npm - @prysmid/mcp - Versions diffs - 0.4.0 → 0.6.0 - Mend

@prysmid/mcp 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/client.ts","../src/config.ts","../src/logger.ts","../src/tokenStore.ts","../src/tools/registry.ts","../src/tools/apps.ts","../src/tools/billing.ts","../src/tools/branding.ts","../src/tools/curated.ts","../src/tools/idps.ts","../src/tools/login_policy.ts","../src/tools/users.ts","../src/tools/workspaces.ts","../src/tools/generated/apps.ts","../src/tools/generated/billing.ts","../src/tools/generated/branding.ts","../src/tools/generated/idps.ts","../src/tools/generated/login-policy.ts","../src/tools/generated/smtp.ts","../src/tools/generated/users.ts","../src/tools/generated/workspaces.ts","../src/tools/generated/index.ts"],"sourcesContent":["/*\n Entrypoint — boots an MCP server over stdio with the full Prysmid tool set.\n \n Three layers of tools:\n * 1. handwritten — `src/tools/{apps,users,...}.ts`. Polished schemas,\n * curated descriptions, the canonical surface.\n * 2. curated — `src/tools/curated.ts`. Multi-step orchestrators (e.g.\n * `setup_prysmid_workspace`).\n * 3. generated — `src/tools/generated/.ts`. Auto-emitted from the live\n OpenAPI spec by `scripts/generate-tools.ts`. Covers everything else.\n \n Merge rule: handwritten and curated names always win. A generated tool\n * with the same `name` as one of them is dropped silently — the handwritten\n * version is the source of truth.\n \n MCP transport contract:\n * - JSON-RPC over stdin/stdout\n * - stdout is RESERVED for protocol bytes; logs go to stderr (see logger.ts)\n * - one process == one client; the agent spawns a fresh server per session\n /\nimport { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { deviceFlow } from \"./auth.js\";\nimport { PrysmidClient } from \"./client.js\";\nimport { loadConfig, type Config } from \"./config.js\";\nimport { makeLogger, type Logger } from \"./logger.js\";\nimport { clearToken, loadToken, saveToken } from \"./tokenStore.js\";\nimport { registerAll, type ToolDef } from \"./tools/registry.js\";\nimport { tools as appsTools } from \"./tools/apps.js\";\nimport { tools as billingTools } from \"./tools/billing.js\";\nimport { tools as brandingTools } from \"./tools/branding.js\";\nimport { tools as curatedTools } from \"./tools/curated.js\";\nimport { tools as idpsTools } from \"./tools/idps.js\";\nimport { tools as loginPolicyTools } from \"./tools/login_policy.js\";\nimport { tools as usersTools } from \"./tools/users.js\";\nimport { tools as workspaceTools } from \"./tools/workspaces.js\";\nimport { generatedTools } from \"./tools/generated/index.js\";\n\nimport { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, resolve } from \"node:path\";\n\nconst SERVER_NAME = \"prysmid\";\n\nfunction readVersion(): string {\n try {\n const here = dirname(fileURLToPath(import.meta.url));\n const pkg = JSON.parse(\n readFileSync(resolve(here, \"..\", \"package.json\"), \"utf8\"),\n );\n return typeof pkg.version === \"string\" ? pkg.version : \"0.0.0\";\n } catch {\n return \"0.0.0\";\n }\n}\n\n/\n Map of generated tool names that are superseded by a hand-written tool\n * with a different name (because the hand-written name is more agent-\n * friendly than what FastAPI's operationId produced). Without this, the\n * agent would see two near-duplicates: e.g. `add_idp` (curated) AND\n * `create_idp` (generated) for the same endpoint.\n \n Keep the LHS in sync with what the generator emits — if you rename a\n * hand-written tool, update this table.\n /\nconst GENERATED_ALIASES: Readonly<Record<string, string>> = {\n // generated name → handwritten that already covers it\n create_idp: \"add_idp\",\n create_app: \"create_oidc_app\",\n delete_app: \"delete_oidc_app\",\n update_spending_cap: \"set_spending_cap\",\n billing_checkout: \"start_billing_checkout\",\n billing_portal: \"start_billing_portal\",\n billing_get_state: \"get_billing\",\n};\n\n/\n Compose the final tool array. Hand-written + curated tools take\n * precedence over generated tools sharing the same `name`, AND over any\n * generated tool listed in {@link GENERATED_ALIASES}. Exported so tests\n * can assert merge behavior without booting the MCP server.\n /\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function composeToolset(): ToolDef<any>[] {\n const handwrittenAndCurated = [\n ...workspaceTools,\n ...appsTools,\n ...idpsTools,\n ...loginPolicyTools,\n ...usersTools,\n ...brandingTools,\n ...billingTools,\n ...curatedTools,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n ] as ToolDef<any>[];\n\n const handwrittenNames = new Set(handwrittenAndCurated.map((t) => t.name));\n const filteredGenerated = generatedTools.filter((t) => {\n if (handwrittenNames.has(t.name)) return false;\n const alias = GENERATED_ALIASES[t.name];\n if (alias && handwrittenNames.has(alias)) return false;\n return true;\n });\n\n return [...handwrittenAndCurated, ...filteredGenerated];\n}\n\n/\n Resolve the bearer token to use for API calls. Resolution order:\n * 1. PRYSMID_API_TOKEN env var (CI / static service tokens)\n * 2. Cached device-flow token at ~/.config/prysmid-mcp/token.json (or %APPDATA% on Windows)\n * 3. Run interactive device flow (browser + user code) and save to cache\n \n Returns the token plus the human-readable mode string for logs.\n /\nexport async function resolveAuth(\n cfg: Config,\n log: Logger,\n): Promise<{ token: string \| null; mode: \"bearer\" \| \"cached\" \| \"deviceflow\" \| \"none\" }> {\n if (cfg.apiToken) return { token: cfg.apiToken, mode: \"bearer\" };\n\n const cached = loadToken(cfg.apiBase);\n if (cached) return { token: cached.accessToken, mode: \"cached\" };\n\n if (!process.stderr.isTTY && !process.env.PRYSMID_FORCE_DEVICE_FLOW) {\n log.warn(\n \"no PRYSMID_API_TOKEN and no cached token; stderr is not a TTY so refusing to start interactive device flow. Set PRYSMID_API_TOKEN, run `npx -y @prysmid/mcp` once interactively to populate the cache, or set PRYSMID_FORCE_DEVICE_FLOW=1 to override.\",\n );\n return { token: null, mode: \"none\" };\n }\n\n let result;\n try {\n result = await deviceFlow({ apiBase: cfg.apiBase, log });\n } catch (err) {\n log.error(\"device flow login failed\", {\n error: err instanceof Error ? err.message : String(err),\n });\n clearToken();\n return { token: null, mode: \"none\" };\n }\n\n const expiresAt =\n Math.floor(Date.now() / 1000) + (result.expiresIn ?? 3600);\n saveToken({\n apiBase: cfg.apiBase,\n accessToken: result.accessToken,\n refreshToken: result.refreshToken,\n expiresAt,\n });\n return { token: result.accessToken, mode: \"deviceflow\" };\n}\n\nexport async function main(): Promise<void> {\n // `prysmid-mcp logout` — small subcommand that just clears the cache.\n if (process.argv[2] === \"logout\") {\n clearToken();\n process.stderr.write(\"prysmid-mcp: logged out (token cache cleared)\\n\");\n return;\n }\n\n const cfg = loadConfig();\n const log = makeLogger(cfg);\n const auth = await resolveAuth(cfg, log);\n const client = new PrysmidClient(cfg, log, auth.token);\n\n const server = new McpServer({\n name: SERVER_NAME,\n version: readVersion(),\n });\n\n const allTools = composeToolset();\n\n registerAll(server, { client, log }, allTools);\n\n log.info(`prysmid-mcp starting`, {\n apiBase: cfg.apiBase,\n tools: allTools.length,\n authMode: auth.mode,\n });\n\n const transport = new StdioServerTransport();\n await server.connect(transport);\n}\n\n// This module is only ever invoked as the package bin (MCP servers run as a\n// process per session). Cross-platform `import.meta.url === file://<argv[1]>`\n// is fragile (Windows backslash vs forward slash; symlinked paths) so we\n// just always boot UNLESS we're in vitest (which imports this module to\n// poke at the exports without wanting to connect a stdio transport).\nif (!process.env.VITEST) {\n main().catch((err) => {\n process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}\\n`);\n process.exit(1);\n });\n}\n","/\n OAuth 2.0 Device Authorization Grant client (RFC 8628).\n \n Flow:\n * 1. POST /v1/auth/device/start — get device_code + user_code + verification_uri\n * 2. Print user_code + URL to STDERR (stdout is reserved for MCP protocol)\n * 3. Poll POST /v1/auth/device/poll every `interval` seconds until:\n * - status=complete → return tokens\n * - status=slow_down → bump interval +5s, keep polling\n * - status=expired → throw\n * - status=denied → throw\n \n The platform side proxies these to Zitadel (auth.prysmid.com); the client\n * only ever talks to api.prysmid.com.\n /\nimport type { Logger } from \"./logger.js\";\n\nexport interface DeviceFlowToken {\n accessToken: string;\n refreshToken?: string;\n expiresIn?: number;\n}\n\ninterface DeviceStartResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete?: string \| null;\n interval: number;\n expires_in: number;\n}\n\ninterface DevicePollResponse {\n status: \"pending\" \| \"slow_down\" \| \"complete\" \| \"expired\" \| \"denied\";\n access_token?: string \| null;\n refresh_token?: string \| null;\n expires_in?: number \| null;\n error?: string \| null;\n}\n\nexport interface DeviceFlowOptions {\n apiBase: string;\n log: Logger;\n /\n Sleep function — overridable so tests can run instantly. Defaults to\n * setTimeout-based promise.\n /\n sleep?: (ms: number) => Promise<void>;\n /\n Print sink for the user-facing prompt (browser URL + code). Defaults to\n * stderr. Tests override to capture.\n /\n prompt?: (lines: string[]) => void;\n /\n Override the global fetch — kept for tests; production passes nothing.\n /\n fetchImpl?: typeof fetch;\n}\n\nconst DEFAULT_SLEEP = (ms: number): Promise<void> =>\n new Promise((r) => setTimeout(r, ms));\n\nconst DEFAULT_PROMPT = (lines: string[]): void => {\n for (const line of lines) process.stderr.write(`${line}\\n`);\n};\n\nexport async function deviceFlow(\n opts: DeviceFlowOptions,\n): Promise<DeviceFlowToken> {\n const sleep = opts.sleep ?? DEFAULT_SLEEP;\n const prompt = opts.prompt ?? DEFAULT_PROMPT;\n const fetchImpl = opts.fetchImpl ?? fetch;\n const { apiBase, log } = opts;\n\n const start = await postJson<DeviceStartResponse>(\n fetchImpl,\n `${apiBase}/v1/auth/device/start`,\n {},\n );\n\n const verifyUrl = start.verification_uri_complete \|\| start.verification_uri;\n prompt([\n \"\",\n \"─────────────────────────────────────────────────────────\",\n \" Prysmid MCP — Sign in to your account\",\n \"─────────────────────────────────────────────────────────\",\n \"\",\n \" 1. Open this URL in your browser:\",\n ` ${verifyUrl}`,\n \"\",\n \" 2. Confirm the code:\",\n ` ${start.user_code}`,\n \"\",\n ` Waiting for confirmation (expires in ${start.expires_in}s)…`,\n \"\",\n ]);\n\n let interval = Math.max(1, start.interval \|\| 5);\n const deadline = Date.now() + start.expires_in 1000;\n\n while (Date.now() < deadline) {\n await sleep(interval * 1000);\n\n let res: DevicePollResponse;\n try {\n res = await postJson<DevicePollResponse>(\n fetchImpl,\n `${apiBase}/v1/auth/device/poll`,\n { device_code: start.device_code },\n );\n } catch (e) {\n log.warn(\"device poll request failed, retrying\", {\n error: e instanceof Error ? e.message : String(e),\n });\n continue;\n }\n\n if (res.status === \"complete\") {\n if (!res.access_token) {\n throw new Error(\n \"Device flow returned status=complete but no access_token\",\n );\n }\n log.info(\"device flow login complete\", {\n expiresIn: res.expires_in ?? null,\n });\n return {\n accessToken: res.access_token,\n refreshToken: res.refresh_token ?? undefined,\n expiresIn: res.expires_in ?? undefined,\n };\n }\n if (res.status === \"slow_down\") {\n interval += 5;\n log.debug(\"device flow slow_down\", { newInterval: interval });\n continue;\n }\n if (res.status === \"pending\") continue;\n if (res.status === \"expired\") {\n throw new Error(\"Device code expired before authorization\");\n }\n if (res.status === \"denied\") {\n throw new Error(\"Authorization denied\");\n }\n log.warn(\"unknown device poll status\", { status: res.status });\n }\n\n throw new Error(\"Device code expired before authorization\");\n}\n\nasync function postJson<T>(\n fetchImpl: typeof fetch,\n url: string,\n body: unknown,\n): Promise<T> {\n const res = await fetchImpl(url, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\", Accept: \"application/json\" },\n body: JSON.stringify(body),\n });\n const text = await res.text();\n if (!res.ok) {\n throw new Error(`POST ${url} failed: ${res.status} ${text}`);\n }\n try {\n return JSON.parse(text) as T;\n } catch {\n throw new Error(`POST ${url} returned non-JSON: ${text.slice(0, 200)}`);\n }\n}\n","/*\n Prysmid API client — thin fetch wrapper that adds auth + maps errors.\n \n Auth model (MVP): static bearer via `PRYSMID_API_TOKEN`. Device-flow OAuth\n * lives in `auth.ts` and produces a token compatible with this client.\n /\nimport type { Config } from \"./config.js\";\nimport type { Logger } from \"./logger.js\";\n\nexport class PrysmidApiError extends Error {\n constructor(\n message: string,\n public readonly status: number,\n public readonly body: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"PrysmidApiError\";\n }\n}\n\nexport interface RequestOptions {\n method?: \"GET\" \| \"POST\" \| \"PUT\" \| \"PATCH\" \| \"DELETE\";\n body?: unknown;\n query?: Record<string, string \| number \| boolean \| undefined>;\n}\n\nexport class PrysmidClient {\n constructor(\n private readonly cfg: Config,\n private readonly log: Logger,\n /\n Optional override. When set (e.g. resolved via device flow + token cache),\n * takes precedence over `cfg.apiToken`. Keeps the env-driven path for the\n * `PRYSMID_API_TOKEN=…` mode untouched.\n /\n private readonly tokenOverride: string \| null = null,\n ) {}\n\n private get effectiveToken(): string \| null {\n return this.tokenOverride ?? this.cfg.apiToken;\n }\n\n async request<T = unknown>(path: string, opts: RequestOptions = {}): Promise<T> {\n const token = this.effectiveToken;\n if (!token) {\n throw new PrysmidApiError(\n \"No Prysmid API token. Set PRYSMID_API_TOKEN or complete device-flow login.\",\n 401,\n \"\",\n \"auth.no_token\",\n );\n }\n\n const url = new URL(this.cfg.apiBase + path);\n if (opts.query) {\n for (const [k, v] of Object.entries(opts.query)) {\n if (v !== undefined) url.searchParams.set(k, String(v));\n }\n }\n\n const method = opts.method ?? \"GET\";\n const headers: Record<string, string> = {\n Authorization: `Bearer ${token}`,\n Accept: \"application/json\",\n };\n if (opts.body !== undefined) headers[\"Content-Type\"] = \"application/json\";\n\n this.log.debug(`HTTP ${method} ${url.pathname}`);\n const res = await fetch(url, {\n method,\n headers,\n body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n });\n\n const text = await res.text();\n if (!res.ok) {\n let code: string \| undefined;\n try {\n const parsed = JSON.parse(text);\n code = typeof parsed?.error === \"string\" ? parsed.error : parsed?.code;\n } catch {\n // body wasn't JSON\n }\n throw new PrysmidApiError(\n `Prysmid API ${res.status} on ${method} ${path}`,\n res.status,\n text,\n code,\n );\n }\n\n if (text === \"\") return undefined as T;\n try {\n return JSON.parse(text) as T;\n } catch {\n return text as unknown as T;\n }\n }\n}\n","/\n Runtime configuration. Pulled from env at startup; immutable thereafter.\n \n The MCP runs as a long-lived stdio process — env reads happen once.\n /\n\nexport interface Config {\n apiBase: string;\n apiToken: string \| null;\n logLevel: \"debug\" \| \"info\" \| \"warn\" \| \"error\";\n}\n\nconst DEFAULT_API_BASE = \"https://api.prysmid.com\";\n\nexport function loadConfig(env: NodeJS.ProcessEnv = process.env): Config {\n const apiBase = (env.PRYSMID_API_BASE ?? DEFAULT_API_BASE).replace(/\\/+$/, \"\");\n const apiToken = env.PRYSMID_API_TOKEN?.trim() \|\| null;\n const rawLevel = (env.PRYSMID_MCP_LOG_LEVEL ?? \"info\").toLowerCase();\n const logLevel: Config[\"logLevel\"] =\n rawLevel === \"debug\" \|\| rawLevel === \"warn\" \|\| rawLevel === \"error\"\n ? rawLevel\n : \"info\";\n return { apiBase, apiToken, logLevel };\n}\n","/\n stderr-only logger. MCP servers MUST NOT write to stdout — that channel\n * is reserved for the JSON-RPC protocol; any stray byte breaks the agent.\n /\nimport type { Config } from \"./config.js\";\n\nconst ORDER = { debug: 10, info: 20, warn: 30, error: 40 } as const;\n\nexport interface Logger {\n debug: (msg: string, extra?: unknown) => void;\n info: (msg: string, extra?: unknown) => void;\n warn: (msg: string, extra?: unknown) => void;\n error: (msg: string, extra?: unknown) => void;\n}\n\nexport function makeLogger(cfg: Pick<Config, \"logLevel\">): Logger {\n const threshold = ORDER[cfg.logLevel];\n\n function emit(level: keyof typeof ORDER, msg: string, extra?: unknown) {\n if (ORDER[level] < threshold) return;\n const ts = new Date().toISOString();\n const payload = extra === undefined ? \"\" : ` ${safeJSON(extra)}`;\n process.stderr.write(`${ts} ${level.toUpperCase()} ${msg}${payload}\\n`);\n }\n\n return {\n debug: (m, e) => emit(\"debug\", m, e),\n info: (m, e) => emit(\"info\", m, e),\n warn: (m, e) => emit(\"warn\", m, e),\n error: (m, e) => emit(\"error\", m, e),\n };\n}\n\nfunction safeJSON(x: unknown): string {\n try {\n return JSON.stringify(x);\n } catch {\n return String(x);\n }\n}\n","/\n On-disk cache for the device-flow access token.\n \n Path layout:\n * - Windows: %APPDATA%\\prysmid-mcp\\token.json\n * - Linux/macOS: $XDG_CONFIG_HOME/prysmid-mcp/token.json (default ~/.config/prysmid-mcp)\n * - Fallback: ~/.prysmid-mcp/token.json\n \n The cache is keyed by `apiBase` so switching between staging/prod is safe.\n * Token file is mode 0600 on Unix; Windows ignores the chmod.\n /\nimport {\n chmodSync,\n existsSync,\n mkdirSync,\n readFileSync,\n rmSync,\n writeFileSync,\n} from \"node:fs\";\nimport { homedir, platform } from \"node:os\";\nimport { dirname, join } from \"node:path\";\n\nexport interface CachedToken {\n apiBase: string;\n accessToken: string;\n refreshToken?: string;\n /* Unix epoch seconds. /\n expiresAt: number;\n}\n\nconst APP_DIR = \"prysmid-mcp\";\nconst FILE_NAME = \"token.json\";\nconst EXPIRY_SKEW_SECONDS = 60;\n\nexport function getTokenPath(env: NodeJS.ProcessEnv = process.env): string {\n if (platform() === \"win32\") {\n const base = env.APPDATA;\n if (base) return join(base, APP_DIR, FILE_NAME);\n return join(homedir(), `.${APP_DIR}`, FILE_NAME);\n }\n const xdg = env.XDG_CONFIG_HOME;\n if (xdg) return join(xdg, APP_DIR, FILE_NAME);\n return join(homedir(), \".config\", APP_DIR, FILE_NAME);\n}\n\nexport function loadToken(\n apiBase: string,\n env: NodeJS.ProcessEnv = process.env,\n): CachedToken \| null {\n const path = getTokenPath(env);\n if (!existsSync(path)) return null;\n let parsed: CachedToken;\n try {\n parsed = JSON.parse(readFileSync(path, \"utf8\")) as CachedToken;\n } catch {\n return null;\n }\n if (parsed.apiBase !== apiBase) return null;\n const nowSec = Math.floor(Date.now() / 1000);\n if (parsed.expiresAt - EXPIRY_SKEW_SECONDS <= nowSec) return null;\n if (typeof parsed.accessToken !== \"string\" \|\| !parsed.accessToken) {\n return null;\n }\n return parsed;\n}\n\nexport function saveToken(\n token: CachedToken,\n env: NodeJS.ProcessEnv = process.env,\n): void {\n const path = getTokenPath(env);\n mkdirSync(dirname(path), { recursive: true });\n writeFileSync(path, JSON.stringify(token, null, 2), \"utf8\");\n if (platform() !== \"win32\") {\n try {\n chmodSync(path, 0o600);\n } catch {\n // best-effort\n }\n }\n}\n\nexport function clearToken(env: NodeJS.ProcessEnv = process.env): void {\n const path = getTokenPath(env);\n if (existsSync(path)) {\n rmSync(path, { force: true });\n }\n}\n","/\n Tool registry — single place where every MCP tool lives. Each tool exports\n * its input schema (Zod) + handler; `registerAll` wires them into the SDK.\n \n Two flavors of tools coexist:\n * - generated: 1:1 with REST endpoints, produced by `scripts/generate-tools.ts`\n * (lives under `tools/generated/` once the script runs)\n - curated: high-level orchestrators a human/agent actually wants to call,\n * e.g. `setup_prysmid_workspace(company_name)` that combines several\n * endpoints. These live under `tools/curated/`.\n \n * Both share the same `Tool` shape so the registry is uniform.\n /\nimport type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { z } from \"zod\";\n\nimport { PrysmidApiError, type PrysmidClient } from \"../client.js\";\nimport type { Logger } from \"../logger.js\";\n\nexport interface ToolContext {\n client: PrysmidClient;\n log: Logger;\n}\n\nexport interface ToolDef<I extends z.ZodRawShape> {\n name: string;\n description: string;\n inputShape: I;\n /\n Handler returns plain JSON-able output. The SDK serializes it into\n * MCP `content` blocks; we wrap to text by default (most MCP UIs render it\n * better than structured content).\n /\n handler: (\n input: z.infer<z.ZodObject<I>>,\n ctx: ToolContext,\n ) => Promise<unknown>;\n}\n\nexport function defineTool<I extends z.ZodRawShape>(t: ToolDef<I>): ToolDef<I> {\n return t;\n}\n\n// `ToolDef<any>` here intentionally — the array is heterogeneous (each tool\n// has its own input shape) and the SDK's registerTool only cares about the\n// runtime Zod object, not compile-time type inference. Without `any` there's\n// no single ZodRawShape that satisfies every entry simultaneously.\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function registerAll(\n server: McpServer,\n ctx: ToolContext,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n tools: ReadonlyArray<ToolDef<any>>,\n): void {\n for (const tool of tools) {\n server.registerTool(\n tool.name,\n {\n description: tool.description,\n inputSchema: tool.inputShape,\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async (input: any) => {\n try {\n const result = await tool.handler(input, ctx);\n return {\n content: [\n {\n type: \"text\" as const,\n text:\n typeof result === \"string\"\n ? result\n : JSON.stringify(result, null, 2),\n },\n ],\n };\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n // For API errors, surface the response body so callers see the\n // FastAPI validation detail instead of a bare status code.\n const detail =\n err instanceof PrysmidApiError && err.body ? `\\n${err.body}` : \"\";\n ctx.log.error(`tool ${tool.name} failed`, { message });\n return {\n isError: true,\n content: [\n { type: \"text\" as const, text: `error: ${message}${detail}` },\n ],\n };\n }\n },\n );\n }\n}\n","/\n OIDC application tools — list, create, delete on a workspace's apps.\n * Apps are the integration unit: each one represents one downstream service\n * (web app, mobile app, CLI) that authenticates via Prysmid.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List all OIDC apps in a workspace.\",\n inputShape: {\n workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/apps`),\n});\n\nexport const createOidcApp = defineTool({\n name: \"create_oidc_app\",\n description:\n \"Create an OIDC application in a workspace. Returns client_id (and client_secret only when app_type=web). app_type=web is a confidential server-rendered app; spa and native are public clients that use PKCE and have no secret.\",\n inputShape: {\n workspace: z.string().min(1),\n name: z.string().min(1).max(255),\n redirect_uris: z.array(z.string().url()).min(1),\n post_logout_redirect_uris: z.array(z.string().url()).optional(),\n app_type: z.enum([\"web\", \"spa\", \"native\"]).default(\"web\"),\n dev_mode: z\n .boolean()\n .default(false)\n .describe(\n \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteOidcApp = defineTool({\n name: \"delete_oidc_app\",\n description: \"Delete an OIDC app. Idempotent — 404 returns success.\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n },\n handler: async ({ workspace, app_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nconst APP_TYPE = z.enum([\"web\", \"spa\", \"native\"]);\nconst AUTH_METHOD = z.enum([\n \"client_secret_basic\",\n \"client_secret_post\",\n \"none\",\n \"private_key_jwt\",\n]);\nconst GRANT_TYPE = z.enum([\n \"authorization_code\",\n \"refresh_token\",\n \"implicit\",\n \"device_code\",\n \"token_exchange\",\n]);\n\nexport const getApp = defineTool({\n name: \"get_app\",\n description:\n \"Fetch full detail for one OIDC app: redirect URIs, grant types, auth method, dev_mode, timestamps. Never returns the client_secret — use regenerate_app_secret to mint a new one.\",\n inputShape: {\n workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n app_id: z.string().min(1),\n },\n handler: async ({ workspace, app_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n ),\n});\n\nexport const updateApp = defineTool({\n name: \"update_app\",\n description:\n \"Patch mutable fields on an OIDC app: redirect URIs, post-logout URIs, grant types, auth method, dev_mode. All fields optional — only provided keys change. client_secret is NEVER accepted here; use regenerate_app_secret to rotate it.\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n redirect_uris: z.array(z.string().url()).optional(),\n post_logout_redirect_uris: z.array(z.string().url()).optional(),\n grant_types: z.array(GRANT_TYPE).optional(),\n auth_method: AUTH_METHOD.optional(),\n dev_mode: z\n .boolean()\n .optional()\n .describe(\n \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n ),\n },\n handler: async ({ workspace, app_id, ...patch }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n { method: \"PATCH\", body: patch },\n ),\n});\n\nexport const regenerateAppSecret = defineTool({\n name: \"regenerate_app_secret\",\n description:\n \"Destructive — invalidates the current secret immediately. Returns the new secret plaintext ONCE. Set confirm=true to proceed. Only valid for app_type=web (confidential clients); spa/native are public and have no secret (the API returns 422 in that case).