npm - @prysmid/mcp - Versions diffs - 0.3.4 → 0.5.0 - Mend

@prysmid/mcp 0.3.4 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -354,7 +354,80 @@ var deleteOidcApp = defineTool({
     { method: "DELETE" }
   )
 });
-var tools = [listApps, createOidcApp, deleteOidcApp];
+var APP_TYPE = z.enum(["web", "spa", "native"]);
+var AUTH_METHOD = z.enum([
+  "client_secret_basic",
+  "client_secret_post",
+  "none",
+  "private_key_jwt"
+]);
+var GRANT_TYPE = z.enum([
+  "authorization_code",
+  "refresh_token",
+  "implicit",
+  "device_code",
+  "token_exchange"
+]);
+var getApp = defineTool({
+  name: "get_app",
+  description: "Fetch full detail for one OIDC app: redirect URIs, grant types, auth method, dev_mode, timestamps. Never returns the client_secret \u2014 use regenerate_app_secret to mint a new one.",
+  inputShape: {
+    workspace: z.string().min(1).describe("Workspace slug or UUID"),
+    app_id: z.string().min(1)
+  },
+  handler: async ({ workspace, app_id }, { client }) => client.request(
+    `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`
+  )
+});
+var updateApp = defineTool({
+  name: "update_app",
+  description: "Patch mutable fields on an OIDC app: redirect URIs, post-logout URIs, grant types, auth method, dev_mode. All fields optional \u2014 only provided keys change. client_secret is NEVER accepted here; use regenerate_app_secret to rotate it.",
+  inputShape: {
+    workspace: z.string().min(1),
+    app_id: z.string().min(1),
+    redirect_uris: z.array(z.string().url()).optional(),
+    post_logout_redirect_uris: z.array(z.string().url()).optional(),
+    grant_types: z.array(GRANT_TYPE).optional(),
+    auth_method: AUTH_METHOD.optional(),
+    dev_mode: z.boolean().optional().describe(
+      "Skip redirect URI HTTPS check \u2014 only for local dev, NEVER prod."
+    )
+  },
+  handler: async ({ workspace, app_id, ...patch }, { client }) => client.request(
+    `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,
+    { method: "PATCH", body: patch }
+  )
+});
+var regenerateAppSecret = defineTool({
+  name: "regenerate_app_secret",
+  description: "Destructive \u2014 invalidates the current secret immediately. Returns the new secret plaintext ONCE. Set confirm=true to proceed. Only valid for app_type=web (confidential clients); spa/native are public and have no secret (the API returns 422 in that case).",
+  inputShape: {
+    workspace: z.string().min(1),
+    app_id: z.string().min(1),
+    confirm: z.literal(true).describe(
+      "Must be true to acknowledge that the current secret will be invalidated immediately."
+    )
+  },
+  handler: async ({ workspace, app_id, confirm }, { client }) => {
+    if (confirm !== true) {
+      throw new Error(
+        "regenerate_app_secret refused: pass confirm=true to acknowledge that the current secret will be invalidated immediately and the new secret is surfaced only once."
+      );
+    }
+    return client.request(
+      `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}/regenerate-secret`,
+      { method: "POST" }
+    );
+  }
+});
+var tools = [
+  listApps,
+  createOidcApp,
+  deleteOidcApp,
+  getApp,
+  updateApp,
+  regenerateAppSecret
+];
 // src/tools/billing.ts
 import { z as z2 } from "zod";
@@ -527,13 +600,21 @@ function countItems(resp) {
   if (Array.isArray(resp.items)) return resp.items.length;
   return 0;
 }
+function listOf(resp) {
+  if (Array.isArray(resp)) return resp;
+  if (Array.isArray(resp.items)) return resp.items;
+  return [];
+}
 var prysmidSetupCheck = defineTool({
   name: "prysmid_setup_check",
-  description: "Run a readiness checklist on a workspace: state=active, \u22651 OIDC app, \u22651 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable. Returns pass/fail per item plus a summary verdict.",
+  description: "Run a readiness checklist on a workspace: state=active, \u22651 OIDC app, \u22651 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable, AND (by default) every external IdP probes successfully against its upstream provider. Returns pass/fail per item plus a summary verdict. Set `probe_idps=false` to skip the live probe (faster, but won't catch redirect_uri_mismatch or invalid client_secret until a real end-user hits the broken IdP).",
   inputShape: {
-    workspace: z4.string().min(1)
+    workspace: z4.string().min(1),
+    probe_idps: z4.boolean().optional().describe(
+      "Run a live probe against each external IdP's upstream authorize endpoint. Default true. Set false to skip if the latency matters more than the safety (will not catch redirect_uri_mismatch or invalid_client until a real end-user signs in)."
+    )
   },
-  handler: async ({ workspace }, { client }) => {
+  handler: async ({ workspace, probe_idps = true }, { client }) => {
     const ws = await client.request(
       `/v1/workspaces/${encodeURIComponent(workspace)}`
     );
@@ -551,6 +632,7 @@ var prysmidSetupCheck = defineTool({
     );
     const appsCount = countItems(appsResp);
     const idpsCount = countItems(idpsResp);
+    const idpItems = listOf(idpsResp);
     const passwordsOpen = policy.allow_username_password === true && policy.allow_register === true;
     const checks = [
       {
@@ -578,6 +660,42 @@ var prysmidSetupCheck = defineTool({
         details: policy.force_mfa ? "force_mfa=true" : idpsCount > 0 ? `${idpsCount} external IdP(s) \u2014 strength delegated upstream` : "MFA off and no external IdPs \u2014 passwords-only is weak"
       }
     ];
+    if (probe_idps && idpItems.length > 0) {
+      const probeResults = [];
+      for (const idp of idpItems) {
+        try {
+          const probe = await client.request(
+            `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp.id)}/probe`,
+            { method: "POST" }
+          );
+          probeResults.push({ id: idp.id, result: probe });
+        } catch (err) {
+          probeResults.push({
+            id: idp.id,
+            result: { ok: false, provider_reachable: false },
+            error: err instanceof Error ? err.message : String(err)
+          });
+        }
+      }
+      const allOk = probeResults.every((r) => r.result.ok);
+      const summary = probeResults.map((r) => {
+        const code = r.result.error_code ? ` (${r.result.error_code})` : "";
+        return `${r.id}=${r.result.ok ? "ok" : "fail"}${code}`;
+      }).join(", ");
+      const firstFailure = probeResults.find((r) => !r.result.ok);
+      const details = firstFailure ? `${summary}. First failure: ${firstFailure.result.error_detail ?? firstFailure.error ?? "no detail"}` : summary;
+      checks.push({
+        ok: allOk,
+        name: "idps_functional",
+        details
+      });
+    } else if (idpItems.length > 0) {
+      checks.push({
+        ok: true,
+        name: "idps_functional",
+        details: "skipped (probe_idps=false); won't catch redirect_uri_mismatch or invalid_client until a real end-user signs in."
+      });
+    }
     const verdict = checks.every((c) => c.ok) ? "ready" : "incomplete";
     return { verdict, checks };
   }
@@ -630,7 +748,50 @@ var deleteIdp = defineTool({
     { method: "DELETE" }
   )
 });
-var tools5 = [listIdps, addIdp, deleteIdp];
+var getIdp = defineTool({
+  name: "get_idp",
+  description: "Fetch full detail for one identity provider: type, state, client_id, issuer/tenant (when applicable), scopes, secret_updated_at, created_at. Never returns the client_secret.",
+  inputShape: {
+    workspace: z5.string().min(1),
+    idp_id: z5.string().min(1)
+  },
+  handler: async ({ workspace, idp_id }, { client }) => client.request(
+    `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`
+  )
+});
+var updateIdp = defineTool({
+  name: "update_idp",
+  description: "Patch mutable fields on an identity provider. All fields optional. Passing client_secret rotates the upstream-issued value (Google/GitHub/Microsoft/OIDC client secret stored in Prysmid). Passing client_id retargets to a different upstream client. issuer/tenant_id apply only when relevant to the IdP type.",
+  inputShape: {
+    workspace: z5.string().min(1),
+    idp_id: z5.string().min(1),
+    name: z5.string().min(1).optional(),
+    client_id: z5.string().min(1).optional(),
+    client_secret: z5.string().min(1).optional().describe(
+      "Rotate the upstream-issued client secret. Not the Prysmid app secret \u2014 that one is rotated via regenerate_app_secret."
+    ),
+    scopes: z5.array(z5.string()).optional(),
+    issuer: z5.string().url().optional().describe("Only meaningful for type=oidc."),
+    tenant_id: z5.string().optional().describe("Only meaningful for type=microsoft (Entra tenant GUID).")
+  },
+  handler: async ({ workspace, idp_id, ...patch }, { client }) => client.request(
+    `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,
+    { method: "PATCH", body: patch }
+  )
+});
+var probeIdp = defineTool({
+  name: "probe_idp",
+  description: "Probe an external identity provider end-to-end against its upstream authorize endpoint. Catches redirect_uri_mismatch (URI not registered at Google Cloud / GitHub / etc.), invalid_client (client_id rotated or deleted upstream), and provider_unreachable failures BEFORE a real end-user hits them. Use after enable_google_login / add_idp, and any time you suspect the IdP is misconfigured. Today: Google + GitHub get full classification; Microsoft + OIDC generic return `skipped` for the deterministic dimensions (only reachability is verified).",
+  inputShape: {
+    workspace: z5.string().min(1),
+    idp_id: z5.string().min(1)
+  },
+  handler: async ({ workspace, idp_id }, { client }) => client.request(
+    `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}/probe`,
+    { method: "POST" }
+  )
+});
+var tools5 = [listIdps, addIdp, deleteIdp, getIdp, updateIdp, probeIdp];
 // src/tools/login_policy.ts
 import { z as z6 } from "zod";

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/client.ts","../src/config.ts","../src/logger.ts","../src/tokenStore.ts","../src/tools/registry.ts","../src/tools/apps.ts","../src/tools/billing.ts","../src/tools/branding.ts","../src/tools/curated.ts","../src/tools/idps.ts","../src/tools/login_policy.ts","../src/tools/users.ts","../src/tools/workspaces.ts","../src/tools/generated/apps.ts","../src/tools/generated/billing.ts","../src/tools/generated/branding.ts","../src/tools/generated/idps.ts","../src/tools/generated/login-policy.ts","../src/tools/generated/smtp.ts","../src/tools/generated/users.ts","../src/tools/generated/workspaces.ts","../src/tools/generated/index.ts"],"sourcesContent":["/*\n Entrypoint — boots an MCP server over stdio with the full Prysmid tool set.\n \n Three layers of tools:\n * 1. handwritten — `src/tools/{apps,users,...}.ts`. Polished schemas,\n * curated descriptions, the canonical surface.\n * 2. curated — `src/tools/curated.ts`. Multi-step orchestrators (e.g.\n * `setup_prysmid_workspace`).\n * 3. generated — `src/tools/generated/.ts`. Auto-emitted from the live\n OpenAPI spec by `scripts/generate-tools.ts`. Covers everything else.\n \n Merge rule: handwritten and curated names always win. A generated tool\n * with the same `name` as one of them is dropped silently — the handwritten\n * version is the source of truth.\n \n MCP transport contract:\n * - JSON-RPC over stdin/stdout\n * - stdout is RESERVED for protocol bytes; logs go to stderr (see logger.ts)\n * - one process == one client; the agent spawns a fresh server per session\n /\nimport { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { deviceFlow } from \"./auth.js\";\nimport { PrysmidClient } from \"./client.js\";\nimport { loadConfig, type Config } from \"./config.js\";\nimport { makeLogger, type Logger } from \"./logger.js\";\nimport { clearToken, loadToken, saveToken } from \"./tokenStore.js\";\nimport { registerAll, type ToolDef } from \"./tools/registry.js\";\nimport { tools as appsTools } from \"./tools/apps.js\";\nimport { tools as billingTools } from \"./tools/billing.js\";\nimport { tools as brandingTools } from \"./tools/branding.js\";\nimport { tools as curatedTools } from \"./tools/curated.js\";\nimport { tools as idpsTools } from \"./tools/idps.js\";\nimport { tools as loginPolicyTools } from \"./tools/login_policy.js\";\nimport { tools as usersTools } from \"./tools/users.js\";\nimport { tools as workspaceTools } from \"./tools/workspaces.js\";\nimport { generatedTools } from \"./tools/generated/index.js\";\n\nimport { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, resolve } from \"node:path\";\n\nconst SERVER_NAME = \"prysmid\";\n\nfunction readVersion(): string {\n try {\n const here = dirname(fileURLToPath(import.meta.url));\n const pkg = JSON.parse(\n readFileSync(resolve(here, \"..\", \"package.json\"), \"utf8\"),\n );\n return typeof pkg.version === \"string\" ? pkg.version : \"0.0.0\";\n } catch {\n return \"0.0.0\";\n }\n}\n\n/\n Map of generated tool names that are superseded by a hand-written tool\n * with a different name (because the hand-written name is more agent-\n * friendly than what FastAPI's operationId produced). Without this, the\n * agent would see two near-duplicates: e.g. `add_idp` (curated) AND\n * `create_idp` (generated) for the same endpoint.\n \n Keep the LHS in sync with what the generator emits — if you rename a\n * hand-written tool, update this table.\n /\nconst GENERATED_ALIASES: Readonly<Record<string, string>> = {\n // generated name → handwritten that already covers it\n create_idp: \"add_idp\",\n create_app: \"create_oidc_app\",\n delete_app: \"delete_oidc_app\",\n update_spending_cap: \"set_spending_cap\",\n billing_checkout: \"start_billing_checkout\",\n billing_portal: \"start_billing_portal\",\n billing_get_state: \"get_billing\",\n};\n\n/\n Compose the final tool array. Hand-written + curated tools take\n * precedence over generated tools sharing the same `name`, AND over any\n * generated tool listed in {@link GENERATED_ALIASES}. Exported so tests\n * can assert merge behavior without booting the MCP server.\n /\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function composeToolset(): ToolDef<any>[] {\n const handwrittenAndCurated = [\n ...workspaceTools,\n ...appsTools,\n ...idpsTools,\n ...loginPolicyTools,\n ...usersTools,\n ...brandingTools,\n ...billingTools,\n ...curatedTools,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n ] as ToolDef<any>[];\n\n const handwrittenNames = new Set(handwrittenAndCurated.map((t) => t.name));\n const filteredGenerated = generatedTools.filter((t) => {\n if (handwrittenNames.has(t.name)) return false;\n const alias = GENERATED_ALIASES[t.name];\n if (alias && handwrittenNames.has(alias)) return false;\n return true;\n });\n\n return [...handwrittenAndCurated, ...filteredGenerated];\n}\n\n/\n Resolve the bearer token to use for API calls. Resolution order:\n * 1. PRYSMID_API_TOKEN env var (CI / static service tokens)\n * 2. Cached device-flow token at ~/.config/prysmid-mcp/token.json (or %APPDATA% on Windows)\n * 3. Run interactive device flow (browser + user code) and save to cache\n \n Returns the token plus the human-readable mode string for logs.\n /\nexport async function resolveAuth(\n cfg: Config,\n log: Logger,\n): Promise<{ token: string \| null; mode: \"bearer\" \| \"cached\" \| \"deviceflow\" \| \"none\" }> {\n if (cfg.apiToken) return { token: cfg.apiToken, mode: \"bearer\" };\n\n const cached = loadToken(cfg.apiBase);\n if (cached) return { token: cached.accessToken, mode: \"cached\" };\n\n if (!process.stderr.isTTY && !process.env.PRYSMID_FORCE_DEVICE_FLOW) {\n log.warn(\n \"no PRYSMID_API_TOKEN and no cached token; stderr is not a TTY so refusing to start interactive device flow. Set PRYSMID_API_TOKEN, run `npx -y @prysmid/mcp` once interactively to populate the cache, or set PRYSMID_FORCE_DEVICE_FLOW=1 to override.\",\n );\n return { token: null, mode: \"none\" };\n }\n\n let result;\n try {\n result = await deviceFlow({ apiBase: cfg.apiBase, log });\n } catch (err) {\n log.error(\"device flow login failed\", {\n error: err instanceof Error ? err.message : String(err),\n });\n clearToken();\n return { token: null, mode: \"none\" };\n }\n\n const expiresAt =\n Math.floor(Date.now() / 1000) + (result.expiresIn ?? 3600);\n saveToken({\n apiBase: cfg.apiBase,\n accessToken: result.accessToken,\n refreshToken: result.refreshToken,\n expiresAt,\n });\n return { token: result.accessToken, mode: \"deviceflow\" };\n}\n\nexport async function main(): Promise<void> {\n // `prysmid-mcp logout` — small subcommand that just clears the cache.\n if (process.argv[2] === \"logout\") {\n clearToken();\n process.stderr.write(\"prysmid-mcp: logged out (token cache cleared)\\n\");\n return;\n }\n\n const cfg = loadConfig();\n const log = makeLogger(cfg);\n const auth = await resolveAuth(cfg, log);\n const client = new PrysmidClient(cfg, log, auth.token);\n\n const server = new McpServer({\n name: SERVER_NAME,\n version: readVersion(),\n });\n\n const allTools = composeToolset();\n\n registerAll(server, { client, log }, allTools);\n\n log.info(`prysmid-mcp starting`, {\n apiBase: cfg.apiBase,\n tools: allTools.length,\n authMode: auth.mode,\n });\n\n const transport = new StdioServerTransport();\n await server.connect(transport);\n}\n\n// This module is only ever invoked as the package bin (MCP servers run as a\n// process per session). Cross-platform `import.meta.url === file://<argv[1]>`\n// is fragile (Windows backslash vs forward slash; symlinked paths) so we\n// just always boot UNLESS we're in vitest (which imports this module to\n// poke at the exports without wanting to connect a stdio transport).\nif (!process.env.VITEST) {\n main().catch((err) => {\n process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}\\n`);\n process.exit(1);\n });\n}\n","/\n OAuth 2.0 Device Authorization Grant client (RFC 8628).\n \n Flow:\n * 1. POST /v1/auth/device/start — get device_code + user_code + verification_uri\n * 2. Print user_code + URL to STDERR (stdout is reserved for MCP protocol)\n * 3. Poll POST /v1/auth/device/poll every `interval` seconds until:\n * - status=complete → return tokens\n * - status=slow_down → bump interval +5s, keep polling\n * - status=expired → throw\n * - status=denied → throw\n \n The platform side proxies these to Zitadel (auth.prysmid.com); the client\n * only ever talks to api.prysmid.com.\n /\nimport type { Logger } from \"./logger.js\";\n\nexport interface DeviceFlowToken {\n accessToken: string;\n refreshToken?: string;\n expiresIn?: number;\n}\n\ninterface DeviceStartResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete?: string \| null;\n interval: number;\n expires_in: number;\n}\n\ninterface DevicePollResponse {\n status: \"pending\" \| \"slow_down\" \| \"complete\" \| \"expired\" \| \"denied\";\n access_token?: string \| null;\n refresh_token?: string \| null;\n expires_in?: number \| null;\n error?: string \| null;\n}\n\nexport interface DeviceFlowOptions {\n apiBase: string;\n log: Logger;\n /\n Sleep function — overridable so tests can run instantly. Defaults to\n * setTimeout-based promise.\n /\n sleep?: (ms: number) => Promise<void>;\n /\n Print sink for the user-facing prompt (browser URL + code). Defaults to\n * stderr. Tests override to capture.\n /\n prompt?: (lines: string[]) => void;\n /\n Override the global fetch — kept for tests; production passes nothing.