_spending_cap\",\n billing_checkout: \"start_billing_checkout\",\n billing_portal: \"start_billing_portal\",\n billing_get_state: \"get_billing\",\n};\n\n/\n Compose the final tool array. Hand-written + curated tools take\n * precedence over generated tools sharing the same `name`, AND over any\n * generated tool listed in {@link GENERATED_ALIASES}. Exported so tests\n * can assert merge behavior without booting the MCP server.\n /\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function composeToolset(): ToolDef<any>[] {\n const handwrittenAndCurated = [\n ...workspaceTools,\n ...appsTools,\n ...idpsTools,\n ...loginPolicyTools,\n ...usersTools,\n ...brandingTools,\n ...billingTools,\n ...curatedTools,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n ] as ToolDef<any>[];\n\n const handwrittenNames = new Set(handwrittenAndCurated.map((t) => t.name));\n const filteredGenerated = generatedTools.filter((t) => {\n if (handwrittenNames.has(t.name)) return false;\n const alias = GENERATED_ALIASES[t.name];\n if (alias && handwrittenNames.has(alias)) return false;\n return true;\n });\n\n return [...handwrittenAndCurated, ...filteredGenerated];\n}\n\nexport async function main(): Promise<void> {\n const cfg = loadConfig();\n const log = makeLogger(cfg);\n const client = new PrysmidClient(cfg, log);\n\n const server = new McpServer({\n name: SERVER_NAME,\n version: readVersion(),\n });\n\n const allTools = composeToolset();\n\n registerAll(server, { client, log }, allTools);\n\n log.info(`prysmid-mcp starting`, {\n apiBase: cfg.apiBase,\n tools: allTools.length,\n authMode: cfg.apiToken ? \"bearer\" : \"none\",\n });\n\n const transport = new StdioServerTransport();\n await server.connect(transport);\n}\n\n// This module is only ever invoked as the package bin (MCP servers run as a\n// process per session). Cross-platform `import.meta.url === file://<argv[1]>`\n// is fragile (Windows backslash vs forward slash; symlinked paths) so we\n// just always boot UNLESS we're in vitest (which imports this module to\n// poke at the exports without wanting to connect a stdio transport).\nif (!process.env.VITEST) {\n main().catch((err) => {\n process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}\\n`);\n process.exit(1);\n });\n}\n","/\n Prysmid API client — thin fetch wrapper that adds auth + maps errors.\n \n Auth model (MVP): static bearer via `PRYSMID_API_TOKEN`. Device-flow OAuth\n * lives in `auth.ts` and produces a token compatible with this client.\n /\nimport type { Config } from \"./config.js\";\nimport type { Logger } from \"./logger.js\";\n\nexport class PrysmidApiError extends Error {\n constructor(\n message: string,\n public readonly status: number,\n public readonly body: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"PrysmidApiError\";\n }\n}\n\nexport interface RequestOptions {\n method?: \"GET\" \| \"POST\" \| \"PUT\" \| \"PATCH\" \| \"DELETE\";\n body?: unknown;\n query?: Record<string, string \| number \| boolean \| undefined>;\n}\n\nexport class PrysmidClient {\n constructor(\n private readonly cfg: Config,\n private readonly log: Logger,\n ) {}\n\n async request<T = unknown>(path: string, opts: RequestOptions = {}): Promise<T> {\n if (!this.cfg.apiToken) {\n throw new PrysmidApiError(\n \"No PRYSMID_API_TOKEN configured. Set the env var or run device-flow login.\",\n 401,\n \"\",\n \"auth.no_token\",\n );\n }\n\n const url = new URL(this.cfg.apiBase + path);\n if (opts.query) {\n for (const [k, v] of Object.entries(opts.query)) {\n if (v !== undefined) url.searchParams.set(k, String(v));\n }\n }\n\n const method = opts.method ?? \"GET\";\n const headers: Record<string, string> = {\n Authorization: `Bearer ${this.cfg.apiToken}`,\n Accept: \"application/json\",\n };\n if (opts.body !== undefined) headers[\"Content-Type\"] = \"application/json\";\n\n this.log.debug(`HTTP ${method} ${url.pathname}`);\n const res = await fetch(url, {\n method,\n headers,\n body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n });\n\n const text = await res.text();\n if (!res.ok) {\n let code: string \| undefined;\n try {\n const parsed = JSON.parse(text);\n code = typeof parsed?.error === \"string\" ? parsed.error : parsed?.code;\n } catch {\n // body wasn't JSON\n }\n throw new PrysmidApiError(\n `Prysmid API ${res.status} on ${method} ${path}`,\n res.status,\n text,\n code,\n );\n }\n\n if (text === \"\") return undefined as T;\n try {\n return JSON.parse(text) as T;\n } catch {\n return text as unknown as T;\n }\n }\n}\n","/\n Runtime configuration. Pulled from env at startup; immutable thereafter.\n \n The MCP runs as a long-lived stdio process — env reads happen once.\n /\n\nexport interface Config {\n apiBase: string;\n apiToken: string \| null;\n logLevel: \"debug\" \| \"info\" \| \"warn\" \| \"error\";\n}\n\nconst DEFAULT_API_BASE = \"https://api.prysmid.com\";\n\nexport function loadConfig(env: NodeJS.ProcessEnv = process.env): Config {\n const apiBase = (env.PRYSMID_API_BASE ?? DEFAULT_API_BASE).replace(/\\/+$/, \"\");\n const apiToken = env.PRYSMID_API_TOKEN?.trim() \|\| null;\n const rawLevel = (env.PRYSMID_MCP_LOG_LEVEL ?? \"info\").toLowerCase();\n const logLevel: Config[\"logLevel\"] =\n rawLevel === \"debug\" \|\| rawLevel === \"warn\" \|\| rawLevel === \"error\"\n ? rawLevel\n : \"info\";\n return { apiBase, apiToken, logLevel };\n}\n","/\n stderr-only logger. MCP servers MUST NOT write to stdout — that channel\n * is reserved for the JSON-RPC protocol; any stray byte breaks the agent.\n /\nimport type { Config } from \"./config.js\";\n\nconst ORDER = { debug: 10, info: 20, warn: 30, error: 40 } as const;\n\nexport interface Logger {\n debug: (msg: string, extra?: unknown) => void;\n info: (msg: string, extra?: unknown) => void;\n warn: (msg: string, extra?: unknown) => void;\n error: (msg: string, extra?: unknown) => void;\n}\n\nexport function makeLogger(cfg: Pick<Config, \"logLevel\">): Logger {\n const threshold = ORDER[cfg.logLevel];\n\n function emit(level: keyof typeof ORDER, msg: string, extra?: unknown) {\n if (ORDER[level] < threshold) return;\n const ts = new Date().toISOString();\n const payload = extra === undefined ? \"\" : ` ${safeJSON(extra)}`;\n process.stderr.write(`${ts} ${level.toUpperCase()} ${msg}${payload}\\n`);\n }\n\n return {\n debug: (m, e) => emit(\"debug\", m, e),\n info: (m, e) => emit(\"info\", m, e),\n warn: (m, e) => emit(\"warn\", m, e),\n error: (m, e) => emit(\"error\", m, e),\n };\n}\n\nfunction safeJSON(x: unknown): string {\n try {\n return JSON.stringify(x);\n } catch {\n return String(x);\n }\n}\n","/\n Tool registry — single place where every MCP tool lives. Each tool exports\n * its input schema (Zod) + handler; `registerAll` wires them into the SDK.