@prysmid/mcp 0.1.1 → 0.3.0

package/README.md

@@ -15,31 +15,69 @@ Exposes the full Prysmid platform API as MCP tools so an agent can:
 - manage SMTP overrides
 - query subscription / billing state
 
-## Install
+## Tools
+
+The tool surface comes from three layers, merged at startup:
 
-> Pre-1.0 — distribution is via GitHub for now; `@prysmid/mcp` on npm is on the way.
+1. **Hand-written** (`src/tools/*.ts`) — polished schemas with rich
+   descriptions for the operations agents reach for first
+   (`list_workspaces`, `add_idp`, `create_oidc_app`, …).
+2. **Curated** (`src/tools/curated.ts`) — multi-step orchestrators an
+   agent would otherwise have to assemble itself:
+   `setup_prysmid_workspace`, `enable_google_login`, `prysmid_setup_check`.
+3. **Auto-generated** (`src/tools/generated/*.ts`) — one tool per
+   remaining REST operation, emitted by `scripts/generate-tools.ts` from
+   the live OpenAPI spec at `https://api.prysmid.com/openapi.json`.
+   Hand-written names always win on collision; near-duplicates
+   (handwritten `add_idp` vs generated `create_idp`) are resolved by an
+   explicit alias map in `src/index.ts`.
 
-Pin to a specific version (recommended):
+Regenerate after the API schema changes:
 
 ```bash
-claude mcp add prysmid -- npx -y github:PrysmID/mcp-server#v0.1.0
+npm run gen-tools
 ```
 
-Or float to the tip of `main`:
+## Install
 
 ```bash
-claude mcp add prysmid -- npx -y github:PrysmID/mcp-server
+claude mcp add prysmid -- npx -y @prysmid/mcp
 ```
 
-(or the equivalent for your agent)
+(or the equivalent for your agent — Cursor, Continue, etc.)
+
+## Authentication
+
+Three modes, resolved in this order on every startup:
+
+1. **Static bearer** — set `PRYSMID_API_TOKEN`. Best for CI / service accounts:
+   ```bash
+   PRYSMID_API_TOKEN=ptkn_… npx -y @prysmid/mcp
+   ```
+2. **Cached device-flow token** — if a previous run completed device flow,
+   the access token lives at:
+   - Linux/macOS: `$XDG_CONFIG_HOME/prysmid-mcp/token.json` (default `~/.config/prysmid-mcp/token.json`)
+   - Windows: `%APPDATA%\prysmid-mcp\token.json`
 
-For now, auth is bearer-token-only via env var:
+   It's reused until ~60s before expiry.
+3. **Interactive device flow** — first run, no token, attached TTY: the
+   server prints a code + verification URL to stderr, you confirm in a
+   browser, the token is cached, and the server starts.
+
+To clear the cached token (sign out):
 
 ```bash
-PRYSMID_API_TOKEN=ptkn_… npx -y github:PrysmID/mcp-server
+npx -y @prysmid/mcp logout
 ```
 
-OAuth device flow with token caching at `~/.config/prysmid-mcp/token.json` (Unix) or `%APPDATA%/prysmid-mcp/token.json` (Windows) is queued for a follow-up release.
+### Alternative: install directly from GitHub
+
+Useful for testing a branch or a specific commit:
+
+```bash
+claude mcp add prysmid -- npx -y github:PrysmID/mcp-server#v0.3.0
+claude mcp add prysmid -- npx -y github:PrysmID/mcp-server          # tip of main
+```
 
 ## Configuration
 
@@ -48,6 +86,7 @@ OAuth device flow with token caching at `~/.config/prysmid-mcp/token.json` (Unix
 | `PRYSMID_API_BASE` | `https://api.prysmid.com` | Override for self-hosted Prysmid |
 | `PRYSMID_API_TOKEN` | — | Static bearer (skip device flow) |
 | `PRYSMID_MCP_LOG_LEVEL` | `info` | `debug` for verbose tool tracing |
+| `PRYSMID_FORCE_DEVICE_FLOW` | — | Set to any non-empty value to run device flow even when stderr is not a TTY |
 
 ## Status
 

package/dist/index.js

@@ -4,6 +4,103 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 
+// src/auth.ts
+var DEFAULT_SLEEP = (ms) => new Promise((r) => setTimeout(r, ms));
+var DEFAULT_PROMPT = (lines) => {
+  for (const line of lines) process.stderr.write(`${line}
+`);
+};
+async function deviceFlow(opts) {
+  const sleep2 = opts.sleep ?? DEFAULT_SLEEP;
+  const prompt = opts.prompt ?? DEFAULT_PROMPT;
+  const fetchImpl = opts.fetchImpl ?? fetch;
+  const { apiBase, log } = opts;
+  const start = await postJson(
+    fetchImpl,
+    `${apiBase}/v1/auth/device/start`,
+    {}
+  );
+  const verifyUrl = start.verification_uri_complete || start.verification_uri;
+  prompt([
+    "",
+    "\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500",
+    " Prysmid MCP \u2014 Sign in to your account",
+    "\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500",
+    "",
+    "  1. Open this URL in your browser:",
+    `       ${verifyUrl}`,
+    "",
+    "  2. Confirm the code:",
+    `       ${start.user_code}`,
+    "",
+    `  Waiting for confirmation (expires in ${start.expires_in}s)\u2026`,
+    ""
+  ]);
+  let interval = Math.max(1, start.interval || 5);
+  const deadline = Date.now() + start.expires_in * 1e3;
+  while (Date.now() < deadline) {
+    await sleep2(interval * 1e3);
+    let res;
+    try {
+      res = await postJson(
+        fetchImpl,
+        `${apiBase}/v1/auth/device/poll`,
+        { device_code: start.device_code }
+      );
+    } catch (e) {
+      log.warn("device poll request failed, retrying", {
+        error: e instanceof Error ? e.message : String(e)
+      });
+      continue;
+    }
+    if (res.status === "complete") {
+      if (!res.access_token) {
+        throw new Error(
+          "Device flow returned status=complete but no access_token"
+        );
+      }
+      log.info("device flow login complete", {
+        expiresIn: res.expires_in ?? null
+      });
+      return {
+        accessToken: res.access_token,
+        refreshToken: res.refresh_token ?? void 0,
+        expiresIn: res.expires_in ?? void 0
+      };
+    }
+    if (res.status === "slow_down") {
+      interval += 5;
+      log.debug("device flow slow_down", { newInterval: interval });
+      continue;
+    }
+    if (res.status === "pending") continue;
+    if (res.status === "expired") {
+      throw new Error("Device code expired before authorization");
+    }
+    if (res.status === "denied") {
+      throw new Error("Authorization denied");
+    }
+    log.warn("unknown device poll status", { status: res.status });
+  }
+  throw new Error("Device code expired before authorization");
+}
+async function postJson(fetchImpl, url, body) {
+  const res = await fetchImpl(url, {
+    method: "POST",
+    headers: { "Content-Type": "application/json", Accept: "application/json" },
+    body: JSON.stringify(body)
+  });
+  const text = await res.text();
+  if (!res.ok) {
+    throw new Error(`POST ${url} failed: ${res.status} ${text}`);
+  }
+  try {
+    return JSON.parse(text);
+  } catch {
+    throw new Error(`POST ${url} returned non-JSON: ${text.slice(0, 200)}`);
+  }
+}
+
 // src/client.ts
 var PrysmidApiError = class extends Error {
   constructor(message, status, body, code) {
@@ -18,16 +115,22 @@ var PrysmidApiError = class extends Error {
   code;
 };
 var PrysmidClient = class {
-  constructor(cfg, log) {
+  constructor(cfg, log, tokenOverride = null) {
     this.cfg = cfg;
     this.log = log;
+    this.tokenOverride = tokenOverride;
   }
   cfg;
   log;
+  tokenOverride;
+  get effectiveToken() {
+    return this.tokenOverride ?? this.cfg.apiToken;
+  }
   async request(path, opts = {}) {
-    if (!this.cfg.apiToken) {
+    const token = this.effectiveToken;
+    if (!token) {
       throw new PrysmidApiError(
-        "No PRYSMID_API_TOKEN configured. Set the env var or run device-flow login.",
+        "No Prysmid API token. Set PRYSMID_API_TOKEN or complete device-flow login.",
         401,
         "",
         "auth.no_token"
@@ -41,7 +144,7 @@ var PrysmidClient = class {
     }
     const method = opts.method ?? "GET";
     const headers = {
-      Authorization: `Bearer ${this.cfg.apiToken}`,
+      Authorization: `Bearer ${token}`,
       Accept: "application/json"
     };
     if (opts.body !== void 0) headers["Content-Type"] = "application/json";
@@ -111,6 +214,65 @@ function safeJSON(x) {
   }
 }
 
+// src/tokenStore.ts
+import {
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  rmSync,
+  writeFileSync
+} from "fs";
+import { homedir, platform } from "os";
+import { dirname, join } from "path";
+var APP_DIR = "prysmid-mcp";
+var FILE_NAME = "token.json";
+var EXPIRY_SKEW_SECONDS = 60;
+function getTokenPath(env = process.env) {
+  if (platform() === "win32") {
+    const base = env.APPDATA;
+    if (base) return join(base, APP_DIR, FILE_NAME);
+    return join(homedir(), `.${APP_DIR}`, FILE_NAME);
+  }
+  const xdg = env.XDG_CONFIG_HOME;
+  if (xdg) return join(xdg, APP_DIR, FILE_NAME);
+  return join(homedir(), ".config", APP_DIR, FILE_NAME);
+}
+function loadToken(apiBase, env = process.env) {
+  const path = getTokenPath(env);
+  if (!existsSync(path)) return null;
+  let parsed;
+  try {
+    parsed = JSON.parse(readFileSync(path, "utf8"));
+  } catch {
+    return null;
+  }
+  if (parsed.apiBase !== apiBase) return null;
+  const nowSec = Math.floor(Date.now() / 1e3);
+  if (parsed.expiresAt - EXPIRY_SKEW_SECONDS <= nowSec) return null;
+  if (typeof parsed.accessToken !== "string" || !parsed.accessToken) {
+    return null;
+  }
+  return parsed;
+}
+function saveToken(token, env = process.env) {
+  const path = getTokenPath(env);
+  mkdirSync(dirname(path), { recursive: true });
+  writeFileSync(path, JSON.stringify(token, null, 2), "utf8");
+  if (platform() !== "win32") {
+    try {
+      chmodSync(path, 384);
+    } catch {
+    }
+  }
+}
+function clearToken(env = process.env) {
+  const path = getTokenPath(env);
+  if (existsSync(path)) {
+    rmSync(path, { force: true });
+  }
+}
+
 // src/tools/registry.ts
 function defineTool(t) {
   return t;
@@ -577,31 +739,457 @@ var createWorkspace = defineTool({
 });
 var tools8 = [listWorkspaces, getWorkspace, createWorkspace];
 