\n /\n fetchImpl?: typeof fetch;\n}\n\nconst DEFAULT_SLEEP = (ms: number): Promise<void> =>\n new Promise((r) => setTimeout(r, ms));\n\nconst DEFAULT_PROMPT = (lines: string[]): void => {\n for (const line of lines) process.stderr.write(`${line}\\n`);\n};\n\nexport async function deviceFlow(\n opts: DeviceFlowOptions,\n): Promise<DeviceFlowToken> {\n const sleep = opts.sleep ?? DEFAULT_SLEEP;\n const prompt = opts.prompt ?? DEFAULT_PROMPT;\n const fetchImpl = opts.fetchImpl ?? fetch;\n const { apiBase, log } = opts;\n\n const start = await postJson<DeviceStartResponse>(\n fetchImpl,\n `${apiBase}/v1/auth/device/start`,\n {},\n );\n\n const verifyUrl = start.verification_uri_complete \|\| start.verification_uri;\n prompt([\n \"\",\n \"─────────────────────────────────────────────────────────\",\n \" Prysmid MCP — Sign in to your account\",\n \"─────────────────────────────────────────────────────────\",\n \"\",\n \" 1. Open this URL in your browser:\",\n ` ${verifyUrl}`,\n \"\",\n \" 2. Confirm the code:\",\n ` ${start.user_code}`,\n \"\",\n ` Waiting for confirmation (expires in ${start.expires_in}s)…`,\n \"\",\n ]);\n\n let interval = Math.max(1, start.interval \|\| 5);\n const deadline = Date.now() + start.expires_in 1000;\n\n while (Date.now() < deadline) {\n await sleep(interval * 1000);\n\n let res: DevicePollResponse;\n try {\n res = await postJson<DevicePollResponse>(\n fetchImpl,\n `${apiBase}/v1/auth/device/poll`,\n { device_code: start.device_code },\n );\n } catch (e) {\n log.warn(\"device poll request failed, retrying\", {\n error: e instanceof Error ? e.message : String(e),\n });\n continue;\n }\n\n if (res.status === \"complete\") {\n if (!res.access_token) {\n throw new Error(\n \"Device flow returned status=complete but no access_token\",\n );\n }\n log.info(\"device flow login complete\", {\n expiresIn: res.expires_in ?? null,\n });\n return {\n accessToken: res.access_token,\n refreshToken: res.refresh_token ?? undefined,\n expiresIn: res.expires_in ?? undefined,\n };\n }\n if (res.status === \"slow_down\") {\n interval += 5;\n log.debug(\"device flow slow_down\", { newInterval: interval });\n continue;\n }\n if (res.status === \"pending\") continue;\n if (res.status === \"expired\") {\n throw new Error(\"Device code expired before authorization\");\n }\n if (res.status === \"denied\") {\n throw new Error(\"Authorization denied\");\n }\n log.warn(\"unknown device poll status\", { status: res.status });\n }\n\n throw new Error(\"Device code expired before authorization\");\n}\n\nasync function postJson<T>(\n fetchImpl: typeof fetch,\n url: string,\n body: unknown,\n): Promise<T> {\n const res = await fetchImpl(url, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\", Accept: \"application/json\" },\n body: JSON.stringify(body),\n });\n const text = await res.text();\n if (!res.ok) {\n throw new Error(`POST ${url} failed: ${res.status} ${text}`);\n }\n try {\n return JSON.parse(text) as T;\n } catch {\n throw new Error(`POST ${url} returned non-JSON: ${text.slice(0, 200)}`);\n }\n}\n","/*\n Prysmid API client — thin fetch wrapper that adds auth + maps errors.\n \n Auth model (MVP): static bearer via `PRYSMID_API_TOKEN`. Device-flow OAuth\n * lives in `auth.ts` and produces a token compatible with this client.\n /\nimport type { Config } from \"./config.js\";\nimport type { Logger } from \"./logger.js\";\n\nexport class PrysmidApiError extends Error {\n constructor(\n message: string,\n public readonly status: number,\n public readonly body: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"PrysmidApiError\";\n }\n}\n\nexport interface RequestOptions {\n method?: \"GET\" \| \"POST\" \| \"PUT\" \| \"PATCH\" \| \"DELETE\";\n body?: unknown;\n query?: Record<string, string \| number \| boolean \| undefined>;\n}\n\nexport class PrysmidClient {\n constructor(\n private readonly cfg: Config,\n private readonly log: Logger,\n /\n Optional override. When set (e.g. resolved via device flow + token cache),\n * takes precedence over `cfg.apiToken`. Keeps the env-driven path for the\n * `PRYSMID_API_TOKEN=…` mode untouched.\n /\n private readonly tokenOverride: string \| null = null,\n ) {}\n\n private get effectiveToken(): string \| null {\n return this.tokenOverride ?? this.cfg.apiToken;\n }\n\n async request<T = unknown>(path: string, opts: RequestOptions = {}): Promise<T> {\n const token = this.effectiveToken;\n if (!token) {\n throw new PrysmidApiError(\n \"No Prysmid API token. Set PRYSMID_API_TOKEN or complete device-flow login.\",\n 401,\n \"\",\n \"auth.no_token\",\n );\n }\n\n const url = new URL(this.cfg.apiBase + path);\n if (opts.query) {\n for (const [k, v] of Object.entries(opts.query)) {\n if (v !== undefined) url.searchParams.set(k, String(v));\n }\n }\n\n const method = opts.method ?? \"GET\";\n const headers: Record<string, string> = {\n Authorization: `Bearer ${token}`,\n Accept: \"application/json\",\n };\n if (opts.body !== undefined) headers[\"Content-Type\"] = \"application/json\";\n\n this.log.debug(`HTTP ${method} ${url.pathname}`);\n const res = await fetch(url, {\n method,\n headers,\n body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n });\n\n const text = await res.text();\n if (!res.ok) {\n let code: string \| undefined;\n try {\n const parsed = JSON.parse(text);\n code = typeof parsed?.error === \"string\" ? parsed.error : parsed?.code;\n } catch {\n // body wasn't JSON\n }\n throw new PrysmidApiError(\n `Prysmid API ${res.status} on ${method} ${path}`,\n res.status,\n text,\n code,\n );\n }\n\n if (text === \"\") return undefined as T;\n try {\n return JSON.parse(text) as T;\n } catch {\n return text as unknown as T;\n }\n }\n}\n","/\n Runtime configuration. Pulled from env at startup; immutable thereafter.\n \n The MCP runs as a long-lived stdio process — env reads happen once.\n /\n\nexport interface Config {\n apiBase: string;\n apiToken: string \| null;\n logLevel: \"debug\" \| \"info\" \| \"warn\" \| \"error\";\n}\n\nconst DEFAULT_API_BASE = \"https://api.prysmid.com\";\n\nexport function loadConfig(env: NodeJS.ProcessEnv = process.env): Config {\n const apiBase = (env.PRYSMID_API_BASE ?? DEFAULT_API_BASE).replace(/\\/+$/, \"\");\n const apiToken = env.PRYSMID_API_TOKEN?.trim() \|\| null;\n const rawLevel = (env.PRYSMID_MCP_LOG_LEVEL ?? \"info\").toLowerCase();\n const logLevel: Config[\"logLevel\"] =\n rawLevel === \"debug\" \|\| rawLevel === \"warn\" \|\| rawLevel === \"error\"\n ? rawLevel\n : \"info\";\n return { apiBase, apiToken, logLevel };\n}\n","/\n stderr-only logger. MCP servers MUST NOT write to stdout — that channel\n * is reserved for the JSON-RPC protocol; any stray byte breaks the agent.\n /\nimport type { Config } from \"./config.js\";\n\nconst ORDER = { debug: 10, info: 20, warn: 30, error: 40 } as const;\n\nexport interface Logger {\n debug: (msg: string, extra?: unknown) => void;\n info: (msg: string, extra?: unknown) => void;\n warn: (msg: string, extra?: unknown) => void;\n error: (msg: string, extra?: unknown) => void;\n}\n\nexport function makeLogger(cfg: Pick<Config, \"logLevel\">): Logger {\n const threshold = ORDER[cfg.logLevel];\n\n function emit(level: keyof typeof ORDER, msg: string, extra?: unknown) {\n if (ORDER[level] < threshold) return;\n const ts = new Date().toISOString();\n const payload = extra === undefined ? \"\" : ` ${safeJSON(extra)}`;\n process.stderr.write(`${ts} ${level.toUpperCase()} ${msg}${payload}\\n`);\n }\n\n return {\n debug: (m, e) => emit(\"debug\", m, e),\n info: (m, e) => emit(\"info\", m, e),\n warn: (m, e) => emit(\"warn\", m, e),\n error: (m, e) => emit(\"error\", m, e),\n };\n}\n\nfunction safeJSON(x: unknown): string {\n try {\n return JSON.stringify(x);\n } catch {\n return String(x);\n }\n}\n","/\n On-disk cache for the device-flow access token.\n \n Path layout:\n * - Windows: %APPDATA%\\prysmid-mcp\\token.json\n * - Linux/macOS: $XDG_CONFIG_HOME/prysmid-mcp/token.json (default ~/.config/prysmid-mcp)\n * - Fallback: ~/.prysmid-mcp/token.json\n \n The cache is keyed by `apiBase` so switching between staging/prod is safe.\n * Token file is mode 0600 on Unix; Windows ignores the chmod.\n /\nimport {\n chmodSync,\n existsSync,\n mkdirSync,\n readFileSync,\n rmSync,\n writeFileSync,\n} from \"node:fs\";\nimport { homedir, platform } from \"node:os\";\nimport { dirname, join } from \"node:path\";\n\nexport interface CachedToken {\n apiBase: string;\n accessToken: string;\n refreshToken?: string;\n /* Unix epoch seconds. /\n expiresAt: number;\n}\n\nconst APP_DIR = \"prysmid-mcp\";\nconst FILE_NAME = \"token.json\";\nconst EXPIRY_SKEW_SECONDS = 60;\n\nexport function getTokenPath(env: NodeJS.ProcessEnv = process.env): string {\n if (platform() === \"win32\") {\n const base = env.APPDATA;\n if (base) return join(base, APP_DIR, FILE_NAME);\n return join(homedir(), `.${APP_DIR}`, FILE_NAME);\n }\n const xdg = env.XDG_CONFIG_HOME;\n if (xdg) return join(xdg, APP_DIR, FILE_NAME);\n return join(homedir(), \".config\", APP_DIR, FILE_NAME);\n}\n\nexport function loadToken(\n apiBase: string,\n env: NodeJS.ProcessEnv = process.env,\n): CachedToken \| null {\n const path = getTokenPath(env);\n if (!existsSync(path)) return null;\n let parsed: CachedToken;\n try {\n parsed = JSON.parse(readFileSync(path, \"utf8\")) as CachedToken;\n } catch {\n return null;\n }\n if (parsed.apiBase !== apiBase) return null;\n const nowSec = Math.floor(Date.now() / 1000);\n if (parsed.expiresAt - EXPIRY_SKEW_SECONDS <= nowSec) return null;\n if (typeof parsed.accessToken !== \"string\" \|\| !parsed.accessToken) {\n return null;\n }\n return parsed;\n}\n\nexport function saveToken(\n token: CachedToken,\n env: NodeJS.ProcessEnv = process.env,\n): void {\n const path = getTokenPath(env);\n mkdirSync(dirname(path), { recursive: true });\n writeFileSync(path, JSON.stringify(token, null, 2), \"utf8\");\n if (platform() !== \"win32\") {\n try {\n chmodSync(path, 0o600);\n } catch {\n // best-effort\n }\n }\n}\n\nexport function clearToken(env: NodeJS.ProcessEnv = process.env): void {\n const path = getTokenPath(env);\n if (existsSync(path)) {\n rmSync(path, { force: true });\n }\n}\n","/\n Tool registry — single place where every MCP tool lives. Each tool exports\n * its input schema (Zod) + handler; `registerAll` wires them into the SDK.\n \n Two flavors of tools coexist:\n * - generated: 1:1 with REST endpoints, produced by `scripts/generate-tools.ts`\n * (lives under `tools/generated/` once the script runs)\n - curated: high-level orchestrators a human/agent actually wants to call,\n * e.g. `setup_prysmid_workspace(company_name)` that combines several\n * endpoints. These live under `tools/curated/`.\n \n * Both share the same `Tool` shape so the registry is uniform.\n /\nimport type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { z } from \"zod\";\n\nimport { PrysmidApiError, type PrysmidClient } from \"../client.js\";\nimport type { Logger } from \"../logger.js\";\n\nexport interface ToolContext {\n client: PrysmidClient;\n log: Logger;\n}\n\nexport interface ToolDef<I extends z.ZodRawShape> {\n name: string;\n description: string;\n inputShape: I;\n /\n Handler returns plain JSON-able output. The SDK serializes it into\n * MCP `content` blocks; we wrap to text by default (most MCP UIs render it\n * better than structured content).\n /\n handler: (\n input: z.infer<z.ZodObject<I>>,\n ctx: ToolContext,\n ) => Promise<unknown>;\n}\n\nexport function defineTool<I extends z.ZodRawShape>(t: ToolDef<I>): ToolDef<I> {\n return t;\n}\n\n// `ToolDef<any>` here intentionally — the array is heterogeneous (each tool\n// has its own input shape) and the SDK's registerTool only cares about the\n// runtime Zod object, not compile-time type inference. Without `any` there's\n// no single ZodRawShape that satisfies every entry simultaneously.\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function registerAll(\n server: McpServer,\n ctx: ToolContext,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n tools: ReadonlyArray<ToolDef<any>>,\n): void {\n for (const tool of tools) {\n server.registerTool(\n tool.name,\n {\n description: tool.description,\n inputSchema: tool.inputShape,\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async (input: any) => {\n try {\n const result = await tool.handler(input, ctx);\n return {\n content: [\n {\n type: \"text\" as const,\n text:\n typeof result === \"string\"\n ? result\n : JSON.stringify(result, null, 2),\n },\n ],\n };\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n // For API errors, surface the response body so callers see the\n // FastAPI validation detail instead of a bare status code.\n const detail =\n err instanceof PrysmidApiError && err.body ? `\\n${err.body}` : \"\";\n ctx.log.error(`tool ${tool.name} failed`, { message });\n return {\n isError: true,\n content: [\n { type: \"text\" as const, text: `error: ${message}${detail}` },\n ],\n };\n }\n },\n );\n }\n}\n","/\n OIDC application tools — list, create, delete on a workspace's apps.\n * Apps are the integration unit: each one represents one downstream service\n * (web app, mobile app, CLI) that authenticates via Prysmid.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List all OIDC apps in a workspace.\",\n inputShape: {\n workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/apps`),\n});\n\nexport const createOidcApp = defineTool({\n name: \"create_oidc_app\",\n description:\n \"Create an OIDC application in a workspace. Returns client_id (and client_secret only when app_type=web). app_type=web is a confidential server-rendered app; spa and native are public clients that use PKCE and have no secret.\",\n inputShape: {\n workspace: z.string().min(1),\n name: z.string().min(1).max(255),\n redirect_uris: z.array(z.string().url()).min(1),\n post_logout_redirect_uris: z.array(z.string().url()).optional(),\n app_type: z.enum([\"web\", \"spa\", \"native\"]).default(\"web\"),\n dev_mode: z\n .boolean()\n .default(false)\n .describe(\n \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteOidcApp = defineTool({\n name: \"delete_oidc_app\",\n description: \"Delete an OIDC app. Idempotent — 404 returns success.\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n },\n handler: async ({ workspace, app_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listApps, createOidcApp, deleteOidcApp] as const;\n","/\n Billing tools — read state, manage spending cap, generate Stripe portal URL.\n * Checkout/upgrade flow returns a Stripe-hosted URL; the agent surfaces it to\n * the user for them to navigate (we don't process payment data here).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBilling = defineTool({\n name: \"get_billing\",\n description:\n \"Get current billing state: plan, subscription status, current period, spending_cap_cents, signups_blocked.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing`,\n ),\n});\n\nexport const setSpendingCap = defineTool({\n name: \"set_spending_cap\",\n description:\n \"Cap monthly Pro overage spend (cents). Pass null to remove cap (unlimited). When projected overage exceeds cap, signups_blocked flips on.\",\n inputShape: {\n workspace: z.string().min(1),\n spending_cap_cents: z\n .number()\n .int()\n .min(0)\n .max(10_000_000)\n .nullable()\n .describe(\"Max overage cents per period; null = unlimited\"),\n },\n handler: async ({ workspace, spending_cap_cents }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/spending-cap`,\n { method: \"PATCH\", body: { spending_cap_cents } },\n ),\n});\n\nexport const startCheckout = defineTool({\n name: \"start_billing_checkout\",\n description:\n \"Create a Stripe Checkout session for upgrading. Returns the URL the user must visit. Plan must be `pro` (Free has no checkout; Enterprise is sales-only).\",\n inputShape: {\n workspace: z.string().min(1),\n plan: z.enum([\"pro\"]),\n },\n handler: async ({ workspace, plan }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/checkout`,\n { method: \"POST\", body: { plan } },\n ),\n});\n\nexport const startBillingPortal = defineTool({\n name: \"start_billing_portal\",\n description:\n \"Create a Stripe customer-portal session URL where the user manages payment methods, downloads invoices, cancels subscription.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/portal`,\n { method: \"POST\" },\n ),\n});\n\nexport const tools = [\n getBilling,\n setSpendingCap,\n startCheckout,\n startBillingPortal,\n] as const;\n","/\n Branding tools — colors, fonts, logo for the login page. Logo upload is\n * out of MCP scope (multipart binary uploads don't fit MCP tool semantics\n * cleanly); use the dashboard or API directly for that.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description:\n \"Return the workspace's active branding policy (colors, fonts, hide-prysmid-watermark flag, logo URLs).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n ),\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description:\n \"Update branding colors and watermark. Hex colors as `#RRGGBB`. Activates the policy after update — change shows on next login screen render.\",\n inputShape: {\n workspace: z.string().min(1),\n primary_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n background_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n warn_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n font_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n disable_watermark: z\n .boolean()\n .optional()\n .describe(\n \"Hide 'Powered by Prysmid' on the login screen (Pro+ only — Free silently ignored).\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getBranding, updateBranding] as const;\n","/\n Curated high-level tools — the ones agents would naturally reach for to\n * accomplish a goal in one call, instead of orchestrating 4 raw endpoints.\n \n Keep these small: each represents one end-user intent (\"set up a workspace\n * with Google login\"). Branch logic and prompts stay on the agent side; this\n * file only owns the API choreography.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst SetupWorkspaceOutput = z.object({\n workspace_id: z.string(),\n slug: z.string(),\n auth_domain: z.string(),\n state: z.string(),\n});\n\nexport const setupPrysmidWorkspace = defineTool({\n name: \"setup_prysmid_workspace\",\n description:\n \"Create a new workspace and wait until it's fully provisioned (Zitadel instance, SMTP, DNS). Returns the live auth_domain ready to integrate.\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/),\n display_name: z.string().min(1),\n timeout_seconds: z\n .number()\n .int()\n .min(10)\n .max(300)\n .default(120)\n .describe(\"Max time to wait for provisioning before returning.\"),\n },\n handler: async (\n { slug, display_name, timeout_seconds },\n { client, log },\n ) => {\n const created = (await client.request(\"/v1/workspaces\", {\n method: \"POST\",\n body: { slug, display_name },\n })) as { id: string; slug: string; state: string; auth_domain?: string };\n\n const deadline = Date.now() + timeout_seconds 1000;\n while (Date.now() < deadline) {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(created.id)}`,\n )) as {\n id: string;\n slug: string;\n state: string;\n auth_domain?: string;\n provisioning_error?: string;\n };\n if (ws.state === \"active\") {\n return SetupWorkspaceOutput.parse({\n workspace_id: ws.id,\n slug: ws.slug,\n auth_domain: ws.auth_domain ?? `auth.${ws.slug}.prysmid.com`,\n state: ws.state,\n });\n }\n if (ws.state === \"provisioning_failed\") {\n throw new Error(\n `Workspace provisioning failed: ${ws.provisioning_error ?? \"unknown reason\"}`,\n );\n }\n log.debug(`workspace ${created.id} state=${ws.state}, polling…`);\n await sleep(3000);\n }\n throw new Error(\n `Workspace did not reach state=active within ${timeout_seconds}s`,\n );\n },\n});\n\nfunction sleep(ms: number) {\n return new Promise((r) => setTimeout(r, ms));\n}\n\nexport const enableGoogleLogin = defineTool({\n name: \"enable_google_login\",\n description:\n \"Add Google as an identity provider on a workspace and enable external IdPs in the login policy. Hands you a checklist if external IdPs were already disabled — agent should confirm before flipping that flag.\",\n inputShape: {\n workspace: z.string().min(1),\n google_client_id: z.string().min(1),\n google_client_secret: z.string().min(1),\n name: z.string().default(\"Google\"),\n },\n handler: async (\n { workspace, google_client_id, google_client_secret, name },\n { client },\n ) => {\n // The IdP create body is the discriminated-union shape that\n // app/schemas/idp.py expects: `type` (not `provider`), and client_id /\n // client_secret are flat top-level fields (not nested under `config`).\n // Sending `provider` or nested config 422s the request before any handler\n // runs.\n const idp = await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n {\n method: \"POST\",\n body: {\n type: \"google\",\n name,\n client_id: google_client_id,\n client_secret: google_client_secret,\n },\n },\n );\n\n // Force-enable external IdP toggle in case the workspace had it off.