\n \n Two flavors of tools coexist:\n * - generated: 1:1 with REST endpoints, produced by `scripts/generate-tools.ts`\n * (lives under `tools/generated/` once the script runs)\n - curated: high-level orchestrators a human/agent actually wants to call,\n * e.g. `setup_prysmid_workspace(company_name)` that combines several\n * endpoints. These live under `tools/curated/`.\n \n * Both share the same `Tool` shape so the registry is uniform.\n /\nimport type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { z } from \"zod\";\n\nimport type { PrysmidClient } from \"../client.js\";\nimport type { Logger } from \"../logger.js\";\n\nexport interface ToolContext {\n client: PrysmidClient;\n log: Logger;\n}\n\nexport interface ToolDef<I extends z.ZodRawShape> {\n name: string;\n description: string;\n inputShape: I;\n /\n Handler returns plain JSON-able output. The SDK serializes it into\n * MCP `content` blocks; we wrap to text by default (most MCP UIs render it\n * better than structured content).\n /\n handler: (\n input: z.infer<z.ZodObject<I>>,\n ctx: ToolContext,\n ) => Promise<unknown>;\n}\n\nexport function defineTool<I extends z.ZodRawShape>(t: ToolDef<I>): ToolDef<I> {\n return t;\n}\n\n// `ToolDef<any>` here intentionally — the array is heterogeneous (each tool\n// has its own input shape) and the SDK's registerTool only cares about the\n// runtime Zod object, not compile-time type inference. Without `any` there's\n// no single ZodRawShape that satisfies every entry simultaneously.\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function registerAll(\n server: McpServer,\n ctx: ToolContext,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n tools: ReadonlyArray<ToolDef<any>>,\n): void {\n for (const tool of tools) {\n server.registerTool(\n tool.name,\n {\n description: tool.description,\n inputSchema: tool.inputShape,\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async (input: any) => {\n try {\n const result = await tool.handler(input, ctx);\n return {\n content: [\n {\n type: \"text\" as const,\n text:\n typeof result === \"string\"\n ? result\n : JSON.stringify(result, null, 2),\n },\n ],\n };\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n ctx.log.error(`tool ${tool.name} failed`, { message });\n return {\n isError: true,\n content: [\n { type: \"text\" as const, text: `error: ${message}` },\n ],\n };\n }\n },\n );\n }\n}\n","/\n OIDC application tools — list, create, delete on a workspace's apps.\n * Apps are the integration unit: each one represents one downstream service\n * (web app, mobile app, CLI) that authenticates via Prysmid.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List all OIDC apps in a workspace.\",\n inputShape: {\n workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/apps`),\n});\n\nexport const createOidcApp = defineTool({\n name: \"create_oidc_app\",\n description:\n \"Create an OIDC application in a workspace. Returns client_id (and client_secret if confidential). Use auth_method=NONE for SPA/PKCE; use BASIC for confidential web apps.\",\n inputShape: {\n workspace: z.string().min(1),\n name: z.string().min(1).max(255),\n redirect_uris: z.array(z.string().url()).min(1),\n post_logout_redirect_uris: z.array(z.string().url()).optional(),\n app_type: z\n .enum([\n \"OIDC_APP_TYPE_WEB\",\n \"OIDC_APP_TYPE_USER_AGENT\",\n \"OIDC_APP_TYPE_NATIVE\",\n ])\n .default(\"OIDC_APP_TYPE_WEB\"),\n auth_method: z\n .enum([\n \"OIDC_AUTH_METHOD_TYPE_NONE\",\n \"OIDC_AUTH_METHOD_TYPE_BASIC\",\n \"OIDC_AUTH_METHOD_TYPE_POST\",\n ])\n .default(\"OIDC_AUTH_METHOD_TYPE_NONE\"),\n dev_mode: z\n .boolean()\n .default(false)\n .describe(\n \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteOidcApp = defineTool({\n name: \"delete_oidc_app\",\n description: \"Delete an OIDC app. Idempotent — 404 returns success.\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n },\n handler: async ({ workspace, app_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listApps, createOidcApp, deleteOidcApp] as const;\n","/\n Billing tools — read state, manage spending cap, generate Stripe portal URL.\n * Checkout/upgrade flow returns a Stripe-hosted URL; the agent surfaces it to\n * the user for them to navigate (we don't process payment data here).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBilling = defineTool({\n name: \"get_billing\",\n description:\n \"Get current billing state: plan, subscription status, current period, spending_cap_cents, signups_blocked.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing`,\n ),\n});\n\nexport const setSpendingCap = defineTool({\n name: \"set_spending_cap\",\n description:\n \"Cap monthly Pro overage spend (cents). Pass null to remove cap (unlimited). When projected overage exceeds cap, signups_blocked flips on.\",\n inputShape: {\n workspace: z.string().min(1),\n spending_cap_cents: z\n .number()\n .int()\n .min(0)\n .max(10_000_000)\n .nullable()\n .describe(\"Max overage cents per period; null = unlimited\"),\n },\n handler: async ({ workspace, spending_cap_cents }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/spending-cap`,\n { method: \"PATCH\", body: { spending_cap_cents } },\n ),\n});\n\nexport const startCheckout = defineTool({\n name: \"start_billing_checkout\",\n description:\n \"Create a Stripe Checkout session for upgrading. Returns the URL the user must visit. Plan must be `pro` (Free has no checkout; Enterprise is sales-only).\",\n inputShape: {\n workspace: z.string().min(1),\n plan: z.enum([\"pro\"]),\n },\n handler: async ({ workspace, plan }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/checkout`,\n { method: \"POST\", body: { plan } },\n ),\n});\n\nexport const startBillingPortal = defineTool({\n name: \"start_billing_portal\",\n description:\n \"Create a Stripe customer-portal session URL where the user manages payment methods, downloads invoices, cancels subscription.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/portal`,\n { method: \"POST\" },\n ),\n});\n\nexport const tools = [\n getBilling,\n setSpendingCap,\n startCheckout,\n startBillingPortal,\n] as const;\n","/\n Branding tools — colors, fonts, logo for the login page. Logo upload is\n * out of MCP scope (multipart binary uploads don't fit MCP tool semantics\n * cleanly); use the dashboard or API directly for that.