+// src/tools/generated/apps.ts
+import { z as z9 } from "zod";
+var createApp = defineTool({
+  name: "create_app",
+  description: "Create App",
+  inputShape: {
+    workspace_id: z9.string().uuid(),
+    name: z9.string().min(1).max(200),
+    redirect_uris: z9.array(z9.string().url().min(1).max(2083)).describe("Where the IdP sends the user back after auth. At least one required."),
+    post_logout_redirect_uris: z9.array(z9.string().url().min(1).max(2083)).describe("Where the IdP sends the user after logout.").optional(),
+    app_type: z9.enum(["web", "spa", "native"]).describe("App kind, drives OIDC grant + auth_method defaults.\n\n- `web`: server-rendered confidential client. Gets a `client_secret`.\n- `spa`: single-page app (user-agent). Public, PKCE required, no secret.\n- `native`: desktop/mobile. Public, PKCE required, no secret.").optional(),
+    dev_mode: z9.boolean().describe("Relax HTTPS requirement on redirect_uris (allows http://localhost). Use only for local development; never in production.").default(false)
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: "POST", body: __body });
+  }
+});
+var deleteApp = defineTool({
+  name: "delete_app",
+  description: "Delete App",
+  inputShape: {
+    workspace_id: z9.string().uuid(),
+    app_id: z9.string()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, app_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps/${encodeURIComponent(String(app_id))}`, { method: "DELETE" });
+  }
+});
+var listApps2 = defineTool({
+  name: "list_apps",
+  description: "List Apps",
+  inputShape: {
+    workspace_id: z9.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: "GET" });
+  }
+});
+var generatedAppsTools = [
+  createApp,
+  deleteApp,
+  listApps2
+];
+
+// src/tools/generated/billing.ts
+import { z as z10 } from "zod";
+var billingCheckout = defineTool({
+  name: "billing_checkout",
+  description: "Checkout",
+  inputShape: {
+    workspace_id: z10.string().uuid(),
+    plan: z10.enum(["free", "pro", "enterprise"])
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/checkout`, { method: "POST", body: __body });
+  }
+});
+var billingGetState = defineTool({
+  name: "billing_get_state",
+  description: "Get State",
+  inputShape: {
+    workspace_id: z10.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing`, { method: "GET" });
+  }
+});
+var billingPortal = defineTool({
+  name: "billing_portal",
+  description: "Portal",
+  inputShape: {
+    workspace_id: z10.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/portal`, { method: "POST" });
+  }
+});
+var updateSpendingCap = defineTool({
+  name: "update_spending_cap",
+  description: "Update Spending Cap",
+  inputShape: {
+    workspace_id: z10.string().uuid(),
+    cents: z10.number().int().min(0).nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/spending-cap`, { method: "PATCH", body: __body });
+  }
+});
+var generatedBillingTools = [
+  billingCheckout,
+  billingGetState,
+  billingPortal,
+  updateSpendingCap
+];
+
+// src/tools/generated/branding.ts
+import { z as z11 } from "zod";
+var deleteLogo = defineTool({
+  name: "delete_logo",
+  description: "Delete Logo",
+  inputShape: {
+    workspace_id: z11.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding/logo`, { method: "DELETE" });
+  }
+});
+var getBranding2 = defineTool({
+  name: "get_branding",
+  description: "Get Branding",
+  inputShape: {
+    workspace_id: z11.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: "GET" });
+  }
+});
+var updateBranding2 = defineTool({
+  name: "update_branding",
+  description: "Update Branding",
+  inputShape: {
+    workspace_id: z11.string().uuid(),
+    primary_color: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    background_color: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    warn_color: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    font_color: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    primary_color_dark: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    background_color_dark: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    warn_color_dark: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    font_color_dark: z11.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),
+    hide_login_name_suffix: z11.boolean().nullable().optional(),
+    disable_watermark: z11.boolean().nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: "PATCH", body: __body });
+  }
+});
+var generatedBrandingTools = [
+  deleteLogo,
+  getBranding2,
+  updateBranding2
+];
+
+// src/tools/generated/idps.ts
+import { z as z12 } from "zod";
+var createIdp = defineTool({
+  name: "create_idp",
+  description: "Create Idp",
+  inputShape: {
+    workspace_id: z12.string().uuid(),
+    type: z12.enum(["google", "github", "microsoft", "oidc"]),
+    name: z12.string().min(1).max(200),
+    client_id: z12.string().min(1),
+    client_secret: z12.string().min(1),
+    issuer: z12.string().url().min(1).max(2083).nullable().optional(),
+    tenant_id: z12.string().nullable().optional(),
+    scopes: z12.array(z12.string()).nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: "POST", body: __body });
+  }
+});
+var deleteIdp2 = defineTool({
+  name: "delete_idp",
+  description: "Delete Idp",
+  inputShape: {
+    workspace_id: z12.string().uuid(),
+    idp_id: z12.string()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, idp_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps/${encodeURIComponent(String(idp_id))}`, { method: "DELETE" });
+  }
+});
+var listIdps2 = defineTool({
+  name: "list_idps",
+  description: "List Idps",
+  inputShape: {
+    workspace_id: z12.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: "GET" });
+  }
+});
+var generatedIdpsTools = [
+  createIdp,
+  deleteIdp2,
+  listIdps2
+];
+
+// src/tools/generated/login-policy.ts
+import { z as z13 } from "zod";
+var getLoginPolicy2 = defineTool({
+  name: "get_login_policy",
+  description: "Get Login Policy",
+  inputShape: {
+    workspace_id: z13.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: "GET" });
+  }
+});
+var updateLoginPolicy2 = defineTool({
+  name: "update_login_policy",
+  description: "Update Login Policy",
+  inputShape: {
+    workspace_id: z13.string().uuid(),
+    allow_username_password: z13.boolean().nullable().optional(),
+    allow_register: z13.boolean().nullable().optional(),
+    allow_external_idp: z13.boolean().nullable().optional(),
+    force_mfa: z13.boolean().nullable().optional(),
+    passwordless_allowed: z13.boolean().nullable().optional(),
+    second_factors: z13.array(z13.enum(["otp", "u2f", "otp_email", "otp_sms"])).nullable().optional(),
+    multi_factors: z13.array(z13.enum(["u2f_verified"])).nullable().optional(),
+    hide_password_reset: z13.boolean().nullable().optional(),
+    ignore_unknown_usernames: z13.boolean().nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: "PATCH", body: __body });
+  }
+});
+var generatedLoginPolicyTools = [
+  getLoginPolicy2,
+  updateLoginPolicy2
+];
+
+// src/tools/generated/smtp.ts
+import { z as z14 } from "zod";
+var getSmtp = defineTool({
+  name: "get_smtp",
+  description: "Get Smtp",
+  inputShape: {
+    workspace_id: z14.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: "GET" });
+  }
+});
+var revertToPlatformDefault = defineTool({
+  name: "revert_to_platform_default",
+  description: "Revert To Platform Default",
+  inputShape: {
+    workspace_id: z14.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: "DELETE" });
+  }
+});
+var setCustomSmtp = defineTool({
+  name: "set_custom_smtp",
+  description: "Set Custom Smtp",
+  inputShape: {
+    workspace_id: z14.string().uuid(),
+    host: z14.string().min(1),
+    port: z14.number().int().min(1).max(65535),
+    tls: z14.boolean().default(true),
+    sender_address: z14.string().min(3).describe("Address that appears in the From header."),
+    sender_name: z14.string().min(1).max(200),
+    user: z14.string().min(1).describe("SMTP auth username."),
+    password: z14.string().min(1).describe("SMTP auth password / API key."),
+    reply_to_address: z14.string().describe("Optional Reply-To header.").default("")
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: "PUT", body: __body });
+  }
+});
+var generatedSmtpTools = [
+  getSmtp,
+  revertToPlatformDefault,
+  setCustomSmtp
+];
+
+// src/tools/generated/users.ts
+import { z as z15 } from "zod";
+var deleteUser2 = defineTool({
+  name: "delete_user",
+  description: "Delete User",
+  inputShape: {
+    workspace_id: z15.string().uuid(),
+    user_id: z15.string()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, user_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/${encodeURIComponent(String(user_id))}`, { method: "DELETE" });
+  }
+});
+var inviteUser2 = defineTool({
+  name: "invite_user",
+  description: "Invite User",
+  inputShape: {
+    workspace_id: z15.string().uuid(),
+    email: z15.string().max(320).regex(/^[^\s@]+@[^\s@]+\.[^\s@]+$/),
+    first_name: z15.string().min(1).max(100),
+    last_name: z15.string().min(1).max(100),
+    user_name: z15.string().nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/invite`, { method: "POST", body: __body });
+  }
+});
+var listUsers2 = defineTool({
+  name: "list_users",
+  description: "List Users",
+  inputShape: {
+    workspace_id: z15.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users`, { method: "GET" });
+  }
+});
+var generatedUsersTools = [
+  deleteUser2,
+  inviteUser2,
+  listUsers2
+];
+
+// src/tools/generated/workspaces.ts
+import { z as z16 } from "zod";
+var createWorkspace2 = defineTool({
+  name: "create_workspace",
+  description: "Create Workspace",
+  inputShape: {
+    slug: z16.string().min(3).max(63).regex(/^[a-z][a-z0-9-]*[a-z0-9]$/).describe("URL-safe lowercase slug. Becomes part of auth.<slug>.prysmid.com."),
+    display_name: z16.string().min(1).max(255),
+    plan: z16.enum(["free", "pro", "enterprise"]).optional()
+  },
+  handler: async (input, { client }) => {
+    return client.request(`/v1/workspaces`, { method: "POST", body: input });
+  }
+});
+var deleteWorkspace = defineTool({
+  name: "delete_workspace",
+  description: "Delete Workspace",
+  inputShape: {
+    workspace_id: z16.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: "DELETE" });
+  }
+});
+var getWorkspace2 = defineTool({
+  name: "get_workspace",
+  description: "Get Workspace",
+  inputShape: {
+    workspace_id: z16.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: "GET" });
+  }
+});
+var listWorkspaces2 = defineTool({
+  name: "list_workspaces",
+  description: "List Workspaces",
+  inputShape: {},
+  handler: async (_input, { client }) => {
+    return client.request(`/v1/workspaces`, { method: "GET" });
+  }
+});
+var retryProvisioning = defineTool({
+  name: "retry_provisioning",
+  description: "Retry Provisioning",
+  inputShape: {
+    workspace_id: z16.string().uuid()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/retry-provisioning`, { method: "POST" });
+  }
+});
+var updateWorkspace = defineTool({
+  name: "update_workspace",
+  description: "Update Workspace",
+  inputShape: {
+    workspace_id: z16.string().uuid(),
+    display_name: z16.string().min(1).max(255).nullable().optional()
+  },
+  handler: async (input, { client }) => {
+    const { workspace_id, ...__body } = input;
+    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: "PATCH", body: __body });
+  }
+});
+var generatedWorkspacesTools = [
+  createWorkspace2,
+  deleteWorkspace,
+  getWorkspace2,
+  listWorkspaces2,
+  retryProvisioning,
+  updateWorkspace
+];
+
+// src/tools/generated/index.ts
+var generatedTools = [
+  ...generatedAppsTools,
+  ...generatedBillingTools,
+  ...generatedBrandingTools,
+  ...generatedIdpsTools,
+  ...generatedLoginPolicyTools,
+  ...generatedSmtpTools,
+  ...generatedUsersTools,
+  ...generatedWorkspacesTools
+];
+
 // src/index.ts
-import { readFileSync } from "fs";
+import { readFileSync as readFileSync2 } from "fs";
 import { fileURLToPath } from "url";
-import { dirname, resolve } from "path";
+import { dirname as dirname2, resolve } from "path";
 var SERVER_NAME = "prysmid";
 function readVersion() {
   try {
-    const here = dirname(fileURLToPath(import.meta.url));
+    const here = dirname2(fileURLToPath(import.meta.url));
     const pkg = JSON.parse(
-      readFileSync(resolve(here, "..", "package.json"), "utf8")
+      readFileSync2(resolve(here, "..", "package.json"), "utf8")
     );
     return typeof pkg.version === "string" ? pkg.version : "0.0.0";
   } catch {
     return "0.0.0";
   }
 }
-async function main() {
-  const cfg = loadConfig();
-  const log = makeLogger(cfg);
-  const client = new PrysmidClient(cfg, log);
-  const server = new McpServer({
-    name: SERVER_NAME,
-    version: readVersion()
-  });
-  const allTools = [
+var GENERATED_ALIASES = {
+  // generated name → handwritten that already covers it
+  create_idp: "add_idp",
+  create_app: "create_oidc_app",
+  delete_app: "delete_oidc_app",
+  update_spending_cap: "set_spending_cap",
+  billing_checkout: "start_billing_checkout",
+  billing_portal: "start_billing_portal",
+  billing_get_state: "get_billing"
+};
+function composeToolset() {
+  const handwrittenAndCurated = [
     ...tools8,
     ...tools,
     ...tools5,
@@ -610,22 +1198,80 @@ async function main() {
     ...tools3,
     ...tools2,
     ...tools4
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
   ];
+  const handwrittenNames = new Set(handwrittenAndCurated.map((t) => t.name));
+  const filteredGenerated = generatedTools.filter((t) => {
+    if (handwrittenNames.has(t.name)) return false;
+    const alias = GENERATED_ALIASES[t.name];
+    if (alias && handwrittenNames.has(alias)) return false;
+    return true;
+  });
+  return [...handwrittenAndCurated, ...filteredGenerated];
+}
+async function resolveAuth(cfg, log) {
+  if (cfg.apiToken) return { token: cfg.apiToken, mode: "bearer" };
+  const cached = loadToken(cfg.apiBase);
+  if (cached) return { token: cached.accessToken, mode: "cached" };
+  if (!process.stderr.isTTY && !process.env.PRYSMID_FORCE_DEVICE_FLOW) {
+    log.warn(
+      "no PRYSMID_API_TOKEN and no cached token; stderr is not a TTY so refusing to start interactive device flow. Set PRYSMID_API_TOKEN, run `npx -y @prysmid/mcp` once interactively to populate the cache, or set PRYSMID_FORCE_DEVICE_FLOW=1 to override."
+    );
+    return { token: null, mode: "none" };
+  }
+  let result;
+  try {
+    result = await deviceFlow({ apiBase: cfg.apiBase, log });
+  } catch (err) {
+    log.error("device flow login failed", {
+      error: err instanceof Error ? err.message : String(err)
+    });
+    clearToken();
+    return { token: null, mode: "none" };
+  }
+  const expiresAt = Math.floor(Date.now() / 1e3) + (result.expiresIn ?? 3600);
+  saveToken({
+    apiBase: cfg.apiBase,
+    accessToken: result.accessToken,
+    refreshToken: result.refreshToken,
+    expiresAt
+  });
+  return { token: result.accessToken, mode: "deviceflow" };
+}
+async function main() {
+  if (process.argv[2] === "logout") {
+    clearToken();
+    process.stderr.write("prysmid-mcp: logged out (token cache cleared)\n");
+    return;
+  }
+  const cfg = loadConfig();
+  const log = makeLogger(cfg);
+  const auth = await resolveAuth(cfg, log);
+  const client = new PrysmidClient(cfg, log, auth.token);
+  const server = new McpServer({
+    name: SERVER_NAME,
+    version: readVersion()
+  });
+  const allTools = composeToolset();
   registerAll(server, { client, log }, allTools);
   log.info(`prysmid-mcp starting`, {
     apiBase: cfg.apiBase,
     tools: allTools.length,
-    authMode: cfg.apiToken ? "bearer" : "none"
+    authMode: auth.mode
   });
   const transport = new StdioServerTransport();
   await server.connect(transport);
 }
-main().catch((err) => {
-  process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}
+if (!process.env.VITEST) {
+  main().catch((err) => {
+    process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}
 `);
-  process.exit(1);
-});
+    process.exit(1);
+  });
+}
 export {
-  main
+  composeToolset,
+  main,
+  resolveAuth
 };
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/client.ts","../src/config.ts","../src/logger.ts","../src/tools/registry.ts","../src/tools/apps.ts","../src/tools/billing.ts","../src/tools/branding.ts","../src/tools/curated.ts","../src/tools/idps.ts","../src/tools/login_policy.ts","../src/tools/users.ts","../src/tools/workspaces.ts"],"sourcesContent":["/**\n * Entrypoint — boots an MCP server over stdio with the full Prysmid tool set.\n *\n * MCP transport contract:\n *   - JSON-RPC over stdin/stdout\n *   - stdout is RESERVED for protocol bytes; logs go to stderr (see logger.ts)\n *   - one process == one client; the agent spawns a fresh server per session\n */\nimport { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { PrysmidClient } from \"./client.js\";\nimport { loadConfig } from \"./config.js\";\nimport { makeLogger } from \"./logger.js\";\nimport { registerAll } from \"./tools/registry.js\";\nimport { tools as appsTools } from \"./tools/apps.js\";\nimport { tools as billingTools } from \"./tools/billing.js\";\nimport { tools as brandingTools } from \"./tools/branding.js\";\nimport { tools as curatedTools } from \"./tools/curated.js\";\nimport { tools as idpsTools } from \"./tools/idps.js\";\nimport { tools as loginPolicyTools } from \"./tools/login_policy.js\";\nimport { tools as usersTools } from \"./tools/users.js\";\nimport { tools as workspaceTools } from \"./tools/workspaces.js\";\n\nimport { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, resolve } from \"node:path\";\n\nconst SERVER_NAME = \"prysmid\";\n\nfunction readVersion(): string {\n  try {\n    const here = dirname(fileURLToPath(import.meta.url));\n    const pkg = JSON.parse(\n      readFileSync(resolve(here, \"..\", \"package.json\"), \"utf8\"),\n    );\n    return typeof pkg.version === \"string\" ? pkg.version : \"0.0.0\";\n  } catch {\n    return \"0.0.0\";\n  }\n}\n\nexport async function main(): Promise<void> {\n  const cfg = loadConfig();\n  const log = makeLogger(cfg);\n  const client = new PrysmidClient(cfg, log);\n\n  const server = new McpServer({\n    name: SERVER_NAME,\n    version: readVersion(),\n  });\n\n  const allTools = [\n    ...workspaceTools,\n    ...appsTools,\n    ...idpsTools,\n    ...loginPolicyTools,\n    ...usersTools,\n    ...brandingTools,\n    ...billingTools,\n    ...curatedTools,\n  ];\n\n  registerAll(server, { client, log }, allTools);\n\n  log.info(`prysmid-mcp starting`, {\n    apiBase: cfg.apiBase,\n    tools: allTools.length,\n    authMode: cfg.apiToken ? \"bearer\" : \"none\",\n  });\n\n  const transport = new StdioServerTransport();\n  await server.connect(transport);\n}\n\n// This module is only ever invoked as the package bin (MCP servers run as a\n// process per session). Cross-platform `import.meta.url === file://<argv[1]>`\n// is fragile (Windows backslash vs forward slash; symlinked paths) so we\n// just always boot.\nmain().catch((err) => {\n  process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}\\n`);\n  process.exit(1);\n});\n","/**\n * Prysmid API client — thin fetch wrapper that adds auth + maps errors.