\n await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body: { allow_external_idp: true } },\n );\n\n return { idp, login_policy: \"allow_external_idp=true\" };\n },\n});\n\ninterface SetupCheckItem {\n ok: boolean;\n name: string;\n details?: string;\n}\n\ntype ListResp = { items?: unknown[]; total?: number } \| unknown[];\n\nfunction countItems(resp: ListResp): number {\n if (Array.isArray(resp)) return resp.length;\n if (typeof resp.total === \"number\") return resp.total;\n if (Array.isArray(resp.items)) return resp.items.length;\n return 0;\n}\n\nexport const prysmidSetupCheck = defineTool({\n name: \"prysmid_setup_check\",\n description:\n \"Run a readiness checklist on a workspace: state=active, ≥1 OIDC app, ≥1 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable. Returns pass/fail per item plus a summary verdict.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) => {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}`,\n )) as { state: string; auth_domain?: string };\n const appsResp = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n )) as ListResp;\n const idpsResp = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n )) as ListResp;\n const policy = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n )) as {\n allow_username_password?: boolean;\n allow_register?: boolean;\n allow_external_idp?: boolean;\n force_mfa?: boolean;\n };\n const branding = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n )) as { primary_color?: string };\n\n // The list endpoints return { items, total } — but tolerate a raw array\n // too so the check stays robust if the projection ever flips back.\n const appsCount = countItems(appsResp);\n const idpsCount = countItems(idpsResp);\n const passwordsOpen =\n policy.allow_username_password === true &&\n policy.allow_register === true;\n\n const checks: SetupCheckItem[] = [\n {\n ok: ws.state === \"active\",\n name: \"workspace_active\",\n details: `state=${ws.state}`,\n },\n {\n ok: appsCount > 0,\n name: \"has_at_least_one_app\",\n details: `${appsCount} apps`,\n },\n {\n ok: idpsCount > 0 \|\| passwordsOpen,\n name: \"users_can_sign_in\",\n details:\n idpsCount > 0\n ? `${idpsCount} idps`\n : passwordsOpen\n ? \"no idps but username+password (with self-registration) allowed\"\n : \"no idps; enable allow_username_password+allow_register or add an IdP\",\n },\n {\n ok: !!branding.primary_color,\n name: \"branding_primary_color_set\",\n },\n {\n ok: policy.force_mfa === true \|\| idpsCount > 0,\n name: \"auth_strength_reasonable\",\n details: policy.force_mfa\n ? \"force_mfa=true\"\n : idpsCount > 0\n ? `${idpsCount} external IdP(s) — strength delegated upstream`\n : \"MFA off and no external IdPs — passwords-only is weak\",\n },\n ];\n const verdict = checks.every((c) => c.ok) ? \"ready\" : \"incomplete\";\n return { verdict, checks };\n },\n});\n\nexport const tools = [\n setupPrysmidWorkspace,\n enableGoogleLogin,\n prysmidSetupCheck,\n] as const;\n","/*\n Identity provider tools — Google, GitHub, Microsoft, generic OIDC.\n * Each create_* operation atomically: creates the IdP config AND adds it to\n * the login policy so it appears on the login screen. The Prysmid API\n * encapsulates that two-step lifecycle behind a single endpoint.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description:\n \"List identity providers (Google/GitHub/Microsoft/OIDC) configured on a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/idps`),\n});\n\nexport const addIdp = defineTool({\n name: \"add_idp\",\n description:\n \"Add an identity provider to the workspace and attach it to the login policy in one atomic call.\",\n inputShape: {\n workspace: z.string().min(1),\n type: z\n .enum([\"google\", \"github\", \"microsoft\", \"oidc\"])\n .describe(\"Identity provider kind. `microsoft` covers Azure AD / Entra.\"),\n name: z.string().min(1).describe(\"Display name shown on login screen\"),\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n scopes: z.array(z.string()).optional(),\n issuer: z\n .string()\n .url()\n .optional()\n .describe(\"Required for `oidc`; ignored otherwise\"),\n tenant_id: z\n .string()\n .optional()\n .describe(\n \"Optional for `microsoft` — lock to a specific Entra tenant GUID. Default accepts any account.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description:\n \"Remove an identity provider. Strips it from the login policy then deletes the config. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listIdps, addIdp, deleteIdp] as const;\n","/\n Login policy tools — control which authentication methods are allowed,\n * MFA enforcement, lockout thresholds. Patches are merge semantics on the\n * server side; only fields you set are changed.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description:\n \"Return the workspace's current login policy (password rules, MFA, IdPs allowed, lockout, etc.).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n ),\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description:\n \"Update the login policy. PATCH semantics — only fields you pass are changed; other policy fields stay as they were.\",\n inputShape: {\n workspace: z.string().min(1),\n allow_username_password: z.boolean().optional(),\n allow_register: z.boolean().optional(),\n allow_external_idp: z.boolean().optional(),\n force_mfa: z\n .boolean()\n .optional()\n .describe(\"Require any second factor at login\"),\n passwordless_type: z\n .enum([\n \"PASSWORDLESS_TYPE_NOT_ALLOWED\",\n \"PASSWORDLESS_TYPE_ALLOWED\",\n ])\n .optional()\n .describe(\"Enables passkey-first when set to ALLOWED\"),\n max_password_attempts: z.number().int().min(0).max(20).optional(),\n lockout_password_attempts: z.number().int().min(0).max(20).optional(),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getLoginPolicy, updateLoginPolicy] as const;\n","/\n User tools — list, invite (sends Zitadel init email), delete.\n * Invite is the primary creation path; users set their own password via the\n * email link. Direct user creation with pre-set credentials is intentionally\n * not exposed here.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List human users in a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n limit: z.number().int().min(1).max(500).default(100),\n },\n handler: async ({ workspace, limit }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users`,\n { query: { limit } },\n ),\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description:\n \"Invite a user by email. Idempotent by email — re-inviting an existing user is a no-op. Triggers a Zitadel init email with a 'set your password' link.\",\n inputShape: {\n workspace: z.string().min(1),\n email: z\n .string()\n .regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/, \"must be a valid email\"),\n first_name: z.string().min(1),\n last_name: z.string().min(1),\n preferred_language: z\n .string()\n .length(2)\n .default(\"en\")\n .describe(\"ISO 639-1, e.g. en/es/pt\"),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/invite`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete a user by id. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n user_id: z.string().min(1),\n },\n handler: async ({ workspace, user_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/${encodeURIComponent(user_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listUsers, inviteUser, deleteUser] as const;\n","/\n Hand-written workspace tools. These are the ones agents reach for first;\n * the rest of the surface is auto-generated from OpenAPI in a later pass.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description:\n \"List Prysmid workspaces accessible to the current API token. Returns an array of {id, slug, display_name, plan, state}.\",\n inputShape: {},\n handler: async (_input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"GET\" }),\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get a single workspace by slug or id.\",\n inputShape: {\n workspace: z\n .string()\n .min(1)\n .describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}`),\n});\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description:\n \"Create a new Prysmid workspace. Provisioning runs in the background; the response returns immediately with state=provisioning. Poll `get_workspace` until state=active (~30s).\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/, \"lowercase alphanumeric and hyphens only\")\n .describe(\"Subdomain-safe slug — becomes auth.<slug>.prysmid.com\"),\n display_name: z.string().min(1).max(255),\n },\n handler: async (input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"POST\", body: input }),\n});\n\nexport const tools = [listWorkspaces, getWorkspace, createWorkspace] as const;\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createApp = defineTool({\n name: \"create_app\",\n description: \"Create App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n name: z.string().min(1).max(200),\n redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user back after auth. At least one required.\"),\n post_logout_redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user after logout.\").optional(),\n app_type: z.enum([\"web\", \"spa\", \"native\"]).describe(\"App kind, drives OIDC grant + auth_method defaults.\\n\\n- `web`: server-rendered confidential client. Gets a `client_secret`.\\n- `spa`: single-page app (user-agent). Public, PKCE required, no secret.\\n- `native`: desktop/mobile. Public, PKCE required, no secret.\").optional(),\n dev_mode: z.boolean().describe(\"Relax HTTPS requirement on redirect_uris (allows http://localhost). Use only for local development; never in production.\").default(false),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteApp = defineTool({\n name: \"delete_app\",\n description: \"Delete App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n app_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, app_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps/${encodeURIComponent(String(app_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List Apps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"GET\" });\n },\n});\n\nexport const generatedAppsTools = [\n createApp,\n deleteApp,\n listApps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const billingCheckout = defineTool({\n name: \"billing_checkout\",\n description: \"Checkout\",\n inputShape: {\n workspace_id: z.string().uuid(),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/checkout`, { method: \"POST\", body: __body });\n },\n});\n\nexport const billingGetState = defineTool({\n name: \"billing_get_state\",\n description: \"Get State\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing`, { method: \"GET\" });\n },\n});\n\nexport const billingPortal = defineTool({\n name: \"billing_portal\",\n description: \"Portal\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/portal`, { method: \"POST\" });\n },\n});\n\nexport const updateSpendingCap = defineTool({\n name: \"update_spending_cap\",\n description: \"Update Spending Cap\",\n inputShape: {\n workspace_id: z.string().uuid(),\n cents: z.number().int().min(0).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/spending-cap`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBillingTools = [\n billingCheckout,\n billingGetState,\n billingPortal,\n updateSpendingCap,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteLogo = defineTool({\n name: \"delete_logo\",\n description: \"Delete Logo\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding/logo`, { method: \"DELETE\" });\n },\n});\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description: \"Get Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"GET\" });\n },\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description: \"Update Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n primary_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n primary_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n hide_login_name_suffix: z.boolean().nullable().optional(),\n disable_watermark: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBrandingTools = [\n deleteLogo,\n getBranding,\n updateBranding,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createIdp = defineTool({\n name: \"create_idp\",\n description: \"Create Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n type: z.enum([\"google\", \"github\", \"microsoft\", \"oidc\"]),\n name: z.string().min(1).max(200),\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n issuer: z.string().url().min(1).max(2083).nullable().optional(),\n tenant_id: z.string().nullable().optional(),\n scopes: z.array(z.string()).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description: \"Delete Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n idp_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, idp_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps/${encodeURIComponent(String(idp_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description: \"List Idps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"GET\" });\n },\n});\n\nexport const generatedIdpsTools = [\n createIdp,\n deleteIdp,\n listIdps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description: \"Get Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"GET\" });\n },\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description: \"Update Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n allow_username_password: z.boolean().nullable().optional(),\n allow_register: z.boolean().nullable().optional(),\n allow_external_idp: z.boolean().nullable().optional(),\n force_mfa: z.boolean().nullable().optional(),\n passwordless_allowed: z.boolean().nullable().optional(),\n second_factors: z.array(z.enum([\"otp\", \"u2f\", \"otp_email\", \"otp_sms\"])).nullable().optional(),\n multi_factors: z.array(z.enum([\"u2f_verified\"])).nullable().optional(),\n hide_password_reset: z.boolean().nullable().optional(),\n ignore_unknown_usernames: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedLoginPolicyTools = [\n getLoginPolicy,\n updateLoginPolicy,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getSmtp = defineTool({\n name: \"get_smtp\",\n description: \"Get Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"GET\" });\n },\n});\n\nexport const revertToPlatformDefault = defineTool({\n name: \"revert_to_platform_default\",\n description: \"Revert To Platform Default\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"DELETE\" });\n },\n});\n\nexport const setCustomSmtp = defineTool({\n name: \"set_custom_smtp\",\n description: \"Set Custom Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n host: z.string().min(1),\n port: z.number().int().min(1).max(65535),\n tls: z.boolean().default(true),\n sender_address: z.string().min(3).describe(\"Address that appears in the From header.\"),\n sender_name: z.string().min(1).max(200),\n user: z.string().min(1).describe(\"SMTP auth username.\"),\n password: z.string().min(1).describe(\"SMTP auth password / API key.\"),\n reply_to_address: z.string().describe(\"Optional Reply-To header.\").default(\"\"),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"PUT\", body: __body });\n },\n});\n\nexport const generatedSmtpTools = [\n getSmtp,\n revertToPlatformDefault,\n setCustomSmtp,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n user_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, user_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/${encodeURIComponent(String(user_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description: \"Invite User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n email: z.string().max(320).regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/),\n first_name: z.string().min(1).max(100),\n last_name: z.string().min(1).max(100),\n user_name: z.string().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/invite`, { method: \"POST\", body: __body });\n },\n});\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List Users\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users`, { method: \"GET\" });\n },\n});\n\nexport const generatedUsersTools = [\n deleteUser,\n inviteUser,\n listUsers,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description: \"Create Workspace\",\n inputShape: {\n slug: z.string().min(3).max(63).regex(/^[a-z][a-z0-9-][a-z0-9]$/).describe(\"URL-safe lowercase slug. Becomes part of auth.<slug>.prysmid.com.\"),\n display_name: z.string().min(1).max(255),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]).optional(),\n },\n handler: async (input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"POST\", body: input });\n },\n});\n\nexport const deleteWorkspace = defineTool({\n name: \"delete_workspace\",\n description: \"Delete Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"GET\" });\n },\n});\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description: \"List Workspaces\",\n inputShape: {},\n handler: async (_input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"GET\" });\n },\n});\n\nexport const retryProvisioning = defineTool({\n name: \"retry_provisioning\",\n description: \"Retry Provisioning\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/retry-provisioning`, { method: \"POST\" });\n },\n});\n\nexport const updateWorkspace = defineTool({\n name: \"update_workspace\",\n description: \"Update Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n display_name: z.string().min(1).max(255).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedWorkspacesTools = [\n createWorkspace,\n deleteWorkspace,\n getWorkspace,\n listWorkspaces,\n retryProvisioning,\n updateWorkspace,\n];\n","/*\n AUTO-GENERATED. Do not edit.\n \n Aggregates every tag's generated tools into a single array. The merge with\n * hand-written tools (where hand-written wins on name collision) lives in\n * src/index.ts.