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description:\n \"Return the workspace's active branding policy (colors, fonts, hide-prysmid-watermark flag, logo URLs).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n ),\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description:\n \"Update branding colors and watermark. Hex colors as `#RRGGBB`. Activates the policy after update — change shows on next login screen render.\",\n inputShape: {\n workspace: z.string().min(1),\n primary_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n background_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n warn_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n font_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n disable_watermark: z\n .boolean()\n .optional()\n .describe(\n \"Hide 'Powered by Prysmid' on the login screen (Pro+ only — Free silently ignored).\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getBranding, updateBranding] as const;\n","/\n Curated high-level tools — the ones agents would naturally reach for to\n * accomplish a goal in one call, instead of orchestrating 4 raw endpoints.\n \n Keep these small: each represents one end-user intent (\"set up a workspace\n * with Google login\"). Branch logic and prompts stay on the agent side; this\n * file only owns the API choreography.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst SetupWorkspaceOutput = z.object({\n workspace_id: z.string(),\n slug: z.string(),\n auth_domain: z.string(),\n state: z.string(),\n});\n\nexport const setupPrysmidWorkspace = defineTool({\n name: \"setup_prysmid_workspace\",\n description:\n \"Create a new workspace and wait until it's fully provisioned (Zitadel instance, SMTP, DNS). Returns the live auth_domain ready to integrate.\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/),\n display_name: z.string().min(1),\n timeout_seconds: z\n .number()\n .int()\n .min(10)\n .max(300)\n .default(120)\n .describe(\"Max time to wait for provisioning before returning.\"),\n },\n handler: async (\n { slug, display_name, timeout_seconds },\n { client, log },\n ) => {\n const created = (await client.request(\"/v1/workspaces\", {\n method: \"POST\",\n body: { slug, display_name },\n })) as { id: string; slug: string; state: string; auth_domain?: string };\n\n const deadline = Date.now() + timeout_seconds 1000;\n while (Date.now() < deadline) {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(created.id)}`,\n )) as {\n id: string;\n slug: string;\n state: string;\n auth_domain?: string;\n provisioning_error?: string;\n };\n if (ws.state === \"active\") {\n return SetupWorkspaceOutput.parse({\n workspace_id: ws.id,\n slug: ws.slug,\n auth_domain: ws.auth_domain ?? `auth.${ws.slug}.prysmid.com`,\n state: ws.state,\n });\n }\n if (ws.state === \"provisioning_failed\") {\n throw new Error(\n `Workspace provisioning failed: ${ws.provisioning_error ?? \"unknown reason\"}`,\n );\n }\n log.debug(`workspace ${created.id} state=${ws.state}, polling…`);\n await sleep(3000);\n }\n throw new Error(\n `Workspace did not reach state=active within ${timeout_seconds}s`,\n );\n },\n});\n\nfunction sleep(ms: number) {\n return new Promise((r) => setTimeout(r, ms));\n}\n\nexport const enableGoogleLogin = defineTool({\n name: \"enable_google_login\",\n description:\n \"Add Google as an identity provider on a workspace and enable external IdPs in the login policy. Hands you a checklist if external IdPs were already disabled — agent should confirm before flipping that flag.\",\n inputShape: {\n workspace: z.string().min(1),\n google_client_id: z.string().min(1),\n google_client_secret: z.string().min(1),\n name: z.string().default(\"Google\"),\n },\n handler: async (\n { workspace, google_client_id, google_client_secret, name },\n { client },\n ) => {\n const idp = await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n {\n method: \"POST\",\n body: {\n provider: \"google\",\n name,\n config: {\n client_id: google_client_id,\n client_secret: google_client_secret,\n },\n },\n },\n );\n\n // Force-enable external IdP toggle in case the workspace had it off.\n await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body: { allow_external_idp: true } },\n );\n\n return { idp, login_policy: \"allow_external_idp=true\" };\n },\n});\n\ninterface SetupCheckItem {\n ok: boolean;\n name: string;\n details?: string;\n}\n\nexport const prysmidSetupCheck = defineTool({\n name: \"prysmid_setup_check\",\n description:\n \"Run a readiness checklist on a workspace: state=active, ≥1 OIDC app, ≥1 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable. Returns pass/fail per item plus a summary verdict.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) => {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}`,\n )) as { state: string; auth_domain?: string };\n const apps = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n )) as unknown[];\n const idps = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n )) as unknown[];\n const policy = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n )) as {\n allow_username_password?: boolean;\n allow_register?: boolean;\n allow_external_idp?: boolean;\n force_mfa?: boolean;\n };\n const branding = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n )) as { primary_color?: string };\n\n const checks: SetupCheckItem[] = [\n {\n ok: ws.state === \"active\",\n name: \"workspace_active\",\n details: `state=${ws.state}`,\n },\n {\n ok: apps.length > 0,\n name: \"has_at_least_one_app\",\n details: `${apps.length} apps`,\n },\n {\n ok:\n idps.length > 0 \|\|\n (policy.allow_username_password === true &&\n policy.allow_register === true),\n name: \"users_can_sign_in\",\n details:\n idps.length > 0\n ? `${idps.length} idps`\n : \"no idps; must allow username+password+register\",\n },\n {\n ok: !!branding.primary_color,\n name: \"branding_primary_color_set\",\n },\n {\n ok: policy.force_mfa === true \|\| idps.length > 0,\n name: \"auth_strength_reasonable\",\n details: policy.force_mfa\n ? \"force_mfa=true\"\n : \"MFA off but external IdP present\",\n },\n ];\n const verdict = checks.every((c) => c.ok) ? \"ready\" : \"incomplete\";\n return { verdict, checks };\n },\n});\n\nexport const tools = [\n setupPrysmidWorkspace,\n enableGoogleLogin,\n prysmidSetupCheck,\n] as const;\n","/*\n Identity provider tools — Google, GitHub, Microsoft, generic OIDC.\n * Each create_* operation atomically: creates the IdP config AND adds it to\n * the login policy so it appears on the login screen. The Prysmid API\n * encapsulates that two-step lifecycle behind a single endpoint.