\n *\n * Auth model (MVP): static bearer via `PRYSMID_API_TOKEN`. Device-flow OAuth\n * lives in `auth.ts` and produces a token compatible with this client.\n */\nimport type { Config } from \"./config.js\";\nimport type { Logger } from \"./logger.js\";\n\nexport class PrysmidApiError extends Error {\n  constructor(\n    message: string,\n    public readonly status: number,\n    public readonly body: string,\n    public readonly code?: string,\n  ) {\n    super(message);\n    this.name = \"PrysmidApiError\";\n  }\n}\n\nexport interface RequestOptions {\n  method?: \"GET\" | \"POST\" | \"PUT\" | \"PATCH\" | \"DELETE\";\n  body?: unknown;\n  query?: Record<string, string | number | boolean | undefined>;\n}\n\nexport class PrysmidClient {\n  constructor(\n    private readonly cfg: Config,\n    private readonly log: Logger,\n  ) {}\n\n  async request<T = unknown>(path: string, opts: RequestOptions = {}): Promise<T> {\n    if (!this.cfg.apiToken) {\n      throw new PrysmidApiError(\n        \"No PRYSMID_API_TOKEN configured. Set the env var or run device-flow login.\",\n        401,\n        \"\",\n        \"auth.no_token\",\n      );\n    }\n\n    const url = new URL(this.cfg.apiBase + path);\n    if (opts.query) {\n      for (const [k, v] of Object.entries(opts.query)) {\n        if (v !== undefined) url.searchParams.set(k, String(v));\n      }\n    }\n\n    const method = opts.method ?? \"GET\";\n    const headers: Record<string, string> = {\n      Authorization: `Bearer ${this.cfg.apiToken}`,\n      Accept: \"application/json\",\n    };\n    if (opts.body !== undefined) headers[\"Content-Type\"] = \"application/json\";\n\n    this.log.debug(`HTTP ${method} ${url.pathname}`);\n    const res = await fetch(url, {\n      method,\n      headers,\n      body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n    });\n\n    const text = await res.text();\n    if (!res.ok) {\n      let code: string | undefined;\n      try {\n        const parsed = JSON.parse(text);\n        code = typeof parsed?.error === \"string\" ? parsed.error : parsed?.code;\n      } catch {\n        // body wasn't JSON\n      }\n      throw new PrysmidApiError(\n        `Prysmid API ${res.status} on ${method} ${path}`,\n        res.status,\n        text,\n        code,\n      );\n    }\n\n    if (text === \"\") return undefined as T;\n    try {\n      return JSON.parse(text) as T;\n    } catch {\n      return text as unknown as T;\n    }\n  }\n}\n","/**\n * Runtime configuration. Pulled from env at startup; immutable thereafter.\n *\n * The MCP runs as a long-lived stdio process — env reads happen once.\n */\n\nexport interface Config {\n  apiBase: string;\n  apiToken: string | null;\n  logLevel: \"debug\" | \"info\" | \"warn\" | \"error\";\n}\n\nconst DEFAULT_API_BASE = \"https://api.prysmid.com\";\n\nexport function loadConfig(env: NodeJS.ProcessEnv = process.env): Config {\n  const apiBase = (env.PRYSMID_API_BASE ?? DEFAULT_API_BASE).replace(/\\/+$/, \"\");\n  const apiToken = env.PRYSMID_API_TOKEN?.trim() || null;\n  const rawLevel = (env.PRYSMID_MCP_LOG_LEVEL ?? \"info\").toLowerCase();\n  const logLevel: Config[\"logLevel\"] =\n    rawLevel === \"debug\" || rawLevel === \"warn\" || rawLevel === \"error\"\n      ? rawLevel\n      : \"info\";\n  return { apiBase, apiToken, logLevel };\n}\n","/**\n * stderr-only logger. MCP servers MUST NOT write to stdout — that channel\n * is reserved for the JSON-RPC protocol; any stray byte breaks the agent.\n */\nimport type { Config } from \"./config.js\";\n\nconst ORDER = { debug: 10, info: 20, warn: 30, error: 40 } as const;\n\nexport interface Logger {\n  debug: (msg: string, extra?: unknown) => void;\n  info: (msg: string, extra?: unknown) => void;\n  warn: (msg: string, extra?: unknown) => void;\n  error: (msg: string, extra?: unknown) => void;\n}\n\nexport function makeLogger(cfg: Pick<Config, \"logLevel\">): Logger {\n  const threshold = ORDER[cfg.logLevel];\n\n  function emit(level: keyof typeof ORDER, msg: string, extra?: unknown) {\n    if (ORDER[level] < threshold) return;\n    const ts = new Date().toISOString();\n    const payload = extra === undefined ? \"\" : ` ${safeJSON(extra)}`;\n    process.stderr.write(`${ts} ${level.toUpperCase()} ${msg}${payload}\\n`);\n  }\n\n  return {\n    debug: (m, e) => emit(\"debug\", m, e),\n    info: (m, e) => emit(\"info\", m, e),\n    warn: (m, e) => emit(\"warn\", m, e),\n    error: (m, e) => emit(\"error\", m, e),\n  };\n}\n\nfunction safeJSON(x: unknown): string {\n  try {\n    return JSON.stringify(x);\n  } catch {\n    return String(x);\n  }\n}\n","/**\n * Tool registry — single place where every MCP tool lives. Each tool exports\n * its input schema (Zod) + handler; `registerAll` wires them into the SDK.\n *\n * Two flavors of tools coexist:\n *   - generated: 1:1 with REST endpoints, produced by `scripts/generate-tools.ts`\n *     (lives under `tools/generated/*` once the script runs)\n *   - curated: high-level orchestrators a human/agent actually wants to call,\n *     e.g. `setup_prysmid_workspace(company_name)` that combines several\n *     endpoints. These live under `tools/curated/*`.\n *\n * Both share the same `Tool` shape so the registry is uniform.\n */\nimport type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { z } from \"zod\";\n\nimport type { PrysmidClient } from \"../client.js\";\nimport type { Logger } from \"../logger.js\";\n\nexport interface ToolContext {\n  client: PrysmidClient;\n  log: Logger;\n}\n\nexport interface ToolDef<I extends z.ZodRawShape> {\n  name: string;\n  description: string;\n  inputShape: I;\n  /**\n   * Handler returns plain JSON-able output. The SDK serializes it into\n   * MCP `content` blocks; we wrap to text by default (most MCP UIs render it\n   * better than structured content).\n   */\n  handler: (\n    input: z.infer<z.ZodObject<I>>,\n    ctx: ToolContext,\n  ) => Promise<unknown>;\n}\n\nexport function defineTool<I extends z.ZodRawShape>(t: ToolDef<I>): ToolDef<I> {\n  return t;\n}\n\n// `ToolDef<any>` here intentionally — the array is heterogeneous (each tool\n// has its own input shape) and the SDK's registerTool only cares about the\n// runtime Zod object, not compile-time type inference. Without `any` there's\n// no single ZodRawShape that satisfies every entry simultaneously.\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function registerAll(\n  server: McpServer,\n  ctx: ToolContext,\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  tools: ReadonlyArray<ToolDef<any>>,\n): void {\n  for (const tool of tools) {\n    server.registerTool(\n      tool.name,\n      {\n        description: tool.description,\n        inputSchema: tool.inputShape,\n      },\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      async (input: any) => {\n        try {\n          const result = await tool.handler(input, ctx);\n          return {\n            content: [\n              {\n                type: \"text\" as const,\n                text:\n                  typeof result === \"string\"\n                    ? result\n                    : JSON.stringify(result, null, 2),\n              },\n            ],\n          };\n        } catch (err) {\n          const message = err instanceof Error ? err.message : String(err);\n          ctx.log.error(`tool ${tool.name} failed`, { message });\n          return {\n            isError: true,\n            content: [\n              { type: \"text\" as const, text: `error: ${message}` },\n            ],\n          };\n        }\n      },\n    );\n  }\n}\n","/**\n * OIDC application tools — list, create, delete on a workspace's apps.\n * Apps are the integration unit: each one represents one downstream service\n * (web app, mobile app, CLI) that authenticates via Prysmid.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listApps = defineTool({\n  name: \"list_apps\",\n  description: \"List all OIDC apps in a workspace.\",\n  inputShape: {\n    workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/apps`),\n});\n\nexport const createOidcApp = defineTool({\n  name: \"create_oidc_app\",\n  description:\n    \"Create an OIDC application in a workspace. Returns client_id (and client_secret if confidential). Use auth_method=NONE for SPA/PKCE; use BASIC for confidential web apps.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    name: z.string().min(1).max(255),\n    redirect_uris: z.array(z.string().url()).min(1),\n    post_logout_redirect_uris: z.array(z.string().url()).optional(),\n    app_type: z\n      .enum([\n        \"OIDC_APP_TYPE_WEB\",\n        \"OIDC_APP_TYPE_USER_AGENT\",\n        \"OIDC_APP_TYPE_NATIVE\",\n      ])\n      .default(\"OIDC_APP_TYPE_WEB\"),\n    auth_method: z\n      .enum([\n        \"OIDC_AUTH_METHOD_TYPE_NONE\",\n        \"OIDC_AUTH_METHOD_TYPE_BASIC\",\n        \"OIDC_AUTH_METHOD_TYPE_POST\",\n      ])\n      .default(\"OIDC_AUTH_METHOD_TYPE_NONE\"),\n    dev_mode: z\n      .boolean()\n      .default(false)\n      .describe(\n        \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n      ),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n      { method: \"POST\", body },\n    ),\n});\n\nexport const deleteOidcApp = defineTool({\n  name: \"delete_oidc_app\",\n  description: \"Delete an OIDC app. Idempotent — 404 returns success.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    app_id: z.string().min(1),\n  },\n  handler: async ({ workspace, app_id }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n      { method: \"DELETE\" },\n    ),\n});\n\nexport const tools = [listApps, createOidcApp, deleteOidcApp] as const;\n","/**\n * Billing tools — read state, manage spending cap, generate Stripe portal URL.\n * Checkout/upgrade flow returns a Stripe-hosted URL; the agent surfaces it to\n * the user for them to navigate (we don't process payment data here).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBilling = defineTool({\n  name: \"get_billing\",\n  description:\n    \"Get current billing state: plan, subscription status, current period, spending_cap_cents, signups_blocked.\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/billing`,\n    ),\n});\n\nexport const setSpendingCap = defineTool({\n  name: \"set_spending_cap\",\n  description:\n    \"Cap monthly Pro overage spend (cents). Pass null to remove cap (unlimited). When projected overage exceeds cap, signups_blocked flips on.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    spending_cap_cents: z\n      .number()\n      .int()\n      .min(0)\n      .max(10_000_000)\n      .nullable()\n      .describe(\"Max overage cents per period; null = unlimited\"),\n  },\n  handler: async ({ workspace, spending_cap_cents }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/billing/spending-cap`,\n      { method: \"PATCH\", body: { spending_cap_cents } },\n    ),\n});\n\nexport const startCheckout = defineTool({\n  name: \"start_billing_checkout\",\n  description:\n    \"Create a Stripe Checkout session for upgrading. Returns the URL the user must visit. Plan must be `pro` (Free has no checkout; Enterprise is sales-only).\",\n  inputShape: {\n    workspace: z.string().min(1),\n    plan: z.enum([\"pro\"]),\n  },\n  handler: async ({ workspace, plan }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/billing/checkout`,\n      { method: \"POST\", body: { plan } },\n    ),\n});\n\nexport const startBillingPortal = defineTool({\n  name: \"start_billing_portal\",\n  description:\n    \"Create a Stripe customer-portal session URL where the user manages payment methods, downloads invoices, cancels subscription.\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/billing/portal`,\n      { method: \"POST\" },\n    ),\n});\n\nexport const tools = [\n  getBilling,\n  setSpendingCap,\n  startCheckout,\n  startBillingPortal,\n] as const;\n","/**\n * Branding tools — colors, fonts, logo for the login page. Logo upload is\n * out of MCP scope (multipart binary uploads don't fit MCP tool semantics\n * cleanly); use the dashboard or API directly for that.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBranding = defineTool({\n  name: \"get_branding\",\n  description:\n    \"Return the workspace's active branding policy (colors, fonts, hide-prysmid-watermark flag, logo URLs).\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n    ),\n});\n\nexport const updateBranding = defineTool({\n  name: \"update_branding\",\n  description:\n    \"Update branding colors and watermark. Hex colors as `#RRGGBB`. Activates the policy after update — change shows on next login screen render.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    primary_color: z\n      .string()\n      .regex(/^#[0-9a-fA-F]{6}$/)\n      .optional(),\n    background_color: z\n      .string()\n      .regex(/^#[0-9a-fA-F]{6}$/)\n      .optional(),\n    warn_color: z\n      .string()\n      .regex(/^#[0-9a-fA-F]{6}$/)\n      .optional(),\n    font_color: z\n      .string()\n      .regex(/^#[0-9a-fA-F]{6}$/)\n      .optional(),\n    disable_watermark: z\n      .boolean()\n      .optional()\n      .describe(\n        \"Hide 'Powered by Prysmid' on the login screen (Pro+ only — Free silently ignored).\",\n      ),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n      { method: \"PATCH\", body },\n    ),\n});\n\nexport const tools = [getBranding, updateBranding] as const;\n","/**\n * Curated high-level tools — the ones agents would naturally reach for to\n * accomplish a goal in one call, instead of orchestrating 4 raw endpoints.\n *\n * Keep these small: each represents one end-user intent (\"set up a workspace\n * with Google login\"). Branch logic and prompts stay on the agent side; this\n * file only owns the API choreography.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst SetupWorkspaceOutput = z.object({\n  workspace_id: z.string(),\n  slug: z.string(),\n  auth_domain: z.string(),\n  state: z.string(),\n});\n\nexport const setupPrysmidWorkspace = defineTool({\n  name: \"setup_prysmid_workspace\",\n  description:\n    \"Create a new workspace and wait until it's fully provisioned (Zitadel instance, SMTP, DNS). Returns the live auth_domain ready to integrate.\",\n  inputShape: {\n    slug: z\n      .string()\n      .min(2)\n      .max(63)\n      .regex(/^[a-z0-9-]+$/),\n    display_name: z.string().min(1),\n    timeout_seconds: z\n      .number()\n      .int()\n      .min(10)\n      .max(300)\n      .default(120)\n      .describe(\"Max time to wait for provisioning before returning.\"),\n  },\n  handler: async (\n    { slug, display_name, timeout_seconds },\n    { client, log },\n  ) => {\n    const created = (await client.request(\"/v1/workspaces\", {\n      method: \"POST\",\n      body: { slug, display_name },\n    })) as { id: string; slug: string; state: string; auth_domain?: string };\n\n    const deadline = Date.now() + timeout_seconds * 1000;\n    while (Date.now() < deadline) {\n      const ws = (await client.request(\n        `/v1/workspaces/${encodeURIComponent(created.id)}`,\n      )) as {\n        id: string;\n        slug: string;\n        state: string;\n        auth_domain?: string;\n        provisioning_error?: string;\n      };\n      if (ws.state === \"active\") {\n        return SetupWorkspaceOutput.parse({\n          workspace_id: ws.id,\n          slug: ws.slug,\n          auth_domain: ws.auth_domain ?? `auth.${ws.slug}.prysmid.com`,\n          state: ws.state,\n        });\n      }\n      if (ws.state === \"provisioning_failed\") {\n        throw new Error(\n          `Workspace provisioning failed: ${ws.provisioning_error ?? \"unknown reason\"}`,\n        );\n      }\n      log.debug(`workspace ${created.id} state=${ws.state}, polling…`);\n      await sleep(3000);\n    }\n    throw new Error(\n      `Workspace did not reach state=active within ${timeout_seconds}s`,\n    );\n  },\n});\n\nfunction sleep(ms: number) {\n  return new Promise((r) => setTimeout(r, ms));\n}\n\nexport const enableGoogleLogin = defineTool({\n  name: \"enable_google_login\",\n  description:\n    \"Add Google as an identity provider on a workspace and enable external IdPs in the login policy. Hands you a checklist if external IdPs were already disabled — agent should confirm before flipping that flag.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    google_client_id: z.string().min(1),\n    google_client_secret: z.string().min(1),\n    name: z.string().default(\"Google\"),\n  },\n  handler: async (\n    { workspace, google_client_id, google_client_secret, name },\n    { client },\n  ) => {\n    const idp = await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n      {\n        method: \"POST\",\n        body: {\n          provider: \"google\",\n          name,\n          config: {\n            client_id: google_client_id,\n            client_secret: google_client_secret,\n          },\n        },\n      },\n    );\n\n    // Force-enable external IdP toggle in case the workspace had it off.\n    await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n      { method: \"PATCH\", body: { allow_external_idp: true } },\n    );\n\n    return { idp, login_policy: \"allow_external_idp=true\" };\n  },\n});\n\ninterface SetupCheckItem {\n  ok: boolean;\n  name: string;\n  details?: string;\n}\n\nexport const prysmidSetupCheck = defineTool({\n  name: \"prysmid_setup_check\",\n  description:\n    \"Run a readiness checklist on a workspace: state=active, ≥1 OIDC app, ≥1 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable. Returns pass/fail per item plus a summary verdict.\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) => {\n    const ws = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}`,\n    )) as { state: string; auth_domain?: string };\n    const apps = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n    )) as unknown[];\n    const idps = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n    )) as unknown[];\n    const policy = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n    )) as {\n      allow_username_password?: boolean;\n      allow_register?: boolean;\n      allow_external_idp?: boolean;\n      force_mfa?: boolean;\n    };\n    const branding = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n    )) as { primary_color?: string };\n\n    const checks: SetupCheckItem[] = [\n      {\n        ok: ws.state === \"active\",\n        name: \"workspace_active\",\n        details: `state=${ws.state}`,\n      },\n      {\n        ok: apps.length > 0,\n        name: \"has_at_least_one_app\",\n        details: `${apps.length} apps`,\n      },\n      {\n        ok:\n          idps.length > 0 ||\n          (policy.allow_username_password === true &&\n            policy.allow_register === true),\n        name: \"users_can_sign_in\",\n        details:\n          idps.length > 0\n            ? `${idps.length} idps`\n            : \"no idps; must allow username+password+register\",\n      },\n      {\n        ok: !!branding.primary_color,\n        name: \"branding_primary_color_set\",\n      },\n      {\n        ok: policy.force_mfa === true || idps.length > 0,\n        name: \"auth_strength_reasonable\",\n        details: policy.force_mfa\n          ? \"force_mfa=true\"\n          : \"MFA off but external IdP present\",\n      },\n    ];\n    const verdict = checks.every((c) => c.ok) ? \"ready\" : \"incomplete\";\n    return { verdict, checks };\n  },\n});\n\nexport const tools = [\n  setupPrysmidWorkspace,\n  enableGoogleLogin,\n  prysmidSetupCheck,\n] as const;\n","/**\n * Identity provider tools — Google, GitHub, Microsoft, generic OIDC.