\n */\nimport { generatedAppsTools } from \"./apps.js\";\nimport { generatedBillingTools } from \"./billing.js\";\nimport { generatedBrandingTools } from \"./branding.js\";\nimport { generatedIdpsTools } from \"./idps.js\";\nimport { generatedLoginPolicyTools } from \"./login-policy.js\";\nimport { generatedSmtpTools } from \"./smtp.js\";\nimport { generatedUsersTools } from \"./users.js\";\nimport { generatedWorkspacesTools } from \"./workspaces.js\";\n\nexport const generatedTools = [\n ...generatedAppsTools,\n ...generatedBillingTools,\n ...generatedBrandingTools,\n ...generatedIdpsTools,\n ...generatedLoginPolicyTools,\n ...generatedSmtpTools,\n ...generatedUsersTools,\n ...generatedWorkspacesTools,\n];\n"],"mappings":";;;AAoBA,SAAS,iBAAiB;AAC1B,SAAS,4BAA4B;;;ACsCrC,IAAM,gBAAgB,CAAC,OACrB,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAEtC,IAAM,iBAAiB,CAAC,UAA0B;AAChD,aAAW,QAAQ,MAAO,SAAQ,OAAO,MAAM,GAAG,IAAI;AAAA,CAAI;AAC5D;AAEA,eAAsB,WACpB,MAC0B;AAC1B,QAAMA,SAAQ,KAAK,SAAS;AAC5B,QAAM,SAAS,KAAK,UAAU;AAC9B,QAAM,YAAY,KAAK,aAAa;AACpC,QAAM,EAAE,SAAS,IAAI,IAAI;AAEzB,QAAM,QAAQ,MAAM;AAAA,IAClB;AAAA,IACA,GAAG,OAAO;AAAA,IACV,CAAC;AAAA,EACH;AAEA,QAAM,YAAY,MAAM,6BAA6B,MAAM;AAC3D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU,SAAS;AAAA,IACnB;AAAA,IACA;AAAA,IACA,UAAU,MAAM,SAAS;AAAA,IACzB;AAAA,IACA,0CAA0C,MAAM,UAAU;AAAA,IAC1D;AAAA,EACF,CAAC;AAED,MAAI,WAAW,KAAK,IAAI,GAAG,MAAM,YAAY,CAAC;AAC9C,QAAM,WAAW,KAAK,IAAI,IAAI,MAAM,aAAa;AAEjD,SAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,UAAMA,OAAM,WAAW,GAAI;AAE3B,QAAI;AACJ,QAAI;AACF,YAAM,MAAM;AAAA,QACV;AAAA,QACA,GAAG,OAAO;AAAA,QACV,EAAE,aAAa,MAAM,YAAY;AAAA,MACnC;AAAA,IACF,SAAS,GAAG;AACV,UAAI,KAAK,wCAAwC;AAAA,QAC/C,OAAO,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC;AAAA,MAClD,CAAC;AACD;AAAA,IACF;AAEA,QAAI,IAAI,WAAW,YAAY;AAC7B,UAAI,CAAC,IAAI,cAAc;AACrB,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AACA,UAAI,KAAK,8BAA8B;AAAA,QACrC,WAAW,IAAI,cAAc;AAAA,MAC/B,CAAC;AACD,aAAO;AAAA,QACL,aAAa,IAAI;AAAA,QACjB,cAAc,IAAI,iBAAiB;AAAA,QACnC,WAAW,IAAI,cAAc;AAAA,MAC/B;AAAA,IACF;AACA,QAAI,IAAI,WAAW,aAAa;AAC9B,kBAAY;AACZ,UAAI,MAAM,yBAAyB,EAAE,aAAa,SAAS,CAAC;AAC5D;AAAA,IACF;AACA,QAAI,IAAI,WAAW,UAAW;AAC9B,QAAI,IAAI,WAAW,WAAW;AAC5B,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AACA,QAAI,IAAI,WAAW,UAAU;AAC3B,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AACA,QAAI,KAAK,8BAA8B,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,EAC/D;AAEA,QAAM,IAAI,MAAM,0CAA0C;AAC5D;AAEA,eAAe,SACb,WACA,KACA,MACY;AACZ,QAAM,MAAM,MAAM,UAAU,KAAK;AAAA,IAC/B,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oBAAoB,QAAQ,mBAAmB;AAAA,IAC1E,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AACD,QAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,QAAQ,GAAG,YAAY,IAAI,MAAM,IAAI,IAAI,EAAE;AAAA,EAC7D;AACA,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,UAAM,IAAI,MAAM,QAAQ,GAAG,uBAAuB,KAAK,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,EACxE;AACF;;;AChKO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EANkB;AAAA,EACA;AAAA,EACA;AAKpB;AAQO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YACmB,KACA,KAMA,gBAA+B,MAChD;AARiB;AACA;AAMA;AAAA,EAChB;AAAA,EARgB;AAAA,EACA;AAAA,EAMA;AAAA,EAGnB,IAAY,iBAAgC;AAC1C,WAAO,KAAK,iBAAiB,KAAK,IAAI;AAAA,EACxC;AAAA,EAEA,MAAM,QAAqB,MAAc,OAAuB,CAAC,GAAe;AAC9E,UAAM,QAAQ,KAAK;AACnB,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,KAAK,IAAI,UAAU,IAAI;AAC3C,QAAI,KAAK,OAAO;AACd,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,KAAK,GAAG;AAC/C,YAAI,MAAM,OAAW,KAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,MACxD;AAAA,IACF;AAEA,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAkC;AAAA,MACtC,eAAe,UAAU,KAAK;AAAA,MAC9B,QAAQ;AAAA,IACV;AACA,QAAI,KAAK,SAAS,OAAW,SAAQ,cAAc,IAAI;AAEvD,SAAK,IAAI,MAAM,QAAQ,MAAM,IAAI,IAAI,QAAQ,EAAE;AAC/C,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,IAC9D,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,UAAI;AACJ,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,eAAO,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ,QAAQ;AAAA,MACpE,QAAQ;AAAA,MAER;AACA,YAAM,IAAI;AAAA,QACR,eAAe,IAAI,MAAM,OAAO,MAAM,IAAI,IAAI;AAAA,QAC9C,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS,GAAI,QAAO;AACxB,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACvFA,IAAM,mBAAmB;AAElB,SAAS,WAAW,MAAyB,QAAQ,KAAa;AACvE,QAAM,WAAW,IAAI,oBAAoB,kBAAkB,QAAQ,QAAQ,EAAE;AAC7E,QAAM,WAAW,IAAI,mBAAmB,KAAK,KAAK;AAClD,QAAM,YAAY,IAAI,yBAAyB,QAAQ,YAAY;AACnE,QAAM,WACJ,aAAa,WAAW,aAAa,UAAU,aAAa,UACxD,WACA;AACN,SAAO,EAAE,SAAS,UAAU,SAAS;AACvC;;;ACjBA,IAAM,QAAQ,EAAE,OAAO,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,GAAG;AASlD,SAAS,WAAW,KAAuC;AAChE,QAAM,YAAY,MAAM,IAAI,QAAQ;AAEpC,WAAS,KAAK,OAA2B,KAAa,OAAiB;AACrE,QAAI,MAAM,KAAK,IAAI,UAAW;AAC9B,UAAM,MAAK,oBAAI,KAAK,GAAE,YAAY;AAClC,UAAM,UAAU,UAAU,SAAY,KAAK,IAAI,SAAS,KAAK,CAAC;AAC9D,YAAQ,OAAO,MAAM,GAAG,EAAE,IAAI,MAAM,YAAY,CAAC,IAAI,GAAG,GAAG,OAAO;AAAA,CAAI;AAAA,EACxE;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,IACnC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,EACrC;AACF;AAEA,SAAS,SAAS,GAAoB;AACpC,MAAI;AACF,WAAO,KAAK,UAAU,CAAC;AAAA,EACzB,QAAQ;AACN,WAAO,OAAO,CAAC;AAAA,EACjB;AACF;;;AC5BA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,SAAS,gBAAgB;AAClC,SAAS,SAAS,YAAY;AAU9B,IAAM,UAAU;AAChB,IAAM,YAAY;AAClB,IAAM,sBAAsB;AAErB,SAAS,aAAa,MAAyB,QAAQ,KAAa;AACzE,MAAI,SAAS,MAAM,SAAS;AAC1B,UAAM,OAAO,IAAI;AACjB,QAAI,KAAM,QAAO,KAAK,MAAM,SAAS,SAAS;AAC9C,WAAO,KAAK,QAAQ,GAAG,IAAI,OAAO,IAAI,SAAS;AAAA,EACjD;AACA,QAAM,MAAM,IAAI;AAChB,MAAI,IAAK,QAAO,KAAK,KAAK,SAAS,SAAS;AAC5C,SAAO,KAAK,QAAQ,GAAG,WAAW,SAAS,SAAS;AACtD;AAEO,SAAS,UACd,SACA,MAAyB,QAAQ,KACb;AACpB,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,CAAC,WAAW,IAAI,EAAG,QAAO;AAC9B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,aAAa,MAAM,MAAM,CAAC;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACA,MAAI,OAAO,YAAY,QAAS,QAAO;AACvC,QAAM,SAAS,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC3C,MAAI,OAAO,YAAY,uBAAuB,OAAQ,QAAO;AAC7D,MAAI,OAAO,OAAO,gBAAgB,YAAY,CAAC,OAAO,aAAa;AACjE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,UACd,OACA,MAAyB,QAAQ,KAC3B;AACN,QAAM,OAAO,aAAa,GAAG;AAC7B,YAAU,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C,gBAAc,MAAM,KAAK,UAAU,OAAO,MAAM,CAAC,GAAG,MAAM;AAC1D,MAAI,SAAS,MAAM,SAAS;AAC1B,QAAI;AACF,gBAAU,MAAM,GAAK;AAAA,IACvB,QAAQ;AAAA,IAER;AAAA,EACF;AACF;AAEO,SAAS,WAAW,MAAyB,QAAQ,KAAW;AACrE,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,WAAW,IAAI,GAAG;AACpB,WAAO,MAAM,EAAE,OAAO,KAAK,CAAC;AAAA,EAC9B;AACF;;;AChDO,SAAS,WAAoC,GAA2B;AAC7E,SAAO;AACT;AAOO,SAAS,YACd,QACA,KAEAC,QACM;AACN,aAAW,QAAQA,QAAO;AACxB,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,QACE,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,MACpB;AAAA;AAAA,MAEA,OAAO,UAAe;AACpB,YAAI;AACF,gBAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,GAAG;AAC5C,iBAAO;AAAA,YACL,SAAS;AAAA,cACP;AAAA,gBACE,MAAM;AAAA,gBACN,MACE,OAAO,WAAW,WACd,SACA,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,cACtC;AAAA,YACF;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAG/D,gBAAM,SACJ,eAAe,mBAAmB,IAAI,OAAO;AAAA,EAAK,IAAI,IAAI,KAAK;AACjE,cAAI,IAAI,MAAM,QAAQ,KAAK,IAAI,WAAW,EAAE,QAAQ,CAAC;AACrD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,SAAS;AAAA,cACP,EAAE,MAAM,QAAiB,MAAM,UAAU,OAAO,GAAG,MAAM,GAAG;AAAA,YAC9D;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxFA,SAAS,SAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,EAChE;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC;AAAA,IAC9C,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,UAAU,EAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,QAAQ,KAAK;AAAA,IACxD,UAAU,EACP,QAAQ,EACR,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,QAAQ,CAAC,UAAU,eAAe,aAAa;;;ACpD5D,SAAS,KAAAC,UAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAU,EACd,SAAS,EACT,SAAS,gDAAgD;AAAA,EAC9D;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,mBAAmB,GAAG,EAAE,OAAO,MAC1D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,mBAAmB,EAAE;AAAA,EAClD;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GAAE,KAAK,CAAC,KAAK,CAAC;AAAA,EACtB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,KAAK,GAAG,EAAE,OAAO,MAC5C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,MAAM,EAAE,KAAK,EAAE;AAAA,EACnC;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACxEA,SAAS,KAAAC,UAAS;AAIX,IAAM,cAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GACZ,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,kBAAkBA,GACf,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,aAAa,cAAc;;;AClDjD,SAAS,KAAAC,UAAS;AAIlB,IAAM,uBAAuBC,GAAE,OAAO;AAAA,EACpC,cAAcA,GAAE,OAAO;AAAA,EACvB,MAAMA,GAAE,OAAO;AAAA,EACf,aAAaA,GAAE,OAAO;AAAA,EACtB,OAAOA,GAAE,OAAO;AAClB,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,cAAc;AAAA,IACvB,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC9B,iBAAiBA,GACd,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,IAAI,GAAG,EACP,QAAQ,GAAG,EACX,SAAS,qDAAqD;AAAA,EACnE;AAAA,EACA,SAAS,OACP,EAAE,MAAM,cAAc,gBAAgB,GACtC,EAAE,QAAQ,IAAI,MACX;AACH,UAAM,UAAW,MAAM,OAAO,QAAQ,kBAAkB;AAAA,MACtD,QAAQ;AAAA,MACR,MAAM,EAAE,MAAM,aAAa;AAAA,IAC7B,CAAC;AAED,UAAM,WAAW,KAAK,IAAI,IAAI,kBAAkB;AAChD,WAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,YAAM,KAAM,MAAM,OAAO;AAAA,QACvB,kBAAkB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAClD;AAOA,UAAI,GAAG,UAAU,UAAU;AACzB,eAAO,qBAAqB,MAAM;AAAA,UAChC,cAAc,GAAG;AAAA,UACjB,MAAM,GAAG;AAAA,UACT,aAAa,GAAG,eAAe,QAAQ,GAAG,IAAI;AAAA,UAC9C,OAAO,GAAG;AAAA,QACZ,CAAC;AAAA,MACH;AACA,UAAI,GAAG,UAAU,uBAAuB;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,GAAG,sBAAsB,gBAAgB;AAAA,QAC7E;AAAA,MACF;AACA,UAAI,MAAM,aAAa,QAAQ,EAAE,UAAU,GAAG,KAAK,iBAAY;AAC/D,YAAM,MAAM,GAAI;AAAA,IAClB;AACA,UAAM,IAAI;AAAA,MACR,+CAA+C,eAAe;AAAA,IAChE;AAAA,EACF;AACF,CAAC;AAED,SAAS,MAAM,IAAY;AACzB,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAClC,sBAAsBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtC,MAAMA,GAAE,OAAO,EAAE,QAAQ,QAAQ;AAAA,EACnC;AAAA,EACA,SAAS,OACP,EAAE,WAAW,kBAAkB,sBAAsB,KAAK,GAC1D,EAAE,OAAO,MACN;AAMH,UAAM,MAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,MAAM;AAAA,UACN;AAAA,UACA,WAAW;AAAA,UACX,eAAe;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAGA,UAAM,OAAO;AAAA,MACX,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,oBAAoB,KAAK,EAAE;AAAA,IACxD;AAEA,WAAO,EAAE,KAAK,cAAc,0BAA0B;AAAA,EACxD;AACF,CAAC;AAUD,SAAS,WAAW,MAAwB;AAC1C,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO,KAAK;AACrC,MAAI,OAAO,KAAK,UAAU,SAAU,QAAO,KAAK;AAChD,MAAI,MAAM,QAAQ,KAAK,KAAK,EAAG,QAAO,KAAK,MAAM;AACjD,SAAO;AACT;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MAAM;AAC5C,UAAM,KAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,SAAU,MAAM,OAAO;AAAA,MAC3B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAMA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAIA,UAAM,YAAY,WAAW,QAAQ;AACrC,UAAM,YAAY,WAAW,QAAQ;AACrC,UAAM,gBACJ,OAAO,4BAA4B,QACnC,OAAO,mBAAmB;AAE5B,UAAM,SAA2B;AAAA,MAC/B;AAAA,QACE,IAAI,GAAG,UAAU;AAAA,QACjB,MAAM;AAAA,QACN,SAAS,SAAS,GAAG,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,QACE,IAAI,YAAY;AAAA,QAChB,MAAM;AAAA,QACN,SAAS,GAAG,SAAS;AAAA,MACvB;AAAA,MACA;AAAA,QACE,IAAI,YAAY,KAAK;AAAA,QACrB,MAAM;AAAA,QACN,SACE,YAAY,IACR,GAAG,SAAS,UACZ,gBACE,mEACA;AAAA,MACV;AAAA,MACA;AAAA,QACE,IAAI,CAAC,CAAC,SAAS;AAAA,QACf,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,OAAO,cAAc,QAAQ,YAAY;AAAA,QAC7C,MAAM;AAAA,QACN,SAAS,OAAO,YACZ,mBACA,YAAY,IACV,GAAG,SAAS,wDACZ;AAAA,MACR;AAAA,IACF;AACA,UAAM,UAAU,OAAO,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,UAAU;AACtD,WAAO,EAAE,SAAS,OAAO;AAAA,EAC3B;AACF,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AACF;;;ACxNA,SAAS,KAAAC,UAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GACH,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC,EAC9C,SAAS,8DAA8D;AAAA,IAC1E,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,oCAAoC;AAAA,IACrE,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,wCAAwC;AAAA,IACpD,WAAWA,GACR,OAAO,EACP,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,UAAU,QAAQ,SAAS;;;AC/DjD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,yBAAyBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9C,gBAAgBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACrC,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACzC,WAAWA,GACR,QAAQ,EACR,SAAS,EACT,SAAS,oCAAoC;AAAA,IAChD,mBAAmBA,GAChB,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,IACF,CAAC,EACA,SAAS,EACT,SAAS,2CAA2C;AAAA,IACvD,uBAAuBA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,IAChE,2BAA2BA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,EACtE;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,iBAAiB;;;AC9CvD,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,GAAG;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,MAAM,GAAG,EAAE,OAAO,MAC7C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,MAAM,EAAE;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GACJ,OAAO,EACP,MAAM,8BAA8B,uBAAuB;AAAA,IAC9D,YAAYA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC5B,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,OAAO,CAAC,EACR,QAAQ,IAAI,EACZ,SAAS,0BAA0B;AAAA,EACxC;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,SAASA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,UAAU,mBAAmB,OAAO,CAAC;AAAA,IACpF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,WAAW,YAAY,UAAU;;;AC1DvD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAC/B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AACtD,CAAC;AAEM,IAAM,eAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GACR,OAAO,EACP,IAAI,CAAC,EACL,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,EAAE;AACpE,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,gBAAgB,yCAAyC,EAC/D,SAAS,4DAAuD;AAAA,IACnE,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACzC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAC9B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AACpE,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,cAAc,eAAe;;;ACxCnE,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAeA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,sEAAsE;AAAA,IACzI,2BAA2BA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,4CAA4C,EAAE,SAAS;AAAA,IACtI,UAAUA,GAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,SAAS,uQAAuQ,EAAE,SAAS;AAAA,IACtU,UAAUA,GAAE,QAAQ,EAAE,SAAS,0HAA0H,EAAE,QAAQ,KAAK;AAAA,EAC1K;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,GAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAMC,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,GAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACAC;AACF;;;AClDA,SAAS,KAAAC,WAAS;AAIX,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,qBAAqB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACvI;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,YAAY,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,mBAAmB,EAAE,QAAQ,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,yBAAyB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAC5I;AACF,CAAC;AAEM,IAAM,wBAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC3DA,SAAS,KAAAC,WAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,kBAAkB,EAAE,QAAQ,SAAS,CAAC;AAAA,EACxH;AACF,CAAC;AAEM,IAAMC,eAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,MAAM,CAAC;AAAA,EAChH;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,eAAeA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,kBAAkBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC/F,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,oBAAoBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACjG,uBAAuBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACpG,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,wBAAwBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACxD,mBAAmBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAChI;AACF,CAAC;AAEM,IAAM,yBAAyB;AAAA,EACpC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACtDA,SAAS,KAAAC,WAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC;AAAA,IACtD,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9D,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC1C,QAAQA,IAAE,MAAMA,IAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAMC,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,IAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAME,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAAA,EACpH;AACF,CAAC;AAEM,IAAMC,qBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,yBAAyBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACzD,gBAAgBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,oBAAoBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,WAAWA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAC3C,sBAAsBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACtD,gBAAgBA,IAAE,MAAMA,IAAE,KAAK,CAAC,OAAO,OAAO,aAAa,SAAS,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,eAAeA,IAAE,MAAMA,IAAE,KAAK,CAAC,cAAc,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IACrE,qBAAqBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACrD,0BAA0BA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACpI;AACF,CAAC;AAEM,IAAM,4BAA4B;AAAA,EACvCD;AAAA,EACAE;AACF;;;ACxCA,SAAS,KAAAC,WAAS;AAIX,IAAM,UAAU,WAAW;AAAA,EAChC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,0BAA0B,WAAW;AAAA,EAChD,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtB,MAAMA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK;AAAA,IACvC,KAAKA,IAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAC7B,gBAAgBA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,0CAA0C;AAAA,IACrF,aAAaA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACtC,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,qBAAqB;AAAA,IACtD,UAAUA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,+BAA+B;AAAA,IACpE,kBAAkBA,IAAE,OAAO,EAAE,SAAS,2BAA2B,EAAE,QAAQ,EAAE;AAAA,EAC/E;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,OAAO,MAAM,OAAO,CAAC;AAAA,EAC1H;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,SAASA,IAAE,OAAO;AAAA,EACpB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,QAAQ,IAAI;AAClC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,mBAAmB,OAAO,OAAO,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACvJ;AACF,CAAC;AAEM,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,GAAG,EAAE,MAAM,4BAA4B;AAAA,IAC7D,YAAYA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACrC,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACpC,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACnI;AACF,CAAC;AAEM,IAAME,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC7G;AACF,CAAC;AAEM,IAAM,sBAAsB;AAAA,EACjCD;AAAA,EACAE;AAAA,EACAC;AACF;;;ACjDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,mBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,MAAMC,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,MAAM,2BAA2B,EAAE,SAAS,mEAAmE;AAAA,IAC/I,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACvC,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC,EAAE,SAAS;AAAA,EACvD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AAAA,EACzE;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC1G;AACF,CAAC;AAEM,IAAMC,gBAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvG;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAAM;AACrC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC3D;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,uBAAuB,EAAE,QAAQ,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EAC/D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,2BAA2B;AAAA,EACtCD;AAAA,EACA;AAAA,EACAE;AAAA,EACAC;AAAA,EACA;AAAA,EACA;AACF;;;ACzEO,IAAM,iBAAiB;AAAA,EAC5B,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;;;AvBcA,SAAS,gBAAAC,qBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,WAAAC,UAAS,eAAe;AAEjC,IAAM,cAAc;AAEpB,SAAS,cAAsB;AAC7B,MAAI;AACF,UAAM,OAAOA,SAAQ,cAAc,YAAY,GAAG,CAAC;AACnD,UAAM,MAAM,KAAK;AAAA,MACfD,cAAa,QAAQ,MAAM,MAAM,cAAc,GAAG,MAAM;AAAA,IAC1D;AACA,WAAO,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAYA,IAAM,oBAAsD;AAAA;AAAA,EAE1D,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,qBAAqB;AAAA,EACrB,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,mBAAmB;AACrB;AASO,SAAS,iBAAiC;AAC/C,QAAM,wBAAwB;AAAA,IAC5B,GAAGE;AAAA,IACH,GAAG;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA;AAAA,EAEL;AAEA,QAAM,mBAAmB,IAAI,IAAI,sBAAsB,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AACzE,QAAM,oBAAoB,eAAe,OAAO,CAAC,MAAM;AACrD,QAAI,iBAAiB,IAAI,EAAE,IAAI,EAAG,QAAO;AACzC,UAAM,QAAQ,kBAAkB,EAAE,IAAI;AACtC,QAAI,SAAS,iBAAiB,IAAI,KAAK,EAAG,QAAO;AACjD,WAAO;AAAA,EACT,CAAC;AAED,SAAO,CAAC,GAAG,uBAAuB,GAAG,iBAAiB;AACxD;AAUA,eAAsB,YACpB,KACA,KACsF;AACtF,MAAI,IAAI,SAAU,QAAO,EAAE,OAAO,IAAI,UAAU,MAAM,SAAS;AAE/D,QAAM,SAAS,UAAU,IAAI,OAAO;AACpC,MAAI,OAAQ,QAAO,EAAE,OAAO,OAAO,aAAa,MAAM,SAAS;AAE/D,MAAI,CAAC,QAAQ,OAAO,SAAS,CAAC,QAAQ,IAAI,2BAA2B;AACnE,QAAI;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,WAAW,EAAE,SAAS,IAAI,SAAS,IAAI,CAAC;AAAA,EACzD,SAAS,KAAK;AACZ,QAAI,MAAM,4BAA4B;AAAA,MACpC,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IACxD,CAAC;AACD,eAAW;AACX,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,QAAM,YACJ,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,aAAa;AACvD,YAAU;AAAA,IACR,SAAS,IAAI;AAAA,IACb,aAAa,OAAO;AAAA,IACpB,cAAc,OAAO;AAAA,IACrB;AAAA,EACF,CAAC;AACD,SAAO,EAAE,OAAO,OAAO,aAAa,MAAM,aAAa;AACzD;AAEA,eAAsB,OAAsB;AAE1C,MAAI,QAAQ,KAAK,CAAC,MAAM,UAAU;AAChC,eAAW;AACX,YAAQ,OAAO,MAAM,iDAAiD;AACtE;AAAA,EACF;AAEA,QAAM,MAAM,WAAW;AACvB,QAAM,MAAM,WAAW,GAAG;AAC1B,QAAM,OAAO,MAAM,YAAY,KAAK,GAAG;AACvC,QAAM,SAAS,IAAI,cAAc,KAAK,KAAK,KAAK,KAAK;AAErD,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,MAAM;AAAA,IACN,SAAS,YAAY;AAAA,EACvB,CAAC;AAED,QAAM,WAAW,eAAe;AAEhC,cAAY,QAAQ,EAAE,QAAQ,IAAI,GAAG,QAAQ;AAE7C,MAAI,KAAK,wBAAwB;AAAA,IAC/B,SAAS,IAAI;AAAA,IACb,OAAO,SAAS;AAAA,IAChB,UAAU,KAAK;AAAA,EACjB,CAAC;AAED,QAAM,YAAY,IAAI,qBAAqB;AAC3C,QAAM,OAAO,QAAQ,SAAS;AAChC;AAOA,IAAI,CAAC,QAAQ,IAAI,QAAQ;AACvB,OAAK,EAAE,MAAM,CAAC,QAAQ;AACpB,YAAQ,OAAO,MAAM,UAAU,eAAe,QAAQ,IAAI,QAAQ,GAAG;AAAA,CAAI;AACzE,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["sleep","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","listApps","z","z","z","z","getBranding","updateBranding","z","z","deleteIdp","listIdps","z","getLoginPolicy","z","updateLoginPolicy","z","z","z","deleteUser","z","inviteUser","listUsers","z","createWorkspace","z","getWorkspace","listWorkspaces","readFileSync","dirname","tools"]}