\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n confirm: z\n .literal(true)\n .describe(\n \"Must be true to acknowledge that the current secret will be invalidated immediately.\",\n ),\n },\n handler: async ({ workspace, app_id, confirm }, { client }) => {\n if (confirm !== true) {\n throw new Error(\n \"regenerate_app_secret refused: pass confirm=true to acknowledge that the current secret will be invalidated immediately and the new secret is surfaced only once.\",\n );\n }\n return client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}/regenerate-secret`,\n { method: \"POST\" },\n );\n },\n});\n\n// Exported for use in index.ts composeToolset (handwritten precedence).\n// Also re-exported as `appTypeEnum` etc. would be unnecessary; the tools list\n// is the only surface the registry needs.\nexport const tools = [\n listApps,\n createOidcApp,\n deleteOidcApp,\n getApp,\n updateApp,\n regenerateAppSecret,\n] as const;\n","/\n Billing tools — read state, manage spending cap, generate Stripe portal URL.\n * Checkout/upgrade flow returns a Stripe-hosted URL; the agent surfaces it to\n * the user for them to navigate (we don't process payment data here).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBilling = defineTool({\n name: \"get_billing\",\n description:\n \"Get current billing state: plan, subscription status, current period, spending_cap_cents, signups_blocked.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing`,\n ),\n});\n\nexport const setSpendingCap = defineTool({\n name: \"set_spending_cap\",\n description:\n \"Cap monthly Pro overage spend (cents). Pass null to remove cap (unlimited). When projected overage exceeds cap, signups_blocked flips on.\",\n inputShape: {\n workspace: z.string().min(1),\n spending_cap_cents: z\n .number()\n .int()\n .min(0)\n .max(10_000_000)\n .nullable()\n .describe(\"Max overage cents per period; null = unlimited\"),\n },\n handler: async ({ workspace, spending_cap_cents }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/spending-cap`,\n { method: \"PATCH\", body: { spending_cap_cents } },\n ),\n});\n\nexport const startCheckout = defineTool({\n name: \"start_billing_checkout\",\n description:\n \"Create a Stripe Checkout session for upgrading. Returns the URL the user must visit. Plan must be `pro` (Free has no checkout; Enterprise is sales-only).\",\n inputShape: {\n workspace: z.string().min(1),\n plan: z.enum([\"pro\"]),\n },\n handler: async ({ workspace, plan }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/checkout`,\n { method: \"POST\", body: { plan } },\n ),\n});\n\nexport const startBillingPortal = defineTool({\n name: \"start_billing_portal\",\n description:\n \"Create a Stripe customer-portal session URL where the user manages payment methods, downloads invoices, cancels subscription.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/portal`,\n { method: \"POST\" },\n ),\n});\n\nexport const tools = [\n getBilling,\n setSpendingCap,\n startCheckout,\n startBillingPortal,\n] as const;\n","/\n Branding tools — colors, fonts, logo for the login page. Logo upload is\n * out of MCP scope (multipart binary uploads don't fit MCP tool semantics\n * cleanly); use the dashboard or API directly for that.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description:\n \"Return the workspace's active branding policy (colors, fonts, hide-prysmid-watermark flag, logo URLs).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n ),\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description:\n \"Update branding colors and watermark. Hex colors as `#RRGGBB`. Activates the policy after update — change shows on next login screen render.\",\n inputShape: {\n workspace: z.string().min(1),\n primary_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n background_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n warn_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n font_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n disable_watermark: z\n .boolean()\n .optional()\n .describe(\n \"Hide 'Powered by Prysmid' on the login screen (Pro+ only — Free silently ignored).\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getBranding, updateBranding] as const;\n","/\n Curated high-level tools — the ones agents would naturally reach for to\n * accomplish a goal in one call, instead of orchestrating 4 raw endpoints.\n \n Keep these small: each represents one end-user intent (\"set up a workspace\n * with Google login\"). Branch logic and prompts stay on the agent side; this\n * file only owns the API choreography.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst SetupWorkspaceOutput = z.object({\n workspace_id: z.string(),\n slug: z.string(),\n auth_domain: z.string(),\n state: z.string(),\n});\n\nexport const setupPrysmidWorkspace = defineTool({\n name: \"setup_prysmid_workspace\",\n description:\n \"Create a new workspace and wait until it's fully provisioned (Zitadel instance, SMTP, DNS). Returns the live auth_domain ready to integrate.\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/),\n display_name: z.string().min(1),\n timeout_seconds: z\n .number()\n .int()\n .min(10)\n .max(300)\n .default(120)\n .describe(\"Max time to wait for provisioning before returning.\"),\n },\n handler: async (\n { slug, display_name, timeout_seconds },\n { client, log },\n ) => {\n const created = (await client.request(\"/v1/workspaces\", {\n method: \"POST\",\n body: { slug, display_name },\n })) as { id: string; slug: string; state: string; auth_domain?: string };\n\n const deadline = Date.now() + timeout_seconds 1000;\n while (Date.now() < deadline) {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(created.id)}`,\n )) as {\n id: string;\n slug: string;\n state: string;\n auth_domain?: string;\n provisioning_error?: string;\n };\n if (ws.state === \"active\") {\n return SetupWorkspaceOutput.parse({\n workspace_id: ws.id,\n slug: ws.slug,\n auth_domain: ws.auth_domain ?? `auth.${ws.slug}.prysmid.com`,\n state: ws.state,\n });\n }\n if (ws.state === \"provisioning_failed\") {\n throw new Error(\n `Workspace provisioning failed: ${ws.provisioning_error ?? \"unknown reason\"}`,\n );\n }\n log.debug(`workspace ${created.id} state=${ws.state}, polling…`);\n await sleep(3000);\n }\n throw new Error(\n `Workspace did not reach state=active within ${timeout_seconds}s`,\n );\n },\n});\n\nfunction sleep(ms: number) {\n return new Promise((r) => setTimeout(r, ms));\n}\n\nexport const enableGoogleLogin = defineTool({\n name: \"enable_google_login\",\n description:\n \"Add Google as an identity provider on a workspace and enable external IdPs in the login policy. Hands you a checklist if external IdPs were already disabled — agent should confirm before flipping that flag.\",\n inputShape: {\n workspace: z.string().min(1),\n google_client_id: z.string().min(1),\n google_client_secret: z.string().min(1),\n name: z.string().default(\"Google\"),\n },\n handler: async (\n { workspace, google_client_id, google_client_secret, name },\n { client },\n ) => {\n // The IdP create body is the discriminated-union shape that\n // app/schemas/idp.py expects: `type` (not `provider`), and client_id /\n // client_secret are flat top-level fields (not nested under `config`).\n // Sending `provider` or nested config 422s the request before any handler\n // runs.\n const idp = await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n {\n method: \"POST\",\n body: {\n type: \"google\",\n name,\n client_id: google_client_id,\n client_secret: google_client_secret,\n },\n },\n );\n\n // Force-enable external IdP toggle in case the workspace had it off.\n await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body: { allow_external_idp: true } },\n );\n\n return { idp, login_policy: \"allow_external_idp=true\" };\n },\n});\n\ninterface SetupCheckItem {\n ok: boolean;\n name: string;\n details?: string;\n}\n\ntype ListResp = { items?: unknown[]; total?: number } \| unknown[];\n\nfunction countItems(resp: ListResp): number {\n if (Array.isArray(resp)) return resp.length;\n if (typeof resp.total === \"number\") return resp.total;\n if (Array.isArray(resp.items)) return resp.items.length;\n return 0;\n}\n\nexport const prysmidSetupCheck = defineTool({\n name: \"prysmid_setup_check\",\n description:\n \"Run a readiness checklist on a workspace: state=active, ≥1 OIDC app, ≥1 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable. Returns pass/fail per item plus a summary verdict.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) => {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}`,\n )) as { state: string; auth_domain?: string };\n const appsResp = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n )) as ListResp;\n const idpsResp = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n )) as ListResp;\n const policy = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n )) as {\n allow_username_password?: boolean;\n allow_register?: boolean;\n allow_external_idp?: boolean;\n force_mfa?: boolean;\n };\n const branding = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n )) as { primary_color?: string };\n\n // The list endpoints return { items, total } — but tolerate a raw array\n // too so the check stays robust if the projection ever flips back.\n const appsCount = countItems(appsResp);\n const idpsCount = countItems(idpsResp);\n const passwordsOpen =\n policy.allow_username_password === true &&\n policy.allow_register === true;\n\n const checks: SetupCheckItem[] = [\n {\n ok: ws.state === \"active\",\n name: \"workspace_active\",\n details: `state=${ws.state}`,\n },\n {\n ok: appsCount > 0,\n name: \"has_at_least_one_app\",\n details: `${appsCount} apps`,\n },\n {\n ok: idpsCount > 0 \|\| passwordsOpen,\n name: \"users_can_sign_in\",\n details:\n idpsCount > 0\n ? `${idpsCount} idps`\n : passwordsOpen\n ? \"no idps but username+password (with self-registration) allowed\"\n : \"no idps; enable allow_username_password+allow_register or add an IdP\",\n },\n {\n ok: !!branding.primary_color,\n name: \"branding_primary_color_set\",\n },\n {\n ok: policy.force_mfa === true \|\| idpsCount > 0,\n name: \"auth_strength_reasonable\",\n details: policy.force_mfa\n ? \"force_mfa=true\"\n : idpsCount > 0\n ? `${idpsCount} external IdP(s) — strength delegated upstream`\n : \"MFA off and no external IdPs — passwords-only is weak\",\n },\n ];\n const verdict = checks.every((c) => c.ok) ? \"ready\" : \"incomplete\";\n return { verdict, checks };\n },\n});\n\nexport const tools = [\n setupPrysmidWorkspace,\n enableGoogleLogin,\n prysmidSetupCheck,\n] as const;\n","/*\n Identity provider tools — Google, GitHub, Microsoft, generic OIDC.\n * Each create_* operation atomically: creates the IdP config AND adds it to\n * the login policy so it appears on the login screen. The Prysmid API\n * encapsulates that two-step lifecycle behind a single endpoint.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description:\n \"List identity providers (Google/GitHub/Microsoft/OIDC) configured on a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/idps`),\n});\n\nexport const addIdp = defineTool({\n name: \"add_idp\",\n description:\n \"Add an identity provider to the workspace and attach it to the login policy in one atomic call.\",\n inputShape: {\n workspace: z.string().min(1),\n type: z\n .enum([\"google\", \"github\", \"microsoft\", \"oidc\"])\n .describe(\"Identity provider kind. `microsoft` covers Azure AD / Entra.\"),\n name: z.string().min(1).describe(\"Display name shown on login screen\"),\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n scopes: z.array(z.string()).optional(),\n issuer: z\n .string()\n .url()\n .optional()\n .describe(\"Required for `oidc`; ignored otherwise\"),\n tenant_id: z\n .string()\n .optional()\n .describe(\n \"Optional for `microsoft` — lock to a specific Entra tenant GUID. Default accepts any account.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description:\n \"Remove an identity provider. Strips it from the login policy then deletes the config. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const getIdp = defineTool({\n name: \"get_idp\",\n description:\n \"Fetch full detail for one identity provider: type, state, client_id, issuer/tenant (when applicable), scopes, secret_updated_at, created_at. Never returns the client_secret.\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n ),\n});\n\nexport const updateIdp = defineTool({\n name: \"update_idp\",\n description:\n \"Patch mutable fields on an identity provider. All fields optional. Passing client_secret rotates the upstream-issued value (Google/GitHub/Microsoft/OIDC client secret stored in Prysmid). Passing client_id retargets to a different upstream client. issuer/tenant_id apply only when relevant to the IdP type.\",\n inputShape: {\n workspace: z.string().min(1),\n idp_id: z.string().min(1),\n name: z.string().min(1).optional(),\n client_id: z.string().min(1).optional(),\n client_secret: z\n .string()\n .min(1)\n .optional()\n .describe(\n \"Rotate the upstream-issued client secret. Not the Prysmid app secret — that one is rotated via regenerate_app_secret.\",\n ),\n scopes: z.array(z.string()).optional(),\n issuer: z\n .string()\n .url()\n .optional()\n .describe(\"Only meaningful for type=oidc.\"),\n tenant_id: z\n .string()\n .optional()\n .describe(\"Only meaningful for type=microsoft (Entra tenant GUID).\"),\n },\n handler: async ({ workspace, idp_id, ...patch }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { method: \"PATCH\", body: patch },\n ),\n});\n\nexport const tools = [listIdps, addIdp, deleteIdp, getIdp, updateIdp] as const;\n","/\n Login policy tools — control which authentication methods are allowed,\n * MFA enforcement, lockout thresholds. Patches are merge semantics on the\n * server side; only fields you set are changed.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description:\n \"Return the workspace's current login policy (password rules, MFA, IdPs allowed, lockout, etc.).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n ),\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description:\n \"Update the login policy. PATCH semantics — only fields you pass are changed; other policy fields stay as they were.\",\n inputShape: {\n workspace: z.string().min(1),\n allow_username_password: z.boolean().optional(),\n allow_register: z.boolean().optional(),\n allow_external_idp: z.boolean().optional(),\n force_mfa: z\n .boolean()\n .optional()\n .describe(\"Require any second factor at login\"),\n passwordless_type: z\n .enum([\n \"PASSWORDLESS_TYPE_NOT_ALLOWED\",\n \"PASSWORDLESS_TYPE_ALLOWED\",\n ])\n .optional()\n .describe(\"Enables passkey-first when set to ALLOWED\"),\n max_password_attempts: z.number().int().min(0).max(20).optional(),\n lockout_password_attempts: z.number().int().min(0).max(20).optional(),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getLoginPolicy, updateLoginPolicy] as const;\n","/\n User tools — list, invite (sends Zitadel init email), delete.\n * Invite is the primary creation path; users set their own password via the\n * email link. Direct user creation with pre-set credentials is intentionally\n * not exposed here.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List human users in a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n limit: z.number().int().min(1).max(500).default(100),\n },\n handler: async ({ workspace, limit }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users`,\n { query: { limit } },\n ),\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description:\n \"Invite a user by email. Idempotent by email — re-inviting an existing user is a no-op. Triggers a Zitadel init email with a 'set your password' link.\",\n inputShape: {\n workspace: z.string().min(1),\n email: z\n .string()\n .regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/, \"must be a valid email\"),\n first_name: z.string().min(1),\n last_name: z.string().min(1),\n preferred_language: z\n .string()\n .length(2)\n .default(\"en\")\n .describe(\"ISO 639-1, e.g. en/es/pt\"),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/invite`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete a user by id. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n user_id: z.string().min(1),\n },\n handler: async ({ workspace, user_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/${encodeURIComponent(user_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listUsers, inviteUser, deleteUser] as const;\n","/\n Hand-written workspace tools. These are the ones agents reach for first;\n * the rest of the surface is auto-generated from OpenAPI in a later pass.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description:\n \"List Prysmid workspaces accessible to the current API token. Returns an array of {id, slug, display_name, plan, state}.\",\n inputShape: {},\n handler: async (_input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"GET\" }),\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get a single workspace by slug or id.\",\n inputShape: {\n workspace: z\n .string()\n .min(1)\n .describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}`),\n});\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description:\n \"Create a new Prysmid workspace. Provisioning runs in the background; the response returns immediately with state=provisioning. Poll `get_workspace` until state=active (~30s).\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/, \"lowercase alphanumeric and hyphens only\")\n .describe(\"Subdomain-safe slug — becomes auth.<slug>.prysmid.com\"),\n display_name: z.string().min(1).max(255),\n },\n handler: async (input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"POST\", body: input }),\n});\n\nexport const tools = [listWorkspaces, getWorkspace, createWorkspace] as const;\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createApp = defineTool({\n name: \"create_app\",\n description: \"Create App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n name: z.string().min(1).max(200),\n redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user back after auth. At least one required.\"),\n post_logout_redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user after logout.\").optional(),\n app_type: z.enum([\"web\", \"spa\", \"native\"]).describe(\"App kind, drives OIDC grant + auth_method defaults.\\n\\n- `web`: server-rendered confidential client. Gets a `client_secret`.\\n- `spa`: single-page app (user-agent). Public, PKCE required, no secret.\\n- `native`: desktop/mobile. Public, PKCE required, no secret.\").optional(),\n dev_mode: z.boolean().describe(\"Relax HTTPS requirement on redirect_uris (allows http://localhost). Use only for local development; never in production.\").default(false),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteApp = defineTool({\n name: \"delete_app\",\n description: \"Delete App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n app_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, app_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps/${encodeURIComponent(String(app_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List Apps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"GET\" });\n },\n});\n\nexport const generatedAppsTools = [\n createApp,\n deleteApp,\n listApps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const billingCheckout = defineTool({\n name: \"billing_checkout\",\n description: \"Checkout\",\n inputShape: {\n workspace_id: z.string().uuid(),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/checkout`, { method: \"POST\", body: __body });\n },\n});\n\nexport const billingGetState = defineTool({\n name: \"billing_get_state\",\n description: \"Get State\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing`, { method: \"GET\" });\n },\n});\n\nexport const billingPortal = defineTool({\n name: \"billing_portal\",\n description: \"Portal\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/portal`, { method: \"POST\" });\n },\n});\n\nexport const updateSpendingCap = defineTool({\n name: \"update_spending_cap\",\n description: \"Update Spending Cap\",\n inputShape: {\n workspace_id: z.string().uuid(),\n cents: z.number().int().min(0).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/spending-cap`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBillingTools = [\n billingCheckout,\n billingGetState,\n billingPortal,\n updateSpendingCap,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteLogo = defineTool({\n name: \"delete_logo\",\n description: \"Delete Logo\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding/logo`, { method: \"DELETE\" });\n },\n});\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description: \"Get Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"GET\" });\n },\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description: \"Update Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n primary_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n primary_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n hide_login_name_suffix: z.boolean().nullable().optional(),\n disable_watermark: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBrandingTools = [\n deleteLogo,\n getBranding,\n updateBranding,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createIdp = defineTool({\n name: \"create_idp\",\n description: \"Create Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n type: z.enum([\"google\", \"github\", \"microsoft\", \"oidc\"]),\n name: z.string().min(1).max(200),\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n issuer: z.string().url().min(1).max(2083).nullable().optional(),\n tenant_id: z.string().nullable().optional(),\n scopes: z.array(z.string()).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description: \"Delete Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n idp_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, idp_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps/${encodeURIComponent(String(idp_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description: \"List Idps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"GET\" });\n },\n});\n\nexport const generatedIdpsTools = [\n createIdp,\n deleteIdp,\n listIdps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description: \"Get Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"GET\" });\n },\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description: \"Update Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n allow_username_password: z.boolean().nullable().optional(),\n allow_register: z.boolean().nullable().optional(),\n allow_external_idp: z.boolean().nullable().optional(),\n force_mfa: z.boolean().nullable().optional(),\n passwordless_allowed: z.boolean().nullable().optional(),\n second_factors: z.array(z.enum([\"otp\", \"u2f\", \"otp_email\", \"otp_sms\"])).nullable().optional(),\n multi_factors: z.array(z.enum([\"u2f_verified\"])).nullable().optional(),\n hide_password_reset: z.boolean().nullable().optional(),\n ignore_unknown_usernames: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedLoginPolicyTools = [\n getLoginPolicy,\n updateLoginPolicy,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getSmtp = defineTool({\n name: \"get_smtp\",\n description: \"Get Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"GET\" });\n },\n});\n\nexport const revertToPlatformDefault = defineTool({\n name: \"revert_to_platform_default\",\n description: \"Revert To Platform Default\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"DELETE\" });\n },\n});\n\nexport const setCustomSmtp = defineTool({\n name: \"set_custom_smtp\",\n description: \"Set Custom Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n host: z.string().min(1),\n port: z.number().int().min(1).max(65535),\n tls: z.boolean().default(true),\n sender_address: z.string().min(3).describe(\"Address that appears in the From header.\"),\n sender_name: z.string().min(1).max(200),\n user: z.string().min(1).describe(\"SMTP auth username.\"),\n password: z.string().min(1).describe(\"SMTP auth password / API key.\"),\n reply_to_address: z.string().describe(\"Optional Reply-To header.\").default(\"\"),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"PUT\", body: __body });\n },\n});\n\nexport const generatedSmtpTools = [\n getSmtp,\n revertToPlatformDefault,\n setCustomSmtp,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n user_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, user_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/${encodeURIComponent(String(user_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description: \"Invite User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n email: z.string().max(320).regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/),\n first_name: z.string().min(1).max(100),\n last_name: z.string().min(1).max(100),\n user_name: z.string().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/invite`, { method: \"POST\", body: __body });\n },\n});\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List Users\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users`, { method: \"GET\" });\n },\n});\n\nexport const generatedUsersTools = [\n deleteUser,\n inviteUser,\n listUsers,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description: \"Create Workspace\",\n inputShape: {\n slug: z.string().min(3).max(63).regex(/^[a-z][a-z0-9-][a-z0-9]$/).describe(\"URL-safe lowercase slug. Becomes part of auth.<slug>.prysmid.com.