\n * Each create_* operation atomically: creates the IdP config AND adds it to\n * the login policy so it appears on the login screen. The Prysmid API\n * encapsulates that two-step lifecycle behind a single endpoint.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listIdps = defineTool({\n  name: \"list_idps\",\n  description:\n    \"List identity providers (Google/GitHub/Microsoft/OIDC) configured on a workspace.\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/idps`),\n});\n\nexport const addIdp = defineTool({\n  name: \"add_idp\",\n  description:\n    \"Add an identity provider to the workspace and attach it to the login policy in one atomic call. Provider-specific fields go in `config`.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    provider: z.enum([\"google\", \"github\", \"azure_ad\", \"oidc\"]),\n    name: z.string().min(1).describe(\"Display name shown on login screen\"),\n    config: z\n      .object({\n        client_id: z.string().min(1),\n        client_secret: z.string().min(1),\n        scopes: z.array(z.string()).optional(),\n        issuer: z\n          .string()\n          .url()\n          .optional()\n          .describe(\"Required for `oidc`; ignored otherwise\"),\n        tenant_id: z\n          .string()\n          .optional()\n          .describe(\n            \"Required for `azure_ad` to lock to a specific Microsoft tenant\",\n          ),\n      })\n      .describe(\"Provider-specific OAuth config\"),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n      { method: \"POST\", body },\n    ),\n});\n\nexport const deleteIdp = defineTool({\n  name: \"delete_idp\",\n  description:\n    \"Remove an identity provider. Strips it from the login policy then deletes the config. Idempotent.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    idp_id: z.string().min(1),\n  },\n  handler: async ({ workspace, idp_id }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n      { method: \"DELETE\" },\n    ),\n});\n\nexport const tools = [listIdps, addIdp, deleteIdp] as const;\n","/**\n * Login policy tools — control which authentication methods are allowed,\n * MFA enforcement, lockout thresholds. Patches are merge semantics on the\n * server side; only fields you set are changed.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getLoginPolicy = defineTool({\n  name: \"get_login_policy\",\n  description:\n    \"Return the workspace's current login policy (password rules, MFA, IdPs allowed, lockout, etc.).\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n    ),\n});\n\nexport const updateLoginPolicy = defineTool({\n  name: \"update_login_policy\",\n  description:\n    \"Update the login policy. PATCH semantics — only fields you pass are changed; other policy fields stay as they were.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    allow_username_password: z.boolean().optional(),\n    allow_register: z.boolean().optional(),\n    allow_external_idp: z.boolean().optional(),\n    force_mfa: z\n      .boolean()\n      .optional()\n      .describe(\"Require any second factor at login\"),\n    passwordless_type: z\n      .enum([\n        \"PASSWORDLESS_TYPE_NOT_ALLOWED\",\n        \"PASSWORDLESS_TYPE_ALLOWED\",\n      ])\n      .optional()\n      .describe(\"Enables passkey-first when set to ALLOWED\"),\n    max_password_attempts: z.number().int().min(0).max(20).optional(),\n    lockout_password_attempts: z.number().int().min(0).max(20).optional(),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n      { method: \"PATCH\", body },\n    ),\n});\n\nexport const tools = [getLoginPolicy, updateLoginPolicy] as const;\n","/**\n * User tools — list, invite (sends Zitadel init email), delete.\n * Invite is the primary creation path; users set their own password via the\n * email link. Direct user creation with pre-set credentials is intentionally\n * not exposed here.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listUsers = defineTool({\n  name: \"list_users\",\n  description: \"List human users in a workspace.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    limit: z.number().int().min(1).max(500).default(100),\n  },\n  handler: async ({ workspace, limit }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/users`,\n      { query: { limit } },\n    ),\n});\n\nexport const inviteUser = defineTool({\n  name: \"invite_user\",\n  description:\n    \"Invite a user by email. Idempotent by email — re-inviting an existing user is a no-op. Triggers a Zitadel init email with a 'set your password' link.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    email: z\n      .string()\n      .regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/, \"must be a valid email\"),\n    first_name: z.string().min(1),\n    last_name: z.string().min(1),\n    preferred_language: z\n      .string()\n      .length(2)\n      .default(\"en\")\n      .describe(\"ISO 639-1, e.g. en/es/pt\"),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/users/invite`,\n      { method: \"POST\", body },\n    ),\n});\n\nexport const deleteUser = defineTool({\n  name: \"delete_user\",\n  description: \"Delete a user by id. Idempotent.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    user_id: z.string().min(1),\n  },\n  handler: async ({ workspace, user_id }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/users/${encodeURIComponent(user_id)}`,\n      { method: \"DELETE\" },\n    ),\n});\n\nexport const tools = [listUsers, inviteUser, deleteUser] as const;\n","/**\n * Hand-written workspace tools. These are the ones agents reach for first;\n * the rest of the surface is auto-generated from OpenAPI in a later pass.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listWorkspaces = defineTool({\n  name: \"list_workspaces\",\n  description:\n    \"List Prysmid workspaces accessible to the current API token. Returns an array of {id, slug, display_name, plan, state}.\",\n  inputShape: {},\n  handler: async (_input, { client }) =>\n    client.request(\"/v1/workspaces\", { method: \"GET\" }),\n});\n\nexport const getWorkspace = defineTool({\n  name: \"get_workspace\",\n  description: \"Get a single workspace by slug or id.\",\n  inputShape: {\n    workspace: z\n      .string()\n      .min(1)\n      .describe(\"Workspace slug or UUID\"),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(`/v1/workspaces/${encodeURIComponent(workspace)}`),\n});\n\nexport const createWorkspace = defineTool({\n  name: \"create_workspace\",\n  description:\n    \"Create a new Prysmid workspace. Provisioning runs in the background; the response returns immediately with state=provisioning. Poll `get_workspace` until state=active (~30s).\",\n  inputShape: {\n    slug: z\n      .string()\n      .min(2)\n      .max(63)\n      .regex(/^[a-z0-9-]+$/, \"lowercase alphanumeric and hyphens only\")\n      .describe(\"Subdomain-safe slug — becomes auth.<slug>.prysmid.com\"),\n    display_name: z.string().min(1).max(255),\n  },\n  handler: async (input, { client }) =>\n    client.request(\"/v1/workspaces\", { method: \"POST\", body: input }),\n});\n\nexport const tools = [listWorkspaces, getWorkspace, createWorkspace] as const;\n"],"mappings":";;;AAQA,SAAS,iBAAiB;AAC1B,SAAS,4BAA4B;;;ACA9B,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EANkB;AAAA,EACA;AAAA,EACA;AAKpB;AAQO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YACmB,KACA,KACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGnB,MAAM,QAAqB,MAAc,OAAuB,CAAC,GAAe;AAC9E,QAAI,CAAC,KAAK,IAAI,UAAU;AACtB,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,KAAK,IAAI,UAAU,IAAI;AAC3C,QAAI,KAAK,OAAO;AACd,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,KAAK,GAAG;AAC/C,YAAI,MAAM,OAAW,KAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,MACxD;AAAA,IACF;AAEA,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAkC;AAAA,MACtC,eAAe,UAAU,KAAK,IAAI,QAAQ;AAAA,MAC1C,QAAQ;AAAA,IACV;AACA,QAAI,KAAK,SAAS,OAAW,SAAQ,cAAc,IAAI;AAEvD,SAAK,IAAI,MAAM,QAAQ,MAAM,IAAI,IAAI,QAAQ,EAAE;AAC/C,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,IAC9D,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,UAAI;AACJ,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,eAAO,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ,QAAQ;AAAA,MACpE,QAAQ;AAAA,MAER;AACA,YAAM,IAAI;AAAA,QACR,eAAe,IAAI,MAAM,OAAO,MAAM,IAAI,IAAI;AAAA,QAC9C,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS,GAAI,QAAO;AACxB,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;AC5EA,IAAM,mBAAmB;AAElB,SAAS,WAAW,MAAyB,QAAQ,KAAa;AACvE,QAAM,WAAW,IAAI,oBAAoB,kBAAkB,QAAQ,QAAQ,EAAE;AAC7E,QAAM,WAAW,IAAI,mBAAmB,KAAK,KAAK;AAClD,QAAM,YAAY,IAAI,yBAAyB,QAAQ,YAAY;AACnE,QAAM,WACJ,aAAa,WAAW,aAAa,UAAU,aAAa,UACxD,WACA;AACN,SAAO,EAAE,SAAS,UAAU,SAAS;AACvC;;;ACjBA,IAAM,QAAQ,EAAE,OAAO,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,GAAG;AASlD,SAAS,WAAW,KAAuC;AAChE,QAAM,YAAY,MAAM,IAAI,QAAQ;AAEpC,WAAS,KAAK,OAA2B,KAAa,OAAiB;AACrE,QAAI,MAAM,KAAK,IAAI,UAAW;AAC9B,UAAM,MAAK,oBAAI,KAAK,GAAE,YAAY;AAClC,UAAM,UAAU,UAAU,SAAY,KAAK,IAAI,SAAS,KAAK,CAAC;AAC9D,YAAQ,OAAO,MAAM,GAAG,EAAE,IAAI,MAAM,YAAY,CAAC,IAAI,GAAG,GAAG,OAAO;AAAA,CAAI;AAAA,EACxE;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,IACnC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,EACrC;AACF;AAEA,SAAS,SAAS,GAAoB;AACpC,MAAI;AACF,WAAO,KAAK,UAAU,CAAC;AAAA,EACzB,QAAQ;AACN,WAAO,OAAO,CAAC;AAAA,EACjB;AACF;;;ACAO,SAAS,WAAoC,GAA2B;AAC7E,SAAO;AACT;AAOO,SAAS,YACd,QACA,KAEAA,QACM;AACN,aAAW,QAAQA,QAAO;AACxB,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,QACE,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,MACpB;AAAA;AAAA,MAEA,OAAO,UAAe;AACpB,YAAI;AACF,gBAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,GAAG;AAC5C,iBAAO;AAAA,YACL,SAAS;AAAA,cACP;AAAA,gBACE,MAAM;AAAA,gBACN,MACE,OAAO,WAAW,WACd,SACA,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,cACtC;AAAA,YACF;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,cAAI,IAAI,MAAM,QAAQ,KAAK,IAAI,WAAW,EAAE,QAAQ,CAAC;AACrD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,SAAS;AAAA,cACP,EAAE,MAAM,QAAiB,MAAM,UAAU,OAAO,GAAG;AAAA,YACrD;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACpFA,SAAS,SAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,EAChE;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC;AAAA,IAC9C,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,UAAU,EACP,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EACA,QAAQ,mBAAmB;AAAA,IAC9B,aAAa,EACV,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EACA,QAAQ,4BAA4B;AAAA,IACvC,UAAU,EACP,QAAQ,EACR,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,QAAQ,CAAC,UAAU,eAAe,aAAa;;;ACjE5D,SAAS,KAAAC,UAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAU,EACd,SAAS,EACT,SAAS,gDAAgD;AAAA,EAC9D;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,mBAAmB,GAAG,EAAE,OAAO,MAC1D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,mBAAmB,EAAE;AAAA,EAClD;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GAAE,KAAK,CAAC,KAAK,CAAC;AAAA,EACtB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,KAAK,GAAG,EAAE,OAAO,MAC5C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,MAAM,EAAE,KAAK,EAAE;AAAA,EACnC;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACxEA,SAAS,KAAAC,UAAS;AAIX,IAAM,cAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GACZ,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,kBAAkBA,GACf,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,aAAa,cAAc;;;AClDjD,SAAS,KAAAC,UAAS;AAIlB,IAAM,uBAAuBC,GAAE,OAAO;AAAA,EACpC,cAAcA,GAAE,OAAO;AAAA,EACvB,MAAMA,GAAE,OAAO;AAAA,EACf,aAAaA,GAAE,OAAO;AAAA,EACtB,OAAOA,GAAE,OAAO;AAClB,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,cAAc;AAAA,IACvB,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC9B,iBAAiBA,GACd,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,IAAI,GAAG,EACP,QAAQ,GAAG,EACX,SAAS,qDAAqD;AAAA,EACnE;AAAA,EACA,SAAS,OACP,EAAE,MAAM,cAAc,gBAAgB,GACtC,EAAE,QAAQ,IAAI,MACX;AACH,UAAM,UAAW,MAAM,OAAO,QAAQ,kBAAkB;AAAA,MACtD,QAAQ;AAAA,MACR,MAAM,EAAE,MAAM,aAAa;AAAA,IAC7B,CAAC;AAED,UAAM,WAAW,KAAK,IAAI,IAAI,kBAAkB;AAChD,WAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,YAAM,KAAM,MAAM,OAAO;AAAA,QACvB,kBAAkB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAClD;AAOA,UAAI,GAAG,UAAU,UAAU;AACzB,eAAO,qBAAqB,MAAM;AAAA,UAChC,cAAc,GAAG;AAAA,UACjB,MAAM,GAAG;AAAA,UACT,aAAa,GAAG,eAAe,QAAQ,GAAG,IAAI;AAAA,UAC9C,OAAO,GAAG;AAAA,QACZ,CAAC;AAAA,MACH;AACA,UAAI,GAAG,UAAU,uBAAuB;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,GAAG,sBAAsB,gBAAgB;AAAA,QAC7E;AAAA,MACF;AACA,UAAI,MAAM,aAAa,QAAQ,EAAE,UAAU,GAAG,KAAK,iBAAY;AAC/D,YAAM,MAAM,GAAI;AAAA,IAClB;AACA,UAAM,IAAI;AAAA,MACR,+CAA+C,eAAe;AAAA,IAChE;AAAA,EACF;AACF,CAAC;AAED,SAAS,MAAM,IAAY;AACzB,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAClC,sBAAsBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtC,MAAMA,GAAE,OAAO,EAAE,QAAQ,QAAQ;AAAA,EACnC;AAAA,EACA,SAAS,OACP,EAAE,WAAW,kBAAkB,sBAAsB,KAAK,GAC1D,EAAE,OAAO,MACN;AACH,UAAM,MAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,UAAU;AAAA,UACV;AAAA,UACA,QAAQ;AAAA,YACN,WAAW;AAAA,YACX,eAAe;AAAA,UACjB;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,UAAM,OAAO;AAAA,MACX,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,oBAAoB,KAAK,EAAE;AAAA,IACxD;AAEA,WAAO,EAAE,KAAK,cAAc,0BAA0B;AAAA,EACxD;AACF,CAAC;AAQM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MAAM;AAC5C,UAAM,KAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,OAAQ,MAAM,OAAO;AAAA,MACzB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,OAAQ,MAAM,OAAO;AAAA,MACzB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,SAAU,MAAM,OAAO;AAAA,MAC3B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAMA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAEA,UAAM,SAA2B;AAAA,MAC/B;AAAA,QACE,IAAI,GAAG,UAAU;AAAA,QACjB,MAAM;AAAA,QACN,SAAS,SAAS,GAAG,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,QACE,IAAI,KAAK,SAAS;AAAA,QAClB,MAAM;AAAA,QACN,SAAS,GAAG,KAAK,MAAM;AAAA,MACzB;AAAA,MACA;AAAA,QACE,IACE,KAAK,SAAS,KACb,OAAO,4BAA4B,QAClC,OAAO,mBAAmB;AAAA,QAC9B,MAAM;AAAA,QACN,SACE,KAAK,SAAS,IACV,GAAG,KAAK,MAAM,UACd;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,CAAC,CAAC,SAAS;AAAA,QACf,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,OAAO,cAAc,QAAQ,KAAK,SAAS;AAAA,QAC/C,MAAM;AAAA,QACN,SAAS,OAAO,YACZ,mBACA;AAAA,MACN;AAAA,IACF;AACA,UAAM,UAAU,OAAO,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,UAAU;AACtD,WAAO,EAAE,SAAS,OAAO;AAAA,EAC3B;AACF,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AACF;;;ACnMA,SAAS,KAAAC,UAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,UAAUA,GAAE,KAAK,CAAC,UAAU,UAAU,YAAY,MAAM,CAAC;AAAA,IACzD,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,oCAAoC;AAAA,IACrE,QAAQA,GACL,OAAO;AAAA,MACN,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MAC3B,eAAeA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MAC/B,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,MACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,wCAAwC;AAAA,MACpD,WAAWA,GACR,OAAO,EACP,SAAS,EACT;AAAA,QACC;AAAA,MACF;AAAA,IACJ,CAAC,EACA,SAAS,gCAAgC;AAAA,EAC9C;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,UAAU,QAAQ,SAAS;;;ACjEjD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,yBAAyBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9C,gBAAgBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACrC,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACzC,WAAWA,GACR,QAAQ,EACR,SAAS,EACT,SAAS,oCAAoC;AAAA,IAChD,mBAAmBA,GAChB,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,IACF,CAAC,EACA,SAAS,EACT,SAAS,2CAA2C;AAAA,IACvD,uBAAuBA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,IAChE,2BAA2BA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,EACtE;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,iBAAiB;;;AC9CvD,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,GAAG;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,MAAM,GAAG,EAAE,OAAO,MAC7C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,MAAM,EAAE;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GACJ,OAAO,EACP,MAAM,8BAA8B,uBAAuB;AAAA,IAC9D,YAAYA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC5B,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,OAAO,CAAC,EACR,QAAQ,IAAI,EACZ,SAAS,0BAA0B;AAAA,EACxC;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,SAASA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,UAAU,mBAAmB,OAAO,CAAC;AAAA,IACpF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,WAAW,YAAY,UAAU;;;AC1DvD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAC/B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AACtD,CAAC;AAEM,IAAM,eAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GACR,OAAO,EACP,IAAI,CAAC,EACL,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,EAAE;AACpE,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,gBAAgB,yCAAyC,EAC/D,SAAS,4DAAuD;AAAA,IACnE,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACzC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAC9B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AACpE,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,cAAc,eAAe;;;AZvBnE,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,SAAS,eAAe;AAEjC,IAAM,cAAc;AAEpB,SAAS,cAAsB;AAC7B,MAAI;AACF,UAAM,OAAO,QAAQ,cAAc,YAAY,GAAG,CAAC;AACnD,UAAM,MAAM,KAAK;AAAA,MACf,aAAa,QAAQ,MAAM,MAAM,cAAc,GAAG,MAAM;AAAA,IAC1D;AACA,WAAO,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,OAAsB;AAC1C,QAAM,MAAM,WAAW;AACvB,QAAM,MAAM,WAAW,GAAG;AAC1B,QAAM,SAAS,IAAI,cAAc,KAAK,GAAG;AAEzC,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,MAAM;AAAA,IACN,SAAS,YAAY;AAAA,EACvB,CAAC;AAED,QAAM,WAAW;AAAA,IACf,GAAGC;AAAA,IACH,GAAG;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,EACL;AAEA,cAAY,QAAQ,EAAE,QAAQ,IAAI,GAAG,QAAQ;AAE7C,MAAI,KAAK,wBAAwB;AAAA,IAC/B,SAAS,IAAI;AAAA,IACb,OAAO,SAAS;AAAA,IAChB,UAAU,IAAI,WAAW,WAAW;AAAA,EACtC,CAAC;AAED,QAAM,YAAY,IAAI,qBAAqB;AAC3C,QAAM,OAAO,QAAQ,SAAS;AAChC;AAMA,KAAK,EAAE,MAAM,CAAC,QAAQ;AACpB,UAAQ,OAAO,MAAM,UAAU,eAAe,QAAQ,IAAI,QAAQ,GAAG;AAAA,CAAI;AACzE,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","tools"]}