1	+ {"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/client.ts","../src/config.ts","../src/logger.ts","../src/tokenStore.ts","../src/tools/registry.ts","../src/tools/apps.ts","../src/tools/billing.ts","../src/tools/branding.ts","../src/tools/curated.ts","../src/tools/idps.ts","../src/tools/login_policy.ts","../src/tools/users.ts","../src/tools/workspaces.ts","../src/tools/generated/apps.ts","../src/tools/generated/billing.ts","../src/tools/generated/branding.ts","../src/tools/generated/idps.ts","../src/tools/generated/login-policy.ts","../src/tools/generated/smtp.ts","../src/tools/generated/users.ts","../src/tools/generated/workspaces.ts","../src/tools/generated/index.ts"],"sourcesContent":["/*\n Entrypoint — boots an MCP server over stdio with the full Prysmid tool set.\n \n Three layers of tools:\n * 1. handwritten — `src/tools/{apps,users,...}.ts`. Polished schemas,\n * curated descriptions, the canonical surface.\n * 2. curated — `src/tools/curated.ts`. Multi-step orchestrators (e.g.\n * `setup_prysmid_workspace`).\n * 3. generated — `src/tools/generated/.ts`. Auto-emitted from the live\n OpenAPI spec by `scripts/generate-tools.ts`. Covers everything else.\n \n Merge rule: handwritten and curated names always win. A generated tool\n * with the same `name` as one of them is dropped silently — the handwritten\n * version is the source of truth.\n \n MCP transport contract:\n * - JSON-RPC over stdin/stdout\n * - stdout is RESERVED for protocol bytes; logs go to stderr (see logger.ts)\n * - one process == one client; the agent spawns a fresh server per session\n /\nimport { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { deviceFlow } from \"./auth.js\";\nimport { PrysmidClient } from \"./client.js\";\nimport { loadConfig, type Config } from \"./config.js\";\nimport { makeLogger, type Logger } from \"./logger.js\";\nimport { clearToken, loadToken, saveToken } from \"./tokenStore.js\";\nimport { registerAll, type ToolDef } from \"./tools/registry.js\";\nimport { tools as appsTools } from \"./tools/apps.js\";\nimport { tools as billingTools } from \"./tools/billing.js\";\nimport { tools as brandingTools } from \"./tools/branding.js\";\nimport { tools as curatedTools } from \"./tools/curated.js\";\nimport { tools as idpsTools } from \"./tools/idps.js\";\nimport { tools as loginPolicyTools } from \"./tools/login_policy.js\";\nimport { tools as usersTools } from \"./tools/users.js\";\nimport { tools as workspaceTools } from \"./tools/workspaces.js\";\nimport { generatedTools } from \"./tools/generated/index.js\";\n\nimport { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, resolve } from \"node:path\";\n\nconst SERVER_NAME = \"prysmid\";\n\nfunction readVersion(): string {\n try {\n const here = dirname(fileURLToPath(import.meta.url));\n const pkg = JSON.parse(\n readFileSync(resolve(here, \"..\", \"package.json\"), \"utf8\"),\n );\n return typeof pkg.version === \"string\" ? pkg.version : \"0.0.0\";\n } catch {\n return \"0.0.0\";\n }\n}\n\n/\n Map of generated tool names that are superseded by a hand-written tool\n * with a different name (because the hand-written name is more agent-\n * friendly than what FastAPI's operationId produced). Without this, the\n * agent would see two near-duplicates: e.g. `add_idp` (curated) AND\n * `create_idp` (generated) for the same endpoint.\n \n Keep the LHS in sync with what the generator emits — if you rename a\n * hand-written tool, update this table.\n /\nconst GENERATED_ALIASES: Readonly<Record<string, string>> = {\n // generated name → handwritten that already covers it\n create_idp: \"add_idp\",\n create_app: \"create_oidc_app\",\n delete_app: \"delete_oidc_app\",\n update_spending_cap: \"set_spending_cap\",\n billing_checkout: \"start_billing_checkout\",\n billing_portal: \"start_billing_portal\",\n billing_get_state: \"get_billing\",\n};\n\n/\n Compose the final tool array. Hand-written + curated tools take\n * precedence over generated tools sharing the same `name`, AND over any\n * generated tool listed in {@link GENERATED_ALIASES}. Exported so tests\n * can assert merge behavior without booting the MCP server.\n /\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function composeToolset(): ToolDef<any>[] {\n const handwrittenAndCurated = [\n ...workspaceTools,\n ...appsTools,\n ...idpsTools,\n ...loginPolicyTools,\n ...usersTools,\n ...brandingTools,\n ...billingTools,\n ...curatedTools,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n ] as ToolDef<any>[];\n\n const handwrittenNames = new Set(handwrittenAndCurated.map((t) => t.name));\n const filteredGenerated = generatedTools.filter((t) => {\n if (handwrittenNames.has(t.name)) return false;\n const alias = GENERATED_ALIASES[t.name];\n if (alias && handwrittenNames.has(alias)) return false;\n return true;\n });\n\n return [...handwrittenAndCurated, ...filteredGenerated];\n}\n\n/\n Resolve the bearer token to use for API calls. Resolution order:\n * 1. PRYSMID_API_TOKEN env var (CI / static service tokens)\n * 2. Cached device-flow token at ~/.config/prysmid-mcp/token.json (or %APPDATA% on Windows)\n * 3. Run interactive device flow (browser + user code) and save to cache\n \n Returns the token plus the human-readable mode string for logs.\n /\nexport async function resolveAuth(\n cfg: Config,\n log: Logger,\n): Promise<{ token: string \| null; mode: \"bearer\" \| \"cached\" \| \"deviceflow\" \| \"none\" }> {\n if (cfg.apiToken) return { token: cfg.apiToken, mode: \"bearer\" };\n\n const cached = loadToken(cfg.apiBase);\n if (cached) return { token: cached.accessToken, mode: \"cached\" };\n\n if (!process.stderr.isTTY && !process.env.PRYSMID_FORCE_DEVICE_FLOW) {\n log.warn(\n \"no PRYSMID_API_TOKEN and no cached token; stderr is not a TTY so refusing to start interactive device flow. Set PRYSMID_API_TOKEN, run `npx -y @prysmid/mcp` once interactively to populate the cache, or set PRYSMID_FORCE_DEVICE_FLOW=1 to override.\",\n );\n return { token: null, mode: \"none\" };\n }\n\n let result;\n try {\n result = await deviceFlow({ apiBase: cfg.apiBase, log });\n } catch (err) {\n log.error(\"device flow login failed\", {\n error: err instanceof Error ? err.message : String(err),\n });\n clearToken();\n return { token: null, mode: \"none\" };\n }\n\n const expiresAt =\n Math.floor(Date.now() / 1000) + (result.expiresIn ?? 3600);\n saveToken({\n apiBase: cfg.apiBase,\n accessToken: result.accessToken,\n refreshToken: result.refreshToken,\n expiresAt,\n });\n return { token: result.accessToken, mode: \"deviceflow\" };\n}\n\nexport async function main(): Promise<void> {\n // `prysmid-mcp logout` — small subcommand that just clears the cache.\n if (process.argv[2] === \"logout\") {\n clearToken();\n process.stderr.write(\"prysmid-mcp: logged out (token cache cleared)\\n\");\n return;\n }\n\n const cfg = loadConfig();\n const log = makeLogger(cfg);\n const auth = await resolveAuth(cfg, log);\n const client = new PrysmidClient(cfg, log, auth.token);\n\n const server = new McpServer({\n name: SERVER_NAME,\n version: readVersion(),\n });\n\n const allTools = composeToolset();\n\n registerAll(server, { client, log }, allTools);\n\n log.info(`prysmid-mcp starting`, {\n apiBase: cfg.apiBase,\n tools: allTools.length,\n authMode: auth.mode,\n });\n\n const transport = new StdioServerTransport();\n await server.connect(transport);\n}\n\n// This module is only ever invoked as the package bin (MCP servers run as a\n// process per session). Cross-platform `import.meta.url === file://<argv[1]>`\n// is fragile (Windows backslash vs forward slash; symlinked paths) so we\n// just always boot UNLESS we're in vitest (which imports this module to\n// poke at the exports without wanting to connect a stdio transport).\nif (!process.env.VITEST) {\n main().catch((err) => {\n process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}\\n`);\n process.exit(1);\n });\n}\n","/\n OAuth 2.0 Device Authorization Grant client (RFC 8628).\n \n Flow:\n * 1. POST /v1/auth/device/start — get device_code + user_code + verification_uri\n * 2. Print user_code + URL to STDERR (stdout is reserved for MCP protocol)\n * 3. Poll POST /v1/auth/device/poll every `interval` seconds until:\n * - status=complete → return tokens\n * - status=slow_down → bump interval +5s, keep polling\n * - status=expired → throw\n * - status=denied → throw\n \n The platform side proxies these to Zitadel (auth.prysmid.com); the client\n * only ever talks to api.prysmid.com.\n /\nimport type { Logger } from \"./logger.js\";\n\nexport interface DeviceFlowToken {\n accessToken: string;\n refreshToken?: string;\n expiresIn?: number;\n}\n\ninterface DeviceStartResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete?: string \| null;\n interval: number;\n expires_in: number;\n}\n\ninterface DevicePollResponse {\n status: \"pending\" \| \"slow_down\" \| \"complete\" \| \"expired\" \| \"denied\";\n access_token?: string \| null;\n refresh_token?: string \| null;\n expires_in?: number \| null;\n error?: string \| null;\n}\n\nexport interface DeviceFlowOptions {\n apiBase: string;\n log: Logger;\n /\n Sleep function — overridable so tests can run instantly. Defaults to\n * setTimeout-based promise.\n /\n sleep?: (ms: number) => Promise<void>;\n /\n Print sink for the user-facing prompt (browser URL + code). Defaults to\n * stderr. Tests override to capture.\n /\n prompt?: (lines: string[]) => void;\n /\n Override the global fetch — kept for tests; production passes nothing.\n /\n fetchImpl?: typeof fetch;\n}\n\nconst DEFAULT_SLEEP = (ms: number): Promise<void> =>\n new Promise((r) => setTimeout(r, ms));\n\nconst DEFAULT_PROMPT = (lines: string[]): void => {\n for (const line of lines) process.stderr.write(`${line}\\n`);\n};\n\nexport async function deviceFlow(\n opts: DeviceFlowOptions,\n): Promise<DeviceFlowToken> {\n const sleep = opts.sleep ?? DEFAULT_SLEEP;\n const prompt = opts.prompt ?? DEFAULT_PROMPT;\n const fetchImpl = opts.fetchImpl ?? fetch;\n const { apiBase, log } = opts;\n\n const start = await postJson<DeviceStartResponse>(\n fetchImpl,\n `${apiBase}/v1/auth/device/start`,\n {},\n );\n\n const verifyUrl = start.verification_uri_complete \|\| start.verification_uri;\n prompt([\n \"\",\n \"─────────────────────────────────────────────────────────\",\n \" Prysmid MCP — Sign in to your account\",\n \"─────────────────────────────────────────────────────────\",\n \"\",\n \" 1. Open this URL in your browser:\",\n ` ${verifyUrl}`,\n \"\",\n \" 2. Confirm the code:\",\n ` ${start.user_code}`,\n \"\",\n ` Waiting for confirmation (expires in ${start.expires_in}s)…`,\n \"\",\n ]);\n\n let interval = Math.max(1, start.interval \|\| 5);\n const deadline = Date.now() + start.expires_in 1000;\n\n while (Date.now() < deadline) {\n await sleep(interval * 1000);\n\n let res: DevicePollResponse;\n try {\n res = await postJson<DevicePollResponse>(\n fetchImpl,\n `${apiBase}/v1/auth/device/poll`,\n { device_code: start.device_code },\n );\n } catch (e) {\n log.warn(\"device poll request failed, retrying\", {\n error: e instanceof Error ? e.message : String(e),\n });\n continue;\n }\n\n if (res.status === \"complete\") {\n if (!res.access_token) {\n throw new Error(\n \"Device flow returned status=complete but no access_token\",\n );\n }\n log.info(\"device flow login complete\", {\n expiresIn: res.expires_in ?? null,\n });\n return {\n accessToken: res.access_token,\n refreshToken: res.refresh_token ?? undefined,\n expiresIn: res.expires_in ?? undefined,\n };\n }\n if (res.status === \"slow_down\") {\n interval += 5;\n log.debug(\"device flow slow_down\", { newInterval: interval });\n continue;\n }\n if (res.status === \"pending\") continue;\n if (res.status === \"expired\") {\n throw new Error(\"Device code expired before authorization\");\n }\n if (res.status === \"denied\") {\n throw new Error(\"Authorization denied\");\n }\n log.warn(\"unknown device poll status\", { status: res.status });\n }\n\n throw new Error(\"Device code expired before authorization\");\n}\n\nasync function postJson<T>(\n fetchImpl: typeof fetch,\n url: string,\n body: unknown,\n): Promise<T> {\n const res = await fetchImpl(url, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\", Accept: \"application/json\" },\n body: JSON.stringify(body),\n });\n const text = await res.text();\n if (!res.ok) {\n throw new Error(`POST ${url} failed: ${res.status} ${text}`);\n }\n try {\n return JSON.parse(text) as T;\n } catch {\n throw new Error(`POST ${url} returned non-JSON: ${text.slice(0, 200)}`);\n }\n}\n","/*\n Prysmid API client — thin fetch wrapper that adds auth + maps errors.\n \n Auth model (MVP): static bearer via `PRYSMID_API_TOKEN`. Device-flow OAuth\n * lives in `auth.ts` and produces a token compatible with this client.\n /\nimport type { Config } from \"./config.js\";\nimport type { Logger } from \"./logger.js\";\n\nexport class PrysmidApiError extends Error {\n constructor(\n message: string,\n public readonly status: number,\n public readonly body: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"PrysmidApiError\";\n }\n}\n\nexport interface RequestOptions {\n method?: \"GET\" \| \"POST\" \| \"PUT\" \| \"PATCH\" \| \"DELETE\";\n body?: unknown;\n query?: Record<string, string \| number \| boolean \| undefined>;\n}\n\nexport class PrysmidClient {\n constructor(\n private readonly cfg: Config,\n private readonly log: Logger,\n /\n Optional override. When set (e.g. resolved via device flow + token cache),\n * takes precedence over `cfg.apiToken`. Keeps the env-driven path for the\n * `PRYSMID_API_TOKEN=…` mode untouched.\n /\n private readonly tokenOverride: string \| null = null,\n ) {}\n\n private get effectiveToken(): string \| null {\n return this.tokenOverride ?? this.cfg.apiToken;\n }\n\n async request<T = unknown>(path: string, opts: RequestOptions = {}): Promise<T> {\n const token = this.effectiveToken;\n if (!token) {\n throw new PrysmidApiError(\n \"No Prysmid API token. Set PRYSMID_API_TOKEN or complete device-flow login.\",\n 401,\n \"\",\n \"auth.no_token\",\n );\n }\n\n const url = new URL(this.cfg.apiBase + path);\n if (opts.query) {\n for (const [k, v] of Object.entries(opts.query)) {\n if (v !== undefined) url.searchParams.set(k, String(v));\n }\n }\n\n const method = opts.method ?? \"GET\";\n const headers: Record<string, string> = {\n Authorization: `Bearer ${token}`,\n Accept: \"application/json\",\n };\n if (opts.body !== undefined) headers[\"Content-Type\"] = \"application/json\";\n\n this.log.debug(`HTTP ${method} ${url.pathname}`);\n const res = await fetch(url, {\n method,\n headers,\n body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n });\n\n const text = await res.text();\n if (!res.ok) {\n let code: string \| undefined;\n try {\n const parsed = JSON.parse(text);\n code = typeof parsed?.error === \"string\" ? parsed.error : parsed?.code;\n } catch {\n // body wasn't JSON\n }\n throw new PrysmidApiError(\n `Prysmid API ${res.status} on ${method} ${path}`,\n res.status,\n text,\n code,\n );\n }\n\n if (text === \"\") return undefined as T;\n try {\n return JSON.parse(text) as T;\n } catch {\n return text as unknown as T;\n }\n }\n}\n","/\n Runtime configuration. Pulled from env at startup; immutable thereafter.\n \n The MCP runs as a long-lived stdio process — env reads happen once.\n /\n\nexport interface Config {\n apiBase: string;\n apiToken: string \| null;\n logLevel: \"debug\" \| \"info\" \| \"warn\" \| \"error\";\n}\n\nconst DEFAULT_API_BASE = \"https://api.prysmid.com\";\n\nexport function loadConfig(env: NodeJS.ProcessEnv = process.env): Config {\n const apiBase = (env.PRYSMID_API_BASE ?? DEFAULT_API_BASE).replace(/\\/+$/, \"\");\n const apiToken = env.PRYSMID_API_TOKEN?.trim() \|\| null;\n const rawLevel = (env.PRYSMID_MCP_LOG_LEVEL ?? \"info\").toLowerCase();\n const logLevel: Config[\"logLevel\"] =\n rawLevel === \"debug\" \|\| rawLevel === \"warn\" \|\| rawLevel === \"error\"\n ? rawLevel\n : \"info\";\n return { apiBase, apiToken, logLevel };\n}\n","/\n stderr-only logger. MCP servers MUST NOT write to stdout — that channel\n * is reserved for the JSON-RPC protocol; any stray byte breaks the agent.\n /\nimport type { Config } from \"./config.js\";\n\nconst ORDER = { debug: 10, info: 20, warn: 30, error: 40 } as const;\n\nexport interface Logger {\n debug: (msg: string, extra?: unknown) => void;\n info: (msg: string, extra?: unknown) => void;\n warn: (msg: string, extra?: unknown) => void;\n error: (msg: string, extra?: unknown) => void;\n}\n\nexport function makeLogger(cfg: Pick<Config, \"logLevel\">): Logger {\n const threshold = ORDER[cfg.logLevel];\n\n function emit(level: keyof typeof ORDER, msg: string, extra?: unknown) {\n if (ORDER[level] < threshold) return;\n const ts = new Date().toISOString();\n const payload = extra === undefined ? \"\" : ` ${safeJSON(extra)}`;\n process.stderr.write(`${ts} ${level.toUpperCase()} ${msg}${payload}\\n`);\n }\n\n return {\n debug: (m, e) => emit(\"debug\", m, e),\n info: (m, e) => emit(\"info\", m, e),\n warn: (m, e) => emit(\"warn\", m, e),\n error: (m, e) => emit(\"error\", m, e),\n };\n}\n\nfunction safeJSON(x: unknown): string {\n try {\n return JSON.stringify(x);\n } catch {\n return String(x);\n }\n}\n","/\n On-disk cache for the device-flow access token.\n \n Path layout:\n * - Windows: %APPDATA%\\prysmid-mcp\\token.json\n * - Linux/macOS: $XDG_CONFIG_HOME/prysmid-mcp/token.json (default ~/.config/prysmid-mcp)\n * - Fallback: ~/.prysmid-mcp/token.json\n \n The cache is keyed by `apiBase` so switching between staging/prod is safe.\n * Token file is mode 0600 on Unix; Windows ignores the chmod.\n /\nimport {\n chmodSync,\n existsSync,\n mkdirSync,\n readFileSync,\n rmSync,\n writeFileSync,\n} from \"node:fs\";\nimport { homedir, platform } from \"node:os\";\nimport { dirname, join } from \"node:path\";\n\nexport interface CachedToken {\n apiBase: string;\n accessToken: string;\n refreshToken?: string;\n /* Unix epoch seconds. /\n expiresAt: number;\n}\n\nconst APP_DIR = \"prysmid-mcp\";\nconst FILE_NAME = \"token.json\";\nconst EXPIRY_SKEW_SECONDS = 60;\n\nexport function getTokenPath(env: NodeJS.ProcessEnv = process.env): string {\n if (platform() === \"win32\") {\n const base = env.APPDATA;\n if (base) return join(base, APP_DIR, FILE_NAME);\n return join(homedir(), `.${APP_DIR}`, FILE_NAME);\n }\n const xdg = env.XDG_CONFIG_HOME;\n if (xdg) return join(xdg, APP_DIR, FILE_NAME);\n return join(homedir(), \".config\", APP_DIR, FILE_NAME);\n}\n\nexport function loadToken(\n apiBase: string,\n env: NodeJS.ProcessEnv = process.env,\n): CachedToken \| null {\n const path = getTokenPath(env);\n if (!existsSync(path)) return null;\n let parsed: CachedToken;\n try {\n parsed = JSON.parse(readFileSync(path, \"utf8\")) as CachedToken;\n } catch {\n return null;\n }\n if (parsed.apiBase !== apiBase) return null;\n const nowSec = Math.floor(Date.now() / 1000);\n if (parsed.expiresAt - EXPIRY_SKEW_SECONDS <= nowSec) return null;\n if (typeof parsed.accessToken !== \"string\" \|\| !parsed.accessToken) {\n return null;\n }\n return parsed;\n}\n\nexport function saveToken(\n token: CachedToken,\n env: NodeJS.ProcessEnv = process.env,\n): void {\n const path = getTokenPath(env);\n mkdirSync(dirname(path), { recursive: true });\n writeFileSync(path, JSON.stringify(token, null, 2), \"utf8\");\n if (platform() !== \"win32\") {\n try {\n chmodSync(path, 0o600);\n } catch {\n // best-effort\n }\n }\n}\n\nexport function clearToken(env: NodeJS.ProcessEnv = process.env): void {\n const path = getTokenPath(env);\n if (existsSync(path)) {\n rmSync(path, { force: true });\n }\n}\n","/\n Tool registry — single place where every MCP tool lives. Each tool exports\n * its input schema (Zod) + handler; `registerAll` wires them into the SDK.\n \n Two flavors of tools coexist:\n * - generated: 1:1 with REST endpoints, produced by `scripts/generate-tools.ts`\n * (lives under `tools/generated/` once the script runs)\n - curated: high-level orchestrators a human/agent actually wants to call,\n * e.g. `setup_prysmid_workspace(company_name)` that combines several\n * endpoints. These live under `tools/curated/`.\n \n * Both share the same `Tool` shape so the registry is uniform.\n /\nimport type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { z } from \"zod\";\n\nimport { PrysmidApiError, type PrysmidClient } from \"../client.js\";\nimport type { Logger } from \"../logger.js\";\n\nexport interface ToolContext {\n client: PrysmidClient;\n log: Logger;\n}\n\nexport interface ToolDef<I extends z.ZodRawShape> {\n name: string;\n description: string;\n inputShape: I;\n /\n Handler returns plain JSON-able output. The SDK serializes it into\n * MCP `content` blocks; we wrap to text by default (most MCP UIs render it\n * better than structured content).\n /\n handler: (\n input: z.infer<z.ZodObject<I>>,\n ctx: ToolContext,\n ) => Promise<unknown>;\n}\n\nexport function defineTool<I extends z.ZodRawShape>(t: ToolDef<I>): ToolDef<I> {\n return t;\n}\n\n// `ToolDef<any>` here intentionally — the array is heterogeneous (each tool\n// has its own input shape) and the SDK's registerTool only cares about the\n// runtime Zod object, not compile-time type inference. Without `any` there's\n// no single ZodRawShape that satisfies every entry simultaneously.