\"),\n display_name: z.string().min(1).max(255),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]).optional(),\n },\n handler: async (input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"POST\", body: input });\n },\n});\n\nexport const deleteWorkspace = defineTool({\n name: \"delete_workspace\",\n description: \"Delete Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"GET\" });\n },\n});\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description: \"List Workspaces\",\n inputShape: {},\n handler: async (_input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"GET\" });\n },\n});\n\nexport const retryProvisioning = defineTool({\n name: \"retry_provisioning\",\n description: \"Retry Provisioning\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/retry-provisioning`, { method: \"POST\" });\n },\n});\n\nexport const updateWorkspace = defineTool({\n name: \"update_workspace\",\n description: \"Update Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n display_name: z.string().min(1).max(255).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedWorkspacesTools = [\n createWorkspace,\n deleteWorkspace,\n getWorkspace,\n listWorkspaces,\n retryProvisioning,\n updateWorkspace,\n];\n","/*\n AUTO-GENERATED. Do not edit.\n \n Aggregates every tag's generated tools into a single array. The merge with\n * hand-written tools (where hand-written wins on name collision) lives in\n * src/index.ts.\n */\nimport { generatedAppsTools } from \"./apps.js\";\nimport { generatedBillingTools } from \"./billing.js\";\nimport { generatedBrandingTools } from \"./branding.js\";\nimport { generatedIdpsTools } from \"./idps.js\";\nimport { generatedLoginPolicyTools } from \"./login-policy.js\";\nimport { generatedSmtpTools } from \"./smtp.js\";\nimport { generatedUsersTools } from \"./users.js\";\nimport { generatedWorkspacesTools } from \"./workspaces.js\";\n\nexport const generatedTools = [\n ...generatedAppsTools,\n ...generatedBillingTools,\n ...generatedBrandingTools,\n ...generatedIdpsTools,\n ...generatedLoginPolicyTools,\n ...generatedSmtpTools,\n ...generatedUsersTools,\n ...generatedWorkspacesTools,\n];\n"],"mappings":";;;AAoBA,SAAS,iBAAiB;AAC1B,SAAS,4BAA4B;;;ACsCrC,IAAM,gBAAgB,CAAC,OACrB,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAEtC,IAAM,iBAAiB,CAAC,UAA0B;AAChD,aAAW,QAAQ,MAAO,SAAQ,OAAO,MAAM,GAAG,IAAI;AAAA,CAAI;AAC5D;AAEA,eAAsB,WACpB,MAC0B;AAC1B,QAAMA,SAAQ,KAAK,SAAS;AAC5B,QAAM,SAAS,KAAK,UAAU;AAC9B,QAAM,YAAY,KAAK,aAAa;AACpC,QAAM,EAAE,SAAS,IAAI,IAAI;AAEzB,QAAM,QAAQ,MAAM;AAAA,IAClB;AAAA,IACA,GAAG,OAAO;AAAA,IACV,CAAC;AAAA,EACH;AAEA,QAAM,YAAY,MAAM,6BAA6B,MAAM;AAC3D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU,SAAS;AAAA,IACnB;AAAA,IACA;AAAA,IACA,UAAU,MAAM,SAAS;AAAA,IACzB;AAAA,IACA,0CAA0C,MAAM,UAAU;AAAA,IAC1D;AAAA,EACF,CAAC;AAED,MAAI,WAAW,KAAK,IAAI,GAAG,MAAM,YAAY,CAAC;AAC9C,QAAM,WAAW,KAAK,IAAI,IAAI,MAAM,aAAa;AAEjD,SAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,UAAMA,OAAM,WAAW,GAAI;AAE3B,QAAI;AACJ,QAAI;AACF,YAAM,MAAM;AAAA,QACV;AAAA,QACA,GAAG,OAAO;AAAA,QACV,EAAE,aAAa,MAAM,YAAY;AAAA,MACnC;AAAA,IACF,SAAS,GAAG;AACV,UAAI,KAAK,wCAAwC;AAAA,QAC/C,OAAO,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC;AAAA,MAClD,CAAC;AACD;AAAA,IACF;AAEA,QAAI,IAAI,WAAW,YAAY;AAC7B,UAAI,CAAC,IAAI,cAAc;AACrB,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AACA,UAAI,KAAK,8BAA8B;AAAA,QACrC,WAAW,IAAI,cAAc;AAAA,MAC/B,CAAC;AACD,aAAO;AAAA,QACL,aAAa,IAAI;AAAA,QACjB,cAAc,IAAI,iBAAiB;AAAA,QACnC,WAAW,IAAI,cAAc;AAAA,MAC/B;AAAA,IACF;AACA,QAAI,IAAI,WAAW,aAAa;AAC9B,kBAAY;AACZ,UAAI,MAAM,yBAAyB,EAAE,aAAa,SAAS,CAAC;AAC5D;AAAA,IACF;AACA,QAAI,IAAI,WAAW,UAAW;AAC9B,QAAI,IAAI,WAAW,WAAW;AAC5B,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AACA,QAAI,IAAI,WAAW,UAAU;AAC3B,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AACA,QAAI,KAAK,8BAA8B,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,EAC/D;AAEA,QAAM,IAAI,MAAM,0CAA0C;AAC5D;AAEA,eAAe,SACb,WACA,KACA,MACY;AACZ,QAAM,MAAM,MAAM,UAAU,KAAK;AAAA,IAC/B,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oBAAoB,QAAQ,mBAAmB;AAAA,IAC1E,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AACD,QAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,QAAQ,GAAG,YAAY,IAAI,MAAM,IAAI,IAAI,EAAE;AAAA,EAC7D;AACA,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,UAAM,IAAI,MAAM,QAAQ,GAAG,uBAAuB,KAAK,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,EACxE;AACF;;;AChKO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EANkB;AAAA,EACA;AAAA,EACA;AAKpB;AAQO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YACmB,KACA,KAMA,gBAA+B,MAChD;AARiB;AACA;AAMA;AAAA,EAChB;AAAA,EARgB;AAAA,EACA;AAAA,EAMA;AAAA,EAGnB,IAAY,iBAAgC;AAC1C,WAAO,KAAK,iBAAiB,KAAK,IAAI;AAAA,EACxC;AAAA,EAEA,MAAM,QAAqB,MAAc,OAAuB,CAAC,GAAe;AAC9E,UAAM,QAAQ,KAAK;AACnB,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,KAAK,IAAI,UAAU,IAAI;AAC3C,QAAI,KAAK,OAAO;AACd,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,KAAK,GAAG;AAC/C,YAAI,MAAM,OAAW,KAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,MACxD;AAAA,IACF;AAEA,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAkC;AAAA,MACtC,eAAe,UAAU,KAAK;AAAA,MAC9B,QAAQ;AAAA,IACV;AACA,QAAI,KAAK,SAAS,OAAW,SAAQ,cAAc,IAAI;AAEvD,SAAK,IAAI,MAAM,QAAQ,MAAM,IAAI,IAAI,QAAQ,EAAE;AAC/C,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,IAC9D,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,UAAI;AACJ,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,eAAO,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ,QAAQ;AAAA,MACpE,QAAQ;AAAA,MAER;AACA,YAAM,IAAI;AAAA,QACR,eAAe,IAAI,MAAM,OAAO,MAAM,IAAI,IAAI;AAAA,QAC9C,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS,GAAI,QAAO;AACxB,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACvFA,IAAM,mBAAmB;AAElB,SAAS,WAAW,MAAyB,QAAQ,KAAa;AACvE,QAAM,WAAW,IAAI,oBAAoB,kBAAkB,QAAQ,QAAQ,EAAE;AAC7E,QAAM,WAAW,IAAI,mBAAmB,KAAK,KAAK;AAClD,QAAM,YAAY,IAAI,yBAAyB,QAAQ,YAAY;AACnE,QAAM,WACJ,aAAa,WAAW,aAAa,UAAU,aAAa,UACxD,WACA;AACN,SAAO,EAAE,SAAS,UAAU,SAAS;AACvC;;;ACjBA,IAAM,QAAQ,EAAE,OAAO,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,GAAG;AASlD,SAAS,WAAW,KAAuC;AAChE,QAAM,YAAY,MAAM,IAAI,QAAQ;AAEpC,WAAS,KAAK,OAA2B,KAAa,OAAiB;AACrE,QAAI,MAAM,KAAK,IAAI,UAAW;AAC9B,UAAM,MAAK,oBAAI,KAAK,GAAE,YAAY;AAClC,UAAM,UAAU,UAAU,SAAY,KAAK,IAAI,SAAS,KAAK,CAAC;AAC9D,YAAQ,OAAO,MAAM,GAAG,EAAE,IAAI,MAAM,YAAY,CAAC,IAAI,GAAG,GAAG,OAAO;AAAA,CAAI;AAAA,EACxE;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,IACnC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,EACrC;AACF;AAEA,SAAS,SAAS,GAAoB;AACpC,MAAI;AACF,WAAO,KAAK,UAAU,CAAC;AAAA,EACzB,QAAQ;AACN,WAAO,OAAO,CAAC;AAAA,EACjB;AACF;;;AC5BA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,SAAS,gBAAgB;AAClC,SAAS,SAAS,YAAY;AAU9B,IAAM,UAAU;AAChB,IAAM,YAAY;AAClB,IAAM,sBAAsB;AAErB,SAAS,aAAa,MAAyB,QAAQ,KAAa;AACzE,MAAI,SAAS,MAAM,SAAS;AAC1B,UAAM,OAAO,IAAI;AACjB,QAAI,KAAM,QAAO,KAAK,MAAM,SAAS,SAAS;AAC9C,WAAO,KAAK,QAAQ,GAAG,IAAI,OAAO,IAAI,SAAS;AAAA,EACjD;AACA,QAAM,MAAM,IAAI;AAChB,MAAI,IAAK,QAAO,KAAK,KAAK,SAAS,SAAS;AAC5C,SAAO,KAAK,QAAQ,GAAG,WAAW,SAAS,SAAS;AACtD;AAEO,SAAS,UACd,SACA,MAAyB,QAAQ,KACb;AACpB,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,CAAC,WAAW,IAAI,EAAG,QAAO;AAC9B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,aAAa,MAAM,MAAM,CAAC;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACA,MAAI,OAAO,YAAY,QAAS,QAAO;AACvC,QAAM,SAAS,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC3C,MAAI,OAAO,YAAY,uBAAuB,OAAQ,QAAO;AAC7D,MAAI,OAAO,OAAO,gBAAgB,YAAY,CAAC,OAAO,aAAa;AACjE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,UACd,OACA,MAAyB,QAAQ,KAC3B;AACN,QAAM,OAAO,aAAa,GAAG;AAC7B,YAAU,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C,gBAAc,MAAM,KAAK,UAAU,OAAO,MAAM,CAAC,GAAG,MAAM;AAC1D,MAAI,SAAS,MAAM,SAAS;AAC1B,QAAI;AACF,gBAAU,MAAM,GAAK;AAAA,IACvB,QAAQ;AAAA,IAER;AAAA,EACF;AACF;AAEO,SAAS,WAAW,MAAyB,QAAQ,KAAW;AACrE,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,WAAW,IAAI,GAAG;AACpB,WAAO,MAAM,EAAE,OAAO,KAAK,CAAC;AAAA,EAC9B;AACF;;;AChDO,SAAS,WAAoC,GAA2B;AAC7E,SAAO;AACT;AAOO,SAAS,YACd,QACA,KAEAC,QACM;AACN,aAAW,QAAQA,QAAO;AACxB,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,QACE,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,MACpB;AAAA;AAAA,MAEA,OAAO,UAAe;AACpB,YAAI;AACF,gBAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,GAAG;AAC5C,iBAAO;AAAA,YACL,SAAS;AAAA,cACP;AAAA,gBACE,MAAM;AAAA,gBACN,MACE,OAAO,WAAW,WACd,SACA,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,cACtC;AAAA,YACF;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAG/D,gBAAM,SACJ,eAAe,mBAAmB,IAAI,OAAO;AAAA,EAAK,IAAI,IAAI,KAAK;AACjE,cAAI,IAAI,MAAM,QAAQ,KAAK,IAAI,WAAW,EAAE,QAAQ,CAAC;AACrD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,SAAS;AAAA,cACP,EAAE,MAAM,QAAiB,MAAM,UAAU,OAAO,GAAG,MAAM,GAAG;AAAA,YAC9D;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxFA,SAAS,SAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,EAChE;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC;AAAA,IAC9C,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,UAAU,EAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,QAAQ,KAAK;AAAA,IACxD,UAAU,EACP,QAAQ,EACR,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAED,IAAM,WAAW,EAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC;AAChD,IAAM,cAAc,EAAE,KAAK;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AACD,IAAM,aAAa,EAAE,KAAK;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,IAC9D,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,EACpF;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAClD,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,aAAa,EAAE,MAAM,UAAU,EAAE,SAAS;AAAA,IAC1C,aAAa,YAAY,SAAS;AAAA,IAClC,UAAU,EACP,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,MAAM,GAAG,EAAE,OAAO,MACxD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS,MAAM,MAAM;AAAA,EACjC;AACJ,CAAC;AAEM,IAAM,sBAAsB,WAAW;AAAA,EAC5C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,SAAS,EACN,QAAQ,IAAI,EACZ;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,QAAQ,GAAG,EAAE,OAAO,MAAM;AAC7D,QAAI,YAAY,MAAM;AACpB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,WAAO,OAAO;AAAA,MACZ,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,MAClF,EAAE,QAAQ,OAAO;AAAA,IACnB;AAAA,EACF;AACF,CAAC;AAKM,IAAM,QAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC9IA,SAAS,KAAAC,UAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAU,EACd,SAAS,EACT,SAAS,gDAAgD;AAAA,EAC9D;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,mBAAmB,GAAG,EAAE,OAAO,MAC1D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,mBAAmB,EAAE;AAAA,EAClD;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GAAE,KAAK,CAAC,KAAK,CAAC;AAAA,EACtB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,KAAK,GAAG,EAAE,OAAO,MAC5C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,MAAM,EAAE,KAAK,EAAE;AAAA,EACnC;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACxEA,SAAS,KAAAC,UAAS;AAIX,IAAM,cAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GACZ,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,kBAAkBA,GACf,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,aAAa,cAAc;;;AClDjD,SAAS,KAAAC,UAAS;AAIlB,IAAM,uBAAuBC,GAAE,OAAO;AAAA,EACpC,cAAcA,GAAE,OAAO;AAAA,EACvB,MAAMA,GAAE,OAAO;AAAA,EACf,aAAaA,GAAE,OAAO;AAAA,EACtB,OAAOA,GAAE,OAAO;AAClB,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,cAAc;AAAA,IACvB,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC9B,iBAAiBA,GACd,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,IAAI,GAAG,EACP,QAAQ,GAAG,EACX,SAAS,qDAAqD;AAAA,EACnE;AAAA,EACA,SAAS,OACP,EAAE,MAAM,cAAc,gBAAgB,GACtC,EAAE,QAAQ,IAAI,MACX;AACH,UAAM,UAAW,MAAM,OAAO,QAAQ,kBAAkB;AAAA,MACtD,QAAQ;AAAA,MACR,MAAM,EAAE,MAAM,aAAa;AAAA,IAC7B,CAAC;AAED,UAAM,WAAW,KAAK,IAAI,IAAI,kBAAkB;AAChD,WAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,YAAM,KAAM,MAAM,OAAO;AAAA,QACvB,kBAAkB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAClD;AAOA,UAAI,GAAG,UAAU,UAAU;AACzB,eAAO,qBAAqB,MAAM;AAAA,UAChC,cAAc,GAAG;AAAA,UACjB,MAAM,GAAG;AAAA,UACT,aAAa,GAAG,eAAe,QAAQ,GAAG,IAAI;AAAA,UAC9C,OAAO,GAAG;AAAA,QACZ,CAAC;AAAA,MACH;AACA,UAAI,GAAG,UAAU,uBAAuB;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,GAAG,sBAAsB,gBAAgB;AAAA,QAC7E;AAAA,MACF;AACA,UAAI,MAAM,aAAa,QAAQ,EAAE,UAAU,GAAG,KAAK,iBAAY;AAC/D,YAAM,MAAM,GAAI;AAAA,IAClB;AACA,UAAM,IAAI;AAAA,MACR,+CAA+C,eAAe;AAAA,IAChE;AAAA,EACF;AACF,CAAC;AAED,SAAS,MAAM,IAAY;AACzB,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAClC,sBAAsBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtC,MAAMA,GAAE,OAAO,EAAE,QAAQ,QAAQ;AAAA,EACnC;AAAA,EACA,SAAS,OACP,EAAE,WAAW,kBAAkB,sBAAsB,KAAK,GAC1D,EAAE,OAAO,MACN;AAMH,UAAM,MAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,MAAM;AAAA,UACN;AAAA,UACA,WAAW;AAAA,UACX,eAAe;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAGA,UAAM,OAAO;AAAA,MACX,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,oBAAoB,KAAK,EAAE;AAAA,IACxD;AAEA,WAAO,EAAE,KAAK,cAAc,0BAA0B;AAAA,EACxD;AACF,CAAC;AAUD,SAAS,WAAW,MAAwB;AAC1C,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO,KAAK;AACrC,MAAI,OAAO,KAAK,UAAU,SAAU,QAAO,KAAK;AAChD,MAAI,MAAM,QAAQ,KAAK,KAAK,EAAG,QAAO,KAAK,MAAM;AACjD,SAAO;AACT;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MAAM;AAC5C,UAAM,KAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,SAAU,MAAM,OAAO;AAAA,MAC3B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAMA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAIA,UAAM,YAAY,WAAW,QAAQ;AACrC,UAAM,YAAY,WAAW,QAAQ;AACrC,UAAM,gBACJ,OAAO,4BAA4B,QACnC,OAAO,mBAAmB;AAE5B,UAAM,SAA2B;AAAA,MAC/B;AAAA,QACE,IAAI,GAAG,UAAU;AAAA,QACjB,MAAM;AAAA,QACN,SAAS,SAAS,GAAG,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,QACE,IAAI,YAAY;AAAA,QAChB,MAAM;AAAA,QACN,SAAS,GAAG,SAAS;AAAA,MACvB;AAAA,MACA;AAAA,QACE,IAAI,YAAY,KAAK;AAAA,QACrB,MAAM;AAAA,QACN,SACE,YAAY,IACR,GAAG,SAAS,UACZ,gBACE,mEACA;AAAA,MACV;AAAA,MACA;AAAA,QACE,IAAI,CAAC,CAAC,SAAS;AAAA,QACf,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,OAAO,cAAc,QAAQ,YAAY;AAAA,QAC7C,MAAM;AAAA,QACN,SAAS,OAAO,YACZ,mBACA,YAAY,IACV,GAAG,SAAS,wDACZ;AAAA,MACR;AAAA,IACF;AACA,UAAM,UAAU,OAAO,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,UAAU;AACtD,WAAO,EAAE,SAAS,OAAO;AAAA,EAC3B;AACF,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AACF;;;ACxNA,SAAS,KAAAC,UAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GACH,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC,EAC9C,SAAS,8DAA8D;AAAA,IAC1E,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,oCAAoC;AAAA,IACrE,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,wCAAwC;AAAA,IACpD,WAAWA,GACR,OAAO,EACP,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,EACpF;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IACjC,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IACtC,eAAeA,GACZ,OAAO,EACP,IAAI,CAAC,EACL,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,IACF,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,gCAAgC;AAAA,IAC5C,WAAWA,GACR,OAAO,EACP,SAAS,EACT,SAAS,yDAAyD;AAAA,EACvE;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,MAAM,GAAG,EAAE,OAAO,MACxD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS,MAAM,MAAM;AAAA,EACjC;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,UAAU,QAAQ,WAAW,QAAQ,SAAS;;;AC/GpE,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,yBAAyBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9C,gBAAgBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACrC,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACzC,WAAWA,GACR,QAAQ,EACR,SAAS,EACT,SAAS,oCAAoC;AAAA,IAChD,mBAAmBA,GAChB,KAAK;AAAA,MACJ;AAAA,MACA;AAAA,IACF,CAAC,EACA,SAAS,EACT,SAAS,2CAA2C;AAAA,IACvD,uBAAuBA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,IAChE,2BAA2BA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,EACtE;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,iBAAiB;;;AC9CvD,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,GAAG;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,MAAM,GAAG,EAAE,OAAO,MAC7C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,MAAM,EAAE;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,GACJ,OAAO,EACP,MAAM,8BAA8B,uBAAuB;AAAA,IAC9D,YAAYA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC5B,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,OAAO,CAAC,EACR,QAAQ,IAAI,EACZ,SAAS,0BAA0B;AAAA,EACxC;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,SAASA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,UAAU,mBAAmB,OAAO,CAAC;AAAA,IACpF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,WAAW,YAAY,UAAU;;;AC1DvD,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAC/B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AACtD,CAAC;AAEM,IAAM,eAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,GACR,OAAO,EACP,IAAI,CAAC,EACL,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,EAAE;AACpE,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,gBAAgB,yCAAyC,EAC/D,SAAS,4DAAuD;AAAA,IACnE,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACzC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAC9B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AACpE,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,cAAc,eAAe;;;ACxCnE,SAAS,KAAAC,UAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAeA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,sEAAsE;AAAA,IACzI,2BAA2BA,GAAE,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,4CAA4C,EAAE,SAAS;AAAA,IACtI,UAAUA,GAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,SAAS,uQAAuQ,EAAE,SAAS;AAAA,IACtU,UAAUA,GAAE,QAAQ,EAAE,SAAS,0HAA0H,EAAE,QAAQ,KAAK;AAAA,EAC1K;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,GAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,GAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAMC,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,GAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACAC;AACF;;;AClDA,SAAS,KAAAC,WAAS;AAIX,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,qBAAqB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACvI;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,YAAY,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,mBAAmB,EAAE,QAAQ,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,yBAAyB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAC5I;AACF,CAAC;AAEM,IAAM,wBAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC3DA,SAAS,KAAAC,WAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,kBAAkB,EAAE,QAAQ,SAAS,CAAC;AAAA,EACxH;AACF,CAAC;AAEM,IAAMC,eAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,MAAM,CAAC;AAAA,EAChH;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,eAAeA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,kBAAkBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC/F,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,oBAAoBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACjG,uBAAuBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACpG,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,wBAAwBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACxD,mBAAmBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAChI;AACF,CAAC;AAEM,IAAM,yBAAyB;AAAA,EACpC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACtDA,SAAS,KAAAC,WAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC;AAAA,IACtD,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9D,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC1C,QAAQA,IAAE,MAAMA,IAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAMC,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,IAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAME,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAAA,EACpH;AACF,CAAC;AAEM,IAAMC,qBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,yBAAyBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACzD,gBAAgBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,oBAAoBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,WAAWA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAC3C,sBAAsBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACtD,gBAAgBA,IAAE,MAAMA,IAAE,KAAK,CAAC,OAAO,OAAO,aAAa,SAAS,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,eAAeA,IAAE,MAAMA,IAAE,KAAK,CAAC,cAAc,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IACrE,qBAAqBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACrD,0BAA0BA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACpI;AACF,CAAC;AAEM,IAAM,4BAA4B;AAAA,EACvCD;AAAA,EACAE;AACF;;;ACxCA,SAAS,KAAAC,WAAS;AAIX,IAAM,UAAU,WAAW;AAAA,EAChC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,0BAA0B,WAAW;AAAA,EAChD,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtB,MAAMA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK;AAAA,IACvC,KAAKA,IAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAC7B,gBAAgBA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,0CAA0C;AAAA,IACrF,aAAaA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACtC,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,qBAAqB;AAAA,IACtD,UAAUA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,+BAA+B;AAAA,IACpE,kBAAkBA,IAAE,OAAO,EAAE,SAAS,2BAA2B,EAAE,QAAQ,EAAE;AAAA,EAC/E;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,OAAO,MAAM,OAAO,CAAC;AAAA,EAC1H;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,SAASA,IAAE,OAAO;AAAA,EACpB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,QAAQ,IAAI;AAClC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,mBAAmB,OAAO,OAAO,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACvJ;AACF,CAAC;AAEM,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,GAAG,EAAE,MAAM,4BAA4B;AAAA,IAC7D,YAAYA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACrC,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACpC,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACnI;AACF,CAAC;AAEM,IAAME,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC7G;AACF,CAAC;AAEM,IAAM,sBAAsB;AAAA,EACjCD;AAAA,EACAE;AAAA,EACAC;AACF;;;ACjDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,mBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,MAAMC,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,MAAM,2BAA2B,EAAE,SAAS,mEAAmE;AAAA,IAC/I,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACvC,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC,EAAE,SAAS;AAAA,EACvD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AAAA,EACzE;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC1G;AACF,CAAC;AAEM,IAAMC,gBAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvG;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAAM;AACrC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC3D;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,uBAAuB,EAAE,QAAQ,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EAC/D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,2BAA2B;AAAA,EACtCD;AAAA,EACA;AAAA,EACAE;AAAA,EACAC;AAAA,EACA;AAAA,EACA;AACF;;;ACzEO,IAAM,iBAAiB;AAAA,EAC5B,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;;;AvBcA,SAAS,gBAAAC,qBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,WAAAC,UAAS,eAAe;AAEjC,IAAM,cAAc;AAEpB,SAAS,cAAsB;AAC7B,MAAI;AACF,UAAM,OAAOA,SAAQ,cAAc,YAAY,GAAG,CAAC;AACnD,UAAM,MAAM,KAAK;AAAA,MACfD,cAAa,QAAQ,MAAM,MAAM,cAAc,GAAG,MAAM;AAAA,IAC1D;AACA,WAAO,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAYA,IAAM,oBAAsD;AAAA;AAAA,EAE1D,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,qBAAqB;AAAA,EACrB,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,mBAAmB;AACrB;AASO,SAAS,iBAAiC;AAC/C,QAAM,wBAAwB;AAAA,IAC5B,GAAGE;AAAA,IACH,GAAG;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA;AAAA,EAEL;AAEA,QAAM,mBAAmB,IAAI,IAAI,sBAAsB,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AACzE,QAAM,oBAAoB,eAAe,OAAO,CAAC,MAAM;AACrD,QAAI,iBAAiB,IAAI,EAAE,IAAI,EAAG,QAAO;AACzC,UAAM,QAAQ,kBAAkB,EAAE,IAAI;AACtC,QAAI,SAAS,iBAAiB,IAAI,KAAK,EAAG,QAAO;AACjD,WAAO;AAAA,EACT,CAAC;AAED,SAAO,CAAC,GAAG,uBAAuB,GAAG,iBAAiB;AACxD;AAUA,eAAsB,YACpB,KACA,KACsF;AACtF,MAAI,IAAI,SAAU,QAAO,EAAE,OAAO,IAAI,UAAU,MAAM,SAAS;AAE/D,QAAM,SAAS,UAAU,IAAI,OAAO;AACpC,MAAI,OAAQ,QAAO,EAAE,OAAO,OAAO,aAAa,MAAM,SAAS;AAE/D,MAAI,CAAC,QAAQ,OAAO,SAAS,CAAC,QAAQ,IAAI,2BAA2B;AACnE,QAAI;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,WAAW,EAAE,SAAS,IAAI,SAAS,IAAI,CAAC;AAAA,EACzD,SAAS,KAAK;AACZ,QAAI,MAAM,4BAA4B;AAAA,MACpC,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IACxD,CAAC;AACD,eAAW;AACX,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,QAAM,YACJ,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,aAAa;AACvD,YAAU;AAAA,IACR,SAAS,IAAI;AAAA,IACb,aAAa,OAAO;AAAA,IACpB,cAAc,OAAO;AAAA,IACrB;AAAA,EACF,CAAC;AACD,SAAO,EAAE,OAAO,OAAO,aAAa,MAAM,aAAa;AACzD;AAEA,eAAsB,OAAsB;AAE1C,MAAI,QAAQ,KAAK,CAAC,MAAM,UAAU;AAChC,eAAW;AACX,YAAQ,OAAO,MAAM,iDAAiD;AACtE;AAAA,EACF;AAEA,QAAM,MAAM,WAAW;AACvB,QAAM,MAAM,WAAW,GAAG;AAC1B,QAAM,OAAO,MAAM,YAAY,KAAK,GAAG;AACvC,QAAM,SAAS,IAAI,cAAc,KAAK,KAAK,KAAK,KAAK;AAErD,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,MAAM;AAAA,IACN,SAAS,YAAY;AAAA,EACvB,CAAC;AAED,QAAM,WAAW,eAAe;AAEhC,cAAY,QAAQ,EAAE,QAAQ,IAAI,GAAG,QAAQ;AAE7C,MAAI,KAAK,wBAAwB;AAAA,IAC/B,SAAS,IAAI;AAAA,IACb,OAAO,SAAS;AAAA,IAChB,UAAU,KAAK;AAAA,EACjB,CAAC;AAED,QAAM,YAAY,IAAI,qBAAqB;AAC3C,QAAM,OAAO,QAAQ,SAAS;AAChC;AAOA,IAAI,CAAC,QAAQ,IAAI,QAAQ;AACvB,OAAK,EAAE,MAAM,CAAC,QAAQ;AACpB,YAAQ,OAAO,MAAM,UAAU,eAAe,QAAQ,IAAI,QAAQ,GAAG;AAAA,CAAI;AACzE,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["sleep","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","listApps","z","z","z","z","getBranding","updateBranding","z","z","deleteIdp","listIdps","z","getLoginPolicy","z","updateLoginPolicy","z","z","z","deleteUser","z","inviteUser","listUsers","z","createWorkspace","z","getWorkspace","listWorkspaces","readFileSync","dirname","tools"]}