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description:\n \"List identity providers (Google/GitHub/Microsoft/OIDC) configured on a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/idps`),\n});\n\nexport const addIdp = defineTool({\n name: \"add_idp\",\n description:\n \"Add an identity provider to the workspace and attach it to the login policy in one atomic call. Provider-specific fields go in `config`.\",\n inputShape: {\n workspace: z.string().min(1),\n provider: z.enum([\"google\", \"github\", \"azure_ad\", \"oidc\"]),\n name: z.string().min(1).describe(\"Display name shown on login screen\"),\n config: z\n .object({\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n scopes: z.array(z.string()).optional(),\n issuer: z\n .string()\n .url()\n .optional()\n .describe(\"Required for `oidc`; ignored otherwise\"),\n tenant_id: z\n .string()\n .optional()\n .describe(\n \"Required for `azure_ad` to lock to a specific Microsoft tenant\",\n ),\n })\n .describe(\"Provider-specific OAuth config\"),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description:\n \"Remove an identity provider. Strips it from the login policy then deletes the config. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listIdps, addIdp, deleteIdp] as const;\n","/\n Login policy tools — control which authentication methods are allowed,\n * MFA enforcement, lockout thresholds. Patches are merge semantics on the\n * server side; only fields you set are changed.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description:\n \"Return the workspace's current login policy (password rules, MFA, IdPs allowed, lockout, etc.).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n ),\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description:\n \"Update the login policy. PATCH semantics — only fields you pass are changed; other policy fields stay as they were.\",\n inputShape: {\n workspace: z.string().min(1),\n allow_username_password: z.boolean().optional(),\n allow_register: z.boolean().optional(),\n allow_external_idp: z.boolean().optional(),\n force_mfa: z\n .boolean()\n .optional()\n .describe(\"Require any second factor at login\"),\n passwordless_type: z\n .enum([\n \"PASSWORDLESS_TYPE_NOT_ALLOWED\",\n \"PASSWORDLESS_TYPE_ALLOWED\",\n ])\n .optional()\n .describe(\"Enables passkey-first when set to ALLOWED\"),\n max_password_attempts: z.number().int().min(0).max(20).optional(),\n lockout_password_attempts: z.number().int().min(0).max(20).optional(),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getLoginPolicy, updateLoginPolicy] as const;\n","/\n User tools — list, invite (sends Zitadel init email), delete.\n * Invite is the primary creation path; users set their own password via the\n * email link. Direct user creation with pre-set credentials is intentionally\n * not exposed here.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List human users in a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n limit: z.number().int().min(1).max(500).default(100),\n },\n handler: async ({ workspace, limit }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users`,\n { query: { limit } },\n ),\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description:\n \"Invite a user by email. Idempotent by email — re-inviting an existing user is a no-op. Triggers a Zitadel init email with a 'set your password' link.\",\n inputShape: {\n workspace: z.string().min(1),\n email: z\n .string()\n .regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/, \"must be a valid email\"),\n first_name: z.string().min(1),\n last_name: z.string().min(1),\n preferred_language: z\n .string()\n .length(2)\n .default(\"en\")\n .describe(\"ISO 639-1, e.g. en/es/pt\"),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/invite`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete a user by id. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n user_id: z.string().min(1),\n },\n handler: async ({ workspace, user_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/${encodeURIComponent(user_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listUsers, inviteUser, deleteUser] as const;\n","/\n Hand-written workspace tools. These are the ones agents reach for first;\n * the rest of the surface is auto-generated from OpenAPI in a later pass.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description:\n \"List Prysmid workspaces accessible to the current API token. Returns an array of {id, slug, display_name, plan, state}.\",\n inputShape: {},\n handler: async (_input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"GET\" }),\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get a single workspace by slug or id.\",\n inputShape: {\n workspace: z\n .string()\n .min(1)\n .describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}`),\n});\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description:\n \"Create a new Prysmid workspace. Provisioning runs in the background; the response returns immediately with state=provisioning. Poll `get_workspace` until state=active (~30s).\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/, \"lowercase alphanumeric and hyphens only\")\n .describe(\"Subdomain-safe slug — becomes auth.<slug>.prysmid.com\"),\n display_name: z.string().min(1).max(255),\n },\n handler: async (input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"POST\", body: input }),\n});\n\nexport const tools = [listWorkspaces, getWorkspace, createWorkspace] as const;\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createApp = defineTool({\n name: \"create_app\",\n description: \"Create App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n name: z.string().min(1).max(200),\n redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user back after auth. At least one required.\"),\n post_logout_redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user after logout.\").optional(),\n app_type: z.enum([\"web\", \"spa\", \"native\"]).describe(\"App kind, drives OIDC grant + auth_method defaults.\\n\\n- `web`: server-rendered confidential client. Gets a `client_secret`.\\n- `spa`: single-page app (user-agent). Public, PKCE required, no secret.\\n- `native`: desktop/mobile. Public, PKCE required, no secret.\").optional(),\n dev_mode: z.boolean().describe(\"Relax HTTPS requirement on redirect_uris (allows http://localhost). Use only for local development; never in production.