\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function registerAll(\n server: McpServer,\n ctx: ToolContext,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n tools: ReadonlyArray<ToolDef<any>>,\n): void {\n for (const tool of tools) {\n server.registerTool(\n tool.name,\n {\n description: tool.description,\n inputSchema: tool.inputShape,\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async (input: any) => {\n try {\n const result = await tool.handler(input, ctx);\n return {\n content: [\n {\n type: \"text\" as const,\n text:\n typeof result === \"string\"\n ? result\n : JSON.stringify(result, null, 2),\n },\n ],\n };\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n // For API errors, surface the response body so callers see the\n // FastAPI validation detail instead of a bare status code.\n const detail =\n err instanceof PrysmidApiError && err.body ? `\\n${err.body}` : \"\";\n ctx.log.error(`tool ${tool.name} failed`, { message });\n return {\n isError: true,\n content: [\n { type: \"text\" as const, text: `error: ${message}${detail}` },\n ],\n };\n }\n },\n );\n }\n}\n","/\n OIDC application tools — list, create, delete on a workspace's apps.\n * Apps are the integration unit: each one represents one downstream service\n * (web app, mobile app, CLI) that authenticates via Prysmid.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List all OIDC apps in a workspace.\",\n inputShape: {\n workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/apps`),\n});\n\nexport const createOidcApp = defineTool({\n name: \"create_oidc_app\",\n description:\n \"Create an OIDC application in a workspace. Returns client_id (and client_secret only when app_type=web). app_type=web is a confidential server-rendered app; spa and native are public clients that use PKCE and have no secret.\",\n inputShape: {\n workspace: z.string().min(1),\n name: z.string().min(1).max(255),\n redirect_uris: z.array(z.string().url()).min(1),\n post_logout_redirect_uris: z.array(z.string().url()).optional(),\n app_type: z.enum([\"web\", \"spa\", \"native\"]).default(\"web\"),\n dev_mode: z\n .boolean()\n .default(false)\n .describe(\n \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteOidcApp = defineTool({\n name: \"delete_oidc_app\",\n description: \"Delete an OIDC app. Idempotent — 404 returns success.\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n },\n handler: async ({ workspace, app_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nconst APP_TYPE = z.enum([\"web\", \"spa\", \"native\"]);\nconst AUTH_METHOD = z.enum([\n \"client_secret_basic\",\n \"client_secret_post\",\n \"none\",\n \"private_key_jwt\",\n]);\nconst GRANT_TYPE = z.enum([\n \"authorization_code\",\n \"refresh_token\",\n \"implicit\",\n \"device_code\",\n \"token_exchange\",\n]);\n\nexport const getApp = defineTool({\n name: \"get_app\",\n description:\n \"Fetch full detail for one OIDC app: redirect URIs, grant types, auth method, dev_mode, timestamps. Never returns the client_secret — use regenerate_app_secret to mint a new one.\",\n inputShape: {\n workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n app_id: z.string().min(1),\n },\n handler: async ({ workspace, app_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n ),\n});\n\nexport const updateApp = defineTool({\n name: \"update_app\",\n description:\n \"Patch mutable fields on an OIDC app: redirect URIs, post-logout URIs, grant types, auth method, dev_mode. All fields optional — only provided keys change. client_secret is NEVER accepted here; use regenerate_app_secret to rotate it.\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n redirect_uris: z.array(z.string().url()).optional(),\n post_logout_redirect_uris: z.array(z.string().url()).optional(),\n grant_types: z.array(GRANT_TYPE).optional(),\n auth_method: AUTH_METHOD.optional(),\n dev_mode: z\n .boolean()\n .optional()\n .describe(\n \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n ),\n },\n handler: async ({ workspace, app_id, ...patch }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n { method: \"PATCH\", body: patch },\n ),\n});\n\nexport const regenerateAppSecret = defineTool({\n name: \"regenerate_app_secret\",\n description:\n \"Destructive — invalidates the current secret immediately. Returns the new secret plaintext ONCE. Set confirm=true to proceed. Only valid for app_type=web (confidential clients); spa/native are public and have no secret (the API returns 422 in that case).\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n confirm: z\n .literal(true)\n .describe(\n \"Must be true to acknowledge that the current secret will be invalidated immediately.\",\n ),\n },\n handler: async ({ workspace, app_id, confirm }, { client }) => {\n if (confirm !== true) {\n throw new Error(\n \"regenerate_app_secret refused: pass confirm=true to acknowledge that the current secret will be invalidated immediately and the new secret is surfaced only once.\",\n );\n }\n return client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}/regenerate-secret`,\n { method: \"POST\" },\n );\n },\n});\n\n// Exported for use in index.ts composeToolset (handwritten precedence).\n// Also re-exported as `appTypeEnum` etc. would be unnecessary; the tools list\n// is the only surface the registry needs.\nexport const tools = [\n listApps,\n createOidcApp,\n deleteOidcApp,\n getApp,\n updateApp,\n regenerateAppSecret,\n] as const;\n","/\n Billing tools — read state, manage spending cap, generate Stripe portal URL.\n * Checkout/upgrade flow returns a Stripe-hosted URL; the agent surfaces it to\n * the user for them to navigate (we don't process payment data here).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBilling = defineTool({\n name: \"get_billing\",\n description:\n \"Get current billing state: plan, subscription status, current period, spending_cap_cents, signups_blocked.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing`,\n ),\n});\n\nexport const setSpendingCap = defineTool({\n name: \"set_spending_cap\",\n description:\n \"Cap monthly Pro overage spend (cents). Pass null to remove cap (unlimited). When projected overage exceeds cap, signups_blocked flips on.\",\n inputShape: {\n workspace: z.string().min(1),\n spending_cap_cents: z\n .number()\n .int()\n .min(0)\n .max(10_000_000)\n .nullable()\n .describe(\"Max overage cents per period; null = unlimited\"),\n },\n handler: async ({ workspace, spending_cap_cents }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/spending-cap`,\n { method: \"PATCH\", body: { spending_cap_cents } },\n ),\n});\n\nexport const startCheckout = defineTool({\n name: \"start_billing_checkout\",\n description:\n \"Create a Stripe Checkout session for upgrading. Returns the URL the user must visit. Plan must be `pro` (Free has no checkout; Enterprise is sales-only).\",\n inputShape: {\n workspace: z.string().min(1),\n plan: z.enum([\"pro\"]),\n },\n handler: async ({ workspace, plan }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/checkout`,\n { method: \"POST\", body: { plan } },\n ),\n});\n\nexport const startBillingPortal = defineTool({\n name: \"start_billing_portal\",\n description:\n \"Create a Stripe customer-portal session URL where the user manages payment methods, downloads invoices, cancels subscription.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/portal`,\n { method: \"POST\" },\n ),\n});\n\nexport const tools = [\n getBilling,\n setSpendingCap,\n startCheckout,\n startBillingPortal,\n] as const;\n","/\n Branding tools — colors, fonts, logo for the login page. Logo upload is\n * out of MCP scope (multipart binary uploads don't fit MCP tool semantics\n * cleanly); use the dashboard or API directly for that.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description:\n \"Return the workspace's active branding policy (colors, fonts, hide-prysmid-watermark flag, logo URLs).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n ),\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description:\n \"Update branding colors and watermark. Hex colors as `#RRGGBB`. Activates the policy after update — change shows on next login screen render.\",\n inputShape: {\n workspace: z.string().min(1),\n primary_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n background_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n warn_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n font_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n disable_watermark: z\n .boolean()\n .optional()\n .describe(\n \"Hide 'Powered by Prysmid' on the login screen (Pro+ only — Free silently ignored).\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getBranding, updateBranding] as const;\n","/\n Curated high-level tools — the ones agents would naturally reach for to\n * accomplish a goal in one call, instead of orchestrating 4 raw endpoints.\n \n Keep these small: each represents one end-user intent (\"set up a workspace\n * with Google login\"). Branch logic and prompts stay on the agent side; this\n * file only owns the API choreography.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst SetupWorkspaceOutput = z.object({\n workspace_id: z.string(),\n slug: z.string(),\n auth_domain: z.string(),\n state: z.string(),\n});\n\nexport const setupPrysmidWorkspace = defineTool({\n name: \"setup_prysmid_workspace\",\n description:\n \"Create a new workspace and wait until it's fully provisioned (Zitadel instance, SMTP, DNS). Returns the live auth_domain ready to integrate.\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/),\n display_name: z.string().min(1),\n timeout_seconds: z\n .number()\n .int()\n .min(10)\n .max(300)\n .default(120)\n .describe(\"Max time to wait for provisioning before returning.\"),\n },\n handler: async (\n { slug, display_name, timeout_seconds },\n { client, log },\n ) => {\n const created = (await client.request(\"/v1/workspaces\", {\n method: \"POST\",\n body: { slug, display_name },\n })) as { id: string; slug: string; state: string; auth_domain?: string };\n\n const deadline = Date.now() + timeout_seconds 1000;\n while (Date.now() < deadline) {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(created.id)}`,\n )) as {\n id: string;\n slug: string;\n state: string;\n auth_domain?: string;\n provisioning_error?: string;\n };\n if (ws.state === \"active\") {\n return SetupWorkspaceOutput.parse({\n workspace_id: ws.id,\n slug: ws.slug,\n auth_domain: ws.auth_domain ?? `auth.${ws.slug}.prysmid.com`,\n state: ws.state,\n });\n }\n if (ws.state === \"provisioning_failed\") {\n throw new Error(\n `Workspace provisioning failed: ${ws.provisioning_error ?? \"unknown reason\"}`,\n );\n }\n log.debug(`workspace ${created.id} state=${ws.state}, polling…`);\n await sleep(3000);\n }\n throw new Error(\n `Workspace did not reach state=active within ${timeout_seconds}s`,\n );\n },\n});\n\nfunction sleep(ms: number) {\n return new Promise((r) => setTimeout(r, ms));\n}\n\nexport const enableGoogleLogin = defineTool({\n name: \"enable_google_login\",\n description:\n \"Add Google as an identity provider on a workspace and enable external IdPs in the login policy. Hands you a checklist if external IdPs were already disabled — agent should confirm before flipping that flag.\",\n inputShape: {\n workspace: z.string().min(1),\n google_client_id: z.string().min(1),\n google_client_secret: z.string().min(1),\n name: z.string().default(\"Google\"),\n },\n handler: async (\n { workspace, google_client_id, google_client_secret, name },\n { client },\n ) => {\n // The IdP create body is the discriminated-union shape that\n // app/schemas/idp.py expects: `type` (not `provider`), and client_id /\n // client_secret are flat top-level fields (not nested under `config`).\n // Sending `provider` or nested config 422s the request before any handler\n // runs.\n const idp = await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n {\n method: \"POST\",\n body: {\n type: \"google\",\n name,\n client_id: google_client_id,\n client_secret: google_client_secret,\n },\n },\n );\n\n // Force-enable external IdP toggle in case the workspace had it off.\n await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body: { allow_external_idp: true } },\n );\n\n return { idp, login_policy: \"allow_external_idp=true\" };\n },\n});\n\ninterface SetupCheckItem {\n ok: boolean;\n name: string;\n details?: string;\n}\n\ntype ListResp = { items?: unknown[]; total?: number } \| unknown[];\n\nfunction countItems(resp: ListResp): number {\n if (Array.isArray(resp)) return resp.length;\n if (typeof resp.total === \"number\") return resp.total;\n if (Array.isArray(resp.items)) return resp.items.length;\n return 0;\n}\n\ntype IdpListItem = { id: string; name?: string; type?: string };\ntype IdpListResp = ListResp & { items?: IdpListItem[] };\ntype ProbeResp = {\n ok: boolean;\n provider_reachable: boolean;\n credentials_ok?: boolean \| null;\n redirect_uri_ok?: boolean \| null;\n error_code?: string \| null;\n error_detail?: string \| null;\n};\n\nfunction listOf(resp: ListResp): unknown[] {\n if (Array.isArray(resp)) return resp;\n if (Array.isArray(resp.items)) return resp.items;\n return [];\n}\n\nexport const prysmidSetupCheck = defineTool({\n name: \"prysmid_setup_check\",\n description:\n \"Run a readiness checklist on a workspace: state=active, ≥1 OIDC app, ≥1 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable, AND (by default) every external IdP probes successfully against its upstream provider. Returns pass/fail per item plus a summary verdict. Set `probe_idps=false` to skip the live probe (faster, but won't catch redirect_uri_mismatch or invalid client_secret until a real end-user hits the broken IdP).\",\n inputShape: {\n workspace: z.string().min(1),\n probe_idps: z\n .boolean()\n .optional()\n .describe(\n \"Run a live probe against each external IdP's upstream authorize endpoint. Default true. Set false to skip if the latency matters more than the safety (will not catch redirect_uri_mismatch or invalid_client until a real end-user signs in).\",\n ),\n },\n handler: async ({ workspace, probe_idps = true }, { client }) => {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}`,\n )) as { state: string; auth_domain?: string };\n const appsResp = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n )) as ListResp;\n const idpsResp = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n )) as IdpListResp;\n const policy = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n )) as {\n allow_username_password?: boolean;\n allow_register?: boolean;\n allow_external_idp?: boolean;\n force_mfa?: boolean;\n };\n const branding = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n )) as { primary_color?: string };\n\n // The list endpoints return { items, total } — but tolerate a raw array\n // too so the check stays robust if the projection ever flips back.\n const appsCount = countItems(appsResp);\n const idpsCount = countItems(idpsResp);\n const idpItems = listOf(idpsResp) as IdpListItem[];\n const passwordsOpen =\n policy.allow_username_password === true &&\n policy.allow_register === true;\n\n const checks: SetupCheckItem[] = [\n {\n ok: ws.state === \"active\",\n name: \"workspace_active\",\n details: `state=${ws.state}`,\n },\n {\n ok: appsCount > 0,\n name: \"has_at_least_one_app\",\n details: `${appsCount} apps`,\n },\n {\n ok: idpsCount > 0 \|\| passwordsOpen,\n name: \"users_can_sign_in\",\n details:\n idpsCount > 0\n ? `${idpsCount} idps`\n : passwordsOpen\n ? \"no idps but username+password (with self-registration) allowed\"\n : \"no idps; enable allow_username_password+allow_register or add an IdP\",\n },\n {\n ok: !!branding.primary_color,\n name: \"branding_primary_color_set\",\n },\n {\n ok: policy.force_mfa === true \|\| idpsCount > 0,\n name: \"auth_strength_reasonable\",\n details: policy.force_mfa\n ? \"force_mfa=true\"\n : idpsCount > 0\n ? `${idpsCount} external IdP(s) — strength delegated upstream`\n : \"MFA off and no external IdPs — passwords-only is weak\",\n },\n ];\n\n // Functional probe of each external IdP. Closes the gap where the\n // checklist reported `ready` because the IdP record existed, but the\n // OAuth flow was actually broken (redirect_uri_mismatch, invalid client_id)\n // — discoverable only via real-world login. Default-on so casual users\n // don't have to know to ask for it; opt-out via probe_idps=false for the\n // rare case where the probe latency matters more than the safety.\n if (probe_idps && idpItems.length > 0) {\n const probeResults: { id: string; result: ProbeResp; error?: string }[] = [];\n for (const idp of idpItems) {\n try {\n const probe = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp.id)}/probe`,\n { method: \"POST\" },\n )) as ProbeResp;\n probeResults.push({ id: idp.id, result: probe });\n } catch (err) {\n probeResults.push({\n id: idp.id,\n result: { ok: false, provider_reachable: false },\n error: err instanceof Error ? err.message : String(err),\n });\n }\n }\n const allOk = probeResults.every((r) => r.result.ok);\n const summary = probeResults\n .map((r) => {\n const code = r.result.error_code ? ` (${r.result.error_code})` : \"\";\n return `${r.id}=${r.result.ok ? \"ok\" : \"fail\"}${code}`;\n })\n .join(\", \");\n const firstFailure = probeResults.find((r) => !r.result.ok);\n const details = firstFailure\n ? `${summary}. First failure: ${firstFailure.result.error_detail ?? firstFailure.error ?? \"no detail\"}`\n : summary;\n checks.push({\n ok: allOk,\n name: \"idps_functional\",\n details,\n });\n } else if (idpItems.length > 0) {\n checks.push({\n ok: true,\n name: \"idps_functional\",\n details: \"skipped (probe_idps=false); won't catch redirect_uri_mismatch or invalid_client until a real end-user signs in.\",\n });\n }\n\n const verdict = checks.every((c) => c.ok) ? \"ready\" : \"incomplete\";\n return { verdict, checks };\n },\n});\n\nexport const tools = [\n setupPrysmidWorkspace,\n enableGoogleLogin,\n prysmidSetupCheck,\n] as const;\n","/*\n Identity provider tools — Google, GitHub, Microsoft, generic OIDC.\n * Each create_* operation atomically: creates the IdP config AND adds it to\n * the login policy so it appears on the login screen. The Prysmid API\n * encapsulates that two-step lifecycle behind a single endpoint.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description:\n \"List identity providers (Google/GitHub/Microsoft/OIDC) configured on a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/idps`),\n});\n\nexport const addIdp = defineTool({\n name: \"add_idp\",\n description:\n \"Add an identity provider to the workspace and attach it to the login policy in one atomic call.\",\n inputShape: {\n workspace: z.string().min(1),\n type: z\n .enum([\"google\", \"github\", \"microsoft\", \"oidc\"])\n .describe(\"Identity provider kind. `microsoft` covers Azure AD / Entra.\"),\n name: z.string().min(1).describe(\"Display name shown on login screen\"),\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n scopes: z.array(z.string()).optional(),\n issuer: z\n .string()\n .url()\n .optional()\n .describe(\"Required for `oidc`; ignored otherwise\"),\n tenant_id: z\n .string()\n .optional()\n .describe(\n \"Optional for `microsoft` — lock to a specific Entra tenant GUID. Default accepts any account.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description:\n \"Remove an identity provider. Strips it from the login policy then deletes the config. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const getIdp = defineTool({\n name: \"get_idp\",\n description:\n \"Fetch full detail for one identity provider: type, state, client_id, issuer/tenant (when applicable), scopes, secret_updated_at, created_at. Never returns the client_secret.\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n ),\n});\n\nexport const updateIdp = defineTool({\n name: \"update_idp\",\n description:\n \"Patch mutable fields on an identity provider. All fields optional. Passing client_secret rotates the upstream-issued value (Google/GitHub/Microsoft/OIDC client secret stored in Prysmid). Passing client_id retargets to a different upstream client. issuer/tenant_id apply only when relevant to the IdP type.