1	+ {"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/client.ts","../src/config.ts","../src/logger.ts","../src/tokenStore.ts","../src/tools/registry.ts","../src/tools/apps.ts","../src/tools/audit.ts","../src/tools/billing.ts","../src/tools/branding.ts","../src/tools/curated.ts","../src/tools/grants.ts","../src/tools/idps.ts","../src/tools/login_policy.ts","../src/tools/org_domains.ts","../src/tools/organizations.ts","../src/tools/service_accounts.ts","../src/tools/users.ts","../src/tools/webhooks.ts","../src/tools/workspaces.ts","../src/tools/generated/apps.ts","../src/tools/generated/billing.ts","../src/tools/generated/branding.ts","../src/tools/generated/idps.ts","../src/tools/generated/login-policy.ts","../src/tools/generated/smtp.ts","../src/tools/generated/users.ts","../src/tools/generated/workspaces.ts","../src/tools/generated/index.ts"],"sourcesContent":["/*\n Entrypoint — boots an MCP server over stdio with the full Prysmid tool set.\n \n Three layers of tools:\n * 1. handwritten — `src/tools/{apps,users,...}.ts`. Polished schemas,\n * curated descriptions, the canonical surface.\n * 2. curated — `src/tools/curated.ts`. Multi-step orchestrators (e.g.\n * `setup_prysmid_workspace`).\n * 3. generated — `src/tools/generated/.ts`. Auto-emitted from the live\n OpenAPI spec by `scripts/generate-tools.ts`. Covers everything else.\n \n Merge rule: handwritten and curated names always win. A generated tool\n * with the same `name` as one of them is dropped silently — the handwritten\n * version is the source of truth.\n \n MCP transport contract:\n * - JSON-RPC over stdin/stdout\n * - stdout is RESERVED for protocol bytes; logs go to stderr (see logger.ts)\n * - one process == one client; the agent spawns a fresh server per session\n /\nimport { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { StdioServerTransport } from \"@modelcontextprotocol/sdk/server/stdio.js\";\n\nimport { deviceFlow } from \"./auth.js\";\nimport { PrysmidClient } from \"./client.js\";\nimport { loadConfig, type Config } from \"./config.js\";\nimport { makeLogger, type Logger } from \"./logger.js\";\nimport { clearToken, loadToken, saveToken } from \"./tokenStore.js\";\nimport { registerAll, type ToolDef } from \"./tools/registry.js\";\nimport { tools as appsTools } from \"./tools/apps.js\";\nimport { tools as auditTools } from \"./tools/audit.js\";\nimport { tools as billingTools } from \"./tools/billing.js\";\nimport { tools as brandingTools } from \"./tools/branding.js\";\nimport { tools as curatedTools } from \"./tools/curated.js\";\nimport { tools as grantsTools } from \"./tools/grants.js\";\nimport { tools as idpsTools } from \"./tools/idps.js\";\nimport { tools as loginPolicyTools } from \"./tools/login_policy.js\";\nimport { tools as orgDomainsTools } from \"./tools/org_domains.js\";\nimport { tools as organizationsTools } from \"./tools/organizations.js\";\nimport { tools as serviceAccountsTools } from \"./tools/service_accounts.js\";\nimport { tools as usersTools } from \"./tools/users.js\";\nimport { tools as webhooksTools } from \"./tools/webhooks.js\";\nimport { tools as workspaceTools } from \"./tools/workspaces.js\";\nimport { generatedTools } from \"./tools/generated/index.js\";\n\nimport { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, resolve } from \"node:path\";\n\nconst SERVER_NAME = \"prysmid\";\n\nfunction readVersion(): string {\n try {\n const here = dirname(fileURLToPath(import.meta.url));\n const pkg = JSON.parse(\n readFileSync(resolve(here, \"..\", \"package.json\"), \"utf8\"),\n );\n return typeof pkg.version === \"string\" ? pkg.version : \"0.0.0\";\n } catch {\n return \"0.0.0\";\n }\n}\n\n/\n Map of generated tool names that are superseded by a hand-written tool\n * with a different name (because the hand-written name is more agent-\n * friendly than what FastAPI's operationId produced). Without this, the\n * agent would see two near-duplicates: e.g. `add_idp` (curated) AND\n * `create_idp` (generated) for the same endpoint.\n \n Keep the LHS in sync with what the generator emits — if you rename a\n * hand-written tool, update this table.\n /\nconst GENERATED_ALIASES: Readonly<Record<string, string>> = {\n // generated name → handwritten that already covers it\n create_idp: \"add_idp\",\n create_app: \"create_oidc_app\",\n delete_app: \"delete_oidc_app\",\n update_spending_cap: \"set_spending_cap\",\n billing_checkout: \"start_billing_checkout\",\n billing_portal: \"start_billing_portal\",\n billing_get_state: \"get_billing\",\n};\n\n/\n Compose the final tool array. Hand-written + curated tools take\n * precedence over generated tools sharing the same `name`, AND over any\n * generated tool listed in {@link GENERATED_ALIASES}. Exported so tests\n * can assert merge behavior without booting the MCP server.\n /\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function composeToolset(): ToolDef<any>[] {\n const handwrittenAndCurated = [\n ...workspaceTools,\n ...organizationsTools,\n ...orgDomainsTools,\n ...grantsTools,\n ...appsTools,\n ...idpsTools,\n ...loginPolicyTools,\n ...serviceAccountsTools,\n ...auditTools,\n ...usersTools,\n ...brandingTools,\n ...billingTools,\n ...webhooksTools,\n ...curatedTools,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n ] as ToolDef<any>[];\n\n const handwrittenNames = new Set(handwrittenAndCurated.map((t) => t.name));\n const filteredGenerated = generatedTools.filter((t) => {\n if (handwrittenNames.has(t.name)) return false;\n const alias = GENERATED_ALIASES[t.name];\n if (alias && handwrittenNames.has(alias)) return false;\n return true;\n });\n\n return [...handwrittenAndCurated, ...filteredGenerated];\n}\n\n/\n Resolve the bearer token to use for API calls. Resolution order:\n * 1. PRYSMID_API_TOKEN env var (CI / static service tokens)\n * 2. Cached device-flow token at ~/.config/prysmid-mcp/token.json (or %APPDATA% on Windows)\n * 3. Run interactive device flow (browser + user code) and save to cache\n \n Returns the token plus the human-readable mode string for logs.\n /\nexport async function resolveAuth(\n cfg: Config,\n log: Logger,\n): Promise<{ token: string \| null; mode: \"bearer\" \| \"cached\" \| \"deviceflow\" \| \"none\" }> {\n if (cfg.apiToken) return { token: cfg.apiToken, mode: \"bearer\" };\n\n const cached = loadToken(cfg.apiBase);\n if (cached) return { token: cached.accessToken, mode: \"cached\" };\n\n if (!process.stderr.isTTY && !process.env.PRYSMID_FORCE_DEVICE_FLOW) {\n log.warn(\n \"no PRYSMID_API_TOKEN and no cached token; stderr is not a TTY so refusing to start interactive device flow. Set PRYSMID_API_TOKEN, run `npx -y @prysmid/mcp` once interactively to populate the cache, or set PRYSMID_FORCE_DEVICE_FLOW=1 to override.\",\n );\n return { token: null, mode: \"none\" };\n }\n\n let result;\n try {\n result = await deviceFlow({ apiBase: cfg.apiBase, log });\n } catch (err) {\n log.error(\"device flow login failed\", {\n error: err instanceof Error ? err.message : String(err),\n });\n clearToken();\n return { token: null, mode: \"none\" };\n }\n\n const expiresAt =\n Math.floor(Date.now() / 1000) + (result.expiresIn ?? 3600);\n saveToken({\n apiBase: cfg.apiBase,\n accessToken: result.accessToken,\n refreshToken: result.refreshToken,\n expiresAt,\n });\n return { token: result.accessToken, mode: \"deviceflow\" };\n}\n\nexport async function main(): Promise<void> {\n // `prysmid-mcp logout` — small subcommand that just clears the cache.\n if (process.argv[2] === \"logout\") {\n clearToken();\n process.stderr.write(\"prysmid-mcp: logged out (token cache cleared)\\n\");\n return;\n }\n\n const cfg = loadConfig();\n const log = makeLogger(cfg);\n const auth = await resolveAuth(cfg, log);\n const client = new PrysmidClient(cfg, log, auth.token);\n\n const server = new McpServer({\n name: SERVER_NAME,\n version: readVersion(),\n });\n\n const allTools = composeToolset();\n\n registerAll(server, { client, log }, allTools);\n\n log.info(`prysmid-mcp starting`, {\n apiBase: cfg.apiBase,\n tools: allTools.length,\n authMode: auth.mode,\n });\n\n const transport = new StdioServerTransport();\n await server.connect(transport);\n}\n\n// This module is only ever invoked as the package bin (MCP servers run as a\n// process per session). Cross-platform `import.meta.url === file://<argv[1]>`\n// is fragile (Windows backslash vs forward slash; symlinked paths) so we\n// just always boot UNLESS we're in vitest (which imports this module to\n// poke at the exports without wanting to connect a stdio transport).\nif (!process.env.VITEST) {\n main().catch((err) => {\n process.stderr.write(`fatal: ${err instanceof Error ? err.stack : err}\\n`);\n process.exit(1);\n });\n}\n","/\n OAuth 2.0 Device Authorization Grant client (RFC 8628).\n \n Flow:\n * 1. POST /v1/auth/device/start — get device_code + user_code + verification_uri\n * 2. Print user_code + URL to STDERR (stdout is reserved for MCP protocol)\n * 3. Poll POST /v1/auth/device/poll every `interval` seconds until:\n * - status=complete → return tokens\n * - status=slow_down → bump interval +5s, keep polling\n * - status=expired → throw\n * - status=denied → throw\n \n The platform side proxies these to Zitadel (auth.prysmid.com); the client\n * only ever talks to api.prysmid.com.\n /\nimport type { Logger } from \"./logger.js\";\n\nexport interface DeviceFlowToken {\n accessToken: string;\n refreshToken?: string;\n expiresIn?: number;\n}\n\ninterface DeviceStartResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete?: string \| null;\n interval: number;\n expires_in: number;\n}\n\ninterface DevicePollResponse {\n status: \"pending\" \| \"slow_down\" \| \"complete\" \| \"expired\" \| \"denied\";\n access_token?: string \| null;\n refresh_token?: string \| null;\n expires_in?: number \| null;\n error?: string \| null;\n}\n\nexport interface DeviceFlowOptions {\n apiBase: string;\n log: Logger;\n /\n Sleep function — overridable so tests can run instantly. Defaults to\n * setTimeout-based promise.\n /\n sleep?: (ms: number) => Promise<void>;\n /\n Print sink for the user-facing prompt (browser URL + code). Defaults to\n * stderr. Tests override to capture.\n /\n prompt?: (lines: string[]) => void;\n /\n Override the global fetch — kept for tests; production passes nothing.\n /\n fetchImpl?: typeof fetch;\n}\n\nconst DEFAULT_SLEEP = (ms: number): Promise<void> =>\n new Promise((r) => setTimeout(r, ms));\n\nconst DEFAULT_PROMPT = (lines: string[]): void => {\n for (const line of lines) process.stderr.write(`${line}\\n`);\n};\n\nexport async function deviceFlow(\n opts: DeviceFlowOptions,\n): Promise<DeviceFlowToken> {\n const sleep = opts.sleep ?? DEFAULT_SLEEP;\n const prompt = opts.prompt ?? DEFAULT_PROMPT;\n const fetchImpl = opts.fetchImpl ?? fetch;\n const { apiBase, log } = opts;\n\n const start = await postJson<DeviceStartResponse>(\n fetchImpl,\n `${apiBase}/v1/auth/device/start`,\n {},\n );\n\n const verifyUrl = start.verification_uri_complete \|\| start.verification_uri;\n prompt([\n \"\",\n \"─────────────────────────────────────────────────────────\",\n \" Prysmid MCP — Sign in to your account\",\n \"─────────────────────────────────────────────────────────\",\n \"\",\n \" 1. Open this URL in your browser:\",\n ` ${verifyUrl}`,\n \"\",\n \" 2. Confirm the code:\",\n ` ${start.user_code}`,\n \"\",\n ` Waiting for confirmation (expires in ${start.expires_in}s)…`,\n \"\",\n ]);\n\n let interval = Math.max(1, start.interval \|\| 5);\n const deadline = Date.now() + start.expires_in 1000;\n\n while (Date.now() < deadline) {\n await sleep(interval * 1000);\n\n let res: DevicePollResponse;\n try {\n res = await postJson<DevicePollResponse>(\n fetchImpl,\n `${apiBase}/v1/auth/device/poll`,\n { device_code: start.device_code },\n );\n } catch (e) {\n log.warn(\"device poll request failed, retrying\", {\n error: e instanceof Error ? e.message : String(e),\n });\n continue;\n }\n\n if (res.status === \"complete\") {\n if (!res.access_token) {\n throw new Error(\n \"Device flow returned status=complete but no access_token\",\n );\n }\n log.info(\"device flow login complete\", {\n expiresIn: res.expires_in ?? null,\n });\n return {\n accessToken: res.access_token,\n refreshToken: res.refresh_token ?? undefined,\n expiresIn: res.expires_in ?? undefined,\n };\n }\n if (res.status === \"slow_down\") {\n interval += 5;\n log.debug(\"device flow slow_down\", { newInterval: interval });\n continue;\n }\n if (res.status === \"pending\") continue;\n if (res.status === \"expired\") {\n throw new Error(\"Device code expired before authorization\");\n }\n if (res.status === \"denied\") {\n throw new Error(\"Authorization denied\");\n }\n log.warn(\"unknown device poll status\", { status: res.status });\n }\n\n throw new Error(\"Device code expired before authorization\");\n}\n\nasync function postJson<T>(\n fetchImpl: typeof fetch,\n url: string,\n body: unknown,\n): Promise<T> {\n const res = await fetchImpl(url, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\", Accept: \"application/json\" },\n body: JSON.stringify(body),\n });\n const text = await res.text();\n if (!res.ok) {\n throw new Error(`POST ${url} failed: ${res.status} ${text}`);\n }\n try {\n return JSON.parse(text) as T;\n } catch {\n throw new Error(`POST ${url} returned non-JSON: ${text.slice(0, 200)}`);\n }\n}\n","/*\n Prysmid API client — thin fetch wrapper that adds auth + maps errors.\n \n Auth model (MVP): static bearer via `PRYSMID_API_TOKEN`. Device-flow OAuth\n * lives in `auth.ts` and produces a token compatible with this client.\n /\nimport type { Config } from \"./config.js\";\nimport type { Logger } from \"./logger.js\";\n\nexport class PrysmidApiError extends Error {\n constructor(\n message: string,\n public readonly status: number,\n public readonly body: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"PrysmidApiError\";\n }\n}\n\nexport interface RequestOptions {\n method?: \"GET\" \| \"POST\" \| \"PUT\" \| \"PATCH\" \| \"DELETE\";\n body?: unknown;\n query?: Record<string, string \| number \| boolean \| undefined>;\n}\n\nexport class PrysmidClient {\n constructor(\n private readonly cfg: Config,\n private readonly log: Logger,\n /\n Optional override. When set (e.g. resolved via device flow + token cache),\n * takes precedence over `cfg.apiToken`. Keeps the env-driven path for the\n * `PRYSMID_API_TOKEN=…` mode untouched.\n /\n private readonly tokenOverride: string \| null = null,\n ) {}\n\n private get effectiveToken(): string \| null {\n return this.tokenOverride ?? this.cfg.apiToken;\n }\n\n async request<T = unknown>(path: string, opts: RequestOptions = {}): Promise<T> {\n const token = this.effectiveToken;\n if (!token) {\n throw new PrysmidApiError(\n \"No Prysmid API token. Set PRYSMID_API_TOKEN or complete device-flow login.\",\n 401,\n \"\",\n \"auth.no_token\",\n );\n }\n\n const url = new URL(this.cfg.apiBase + path);\n if (opts.query) {\n for (const [k, v] of Object.entries(opts.query)) {\n if (v !== undefined) url.searchParams.set(k, String(v));\n }\n }\n\n const method = opts.method ?? \"GET\";\n const headers: Record<string, string> = {\n Authorization: `Bearer ${token}`,\n Accept: \"application/json\",\n };\n if (opts.body !== undefined) headers[\"Content-Type\"] = \"application/json\";\n\n this.log.debug(`HTTP ${method} ${url.pathname}`);\n const res = await fetch(url, {\n method,\n headers,\n body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n });\n\n const text = await res.text();\n if (!res.ok) {\n let code: string \| undefined;\n try {\n const parsed = JSON.parse(text);\n code = typeof parsed?.error === \"string\" ? parsed.error : parsed?.code;\n } catch {\n // body wasn't JSON\n }\n throw new PrysmidApiError(\n `Prysmid API ${res.status} on ${method} ${path}`,\n res.status,\n text,\n code,\n );\n }\n\n if (text === \"\") return undefined as T;\n try {\n return JSON.parse(text) as T;\n } catch {\n return text as unknown as T;\n }\n }\n}\n","/\n Runtime configuration. Pulled from env at startup; immutable thereafter.\n \n The MCP runs as a long-lived stdio process — env reads happen once.\n /\n\nexport interface Config {\n apiBase: string;\n apiToken: string \| null;\n logLevel: \"debug\" \| \"info\" \| \"warn\" \| \"error\";\n}\n\nconst DEFAULT_API_BASE = \"https://api.prysmid.com\";\n\nexport function loadConfig(env: NodeJS.ProcessEnv = process.env): Config {\n const apiBase = (env.PRYSMID_API_BASE ?? DEFAULT_API_BASE).replace(/\\/+$/, \"\");\n const apiToken = env.PRYSMID_API_TOKEN?.trim() \|\| null;\n const rawLevel = (env.PRYSMID_MCP_LOG_LEVEL ?? \"info\").toLowerCase();\n const logLevel: Config[\"logLevel\"] =\n rawLevel === \"debug\" \|\| rawLevel === \"warn\" \|\| rawLevel === \"error\"\n ? rawLevel\n : \"info\";\n return { apiBase, apiToken, logLevel };\n}\n","/\n stderr-only logger. MCP servers MUST NOT write to stdout — that channel\n * is reserved for the JSON-RPC protocol; any stray byte breaks the agent.\n /\nimport type { Config } from \"./config.js\";\n\nconst ORDER = { debug: 10, info: 20, warn: 30, error: 40 } as const;\n\nexport interface Logger {\n debug: (msg: string, extra?: unknown) => void;\n info: (msg: string, extra?: unknown) => void;\n warn: (msg: string, extra?: unknown) => void;\n error: (msg: string, extra?: unknown) => void;\n}\n\nexport function makeLogger(cfg: Pick<Config, \"logLevel\">): Logger {\n const threshold = ORDER[cfg.logLevel];\n\n function emit(level: keyof typeof ORDER, msg: string, extra?: unknown) {\n if (ORDER[level] < threshold) return;\n const ts = new Date().toISOString();\n const payload = extra === undefined ? \"\" : ` ${safeJSON(extra)}`;\n process.stderr.write(`${ts} ${level.toUpperCase()} ${msg}${payload}\\n`);\n }\n\n return {\n debug: (m, e) => emit(\"debug\", m, e),\n info: (m, e) => emit(\"info\", m, e),\n warn: (m, e) => emit(\"warn\", m, e),\n error: (m, e) => emit(\"error\", m, e),\n };\n}\n\nfunction safeJSON(x: unknown): string {\n try {\n return JSON.stringify(x);\n } catch {\n return String(x);\n }\n}\n","/\n On-disk cache for the device-flow access token.\n \n Path layout:\n * - Windows: %APPDATA%\\prysmid-mcp\\token.json\n * - Linux/macOS: $XDG_CONFIG_HOME/prysmid-mcp/token.json (default ~/.config/prysmid-mcp)\n * - Fallback: ~/.prysmid-mcp/token.json\n \n The cache is keyed by `apiBase` so switching between staging/prod is safe.\n * Token file is mode 0600 on Unix; Windows ignores the chmod.\n /\nimport {\n chmodSync,\n existsSync,\n mkdirSync,\n readFileSync,\n rmSync,\n writeFileSync,\n} from \"node:fs\";\nimport { homedir, platform } from \"node:os\";\nimport { dirname, join } from \"node:path\";\n\nexport interface CachedToken {\n apiBase: string;\n accessToken: string;\n refreshToken?: string;\n /* Unix epoch seconds. /\n expiresAt: number;\n}\n\nconst APP_DIR = \"prysmid-mcp\";\nconst FILE_NAME = \"token.json\";\nconst EXPIRY_SKEW_SECONDS = 60;\n\nexport function getTokenPath(env: NodeJS.ProcessEnv = process.env): string {\n if (platform() === \"win32\") {\n const base = env.APPDATA;\n if (base) return join(base, APP_DIR, FILE_NAME);\n return join(homedir(), `.${APP_DIR}`, FILE_NAME);\n }\n const xdg = env.XDG_CONFIG_HOME;\n if (xdg) return join(xdg, APP_DIR, FILE_NAME);\n return join(homedir(), \".config\", APP_DIR, FILE_NAME);\n}\n\nexport function loadToken(\n apiBase: string,\n env: NodeJS.ProcessEnv = process.env,\n): CachedToken \| null {\n const path = getTokenPath(env);\n if (!existsSync(path)) return null;\n let parsed: CachedToken;\n try {\n parsed = JSON.parse(readFileSync(path, \"utf8\")) as CachedToken;\n } catch {\n return null;\n }\n if (parsed.apiBase !== apiBase) return null;\n const nowSec = Math.floor(Date.now() / 1000);\n if (parsed.expiresAt - EXPIRY_SKEW_SECONDS <= nowSec) return null;\n if (typeof parsed.accessToken !== \"string\" \|\| !parsed.accessToken) {\n return null;\n }\n return parsed;\n}\n\nexport function saveToken(\n token: CachedToken,\n env: NodeJS.ProcessEnv = process.env,\n): void {\n const path = getTokenPath(env);\n mkdirSync(dirname(path), { recursive: true });\n writeFileSync(path, JSON.stringify(token, null, 2), \"utf8\");\n if (platform() !== \"win32\") {\n try {\n chmodSync(path, 0o600);\n } catch {\n // best-effort\n }\n }\n}\n\nexport function clearToken(env: NodeJS.ProcessEnv = process.env): void {\n const path = getTokenPath(env);\n if (existsSync(path)) {\n rmSync(path, { force: true });\n }\n}\n","/\n Tool registry — single place where every MCP tool lives. Each tool exports\n * its input schema (Zod) + handler; `registerAll` wires them into the SDK.\n \n Two flavors of tools coexist:\n * - generated: 1:1 with REST endpoints, produced by `scripts/generate-tools.ts`\n * (lives under `tools/generated/` once the script runs)\n - curated: high-level orchestrators a human/agent actually wants to call,\n * e.g. `setup_prysmid_workspace(company_name)` that combines several\n * endpoints. These live under `tools/curated/`.\n \n * Both share the same `Tool` shape so the registry is uniform.\n /\nimport type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport { z } from \"zod\";\n\nimport { PrysmidApiError, type PrysmidClient } from \"../client.js\";\nimport type { Logger } from \"../logger.js\";\n\nexport interface ToolContext {\n client: PrysmidClient;\n log: Logger;\n}\n\nexport interface ToolDef<I extends z.ZodRawShape> {\n name: string;\n description: string;\n inputShape: I;\n /\n Handler returns plain JSON-able output. The SDK serializes it into\n * MCP `content` blocks; we wrap to text by default (most MCP UIs render it\n * better than structured content).\n /\n handler: (\n input: z.infer<z.ZodObject<I>>,\n ctx: ToolContext,\n ) => Promise<unknown>;\n}\n\nexport function defineTool<I extends z.ZodRawShape>(t: ToolDef<I>): ToolDef<I> {\n return t;\n}\n\n// `ToolDef<any>` here intentionally — the array is heterogeneous (each tool\n// has its own input shape) and the SDK's registerTool only cares about the\n// runtime Zod object, not compile-time type inference. Without `any` there's\n// no single ZodRawShape that satisfies every entry simultaneously.\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport function registerAll(\n server: McpServer,\n ctx: ToolContext,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n tools: ReadonlyArray<ToolDef<any>>,\n): void {\n for (const tool of tools) {\n server.registerTool(\n tool.name,\n {\n description: tool.description,\n inputSchema: tool.inputShape,\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async (input: any) => {\n try {\n const result = await tool.handler(input, ctx);\n return {\n content: [\n {\n type: \"text\" as const,\n text:\n typeof result === \"string\"\n ? result\n : JSON.stringify(result, null, 2),\n },\n ],\n };\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n // For API errors, surface the response body so callers see the\n // FastAPI validation detail instead of a bare status code.\n const detail =\n err instanceof PrysmidApiError && err.body ? `\\n${err.body}` : \"\";\n ctx.log.error(`tool ${tool.name} failed`, { message });\n return {\n isError: true,\n content: [\n { type: \"text\" as const, text: `error: ${message}${detail}` },\n ],\n };\n }\n },\n );\n }\n}\n","/\n OIDC application tools — list, create, delete on a workspace's apps.\n * Apps are the integration unit: each one represents one downstream service\n * (web app, mobile app, CLI) that authenticates via Prysmid.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List all OIDC apps in a workspace.\",\n inputShape: {\n workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/apps`),\n});\n\nexport const createOidcApp = defineTool({\n name: \"create_oidc_app\",\n description:\n \"Create an OIDC application in a workspace. Returns client_id (and client_secret only when app_type=web). app_type=web is a confidential server-rendered app; spa and native are public clients that use PKCE and have no secret.\",\n inputShape: {\n workspace: z.string().min(1),\n name: z.string().min(1).max(255),\n redirect_uris: z.array(z.string().url()).min(1),\n post_logout_redirect_uris: z.array(z.string().url()).optional(),\n app_type: z.enum([\"web\", \"spa\", \"native\"]).default(\"web\"),\n dev_mode: z\n .boolean()\n .default(false)\n .describe(\n \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteOidcApp = defineTool({\n name: \"delete_oidc_app\",\n description: \"Delete an OIDC app. Idempotent — 404 returns success.\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n },\n handler: async ({ workspace, app_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nconst APP_TYPE = z.enum([\"web\", \"spa\", \"native\"]);\nconst AUTH_METHOD = z.enum([\n \"client_secret_basic\",\n \"client_secret_post\",\n \"none\",\n \"private_key_jwt\",\n]);\nconst GRANT_TYPE = z.enum([\n \"authorization_code\",\n \"refresh_token\",\n \"implicit\",\n \"device_code\",\n \"token_exchange\",\n]);\n\nexport const getApp = defineTool({\n name: \"get_app\",\n description:\n \"Fetch full detail for one OIDC app: redirect URIs, grant types, auth method, dev_mode, timestamps. Never returns the client_secret — use regenerate_app_secret to mint a new one.\",\n inputShape: {\n workspace: z.string().min(1).describe(\"Workspace slug or UUID\"),\n app_id: z.string().min(1),\n },\n handler: async ({ workspace, app_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n ),\n});\n\nexport const updateApp = defineTool({\n name: \"update_app\",\n description:\n \"Patch mutable fields on an OIDC app: redirect URIs, post-logout URIs, grant types, auth method, dev_mode. All fields optional — only provided keys change. client_secret is NEVER accepted here; use regenerate_app_secret to rotate it.\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n redirect_uris: z.array(z.string().url()).optional(),\n post_logout_redirect_uris: z.array(z.string().url()).optional(),\n grant_types: z.array(GRANT_TYPE).optional(),\n auth_method: AUTH_METHOD.optional(),\n dev_mode: z\n .boolean()\n .optional()\n .describe(\n \"Skip redirect URI HTTPS check — only for local dev, NEVER prod.