\").default(false),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteApp = defineTool({\n name: \"delete_app\",\n description: \"Delete App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n app_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, app_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps/${encodeURIComponent(String(app_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List Apps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"GET\" });\n },\n});\n\nexport const generatedAppsTools = [\n createApp,\n deleteApp,\n listApps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const billingCheckout = defineTool({\n name: \"billing_checkout\",\n description: \"Checkout\",\n inputShape: {\n workspace_id: z.string().uuid(),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/checkout`, { method: \"POST\", body: __body });\n },\n});\n\nexport const billingGetState = defineTool({\n name: \"billing_get_state\",\n description: \"Get State\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing`, { method: \"GET\" });\n },\n});\n\nexport const billingPortal = defineTool({\n name: \"billing_portal\",\n description: \"Portal\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/portal`, { method: \"POST\" });\n },\n});\n\nexport const updateSpendingCap = defineTool({\n name: \"update_spending_cap\",\n description: \"Update Spending Cap\",\n inputShape: {\n workspace_id: z.string().uuid(),\n cents: z.number().int().min(0).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/spending-cap`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBillingTools = [\n billingCheckout,\n billingGetState,\n billingPortal,\n updateSpendingCap,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteLogo = defineTool({\n name: \"delete_logo\",\n description: \"Delete Logo\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding/logo`, { method: \"DELETE\" });\n },\n});\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description: \"Get Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"GET\" });\n },\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description: \"Update Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n primary_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n primary_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n hide_login_name_suffix: z.boolean().nullable().optional(),\n disable_watermark: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBrandingTools = [\n deleteLogo,\n getBranding,\n updateBranding,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createIdp = defineTool({\n name: \"create_idp\",\n description: \"Create Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n type: z.enum([\"google\", \"github\", \"microsoft\", \"oidc\"]),\n name: z.string().min(1).max(200),\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n issuer: z.string().url().min(1).max(2083).nullable().optional(),\n tenant_id: z.string().nullable().optional(),\n scopes: z.array(z.string()).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description: \"Delete Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n idp_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, idp_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps/${encodeURIComponent(String(idp_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description: \"List Idps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"GET\" });\n },\n});\n\nexport const generatedIdpsTools = [\n createIdp,\n deleteIdp,\n listIdps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description: \"Get Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"GET\" });\n },\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description: \"Update Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n allow_username_password: z.boolean().nullable().optional(),\n allow_register: z.boolean().nullable().optional(),\n allow_external_idp: z.boolean().nullable().optional(),\n force_mfa: z.boolean().nullable().optional(),\n passwordless_allowed: z.boolean().nullable().optional(),\n second_factors: z.array(z.enum([\"otp\", \"u2f\", \"otp_email\", \"otp_sms\"])).nullable().optional(),\n multi_factors: z.array(z.enum([\"u2f_verified\"])).nullable().optional(),\n hide_password_reset: z.boolean().nullable().optional(),\n ignore_unknown_usernames: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedLoginPolicyTools = [\n getLoginPolicy,\n updateLoginPolicy,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getSmtp = defineTool({\n name: \"get_smtp\",\n description: \"Get Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"GET\" });\n },\n});\n\nexport const revertToPlatformDefault = defineTool({\n name: \"revert_to_platform_default\",\n description: \"Revert To Platform Default\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"DELETE\" });\n },\n});\n\nexport const setCustomSmtp = defineTool({\n name: \"set_custom_smtp\",\n description: \"Set Custom Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n host: z.string().min(1),\n port: z.number().int().min(1).max(65535),\n tls: z.boolean().default(true),\n sender_address: z.string().min(3).describe(\"Address that appears in the From header.\"),\n sender_name: z.string().min(1).max(200),\n user: z.string().min(1).describe(\"SMTP auth username.\"),\n password: z.string().min(1).describe(\"SMTP auth password / API key.\"),\n reply_to_address: z.string().describe(\"Optional Reply-To header.\").default(\"\"),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"PUT\", body: __body });\n },\n});\n\nexport const generatedSmtpTools = [\n getSmtp,\n revertToPlatformDefault,\n setCustomSmtp,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n user_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, user_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/${encodeURIComponent(String(user_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description: \"Invite User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n email: z.string().max(320).regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/),\n first_name: z.string().min(1).max(100),\n last_name: z.string().min(1).max(100),\n user_name: z.string().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/invite`, { method: \"POST\", body: __body });\n },\n});\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List Users\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users`, { method: \"GET\" });\n },\n});\n\nexport const generatedUsersTools = [\n deleteUser,\n inviteUser,\n listUsers,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description: \"Create Workspace\",\n inputShape: {\n slug: z.string().min(3).max(63).regex(/^[a-z][a-z0-9-][a-z0-9]$/).describe(\"URL-safe lowercase slug. Becomes part of auth.