\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n name: z.string().min(1).optional(),\n client_id: z.string().min(1).optional(),\n client_secret: z\n .string()\n .min(1)\n .optional()\n .describe(\n \"Rotate the upstream-issued client secret. Not the Prysmid app secret — that one is rotated via regenerate_app_secret.\",\n ),\n scopes: z.array(z.string()).optional(),\n issuer: z\n .string()\n .url()\n .optional()\n .describe(\"Only meaningful for type=oidc.\"),\n tenant_id: z\n .string()\n .optional()\n .describe(\"Only meaningful for type=microsoft (Entra tenant GUID).\"),\n },\n handler: async ({ workspace, idp_id, ...patch }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { method: \"PATCH\", body: patch },\n ),\n});\n\nexport const probeIdp = defineTool({\n name: \"probe_idp\",\n description:\n \"Probe an external identity provider end-to-end against its upstream authorize endpoint. Catches redirect_uri_mismatch (URI not registered at Google Cloud / GitHub / etc.), invalid_client (client_id rotated or deleted upstream), and provider_unreachable failures BEFORE a real end-user hits them. Use after enable_google_login / add_idp, and any time you suspect the IdP is misconfigured. Today: Google + GitHub get full classification; Microsoft + OIDC generic return `skipped` for the deterministic dimensions (only reachability is verified).\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}/probe`,\n { method: \"POST\" },\n ),\n});\n\nexport const tools = [listIdps, addIdp, deleteIdp, getIdp, updateIdp, probeIdp] as const;\n","/\n Login policy tools — control which authentication methods are allowed,\n * MFA enforcement, lockout thresholds. Patches are merge semantics on the\n * server side; only fields you set are changed.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description:\n \"Return the workspace's current login policy (password rules, MFA, IdPs allowed, lockout, etc.).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n ),\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description:\n \"Update the login policy. PATCH semantics — only fields you pass are changed; other policy fields stay as they were.\",\n inputShape: {\n workspace: z.string().min(1),\n allow_username_password: z.boolean().optional(),\n allow_register: z.boolean().optional(),\n allow_external_idp: z.boolean().optional(),\n force_mfa: z\n .boolean()\n .optional()\n .describe(\"Require any second factor at login\"),\n passwordless_type: z\n .enum([\n \"PASSWORDLESS_TYPE_NOT_ALLOWED\",\n \"PASSWORDLESS_TYPE_ALLOWED\",\n ])\n .optional()\n .describe(\"Enables passkey-first when set to ALLOWED\"),\n max_password_attempts: z.number().int().min(0).max(20).optional(),\n lockout_password_attempts: z.number().int().min(0).max(20).optional(),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getLoginPolicy, updateLoginPolicy] as const;\n","/\n User tools — list, invite (sends Zitadel init email), delete.\n * Invite is the primary creation path; users set their own password via the\n * email link. Direct user creation with pre-set credentials is intentionally\n * not exposed here.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List human users in a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n limit: z.number().int().min(1).max(500).default(100),\n },\n handler: async ({ workspace, limit }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users`,\n { query: { limit } },\n ),\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description:\n \"Invite a user by email. Idempotent by email — re-inviting an existing user is a no-op. Triggers a Zitadel init email with a 'set your password' link.\",\n inputShape: {\n workspace: z.string().min(1),\n email: z\n .string()\n .regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/, \"must be a valid email\"),\n first_name: z.string().min(1),\n last_name: z.string().min(1),\n preferred_language: z\n .string()\n .length(2)\n .default(\"en\")\n .describe(\"ISO 639-1, e.g. en/es/pt\"),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/invite`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete a user by id. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n user_id: z.string().min(1),\n },\n handler: async ({ workspace, user_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/${encodeURIComponent(user_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listUsers, inviteUser, deleteUser] as const;\n","/\n Hand-written workspace tools. These are the ones agents reach for first;\n * the rest of the surface is auto-generated from OpenAPI in a later pass.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description:\n \"List Prysmid workspaces accessible to the current API token. Returns an array of {id, slug, display_name, plan, state}.\",\n inputShape: {},\n handler: async (_input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"GET\" }),\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get a single workspace by slug or id.\",\n inputShape: {\n workspace: z\n .string()\n .min(1)\n .describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}`),\n});\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description:\n \"Create a new Prysmid workspace. Provisioning runs in the background; the response returns immediately with state=provisioning. Poll `get_workspace` until state=active (~30s).\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/, \"lowercase alphanumeric and hyphens only\")\n .describe(\"Subdomain-safe slug — becomes auth.<slug>.prysmid.com\"),\n display_name: z.string().min(1).max(255),\n },\n handler: async (input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"POST\", body: input }),\n});\n\nexport const tools = [listWorkspaces, getWorkspace, createWorkspace] as const;\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createApp = defineTool({\n name: \"create_app\",\n description: \"Create App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n name: z.string().min(1).max(200),\n redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user back after auth. At least one required.\"),\n post_logout_redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user after logout.\").optional(),\n app_type: z.enum([\"web\", \"spa\", \"native\"]).describe(\"App kind, drives OIDC grant + auth_method defaults.\\n\\n- `web`: server-rendered confidential client. Gets a `client_secret`.\\n- `spa`: single-page app (user-agent). Public, PKCE required, no secret.\\n- `native`: desktop/mobile. Public, PKCE required, no secret.\").optional(),\n dev_mode: z.boolean().describe(\"Relax HTTPS requirement on redirect_uris (allows http://localhost). Use only for local development; never in production.\").default(false),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteApp = defineTool({\n name: \"delete_app\",\n description: \"Delete App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n app_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, app_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps/${encodeURIComponent(String(app_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List Apps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"GET\" });\n },\n});\n\nexport const generatedAppsTools = [\n createApp,\n deleteApp,\n listApps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const billingCheckout = defineTool({\n name: \"billing_checkout\",\n description: \"Checkout\",\n inputShape: {\n workspace_id: z.string().uuid(),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/checkout`, { method: \"POST\", body: __body });\n },\n});\n\nexport const billingGetState = defineTool({\n name: \"billing_get_state\",\n description: \"Get State\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing`, { method: \"GET\" });\n },\n});\n\nexport const billingPortal = defineTool({\n name: \"billing_portal\",\n description: \"Portal\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/portal`, { method: \"POST\" });\n },\n});\n\nexport const updateSpendingCap = defineTool({\n name: \"update_spending_cap\",\n description: \"Update Spending Cap\",\n inputShape: {\n workspace_id: z.string().uuid(),\n cents: z.number().int().min(0).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/spending-cap`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBillingTools = [\n billingCheckout,\n billingGetState,\n billingPortal,\n updateSpendingCap,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteLogo = defineTool({\n name: \"delete_logo\",\n description: \"Delete Logo\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding/logo`, { method: \"DELETE\" });\n },\n});\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description: \"Get Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"GET\" });\n },\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description: \"Update Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n primary_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n primary_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n hide_login_name_suffix: z.boolean().nullable().optional(),\n disable_watermark: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBrandingTools = [\n deleteLogo,\n getBranding,\n updateBranding,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createIdp = defineTool({\n name: \"create_idp\",\n description: \"Create Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n type: z.enum([\"google\", \"github\", \"microsoft\", \"oidc\"]),\n name: z.string().min(1).max(200),\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n issuer: z.string().url().min(1).max(2083).nullable().optional(),\n tenant_id: z.string().nullable().optional(),\n scopes: z.array(z.string()).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description: \"Delete Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n idp_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, idp_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps/${encodeURIComponent(String(idp_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description: \"List Idps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"GET\" });\n },\n});\n\nexport const generatedIdpsTools = [\n createIdp,\n deleteIdp,\n listIdps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description: \"Get Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"GET\" });\n },\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description: \"Update Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n allow_username_password: z.boolean().nullable().optional(),\n allow_register: z.boolean().nullable().optional(),\n allow_external_idp: z.boolean().nullable().optional(),\n force_mfa: z.boolean().nullable().optional(),\n passwordless_allowed: z.boolean().nullable().optional(),\n second_factors: z.array(z.enum([\"otp\", \"u2f\", \"otp_email\", \"otp_sms\"])).nullable().optional(),\n multi_factors: z.array(z.enum([\"u2f_verified\"])).nullable().optional(),\n hide_password_reset: z.boolean().nullable().optional(),\n ignore_unknown_usernames: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedLoginPolicyTools = [\n getLoginPolicy,\n updateLoginPolicy,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getSmtp = defineTool({\n name: \"get_smtp\",\n description: \"Get Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"GET\" });\n },\n});\n\nexport const revertToPlatformDefault = defineTool({\n name: \"revert_to_platform_default\",\n description: \"Revert To Platform Default\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"DELETE\" });\n },\n});\n\nexport const setCustomSmtp = defineTool({\n name: \"set_custom_smtp\",\n description: \"Set Custom Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n host: z.string().min(1),\n port: z.number().int().min(1).max(65535),\n tls: z.boolean().default(true),\n sender_address: z.string().min(3).describe(\"Address that appears in the From header.\"),\n sender_name: z.string().min(1).max(200),\n user: z.string().min(1).describe(\"SMTP auth username.\"),\n password: z.string().min(1).describe(\"SMTP auth password / API key.\"),\n reply_to_address: z.string().describe(\"Optional Reply-To header.\").default(\"\"),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"PUT\", body: __body });\n },\n});\n\nexport const generatedSmtpTools = [\n getSmtp,\n revertToPlatformDefault,\n setCustomSmtp,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n user_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, user_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/${encodeURIComponent(String(user_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description: \"Invite User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n email: z.string().max(320).regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/),\n first_name: z.string().min(1).max(100),\n last_name: z.string().min(1).max(100),\n user_name: z.string().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/invite`, { method: \"POST\", body: __body });\n },\n});\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List Users\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users`, { method: \"GET\" });\n },\n});\n\nexport const generatedUsersTools = [\n deleteUser,\n inviteUser,\n listUsers,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description: \"Create Workspace\",\n inputShape: {\n slug: z.string().min(3).max(63).regex(/^[a-z][a-z0-9-][a-z0-9]$/).describe(\"URL-safe lowercase slug. Becomes part of auth.<slug>.prysmid.com.\"),\n display_name: z.string().min(1).max(255),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]).optional(),\n },\n handler: async (input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"POST\", body: input });\n },\n});\n\nexport const deleteWorkspace = defineTool({\n name: \"delete_workspace\",\n description: \"Delete Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"GET\" });\n },\n});\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description: \"List Workspaces\",\n inputShape: {},\n handler: async (_input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"GET\" });\n },\n});\n\nexport const retryProvisioning = defineTool({\n name: \"retry_provisioning\",\n description: \"Retry Provisioning\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/retry-provisioning`, { method: \"POST\" });\n },\n});\n\nexport const updateWorkspace = defineTool({\n name: \"update_workspace\",\n description: \"Update Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n display_name: z.string().min(1).max(255).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedWorkspacesTools = [\n createWorkspace,\n deleteWorkspace,\n getWorkspace,\n listWorkspaces,\n retryProvisioning,\n updateWorkspace,\n];\n","/*\n AUTO-GENERATED. Do not edit.\n \n Aggregates every tag's generated tools into a single array. The merge with\n * hand-written tools (where hand-written wins on name collision) lives in\n * src/index.ts.\n */\nimport { generatedAppsTools } from \"./apps.js\";\nimport { generatedBillingTools } from \"./billing.js\";\nimport { generatedBrandingTools } from \"./branding.js\";\nimport { generatedIdpsTools } from \"./idps.js\";\nimport { generatedLoginPolicyTools } from \"./login-policy.js\";\nimport { generatedSmtpTools } from \"./smtp.js\";\nimport { generatedUsersTools } from \"./users.js\";\nimport { generatedWorkspacesTools } from \"./workspaces.js\";\n\nexport const generatedTools = [\n ...generatedAppsTools,\n ...generatedBillingTools,\n ...generatedBrandingTools,\n ...generatedIdpsTools,\n ...generatedLoginPolicyTools,\n ...generatedSmtpTools,\n ...generatedUsersTools,\n ...generatedWorkspacesTools,\n];\n"],"mappings":";;;AAoBA,SAAS,iBAAiB;AAC1B,SAAS,4BAA4B;;;ACsCrC,IAAM,gBAAgB,CAAC,OACrB,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAEtC,IAAM,iBAAiB,CAAC,UAA0B;AAChD,aAAW,QAAQ,MAAO,SAAQ,OAAO,MAAM,GAAG,IAAI;AAAA,CAAI;AAC5D;AAEA,eAAsB,WACpB,MAC0B;AAC1B,QAAMA,SAAQ,KAAK,SAAS;AAC5B,QAAM,SAAS,KAAK,UAAU;AAC9B,QAAM,YAAY,KAAK,aAAa;AACpC,QAAM,EAAE,SAAS,IAAI,IAAI;AAEzB,QAAM,QAAQ,MAAM;AAAA,IAClB;AAAA,IACA,GAAG,OAAO;AAAA,IACV,CAAC;AAAA,EACH;AAEA,QAAM,YAAY,MAAM,6BAA6B,MAAM;AAC3D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU,SAAS;AAAA,IACnB;AAAA,IACA;AAAA,IACA,UAAU,MAAM,SAAS;AAAA,IACzB;AAAA,IACA,0CAA0C,MAAM,UAAU;AAAA,IAC1D;AAAA,EACF,CAAC;AAED,MAAI,WAAW,KAAK,IAAI,GAAG,MAAM,YAAY,CAAC;AAC9C,QAAM,WAAW,KAAK,IAAI,IAAI,MAAM,aAAa;AAEjD,SAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,UAAMA,OAAM,WAAW,GAAI;AAE3B,QAAI;AACJ,QAAI;AACF,YAAM,MAAM;AAAA,QACV;AAAA,QACA,GAAG,OAAO;AAAA,QACV,EAAE,aAAa,MAAM,YAAY;AAAA,MACnC;AAAA,IACF,SAAS,GAAG;AACV,UAAI,KAAK,wCAAwC;AAAA,QAC/C,OAAO,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC;AAAA,MAClD,CAAC;AACD;AAAA,IACF;AAEA,QAAI,IAAI,WAAW,YAAY;AAC7B,UAAI,CAAC,IAAI,cAAc;AACrB,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AACA,UAAI,KAAK,8BAA8B;AAAA,QACrC,WAAW,IAAI,cAAc;AAAA,MAC/B,CAAC;AACD,aAAO;AAAA,QACL,aAAa,IAAI;AAAA,QACjB,cAAc,IAAI,iBAAiB;AAAA,QACnC,WAAW,IAAI,cAAc;AAAA,MAC/B;AAAA,IACF;AACA,QAAI,IAAI,WAAW,aAAa;AAC9B,kBAAY;AACZ,UAAI,MAAM,yBAAyB,EAAE,aAAa,SAAS,CAAC;AAC5D;AAAA,IACF;AACA,QAAI,IAAI,WAAW,UAAW;AAC9B,QAAI,IAAI,WAAW,WAAW;AAC5B,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AACA,QAAI,IAAI,WAAW,UAAU;AAC3B,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AACA,QAAI,KAAK,8BAA8B,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,EAC/D;AAEA,QAAM,IAAI,MAAM,0CAA0C;AAC5D;AAEA,eAAe,SACb,WACA,KACA,MACY;AACZ,QAAM,MAAM,MAAM,UAAU,KAAK;AAAA,IAC/B,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oBAAoB,QAAQ,mBAAmB;AAAA,IAC1E,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AACD,QAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,QAAQ,GAAG,YAAY,IAAI,MAAM,IAAI,IAAI,EAAE;AAAA,EAC7D;AACA,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,UAAM,IAAI,MAAM,QAAQ,GAAG,uBAAuB,KAAK,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,EACxE;AACF;;;AChKO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EANkB;AAAA,EACA;AAAA,EACA;AAKpB;AAQO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YACmB,KACA,KAMA,gBAA+B,MAChD;AARiB;AACA;AAMA;AAAA,EAChB;AAAA,EARgB;AAAA,EACA;AAAA,EAMA;AAAA,EAGnB,IAAY,iBAAgC;AAC1C,WAAO,KAAK,iBAAiB,KAAK,IAAI;AAAA,EACxC;AAAA,EAEA,MAAM,QAAqB,MAAc,OAAuB,CAAC,GAAe;AAC9E,UAAM,QAAQ,KAAK;AACnB,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,KAAK,IAAI,UAAU,IAAI;AAC3C,QAAI,KAAK,OAAO;AACd,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,KAAK,GAAG;AAC/C,YAAI,MAAM,OAAW,KAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,MACxD;AAAA,IACF;AAEA,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAkC;AAAA,MACtC,eAAe,UAAU,KAAK;AAAA,MAC9B,QAAQ;AAAA,IACV;AACA,QAAI,KAAK,SAAS,OAAW,SAAQ,cAAc,IAAI;AAEvD,SAAK,IAAI,MAAM,QAAQ,MAAM,IAAI,IAAI,QAAQ,EAAE;AAC/C,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,IAC9D,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,UAAI;AACJ,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,eAAO,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ,QAAQ;AAAA,MACpE,QAAQ;AAAA,MAER;AACA,YAAM,IAAI;AAAA,QACR,eAAe,IAAI,MAAM,OAAO,MAAM,IAAI,IAAI;AAAA,QAC9C,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS,GAAI,QAAO;AACxB,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACvFA,IAAM,mBAAmB;AAElB,SAAS,WAAW,MAAyB,QAAQ,KAAa;AACvE,QAAM,WAAW,IAAI,oBAAoB,kBAAkB,QAAQ,QAAQ,EAAE;AAC7E,QAAM,WAAW,IAAI,mBAAmB,KAAK,KAAK;AAClD,QAAM,YAAY,IAAI,yBAAyB,QAAQ,YAAY;AACnE,QAAM,WACJ,aAAa,WAAW,aAAa,UAAU,aAAa,UACxD,WACA;AACN,SAAO,EAAE,SAAS,UAAU,SAAS;AACvC;;;ACjBA,IAAM,QAAQ,EAAE,OAAO,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,GAAG;AASlD,SAAS,WAAW,KAAuC;AAChE,QAAM,YAAY,MAAM,IAAI,QAAQ;AAEpC,WAAS,KAAK,OAA2B,KAAa,OAAiB;AACrE,QAAI,MAAM,KAAK,IAAI,UAAW;AAC9B,UAAM,MAAK,oBAAI,KAAK,GAAE,YAAY;AAClC,UAAM,UAAU,UAAU,SAAY,KAAK,IAAI,SAAS,KAAK,CAAC;AAC9D,YAAQ,OAAO,MAAM,GAAG,EAAE,IAAI,MAAM,YAAY,CAAC,IAAI,GAAG,GAAG,OAAO;AAAA,CAAI;AAAA,EACxE;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,IACnC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,EACrC;AACF;AAEA,SAAS,SAAS,GAAoB;AACpC,MAAI;AACF,WAAO,KAAK,UAAU,CAAC;AAAA,EACzB,QAAQ;AACN,WAAO,OAAO,CAAC;AAAA,EACjB;AACF;;;AC5BA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,SAAS,gBAAgB;AAClC,SAAS,SAAS,YAAY;AAU9B,IAAM,UAAU;AAChB,IAAM,YAAY;AAClB,IAAM,sBAAsB;AAErB,SAAS,aAAa,MAAyB,QAAQ,KAAa;AACzE,MAAI,SAAS,MAAM,SAAS;AAC