\",\n ),\n },\n handler: async ({ workspace, app_id, ...patch }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}`,\n { method: \"PATCH\", body: patch },\n ),\n});\n\nexport const regenerateAppSecret = defineTool({\n name: \"regenerate_app_secret\",\n description:\n \"Destructive — invalidates the current secret immediately. Returns the new secret plaintext ONCE. Set confirm=true to proceed. Only valid for app_type=web (confidential clients); spa/native are public and have no secret (the API returns 422 in that case).\",\n inputShape: {\n workspace: z.string().min(1),\n app_id: z.string().min(1),\n confirm: z\n .literal(true)\n .describe(\n \"Must be true to acknowledge that the current secret will be invalidated immediately.\",\n ),\n },\n handler: async ({ workspace, app_id, confirm }, { client }) => {\n if (confirm !== true) {\n throw new Error(\n \"regenerate_app_secret refused: pass confirm=true to acknowledge that the current secret will be invalidated immediately and the new secret is surfaced only once.\",\n );\n }\n return client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps/${encodeURIComponent(app_id)}/regenerate-secret`,\n { method: \"POST\" },\n );\n },\n});\n\n// Exported for use in index.ts composeToolset (handwritten precedence).\n// Also re-exported as `appTypeEnum` etc. would be unnecessary; the tools list\n// is the only surface the registry needs.\nexport const tools = [\n listApps,\n createOidcApp,\n deleteOidcApp,\n getApp,\n updateApp,\n regenerateAppSecret,\n] as const;\n","/\n Audit log export tool — /v1/workspaces/{ws}/audit-log/export.\n \n X4: pull a workspace's audit trail as NDJSON (default) or CSV, optionally\n * scoped to one business org via `org_id` (matches `meta.org_id`), with\n * action + time-window filters. The response body is the raw export text —\n * the MCP layer surfaces it verbatim so an agent can summarise it or hand\n * it to the operator for archival.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const exportAuditLog = defineTool({\n name: \"export_audit_log\",\n description:\n \"Export a workspace's audit trail as NDJSON (default) or CSV. Filter by `org_id` (a specific business org, matches meta.org_id), `action` (exact, e.g. `idp.create`), and a created_at window (`start`/`end`, ISO-8601). `limit` caps rows (default 10000, max 50000). Returns the raw export text — narrow the window to page through large trails.\",\n inputShape: {\n workspace: z.string().min(1),\n format: z\n .enum([\"ndjson\", \"csv\"])\n .default(\"ndjson\")\n .describe(\n \"ndjson (default) = one JSON object per line, best for SIEM. csv = flat columns with meta JSON-encoded in one cell.\",\n ),\n org_id: z\n .string()\n .min(1)\n .optional()\n .describe(\n \"Scope to one business org (matches meta.org_id). Omit for the whole workspace.\",\n ),\n action: z\n .string()\n .min(1)\n .optional()\n .describe(\"Exact audit action to filter, e.g. `idp.create`.\"),\n start: z\n .string()\n .optional()\n .describe(\"ISO-8601 timestamp; only rows created at/after this.\"),\n end: z\n .string()\n .optional()\n .describe(\"ISO-8601 timestamp; only rows created before this.\"),\n limit: z.number().int().min(1).max(50000).optional(),\n },\n handler: async ({ workspace, ...query }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/audit-log/export`,\n { query },\n ),\n});\n\nexport const tools = [exportAuditLog] as const;\n","/\n Billing tools — read state, manage spending cap, generate Stripe portal URL.\n * Checkout/upgrade flow returns a Stripe-hosted URL; the agent surfaces it to\n * the user for them to navigate (we don't process payment data here).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBilling = defineTool({\n name: \"get_billing\",\n description:\n \"Get current billing state: plan, subscription status, current period, spending_cap_cents, signups_blocked.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing`,\n ),\n});\n\nexport const setSpendingCap = defineTool({\n name: \"set_spending_cap\",\n description:\n \"Cap monthly Pro overage spend (cents). Pass null to remove cap (unlimited). When projected overage exceeds cap, signups_blocked flips on.\",\n inputShape: {\n workspace: z.string().min(1),\n spending_cap_cents: z\n .number()\n .int()\n .min(0)\n .max(10_000_000)\n .nullable()\n .describe(\"Max overage cents per period; null = unlimited\"),\n },\n handler: async ({ workspace, spending_cap_cents }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/spending-cap`,\n { method: \"PATCH\", body: { spending_cap_cents } },\n ),\n});\n\nexport const startCheckout = defineTool({\n name: \"start_billing_checkout\",\n description:\n \"Create a Stripe Checkout session for upgrading. Returns the URL the user must visit. Plan must be `pro` (Free has no checkout; Enterprise is sales-only).\",\n inputShape: {\n workspace: z.string().min(1),\n plan: z.enum([\"pro\"]),\n },\n handler: async ({ workspace, plan }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/checkout`,\n { method: \"POST\", body: { plan } },\n ),\n});\n\nexport const startBillingPortal = defineTool({\n name: \"start_billing_portal\",\n description:\n \"Create a Stripe customer-portal session URL where the user manages payment methods, downloads invoices, cancels subscription.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/billing/portal`,\n { method: \"POST\" },\n ),\n});\n\nexport const tools = [\n getBilling,\n setSpendingCap,\n startCheckout,\n startBillingPortal,\n] as const;\n","/\n Branding tools — colors, fonts, logo for the login page. Logo upload is\n * out of MCP scope (multipart binary uploads don't fit MCP tool semantics\n * cleanly); use the dashboard or API directly for that.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description:\n \"Return the workspace's active branding policy (colors, fonts, hide-prysmid-watermark flag, logo URLs).\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n ),\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description:\n \"Update branding colors and watermark. Hex colors as `#RRGGBB`. Activates the policy after update — change shows on next login screen render.\",\n inputShape: {\n workspace: z.string().min(1),\n primary_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n background_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n warn_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n font_color: z\n .string()\n .regex(/^#[0-9a-fA-F]{6}$/)\n .optional(),\n disable_watermark: z\n .boolean()\n .optional()\n .describe(\n \"Hide 'Powered by Prysmid' on the login screen (Pro+ only — Free silently ignored).\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const tools = [getBranding, updateBranding] as const;\n","/\n Curated high-level tools — the ones agents would naturally reach for to\n * accomplish a goal in one call, instead of orchestrating 4 raw endpoints.\n \n Keep these small: each represents one end-user intent (\"set up a workspace\n * with Google login\"). Branch logic and prompts stay on the agent side; this\n * file only owns the API choreography.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst SetupWorkspaceOutput = z.object({\n workspace_id: z.string(),\n slug: z.string(),\n auth_domain: z.string(),\n state: z.string(),\n});\n\nexport const setupPrysmidWorkspace = defineTool({\n name: \"setup_prysmid_workspace\",\n description:\n \"Create a new workspace and wait until it's fully provisioned (Zitadel instance, SMTP, DNS). Returns the live auth_domain ready to integrate.\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/),\n display_name: z.string().min(1),\n timeout_seconds: z\n .number()\n .int()\n .min(10)\n .max(300)\n .default(120)\n .describe(\"Max time to wait for provisioning before returning.\"),\n },\n handler: async (\n { slug, display_name, timeout_seconds },\n { client, log },\n ) => {\n const created = (await client.request(\"/v1/workspaces\", {\n method: \"POST\",\n body: { slug, display_name },\n })) as { id: string; slug: string; state: string; auth_domain?: string };\n\n const deadline = Date.now() + timeout_seconds 1000;\n while (Date.now() < deadline) {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(created.id)}`,\n )) as {\n id: string;\n slug: string;\n state: string;\n auth_domain?: string;\n provisioning_error?: string;\n };\n if (ws.state === \"active\") {\n return SetupWorkspaceOutput.parse({\n workspace_id: ws.id,\n slug: ws.slug,\n auth_domain: ws.auth_domain ?? `auth.${ws.slug}.prysmid.com`,\n state: ws.state,\n });\n }\n if (ws.state === \"provisioning_failed\") {\n throw new Error(\n `Workspace provisioning failed: ${ws.provisioning_error ?? \"unknown reason\"}`,\n );\n }\n log.debug(`workspace ${created.id} state=${ws.state}, polling…`);\n await sleep(3000);\n }\n throw new Error(\n `Workspace did not reach state=active within ${timeout_seconds}s`,\n );\n },\n});\n\nfunction sleep(ms: number) {\n return new Promise((r) => setTimeout(r, ms));\n}\n\nexport const enableGoogleLogin = defineTool({\n name: \"enable_google_login\",\n description:\n \"Add Google as an identity provider on a workspace and enable external IdPs in the login policy. Hands you a checklist if external IdPs were already disabled — agent should confirm before flipping that flag.\",\n inputShape: {\n workspace: z.string().min(1),\n google_client_id: z.string().min(1),\n google_client_secret: z.string().min(1),\n name: z.string().default(\"Google\"),\n },\n handler: async (\n { workspace, google_client_id, google_client_secret, name },\n { client },\n ) => {\n // The IdP create body is the discriminated-union shape that\n // app/schemas/idp.py expects: `type` (not `provider`), and client_id /\n // client_secret are flat top-level fields (not nested under `config`).\n // Sending `provider` or nested config 422s the request before any handler\n // runs.\n const idp = await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n {\n method: \"POST\",\n body: {\n type: \"google\",\n name,\n client_id: google_client_id,\n client_secret: google_client_secret,\n },\n },\n );\n\n // Force-enable external IdP toggle in case the workspace had it off.\n await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body: { allow_external_idp: true } },\n );\n\n return { idp, login_policy: \"allow_external_idp=true\" };\n },\n});\n\ninterface SetupCheckItem {\n ok: boolean;\n name: string;\n details?: string;\n}\n\ntype ListResp = { items?: unknown[]; total?: number } \| unknown[];\n\nfunction countItems(resp: ListResp): number {\n if (Array.isArray(resp)) return resp.length;\n if (typeof resp.total === \"number\") return resp.total;\n if (Array.isArray(resp.items)) return resp.items.length;\n return 0;\n}\n\ntype IdpListItem = { id: string; name?: string; type?: string };\ntype IdpListResp = ListResp & { items?: IdpListItem[] };\ntype ProbeResp = {\n ok: boolean;\n provider_reachable: boolean;\n credentials_ok?: boolean \| null;\n redirect_uri_ok?: boolean \| null;\n error_code?: string \| null;\n error_detail?: string \| null;\n};\n\nfunction listOf(resp: ListResp): unknown[] {\n if (Array.isArray(resp)) return resp;\n if (Array.isArray(resp.items)) return resp.items;\n return [];\n}\n\nexport const prysmidSetupCheck = defineTool({\n name: \"prysmid_setup_check\",\n description:\n \"Run a readiness checklist on a workspace: state=active, ≥1 OIDC app, ≥1 IdP OR password+register enabled, branding has a primary_color set, login_policy reasonable, AND (by default) every external IdP probes successfully against its upstream provider. Returns pass/fail per item plus a summary verdict. Set `probe_idps=false` to skip the live probe (faster, but won't catch redirect_uri_mismatch or invalid client_secret until a real end-user hits the broken IdP).\",\n inputShape: {\n workspace: z.string().min(1),\n probe_idps: z\n .boolean()\n .optional()\n .describe(\n \"Run a live probe against each external IdP's upstream authorize endpoint. Default true. Set false to skip if the latency matters more than the safety (will not catch redirect_uri_mismatch or invalid_client until a real end-user signs in).\",\n ),\n },\n handler: async ({ workspace, probe_idps = true }, { client }) => {\n const ws = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}`,\n )) as { state: string; auth_domain?: string };\n const appsResp = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/apps`,\n )) as ListResp;\n const idpsResp = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps`,\n )) as IdpListResp;\n const policy = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n )) as {\n allow_username_password?: boolean;\n allow_register?: boolean;\n allow_external_idp?: boolean;\n force_mfa?: boolean;\n };\n const branding = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/branding`,\n )) as { primary_color?: string };\n\n // The list endpoints return { items, total } — but tolerate a raw array\n // too so the check stays robust if the projection ever flips back.\n const appsCount = countItems(appsResp);\n const idpsCount = countItems(idpsResp);\n const idpItems = listOf(idpsResp) as IdpListItem[];\n const passwordsOpen =\n policy.allow_username_password === true &&\n policy.allow_register === true;\n\n const checks: SetupCheckItem[] = [\n {\n ok: ws.state === \"active\",\n name: \"workspace_active\",\n details: `state=${ws.state}`,\n },\n {\n ok: appsCount > 0,\n name: \"has_at_least_one_app\",\n details: `${appsCount} apps`,\n },\n {\n ok: idpsCount > 0 \|\| passwordsOpen,\n name: \"users_can_sign_in\",\n details:\n idpsCount > 0\n ? `${idpsCount} idps`\n : passwordsOpen\n ? \"no idps but username+password (with self-registration) allowed\"\n : \"no idps; enable allow_username_password+allow_register or add an IdP\",\n },\n {\n ok: !!branding.primary_color,\n name: \"branding_primary_color_set\",\n },\n {\n ok: policy.force_mfa === true \|\| idpsCount > 0,\n name: \"auth_strength_reasonable\",\n details: policy.force_mfa\n ? \"force_mfa=true\"\n : idpsCount > 0\n ? `${idpsCount} external IdP(s) — strength delegated upstream`\n : \"MFA off and no external IdPs — passwords-only is weak\",\n },\n ];\n\n // Functional probe of each external IdP. Closes the gap where the\n // checklist reported `ready` because the IdP record existed, but the\n // OAuth flow was actually broken (redirect_uri_mismatch, invalid client_id)\n // — discoverable only via real-world login. Default-on so casual users\n // don't have to know to ask for it; opt-out via probe_idps=false for the\n // rare case where the probe latency matters more than the safety.\n if (probe_idps && idpItems.length > 0) {\n const probeResults: { id: string; result: ProbeResp; error?: string }[] = [];\n for (const idp of idpItems) {\n try {\n const probe = (await client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp.id)}/probe`,\n { method: \"POST\" },\n )) as ProbeResp;\n probeResults.push({ id: idp.id, result: probe });\n } catch (err) {\n probeResults.push({\n id: idp.id,\n result: { ok: false, provider_reachable: false },\n error: err instanceof Error ? err.message : String(err),\n });\n }\n }\n const allOk = probeResults.every((r) => r.result.ok);\n const summary = probeResults\n .map((r) => {\n const code = r.result.error_code ? ` (${r.result.error_code})` : \"\";\n return `${r.id}=${r.result.ok ? \"ok\" : \"fail\"}${code}`;\n })\n .join(\", \");\n const firstFailure = probeResults.find((r) => !r.result.ok);\n const details = firstFailure\n ? `${summary}. First failure: ${firstFailure.result.error_detail ?? firstFailure.error ?? \"no detail\"}`\n : summary;\n checks.push({\n ok: allOk,\n name: \"idps_functional\",\n details,\n });\n } else if (idpItems.length > 0) {\n checks.push({\n ok: true,\n name: \"idps_functional\",\n details: \"skipped (probe_idps=false); won't catch redirect_uri_mismatch or invalid_client until a real end-user signs in.\",\n });\n }\n\n const verdict = checks.every((c) => c.ok) ? \"ready\" : \"incomplete\";\n return { verdict, checks };\n },\n});\n\nexport const tools = [\n setupPrysmidWorkspace,\n enableGoogleLogin,\n prysmidSetupCheck,\n] as const;\n","/*\n UserGrant tools — cross-org access primitive.\n \n A grant materializes \"user X has access to org Y's project Z with these\n * roles\". The user lives in their home org (often the workspace's consumer\n * org); access to another org's app is materialized as a grant. The JWT\n * `tenant_id` claim derives from the active grant's org when the user logs\n * in to a project belonging to it — so the same person can have stable `sub`\n * but different `tenant_id` per session.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const grantUserToOrganization = defineTool({\n name: \"grant_user_to_organization\",\n description:\n \"Grant a user access to an organization's project with a set of role keys. The user does NOT need to be a member of the org — that's the point. Idempotent at the (user, org, project) tuple: duplicates return 502 from Zitadel.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z\n .string()\n .min(1)\n .describe(\"Zitadel org id of the org GRANTING access.\"),\n user_id: z\n .string()\n .min(1)\n .describe(\n \"Zitadel user id. The user's home org is irrelevant — grants are cross-org.\",\n ),\n project_id: z\n .string()\n .min(1)\n .describe(\n \"Zitadel project id this grant is for. Look it up via list_apps — every OIDC app belongs to a project.\",\n ),\n role_keys: z\n .array(z.string())\n .default([])\n .describe(\n \"Role keys defined on the target project. Empty list = bare membership (still gates access).\",\n ),\n },\n handler: async ({ workspace, org_id, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/grants`,\n { method: \"POST\", body },\n ),\n});\n\nexport const listGrantsInOrganization = defineTool({\n name: \"list_grants_in_organization\",\n description:\n \"List all grants owned by an organization. Returns each grant with the granted user_id, project_id, role_keys, and the org's tenant_id (the value users will see as `tenant_id` claim when this grant is active).\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/grants`,\n ),\n});\n\nexport const listGrantsForUser = defineTool({\n name: \"list_grants_for_user\",\n description:\n \"List all grants held by a user across orgs in this workspace. Useful for 'what does this user have access to?' and offboarding/audit reviews.\",\n inputShape: {\n workspace: z.string().min(1),\n user_id: z.string().min(1),\n },\n handler: async ({ workspace, user_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/${encodeURIComponent(user_id)}/grants`,\n ),\n});\n\nexport const updateGrantRoles = defineTool({\n name: \"update_grant_roles\",\n description:\n \"Replace the role_keys on an existing grant. The set is replaced wholesale — pass the full desired list, not a delta.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n grant_id: z.string().min(1),\n role_keys: z.array(z.string()),\n },\n handler: async ({ workspace, org_id, grant_id, role_keys }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/grants/${encodeURIComponent(grant_id)}`,\n { method: \"PATCH\", body: { role_keys } },\n ),\n});\n\nexport const deactivateGrant = defineTool({\n name: \"deactivate_grant\",\n description:\n \"Temporarily suspend a grant without revoking it. Idempotent. Re-enable later with reactivate_grant.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n grant_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id, grant_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/grants/${encodeURIComponent(grant_id)}/_deactivate`,\n { method: \"POST\" },\n ),\n});\n\nexport const reactivateGrant = defineTool({\n name: \"reactivate_grant\",\n description: \"Re-enable a previously deactivated grant. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n grant_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id, grant_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/grants/${encodeURIComponent(grant_id)}/_reactivate`,\n { method: \"POST\" },\n ),\n});\n\nexport const revokeGrant = defineTool({\n name: \"revoke_grant\",\n description:\n \"Permanently revoke a grant. Idempotent — 204 even if the Zitadel-side grant is already gone. Emits a `grant.revoked` audit event (will fire a webhook in slice X5).\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n grant_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id, grant_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/grants/${encodeURIComponent(grant_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [\n grantUserToOrganization,\n listGrantsInOrganization,\n listGrantsForUser,\n updateGrantRoles,\n deactivateGrant,\n reactivateGrant,\n revokeGrant,\n] as const;\n","/\n Identity provider tools — Google, GitHub, Microsoft, generic OIDC.\n * Each create_* operation atomically: creates the IdP config AND adds it to\n * the login policy so it appears on the login screen. The Prysmid API\n * encapsulates that two-step lifecycle behind a single endpoint.\n \n P3a-1 per-org scoping: every tool accepts an optional `org_id` that maps\n * to the `?org_id=` query param. When provided, the IdP operation targets\n * that specific business org instead of the workspace's home org. Omit it\n * for legacy single-org behaviour.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst orgIdArg = z\n .string()\n .min(1)\n .optional()\n .describe(\n \"Optional Zitadel org id to scope this operation to a specific business org inside the workspace. Omit for the workspace's home org (backwards-compat).\",\n );\n\n// X6: JIT + linking behaviour. All fields optional — omitted fields fall\n// back to the Prysm:ID defaults on create, or preserve current state on\n// patch. See platform/api/app/schemas/idp.py:IdpProviderOptions for the\n// canonical contract.\nconst providerOptionsSchema = z\n .object({\n is_creation_allowed: z.boolean().optional(),\n is_auto_creation: z\n .boolean()\n .optional()\n .describe(\n \"JIT provisioning: True auto-creates a Prysm:ID user on first external login. The most common X6 flag — set False for tightly-controlled enterprise tenants where seats are granted manually.\",\n ),\n is_auto_update: z.boolean().optional(),\n is_linking_allowed: z.boolean().optional(),\n auto_linking: z\n .enum([\"unspecified\", \"username\", \"email\"])\n .optional()\n .describe(\n \"How to merge an external first-login into an existing Prysm:ID user. `username` matches user_name, `email` matches verified email, `unspecified` disables auto-linking.\",\n ),\n })\n .optional()\n .describe(\n \"X6: JIT + linking behaviour. Omitted fields fall back to defaults on create (auto-create + auto-update + link-by-username) or preserve current state on patch.\",\n );\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description:\n \"List identity providers (Google/GitHub/Microsoft/OIDC) configured on a workspace. Pass `org_id` to list IdPs of a specific business org.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/idps`, {\n query: { org_id },\n }),\n});\n\nexport const addIdp = defineTool({\n name: \"add_idp\",\n description:\n \"Add an identity provider to the workspace and attach it to the login policy in one atomic call. Pass `org_id` to attach the IdP to a specific business org (multi-tenant setup) instead of the workspace's home org. Pass `provider_options` to control JIT provisioning + account-linking behaviour (X6).\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n type: z\n .enum([\"google\", \"github\", \"microsoft\", \"oidc\"])\n .describe(\"Identity provider kind. `microsoft` covers Azure AD / Entra.\"),\n name: z.string().min(1).describe(\"Display name shown on login screen\"),\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n scopes: z.array(z.string()).optional(),\n issuer: z\n .string()\n .url()\n .optional()\n .describe(\"Required for `oidc`; ignored otherwise\"),\n tenant_id: z\n .string()\n .optional()\n .describe(\n \"Optional for `microsoft` — lock to a specific Entra tenant GUID. Default accepts any account.\",\n ),\n provider_options: providerOptionsSchema,\n },\n handler: async ({ workspace, org_id, ...body }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}/idps`, {\n method: \"POST\",\n body,\n query: { org_id },\n }),\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description:\n \"Remove an identity provider. Strips it from the login policy then deletes the config. Idempotent. Pass `org_id` to target a specific business org's IdP.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { method: \"DELETE\", query: { org_id } },\n ),\n});\n\nexport const getIdp = defineTool({\n name: \"get_idp\",\n description:\n \"Fetch full detail for one identity provider: type, state, client_id, issuer/tenant (when applicable), scopes, secret_updated_at, created_at. Never returns the client_secret. Pass `org_id` to scope to a business org.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { query: { org_id } },\n ),\n});\n\nexport const updateIdp = defineTool({\n name: \"update_idp\",\n description:\n \"Patch mutable fields on an identity provider. All fields optional. Passing client_secret rotates the upstream-issued value (Google/GitHub/Microsoft/OIDC client secret stored in Prysmid). Passing client_id retargets to a different upstream client. issuer/tenant_id apply only when relevant to the IdP type. Pass `org_id` to scope to a business org. Pass `provider_options` to flip JIT or linking flags — only the keys you set change, others are preserved (X6).\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n idp_id: z.string().min(1),\n name: z.string().min(1).optional(),\n client_id: z.string().min(1).optional(),\n client_secret: z\n .string()\n .min(1)\n .optional()\n .describe(\n \"Rotate the upstream-issued client secret. Not the Prysmid app secret — that one is rotated via regenerate_app_secret.