<slug>.prysmid.com.\"),\n display_name: z.string().min(1).max(255),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]).optional(),\n },\n handler: async (input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"POST\", body: input });\n },\n});\n\nexport const deleteWorkspace = defineTool({\n name: \"delete_workspace\",\n description: \"Delete Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"GET\" });\n },\n});\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description: \"List Workspaces\",\n inputShape: {},\n handler: async (_input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"GET\" });\n },\n});\n\nexport const retryProvisioning = defineTool({\n name: \"retry_provisioning\",\n description: \"Retry Provisioning\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/retry-provisioning`, { method: \"POST\" });\n },\n});\n\nexport const updateWorkspace = defineTool({\n name: \"update_workspace\",\n description: \"Update Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n display_name: z.string().min(1).max(255).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedWorkspacesTools = [\n createWorkspace,\n deleteWorkspace,\n getWorkspace,\n listWorkspaces,\n retryProvisioning,\n updateWorkspace,\n];\n","/*\n AUTO-GENERATED. Do not edit.\n \n Aggregates every tag's generated tools into a single array. The merge with\n * hand-written tools (where hand-written wins on name collision) lives in\n * src/index.ts.\n */\nimport { generatedAppsTools } from \"./apps.js\";\nimport { generatedBillingTools } from \"./billing.js\";\nimport { generatedBrandingTools } from \"./branding.js\";\nimport { generatedIdpsTools } from \"./idps.js\";\nimport { generatedLoginPolicyTools } from \"./login-policy.js\";\nimport { generatedSmtpTools } from \"./smtp.js\";\nimport { generatedUsersTools } from \"./users.js\";\nimport { generatedWorkspacesTools } from \"./workspaces.js\";\n\nexport const generatedTools = [\n ...generatedAppsTools,\n ...generatedBillingTools,\n ...generatedBrandingTools,\n ...generatedIdpsTools,\n ...generatedLoginPolicyTools,\n ...generatedSmtpTools,\n ...generatedUsersTools,\n ...generatedWorkspacesTools,\n];\n"],"mappings":";;;AAoBA,SAAS,iBAAiB;AAC1B,SAAS,4BAA4B;;;ACZ9B,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EANkB;AAAA,EACA;AAAA,EACA;AAKpB;AAQO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YACmB,KACA,KACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAqB,MAAc,OAAuB,CAAC,GAAe;AAC9E,QAAI,CAAC,KAAK,IAAI,UAAU;AACtB,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,KAAK,IAAI,UAAU,IAAI;AAC3C,QAAI,KAAK,OAAO;AACd,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,KAAK,GAAG;AAC/C,YAAI,MAAM,OAAW,KAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,MACxD;AAAA,IACF;AAEA,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAkC;AAAA,MACtC,eAAe,UAAU,KAAK,IAAI,QAAQ;AAAA,MAC1C,QAAQ;AAAA,IACV;AACA,QAAI,KAAK,SAAS,OAAW,SAAQ,cAAc,IAAI;AAEvD,SAAK,IAAI,MAAM,QAAQ,MAAM,IAAI,IAAI,QAAQ,EAAE;AAC/C,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,IAC9D,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,UAAI;AACJ,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,eAAO,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ,QAAQ;AAAA,MACpE,QAAQ;AAAA,MAER;AACA,YAAM,IAAI;AAAA,QACR,eAAe,IAAI,MAAM,OAAO,MAAM,IAAI,IAAI;AAAA,QAC9C,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS,GAAI,QAAO;AACxB,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;AC5EA,IAAM,mBAAmB;AAElB,SAAS,WAAW,MAAyB,QAAQ,KAAa;AACvE,QAAM,WAAW,IAAI,oBAAoB,kBAAkB,QAAQ,QAAQ,EAAE;AAC7E,QAAM,WAAW,IAAI,mBAAmB,KAAK,KAAK;AAClD,QAAM,YAAY,IAAI,yBAAyB,QAAQ,YAAY;AACnE,QAAM,WACJ,aAAa,WAAW,aAAa,UAAU,aAAa,UACxD,WACA;AACN,SAAO,EAAE,SAAS,UAAU,SAAS;AACvC;;;ACjBA,IAAM,QAAQ,EAAE,OAAO,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,GAAG;AASlD,SAAS,WAAW,KAAuC;AAChE,QAAM,YAAY,MAAM,IAAI,QAAQ;AAEpC,WAAS,KAAK,OAA2B,KAAa,OAAiB;AACrE,QAAI,MAAM,KAAK,IAAI,UAAW;AAC9B,UAAM,MAAK,oBAAI,KAAK,GAAE,YAAY;AAClC,UAAM,UAAU,UAAU,SAAY,KAAK,IAAI,SAAS,KAAK,CAAC;AAC9D,YAAQ,OAAO,MAAM,GAAG,EAAE,IAAI,MAAM,YAAY,CAAC,IAAI,GAAG,GAAG,OAAO;AAAA,CAAI;AAAA,EACxE;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,IACnC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,EACrC;AACF;AAEA,SAAS,SAAS,GAAoB;AACpC,MAAI;AACF,WAAO,KAAK,UAAU,CAAC;AAAA,EACzB,QAAQ;AACN,WAAO,OAAO,CAAC;AAAA,EACjB;AACF;;;ACAO,SAAS,WAAoC,GAA2B;AAC7E,SAAO;AACT;AAOO,SAAS,YACd,QACA,KAEAA,QACM;AACN,aAAW,QAAQA,QAAO;AACxB,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,QACE,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,MACpB;AAAA;AAAA,MAEA,OAAO,UAAe;AACpB,YAAI;AACF,gBAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,GAAG;AAC5C,iBAAO;AAAA,YACL,SAAS;AAAA,cACP;AAAA,gBACE,MAAM;AAAA,gBACN,MACE,OAAO,WAAW,WACd,SACA,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,cACtC;AAAA,YACF;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,cAAI,IAAI,MAAM,QAAQ,KAAK,IAAI,WAAW,EAAE,QAAQ,CAAC;AACrD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,SAAS;AAAA,cACP,EAAE,MAAM,QAAiB,MAAM,UAAU,OAAO,GAAG;AAAA,YACrD;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACpFA,SAAS,SAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,EAChE;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC;AAAA,IAC9C,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,UAAU,EACP,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EACA,QAAQ,mBAAmB;AAAA,IAC9B,aAAa,EACV,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EACA,QAAQ,4BAA4B;AAAA,IACvC,UAAU,EACP,QAAQ,EACR,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,QAAQ,CAAC,UAAU,eAAe,aAAa;;;ACjE5D,SAAS,KAAAC,UAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAU,EACd,SAAS,EACT,SAAS,gDAAgD;AAAA,EAC9D;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,mBAAmB,GAAG,EAAE,OAAO,MAC1D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,mBAAmB,EAAE;AAAA,EAClD;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GAAE,KAAK,CAAC,KAAK,CAAC;AAAA,EACtB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,KAAK,GAAG,EAAE,OAAO,MAC5C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,MAAM,EAAE,KAAK,EAAE;AAAA,EACnC;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACxEA,SAAS,KAAAC,UAAS;AAIX,IAAM,cAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GACZ,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,kBAAkBA,GACf,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,aAAa,cAAc;;;AClDjD,SAAS,KAAAC,UAAS;AAIlB,IAAM,uBAAuBC,GAAE,OAAO;AAAA,EACpC,cAAcA,GAAE,OAAO;AAAA,EACvB,MAAMA,GAAE,OAAO;AAAA,EACf,aAAaA,GAAE,OAAO;AAAA,EACtB,OAAOA,GAAE,OAAO;AAClB,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