1B,UAAM,OAAO,IAAI;AACjB,QAAI,KAAM,QAAO,KAAK,MAAM,SAAS,SAAS;AAC9C,WAAO,KAAK,QAAQ,GAAG,IAAI,OAAO,IAAI,SAAS;AAAA,EACjD;AACA,QAAM,MAAM,IAAI;AAChB,MAAI,IAAK,QAAO,KAAK,KAAK,SAAS,SAAS;AAC5C,SAAO,KAAK,QAAQ,GAAG,WAAW,SAAS,SAAS;AACtD;AAEO,SAAS,UACd,SACA,MAAyB,QAAQ,KACb;AACpB,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,CAAC,WAAW,IAAI,EAAG,QAAO;AAC9B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,aAAa,MAAM,MAAM,CAAC;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACA,MAAI,OAAO,YAAY,QAAS,QAAO;AACvC,QAAM,SAAS,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC3C,MAAI,OAAO,YAAY,uBAAuB,OAAQ,QAAO;AAC7D,MAAI,OAAO,OAAO,gBAAgB,YAAY,CAAC,OAAO,aAAa;AACjE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,UACd,OACA,MAAyB,QAAQ,KAC3B;AACN,QAAM,OAAO,aAAa,GAAG;AAC7B,YAAU,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C,gBAAc,MAAM,KAAK,UAAU,OAAO,MAAM,CAAC,GAAG,MAAM;AAC1D,MAAI,SAAS,MAAM,SAAS;AAC1B,QAAI;AACF,gBAAU,MAAM,GAAK;AAAA,IACvB,QAAQ;AAAA,IAER;AAAA,EACF;AACF;AAEO,SAAS,WAAW,MAAyB,QAAQ,KAAW;AACrE,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,WAAW,IAAI,GAAG;AACpB,WAAO,MAAM,EAAE,OAAO,KAAK,CAAC;AAAA,EAC9B;AACF;;;AChDO,SAAS,WAAoC,GAA2B;AAC7E,SAAO;AACT;AAOO,SAAS,YACd,QACA,KAEAC,QACM;AACN,aAAW,QAAQA,QAAO;AACxB,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,QACE,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,MACpB;AAAA;AAAA,MAEA,OAAO,UAAe;AACpB,YAAI;AACF,gBAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,GAAG;AAC5C,iBAAO;AAAA,YACL,SAAS;AAAA,cACP;AAAA,gBACE,MAAM;AAAA,gBACN,MACE,OAAO,WAAW,WACd,SACA,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,cACtC;AAAA,YACF;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAG/D,gBAAM,SACJ,eAAe,mBAAmB,IAAI,OAAO;AAAA,EAAK,IAAI,IAAI,KAAK;AACjE,cAAI,IAAI,MAAM,QAAQ,KAAK,IAAI,WAAW,EAAE,QAAQ,CAAC;AACrD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,SAAS;AAAA,cACP,EAAE,MAAM,QAAiB,MAAM,UAAU,OAAO,GAAG,MAAM,GAAG;AAAA,YAC9D;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxFA,SAAS,SAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,EAChE;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC;AAAA,IAC9C,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,UAAU,EAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,QAAQ,KAAK;AAAA,IACxD,UAAU,EACP,QAAQ,EACR,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAED,IAAM,WAAW,EAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC;AAChD,IAAM,cAAc,EAAE,KAAK;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AACD,IAAM,aAAa,EAAE,KAAK;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,IAC9D,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,EACpF;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAClD,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,aAAa,EAAE,MAAM,UAAU,EAAE,SAAS;AAAA,IAC1C,aAAa,YAAY,SAAS;AAAA,IAClC,UAAU,EACP,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,MAAM,GAAG,EAAE,OAAO,MACxD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS,MAAM,MAAM;AAAA,EACjC;AACJ,CAAC;AAEM,IAAM,sBAAsB,WAAW;AAAA,EAC5C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,SAAS,EACN,QAAQ,IAAI,EACZ;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,QAAQ,GAAG,EAAE,OAAO,MAAM;AAC7D,QAAI,YAAY,MAAM;AACpB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,WAAO,OAAO;AAAA,MACZ,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,MAClF,EAAE,QAAQ,OAAO;AAAA,IACnB;AAAA,EACF;AACF,CAAC;AAKM,IAAM,QAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC9IA,SAAS,KAAAC,UAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAU,EACd,SAAS,EACT,SAAS,gDAAgD;AAAA,EAC9D;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,mBAAmB,GAAG,EAAE,OAAO,MAC1D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,mBAAmB,EAAE;AAAA,EAClD;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GAAE,KAAK,CAAC,KAAK,CAAC;AAAA,EACtB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,KAAK,GAAG,EAAE,OAAO,MAC5C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,MAAM,EAAE,KAAK,EAAE;AAAA,EACnC;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACxEA,SAAS,KAAAC,UAAS;AAIX,IAAM,cAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GACZ,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,kBAAkBA,GACf,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,aAAa,cAAc;;;AClDjD,SAAS,KAAAC,UAAS;AAIlB,IAAM,uBAAuBC,GAAE,OAAO;AAAA,EACpC,cAAcA,GAAE,OAAO;AAAA,EACvB,MAAMA,GAAE,OAAO;AAAA,EACf,aAAaA,GAAE,OAAO;AAAA,EACtB,OAAOA,GAAE,OAAO;AAClB,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,cAAc;AAAA,IACvB,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC9B,iBAAiBA,GACd,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,IAAI,GAAG,EACP,QAAQ,GAAG,EACX,SAAS,qDAAqD;AAAA,EACnE;AAAA,EACA,SAAS,OACP,EAAE,MAAM,cAAc,gBAAgB,GACtC,EAAE,QAAQ,IAAI,MACX;AACH,UAAM,UAAW,MAAM,OAAO,QAAQ,kBAAkB;AAAA,MACtD,QAAQ;AAAA,MACR,MAAM,EAAE,MAAM,aAAa;AAAA,IAC7B,CAAC;AAED,UAAM,WAAW,KAAK,IAAI,IAAI,kBAAkB;AAChD,WAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,YAAM,KAAM,MAAM,OAAO;AAAA,QACvB,kBAAkB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAClD;AAOA,UAAI,GAAG,UAAU,UAAU;AACzB,eAAO,qBAAqB,MAAM;AAAA,UAChC,cAAc,GAAG;AAAA,UACjB,MAAM,GAAG;AAAA,UACT,aAAa,GAAG,eAAe,QAAQ,GAAG,IAAI;AAAA,UAC9C,OAAO,GAAG;AAAA,QACZ,CAAC;AAAA,MACH;AACA,UAAI,GAAG,UAAU,uBAAuB;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,GAAG,sBAAsB,gBAAgB;AAAA,QAC7E;AAAA,MACF;AACA,UAAI,MAAM,aAAa,QAAQ,EAAE,UAAU,GAAG,KAAK,iBAAY;AAC/D,YAAM,MAAM,GAAI;AAAA,IAClB;AACA,UAAM,IAAI;AAAA,MACR,+CAA+C,eAAe;AAAA,IAChE;AAAA,EACF;AACF,CAAC;AAED,SAAS,MAAM,IAAY;AACzB,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAClC,sBAAsBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtC,MAAMA,GAAE,OAAO,EAAE,QAAQ,QAAQ;AAAA,EACnC;AAAA,EACA,SAAS,OACP,EAAE,WAAW,kBAAkB,sBAAsB,KAAK,GAC1D,EAAE,OAAO,MACN;AAMH,UAAM,MAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,MAAM;AAAA,UACN;AAAA,UACA,WAAW;AAAA,UACX,eAAe;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAGA,UAAM,OAAO;AAAA,MACX,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,oBAAoB,KAAK,EAAE;AAAA,IACxD;AAEA,WAAO,EAAE,KAAK,cAAc,0BAA0B;AAAA,EACxD;AACF,CAAC;AAUD,SAAS,WAAW,MAAwB;AAC1C,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO,KAAK;AACrC,MAAI,OAAO,KAAK,UAAU,SAAU,QAAO,KAAK;AAChD,MAAI,MAAM,QAAQ,KAAK,KAAK,EAAG,QAAO,KAAK,MAAM;AACjD,SAAO;AACT;AAaA,SAAS,OAAO,MAA2B;AACzC,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO;AAChC,MAAI,MAAM,QAAQ,KAAK,KAAK,EAAG,QAAO,KAAK;AAC3C,SAAO,CAAC;AACV;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,YAAYA,GACT,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,aAAa,KAAK,GAAG,EAAE,OAAO,MAAM;AAC/D,UAAM,KAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,SAAU,MAAM,OAAO;AAAA,MAC3B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAMA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAIA,UAAM,YAAY,WAAW,QAAQ;AACrC,UAAM,YAAY,WAAW,QAAQ;AACrC,UAAM,WAAW,OAAO,QAAQ;AAChC,UAAM,gBACJ,OAAO,4BAA4B,QACnC,OAAO,mBAAmB;AAE5B,UAAM,SAA2B;AAAA,MAC/B;AAAA,QACE,IAAI,GAAG,UAAU;AAAA,QACjB,MAAM;AAAA,QACN,SAAS,SAAS,GAAG,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,QACE,IAAI,YAAY;AAAA,QAChB,MAAM;AAAA,QACN,SAAS,GAAG,SAAS;AAAA,MACvB;AAAA,MACA;AAAA,QACE,IAAI,YAAY,KAAK;AAAA,QACrB,MAAM;AAAA,QACN,SACE,YAAY,IACR,GAAG,SAAS,UACZ,gBACE,mEACA;AAAA,MACV;AAAA,MACA;AAAA,QACE,IAAI,CAAC,CAAC,SAAS;AAAA,QACf,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,OAAO,cAAc,QAAQ,YAAY;AAAA,QAC7C,MAAM;AAAA,QACN,SAAS,OAAO,YACZ,mBACA,YAAY,IACV,GAAG,SAAS,wDACZ;AAAA,MACR;AAAA,IACF;AAQA,QAAI,cAAc,SAAS,SAAS,GAAG;AACrC,YAAM,eAAoE,CAAC;AAC3E,iBAAW,OAAO,UAAU;AAC1B,YAAI;AACF,gBAAM,QAAS,MAAM,OAAO;AAAA,YAC1B,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,IAAI,EAAE,CAAC;AAAA,YAClF,EAAE,QAAQ,OAAO;AAAA,UACnB;AACA,uBAAa,KAAK,EAAE,IAAI,IAAI,IAAI,QAAQ,MAAM,CAAC;AAAA,QACjD,SAAS,KAAK;AACZ,uBAAa,KAAK;AAAA,YAChB,IAAI,IAAI;AAAA,YACR,QAAQ,EAAE,IAAI,OAAO,oBAAoB,MAAM;AAAA,YAC/C,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,UACxD,CAAC;AAAA,QACH;AAAA,MACF;AACA,YAAM,QAAQ,aAAa,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE;AACnD,YAAM,UAAU,aACb,IAAI,CAAC,MAAM;AACV,cAAM,OAAO,EAAE,OAAO,aAAa,KAAK,EAAE,OAAO,UAAU,MAAM;AACjE,eAAO,GAAG,EAAE,EAAE,IAAI,EAAE,OAAO,KAAK,OAAO,MAAM,GAAG,IAAI;AAAA,MACtD,CAAC,EACA,KAAK,IAAI;AACZ,YAAM,eAAe,aAAa,KAAK,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE;AAC1D,YAAM,UAAU,eACZ,GAAG,OAAO,oBAAoB,aAAa,OAAO,gBAAgB,aAAa,SAAS,WAAW,KACnG;AACJ,aAAO,KAAK;AAAA,QACV,IAAI;AAAA,QACJ,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAAA,IACH,WAAW,SAAS,SAAS,GAAG;AAC9B,aAAO,KAAK;AAAA,QACV,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,SAAS;AAAA,MACX,CAAC;AAAA,IACH;AAEA,UAAM,UAAU,OAAO,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,UAAU;AACtD,WAAO,EAAE,SAAS,OAAO;AAAA,EAC3B;AACF,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AACF;;;AChSA,SAAS,KAAAC,UAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GACH,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC,EAC9C,SAAS,8DAA8D;AAAA,IAC1E,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,oCAAoC;AAAA,IACrE,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,wCAAwC;AAAA,IACpD,WAAWA,GACR,OAAO,EACP,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,EACpF;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IACjC,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IACtC,eAAeA,GACZ,OAAO,EACP,IAAI,CAAC,EACL,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,IACF,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,gCAAgC;AAAA,IAC5C,WAAWA,GACR,OAAO,EACP,SAAS,EACT,SAAS,yDAAyD;AAAA,EACvE;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,MAAM,GAAG,EAAE,OAAO,MACxD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS,MAAM,MAAM;AAAA,EACjC;AACJ,CAAC;AAEM,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,UAAU,QAAQ,WAAW,QAAQ,WAAW,QAAQ;;;AC9H9E,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,yBAAyBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9C,gBAAgBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACrC,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACzC,WAAWA,GACR,QAAQ,EACR,SAAS,EACT,SAAS,oCAAoC;AAAA,IAChD,mBAAmBA,GAChB,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,IACF,CAAC,EACA,SAAS,EACT,SAAS,2CAA2C;AAAA,IACvD,uBAAuBA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,IAChE,2BAA2BA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,EACtE;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,iBAAiB;;;AC9CvD,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,GAAG;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,MAAM,GAAG,EAAE,OAAO,MAC7C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,MAAM,EAAE;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GACJ,OAAO,EACP,MAAM,8BAA8B,uBAAuB;AAAA,IAC9D,YAAYA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC5B,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,OAAO,CAAC,EACR,QAAQ,IAAI,EACZ,SAAS,0BAA0B;AAAA,EACxC;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,SAASA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,UAAU,mBAAmB,OAAO,CAAC;AAAA,IACpF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,WAAW,YAAY,UAAU;;;AC1DvD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAC/B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AACtD,CAAC;AAEM,IAAM,eAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GACR,OAAO,EACP,IAAI,CAAC,EACL,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,EAAE;AACpE,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,gBAAgB,yCAAyC,EAC/D,SAAS,4DAAuD;AAAA,IACnE,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACzC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAC9B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AACpE,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,cAAc,eAAe;;;ACxCnE,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAeA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,sEAAsE;AAAA,IACzI,2BAA2BA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,4CAA4C,EAAE,SAAS;AAAA,IACtI,UAAUA,GAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,SAAS,uQAAuQ,EAAE,SAAS;AAAA,IACtU,UAAUA,GAAE,QAAQ,EAAE,SAAS,0HAA0H,EAAE,QAAQ,KAAK;AAAA,EAC1K;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,GAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAMC,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,GAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACAC;AACF;;;AClDA,SAAS,KAAAC,WAAS;AAIX,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,qBAAqB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACvI;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,YAAY,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,mBAAmB,EAAE,QAAQ,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,yBAAyB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAC5I;AACF,CAAC;AAEM,IAAM,wBAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC3DA,SAAS,KAAAC,WAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,kBAAkB,EAAE,QAAQ,SAAS,CAAC;AAAA,EACxH;AACF,CAAC;AAEM,IAAMC,eAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,MAAM,CAAC;AAAA,EAChH;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,eAAeA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,kBAAkBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC/F,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,oBAAoBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACjG,uBAAuBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACpG,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,wBAAwBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACxD,mBAAmBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAChI;AACF,CAAC;AAEM,IAAM,yBAAyB;AAAA,EACpC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACtDA,SAAS,KAAAC,WAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC;AAAA,IACtD,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9D,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC1C,QAAQA,IAAE,MAAMA,IAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAMC,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,IAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAME,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAAA,EACpH;AACF,CAAC;AAEM,IAAMC,qBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,yBAAyBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACzD,gBAAgBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,oBAAoBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,WAAWA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAC3C,sBAAsBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACtD,gBAAgBA,IAAE,MAAMA,IAAE,KAAK,CAAC,OAAO,OAAO,aAAa,SAAS,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,eAAeA,IAAE,MAAMA,IAAE,KAAK,CAAC,cAAc,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IACrE,qBAAqBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACrD,0BAA0BA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACpI;AACF,CAAC;AAEM,IAAM,4BAA4B;AAAA,EACvCD;AAAA,EACAE;AACF;;;ACxCA,SAAS,KAAAC,WAAS;AAIX,IAAM,UAAU,WAAW;AAAA,EAChC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,0BAA0B,WAAW;AAAA,EAChD,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtB,MAAMA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK;AAAA,IACvC,KAAKA,IAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAC7B,gBAAgBA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,0CAA0C;AAAA,IACrF,aAAaA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACtC,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,qBAAqB;AAAA,IACtD,UAAUA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,+BAA+B;AAAA,IACpE,kBAAkBA,IAAE,OAAO,EAAE,SAAS,2BAA2B,EAAE,QAAQ,EAAE;AAAA,EAC/E;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,OAAO,MAAM,OAAO,CAAC;AAAA,EAC1H;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,SAASA,IAAE,OAAO;AAAA,EACpB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,QAAQ,IAAI;AAClC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,mBAAmB,OAAO,OAAO,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACvJ;AACF,CAAC;AAEM,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,GAAG,EAAE,MAAM,4BAA4B;AAAA,IAC7D,YAAYA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACrC,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACpC,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACnI;AACF,CAAC;AAEM,IAAME,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC7G;AACF,CAAC;AAEM,IAAM,sBAAsB;AAAA,EACjCD;AAAA,EACAE;AAAA,EACAC;AACF;;;ACjDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,mBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,MAAMC,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,MAAM,2BAA2B,EAAE,SAAS,mEAAmE;AAAA,IAC/I,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACvC,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC,EAAE,SAAS;AAAA,EACvD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AAAA,EACzE;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC1G;AACF,CAAC;AAEM,IAAMC,gBAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvG;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAAM;AACrC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC3D;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,uBAAuB,EAAE,QAAQ,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EAC/D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,2BAA2B;AAAA,EACtCD;AAAA,EACA;AAAA,EACAE;AAAA,EACAC;AAAA,EACA;AAAA,EACA;AACF;;;ACzEO,IAAM,iBAAiB;AAAA,EAC5B,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;;;AvBcA,SAAS,gBAAAC,qBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,WAAAC,UAAS,eAAe;AAEjC,IAAM,cAAc;AAEpB,SAAS,cAAsB;AAC7B,MAAI;AACF,UAAM,OAAOA,SAAQ,cAAc,YAAY,GAAG,CAAC;AACnD,UAAM,MAAM,KAAK;AAAA,MACfD,cAAa,QAAQ,MAAM,MAAM,cAAc,GAAG,MAAM;AAAA,IAC1D;AACA,WAAO,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAYA,IAAM,oBAAsD;AAAA;AAAA,EAE1D,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,qBAAqB;AAAA,EACrB,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,mBAAmB;AACrB;AASO,SAAS,iBAAiC;AAC/C,QAAM,wBAAwB;AAAA,IAC5B,GAAGE;AAAA,IACH,GAAG;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA;AAAA,EAEL;AAEA,QAAM,mBAAmB,IAAI,IAAI,sBAAsB,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AACzE,QAAM,oBAAoB,eAAe,OAAO,CAAC,MAAM;AACrD,QAAI,iBAAiB,IAAI,EAAE,IAAI,EAAG,QAAO;AACzC,UAAM,QAAQ,kBAAkB,EAAE,IAAI;AACtC,QAAI,SAAS,iBAAiB,IAAI,KAAK,EAAG,QAAO;AACjD,WAAO;AAAA,EACT,CAAC;AAED,SAAO,CAAC,GAAG,uBAAuB,GAAG,iBAAiB;AACxD;AAUA,eAAsB,YACpB,KACA,KACsF;AACtF,MAAI,IAAI,SAAU,QAAO,EAAE,OAAO,IAAI,UAAU,MAAM,SAAS;AAE/D,QAAM,SAAS,UAAU,IAAI,OAAO;AACpC,MAAI,OAAQ,QAAO,EAAE,OAAO,OAAO,aAAa,MAAM,SAAS;AAE/D,MAAI,CAAC,QAAQ,OAAO,SAAS,CAAC,QAAQ,IAAI,2BAA2B;AACnE,QAAI;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,WAAW,EAAE,SAAS,IAAI,SAAS,IAAI,CAAC;AAAA,EACzD,SAAS,KAAK;AACZ,QAAI,MAAM,4BAA4B;AAAA,MACpC,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IACxD,CAAC;AACD,eAAW;AACX,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,QAAM,YACJ,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,aAAa;AACvD,YAAU;AAAA,IACR,SAAS,IAAI;AAAA,IACb,aAAa,OAAO;AAAA,IACpB,cAAc,OAAO;AAAA,IACrB;AAAA,EACF,CAAC;AACD,SAAO,EAAE,OAAO,OAAO,aAAa,MAAM,aAAa;AACzD;AAEA,eAAsB,OAAsB;AAE1C,MAAI,QAAQ,KAAK,CAAC,MAAM,UAAU;AAChC,eAAW;AACX,YAAQ,OAAO,MAAM,iDAAiD;AACtE;AAAA,EACF;AAEA,QAAM,MAAM,WAAW;AACvB,QAAM,MAAM,WAAW,GAAG;AAC1B,QAAM,OAAO,MAAM,YAAY,KAAK,GAAG;AACvC,QAAM,SAAS,IAAI,cAAc,KAAK,KAAK,KAAK,KAAK;AAErD,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,MAAM;AAAA,IACN,SAAS,YAAY;AAAA,EACvB,CAAC;AAED,QAAM,WAAW,eAAe;AAEhC,cAAY,QAAQ,EAAE,QAAQ,IAAI,GAAG,QAAQ;AAE7C,MAAI,KAAK,wBAAwB;AAAA,IAC/B,SAAS,IAAI;AAAA,IACb,OAAO,SAAS;AAAA,IAChB,UAAU,KAAK;AAAA,EACjB,CAAC;AAED,QAAM,YAAY,IAAI,qBAAqB;AAC3C,QAAM,OAAO,QAAQ,SAAS;AAChC;AAOA,IAAI,CAAC,QAAQ,IAAI,QAAQ;AACvB,OAAK,EAAE,MAAM,CAAC,QAAQ;AACpB,YAAQ,OAAO,MAAM,UAAU,eAAe,QAAQ,IAAI,QAAQ,GAAG;AAAA,CAAI;AACzE,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["sleep","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","listApps","z","z","z","z","getBranding","updateBranding","z","z","deleteIdp","listIdps","z","getLoginPolicy","z","updateLoginPolicy","z","z","z","deleteUser","z","inviteUser","listUsers","z","createWorkspace","z","getWorkspace","listWorkspaces","readFileSync","dirname","tools"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@prysmid/mcp",
-  "version": "0.3.4",
+  "version": "0.5.0",
   "description": "Official Prysmid MCP server — manage workspaces, apps OIDC, login policy, IdPs, branding, users from any MCP-compatible agent (Claude Code, Cursor, etc.)",
   "license": "Apache-2.0",
   "homepage": "https://prysmid.com",