\",\n ),\n scopes: z.array(z.string()).optional(),\n issuer: z\n .string()\n .url()\n .optional()\n .describe(\"Only meaningful for type=oidc.\"),\n tenant_id: z\n .string()\n .optional()\n .describe(\"Only meaningful for type=microsoft (Entra tenant GUID).\"),\n provider_options: providerOptionsSchema,\n },\n handler: async ({ workspace, org_id, idp_id, ...patch }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}`,\n { method: \"PATCH\", body: patch, query: { org_id } },\n ),\n});\n\nexport const probeIdp = defineTool({\n name: \"probe_idp\",\n description:\n \"Probe an external identity provider end-to-end against its upstream authorize endpoint. Catches redirect_uri_mismatch (URI not registered at Google Cloud / GitHub / etc.), invalid_client (client_id rotated or deleted upstream), and provider_unreachable failures BEFORE a real end-user hits them. Use after enable_google_login / add_idp, and any time you suspect the IdP is misconfigured. Today: Google + GitHub get full classification; Microsoft + OIDC generic return `skipped` for the deterministic dimensions (only reachability is verified). Pass `org_id` to scope to a business org.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n idp_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id, idp_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/idps/${encodeURIComponent(idp_id)}/probe`,\n { method: \"POST\", query: { org_id } },\n ),\n});\n\nexport const tools = [listIdps, addIdp, deleteIdp, getIdp, updateIdp, probeIdp] as const;\n","/\n Login policy tools — control which authentication methods are allowed,\n * MFA factors, passwordless, and domain-discovery routing. Patches are\n * merge semantics on the server side; only fields you set are changed.\n \n P3a-3 per-org scoping: both tools accept an optional `org_id` that maps\n * to the `?org_id=` query param. When provided, the operation targets that\n * specific business org's login policy. Omit for the workspace's home org.\n \n Schema mirrors the platform API's `LoginPolicyView/Update`:\n * - allow_username_password / allow_register / allow_external_idp\n * - force_mfa, force_mfa_local_only, passwordless_allowed (bool, NOT a string enum)\n * - second_factors: list of {otp, u2f, otp_email, otp_sms}\n * - multi_factors: list of {u2f_verified}\n * - hide_password_reset, ignore_unknown_usernames\n * - allow_domain_discovery (P3a-3 — route logins by email domain)\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst orgIdArg = z\n .string()\n .min(1)\n .optional()\n .describe(\n \"Optional Zitadel org id to scope this operation to a specific business org. Omit for the workspace's home org (backwards-compat).\",\n );\n\nconst SECOND_FACTORS = [\"otp\", \"u2f\", \"otp_email\", \"otp_sms\"] as const;\nconst MULTI_FACTORS = [\"u2f_verified\"] as const;\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description:\n \"Return the workspace's current login policy (auth methods, MFA factors, passwordless, domain discovery, hide-password-reset, etc.). Pass `org_id` to read a specific business org's policy.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { query: { org_id } },\n ),\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description:\n \"Update the login policy. PATCH semantics — only fields you pass are changed; other policy fields stay as they were. Pass `org_id` to scope to a specific business org (P3a-3). Set `allow_domain_discovery=true` together with a verified org domain (see `verify_organization_domain`) to route email-based logins to that org automatically.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n allow_username_password: z.boolean().optional(),\n allow_register: z.boolean().optional(),\n allow_external_idp: z.boolean().optional(),\n force_mfa: z\n .boolean()\n .optional()\n .describe(\"Require any second factor at login.\"),\n force_mfa_local_only: z\n .boolean()\n .optional()\n .describe(\n \"X2: require MFA only for username/password logins, exempting external-IdP logins (which may already enforce MFA upstream). Only meaningful when force_mfa is also true.\",\n ),\n passwordless_allowed: z\n .boolean()\n .optional()\n .describe(\"Allow passkey-first sign-in flows.\"),\n second_factors: z\n .array(z.enum(SECOND_FACTORS))\n .optional()\n .describe(\n \"Replaces the full list of allowed second-factor methods. Pass `[]` to disable all 2FA.\",\n ),\n multi_factors: z\n .array(z.enum(MULTI_FACTORS))\n .optional()\n .describe(\n \"Replaces the full list of allowed multi-factor (passwordless+verification) methods.\",\n ),\n hide_password_reset: z.boolean().optional(),\n ignore_unknown_usernames: z.boolean().optional(),\n allow_domain_discovery: z\n .boolean()\n .optional()\n .describe(\n \"P3a-3: route logins to the org that owns the typed email's verified domain, skipping the IdP picker. Requires at least one verified domain on the org (see verify_organization_domain).\",\n ),\n },\n handler: async ({ workspace, org_id, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/login-policy`,\n { method: \"PATCH\", body, query: { org_id } },\n ),\n});\n\nexport const tools = [getLoginPolicy, updateLoginPolicy] as const;\n","/\n Per-org domain tools — wraps\n * /v1/workspaces/{ws}/organizations/{org_id}/domains/.\n \n * Domain claims are the prerequisite for domain discovery on the login\n * screen (`update_login_policy ... allow_domain_discovery=true`) and\n * future email-claim flows. Attaching is cheap; verification needs the\n * operator to publish a DNS TXT record or HTTP file from the token.\n \n Typical flow an agent should follow:\n * 1. add_organization_domain(workspace, org_id, domain)\n * 2. generate_organization_domain_verification(... method=dns)\n * → returns {token, url, method}, agent shows token + record to operator\n * 3. operator publishes the TXT record\n * 4. verify_organization_domain(...) → checks publication, marks verified\n * 5. update_login_policy(workspace, org_id, allow_domain_discovery=true)\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst workspaceArg = z.string().min(1);\nconst orgIdArg = z\n .string()\n .min(1)\n .describe(\n \"Zitadel org id (the `id` returned by create/list_organizations). Per-org scoping.\",\n );\nconst domainArg = z\n .string()\n .min(3)\n .max(253)\n .regex(/^[a-z0-9]([a-z0-9-][a-z0-9])?(\\.[a-z0-9]([a-z0-9-][a-z0-9])?)+$/)\n .describe(\n \"Fully-qualified domain to manage. Lower-case only — `Acme.com` and `acme.com` are different to Zitadel.\",\n );\n\nexport const listOrganizationDomains = defineTool({\n name: \"list_organization_domains\",\n description:\n \"List every domain attached to an organization with its verification state. Use after add/verify to confirm the domain shows `is_verified=true`.\",\n inputShape: {\n workspace: workspaceArg,\n org_id: orgIdArg,\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/domains`,\n ),\n});\n\nexport const addOrganizationDomain = defineTool({\n name: \"add_organization_domain\",\n description:\n \"Attach a domain to an organization. State starts UNVERIFIED — chain `generate_organization_domain_verification` and `verify_organization_domain` to complete setup. 409 if already attached.\",\n inputShape: {\n workspace: workspaceArg,\n org_id: orgIdArg,\n domain: domainArg,\n },\n handler: async ({ workspace, org_id, domain }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/domains`,\n { method: \"POST\", body: { domain } },\n ),\n});\n\nexport const generateOrganizationDomainVerification = defineTool({\n name: \"generate_organization_domain_verification\",\n description:\n \"Generate (or rotate) the verification token + record location for an attached domain. Returns `{token, url, method}`. The operator must publish the token at `url` (DNS TXT for method=dns; HTTP file for method=http) before calling `verify_organization_domain`. DNS is the default — works on apex domains, does not require HTTP control.\",\n inputShape: {\n workspace: workspaceArg,\n org_id: orgIdArg,\n domain: domainArg,\n method: z\n .enum([\"dns\", \"http\"])\n .default(\"dns\")\n .describe(\n \"Verification method. `dns` (default) → publish a TXT record. `http` → serve a file at `.well-known/zitadel-challenge/<token>` on the domain.\",\n ),\n },\n handler: async ({ workspace, org_id, domain, method }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/domains/${encodeURIComponent(domain)}/_generate_verification`,\n { method: \"POST\", body: { method } },\n ),\n});\n\nexport const verifyOrganizationDomain = defineTool({\n name: \"verify_organization_domain\",\n description:\n \"Trigger Zitadel to look up the published verification token and mark the domain verified. Returns the updated domain projection with `is_verified=true` on success. 400 if the token is not found (DNS not propagated yet, wrong record, etc.) — retry after publishing.\",\n inputShape: {\n workspace: workspaceArg,\n org_id: orgIdArg,\n domain: domainArg,\n },\n handler: async ({ workspace, org_id, domain }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/domains/${encodeURIComponent(domain)}/_verify`,\n { method: \"POST\" },\n ),\n});\n\nexport const deleteOrganizationDomain = defineTool({\n name: \"delete_organization_domain\",\n description:\n \"Detach a domain from an organization. Idempotent (204 even if already gone). Verified domains can be removed too — domain discovery will no longer route logins of that email domain to this org.\",\n inputShape: {\n workspace: workspaceArg,\n org_id: orgIdArg,\n domain: domainArg,\n },\n handler: async ({ workspace, org_id, domain }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/domains/${encodeURIComponent(domain)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [\n listOrganizationDomains,\n addOrganizationDomain,\n generateOrganizationDomainVerification,\n verifyOrganizationDomain,\n deleteOrganizationDomain,\n] as const;\n","/\n Organization tools — multi-tenant orgs inside a workspace's Zitadel instance.\n \n Each org carries a stable `tenant_id` UUID that surfaces in the JWT\n * `tenant_id` claim and is what consumer apps should use as their tenant\n * partition key. Slugs and display names can change; tenant_id never does.\n \n The consumer org (slug `__consumer__`, `is_consumer=true`) is provisioned\n * separately via `ensure_consumer_organization` — regular `create_organization`\n * cannot use the reserved slug.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const createOrganization = defineTool({\n name: \"create_organization\",\n description:\n \"Create a new organization inside a workspace. Returns the org with a stable `tenant_id` UUID — that's the value users will see as the `tenant_id` claim on their JWT when an active grant resolves to this org. Idempotent on slug: re-creating a duplicate slug returns 409.\",\n inputShape: {\n workspace: z.string().min(1),\n name: z.string().min(1).max(255).describe(\"Display name (mutable).\"),\n slug: z\n .string()\n .min(3)\n .max(63)\n .regex(/^[a-z][a-z0-9-][a-z0-9]$/)\n .describe(\n \"URL-safe slug, unique per workspace. Immutable. Cannot be `__consumer__` (reserved).\",\n ),\n allow_register: z\n .boolean()\n .default(false)\n .describe(\n \"Whether self-registration is allowed for this org. Default false (invite-only).\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations`,\n { method: \"POST\", body },\n ),\n});\n\nexport const listOrganizations = defineTool({\n name: \"list_organizations\",\n description:\n \"List all organizations in a workspace, oldest first. Each item includes the stable `tenant_id` UUID and the consumer flag.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations`,\n ),\n});\n\nexport const getOrganization = defineTool({\n name: \"get_organization\",\n description:\n \"Read one organization by its Zitadel org id (the `id` returned by create/list, not the internal Prysm:ID UUID).\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}`,\n ),\n});\n\nexport const updateOrganization = defineTool({\n name: \"update_organization\",\n description:\n \"Rename an organization and/or toggle `allow_register` / `domain_auto_claim`. Sparse — omit fields to leave them untouched. Rename propagates to Zitadel synchronously.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n name: z.string().min(1).max(255).optional(),\n allow_register: z.boolean().optional(),\n domain_auto_claim: z\n .boolean()\n .optional()\n .describe(\n \"P2e opt-in: when True, verifying a domain on this org (or calling reconcile_organization_domain_claims) auto-grants the org access over consumer-org users with a matching verified email domain. Public domains are always excluded; the user's home org is never moved (the claim is an additional, revocable grant).\",\n ),\n },\n handler: async ({ workspace, org_id, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const reconcileOrganizationDomainClaims = defineTool({\n name: \"reconcile_organization_domain_claims\",\n description:\n \"P2e: grant this org access over consumer-org users whose verified email domain matches one of the org's verified domains. Idempotent and re-runnable — catches users who self-registered after a domain was verified. Requires domain_auto_claim=true on the org (returns skipped with a reason otherwise). Public email domains are always excluded; the user's home org is never moved. Returns counts: granted / already_present / candidates + the domains matched.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/_reconcile-domain-claims`,\n { method: \"POST\" },\n ),\n});\n\nexport const deactivateOrganization = defineTool({\n name: \"deactivate_organization\",\n description:\n \"Block all logins to an organization. Idempotent. Consumer org cannot be deactivated — toggle `allow_consumer_org=false` on the workspace instead.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/_deactivate`,\n { method: \"POST\" },\n ),\n});\n\nexport const reactivateOrganization = defineTool({\n name: \"reactivate_organization\",\n description: \"Re-enable logins for a previously deactivated organization. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}/_reactivate`,\n { method: \"POST\" },\n ),\n});\n\nexport const deleteOrganization = defineTool({\n name: \"delete_organization\",\n description:\n \"Hard-delete an organization. Cascades users/projects/grants on the Zitadel side. Idempotent against out-of-band Zitadel removal. Consumer org is protected — toggle `allow_consumer_org=false` on the workspace to remove it.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/${encodeURIComponent(org_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const ensureConsumerOrganization = defineTool({\n name: \"ensure_consumer_organization\",\n description:\n \"Idempotently provision the workspace's consumer organization for self-registered users. Requires `workspace.allow_consumer_org=true` (toggle it via update_workspace first). Returns the org row whether newly created or already present. Slug `__consumer__`, `allow_register=true`, `is_consumer=true`.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/organizations/_ensure-consumer`,\n { method: \"POST\" },\n ),\n});\n\nexport const tools = [\n createOrganization,\n listOrganizations,\n getOrganization,\n updateOrganization,\n reconcileOrganizationDomainClaims,\n deactivateOrganization,\n reactivateOrganization,\n deleteOrganization,\n ensureConsumerOrganization,\n] as const;\n","/*\n Service account (machine user) tools — /v1/workspaces/{ws}/service-accounts/.\n \n * A service account is a Zitadel machine user that emits JWTs verifiable via\n * JWKS (M2M auth, RFC 7523). The JSON key is returned ONCE on create — the\n * platform never stores it, so the agent must surface it to the operator\n * immediately and tell them to store it in their secret manager.\n \n X3 per-org scoping: every tool accepts an optional `org_id` that maps to\n * `?org_id=` so the machine user lives in a specific business org. Omit for\n * the workspace's home org.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst orgIdArg = z\n .string()\n .min(1)\n .optional()\n .describe(\n \"Optional Zitadel org id to scope the service account to a specific business org. Omit for the workspace's home org (backwards-compat).\",\n );\n\nexport const listServiceAccounts = defineTool({\n name: \"list_service_accounts\",\n description:\n \"List the workspace's service accounts (machine users). The platform-internal provisioner SA is filtered out. Pass `org_id` to list a specific business org's machine users.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n },\n handler: async ({ workspace, org_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/service-accounts`,\n { query: { org_id } },\n ),\n});\n\nexport const createServiceAccount = defineTool({\n name: \"create_service_account\",\n description:\n \"Create a service account (machine user) and mint its JSON key. The `key` is returned ONCE in the response and never stored by Prysmid — surface it to the operator and instruct them to save it in a secret manager. Pass `org_id` to create the SA inside a specific business org.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n user_name: z\n .string()\n .regex(/^[a-zA-Z][a-zA-Z0-9._-]{1,49}$/)\n .describe(\n \"Machine username (Zitadel handle). Cannot be the reserved `prysmid-provisioner`.\",\n ),\n name: z.string().min(1).max(200).describe(\"Human-readable display name.\"),\n description: z.string().max(500).optional(),\n },\n handler: async ({ workspace, org_id, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/service-accounts`,\n { method: \"POST\", body, query: { org_id } },\n ),\n});\n\nexport const deleteServiceAccount = defineTool({\n name: \"delete_service_account\",\n description:\n \"Revoke a service account. Idempotent (204 even if already gone). Refuses to delete the platform provisioner SA. Pass `org_id` to target a specific business org's machine user.\",\n inputShape: {\n workspace: z.string().min(1),\n org_id: orgIdArg,\n service_account_id: z.string().min(1),\n },\n handler: async ({ workspace, org_id, service_account_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/service-accounts/${encodeURIComponent(service_account_id)}`,\n { method: \"DELETE\", query: { org_id } },\n ),\n});\n\nexport const tools = [\n listServiceAccounts,\n createServiceAccount,\n deleteServiceAccount,\n] as const;\n","/\n User tools — list, invite (sends Zitadel init email), delete.\n * Invite is the primary creation path; users set their own password via the\n * email link. Direct user creation with pre-set credentials is intentionally\n * not exposed here.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List human users in a workspace.\",\n inputShape: {\n workspace: z.string().min(1),\n limit: z.number().int().min(1).max(500).default(100),\n },\n handler: async ({ workspace, limit }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users`,\n { query: { limit } },\n ),\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description:\n \"Invite a user by email. Idempotent by email — re-inviting an existing user is a no-op. Triggers a Zitadel init email with a 'set your password' link.\",\n inputShape: {\n workspace: z.string().min(1),\n email: z\n .string()\n .regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/, \"must be a valid email\"),\n first_name: z.string().min(1),\n last_name: z.string().min(1),\n preferred_language: z\n .string()\n .length(2)\n .default(\"en\")\n .describe(\"ISO 639-1, e.g. en/es/pt\"),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/invite`,\n { method: \"POST\", body },\n ),\n});\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete a user by id. Idempotent.\",\n inputShape: {\n workspace: z.string().min(1),\n user_id: z.string().min(1),\n },\n handler: async ({ workspace, user_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/users/${encodeURIComponent(user_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [listUsers, inviteUser, deleteUser] as const;\n","/\n Outbound webhook endpoint tools — register URLs that Prysm:ID POSTs\n * events to when things happen in a workspace (user.created, grant.granted,\n * org.deleted, etc.).\n \n Each endpoint gets a 32-byte HMAC signing secret returned EXACTLY ONCE\n * by create_webhook_endpoint. Store it then; subsequent get/list/update\n * responses omit it. To rotate, delete and recreate the endpoint —\n * there is no mutation path that would silently invalidate a verifier.\n \n Distinct from the platform's /webhooks endpoint (Stripe-incoming).\n * These tools own the outgoing surface.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nconst KNOWN_EVENTS = [\n \"user.created\",\n \"user.deleted\",\n \"user.deactivated\",\n \"user.reactivated\",\n \"session.created\",\n \"org.created\",\n \"org.updated\",\n \"org.deactivated\",\n \"org.reactivated\",\n \"org.deleted\",\n \"grant.granted\",\n \"grant.updated\",\n \"grant.deactivated\",\n \"grant.reactivated\",\n \"grant.revoked\",\n] as const;\n\nconst eventName = z.enum(KNOWN_EVENTS);\n\nexport const createWebhookEndpoint = defineTool({\n name: \"create_webhook_endpoint\",\n description:\n \"Register a new outbound webhook endpoint for a workspace. Returns the freshly-generated `signing_secret` EXACTLY ONCE — store it immediately to verify deliveries; it is NOT retrievable later. HTTPS required in prod. Empty `enabled_events` = catch-all (subscribe to everything).\",\n inputShape: {\n workspace: z.string().min(1),\n url: z\n .string()\n .url()\n .describe(\n \"Destination URL. Must be https:// in production; http:// is permitted only on dev/staging environments.\",\n ),\n description: z\n .string()\n .max(255)\n .optional()\n .describe(\"Human label so you can tell endpoints apart in the dashboard.\"),\n enabled_events: z\n .array(eventName)\n .default([])\n .describe(\n \"Event types this endpoint subscribes to. Empty = catch-all. Unknown event types return 422.\",\n ),\n },\n handler: async ({ workspace, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/webhook-endpoints`,\n { method: \"POST\", body },\n ),\n});\n\nexport const listWebhookEndpoints = defineTool({\n name: \"list_webhook_endpoints\",\n description:\n \"List all outbound webhook endpoints registered for a workspace. Does NOT return signing secrets — that's only on create.\",\n inputShape: {\n workspace: z.string().min(1),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/webhook-endpoints`,\n ),\n});\n\nexport const getWebhookEndpoint = defineTool({\n name: \"get_webhook_endpoint\",\n description:\n \"Read one webhook endpoint by id. Omits the signing secret — recreate the endpoint if it was lost.\",\n inputShape: {\n workspace: z.string().min(1),\n endpoint_id: z.string().min(1),\n },\n handler: async ({ workspace, endpoint_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/webhook-endpoints/${encodeURIComponent(endpoint_id)}`,\n ),\n});\n\nexport const updateWebhookEndpoint = defineTool({\n name: \"update_webhook_endpoint\",\n description:\n \"Sparse update of an endpoint's url / description / enabled_events / enabled flag. Omit fields to leave them untouched. signing_secret is NOT mutable — to rotate, delete and recreate.\",\n inputShape: {\n workspace: z.string().min(1),\n endpoint_id: z.string().min(1),\n url: z.string().url().optional(),\n description: z.string().max(255).optional(),\n enabled_events: z.array(eventName).optional(),\n enabled: z\n .boolean()\n .optional()\n .describe(\n \"Toggle deliveries without losing config. Useful when the destination is temporarily down.\",\n ),\n },\n handler: async ({ workspace, endpoint_id, ...body }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/webhook-endpoints/${encodeURIComponent(endpoint_id)}`,\n { method: \"PATCH\", body },\n ),\n});\n\nexport const deleteWebhookEndpoint = defineTool({\n name: \"delete_webhook_endpoint\",\n description:\n \"Permanently remove a webhook endpoint. Pending deliveries to it are NOT removed (operator can inspect them) but no new deliveries will be queued.\",\n inputShape: {\n workspace: z.string().min(1),\n endpoint_id: z.string().min(1),\n },\n handler: async ({ workspace, endpoint_id }, { client }) =>\n client.request(\n `/v1/workspaces/${encodeURIComponent(workspace)}/webhook-endpoints/${encodeURIComponent(endpoint_id)}`,\n { method: \"DELETE\" },\n ),\n});\n\nexport const tools = [\n createWebhookEndpoint,\n listWebhookEndpoints,\n getWebhookEndpoint,\n updateWebhookEndpoint,\n deleteWebhookEndpoint,\n] as const;\n","/\n Hand-written workspace tools. These are the ones agents reach for first;\n * the rest of the surface is auto-generated from OpenAPI in a later pass.\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"./registry.js\";\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description:\n \"List Prysmid workspaces accessible to the current API token. Returns an array of {id, slug, display_name, plan, state}.\",\n inputShape: {},\n handler: async (_input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"GET\" }),\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get a single workspace by slug or id.\",\n inputShape: {\n workspace: z\n .string()\n .min(1)\n .describe(\"Workspace slug or UUID\"),\n },\n handler: async ({ workspace }, { client }) =>\n client.request(`/v1/workspaces/${encodeURIComponent(workspace)}`),\n});\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description:\n \"Create a new Prysmid workspace. Provisioning runs in the background; the response returns immediately with state=provisioning. Poll `get_workspace` until state=active (~30s).\",\n inputShape: {\n slug: z\n .string()\n .min(2)\n .max(63)\n .regex(/^[a-z0-9-]+$/, \"lowercase alphanumeric and hyphens only\")\n .describe(\"Subdomain-safe slug — becomes auth.