+{"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/client.ts","../src/config.ts","../src/logger.ts","../src/tokenStore.ts","../src/tools/registry.ts","../src/tools/apps.ts","../src/tools/billing.ts","../src/tools/branding.ts","../src/tools/curated.ts","../src/tools/idps.ts","../src/tools/login_policy.ts","../src/tools/users.ts","../src/tools/workspaces.ts","../src/tools/generated/apps.ts","../src/tools/generated/billing.ts","../src/tools/generated/branding.ts","../src/tools/generated/idps.ts","../src/tools/generated/login-policy.ts","../src/tools/generated/smtp.ts","../src/tools/generated/users.ts","../src/tools/generated/workspaces.ts","../src/tools/generated/index.ts"],"sourcesContent":["/**\n * Entrypoint — boots an MCP server over stdio with the full Prysmid tool set.\n *\n * Three layers of tools:\n *   1. handwritten — `src/tools/{apps,users,...}.ts`. Polished schemas,\n *      curated descriptions, the canonical surface.\n *   2. curated — `src/tools/curated.ts`. Multi-step orchestrators (e.g.\n *      `setup_prysmid_workspace`).\n *   3. generated — `src/tools/generated/*.ts`. Auto-emitted from the live\n *      OpenAPI spec by `scripts/generate-tools.ts`. Covers everything else.\n *\n * Merge rule: handwritten and curated names always win. A generated tool\n * with the same `name` as one of them is dropped silently — the handwritten\n * version is the source of truth.\n *\n * MCP transport contract:\n *   - JSON-RPC over stdin/stdout\n *   - stdout is RESERVED for protocol bytes; logs go to stderr (see logger.ts)\n *   - one process == one client; the agent spawns a fresh server per session\n */\nimport { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { deviceFlow } from \"./auth.js\";\nimport { PrysmidClient } from \"./client.js\";\nimport { loadConfig, type Config } from \"./config.js\";\nimport { makeLogger, type Logger } from \"./logger.js\";\nimport { clearToken, loadToken, saveToken } from \"./tokenStore.js\";\nimport { registerAll, type ToolDef } from \"./tools/registry.js\";\nimport { tools as appsTools } from \"./tools/apps.js\";\nimport { tools as billingTools } from \"./tools/billing.js\";\nimport { tools as brandingTools } from \"./tools/branding.js\";\nimport { tools as curatedTools } from \"./tools/curated.js\";\nimport { tools as idpsTools } from \"./tools/idps.js\";\nimport { tools as loginPolicyTools } from \"./tools/login_policy.js\";\nimport { tools as usersTools } from \"./tools/users.js\";\nimport { tools as workspaceTools } from \"./tools/workspaces.js\";\nimport { generatedTools } from \"./tools/generated/index.js\";\n\nimport { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, resolve } from \"node:path\";\n\nconst SERVER_NAME = \"prysmid\";\n\nfunction readVersion(): string {\n  try {\n    const here = dirname(fileURLToPath(import.meta.url));\n    const pkg = JSON.parse(\n      readFileSync(resolve(here, \"..\", \"package.json\"), \"utf8\"),\n    );\n    return typeof pkg.version === \"string\" ? pkg.version : \"0.0.0\";\n  } catch {\n    return \"0.0.0\";\n  }\n}\n\n/**\n * Map of generated tool names that are superseded by a hand-written tool\n * with a different name (because the hand-written name is more agent-\n * friendly than what FastAPI's operationId produced). Without this, the\n * agent would see two near-duplicates: e.g. `add_idp` (curated) AND\n * `create_idp` (generated) for the same endpoint.\n *\n * Keep the LHS in sync with what the generator emits — if you rename a\n * hand-written tool, update this table.\n */\nconst GENERATED_ALIASES: Readonly<Record<string, string>> = {\n  // generated name → handwritten that already covers it\n  create_idp: \"add_idp\",\n  create_app: \"create_oidc_app\",\n  delete_app: \"delete_oidc_app\",\n  update_spending_cap: \"set_spending_cap\",\n  billing_checkout: \"start_billing_checkout\",\n  billing_portal: \"start_billing_portal\",\n  billing_get_state: \"get_billing\",\n};\n\n/**\n * Compose the final tool array. Hand-written + curated tools take\n * precedence over generated tools sharing the same `name`, AND over any\n * generated tool listed in {@link GENERATED_ALIASES}. Exported so tests\n * can assert merge behavior without booting the MCP server.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function composeToolset(): ToolDef<any>[] {\n  const handwrittenAndCurated = [\n    ...workspaceTools,\n    ...appsTools,\n    ...idpsTools,\n    ...loginPolicyTools,\n    ...usersTools,\n    ...brandingTools,\n    ...billingTools,\n    ...curatedTools,\n    // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  ] as ToolDef<any>[];\n\n  const handwrittenNames = new Set(handwrittenAndCurated.map((t) => t.name));\n  const filteredGenerated = generatedTools.filter((t) => {\n    if (handwrittenNames.has(t.name)) return false;\n    const alias = GENERATED_ALIASES[t.name];\n    if (alias && handwrittenNames.has(alias)) return false;\n    return true;\n  });\n\n  return [...handwrittenAndCurated, ...filteredGenerated];\n}\n\n/**\n * Resolve the bearer token to use for API calls. Resolution order:\n *   1. PRYSMID_API_TOKEN env var (CI / static service tokens)\n *   2. Cached device-flow token at ~/.config/prysmid-mcp/token.json (or %APPDATA% on Windows)\n *   3. Run interactive device flow (browser + user code) and save to cache\n *\n * Returns the token plus the human-readable mode string for logs.\n */\nexport async function resolveAuth(\n  cfg: Config,\n  log: Logger,\n): Promise<{ token: string | null; mode: \"bearer\" | \"cached\" | \"deviceflow\" | \"none\" }> {\n  if (cfg.apiToken) return { token: cfg.apiToken, mode: \"bearer\" };\n\n  const cached = loadToken(cfg.apiBase);\n  if (cached) return { token: cached.accessToken, mode: \"cached\" };\n\n  if (!process.stderr.isTTY && !process.env.PRYSMID_FORCE_DEVICE_FLOW) {\n    log.warn(\n      \"no PRYSMID_API_TOKEN and no cached token; stderr is not a TTY so refusing to start interactive device flow. Set PRYSMID_API_TOKEN, run `npx -y @prysmid/mcp` once interactively to populate the cache, or set PRYSMID_FORCE_DEVICE_FLOW=1 to override.\",\n    );\n    return { token: null, mode: \"none\" };\n  }\n\n  let result;\n  try {\n    result = await deviceFlow({ apiBase: cfg.apiBase, log });\n  } catch (err) {\n    log.error(\"device flow login failed\", {\n      error: err instanceof Error ? err.message : String(err),\n    });\n    clearToken();\n    return { token: null, mode: \"none\" };\n  }\n\n  const expiresAt =\n    Math.floor(Date.now() / 1000) + (result.expiresIn ?? 3600);\n  saveToken({\n    apiBase: cfg.apiBase,\n    accessToken: result.accessToken,\n    refreshToken: result.refreshToken,\n    expiresAt,\n  });\n  return { token: result.accessToken, mode: \"deviceflow\" };\n}\n\nexport async function main(): Promise<void> {\n  // `prysmid-mcp logout` — small subcommand that just clears the cache.\n  if (process.argv[2] === \"logout\") {\n    clearToken();\n    process.stderr.write(\"prysmid-mcp: logged out (token cache cleared)\\n\");\n    return;\n  }\n\n  const cfg = loadConfig();\n  const log = makeLogger(cfg);\n  const auth = await resolveAuth(cfg, log);\n  const client = new PrysmidClient(cfg, log, auth.token);\n\n  const server = new McpServer({\n    name: SERVER_NAME,\n    version: readVersion(),\n  });\n\n  const allTools = composeToolset();\n\n  registerAll(server, { client, log }, allTools);\n\n  log.info(`prysmid-mcp starting`, {\n    apiBase: cfg.apiBase,\n    tools: allTools.length,\n    authMode: auth.mode,\n  });\n\n  const transport = new StdioServerTransport();\n  await server.connect(transport);\n}\n\n// This module is only ever invoked as the package bin (MCP servers run as a\n// process per session). Cross-platform `import.meta.url === file://<argv[1]>`\n// is fragile (Windows backslash vs forward slash; symlinked paths) so we\n// just always boot UNLESS we're in vitest (which imports this module to\n// poke at the exports without wanting to connect a stdio transport).\nif (!process.env.VITEST) {\n  main().catch((err) => {\n    process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}\\n`);\n    process.exit(1);\n  });\n}\n","/**\n * OAuth 2.0 Device Authorization Grant client (RFC 8628).\n *\n * Flow:\n *   1. POST /v1/auth/device/start — get device_code + user_code + verification_uri\n *   2. Print user_code + URL to STDERR (stdout is reserved for MCP protocol)\n *   3. Poll POST /v1/auth/device/poll every `interval` seconds until:\n *        - status=complete    → return tokens\n *        - status=slow_down   → bump interval +5s, keep polling\n *        - status=expired     → throw\n *        - status=denied      → throw\n *\n * The platform side proxies these to Zitadel (auth.prysmid.com); the client\n * only ever talks to api.prysmid.com.\n */\nimport type { Logger } from \"./logger.js\";\n\nexport interface DeviceFlowToken {\n  accessToken: string;\n  refreshToken?: string;\n  expiresIn?: number;\n}\n\ninterface DeviceStartResponse {\n  device_code: string;\n  user_code: string;\n  verification_uri: string;\n  verification_uri_complete?: string | null;\n  interval: number;\n  expires_in: number;\n}\n\ninterface DevicePollResponse {\n  status: \"pending\" | \"slow_down\" | \"complete\" | \"expired\" | \"denied\";\n  access_token?: string | null;\n  refresh_token?: string | null;\n  expires_in?: number | null;\n  error?: string | null;\n}\n\nexport interface DeviceFlowOptions {\n  apiBase: string;\n  log: Logger;\n  /**\n   * Sleep function — overridable so tests can run instantly. Defaults to\n   * setTimeout-based promise.\n   */\n  sleep?: (ms: number) => Promise<void>;\n  /**\n   * Print sink for the user-facing prompt (browser URL + code). Defaults to\n   * stderr. Tests override to capture.\n   */\n  prompt?: (lines: string[]) => void;\n  /**\n   * Override the global fetch — kept for tests; production passes nothing.\n   */\n  fetchImpl?: typeof fetch;\n}\n\nconst DEFAULT_SLEEP = (ms: number): Promise<void> =>\n  new Promise((r) => setTimeout(r, ms));\n\nconst DEFAULT_PROMPT = (lines: string[]): void => {\n  for (const line of lines) process.stderr.write(`${line}\\n`);\n};\n\nexport async function deviceFlow(\n  opts: DeviceFlowOptions,\n): Promise<DeviceFlowToken> {\n  const sleep = opts.sleep ?? DEFAULT_SLEEP;\n  const prompt = opts.prompt ?? DEFAULT_PROMPT;\n  const fetchImpl = opts.fetchImpl ?? fetch;\n  const { apiBase, log } = opts;\n\n  const start = await postJson<DeviceStartResponse>(\n    fetchImpl,\n    `${apiBase}/v1/auth/device/start`,\n    {},\n  );\n\n  const verifyUrl = start.verification_uri_complete || start.verification_uri;\n  prompt([\n    \"\",\n    \"─────────────────────────────────────────────────────────\",\n    \" Prysmid MCP — Sign in to your account\",\n    \"─────────────────────────────────────────────────────────\",\n    \"\",\n    \"  1. Open this URL in your browser:\",\n    `       ${verifyUrl}`,\n    \"\",\n    \"  2. Confirm the code:\",\n    `       ${start.user_code}`,\n    \"\",\n    `  Waiting for confirmation (expires in ${start.expires_in}s)…`,\n    \"\",\n  ]);\n\n  let interval = Math.max(1, start.interval || 5);\n  const deadline = Date.now() + start.expires_in * 1000;\n\n  while (Date.now() < deadline) {\n    await sleep(interval * 1000);\n\n    let res: DevicePollResponse;\n    try {\n      res = await postJson<DevicePollResponse>(\n        fetchImpl,\n        `${apiBase}/v1/auth/device/poll`,\n        { device_code: start.device_code },\n      );\n    } catch (e) {\n      log.warn(\"device poll request failed, retrying\", {\n        error: e instanceof Error ? e.message : String(e),\n      });\n      continue;\n    }\n\n    if (res.status === \"complete\") {\n      if (!res.access_token) {\n        throw new Error(\n          \"Device flow returned status=complete but no access_token\",\n        );\n      }\n      log.info(\"device flow login complete\", {\n        expiresIn: res.expires_in ?? null,\n      });\n      return {\n        accessToken: res.access_token,\n        refreshToken: res.refresh_token ?? undefined,\n        expiresIn: res.expires_in ?? undefined,\n      };\n    }\n    if (res.status === \"slow_down\") {\n      interval += 5;\n      log.debug(\"device flow slow_down\", { newInterval: interval });\n      continue;\n    }\n    if (res.status === \"pending\") continue;\n    if (res.status === \"expired\") {\n      throw new Error(\"Device code expired before authorization\");\n    }\n    if (res.status === \"denied\") {\n      throw new Error(\"Authorization denied\");\n    }\n    log.warn(\"unknown device poll status\", { status: res.status });\n  }\n\n  throw new Error(\"Device code expired before authorization\");\n}\n\nasync function postJson<T>(\n  fetchImpl: typeof fetch,\n  url: string,\n  body: unknown,\n): Promise<T> {\n  const res = await fetchImpl(url, {\n    method: \"POST\",\n    headers: { \"Content-Type\": \"application/json\", Accept: \"application/json\" },\n    body: JSON.stringify(body),\n  });\n  const text = await res.text();\n  if (!res.ok) {\n    throw new Error(`POST ${url} failed: ${res.status} ${text}`);\n  }\n  try {\n    return JSON.parse(text) as T;\n  } catch {\n    throw new Error(`POST ${url} returned non-JSON: ${text.slice(0, 200)}`);\n  }\n}\n","/**\n * Prysmid API client — thin fetch wrapper that adds auth + maps errors.\n *\n * Auth model (MVP): static bearer via `PRYSMID_API_TOKEN`. Device-flow OAuth\n * lives in `auth.ts` and produces a token compatible with this client.\n */\nimport type { Config } from \"./config.js\";\nimport type { Logger } from \"./logger.js\";\n\nexport class PrysmidApiError extends Error {\n  constructor(\n    message: string,\n    public readonly status: number,\n    public readonly body: string,\n    public readonly code?: string,\n  ) {\n    super(message);\n    this.name = \"PrysmidApiError\";\n  }\n}\n\nexport interface RequestOptions {\n  method?: \"GET\" | \"POST\" | \"PUT\" | \"PATCH\" | \"DELETE\";\n  body?: unknown;\n  query?: Record<string, string | number | boolean | undefined>;\n}\n\nexport class PrysmidClient {\n  constructor(\n    private readonly cfg: Config,\n    private readonly log: Logger,\n    /**\n     * Optional override. When set (e.g. resolved via device flow + token cache),\n     * takes precedence over `cfg.apiToken`. Keeps the env-driven path for the\n     * `PRYSMID_API_TOKEN=…` mode untouched.\n     */\n    private readonly tokenOverride: string | null = null,\n  ) {}\n\n  private get effectiveToken(): string | null {\n    return this.tokenOverride ?? this.cfg.apiToken;\n  }\n\n  async request<T = unknown>(path: string, opts: RequestOptions = {}): Promise<T> {\n    const token = this.effectiveToken;\n    if (!token) {\n      throw new PrysmidApiError(\n        \"No Prysmid API token. Set PRYSMID_API_TOKEN or complete device-flow login.\",\n        401,\n        \"\",\n        \"auth.no_token\",\n      );\n    }\n\n    const url = new URL(this.cfg.apiBase + path);\n    if (opts.query) {\n      for (const [k, v] of Object.entries(opts.query)) {\n        if (v !== undefined) url.searchParams.set(k, String(v));\n      }\n    }\n\n    const method = opts.method ?? \"GET\";\n    const headers: Record<string, string> = {\n      Authorization: `Bearer ${token}`,\n      Accept: \"application/json\",\n    };\n    if (opts.body !== undefined) headers[\"Content-Type\"] = \"application/json\";\n\n    this.log.debug(`HTTP ${method} ${url.pathname}`);\n    const res = await fetch(url, {\n      method,\n      headers,\n      body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n    });\n\n    const text = await res.text();\n    if (!res.ok) {\n      let code: string | undefined;\n      try {\n        const parsed = JSON.parse(text);\n        code = typeof parsed?.error === \"string\" ? parsed.error : parsed?.code;\n      } catch {\n        // body wasn't JSON\n      }\n      throw new PrysmidApiError(\n        `Prysmid API ${res.status} on ${method} ${path}`,\n        res.status,\n        text,\n        code,\n      );\n    }\n\n    if (text === \"\") return undefined as T;\n    try {\n      return JSON.parse(text) as T;\n    } catch {\n      return text as unknown as T;\n    }\n  }\n}\n","/**\n * Runtime configuration. Pulled from env at startup; immutable thereafter.\n *\n * The MCP runs as a long-lived stdio process — env reads happen once.\n */\n\nexport interface Config {\n  apiBase: string;\n  apiToken: string | null;\n  logLevel: \"debug\" | \"info\" | \"warn\" | \"error\";\n}\n\nconst DEFAULT_API_BASE = \"https://api.prysmid.com\";\n\nexport function loadConfig(env: NodeJS.ProcessEnv = process.env): Config {\n  const apiBase = (env.PRYSMID_API_BASE ?? DEFAULT_API_BASE).replace(/\\/+$/, \"\");\n  const apiToken = env.PRYSMID_API_TOKEN?.trim() || null;\n  const rawLevel = (env.PRYSMID_MCP_LOG_LEVEL ?? \"info\").toLowerCase();\n  const logLevel: Config[\"logLevel\"] =\n    rawLevel === \"debug\" || rawLevel === \"warn\" || rawLevel === \"error\"\n      ? rawLevel\n      : \"info\";\n  return { apiBase, apiToken, logLevel };\n}\n","/**\n * stderr-only logger. MCP servers MUST NOT write to stdout — that channel\n * is reserved for the JSON-RPC protocol; any stray byte breaks the agent.\n */\nimport type { Config } from \"./config.js\";\n\nconst ORDER = { debug: 10, info: 20, warn: 30, error: 40 } as const;\n\nexport interface Logger {\n  debug: (msg: string, extra?: unknown) => void;\n  info: (msg: string, extra?: unknown) => void;\n  warn: (msg: string, extra?: unknown) => void;\n  error: (msg: string, extra?: unknown) => void;\n}\n\nexport function makeLogger(cfg: Pick<Config, \"logLevel\">): Logger {\n  const threshold = ORDER[cfg.logLevel];\n\n  function emit(level: keyof typeof ORDER, msg: string, extra?: unknown) {\n    if (ORDER[level] < threshold) return;\n    const ts = new Date().toISOString();\n    const payload = extra === undefined ? \"\" : ` ${safeJSON(extra)}`;\n    process.stderr.write(`${ts} ${level.toUpperCase()} ${msg}${payload}\\n`);\n  }\n\n  return {\n    debug: (m, e) => emit(\"debug\", m, e),\n    info: (m, e) => emit(\"info\", m, e),\n    warn: (m, e) => emit(\"warn\", m, e),\n    error: (m, e) => emit(\"error\", m, e),\n  };\n}\n\nfunction safeJSON(x: unknown): string {\n  try {\n    return JSON.stringify(x);\n  } catch {\n    return String(x);\n  }\n}\n","/**\n * On-disk cache for the device-flow access token.\n *\n * Path layout:\n *   - Windows: %APPDATA%\\prysmid-mcp\\token.json\n *   - Linux/macOS: $XDG_CONFIG_HOME/prysmid-mcp/token.json (default ~/.config/prysmid-mcp)\n *   - Fallback: ~/.prysmid-mcp/token.json\n *\n * The cache is keyed by `apiBase` so switching between staging/prod is safe.\n * Token file is mode 0600 on Unix; Windows ignores the chmod.\n */\nimport {\n  chmodSync,\n  existsSync,\n  mkdirSync,\n  readFileSync,\n  rmSync,\n  writeFileSync,\n} from \"node:fs\";\nimport { homedir, platform } from \"node:os\";\nimport { dirname, join } from \"node:path\";\n\nexport interface CachedToken {\n  apiBase: string;\n  accessToken: string;\n  refreshToken?: string;\n  /** Unix epoch seconds. */\n  expiresAt: number;\n}\n\nconst APP_DIR = \"prysmid-mcp\";\nconst FILE_NAME = \"token.json\";\nconst EXPIRY_SKEW_SECONDS = 60;\n\nexport function getTokenPath(env: NodeJS.ProcessEnv = process.env): string {\n  if (platform() === \"win32\") {\n    const base = env.APPDATA;\n    if (base) return join(base, APP_DIR, FILE_NAME);\n    return join(homedir(), `.${APP_DIR}`, FILE_NAME);\n  }\n  const xdg = env.XDG_CONFIG_HOME;\n  if (xdg) return join(xdg, APP_DIR, FILE_NAME);\n  return join(homedir(), \".config\", APP_DIR, FILE_NAME);\n}\n\nexport function loadToken(\n  apiBase: string,\n  env: NodeJS.ProcessEnv = process.env,\n): CachedToken | null {\n  const path = getTokenPath(env);\n  if (!existsSync(path)) return null;\n  let parsed: CachedToken;\n  try {\n    parsed = JSON.parse(readFileSync(path, \"utf8\")) as CachedToken;\n  } catch {\n    return null;\n  }\n  if (parsed.apiBase !== apiBase) return null;\n  const nowSec = Math.floor(Date.now() / 1000);\n  if (parsed.expiresAt - EXPIRY_SKEW_SECONDS <= nowSec) return null;\n  if (typeof parsed.accessToken !== \"string\" || !parsed.accessToken) {\n    return null;\n  }\n  return parsed;\n}\n\nexport function saveToken(\n  token: CachedToken,\n  env: NodeJS.ProcessEnv = process.env,\n): void {\n  const path = getTokenPath(env);\n  mkdirSync(dirname(path), { recursive: true });\n  writeFileSync(path, JSON.stringify(token, null, 2), \"utf8\");\n  if (platform() !