,cAAc;AAAA,IACvB,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC9B,iBAAiBA,GACd,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,IAAI,GAAG,EACP,QAAQ,GAAG,EACX,SAAS,qDAAqD;AAAA,EACnE;AAAA,EACA,SAAS,OACP,EAAE,MAAM,cAAc,gBAAgB,GACtC,EAAE,QAAQ,IAAI,MACX;AACH,UAAM,UAAW,MAAM,OAAO,QAAQ,kBAAkB;AAAA,MACtD,QAAQ;AAAA,MACR,MAAM,EAAE,MAAM,aAAa;AAAA,IAC7B,CAAC;AAED,UAAM,WAAW,KAAK,IAAI,IAAI,kBAAkB;AAChD,WAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,YAAM,KAAM,MAAM,OAAO;AAAA,QACvB,kBAAkB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAClD;AAOA,UAAI,GAAG,UAAU,UAAU;AACzB,eAAO,qBAAqB,MAAM;AAAA,UAChC,cAAc,GAAG;AAAA,UACjB,MAAM,GAAG;AAAA,UACT,aAAa,GAAG,eAAe,QAAQ,GAAG,IAAI;AAAA,UAC9C,OAAO,GAAG;AAAA,QACZ,CAAC;AAAA,MACH;AACA,UAAI,GAAG,UAAU,uBAAuB;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,GAAG,sBAAsB,gBAAgB;AAAA,QAC7E;AAAA,MACF;AACA,UAAI,MAAM,aAAa,QAAQ,EAAE,UAAU,GAAG,KAAK,iBAAY;AAC/D,YAAM,MAAM,GAAI;AAAA,IAClB;AACA,UAAM,IAAI;AAAA,MACR,+CAA+C,eAAe;AAAA,IAChE;AAAA,EACF;AACF,CAAC;AAED,SAAS,MAAM,IAAY;AACzB,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAClC,sBAAsBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtC,MAAMA,GAAE,OAAO,EAAE,QAAQ,QAAQ;AAAA,EACnC;AAAA,EACA,SAAS,OACP,EAAE,WAAW,kBAAkB,sBAAsB,KAAK,GAC1D,EAAE,OAAO,MACN;AACH,UAAM,MAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,UAAU;AAAA,UACV;AAAA,UACA,QAAQ;AAAA,YACN,WAAW;AAAA,YACX,eAAe;AAAA,UACjB;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,UAAM,OAAO;AAAA,MACX,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,oBAAoB,KAAK,EAAE;AAAA,IACxD;AAEA,WAAO,EAAE,KAAK,cAAc,0BAA0B;AAAA,EACxD;AACF,CAAC;AAQM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MAAM;AAC5C,UAAM,KAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,OAAQ,MAAM,OAAO;AAAA,MACzB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,OAAQ,MAAM,OAAO;AAAA,MACzB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,SAAU,MAAM,OAAO;AAAA,MAC3B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAMA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAEA,UAAM,SAA2B;AAAA,MAC/B;AAAA,QACE,IAAI,GAAG,UAAU;AAAA,QACjB,MAAM;AAAA,QACN,SAAS,SAAS,GAAG,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,QACE,IAAI,KAAK,SAAS;AAAA,QAClB,MAAM;AAAA,QACN,SAAS,GAAG,KAAK,MAAM;AAAA,MACzB;AAAA,MACA;AAAA,QACE,IACE,KAAK,SAAS,KACb,OAAO,4BAA4B,QAClC,OAAO,mBAAmB;AAAA,QAC9B,MAAM;AAAA,QACN,SACE,KAAK,SAAS,IACV,GAAG,KAAK,MAAM,UACd;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,CAAC,CAAC,SAAS;AAAA,QACf,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,OAAO,cAAc,QAAQ,KAAK,SAAS;AAAA,QAC/C,MAAM;AAAA,QACN,SAAS,OAAO,YACZ,mBACA;AAAA,MACN;AAAA,IACF;AACA,UAAM,UAAU,OAAO,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,UAAU;AACtD,WAAO,EAAE,SAAS,OAAO;AAAA,EAC3B;AACF,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AACF;;;ACnMA,SAAS,KAAAC,UAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,UAAUA,GAAE,KAAK,CAAC,UAAU,UAAU,YAAY,MAAM,CAAC;AAAA,IACzD,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,oCAAoC;AAAA,IACrE,QAAQA,GACL,OAAO;AAAA,MACN,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MAC3B,eAAeA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MAC/B,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,MACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,wCAAwC;AAAA,MACpD,WAAWA,GACR,OAAO,EACP,SAAS,EACT;AAAA,QACC;AAAA,MACF;AAAA,IACJ,CAAC,EACA,SAAS,gCAAgC;AAAA,EAC9C;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,UAAU,QAAQ,SAAS;;;ACjEjD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,yBAAyBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9C,gBAAgBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACrC,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACzC,WAAWA,GACR,QAAQ,EACR,SAAS,EACT,SAAS,oCAAoC;AAAA,IAChD,mBAAmBA,GAChB,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,IACF,CAAC,EACA,SAAS,EACT,SAAS,2CAA2C;AAAA,IACvD,uBAAuBA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,IAChE,2BAA2BA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,EACtE;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,iBAAiB;;;AC9CvD,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,GAAG;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,MAAM,GAAG,EAAE,OAAO,MAC7C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,MAAM,EAAE;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GACJ,OAAO,EACP,MAAM,8BAA8B,uBAAuB;AAAA,IAC9D,YAAYA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC5B,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,OAAO,CAAC,EACR,QAAQ,IAAI,EACZ,SAAS,0BAA0B;AAAA,EACxC;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,SAASA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,UAAU,mBAAmB,OAAO,CAAC;AAAA,IACpF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,WAAW,YAAY,UAAU;;;AC1DvD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAC/B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AACtD,CAAC;AAEM,IAAM,eAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GACR,OAAO,EACP,IAAI,CAAC,EACL,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,EAAE;AACpE,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,gBAAgB,yCAAyC,EAC/D,SAAS,4DAAuD;AAAA,IACnE,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACzC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAC9B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AACpE,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,cAAc,eAAe;;;ACxCnE,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAeA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,sEAAsE;AAAA,IACzI,2BAA2BA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,4CAA4C,EAAE,SAAS;AAAA,IACtI,UAAUA,GAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,SAAS,uQAAuQ,EAAE,SAAS;AAAA,IACtU,UAAUA,GAAE,QAAQ,EAAE,SAAS,0HAA0H,EAAE,QAAQ,KAAK;AAAA,EAC1K;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,GAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAMC,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,GAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACAC;AACF;;;AClDA,SAAS,KAAAC,WAAS;AAIX,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,qBAAqB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACvI;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,YAAY,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,mBAAmB,EAAE,QAAQ,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,yBAAyB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAC5I;AACF,CAAC;AAEM,IAAM,wBAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC3DA,SAAS,KAAAC,WAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,kBAAkB,EAAE,QAAQ,SAAS,CAAC;AAAA