<slug>.prysmid.com\"),\n display_name: z.string().min(1).max(255),\n },\n handler: async (input, { client }) =>\n client.request(\"/v1/workspaces\", { method: \"POST\", body: input }),\n});\n\nexport const tools = [listWorkspaces, getWorkspace, createWorkspace] as const;\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createApp = defineTool({\n name: \"create_app\",\n description: \"Create App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n name: z.string().min(1).max(200),\n redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user back after auth. At least one required.\"),\n post_logout_redirect_uris: z.array(z.string().url().min(1).max(2083)).describe(\"Where the IdP sends the user after logout.\").optional(),\n app_type: z.enum([\"web\", \"spa\", \"native\"]).describe(\"App kind, drives OIDC grant + auth_method defaults.\\n\\n- `web`: server-rendered confidential client. Gets a `client_secret`.\\n- `spa`: single-page app (user-agent). Public, PKCE required, no secret.\\n- `native`: desktop/mobile. Public, PKCE required, no secret.\").optional(),\n dev_mode: z.boolean().describe(\"Relax HTTPS requirement on redirect_uris (allows http://localhost). Use only for local development; never in production.\").default(false),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteApp = defineTool({\n name: \"delete_app\",\n description: \"Delete App\",\n inputShape: {\n workspace_id: z.string().uuid(),\n app_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, app_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps/${encodeURIComponent(String(app_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listApps = defineTool({\n name: \"list_apps\",\n description: \"List Apps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/apps`, { method: \"GET\" });\n },\n});\n\nexport const generatedAppsTools = [\n createApp,\n deleteApp,\n listApps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const billingCheckout = defineTool({\n name: \"billing_checkout\",\n description: \"Checkout\",\n inputShape: {\n workspace_id: z.string().uuid(),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/checkout`, { method: \"POST\", body: __body });\n },\n});\n\nexport const billingGetState = defineTool({\n name: \"billing_get_state\",\n description: \"Get State\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing`, { method: \"GET\" });\n },\n});\n\nexport const billingPortal = defineTool({\n name: \"billing_portal\",\n description: \"Portal\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/portal`, { method: \"POST\" });\n },\n});\n\nexport const updateSpendingCap = defineTool({\n name: \"update_spending_cap\",\n description: \"Update Spending Cap\",\n inputShape: {\n workspace_id: z.string().uuid(),\n cents: z.number().int().min(0).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/billing/spending-cap`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBillingTools = [\n billingCheckout,\n billingGetState,\n billingPortal,\n updateSpendingCap,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteLogo = defineTool({\n name: \"delete_logo\",\n description: \"Delete Logo\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding/logo`, { method: \"DELETE\" });\n },\n});\n\nexport const getBranding = defineTool({\n name: \"get_branding\",\n description: \"Get Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"GET\" });\n },\n});\n\nexport const updateBranding = defineTool({\n name: \"update_branding\",\n description: \"Update Branding\",\n inputShape: {\n workspace_id: z.string().uuid(),\n primary_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n primary_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n background_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n warn_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n font_color_dark: z.string().regex(/^#(?:[0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$/).nullable().optional(),\n hide_login_name_suffix: z.boolean().nullable().optional(),\n disable_watermark: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/branding`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedBrandingTools = [\n deleteLogo,\n getBranding,\n updateBranding,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createIdp = defineTool({\n name: \"create_idp\",\n description: \"Create Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n type: z.enum([\"google\", \"github\", \"microsoft\", \"oidc\"]),\n name: z.string().min(1).max(200),\n client_id: z.string().min(1),\n client_secret: z.string().min(1),\n issuer: z.string().url().min(1).max(2083).nullable().optional(),\n tenant_id: z.string().nullable().optional(),\n scopes: z.array(z.string()).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"POST\", body: __body });\n },\n});\n\nexport const deleteIdp = defineTool({\n name: \"delete_idp\",\n description: \"Delete Idp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n idp_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, idp_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps/${encodeURIComponent(String(idp_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const listIdps = defineTool({\n name: \"list_idps\",\n description: \"List Idps\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/idps`, { method: \"GET\" });\n },\n});\n\nexport const generatedIdpsTools = [\n createIdp,\n deleteIdp,\n listIdps,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getLoginPolicy = defineTool({\n name: \"get_login_policy\",\n description: \"Get Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"GET\" });\n },\n});\n\nexport const updateLoginPolicy = defineTool({\n name: \"update_login_policy\",\n description: \"Update Login Policy\",\n inputShape: {\n workspace_id: z.string().uuid(),\n allow_username_password: z.boolean().nullable().optional(),\n allow_register: z.boolean().nullable().optional(),\n allow_external_idp: z.boolean().nullable().optional(),\n force_mfa: z.boolean().nullable().optional(),\n passwordless_allowed: z.boolean().nullable().optional(),\n second_factors: z.array(z.enum([\"otp\", \"u2f\", \"otp_email\", \"otp_sms\"])).nullable().optional(),\n multi_factors: z.array(z.enum([\"u2f_verified\"])).nullable().optional(),\n hide_password_reset: z.boolean().nullable().optional(),\n ignore_unknown_usernames: z.boolean().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/login-policy`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedLoginPolicyTools = [\n getLoginPolicy,\n updateLoginPolicy,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const getSmtp = defineTool({\n name: \"get_smtp\",\n description: \"Get Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"GET\" });\n },\n});\n\nexport const revertToPlatformDefault = defineTool({\n name: \"revert_to_platform_default\",\n description: \"Revert To Platform Default\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"DELETE\" });\n },\n});\n\nexport const setCustomSmtp = defineTool({\n name: \"set_custom_smtp\",\n description: \"Set Custom Smtp\",\n inputShape: {\n workspace_id: z.string().uuid(),\n host: z.string().min(1),\n port: z.number().int().min(1).max(65535),\n tls: z.boolean().default(true),\n sender_address: z.string().min(3).describe(\"Address that appears in the From header.\"),\n sender_name: z.string().min(1).max(200),\n user: z.string().min(1).describe(\"SMTP auth username.\"),\n password: z.string().min(1).describe(\"SMTP auth password / API key.\"),\n reply_to_address: z.string().describe(\"Optional Reply-To header.\").default(\"\"),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/smtp`, { method: \"PUT\", body: __body });\n },\n});\n\nexport const generatedSmtpTools = [\n getSmtp,\n revertToPlatformDefault,\n setCustomSmtp,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const deleteUser = defineTool({\n name: \"delete_user\",\n description: \"Delete User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n user_id: z.string(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, user_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/${encodeURIComponent(String(user_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const inviteUser = defineTool({\n name: \"invite_user\",\n description: \"Invite User\",\n inputShape: {\n workspace_id: z.string().uuid(),\n email: z.string().max(320).regex(/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/),\n first_name: z.string().min(1).max(100),\n last_name: z.string().min(1).max(100),\n user_name: z.string().nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users/invite`, { method: \"POST\", body: __body });\n },\n});\n\nexport const listUsers = defineTool({\n name: \"list_users\",\n description: \"List Users\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/users`, { method: \"GET\" });\n },\n});\n\nexport const generatedUsersTools = [\n deleteUser,\n inviteUser,\n listUsers,\n];\n","/\n AUTO-GENERATED by scripts/generate-tools.ts. DO NOT EDIT BY HAND.\n \n Tools here are 1:1 with REST endpoints from the Prysmid OpenAPI spec.\n * Hand-written / curated tools with the same `name` shadow these at\n * registration time (see src/index.ts).\n /\nimport { z } from \"zod\";\n\nimport { defineTool } from \"../registry.js\";\n\nexport const createWorkspace = defineTool({\n name: \"create_workspace\",\n description: \"Create Workspace\",\n inputShape: {\n slug: z.string().min(3).max(63).regex(/^[a-z][a-z0-9-][a-z0-9]$/).describe(\"URL-safe lowercase slug. Becomes part of auth.<slug>.prysmid.com.\"),\n display_name: z.string().min(1).max(255),\n plan: z.enum([\"free\", \"pro\", \"enterprise\"]).optional(),\n },\n handler: async (input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"POST\", body: input });\n },\n});\n\nexport const deleteWorkspace = defineTool({\n name: \"delete_workspace\",\n description: \"Delete Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"DELETE\" });\n },\n});\n\nexport const getWorkspace = defineTool({\n name: \"get_workspace\",\n description: \"Get Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"GET\" });\n },\n});\n\nexport const listWorkspaces = defineTool({\n name: \"list_workspaces\",\n description: \"List Workspaces\",\n inputShape: {},\n handler: async (_input, { client }) => {\n return client.request(`/v1/workspaces`, { method: \"GET\" });\n },\n});\n\nexport const retryProvisioning = defineTool({\n name: \"retry_provisioning\",\n description: \"Retry Provisioning\",\n inputShape: {\n workspace_id: z.string().uuid(),\n },\n handler: async (input, { client }) => {\n const { workspace_id } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}/retry-provisioning`, { method: \"POST\" });\n },\n});\n\nexport const updateWorkspace = defineTool({\n name: \"update_workspace\",\n description: \"Update Workspace\",\n inputShape: {\n workspace_id: z.string().uuid(),\n display_name: z.string().min(1).max(255).nullable().optional(),\n },\n handler: async (input, { client }) => {\n const { workspace_id, ...__body } = input;\n return client.request(`/v1/workspaces/${encodeURIComponent(String(workspace_id))}`, { method: \"PATCH\", body: __body });\n },\n});\n\nexport const generatedWorkspacesTools = [\n createWorkspace,\n deleteWorkspace,\n getWorkspace,\n listWorkspaces,\n retryProvisioning,\n updateWorkspace,\n];\n","/*\n AUTO-GENERATED. Do not edit.\n \n Aggregates every tag's generated tools into a single array. The merge with\n * hand-written tools (where hand-written wins on name collision) lives in\n * src/index.ts.\n */\nimport { generatedAppsTools } from \"./apps.js\";\nimport { generatedBillingTools } from \"./billing.js\";\nimport { generatedBrandingTools } from \"./branding.js\";\nimport { generatedIdpsTools } from \"./idps.js\";\nimport { generatedLoginPolicyTools } from \"./login-policy.js\";\nimport { generatedSmtpTools } from \"./smtp.js\";\nimport { generatedUsersTools } from \"./users.js\";\nimport { generatedWorkspacesTools } from \"./workspaces.js\";\n\nexport const generatedTools = [\n ...generatedAppsTools,\n ...generatedBillingTools,\n ...generatedBrandingTools,\n ...generatedIdpsTools,\n ...generatedLoginPolicyTools,\n ...generatedSmtpTools,\n ...generatedUsersTools,\n ...generatedWorkspacesTools,\n];\n"],"mappings":";;;AAoBA,SAAS,iBAAiB;AAC1B,SAAS,4BAA4B;;;ACsCrC,IAAM,gBAAgB,CAAC,OACrB,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAEtC,IAAM,iBAAiB,CAAC,UAA0B;AAChD,aAAW,QAAQ,MAAO,SAAQ,OAAO,MAAM,GAAG,IAAI;AAAA,CAAI;AAC5D;AAEA,eAAsB,WACpB,MAC0B;AAC1B,QAAMA,SAAQ,KAAK,SAAS;AAC5B,QAAM,SAAS,KAAK,UAAU;AAC9B,QAAM,YAAY,KAAK,aAAa;AACpC,QAAM,EAAE,SAAS,IAAI,IAAI;AAEzB,QAAM,QAAQ,MAAM;AAAA,IAClB;AAAA,IACA,GAAG,OAAO;AAAA,IACV,CAAC;AAAA,EACH;AAEA,QAAM,YAAY,MAAM,6BAA6B,MAAM;AAC3D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU,SAAS;AAAA,IACnB;AAAA,IACA;AAAA,IACA,UAAU,MAAM,SAAS;AAAA,IACzB;AAAA,IACA,0CAA0C,MAAM,UAAU;AAAA,IAC1D;AAAA,EACF,CAAC;AAED,MAAI,WAAW,KAAK,IAAI,GAAG,MAAM,YAAY,CAAC;AAC9C,QAAM,WAAW,KAAK,IAAI,IAAI,MAAM,aAAa;AAEjD,SAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,UAAMA,OAAM,WAAW,GAAI;AAE3B,QAAI;AACJ,QAAI;AACF,YAAM,MAAM;AAAA,QACV;AAAA,QACA,GAAG,OAAO;AAAA,QACV,EAAE,aAAa,MAAM,YAAY;AAAA,MACnC;AAAA,IACF,SAAS,GAAG;AACV,UAAI,KAAK,wCAAwC;AAAA,QAC/C,OAAO,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC;AAAA,MAClD,CAAC;AACD;AAAA,IACF;AAEA,QAAI,IAAI,WAAW,YAAY;AAC7B,UAAI,CAAC,IAAI,cAAc;AACrB,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AACA,UAAI,KAAK,8BAA8B;AAAA,QACrC,WAAW,IAAI,cAAc;AAAA,MAC/B,CAAC;AACD,aAAO;AAAA,QACL,aAAa,IAAI;AAAA,QACjB,cAAc,IAAI,iBAAiB;AAAA,QACnC,WAAW,IAAI,cAAc;AAAA,MAC/B;AAAA,IACF;AACA,QAAI,IAAI,WAAW,aAAa;AAC9B,kBAAY;AACZ,UAAI,MAAM,yBAAyB,EAAE,aAAa,SAAS,CAAC;AAC5D;AAAA,IACF;AACA,QAAI,IAAI,WAAW,UAAW;AAC9B,QAAI,IAAI,WAAW,WAAW;AAC5B,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AACA,QAAI,IAAI,WAAW,UAAU;AAC3B,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AACA,QAAI,KAAK,8BAA8B,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,EAC/D;AAEA,QAAM,IAAI,MAAM,0CAA0C;AAC5D;AAEA,eAAe,SACb,WACA,KACA,MACY;AACZ,QAAM,MAAM,MAAM,UAAU,KAAK;AAAA,IAC/B,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oBAAoB,QAAQ,mBAAmB;AAAA,IAC1E,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AACD,QAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,QAAQ,GAAG,YAAY,IAAI,MAAM,IAAI,IAAI,EAAE;AAAA,EAC7D;AACA,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,UAAM,IAAI,MAAM,QAAQ,GAAG,uBAAuB,KAAK,MAAM,GAAG,GAAG,CAAC,EAAE;AAAA,EACxE;AACF;;;AChKO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EANkB;AAAA,EACA;AAAA,EACA;AAKpB;AAQO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YACmB,KACA,KAMA,gBAA+B,MAChD;AARiB;AACA;AAMA;AAAA,EAChB;AAAA,EARgB;AAAA,EACA;AAAA,EAMA;AAAA,EAGnB,IAAY,iBAAgC;AAC1C,WAAO,KAAK,iBAAiB,KAAK,IAAI;AAAA,EACxC;AAAA,EAEA,MAAM,QAAqB,MAAc,OAAuB,CAAC,GAAe;AAC9E,UAAM,QAAQ,KAAK;AACnB,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,KAAK,IAAI,UAAU,IAAI;AAC3C,QAAI,KAAK,OAAO;AACd,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,KAAK,GAAG;AAC/C,YAAI,MAAM,OAAW,KAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,MACxD;AAAA,IACF;AAEA,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAkC;AAAA,MACtC,eAAe,UAAU,KAAK;AAAA,MAC9B,QAAQ;AAAA,IACV;AACA,QAAI,KAAK,SAAS,OAAW,SAAQ,cAAc,IAAI;AAEvD,SAAK,IAAI,MAAM,QAAQ,MAAM,IAAI,IAAI,QAAQ,EAAE;AAC/C,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,IAC9D,CAAC;AAED,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,CAAC,IAAI,IAAI;AACX,UAAI;AACJ,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,eAAO,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ,QAAQ;AAAA,MACpE,QAAQ;AAAA,MAER;AACA,YAAM,IAAI;AAAA,QACR,eAAe,IAAI,MAAM,OAAO,MAAM,IAAI,IAAI;AAAA,QAC9C,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI,SAAS,GAAI,QAAO;AACxB,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACvFA,IAAM,mBAAmB;AAElB,SAAS,WAAW,MAAyB,QAAQ,KAAa;AACvE,QAAM,WAAW,IAAI,oBAAoB,kBAAkB,QAAQ,QAAQ,EAAE;AAC7E,QAAM,WAAW,IAAI,mBAAmB,KAAK,KAAK;AAClD,QAAM,YAAY,IAAI,yBAAyB,QAAQ,YAAY;AACnE,QAAM,WACJ,aAAa,WAAW,aAAa,UAAU,aAAa,UACxD,WACA;AACN,SAAO,EAAE,SAAS,UAAU,SAAS;AACvC;;;ACjBA,IAAM,QAAQ,EAAE,OAAO,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,GAAG;AASlD,SAAS,WAAW,KAAuC;AAChE,QAAM,YAAY,MAAM,IAAI,QAAQ;AAEpC,WAAS,KAAK,OAA2B,KAAa,OAAiB;AACrE,QAAI,MAAM,KAAK,IAAI,UAAW;AAC9B,UAAM,MAAK,oBAAI,KAAK,GAAE,YAAY;AAClC,UAAM,UAAU,UAAU,SAAY,KAAK,IAAI,SAAS,KAAK,CAAC;AAC9D,YAAQ,OAAO,MAAM,GAAG,EAAE,IAAI,MAAM,YAAY,CAAC,IAAI,GAAG,GAAG,OAAO;AAAA,CAAI;AAAA,EACxE;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,IACnC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,MAAM,CAAC,GAAG,MAAM,KAAK,QAAQ,GAAG,CAAC;AAAA,IACjC,OAAO,CAAC,GAAG,MAAM,KAAK,SAAS,GAAG,CAAC;AAAA,EACrC;AACF;AAEA,SAAS,SAAS,GAAoB;AACpC,MAAI;AACF,WAAO,KAAK,UAAU,CAAC;AAAA,EACzB,QAAQ;AACN,WAAO,OAAO,CAAC;AAAA,EACjB;AACF;;;AC5BA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,SAAS,gBAAgB;AAClC,SAAS,SAAS,YAAY;AAU9B,IAAM,UAAU;AAChB,IAAM,YAAY;AAClB,IAAM,sBAAsB;AAErB,SAAS,aAAa,MAAyB,QAAQ,KAAa;AACzE,MAAI,SAAS,MAAM,SAAS;AAC1B,UAAM,OAAO,IAAI;AACjB,QAAI,KAAM,QAAO,KAAK,MAAM,SAAS,SAAS;AAC9C,WAAO,KAAK,QAAQ,GAAG,IAAI,OAAO,IAAI,SAAS;AAAA,EACjD;AACA,QAAM,MAAM,IAAI;AAChB,MAAI,IAAK,QAAO,KAAK,KAAK,SAAS,SAAS;AAC5C,SAAO,KAAK,QAAQ,GAAG,WAAW,SAAS,SAAS;AACtD;AAEO,SAAS,UACd,SACA,MAAyB,QAAQ,KACb;AACpB,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,CAAC,WAAW,IAAI,EAAG,QAAO;AAC9B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,aAAa,MAAM,MAAM,CAAC;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACA,MAAI,OAAO,YAAY,QAAS,QAAO;AACvC,QAAM,SAAS,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC3C,MAAI,OAAO,YAAY,uBAAuB,OAAQ,QAAO;AAC7D,MAAI,OAAO,OAAO,gBAAgB,YAAY,CAAC,OAAO,aAAa;AACjE,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,UACd,OACA,MAAyB,QAAQ,KAC3B;AACN,QAAM,OAAO,aAAa,GAAG;AAC7B,YAAU,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC5C,gBAAc,MAAM,KAAK,UAAU,OAAO,MAAM,CAAC,GAAG,MAAM;AAC1D,MAAI,SAAS,MAAM,SAAS;AAC1B,QAAI;AACF,gBAAU,MAAM,GAAK;AAAA,IACvB,QAAQ;AAAA,IAER;AAAA,EACF;AACF;AAEO,SAAS,WAAW,MAAyB,QAAQ,KAAW;AACrE,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,WAAW,IAAI,GAAG;AACpB,WAAO,MAAM,EAAE,OAAO,KAAK,CAAC;AAAA,EAC9B;AACF;;;AChDO,SAAS,WAAoC,GAA2B;AAC7E,SAAO;AACT;AAOO,SAAS,YACd,QACA,KAEAC,SACM;AACN,aAAW,QAAQA,SAAO;AACxB,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,QACE,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,MACpB;AAAA;AAAA,MAEA,OAAO,UAAe;AACpB,YAAI;AACF,gBAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,GAAG;AAC5C,iBAAO;AAAA,YACL,SAAS;AAAA,cACP;AAAA,gBACE,MAAM;AAAA,gBACN,MACE,OAAO,WAAW,WACd,SACA,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,cACtC;AAAA,YACF;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAG/D,gBAAM,SACJ,eAAe,mBAAmB,IAAI,OAAO;AAAA,EAAK,IAAI,IAAI,KAAK;AACjE,cAAI,IAAI,MAAM,QAAQ,KAAK,IAAI,WAAW,EAAE,QAAQ,CAAC;AACrD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,SAAS;AAAA,cACP,EAAE,MAAM,QAAiB,MAAM,UAAU,OAAO,GAAG,MAAM,GAAG;AAAA,YAC9D;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxFA,SAAS,SAAS;AAIX,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,EAChE;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,OAAO;AACzE,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC;AAAA,IAC9C,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,UAAU,EAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,QAAQ,KAAK;AAAA,IACxD,UAAU,EACP,QAAQ,EACR,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAED,IAAM,WAAW,EAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC;AAChD,IAAM,cAAc,EAAE,KAAK;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AACD,IAAM,aAAa,EAAE,KAAK;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,wBAAwB;AAAA,IAC9D,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,EACpF;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAClD,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IAC9D,aAAa,EAAE,MAAM,UAAU,EAAE,SAAS;AAAA,IAC1C,aAAa,YAAY,SAAS;AAAA,IAClC,UAAU,EACP,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,MAAM,GAAG,EAAE,OAAO,MACxD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS,MAAM,MAAM;AAAA,EACjC;AACJ,CAAC;AAEM,IAAM,sBAAsB,WAAW;AAAA,EAC5C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,SAAS,EACN,QAAQ,IAAI,EACZ;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,QAAQ,GAAG,EAAE,OAAO,MAAM;AAC7D,QAAI,YAAY,MAAM;AACpB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,WAAO,OAAO;AAAA,MACZ,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,MAClF,EAAE,QAAQ,OAAO;AAAA,IACnB;AAAA,EACF;AACF,CAAC;AAKM,IAAM,QAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC1IA,SAAS,KAAAC,UAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GACL,KAAK,CAAC,UAAU,KAAK,CAAC,EACtB,QAAQ,QAAQ,EAChB;AAAA,MACC;AAAA,IACF;AAAA,IACF,QAAQA,GACL,OAAO,EACP,IAAI,CAAC,EACL,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,IACF,QAAQA,GACL,OAAO,EACP,IAAI,CAAC,EACL,SAAS,EACT,SAAS,kDAAkD;AAAA,IAC9D,OAAOA,GACJ,OAAO,EACP,SAAS,EACT,SAAS,sDAAsD;AAAA,IAClE,KAAKA,GACF,OAAO,EACP,SAAS,EACT,SAAS,oDAAoD;AAAA,IAChE,OAAOA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAK,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,MAAM,GAAG,EAAE,OAAO,MAChD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,MAAM;AAAA,EACV;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,cAAc;;;ACjDpC,SAAS,KAAAC,UAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,GACjB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAU,EACd,SAAS,EACT,SAAS,gDAAgD;AAAA,EAC9D;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,mBAAmB,GAAG,EAAE,OAAO,MAC1D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,mBAAmB,EAAE;AAAA,EAClD;AACJ,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,GAAE,KAAK,CAAC,KAAK,CAAC;AAAA,EACtB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,KAAK,GAAG,EAAE,OAAO,MAC5C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,MAAM,EAAE,KAAK,EAAE;AAAA,EACnC;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACxEA,SAAS,KAAAC,UAAS;AAIX,IAAM,cAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GACZ,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,kBAAkBA,GACf,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,YAAYA,GACT,OAAO,EACP,MAAM,mBAAmB,EACzB,SAAS;AAAA,IACZ,mBAAmBA,GAChB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,aAAa,cAAc;;;AClDjD,SAAS,KAAAC,UAAS;AAIlB,IAAM,uBAAuBC,GAAE,OAAO;AAAA,EACpC,cAAcA,GAAE,OAAO;AAAA,EACvB,MAAMA,GAAE,OAAO;AAAA,EACf,aAAaA,GAAE,OAAO;AAAA,EACtB,OAAOA,GAAE,OAAO;AAClB,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,GACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,cAAc;AAAA,IACvB,cAAcA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC9B,iBAAiBA,GACd,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,IAAI,GAAG,EACP,QAAQ,GAAG,EACX,SAAS,qDAAqD;AAAA,EACnE;AAAA,EACA,SAAS,OACP,EAAE,MAAM,cAAc,gBAAgB,GACtC,EAAE,QAAQ,IAAI,MACX;AACH,UAAM,UAAW,MAAM,OAAO,QAAQ,kBAAkB;AAAA,MACtD,QAAQ;AAAA,MACR,MAAM,EAAE,MAAM,aAAa;AAAA,IAC7B,CAAC;AAED,UAAM,WAAW,KAAK,IAAI,IAAI,kBAAkB;AAChD,WAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,YAAM,KAAM,MAAM,OAAO;AAAA,QACvB,kBAAkB,mBAAmB,QAAQ,EAAE,CAAC;AAAA,MAClD;AAOA,UAAI,GAAG,UAAU,UAAU;AACzB,eAAO,qBAAqB,MAAM;AAAA,UAChC,cAAc,GAAG;AAAA,UACjB,MAAM,GAAG;AAAA,UACT,aAAa,GAAG,eAAe,QAAQ,GAAG,IAAI;AAAA,UAC9C,OAAO,GAAG;AAAA,QACZ,CAAC;AAAA,MACH;AACA,UAAI,GAAG,UAAU,uBAAuB;AACtC,cAAM,IAAI;AAAA,UACR,kCAAkC,GAAG,sBAAsB,gBAAgB;AAAA,QAC7E;AAAA,MACF;AACA,UAAI,MAAM,aAAa,QAAQ,EAAE,UAAU,GAAG,KAAK,iBAAY;AAC/D,YAAM,MAAM,GAAI;AAAA,IAClB;AACA,UAAM,IAAI;AAAA,MACR,+CAA+C,eAAe;AAAA,IAChE;AAAA,EACF;AACF,CAAC;AAED,SAAS,MAAM,IAAY;AACzB,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAClC,sBAAsBA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtC,MAAMA,GAAE,OAAO,EAAE,QAAQ,QAAQ;AAAA,EACnC;AAAA,EACA,SAAS,OACP,EAAE,WAAW,kBAAkB,sBAAsB,KAAK,GAC1D,EAAE,OAAO,MACN;AAMH,UAAM,MAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,MAAM;AAAA,UACN;AAAA,UACA,WAAW;AAAA,UACX,eAAe;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAGA,UAAM,OAAO;AAAA,MACX,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,MAC/C,EAAE,QAAQ,SAAS,MAAM,EAAE,oBAAoB,KAAK,EAAE;AAAA,IACxD;AAEA,WAAO,EAAE,KAAK,cAAc,0BAA0B;AAAA,EACxD;AACF,CAAC;AAUD,SAAS,WAAW,MAAwB;AAC1C,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO,KAAK;AACrC,MAAI,OAAO,KAAK,UAAU,SAAU,QAAO,KAAK;AAChD,MAAI,MAAM,QAAQ,KAAK,KAAK,EAAG,QAAO,KAAK,MAAM;AACjD,SAAO;AACT;AAaA,SAAS,OAAO,MAA2B;AACzC,MAAI,MAAM,QAAQ,IAAI,EAAG,QAAO;AAChC,MAAI,MAAM,QAAQ,KAAK,KAAK,EAAG,QAAO,KAAK;AAC3C,SAAO,CAAC;AACV;AAEO,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,YAAYA,GACT,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,aAAa,KAAK,GAAG,EAAE,OAAO,MAAM;AAC/D,UAAM,KAAM,MAAM,OAAO;AAAA,MACvB,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AACA,UAAM,SAAU,MAAM,OAAO;AAAA,MAC3B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAMA,UAAM,WAAY,MAAM,OAAO;AAAA,MAC7B,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IACjD;AAIA,UAAM,YAAY,WAAW,QAAQ;AACrC,UAAM,YAAY,WAAW,QAAQ;AACrC,UAAM,WAAW,OAAO,QAAQ;AAChC,UAAM,gBACJ,OAAO,4BAA4B,QACnC,OAAO,mBAAmB;AAE5B,UAAM,SAA2B;AAAA,MAC/B;AAAA,QACE,IAAI,GAAG,UAAU;AAAA,QACjB,MAAM;AAAA,QACN,SAAS,SAAS,GAAG,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,QACE,IAAI,YAAY;AAAA,QAChB,MAAM;AAAA,QACN,SAAS,GAAG,SAAS;AAAA,MACvB;AAAA,MACA;AAAA,QACE,IAAI,YAAY,KAAK;AAAA,QACrB,MAAM;AAAA,QACN,SACE,YAAY,IACR,GAAG,SAAS,UACZ,gBACE,mEACA;AAAA,MACV;AAAA,MACA;AAAA,QACE,IAAI,CAAC,CAAC,SAAS;AAAA,QACf,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,IAAI,OAAO,cAAc,QAAQ,YAAY;AAAA,QAC7C,MAAM;AAAA,QACN,SAAS,OAAO,YACZ,mBACA,YAAY,IACV,GAAG,SAAS,wDACZ;AAAA,MACR;AAAA,IACF;AAQA,QAAI,cAAc,SAAS,SAAS,GAAG;AACrC,YAAM,eAAoE,CAAC;AAC3E,iBAAW,OAAO,UAAU;AAC1B,YAAI;AACF,gBAAM,QAAS,MAAM,OAAO;AAAA,YAC1B,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,IAAI,EAAE,CAAC;AAAA,YAClF,EAAE,QAAQ,OAAO;AAAA,UACnB;AACA,uBAAa,KAAK,EAAE,IAAI,IAAI,IAAI,QAAQ,MAAM,CAAC;AAAA,QACjD,SAAS,KAAK;AACZ,uBAAa,KAAK;AAAA,YAChB,IAAI,IAAI;AAAA,YACR,QAAQ,EAAE,IAAI,OAAO,oBAAoB,MAAM;AAAA,YAC/C,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,UACxD,CAAC;AAAA,QACH;AAAA,MACF;AACA,YAAM,QAAQ,aAAa,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE;AACnD,YAAM,UAAU,aACb,IAAI,CAAC,MAAM;AACV,cAAM,OAAO,EAAE,OAAO,aAAa,KAAK,EAAE,OAAO,UAAU,MAAM;AACjE,eAAO,GAAG,EAAE,EAAE,IAAI,EAAE,OAAO,KAAK,OAAO,MAAM,GAAG,IAAI;AAAA,MACtD,CAAC,EACA,KAAK,IAAI;AACZ,YAAM,eAAe,aAAa,KAAK,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE;AAC1D,YAAM,UAAU,eACZ,GAAG,OAAO,oBAAoB,aAAa,OAAO,gBAAgB,aAAa,SAAS,WAAW,KACnG;AACJ,aAAO,KAAK;AAAA,QACV,IAAI;AAAA,QACJ,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAAA,IACH,WAAW,SAAS,SAAS,GAAG;AAC9B,aAAO,KAAK;AAAA,QACV,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,SAAS;AAAA,MACX,CAAC;AAAA,IACH;AAEA,UAAM,UAAU,OAAO,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,UAAU;AACtD,WAAO,EAAE,SAAS,OAAO;AAAA,EAC3B;AACF,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AACF;;;AC5RA,SAAS,KAAAC,UAAS;AAIX,IAAM,0BAA0B,WAAW;AAAA,EAChD,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GACL,OAAO,EACP,IAAI,CAAC,EACL,SAAS,4CAA4C;AAAA,IACxD,SAASA,GACN,OAAO,EACP,IAAI,CAAC,EACL;AAAA,MACC;AAAA,IACF;AAAA,IACF,YAAYA,GACT,OAAO,EACP,IAAI,CAAC,EACL;AAAA,MACC;AAAA,IACF;AAAA,IACF,WAAWA,GACR,MAAMA,GAAE,OAAO,CAAC,EAChB,QAAQ,CAAC,CAAC,EACV;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,KAAK,GAAG,EAAE,OAAO,MACvD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,IAC3F,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,2BAA2B,WAAW;AAAA,EACjD,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,EAC7F;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,SAASA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,UAAU,mBAAmB,OAAO,CAAC;AAAA,EACtF;AACJ,CAAC;AAEM,IAAM,mBAAmB,WAAW;AAAA,EACzC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,UAAUA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC1B,WAAWA,GAAE,MAAMA,GAAE,OAAO,CAAC;AAAA,EAC/B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,UAAU,UAAU,GAAG,EAAE,OAAO,MACnE,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC,WAAW,mBAAmB,QAAQ,CAAC;AAAA,IAClI,EAAE,QAAQ,SAAS,MAAM,EAAE,UAAU,EAAE;AAAA,EACzC;AACJ,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,UAAUA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC5B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,SAAS,GAAG,EAAE,OAAO,MACxD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC,WAAW,mBAAmB,QAAQ,CAAC;AAAA,IAClI,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,UAAUA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC5B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,SAAS,GAAG,EAAE,OAAO,MACxD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC,WAAW,mBAAmB,QAAQ,CAAC;AAAA,IAClI,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAM,cAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,UAAUA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC5B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,SAAS,GAAG,EAAE,OAAO,MACxD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC,WAAW,mBAAmB,QAAQ,CAAC;AAAA,IAClI,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC3IA,SAAS,KAAAC,UAAS;AAIlB,IAAM,WAAWC,GACd,OAAO,EACP,IAAI,CAAC,EACL,SAAS,EACT;AAAA,EACC;AACF;AAMF,IAAM,wBAAwBA,GAC3B,OAAO;AAAA,EACN,qBAAqBA,GAAE,QAAQ,EAAE,SAAS;AAAA,EAC1C,kBAAkBA,GACf,QAAQ,EACR,SAAS,EACT;AAAA,IACC;AAAA,EACF;AAAA,EACF,gBAAgBA,GAAE,QAAQ,EAAE,SAAS;AAAA,EACrC,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,EACzC,cAAcA,GACX,KAAK,CAAC,eAAe,YAAY,OAAO,CAAC,EACzC,SAAS,EACT;AAAA,IACC;AAAA,EACF;AACJ,CAAC,EACA,SAAS,EACT;AAAA,EACC;AACF;AAEK,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ;AAAA,EACV;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,SAAS;AAAA,IACrE,OAAO,EAAE,OAAO;AAAA,EAClB,CAAC;AACL,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ;AAAA,IACR,MAAMA,GACH,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC,EAC9C,SAAS,8DAA8D;AAAA,IAC1E,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,oCAAoC;AAAA,IACrE,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,wCAAwC;AAAA,IACpD,WAAWA,GACR,OAAO,EACP,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,IACF,kBAAkB;AAAA,EACpB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,KAAK,GAAG,EAAE,OAAO,MACvD,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,SAAS;AAAA,IACrE,QAAQ;AAAA,IACR;AAAA,IACA,OAAO,EAAE,OAAO;AAAA,EAClB,CAAC;AACL,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ;AAAA,IACR,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,OAAO,GAAG,EAAE,OAAO,MACtD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,UAAU,OAAO,EAAE,OAAO,EAAE;AAAA,EACxC;AACJ,CAAC;AAEM,IAAM,SAAS,WAAW;AAAA,EAC/B,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ;AAAA,IACR,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,OAAO,GAAG,EAAE,OAAO,MACtD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,OAAO,EAAE,OAAO,EAAE;AAAA,EACtB;AACJ,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ;AAAA,IACR,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IACjC,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,IACtC,eAAeA,GACZ,OAAO,EACP,IAAI,CAAC,EACL,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,IACF,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACrC,QAAQA,GACL,OAAO,EACP,IAAI,EACJ,SAAS,EACT,SAAS,gCAAgC;AAAA,IAC5C,WAAWA,GACR,OAAO,EACP,SAAS,EACT,SAAS,yDAAyD;AAAA,IACrE,kBAAkB;AAAA,EACpB;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,QAAQ,GAAG,MAAM,GAAG,EAAE,OAAO,MAChE,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,SAAS,MAAM,OAAO,OAAO,EAAE,OAAO,EAAE;AAAA,EACpD;AACJ,CAAC;AAEM,IAAM,WAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQ;AAAA,IACR,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,OAAO,GAAG,EAAE,OAAO,MACtD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,SAAS,mBAAmB,MAAM,CAAC;AAAA,IAClF,EAAE,QAAQ,QAAQ,OAAO,EAAE,OAAO,EAAE;AAAA,EACtC;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,UAAU,QAAQ,WAAW,QAAQ,WAAW,QAAQ;;;ACtK9E,SAAS,KAAAC,UAAS;AAIlB,IAAMC,YAAWC,GACd,OAAO,EACP,IAAI,CAAC,EACL,SAAS,EACT;AAAA,EACC;AACF;AAEF,IAAM,iBAAiB,CAAC,OAAO,OAAO,aAAa,SAAS;AAC5D,IAAM,gBAAgB,CAAC,cAAc;AAE9B,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQD;AAAA,EACV;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,OAAO,EAAE;AAAA,EACtB;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQD;AAAA,IACR,yBAAyBC,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9C,gBAAgBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACrC,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IACzC,WAAWA,GACR,QAAQ,EACR,SAAS,EACT,SAAS,qCAAqC;AAAA,IACjD,sBAAsBA,GACnB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,IACF,sBAAsBA,GACnB,QAAQ,EACR,SAAS,EACT,SAAS,oCAAoC;AAAA,IAChD,gBAAgBA,GACb,MAAMA,GAAE,KAAK,cAAc,CAAC,EAC5B,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,IACF,eAAeA,GACZ,MAAMA,GAAE,KAAK,aAAa,CAAC,EAC3B,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,IACF,qBAAqBA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC1C,0BAA0BA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC/C,wBAAwBA,GACrB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,KAAK,GAAG,EAAE,OAAO,MACvD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,SAAS,MAAM,OAAO,EAAE,OAAO,EAAE;AAAA,EAC7C;AACJ,CAAC;AAEM,IAAMC,SAAQ,CAAC,gBAAgB,iBAAiB;;;AClFvD,SAAS,KAAAC,UAAS;AAIlB,IAAM,eAAeC,GAAE,OAAO,EAAE,IAAI,CAAC;AACrC,IAAMC,YAAWD,GACd,OAAO,EACP,IAAI,CAAC,EACL;AAAA,EACC;AACF;AACF,IAAM,YAAYA,GACf,OAAO,EACP,IAAI,CAAC,EACL,IAAI,GAAG,EACP,MAAM,mEAAmE,EACzE;AAAA,EACC;AACF;AAEK,IAAM,0BAA0B,WAAW;AAAA,EAChD,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW;AAAA,IACX,QAAQC;AAAA,EACV;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,EAC7F;AACJ,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW;AAAA,IACX,QAAQA;AAAA,IACR,QAAQ;AAAA,EACV;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,OAAO,GAAG,EAAE,OAAO,MACtD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,IAC3F,EAAE,QAAQ,QAAQ,MAAM,EAAE,OAAO,EAAE;AAAA,EACrC;AACJ,CAAC;AAEM,IAAM,yCAAyC,WAAW;AAAA,EAC/D,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW;AAAA,IACX,QAAQA;AAAA,IACR,QAAQ;AAAA,IACR,QAAQD,GACL,KAAK,CAAC,OAAO,MAAM,CAAC,EACpB,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,QAAQ,OAAO,GAAG,EAAE,OAAO,MAC9D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC,YAAY,mBAAmB,MAAM,CAAC;AAAA,IACjI,EAAE,QAAQ,QAAQ,MAAM,EAAE,OAAO,EAAE;AAAA,EACrC;AACJ,CAAC;AAEM,IAAM,2BAA2B,WAAW;AAAA,EACjD,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW;AAAA,IACX,QAAQC;AAAA,IACR,QAAQ;AAAA,EACV;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,OAAO,GAAG,EAAE,OAAO,MACtD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC,YAAY,mBAAmB,MAAM,CAAC;AAAA,IACjI,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAM,2BAA2B,WAAW;AAAA,EACjD,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAW;AAAA,IACX,QAAQA;AAAA,IACR,QAAQ;AAAA,EACV;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,OAAO,GAAG,EAAE,OAAO,MACtD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC,YAAY,mBAAmB,MAAM,CAAC;AAAA,IACjI,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,SAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACpHA,SAAS,KAAAC,WAAS;AAIX,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,yBAAyB;AAAA,IACnE,MAAMA,IACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,2BAA2B,EACjC;AAAA,MACC;AAAA,IACF;AAAA,IACF,gBAAgBA,IACb,QAAQ,EACR,QAAQ,KAAK,EACb;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,EAC7F;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACxB,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IAC1C,gBAAgBA,IAAE,QAAQ,EAAE,SAAS;AAAA,IACrC,mBAAmBA,IAChB,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,KAAK,GAAG,EAAE,OAAO,MACvD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,IAC3F,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAM,oCAAoC,WAAW;AAAA,EAC1D,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,IAC3F,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAM,yBAAyB,WAAW;AAAA,EAC/C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,IAC3F,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAM,yBAAyB,WAAW;AAAA,EAC/C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,IAC3F,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,kBAAkB,mBAAmB,MAAM,CAAC;AAAA,IAC3F,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,6BAA6B,WAAW;AAAA,EACnD,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,OAAO;AAAA,EACnB;AACJ,CAAC;AAEM,IAAMC,UAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACrKA,SAAS,KAAAC,WAAS;AAIlB,IAAMC,YAAWC,IACd,OAAO,EACP,IAAI,CAAC,EACL,SAAS,EACT;AAAA,EACC;AACF;AAEK,IAAM,sBAAsB,WAAW;AAAA,EAC5C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQD;AAAA,EACV;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,OAAO,GAAG,EAAE,OAAO,MAC9C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,OAAO,EAAE;AAAA,EACtB;AACJ,CAAC;AAEM,IAAM,uBAAuB,WAAW;AAAA,EAC7C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWC,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQD;AAAA,IACR,WAAWC,IACR,OAAO,EACP,MAAM,gCAAgC,EACtC;AAAA,MACC;AAAA,IACF;AAAA,IACF,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,8BAA8B;AAAA,IACxE,aAAaA,IAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,KAAK,GAAG,EAAE,OAAO,MACvD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,MAAM,OAAO,EAAE,OAAO,EAAE;AAAA,EAC5C;AACJ,CAAC;AAEM,IAAM,uBAAuB,WAAW;AAAA,EAC7C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,QAAQD;AAAA,IACR,oBAAoBC,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtC;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,mBAAmB,GAAG,EAAE,OAAO,MAClE,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,qBAAqB,mBAAmB,kBAAkB,CAAC;AAAA,IAC1G,EAAE,QAAQ,UAAU,OAAO,EAAE,OAAO,EAAE;AAAA,EACxC;AACJ,CAAC;AAEM,IAAMC,UAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AACF;;;AC5EA,SAAS,KAAAC,WAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,GAAG;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,MAAM,GAAG,EAAE,OAAO,MAC7C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,OAAO,EAAE,MAAM,EAAE;AAAA,EACrB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,OAAOA,IACJ,OAAO,EACP,MAAM,8BAA8B,uBAAuB;AAAA,IAC9D,YAAYA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC5B,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,oBAAoBA,IACjB,OAAO,EACP,OAAO,CAAC,EACR,QAAQ,IAAI,EACZ,SAAS,0BAA0B;AAAA,EACxC;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,SAASA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,QAAQ,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,UAAU,mBAAmB,OAAO,CAAC;AAAA,IACpF,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,UAAQ,CAAC,WAAW,YAAY,UAAU;;;ACjDvD,SAAS,KAAAC,WAAS;AAIlB,IAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,YAAYC,IAAE,KAAK,YAAY;AAE9B,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,KAAKA,IACF,OAAO,EACP,IAAI,EACJ;AAAA,MACC;AAAA,IACF;AAAA,IACF,aAAaA,IACV,OAAO,EACP,IAAI,GAAG,EACP,SAAS,EACT,SAAS,+DAA+D;AAAA,IAC3E,gBAAgBA,IACb,MAAM,SAAS,EACf,QAAQ,CAAC,CAAC,EACV;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,GAAG,KAAK,GAAG,EAAE,OAAO,MAC/C,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,IAC/C,EAAE,QAAQ,QAAQ,KAAK;AAAA,EACzB;AACJ,CAAC;AAEM,IAAM,uBAAuB,WAAW;AAAA,EAC7C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC7B;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC;AAAA,EACjD;AACJ,CAAC;AAEM,IAAM,qBAAqB,WAAW;AAAA,EAC3C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,aAAaA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC/B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,YAAY,GAAG,EAAE,OAAO,MACnD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,sBAAsB,mBAAmB,WAAW,CAAC;AAAA,EACtG;AACJ,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,aAAaA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC7B,KAAKA,IAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,IAC/B,aAAaA,IAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IAC1C,gBAAgBA,IAAE,MAAM,SAAS,EAAE,SAAS;AAAA,IAC5C,SAASA,IACN,QAAQ,EACR,SAAS,EACT;AAAA,MACC;AAAA,IACF;AAAA,EACJ;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,aAAa,GAAG,KAAK,GAAG,EAAE,OAAO,MAC5D,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,sBAAsB,mBAAmB,WAAW,CAAC;AAAA,IACpG,EAAE,QAAQ,SAAS,KAAK;AAAA,EAC1B;AACJ,CAAC;AAEM,IAAM,wBAAwB,WAAW;AAAA,EAC9C,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,aAAaA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC/B;AAAA,EACA,SAAS,OAAO,EAAE,WAAW,YAAY,GAAG,EAAE,OAAO,MACnD,OAAO;AAAA,IACL,kBAAkB,mBAAmB,SAAS,CAAC,sBAAsB,mBAAmB,WAAW,CAAC;AAAA,IACpG,EAAE,QAAQ,SAAS;AAAA,EACrB;AACJ,CAAC;AAEM,IAAMC,UAAQ;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACxIA,SAAS,KAAAC,WAAS;AAIX,IAAM,iBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAC/B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AACtD,CAAC;AAEM,IAAM,eAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,WAAWC,IACR,OAAO,EACP,IAAI,CAAC,EACL,SAAS,wBAAwB;AAAA,EACtC;AAAA,EACA,SAAS,OAAO,EAAE,UAAU,GAAG,EAAE,OAAO,MACtC,OAAO,QAAQ,kBAAkB,mBAAmB,SAAS,CAAC,EAAE;AACpE,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aACE;AAAA,EACF,YAAY;AAAA,IACV,MAAMA,IACH,OAAO,EACP,IAAI,CAAC,EACL,IAAI,EAAE,EACN,MAAM,gBAAgB,yCAAyC,EAC/D,SAAS,4DAAuD;AAAA,IACnE,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACzC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAC9B,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AACpE,CAAC;AAEM,IAAMC,UAAQ,CAAC,gBAAgB,cAAc,eAAe;;;ACxCnE,SAAS,KAAAC,WAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,eAAeA,IAAE,MAAMA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,sEAAsE;AAAA,IACzI,2BAA2BA,IAAE,MAAMA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,SAAS,4CAA4C,EAAE,SAAS;AAAA,IACtI,UAAUA,IAAE,KAAK,CAAC,OAAO,OAAO,QAAQ,CAAC,EAAE,SAAS,uQAAuQ,EAAE,SAAS;AAAA,IACtU,UAAUA,IAAE,QAAQ,EAAE,SAAS,0HAA0H,EAAE,QAAQ,KAAK;AAAA,EAC1K;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,IAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAMC,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACAC;AACF;;;AClDA,SAAS,KAAAC,WAAS;AAIX,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,qBAAqB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACvI;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,YAAY,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,mBAAmB,EAAE,QAAQ,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,yBAAyB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAC5I;AACF,CAAC;AAEM,IAAM,wBAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC3DA,SAAS,KAAAC,WAAS;AAIX,IAAM,aAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,kBAAkB,EAAE,QAAQ,SAAS,CAAC;AAAA,EACxH;AACF,CAAC;AAEM,IAAMC,eAAc,WAAW;AAAA,EACpC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,MAAM,CAAC;AAAA,EAChH;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,eAAeA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,kBAAkBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC/F,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,YAAYA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACzF,oBAAoBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACjG,uBAAuBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IACpG,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,iBAAiBA,IAAE,OAAO,EAAE,MAAM,sCAAsC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9F,wBAAwBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACxD,mBAAmBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,aAAa,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EAChI;AACF,CAAC;AAEM,IAAM,yBAAyB;AAAA,EACpC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACtDA,SAAS,KAAAC,WAAS;AAIX,IAAM,YAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,KAAK,CAAC,UAAU,UAAU,aAAa,MAAM,CAAC;AAAA,IACtD,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IAC/B,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC3B,eAAeA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IAC/B,QAAQA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9D,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC1C,QAAQA,IAAE,MAAMA,IAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAMC,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,QAAQA,IAAE,OAAO;AAAA,EACnB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,OAAO,IAAI;AACjC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,mBAAmB,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACrJ;AACF,CAAC;AAEM,IAAME,YAAW,WAAW;AAAA,EACjC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACAC;AAAA,EACAC;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAAA,EACpH;AACF,CAAC;AAEM,IAAMC,qBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,yBAAyBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACzD,gBAAgBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,oBAAoBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,WAAWA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IAC3C,sBAAsBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACtD,gBAAgBA,IAAE,MAAMA,IAAE,KAAK,CAAC,OAAO,OAAO,aAAa,SAAS,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5F,eAAeA,IAAE,MAAMA,IAAE,KAAK,CAAC,cAAc,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IACrE,qBAAqBA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,IACrD,0BAA0BA,IAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACpI;AACF,CAAC;AAEM,IAAM,4BAA4B;AAAA,EACvCD;AAAA,EACAE;AACF;;;ACxCA,SAAS,KAAAC,WAAS;AAIX,IAAM,UAAU,WAAW;AAAA,EAChC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC5G;AACF,CAAC;AAEM,IAAM,0BAA0B,WAAW;AAAA,EAChD,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC/G;AACF,CAAC;AAEM,IAAM,gBAAgB,WAAW;AAAA,EACtC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC;AAAA,IACtB,MAAMA,IAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK;AAAA,IACvC,KAAKA,IAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAC7B,gBAAgBA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,0CAA0C;AAAA,IACrF,aAAaA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACtC,MAAMA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,qBAAqB;AAAA,IACtD,UAAUA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,+BAA+B;AAAA,IACpE,kBAAkBA,IAAE,OAAO,EAAE,SAAS,2BAA2B,EAAE,QAAQ,EAAE;AAAA,EAC/E;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,SAAS,EAAE,QAAQ,OAAO,MAAM,OAAO,CAAC;AAAA,EAC1H;AACF,CAAC;AAEM,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AACF;;;ACpDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcC,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,SAASA,IAAE,OAAO;AAAA,EACpB;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,QAAQ,IAAI;AAClC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,mBAAmB,OAAO,OAAO,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EACvJ;AACF,CAAC;AAEM,IAAMC,cAAa,WAAW;AAAA,EACnC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,OAAOA,IAAE,OAAO,EAAE,IAAI,GAAG,EAAE,MAAM,4BAA4B;AAAA,IAC7D,YAAYA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACrC,WAAWA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACpC,WAAWA,IAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,iBAAiB,EAAE,QAAQ,QAAQ,MAAM,OAAO,CAAC;AAAA,EACnI;AACF,CAAC;AAEM,IAAME,aAAY,WAAW;AAAA,EAClC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,UAAU,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC7G;AACF,CAAC;AAEM,IAAM,sBAAsB;AAAA,EACjCD;AAAA,EACAE;AAAA,EACAC;AACF;;;ACjDA,SAAS,KAAAC,WAAS;AAIX,IAAMC,mBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,MAAMC,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,MAAM,2BAA2B,EAAE,SAAS,mEAAmE;AAAA,IAC/I,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,IACvC,MAAMA,IAAE,KAAK,CAAC,QAAQ,OAAO,YAAY,CAAC,EAAE,SAAS;AAAA,EACvD;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,QAAQ,MAAM,MAAM,CAAC;AAAA,EACzE;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC1G;AACF,CAAC;AAEM,IAAMC,gBAAe,WAAW;AAAA,EACrC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcD,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvG;AACF,CAAC;AAEM,IAAME,kBAAiB,WAAW;AAAA,EACvC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY,CAAC;AAAA,EACb,SAAS,OAAO,QAAQ,EAAE,OAAO,MAAM;AACrC,WAAO,OAAO,QAAQ,kBAAkB,EAAE,QAAQ,MAAM,CAAC;AAAA,EAC3D;AACF,CAAC;AAEM,IAAM,oBAAoB,WAAW;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcF,IAAE,OAAO,EAAE,KAAK;AAAA,EAChC;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,aAAa,IAAI;AACzB,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,uBAAuB,EAAE,QAAQ,OAAO,CAAC;AAAA,EAC3H;AACF,CAAC;AAEM,IAAM,kBAAkB,WAAW;AAAA,EACxC,MAAM;AAAA,EACN,aAAa;AAAA,EACb,YAAY;AAAA,IACV,cAAcA,IAAE,OAAO,EAAE,KAAK;AAAA,IAC9B,cAAcA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EAC/D;AAAA,EACA,SAAS,OAAO,OAAO,EAAE,OAAO,MAAM;AACpC,UAAM,EAAE,cAAc,GAAG,OAAO,IAAI;AACpC,WAAO,OAAO,QAAQ,kBAAkB,mBAAmB,OAAO,YAAY,CAAC,CAAC,IAAI,EAAE,QAAQ,SAAS,MAAM,OAAO,CAAC;AAAA,EACvH;AACF,CAAC;AAEM,IAAM,2BAA2B;AAAA,EACtCD;AAAA,EACA;AAAA,EACAE;AAAA,EACAC;AAAA,EACA;AAAA,EACA;AACF;;;ACzEO,IAAM,iBAAiB;AAAA,EAC5B,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;;;A7BoBA,SAAS,gBAAAC,qBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,WAAAC,UAAS,eAAe;AAEjC,IAAM,cAAc;AAEpB,SAAS,cAAsB;AAC7B,MAAI;AACF,UAAM,OAAOA,SAAQ,cAAc,YAAY,GAAG,CAAC;AACnD,UAAM,MAAM,KAAK;AAAA,MACfD,cAAa,QAAQ,MAAM,MAAM,cAAc,GAAG,MAAM;AAAA,IAC1D;AACA,WAAO,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,EACzD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAYA,IAAM,oBAAsD;AAAA;AAAA,EAE1D,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,qBAAqB;AAAA,EACrB,kBAAkB;AAAA,EAClB,gBAAgB;AAAA,EAChB,mBAAmB;AACrB;AASO,SAAS,iBAAiC;AAC/C,QAAM,wBAAwB;AAAA,IAC5B,GAAGE;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAG;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA,IACH,GAAGA;AAAA;AAAA,EAEL;AAEA,QAAM,mBAAmB,IAAI,IAAI,sBAAsB,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AACzE,QAAM,oBAAoB,eAAe,OAAO,CAAC,MAAM;AACrD,QAAI,iBAAiB,IAAI,EAAE,IAAI,EAAG,QAAO;AACzC,UAAM,QAAQ,kBAAkB,EAAE,IAAI;AACtC,QAAI,SAAS,iBAAiB,IAAI,KAAK,EAAG,QAAO;AACjD,WAAO;AAAA,EACT,CAAC;AAED,SAAO,CAAC,GAAG,uBAAuB,GAAG,iBAAiB;AACxD;AAUA,eAAsB,YACpB,KACA,KACsF;AACtF,MAAI,IAAI,SAAU,QAAO,EAAE,OAAO,IAAI,UAAU,MAAM,SAAS;AAE/D,QAAM,SAAS,UAAU,IAAI,OAAO;AACpC,MAAI,OAAQ,QAAO,EAAE,OAAO,OAAO,aAAa,MAAM,SAAS;AAE/D,MAAI,CAAC,QAAQ,OAAO,SAAS,CAAC,QAAQ,IAAI,2BAA2B;AACnE,QAAI;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,WAAW,EAAE,SAAS,IAAI,SAAS,IAAI,CAAC;AAAA,EACzD,SAAS,KAAK;AACZ,QAAI,MAAM,4BAA4B;AAAA,MACpC,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IACxD,CAAC;AACD,eAAW;AACX,WAAO,EAAE,OAAO,MAAM,MAAM,OAAO;AAAA,EACrC;AAEA,QAAM,YACJ,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,aAAa;AACvD,YAAU;AAAA,IACR,SAAS,IAAI;AAAA,IACb,aAAa,OAAO;AAAA,IACpB,cAAc,OAAO;AAAA,IACrB;AAAA,EACF,CAAC;AACD,SAAO,EAAE,OAAO,OAAO,aAAa,MAAM,aAAa;AACzD;AAEA,eAAsB,OAAsB;AAE1C,MAAI,QAAQ,KAAK,CAAC,MAAM,UAAU;AAChC,eAAW;AACX,YAAQ,OAAO,MAAM,iDAAiD;AACtE;AAAA,EACF;AAEA,QAAM,MAAM,WAAW;AACvB,QAAM,MAAM,WAAW,GAAG;AAC1B,QAAM,OAAO,MAAM,YAAY,KAAK,GAAG;AACvC,QAAM,SAAS,IAAI,cAAc,KAAK,KAAK,KAAK,KAAK;AAErD,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,MAAM;AAAA,IACN,SAAS,YAAY;AAAA,EACvB,CAAC;AAED,QAAM,WAAW,eAAe;AAEhC,cAAY,QAAQ,EAAE,QAAQ,IAAI,GAAG,QAAQ;AAE7C,MAAI,KAAK,wBAAwB;AAAA,IAC/B,SAAS,IAAI;AAAA,IACb,OAAO,SAAS;AAAA,IAChB,UAAU,KAAK;AAAA,EACjB,CAAC;AAED,QAAM,YAAY,IAAI,qBAAqB;AAC3C,QAAM,OAAO,QAAQ,SAAS;AAChC;AAOA,IAAI,CAAC,QAAQ,IAAI,QAAQ;AACvB,OAAK,EAAE,MAAM,CAAC,QAAQ;AACpB,YAAQ,OAAO,MAAM,UAAU,eAAe,QAAQ,IAAI,QAAQ,GAAG;AAAA,CAAI;AACzE,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH;","names":["sleep","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","tools","z","orgIdArg","z","tools","z","z","orgIdArg","tools","z","z","tools","z","orgIdArg","z","tools","z","z","tools","z","z","tools","z","z","tools","z","z","listApps","z","z","z","z","getBranding","updateBranding","z","z","deleteIdp","listIdps","z","getLoginPolicy","z","updateLoginPolicy","z","z","z","deleteUser","z","inviteUser","listUsers","z","createWorkspace","z","getWorkspace","listWorkspaces","readFileSync","dirname","tools"]}