== \"win32\") {\n    try {\n      chmodSync(path, 0o600);\n    } catch {\n      // best-effort\n    }\n  }\n}\n\nexport function clearToken(env: NodeJS.ProcessEnv = process.env): void {\n  const path = getTokenPath(env);\n  if (existsSync(path)) {\n    rmSync(path, { force: true });\n  }\n}\n","/**\n * Tool registry — single place where every MCP tool lives. Each tool exports\n * its input schema (Zod) + handler; `registerAll` wires them into the SDK.\n *\n * Two flavors of tools coexist:\n *   - generated: 1:1 with REST endpoints, produced by `scripts/generate-tools.ts`\n *     (lives under `tools/generated/*` once the script runs)\n *   - curated: high-level orchestrators a human/agent actually wants to call,\n *     e.g. `setup_prysmid_workspace(company_name)` that combines several\n *     endpoints. These live under `tools/curated/*`.\n *\n * Both share the same `Tool` shape so the registry is uniform.\n */\nimport type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { z } from \"zod\";\n\nimport type { PrysmidClient } from \"../client.js\";\nimport type { Logger } from \"../logger.js\";\n\nexport interface ToolContext {\n  client: PrysmidClient;\n  log: Logger;\n}\n\nexport interface ToolDef<I extends z.ZodRawShape> {\n  name: string;\n  description: string;\n  inputShape: I;\n  /**\n   * Handler returns plain JSON-able output. The SDK serializes it into\n   * MCP `content` blocks; we wrap to text by default (most MCP UIs render it\n   * better than structured content).\n   */\n  handler: (\n    input: z.infer<z.ZodObject<I>>,\n    ctx: ToolContext,\n  ) => Promise<unknown>;\n}\n\nexport function defineTool<I extends z.ZodRawShape>(t: ToolDef<I>): ToolDef<I> {\n  return t;\n}\n\n// `ToolDef<any>` here intentionally — the array is heterogeneous (each tool\n// has its own input shape) and the SDK's registerTool only cares about the\n// runtime Zod object, not compile-time type inference. Without `any` there's\n// no single ZodRawShape that satisfies every entry simultaneously.\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function registerAll(\n  server: McpServer,\n  ctx: ToolContext,\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  tools: ReadonlyArray<ToolDef<any>>,\n): void {\n  for (const tool of tools) {\n    server.registerTool(\n      tool.name,\n      {\n        description: tool.description,\n        inputSchema: tool.inputShape,\n      },\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      async (input: any) => {\n        try {\n          const result = await tool.handler(input, ctx);\n          return {\n            content: [\n              {\n                type: \"text\" as const,\n                text:\n                  typeof result === \"string\"\n                    ? result\n                    : JSON.stringify(result, null, 2),\n              },\n            ],\n          };\n        } catch (err) {\n          const message = err instanceof Error ? err.message : String(err);\n          ctx.log.error(`tool ${tool.name} failed`, { message });\n          return {\n            isError: true,\n            content: [\n              { type: \"text\" as const, text: `error: ${message}` },\n            ],\n          };\n        }\n      },\n    );\n  }\n}\n","/**\n * OIDC application tools — list, create, delete on a workspace's apps.\n * Apps are the integration unit: each one represents one downstream service\n * (web app, mobile app, CLI) that authenticates via Prysmid.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listApps = defineTool({\n  name: \"list_apps\",\n  description: \"List all OIDC apps in a workspace.\",\n  inputShape: {\n    workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/apps`),\n});\n\nexport const createOidcApp = defineTool({\n  name: \"create_oidc_app\",\n  description:\n    \"Create an OIDC application in a workspace. Returns client_id (and client_secret if confidential). Use auth_method=NONE for SPA/PKCE; use BASIC for confidential web apps.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    name: z.string().min(1).max(255),\n    redirect_uris: z.array(z.string().url()).min(1),\n    post_logout_redirect_uris: z.array(z.string().url()).optional(),\n    app_type: z\n      .enum([\n        \"OIDC_APP_TYPE_WEB\",\n        \"OIDC_APP_TYPE_USER_AGENT\",\n        \"OIDC_APP_TYPE_NATIVE\",\n      ])\n      .default(\"OIDC_APP_TYPE_WEB\"),\n    auth_method: z\n      .enum([\n        \"OIDC_AUTH_METHOD_TYPE_NONE\",\n        \"OIDC_AUTH_METHOD_TYPE_BASIC\",\n        \"OIDC_AUTH_METHOD_TYPE_POST\",\n      ])\n      .default(\"OIDC_AUTH_METHOD_TYPE_NONE\"),\n    dev_mode: z\n      .boolean()\n      .default(false)\n      .describe(\n        \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n      ),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n      { method: \"POST\", body },\n    ),\n});\n\nexport const deleteOidcApp = defineTool({\n  name: \"delete_oidc_app\",\n  description: \"Delete an OIDC app. Idempotent — 404 returns success.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    app_id: z.string().min(1),\n  },\n  handler: async ({ workspace, app_id }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n      { method: \"DELETE\" },\n    ),\n});\n\nexport const tools = [listApps, createOidcApp, deleteOidcApp] as const;\n","/**\n * Billing tools — read state, manage spending cap, generate Stripe portal URL.\n * Checkout/upgrade flow returns a Stripe-hosted URL; the agent surfaces it to\n * the user for them to navigate (we don't process payment data here).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBilling = defineTool({\n  name: \"get_billing\",\n  description:\n    \"Get current billing state: plan, subscription status, current period, spending_cap_cents, signups_blocked.\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/billing`,\n    ),\n});\n\nexport const setSpendingCap = defineTool({\n  name: \"set_spending_cap\",\n  description:\n    \"Cap monthly Pro overage spend (cents). Pass null to remove cap (unlimited). When projected overage exceeds cap, signups_blocked flips on.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    spending_cap_cents: z\n      .number()\n      .int()\n      .min(0)\n      .max(10_000_000)\n      .nullable()\n      .describe(\"Max overage cents per period; null = unlimited\"),\n  },\n  handler: async ({ workspace, spending_cap_cents }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/billing/spending-cap`,\n      { method: \"PATCH\", body: { spending_cap_cents } },\n    ),\n});\n\nexport const startCheckout = defineTool({\n  name: \"start_billing_checkout\",\n  description:\n    \"Create a Stripe Checkout session for upgrading. Returns the URL the user must visit. Plan must be `pro` (Free has no checkout; Enterprise is sales-only).\",\n  inputShape: {\n    workspace: z.string().min(1),\n    plan: z.enum([\"pro\"]),\n  },\n  handler: async ({ workspace, plan }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/billing/checkout`,\n      { method: \"POST\", body: { plan } },\n    ),\n});\n\nexport const startBillingPortal = defineTool({\n  name: \"start_billing_portal\",\n  description:\n    \"Create a Stripe customer-portal session URL where the user manages payment methods, downloads invoices, cancels subscription.\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/billing/portal`,\n      { method: \"POST\" },\n    ),\n});\n\nexport const tools = [\n  getBilling,\n  setSpendingCap,\n  startCheckout,\n  startBillingPortal,\n] as const;\n","/**\n * Branding tools — colors, fonts, logo for the login page. Logo upload is\n * out of MCP scope (multipart binary uploads don't fit MCP tool semantics\n * cleanly); use the dashboard or API directly for that.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBranding = defineTool({\n  name: \"get_branding\",\n  description:\n    \"Return the workspace's active branding policy (colors, fonts, hide-prysmid-watermark flag, logo URLs).\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n    ),\n});\n\nexport const updateBranding = defineTool({\n  name: \"update_branding\",\n  description:\n    \"Update branding colors and watermark. Hex colors as `#RRGGBB`. Activates the policy after update — change shows on next login screen render.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    primary_color: z\n      .string()\n      .regex(/^#[0-9a-fA-F]{6}$/)\n      .optional(),\n    background_color: z\n      .string()\n      .regex(/^#[0-9a-fA-F]{6}$/)\n      .optional(),\n    warn_color: z\n      .string()\n      .regex(/^#[0-9a-fA-F]{6}$/)\n      .optional(),\n    font_color: z\n      .string()\n      .regex(/^#[0-9a-fA-F]{6}$/)\n      .optional(),\n    disable_watermark: z\n      .boolean()\n      .optional()\n      .describe(\n        \"Hide 'Powered by Prysmid' on the login screen (Pro+ only — Free silently ignored).\",\n      ),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n      { method: \"PATCH\", body },\n    ),\n});\n\nexport const tools = [getBranding, updateBranding] as const;\n","/**\n * Curated high-level tools — the ones agents would naturally reach for to\n * accomplish a goal in one call, instead of orchestrating 4 raw endpoints.\n *\n * Keep these small: each represents one end-user intent (\"set up a workspace\n * with Google login\"). Branch logic and prompts stay on the agent side; this\n * file only owns the API choreography.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst SetupWorkspaceOutput = z.object({\n  workspace_id: z.string(),\n  slug: z.string(),\n  auth_domain: z.string(),\n  state: z.string(),\n});\n\nexport const setupPrysmidWorkspace = defineTool({\n  name: \"setup_prysmid_workspace\",\n  description:\n    \"Create a new workspace and wait until it's fully provisioned (Zitadel instance, SMTP, DNS). Returns the live auth_domain ready to integrate.\",\n  inputShape: {\n    slug: z\n      .string()\n      .min(2)\n      .max(63)\n      .regex(/^[a-z0-9-]+$/),\n    display_name: z.string().min(1),\n    timeout_seconds: z\n      .number()\n      .int()\n      .min(10)\n      .max(300)\n      .default(120)\n      .describe(\"Max time to wait for provisioning before returning.\"),\n  },\n  handler: async (\n    { slug, display_name, timeout_seconds },\n    { client, log },\n  ) => {\n    const created = (await client.request(\"/v1/workspaces\", {\n      method: \"POST\",\n      body: { slug, display_name },\n    })) as { id: string; slug: string; state: string; auth_domain?: string };\n\n    const deadline = Date.now() + timeout_seconds * 1000;\n    while (Date.now() < deadline) {\n      const ws = (await client.request(\n        `/v1/workspaces/${encodeURIComponent(created.id)}`,\n      )) as {\n        id: string;\n        slug: string;\n        state: string;\n        auth_domain?: string;\n        provisioning_error?: string;\n      };\n      if (ws.state === \"active\") {\n        return SetupWorkspaceOutput.parse({\n          workspace_id: ws.id,\n          slug: ws.slug,\n          auth_domain: ws.auth_domain ?? `auth.${ws.slug}.prysmid.com`,\n          state: ws.state,\n        });\n      }\n      if (ws.state === \"provisioning_failed\") {\n        throw new Error(\n          `Workspace provisioning failed: ${ws.provisioning_error ?? \"unknown reason\"}`,\n        );\n      }\n      log.debug(`workspace ${created.id} state=${ws.state}, polling…`);\n      await sleep(3000);\n    }\n    throw new Error(\n      `Workspace did not reach state=active within ${timeout_seconds}s`,\n    );\n  },\n});\n\nfunction sleep(ms: number) {\n  return new Promise((r) => setTimeout(r, ms));\n}\n\nexport const enableGoogleLogin = defineTool({\n  name: \"enable_google_login\",\n  description:\n    \"Add Google as an identity provider on a workspace and enable external IdPs in the login policy. Hands you a checklist if external IdPs were already disabled — agent should confirm before flipping that flag.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    google_client_id: z.string().min(1),\n    google_client_secret: z.string().min(1),\n    name: z.string().default(\"Google\"),\n  },\n  handler: async (\n    { workspace, google_client_id, google_client_secret, name },\n    { client },\n  ) => {\n    const idp = await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n      {\n        method: \"POST\",\n        body: {\n          provider: \"google\",\n          name,\n          config: {\n            client_id: google_client_id,\n            client_secret: google_client_secret,\n          },\n        },\n      },\n    );\n\n    // Force-enable external IdP toggle in case the workspace had it off.\n    await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n      { method: \"PATCH\", body: { allow_external_idp: true } },\n    );\n\n    return { idp, login_policy: \"allow_external_idp=true\" };\n  },\n});\n\ninterface SetupCheckItem {\n  ok: boolean;\n  name: string;\n  details?: string;\n}\n\nexport const prysmidSetupCheck = defineTool({\n  name: \"prysmid_setup_check\",\n  description:\n    \"Run a readiness checklist on a workspace: state=active, ≥1 OIDC app, ≥1 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable. Returns pass/fail per item plus a summary verdict.\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) => {\n    const ws = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}`,\n    )) as { state: string; auth_domain?: string };\n    const apps = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n    )) as unknown[];\n    const idps = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n    )) as unknown[];\n    const policy = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n    )) as {\n      allow_username_password?: boolean;\n      allow_register?: boolean;\n      allow_external_idp?: boolean;\n      force_mfa?: boolean;\n    };\n    const branding = (await client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n    )) as { primary_color?: string };\n\n    const checks: SetupCheckItem[] = [\n      {\n        ok: ws.state === \"active\",\n        name: \"workspace_active\",\n        details: `state=${ws.state}`,\n      },\n      {\n        ok: apps.length > 0,\n        name: \"has_at_least_one_app\",\n        details: `${apps.length} apps`,\n      },\n      {\n        ok:\n          idps.length > 0 ||\n          (policy.allow_username_password === true &&\n            policy.allow_register === true),\n        name: \"users_can_sign_in\",\n        details:\n          idps.length > 0\n            ? `${idps.length} idps`\n            : \"no idps; must allow username+password+register\",\n      },\n      {\n        ok: !!branding.primary_color,\n        name: \"branding_primary_color_set\",\n      },\n      {\n        ok: policy.force_mfa === true || idps.length > 0,\n        name: \"auth_strength_reasonable\",\n        details: policy.force_mfa\n          ? \"force_mfa=true\"\n          : \"MFA off but external IdP present\",\n      },\n    ];\n    const verdict = checks.every((c) => c.ok) ? \"ready\" : \"incomplete\";\n    return { verdict, checks };\n  },\n});\n\nexport const tools = [\n  setupPrysmidWorkspace,\n  enableGoogleLogin,\n  prysmidSetupCheck,\n] as const;\n","/**\n * Identity provider tools — Google, GitHub, Microsoft, generic OIDC.\n * Each create_* operation atomically: creates the IdP config AND adds it to\n * the login policy so it appears on the login screen. The Prysmid API\n * encapsulates that two-step lifecycle behind a single endpoint.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listIdps = defineTool({\n  name: \"list_idps\",\n  description:\n    \"List identity providers (Google/GitHub/Microsoft/OIDC) configured on a workspace.\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/idps`),\n});\n\nexport const addIdp = defineTool({\n  name: \"add_idp\",\n  description:\n    \"Add an identity provider to the workspace and attach it to the login policy in one atomic call. Provider-specific fields go in `config`.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    provider: z.enum([\"google\", \"github\", \"azure_ad\", \"oidc\"]),\n    name: z.string().min(1).describe(\"Display name shown on login screen\"),\n    config: z\n      .object({\n        client_id: z.string().min(1),\n        client_secret: z.string().min(1),\n        scopes: z.array(z.string()).optional(),\n        issuer: z\n          .string()\n          .url()\n          .optional()\n          .describe(\"Required for `oidc`; ignored otherwise\"),\n        tenant_id: z\n          .string()\n          .optional()\n          .describe(\n            \"Required for `azure_ad` to lock to a specific Microsoft tenant\",\n          ),\n      })\n      .describe(\"Provider-specific OAuth config\"),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n      { method: \"POST\", body },\n    ),\n});\n\nexport const deleteIdp = defineTool({\n  name: \"delete_idp\",\n  description:\n    \"Remove an identity provider. Strips it from the login policy then deletes the config. Idempotent.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    idp_id: z.string().min(1),\n  },\n  handler: async ({ workspace, idp_id }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n      { method: \"DELETE\" },\n    ),\n});\n\nexport const tools = [listIdps, addIdp, deleteIdp] as const;\n","/**\n * Login policy tools — control which authentication methods are allowed,\n * MFA enforcement, lockout thresholds. Patches are merge semantics on the\n * server side; only fields you set are changed.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getLoginPolicy = defineTool({\n  name: \"get_login_policy\",\n  description:\n    \"Return the workspace's current login policy (password rules, MFA, IdPs allowed, lockout, etc.).\",\n  inputShape: {\n    workspace: z.string().min(1),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n    ),\n});\n\nexport const updateLoginPolicy = defineTool({\n  name: \"update_login_policy\",\n  description:\n    \"Update the login policy. PATCH semantics — only fields you pass are changed; other policy fields stay as they were.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    allow_username_password: z.boolean().optional(),\n    allow_register: z.boolean().optional(),\n    allow_external_idp: z.boolean().optional(),\n    force_mfa: z\n      .boolean()\n      .optional()\n      .describe(\"Require any second factor at login\"),\n    passwordless_type: z\n      .enum([\n        \"PASSWORDLESS_TYPE_NOT_ALLOWED\",\n        \"PASSWORDLESS_TYPE_ALLOWED\",\n      ])\n      .optional()\n      .describe(\"Enables passkey-first when set to ALLOWED\"),\n    max_password_attempts: z.number().int().min(0).max(20).optional(),\n    lockout_password_attempts: z.number().int().min(0).max(20).optional(),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n      { method: \"PATCH\", body },\n    ),\n});\n\nexport const tools = [getLoginPolicy, updateLoginPolicy] as const;\n","/**\n * User tools — list, invite (sends Zitadel init email), delete.\n * Invite is the primary creation path; users set their own password via the\n * email link. Direct user creation with pre-set credentials is intentionally\n * not exposed here.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listUsers = defineTool({\n  name: \"list_users\",\n  description: \"List human users in a workspace.