,EACxH;AACF,CAAC;AAEM,IAAMC,eAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,MAAM,CAAC;AAAA,EAChH;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,eAAeA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,kBAAkBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC/F,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,oBAAoBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACjG,uBAAuBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACpG,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,wBAAwBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACxD,mBAAmBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAChI;AACF,CAAC;AAEM,IAAM,yBAAyB;AAAA,EACpC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACtDA,SAAS,KAAAC,WAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC;AAAA,IACtD,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9D,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC1C,QAAQA,IAAE,MAAMA,IAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAMC,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,IAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAME,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAAA,EACpH;AACF,CAAC;AAEM,IAAMC,qBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,yBAAyBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACzD,gBAAgBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,oBAAoBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,WAAWA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAC3C,sBAAsBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACtD,gBAAgBA,IAAE,MAAMA,IAAE,KAAK,CAAC,OAAO,OAAO,aAAa,SAAS,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,eAAeA,IAAE,MAAMA,IAAE,KAAK,CAAC,cAAc,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IACrE,qBAAqBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACrD,0BAA0BA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACpI;AACF,CAAC;AAEM,IAAM,4BAA4B;AAAA,EACvCD;AAAA,EACAE;AACF;;;ACxCA,SAAS,KAAAC,WAAS;AAIX,IAAM,UAAU,WAAW;AAAA,EAChC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,0BAA0B,WAAW;AAAA,EAChD,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtB,MAAMA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK;AAAA,IACvC,KAAKA,IAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAC7B,gBAAgBA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,0CAA0C;AAAA,IACrF,aAAaA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACtC,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,qBAAqB;AAAA,IACtD,UAAUA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,+BAA+B;AAAA,IACpE,kBAAkBA,IAAE,OAAO,EAAE,SAAS,2BAA2B,EAAE,QAAQ,EAAE;AAAA,EAC/E;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,OAAO,MAAM,OAAO,CAAC;AAAA,EAC1H;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,SAASA,IAAE,OAAO;AAAA,EACpB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,QAAQ,IAAI;AAClC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,mBAAmB,OAAO,OAAO,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACvJ;AACF,CAAC;AAEM,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,GAAG,EAAE,MAAM,4BAA4B;AAAA,IAC7D,YAAYA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACrC,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACpC,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACnI;AACF,CAAC;AAEM,IAAME,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC7G;AACF,CAAC;AAEM,IAAM,sBAAsB;AAAA,EACjCD;AAAA,EACAE;AAAA,EACAC;AACF;;;ACjDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,mBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,MAAMC,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,MAAM,2BAA2B,EAAE,SAAS,mEAAmE;AAAA,IAC/I,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACvC,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC,EAAE,SAAS;AAAA,EACvD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AAAA,EACzE;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC1G;AACF,CAAC;AAEM,IAAMC,gBAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvG;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAAM;AACrC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC3D;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,uBAAuB,EAAE,QAAQ,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EAC/D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,2BAA2B;AAAA,EACtCD;AAAA,EACA;AAAA,EACAE;AAAA,EACAC;AAAA,EACA;AAAA,EACA;AACF;;;ACzEO,IAAM,iBAAiB;AAAA,EAC5B,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;;;ArBYA,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,SAAS,eAAe;AAEjC,IAAM,cAAc;AAEpB,SAAS,cAAsB;AAC7B,MAAI;AACF,UAAM,OAAO,QAAQ,cAAc,YAAY,GAAG,CAAC;AACnD,UAAM,MAAM,KAAK;AAAA,MACf,aAAa,QAAQ,MAAM,MAAM,cAAc,GAAG,MAAM;AAAA,IAC1D;AACA,WAAO,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAYA,IAAM,oBAAsD;AAAA;AAAA,EAE1D,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,qBAAqB;AAAA,EACrB,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,mBAAmB;AACrB;AASO,SAAS,iBAAiC;AAC/C,QAAM,wBAAwB;AAAA,IAC5B,GAAGC;AAAA,IACH,GAAG;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA;AAAA,EAEL;AAEA,QAAM,mBAAmB,IAAI,IAAI,sBAAsB,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AACzE,QAAM,oBAAoB,eAAe,OAAO,CAAC,MAAM;AACrD,QAAI,iBAAiB,IAAI,EAAE,IAAI,EAAG,QAAO;AACzC,UAAM,QAAQ,kBAAkB,EAAE,IAAI;AACtC,QAAI,SAAS,iBAAiB,IAAI,KAAK,EAAG,QAAO;AACjD,WAAO;AAAA,EACT,CAAC;AAED,SAAO,CAAC,GAAG,uBAAuB,GAAG,iBAAiB;AACxD;AAEA,eAAsB,OAAsB;AAC1C,QAAM,MAAM,WAAW;AACvB,QAAM,MAAM,WAAW,GAAG;AAC1B,QAAM,SAAS,IAAI,cAAc,KAAK,GAAG;AAEzC,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,MAAM;AAAA,IACN,SAAS,YAAY;AAAA,EACvB,CAAC;AAED,QAAM,WAAW,eAAe;AAEhC,cAAY,QAAQ,EAAE,QAAQ,IAAI,GAAG,QAAQ;AAE7C,MAAI,KAAK,wBAAwB;AAAA,IAC/B,SAAS,IAAI;AAAA,IACb,OAAO,SAAS;AAAA,IAChB,UAAU,IAAI,WAAW,WAAW;AAAA,EACtC,CAAC;AAED,QAAM,YAAY,IAAI,qBAAqB;AAC3C,QAAM,OAAO,QAAQ,SAAS;AAChC;AAOA,IAAI,CAAC,QAAQ,IAAI,QAAQ;AACvB,OAAK,EAAE,MAAM,CAAC,QAAQ;AACpB,YAAQ,OAAO,MAAM,UAAU,eAAe,QAAQ,IAAI,QAAQ,GAAG;AAAA,CAAI;AACzE,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","listApps","z","z","z","z","getBranding","updateBranding","z","z","deleteIdp","listIdps","z","getLoginPolicy","z","updateLoginPolicy","z","z","z","deleteUser","z","inviteUser","listUsers","z","createWorkspace","z","getWorkspace","listWorkspaces","tools"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@prysmid/mcp",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Official Prysmid MCP server — manage workspaces, apps OIDC, login policy, IdPs, branding, users from any MCP-compatible agent (Claude Code, Cursor, etc.)",
   "license": "Apache-2.0",
   "homepage": "https://prysmid.com",