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    limit: z.number().int().min(1).max(500).default(100),\n  },\n  handler: async ({ workspace, limit }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/users`,\n      { query: { limit } },\n    ),\n});\n\nexport const inviteUser = defineTool({\n  name: \"invite_user\",\n  description:\n    \"Invite a user by email. Idempotent by email — re-inviting an existing user is a no-op. Triggers a Zitadel init email with a 'set your password' link.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    email: z\n      .string()\n      .regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/, \"must be a valid email\"),\n    first_name: z.string().min(1),\n    last_name: z.string().min(1),\n    preferred_language: z\n      .string()\n      .length(2)\n      .default(\"en\")\n      .describe(\"ISO 639-1, e.g. en/es/pt\"),\n  },\n  handler: async ({ workspace, ...body }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/users/invite`,\n      { method: \"POST\", body },\n    ),\n});\n\nexport const deleteUser = defineTool({\n  name: \"delete_user\",\n  description: \"Delete a user by id. Idempotent.\",\n  inputShape: {\n    workspace: z.string().min(1),\n    user_id: z.string().min(1),\n  },\n  handler: async ({ workspace, user_id }, { client }) =>\n    client.request(\n      `/v1/workspaces/${encodeURIComponent(workspace)}/users/${encodeURIComponent(user_id)}`,\n      { method: \"DELETE\" },\n    ),\n});\n\nexport const tools = [listUsers, inviteUser, deleteUser] as const;\n","/**\n * Hand-written workspace tools. These are the ones agents reach for first;\n * the rest of the surface is auto-generated from OpenAPI in a later pass.\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listWorkspaces = defineTool({\n  name: \"list_workspaces\",\n  description:\n    \"List Prysmid workspaces accessible to the current API token. Returns an array of {id, slug, display_name, plan, state}.\",\n  inputShape: {},\n  handler: async (_input, { client }) =>\n    client.request(\"/v1/workspaces\", { method: \"GET\" }),\n});\n\nexport const getWorkspace = defineTool({\n  name: \"get_workspace\",\n  description: \"Get a single workspace by slug or id.\",\n  inputShape: {\n    workspace: z\n      .string()\n      .min(1)\n      .describe(\"Workspace slug or UUID\"),\n  },\n  handler: async ({ workspace }, { client }) =>\n    client.request(`/v1/workspaces/${encodeURIComponent(workspace)}`),\n});\n\nexport const createWorkspace = defineTool({\n  name: \"create_workspace\",\n  description:\n    \"Create a new Prysmid workspace. Provisioning runs in the background; the response returns immediately with state=provisioning. Poll `get_workspace` until state=active (~30s).\",\n  inputShape: {\n    slug: z\n      .string()\n      .min(2)\n      .max(63)\n      .regex(/^[a-z0-9-]+$/, \"lowercase alphanumeric and hyphens only\")\n      .describe(\"Subdomain-safe slug — becomes auth.<slug>.prysmid.com\"),\n    display_name: z.string().min(1).max(255),\n  },\n  handler: async (input, { client }) =>\n    client.request(\"/v1/workspaces\", { method: \"POST\", body: input }),\n});\n\nexport const tools = [listWorkspaces, getWorkspace, createWorkspace] as const;\n","/**\n * AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n *\n * Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createApp = defineTool({\n  name: \"create_app\",\n  description: \"Create App\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    name: z.string().min(1).max(200),\n    redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user back after auth. At least one required.\"),\n    post_logout_redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user after logout.\").optional(),\n    app_type: z.enum([\"web\", \"spa\", \"native\"]).describe(\"App kind, drives OIDC grant + auth_method defaults.\\n\\n- `web`: server-rendered confidential client. Gets a `client_secret`.\\n- `spa`: single-page app (user-agent). Public, PKCE required, no secret.\\n- `native`: desktop/mobile. Public, PKCE required, no secret.\").optional(),\n    dev_mode: z.boolean().describe(\"Relax HTTPS requirement on redirect_uris (allows http://localhost). Use only for local development; never in production.\").default(false),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, ...__body } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"POST\", body: __body });\n  },\n});\n\nexport const deleteApp = defineTool({\n  name: \"delete_app\",\n  description: \"Delete App\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    app_id: z.string(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, app_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps/${encodeURIComponent(String(app_id))}`, { method: \"DELETE\" });\n  },\n});\n\nexport const listApps = defineTool({\n  name: \"list_apps\",\n  description: \"List Apps\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"GET\" });\n  },\n});\n\nexport const generatedAppsTools = [\n  createApp,\n  deleteApp,\n  listApps,\n];\n","/**\n * AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n *\n * Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const billingCheckout = defineTool({\n  name: \"billing_checkout\",\n  description: \"Checkout\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    plan: z.enum([\"free\", \"pro\", \"enterprise\"]),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, ...__body } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/checkout`, { method: \"POST\", body: __body });\n  },\n});\n\nexport const billingGetState = defineTool({\n  name: \"billing_get_state\",\n  description: \"Get State\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing`, { method: \"GET\" });\n  },\n});\n\nexport const billingPortal = defineTool({\n  name: \"billing_portal\",\n  description: \"Portal\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/portal`, { method: \"POST\" });\n  },\n});\n\nexport const updateSpendingCap = defineTool({\n  name: \"update_spending_cap\",\n  description: \"Update Spending Cap\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    cents: z.number().int().min(0).nullable().optional(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, ...__body } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/spending-cap`, { method: \"PATCH\", body: __body });\n  },\n});\n\nexport const generatedBillingTools = [\n  billingCheckout,\n  billingGetState,\n  billingPortal,\n  updateSpendingCap,\n];\n","/**\n * AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n *\n * Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteLogo = defineTool({\n  name: \"delete_logo\",\n  description: \"Delete Logo\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding/logo`, { method: \"DELETE\" });\n  },\n});\n\nexport const getBranding = defineTool({\n  name: \"get_branding\",\n  description: \"Get Branding\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"GET\" });\n  },\n});\n\nexport const updateBranding = defineTool({\n  name: \"update_branding\",\n  description: \"Update Branding\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    primary_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),\n    background_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),\n    warn_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),\n    font_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),\n    primary_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),\n    background_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),\n    warn_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),\n    font_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/).nullable().optional(),\n    hide_login_name_suffix: z.boolean().nullable().optional(),\n    disable_watermark: z.boolean().nullable().optional(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, ...__body } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"PATCH\", body: __body });\n  },\n});\n\nexport const generatedBrandingTools = [\n  deleteLogo,\n  getBranding,\n  updateBranding,\n];\n","/**\n * AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n *\n * Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createIdp = defineTool({\n  name: \"create_idp\",\n  description: \"Create Idp\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    type: z.enum([\"google\", \"github\", \"microsoft\", \"oidc\"]),\n    name: z.string().min(1).max(200),\n    client_id: z.string().min(1),\n    client_secret: z.string().min(1),\n    issuer: z.string().url().min(1).max(2083).nullable().optional(),\n    tenant_id: z.string().nullable().optional(),\n    scopes: z.array(z.string()).nullable().optional(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, ...__body } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"POST\", body: __body });\n  },\n});\n\nexport const deleteIdp = defineTool({\n  name: \"delete_idp\",\n  description: \"Delete Idp\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    idp_id: z.string(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, idp_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps/${encodeURIComponent(String(idp_id))}`, { method: \"DELETE\" });\n  },\n});\n\nexport const listIdps = defineTool({\n  name: \"list_idps\",\n  description: \"List Idps\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"GET\" });\n  },\n});\n\nexport const generatedIdpsTools = [\n  createIdp,\n  deleteIdp,\n  listIdps,\n];\n","/**\n * AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n *\n * Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getLoginPolicy = defineTool({\n  name: \"get_login_policy\",\n  description: \"Get Login Policy\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"GET\" });\n  },\n});\n\nexport const updateLoginPolicy = defineTool({\n  name: \"update_login_policy\",\n  description: \"Update Login Policy\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    allow_username_password: z.boolean().nullable().optional(),\n    allow_register: z.boolean().nullable().optional(),\n    allow_external_idp: z.boolean().nullable().optional(),\n    force_mfa: z.boolean().nullable().optional(),\n    passwordless_allowed: z.boolean().nullable().optional(),\n    second_factors: z.array(z.enum([\"otp\", \"u2f\", \"otp_email\", \"otp_sms\"])).nullable().optional(),\n    multi_factors: z.array(z.enum([\"u2f_verified\"])).nullable().optional(),\n    hide_password_reset: z.boolean().nullable().optional(),\n    ignore_unknown_usernames: z.boolean().nullable().optional(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, ...__body } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"PATCH\", body: __body });\n  },\n});\n\nexport const generatedLoginPolicyTools = [\n  getLoginPolicy,\n  updateLoginPolicy,\n];\n","/**\n * AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n *\n * Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getSmtp = defineTool({\n  name: \"get_smtp\",\n  description: \"Get Smtp\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"GET\" });\n  },\n});\n\nexport const revertToPlatformDefault = defineTool({\n  name: \"revert_to_platform_default\",\n  description: \"Revert To Platform Default\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"DELETE\" });\n  },\n});\n\nexport const setCustomSmtp = defineTool({\n  name: \"set_custom_smtp\",\n  description: \"Set Custom Smtp\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    host: z.string().min(1),\n    port: z.number().int().min(1).max(65535),\n    tls: z.boolean().default(true),\n    sender_address: z.string().min(3).describe(\"Address that appears in the From header.\"),\n    sender_name: z.string().min(1).max(200),\n    user: z.string().min(1).describe(\"SMTP auth username.\"),\n    password: z.string().min(1).describe(\"SMTP auth password / API key.\"),\n    reply_to_address: z.string().describe(\"Optional Reply-To header.\").default(\"\"),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, ...__body } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"PUT\", body: __body });\n  },\n});\n\nexport const generatedSmtpTools = [\n  getSmtp,\n  revertToPlatformDefault,\n  setCustomSmtp,\n];\n","/**\n * AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n *\n * Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteUser = defineTool({\n  name: \"delete_user\",\n  description: \"Delete User\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    user_id: z.string(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, user_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/${encodeURIComponent(String(user_id))}`, { method: \"DELETE\" });\n  },\n});\n\nexport const inviteUser = defineTool({\n  name: \"invite_user\",\n  description: \"Invite User\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    email: z.string().max(320).regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/),\n    first_name: z.string().min(1).max(100),\n    last_name: z.string().min(1).max(100),\n    user_name: z.string().nullable().optional(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, ...__body } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/invite`, { method: \"POST\", body: __body });\n  },\n});\n\nexport const listUsers = defineTool({\n  name: \"list_users\",\n  description: \"List Users\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users`, { method: \"GET\" });\n  },\n});\n\nexport const generatedUsersTools = [\n  deleteUser,\n  inviteUser,\n  listUsers,\n];\n","/**\n * AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n *\n * Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n */\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createWorkspace = defineTool({\n  name: \"create_workspace\",\n  description: \"Create Workspace\",\n  inputShape: {\n    slug: z.string().min(3).max(63).regex(/^[a-z][a-z0-9-]*[a-z0-9]$/).describe(\"URL-safe lowercase slug. Becomes part of auth.<slug>.prysmid.com.\"),\n    display_name: z.string().min(1).max(255),\n    plan: z.enum([\"free\", \"pro\", \"enterprise\"]).optional(),\n  },\n  handler: async (input, { client }) => {\n    return client.request(`/v1/workspaces`, { method: \"POST\", body: input });\n  },\n});\n\nexport const deleteWorkspace = defineTool({\n  name: \"delete_workspace\",\n  description: \"Delete Workspace\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"DELETE\" });\n  },\n});\n\nexport const getWorkspace = defineTool({\n  name: \"get_workspace\",\n  description: \"Get Workspace\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"GET\" });\n  },\n});\n\nexport const listWorkspaces = defineTool({\n  name: \"list_workspaces\",\n  description: \"List Workspaces\",\n  inputShape: {},\n  handler: async (_input, { client }) => {\n    return client.request(`/v1/workspaces`, { method: \"GET\" });\n  },\n});\n\nexport const retryProvisioning = defineTool({\n  name: \"retry_provisioning\",\n  description: \"Retry Provisioning\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/retry-provisioning`, { method: \"POST\" });\n  },\n});\n\nexport const updateWorkspace = defineTool({\n  name: \"update_workspace\",\n  description: \"Update Workspace\",\n  inputShape: {\n    workspace_id: z.string().uuid(),\n    display_name: z.string().min(1).max(255).nullable().optional(),\n  },\n  handler: async (input, { client }) => {\n    const { workspace_id, ...__body } = input;\n    return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"PATCH\", body: __body });\n  },\n});\n\nexport const generatedWorkspacesTools = [\n  createWorkspace,\n  deleteWorkspace,\n  getWorkspace,\n  listWorkspaces,\n  retryProvisioning,\n  updateWorkspace,\n];\n","/**\n * AUTO-GENERATED. Do not edit.\n *\n * Aggregates every tag's generated tools into a single array. The merge with\n * hand-written tools (where hand-written wins on name collision) lives in\n * src/index.ts.\n */\nimport { generatedAppsTools } from \"./apps.js\";\nimport { generatedBillingTools } from \"./billing.js\";\nimport { generatedBrandingTools } from \"./branding.js\";\nimport { generatedIdpsTools } from \"./idps.js\";\nimport { generatedLoginPolicyTools } from \"./login-policy.js\";\nimport { generatedSmtpTools } from \"./smtp.js\";\nimport { generatedUsersTools } from \"./users.js\";\nimport { generatedWorkspacesTools } from \"./workspaces.js\";\n\nexport const generatedTools = [\n  ...generatedAppsTools,\n  ...generatedBillingTools,\n  ...generatedBrandingTools,\n  ...generatedIdpsTools,\n  ...generatedLoginPolicyTools,\n  ...generatedSmtpTools,\n  ...generatedUsersTools,\n  ...generatedWorkspacesTools,\n];\n"],"mappings":";;;AAoBA,SAAS,iBAAiB;AAC1B,SAAS,4BAA4B;;;ACsCrC,IAAM,gBAAgB,CAAC,OACrB,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAEtC,IAAM,iBAAiB,CAAC,UAA0B;AAChD,aAAW,QAAQ,MAAO,SAAQ,OAAO,MAAM,GAAG,IAAI;AAAA,CAAI;AAC5D;AAEA,eAAsB,WACpB,MAC0B;AAC1B,QAAMA,SAAQ,KAAK,SAAS;AAC5B,QAAM,SAAS,KAAK,UAAU;AAC9B,QAAM,YAAY,KAAK,aAAa;AACpC,QAAM,EAAE,SAAS,IAAI,IAAI;AAEzB,QAAM,QAAQ,MAAM;AAAA,IAClB;AAAA,IACA,GAAG,OAAO;AAAA,IACV,CAAC;AAAA,EACH;AAEA,QAAM,YAAY,MAAM,6BAA6B,MAAM;AAC3D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU,SAAS;AAAA,IACnB;AAAA,IACA;AAAA,IACA,UAAU,MAAM,SAAS;AAAA,IACzB;AAAA,IACA,0CAA0C,MAAM,UAAU;AAAA,IAC1D;AAAA,EACF,CAAC;AAED,MAAI,WAAW,KAAK,IAAI,GAAG,MAAM,YAAY,CAAC;AAC9C,QAAM,WAAW,KAAK,IAAI,IAAI,MAAM,aAAa;AAEjD,SAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,UAAMA,OAAM,WAAW,GAAI;AAE3B,QAAI;AACJ,QAAI;AACF,YAAM,MAAM;AAAA,QACV;AAAA,QACA,GAAG,OAAO;AAAA,QACV,EAAE,aAAa,MAAM,YAAY;AAAA,MACnC;AAAA,IACF,SAAS,GAAG;AACV,UAAI,KAAK,wCAAwC;AAAA,QAC/C,OAAO,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC;AAAA,MAClD,CAAC;AACD;AAAA,IACF;AAEA,QAAI,IAAI,WAAW,YAAY;AAC7B,UAAI,CAAC,IAAI,cAAc;AACrB,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AACA,UAAI,KAAK,8BAA8B;AAAA,QACrC,WAAW,IAAI,cAAc;AAAA,MAC/B,CAAC;AACD,aAAO;AAAA,QACL,aAAa,IAAI;AAAA,QACjB,cAAc,IAAI,iBAAiB;AAAA,QACnC,WAAW,IAAI,cAAc;AAAA,MAC/B;AAAA,IACF;AACA,QAAI,IAAI,WAAW,aAAa;AAC9B,kBAAY;AACZ,UAAI,MAAM,yBAAyB,EAAE,aAAa,SAAS,CAAC;AAC5D;AAAA,IACF;AACA,QAAI,IAAI,WAAW,UAAW;AAC9B,QAAI,IAAI,WAAW,WAAW;AAC5B,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AACA,QAAI,IAAI,WAAW,UAAU;AAC3B,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AACA,QAAI,KAAK,8BAA8B,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,EAC/D;AAEA,QAAM,IAAI,MAAM,0CAA0C;AAC5D;AAEA,eAAe,SACb,WACA,KACA,MACY;AACZ,QAAM,MAAM,MAAM,UAAU,KAAK;AAAA,IAC/B,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oBAAoB,QAAQ,mBAAmB;AAAA,IAC1E,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AACD,QAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,QAAQ,GAAG,YAAY,IAAI,MAAM,IAAI,IAAI,EAAE;AAAA,EAC7D;AACA,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,UAAM,IAAI,MAAM,QAAQ,GAAG,uBAAuB,KAAK,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,EACxE;AACF;;;AChKO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EANkB;AAAA,EACA;AAAA,EACA;AAKpB;AAQO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YACmB,KACA,KAMA,gBAA+B,MAChD;AARiB;AACA;AAMA;AAAA,EAChB;AAAA,EARgB;AAAA,EACA;AAAA,EAMA;AAAA,EAGnB,IAAY,iBAAgC;AAC1C,WAAO,KAAK,iBAAiB,KAAK,IAAI;AAAA,EACxC;AAAA,EAEA,MAAM,QAAqB,MAAc,OAAuB,CAAC,GAAe;AAC9E,UAAM,QAAQ,KAAK;AACnB,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,KAAK,IAAI,UAAU,IAAI;AAC3C,QAAI,KAAK,OAAO;AACd,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,KAAK,GAAG;AAC/C,YAAI,MAAM,OAAW,KAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,MACxD;AAAA,IACF;AAEA,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAkC;AAAA,MACtC,eAAe,UAAU,KAAK;AAAA,MAC9B,QAAQ;AAAA,IACV;AACA,QAAI,KAAK,SAAS,OAAW,SAAQ,cAAc,IAAI;AAEvD,SAAK,IAAI,MAAM,QAAQ,MAAM,IAAI,IAAI,QAAQ,EAAE;AAC/C,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,IAC9D,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,UAAI;AACJ,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,eAAO,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ,QAAQ;AAAA,MACpE,QAAQ;AAAA,MAER;AACA,YAAM,IAAI;AAAA,QACR,eAAe,IAAI,MAAM,OAAO,MAAM,IAAI,IAAI;AAAA,QAC9C,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS,GAAI,QAAO;AACxB,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACvFA,IAAM,mBAAmB;AAElB,SAAS,WAAW,MAAyB,QAAQ,KAAa;AACvE,QAAM,WAAW,IAAI,oBAAoB,kBAAkB,QAAQ,QAAQ,EAAE;AAC7E,QAAM,WAAW,IAAI,mBAAmB,KAAK,KAAK;AAClD,QAAM,YAAY,IAAI,yBAAyB,QAAQ,YAAY;AACnE,QAAM,WACJ,aAAa,WAAW,aAAa,UAAU,aAAa,UACxD,WACA;AACN,SAAO,EAAE,SAAS,UAAU,SAAS;AACvC;;;ACjBA,IAAM,QAAQ,EAAE,OAAO,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,GAAG;AASlD,SAAS,WAAW,KAAuC;AAChE,QAAM,YAAY,MAAM,IAAI,QAAQ;AAEpC,WAAS,KAAK,OAA2B,KAAa,OAAiB;AACrE,QAAI,MAAM,KAAK,IAAI,UAAW;AAC9B,UAAM,MAAK,oBAAI,KAAK,GAAE,YAAY;AAClC,UAAM,UAAU,UAAU,SAAY,KAAK,IAAI,SAAS,KAAK,CAAC;AAC9D,YAAQ,OAAO,MAAM,GAAG,EAAE,IAAI,MAAM,YAAY,CAAC,IAAI,GAAG,GAAG,OAAO;AAAA,CAAI;AAAA,EACxE;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,IACnC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,EACrC;AACF;AAEA,SAAS,SAAS,GAAoB;AACpC,MAAI;AACF,WAAO,KAAK,UAAU,CAAC;AAAA,EACzB,QAAQ;AACN,WAAO,OAAO,CAAC;AAAA,EACjB;AACF;;;AC5BA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,SAAS,gBAAgB;AAClC,SAAS,SAAS,YAAY;AAU9B,IAAM,UAAU;AAChB,IAAM,YAAY;AAClB,IAAM,sBAAsB;AAErB,SAAS,aAAa,MAAyB,QAAQ,KAAa;AACzE,MAAI,SAAS,MAAM,SAAS;AAC1B,UAAM,OAAO,IAAI;AACjB,QAAI,KAAM,QAAO,KAAK,MAAM,SAAS,SAAS;AAC9C,WAAO,KAAK,QAAQ,GAAG,IAAI,OAAO,IAAI,SAAS;AAAA,EACjD;AACA,QAAM,MAAM,IAAI;AAChB,MAAI,IAAK,QAAO,KAAK,KAAK,SAAS,SAAS;AAC5C,SAAO,KAAK,QAAQ,GAAG,WAAW,SAAS,SAAS;AACtD;AAEO,SAAS,UACd,SACA,MAAyB,QAAQ,KACb;AACpB,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,CAAC,WAAW,IAAI,EAAG,QAAO;AAC9B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,aAAa,MAAM,MAAM,CAAC;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACA,MAAI,OAAO,YAAY,QAAS,QAAO;AACvC,QAAM,SAAS,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC3C,MAAI,OAAO,YAAY,uBAAuB,OAAQ,QAAO;AAC7D,MAAI,OAAO,OAAO,gBAAgB,YAAY,CAAC,OAAO,aAAa;AACjE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,UACd,OACA,MAAyB,QAAQ,KAC3B;AACN,QAAM,OAAO,aAAa,GAAG;AAC7B,YAAU,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C,gBAAc,MAAM,KAAK,UAAU,OAAO,MAAM,CAAC,GAAG,MAAM;AAC1D,MAAI,SAAS,MAAM,SAAS;AAC1B,QAAI;AACF,gBAAU,MAAM,GAAK;AAAA,IACvB,QAAQ;AAAA,IAER;AAAA,EACF;AACF;AAEO,SAAS,WAAW,MAAyB,QAAQ,KAAW;AACrE,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,WAAW,IAAI,GAAG;AACpB,WAAO,MAAM,EAAE,OAAO,KAAK,CAAC;AAAA,EAC9B;AACF;;;AChDO,SAAS,WAAoC,GAA2B;AAC7E,SAAO;AACT;AAOO,SAAS,YACd,QACA,KAEAC,QACM;AACN,aAAW,QAAQA,QAAO;AACxB,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,QACE,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,MACpB;AAAA;AAAA,MAEA,OAAO,UAAe;AACpB,YAAI;AACF,gBAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,GAAG;AAC5C,iBAAO;AAAA,YACL,SAAS;AAAA,cACP;AAAA,gBACE,MAAM;AAAA,gBACN,MACE,OAAO,WAAW,WACd,SACA,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,cACtC;AAAA,YACF;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,cAAI,IAAI,MAAM,QAAQ,KAAK,IAAI,WAAW,EAAE,QAAQ,CAAC;AACrD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,SAAS;AAAA,cACP,EAAE,MAAM,QAAiB,MAAM,UAAU,OAAO,GAAG;AAAA,YACrD;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACpFA,SAAS,SAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,EAChE;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC;AAAA,IAC9C,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,UAAU,EACP,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EACA,QAAQ,mBAAmB;AAAA,IAC9B,aAAa,EACV,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EACA,QAAQ,4BAA4B;AAAA,IACvC,UAAU,EACP,QAAQ,EACR,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,QAAQ,CAAC,UAAU,eAAe,aAAa;;;ACjE5D,SAAS,KAAAC,UAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAU,EACd,SAAS,EACT,SAAS,gDAAgD;AAAA,EAC9D;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,mBAAmB,GAAG,EAAE,OAAO,MAC1D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,mBAAmB,EAAE;AAAA,EAClD;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GAAE,KAAK,CAAC,KAAK,CAAC;AAAA,EACtB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,KAAK,GAAG,EAAE,OAAO,MAC5C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,MAAM,EAAE,KAAK,EAAE;AAAA,EACnC;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACxEA,SAAS,KAAAC,UAAS;AAIX,IAAM,cAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GACZ,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,kBAAkBA,GACf,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,aAAa,cAAc;;;AClDjD,SAAS,KAAAC,UAAS;AAIlB,IAAM,uBAAuBC,GAAE,OAAO;AAAA,EACpC,cAAcA,GAAE,OAAO;AAAA,EACvB,MAAMA,GAAE,OAAO;AAAA,EACf,aAAaA,GAAE,OAAO;AAAA,EACtB,OAAOA,GAAE,OAAO;AAClB,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,cAAc;AAAA,IACvB,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC9B,iBAAiBA,GACd,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,IAAI,GAAG,EACP,QAAQ,GAAG,EACX,SAAS,qDAAqD;AAAA,EACnE;AAAA,EACA,SAAS,OACP,EAAE,MAAM,cAAc,gBAAgB,GACtC,EAAE,QAAQ,IAAI,MACX;AACH,UAAM,UAAW,MAAM,OAAO,QAAQ,kBAAkB;AAAA,MACtD,QAAQ;AAAA,MACR,MAAM,EAAE,MAAM,aAAa;AAAA,IAC7B,CAAC;AAED,UAAM,WAAW,KAAK,IAAI,IAAI,kBAAkB;AAChD,WAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,YAAM,KAAM,MAAM,OAAO;AAAA,QACvB,kBAAkB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAClD;AAOA,UAAI,GAAG,UAAU,UAAU;AACzB,eAAO,qBAAqB,MAAM;AAAA,UAChC,cAAc,GAAG;AAAA,UACjB,MAAM,GAAG;AAAA,UACT,aAAa,GAAG,eAAe,QAAQ,GAAG,IAAI;AAAA,UAC9C,OAAO,GAAG;AAAA,QACZ,CAAC;AAAA,MACH;AACA,UAAI,GAAG,UAAU,uBAAuB;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,GAAG,sBAAsB,gBAAgB;AAAA,QAC7E;AAAA,MACF;AACA,UAAI,MAAM,aAAa,QAAQ,EAAE,UAAU,GAAG,KAAK,iBAAY;AAC/D,YAAM,MAAM,GAAI;AAAA,IAClB;AACA,UAAM,IAAI;AAAA,MACR,+CAA+C,eAAe;AAAA,IAChE;AAAA,EACF;AACF,CAAC;AAED,SAAS,MAAM,IAAY;AACzB,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAClC,sBAAsBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtC,MAAMA,GAAE,OAAO,EAAE,QAAQ,QAAQ;AAAA,EACnC;AAAA,EACA,SAAS,OACP,EAAE,WAAW,kBAAkB,sBAAsB,KAAK,GAC1D,EAAE,OAAO,MACN;AACH,UAAM,MAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,UAAU;AAAA,UACV;AAAA,UACA,QAAQ;AAAA,YACN,WAAW;AAAA,YACX,eAAe;AAAA,UACjB;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,UAAM,OAAO;AAAA,MACX,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,oBAAoB,KAAK,EAAE;AAAA,IACxD;AAEA,WAAO,EAAE,KAAK,cAAc,0BAA0B;AAAA,EACxD;AACF,CAAC;AAQM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MAAM;AAC5C,UAAM,KAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,OAAQ,MAAM,OAAO;AAAA,MACzB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,OAAQ,MAAM,OAAO;AAAA,MACzB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,SAAU,MAAM,OAAO;AAAA,MAC3B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAMA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAEA,UAAM,SAA2B;AAAA,MAC/B;AAAA,QACE,IAAI,GAAG,UAAU;AAAA,QACjB,MAAM;AAAA,QACN,SAAS,SAAS,GAAG,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,QACE,IAAI,KAAK,SAAS;AAAA,QAClB,MAAM;AAAA,QACN,SAAS,GAAG,KAAK,MAAM;AAAA,MACzB;AAAA,MACA;AAAA,QACE,IACE,KAAK,SAAS,KACb,OAAO,4BAA4B,QAClC,OAAO,mBAAmB;AAAA,QAC9B,MAAM;AAAA,QACN,SACE,KAAK,SAAS,IACV,GAAG,KAAK,MAAM,UACd;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,CAAC,CAAC,SAAS;AAAA,QACf,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,OAAO,cAAc,QAAQ,KAAK,SAAS;AAAA,QAC/C,MAAM;AAAA,QACN,SAAS,OAAO,YACZ,mBACA;AAAA,MACN;AAAA,IACF;AACA,UAAM,UAAU,OAAO,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,UAAU;AACtD,WAAO,EAAE,SAAS,OAAO;AAAA,EAC3B;AACF,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AACF;;;ACnMA,SAAS,KAAAC,UAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,UAAUA,GAAE,KAAK,CAAC,UAAU,UAAU,YAAY,MAAM,CAAC;AAAA,IACzD,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,oCAAoC;AAAA,IACrE,QAAQA,GACL,OAAO;AAAA,MACN,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MAC3B,eAAeA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MAC/B,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,MACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,wCAAwC;AAAA,MACpD,WAAWA,GACR,OAAO,EACP,SAAS,EACT;AAAA,QACC;AAAA,MACF;AAAA,IACJ,CAAC,EACA,SAAS,gCAAgC;AAAA,EAC9C;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,UAAU,QAAQ,SAAS;;;ACjEjD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,yBAAyBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9C,gBAAgBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACrC,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACzC,WAAWA,GACR,QAAQ,EACR,SAAS,EACT,SAAS,oCAAoC;AAAA,IAChD,mBAAmBA,GAChB,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,IACF,CAAC,EACA,SAAS,EACT,SAAS,2CAA2C;AAAA,IACvD,uBAAuBA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,IAChE,2BAA2BA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,EACtE;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,iBAAiB;;;AC9CvD,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,GAAG;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,MAAM,GAAG,EAAE,OAAO,MAC7C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,MAAM,EAAE;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GACJ,OAAO,EACP,MAAM,8BAA8B,uBAAuB;AAAA,IAC9D,YAAYA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC5B,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,OAAO,CAAC,EACR,QAAQ,IAAI,EACZ,SAAS,0BAA0B;AAAA,EACxC;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,SAASA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,UAAU,mBAAmB,OAAO,CAAC;AAAA,IACpF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,WAAW,YAAY,UAAU;;;AC1DvD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAC/B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AACtD,CAAC;AAEM,IAAM,eAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GACR,OAAO,EACP,IAAI,CAAC,EACL,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,EAAE;AACpE,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,gBAAgB,yCAAyC,EAC/D,SAAS,4DAAuD;AAAA,IACnE,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACzC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAC9B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AACpE,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,cAAc,eAAe;;;ACxCnE,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAeA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,sEAAsE;AAAA,IACzI,2BAA2BA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,4CAA4C,EAAE,SAAS;AAAA,IACtI,UAAUA,GAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,SAAS,uQAAuQ,EAAE,SAAS;AAAA,IACtU,UAAUA,GAAE,QAAQ,EAAE,SAAS,0HAA0H,EAAE,QAAQ,KAAK;AAAA,EAC1K;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,GAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAMC,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,GAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACAC;AACF;;;AClDA,SAAS,KAAAC,WAAS;AAIX,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,qBAAqB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACvI;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,YAAY,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,mBAAmB,EAAE,QAAQ,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,yBAAyB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAC5I;AACF,CAAC;AAEM,IAAM,wBAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC3DA,SAAS,KAAAC,WAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,kBAAkB,EAAE,QAAQ,SAAS,CAAC;AAAA,EACxH;AACF,CAAC;AAEM,IAAMC,eAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,MAAM,CAAC;AAAA,EAChH;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,eAAeA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,kBAAkBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC/F,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,oBAAoBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACjG,uBAAuBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACpG,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,wBAAwBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACxD,mBAAmBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAChI;AACF,CAAC;AAEM,IAAM,yBAAyB;AAAA,EACpC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACtDA,SAAS,KAAAC,WAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC;AAAA,IACtD,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9D,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC1C,QAAQA,IAAE,MAAMA,IAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAMC,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,IAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAME,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAAA,EACpH;AACF,CAAC;AAEM,IAAMC,qBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,yBAAyBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACzD,gBAAgBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,oBAAoBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,WAAWA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAC3C,sBAAsBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACtD,gBAAgBA,IAAE,MAAMA,IAAE,KAAK,CAAC,OAAO,OAAO,aAAa,SAAS,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,eAAeA,IAAE,MAAMA,IAAE,KAAK,CAAC,cAAc,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IACrE,qBAAqBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACrD,0BAA0BA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACpI;AACF,CAAC;AAEM,IAAM,4BAA4B;AAAA,EACvCD;AAAA,EACAE;AACF;;;ACxCA,SAAS,KAAAC,WAAS;AAIX,IAAM,UAAU,WAAW;AAAA,EAChC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,0BAA0B,WAAW;AAAA,EAChD,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtB,MAAMA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK;AAAA,IACvC,KAAKA,IAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAC7B,gBAAgBA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,0CAA0C;AAAA,IACrF,aAAaA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACtC,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,qBAAqB;AAAA,IACtD,UAAUA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,+BAA+B;AAAA,IACpE,kBAAkBA,IAAE,OAAO,EAAE,SAAS,2BAA2B,EAAE,QAAQ,EAAE;AAAA,EAC/E;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,OAAO,MAAM,OAAO,CAAC;AAAA,EAC1H;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,SAASA,IAAE,OAAO;AAAA,EACpB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,QAAQ,IAAI;AAClC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,mBAAmB,OAAO,OAAO,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACvJ;AACF,CAAC;AAEM,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,GAAG,EAAE,MAAM,4BAA4B;AAAA,IAC7D,YAAYA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACrC,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACpC,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACnI;AACF,CAAC;AAEM,IAAME,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC7G;AACF,CAAC;AAEM,IAAM,sBAAsB;AAAA,EACjCD;AAAA,EACAE;AAAA,EACAC;AACF;;;ACjDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,mBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,MAAMC,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,MAAM,2BAA2B,EAAE,SAAS,mEAAmE;AAAA,IAC/I,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACvC,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC,EAAE,SAAS;AAAA,EACvD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AAAA,EACzE;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC1G;AACF,CAAC;AAEM,IAAMC,gBAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvG;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAAM;AACrC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC3D;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,uBAAuB,EAAE,QAAQ,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EAC/D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,2BAA2B;AAAA,EACtCD;AAAA,EACA;AAAA,EACAE;AAAA,EACAC;AAAA,EACA;AAAA,EACA;AACF;;;ACzEO,IAAM,iBAAiB;AAAA,EAC5B,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;;;AvBcA,SAAS,gBAAAC,qBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,WAAAC,UAAS,eAAe;AAEjC,IAAM,cAAc;AAEpB,SAAS,cAAsB;AAC7B,MAAI;AACF,UAAM,OAAOA,SAAQ,cAAc,YAAY,GAAG,CAAC;AACnD,UAAM,MAAM,KAAK;AAAA,MACfD,cAAa,QAAQ,MAAM,MAAM,cAAc,GAAG,MAAM;AAAA,IAC1D;AACA,WAAO,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAYA,IAAM,oBAAsD;AAAA;AAAA,EAE1D,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,qBAAqB;AAAA,EACrB,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,mBAAmB;AACrB;AASO,SAAS,iBAAiC;AAC/C,QAAM,wBAAwB;AAAA,IAC5B,GAAGE;AAAA,IACH,GAAG;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA;AAAA,EAEL;AAEA,QAAM,mBAAmB,IAAI,IAAI,sBAAsB,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AACzE,QAAM,oBAAoB,eAAe,OAAO,CAAC,MAAM;AACrD,QAAI,iBAAiB,IAAI,EAAE,IAAI,EAAG,QAAO;AACzC,UAAM,QAAQ,kBAAkB,EAAE,IAAI;AACtC,QAAI,SAAS,iBAAiB,IAAI,KAAK,EAAG,QAAO;AACjD,WAAO;AAAA,EACT,CAAC;AAED,SAAO,CAAC,GAAG,uBAAuB,GAAG,iBAAiB;AACxD;AAUA,eAAsB,YACpB,KACA,KACsF;AACtF,MAAI,IAAI,SAAU,QAAO,EAAE,OAAO,IAAI,UAAU,MAAM,SAAS;AAE/D,QAAM,SAAS,UAAU,IAAI,OAAO;AACpC,MAAI,OAAQ,QAAO,EAAE,OAAO,OAAO,aAAa,MAAM,SAAS;AAE/D,MAAI,CAAC,QAAQ,OAAO,SAAS,CAAC,QAAQ,IAAI,2BAA2B;AACnE,QAAI;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,WAAW,EAAE,SAAS,IAAI,SAAS,IAAI,CAAC;AAAA,EACzD,SAAS,KAAK;AACZ,QAAI,MAAM,4BAA4B;AAAA,MACpC,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IACxD,CAAC;AACD,eAAW;AACX,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,QAAM,YACJ,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,aAAa;AACvD,YAAU;AAAA,IACR,SAAS,IAAI;AAAA,IACb,aAAa,OAAO;AAAA,IACpB,cAAc,OAAO;AAAA,IACrB;AAAA,EACF,CAAC;AACD,SAAO,EAAE,OAAO,OAAO,aAAa,MAAM,aAAa;AACzD;AAEA,eAAsB,OAAsB;AAE1C,MAAI,QAAQ,KAAK,CAAC,MAAM,UAAU;AAChC,eAAW;AACX,YAAQ,OAAO,MAAM,iDAAiD;AACtE;AAAA,EACF;AAEA,QAAM,MAAM,WAAW;AACvB,QAAM,MAAM,WAAW,GAAG;AAC1B,QAAM,OAAO,MAAM,YAAY,KAAK,GAAG;AACvC,QAAM,SAAS,IAAI,cAAc,KAAK,KAAK,KAAK,KAAK;AAErD,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,MAAM;AAAA,IACN,SAAS,YAAY;AAAA,EACvB,CAAC;AAED,QAAM,WAAW,eAAe;AAEhC,cAAY,QAAQ,EAAE,QAAQ,IAAI,GAAG,QAAQ;AAE7C,MAAI,KAAK,wBAAwB;AAAA,IAC/B,SAAS,IAAI;AAAA,IACb,OAAO,SAAS;AAAA,IAChB,UAAU,KAAK;AAAA,EACjB,CAAC;AAED,QAAM,YAAY,IAAI,qBAAqB;AAC3C,QAAM,OAAO,QAAQ,SAAS;AAChC;AAOA,IAAI,CAAC,QAAQ,IAAI,QAAQ;AACvB,OAAK,EAAE,MAAM,CAAC,QAAQ;AACpB,YAAQ,OAAO,MAAM,UAAU,eAAe,QAAQ,IAAI,QAAQ,GAAG;AAAA,CAAI;AACzE,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["sleep","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","listApps","z","z","z","z","getBranding","updateBranding","z","z","deleteIdp","listIdps","z","getLoginPolicy","z","updateLoginPolicy","z","z","z","deleteUser","z","inviteUser","listUsers","z","createWorkspace","z","getWorkspace","listWorkspaces","readFileSync","dirname","tools"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prysmid/mcp",
-  "version": "0.1.1",
+  "version": "0.3.0",
   "description": "Official Prysmid MCP server — manage workspaces, apps OIDC, login policy, IdPs, branding, users from any MCP-compatible agent (Claude Code, Cursor, etc.)",
   "license": "Apache-2.0",
   "homepage": "https://prysmid.com",