@pymthouse/builder-sdk 0.4.1-rc.3 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/README.md +10 -10
  2. package/dist/env.cjs +4 -13
  3. package/dist/env.cjs.map +1 -1
  4. package/dist/env.js +4 -13
  5. package/dist/env.js.map +1 -1
  6. package/dist/index.cjs +4 -13
  7. package/dist/index.cjs.map +1 -1
  8. package/dist/index.js +4 -13
  9. package/dist/index.js.map +1 -1
  10. package/dist/signer/server.cjs +2 -8
  11. package/dist/signer/server.cjs.map +1 -1
  12. package/dist/signer/server.js +2 -8
  13. package/dist/signer/server.js.map +1 -1
  14. package/dist/signer/webhook.cjs +0 -104
  15. package/dist/signer/webhook.cjs.map +1 -1
  16. package/dist/signer/webhook.d.cts +3 -14
  17. package/dist/signer/webhook.d.ts +3 -14
  18. package/dist/signer/webhook.js +1 -103
  19. package/dist/signer/webhook.js.map +1 -1
  20. package/package.json +2 -8
  21. package/dist/signer/webhook/adapters/oauth1.cjs +0 -18
  22. package/dist/signer/webhook/adapters/oauth1.cjs.map +0 -1
  23. package/dist/signer/webhook/adapters/oauth1.d.cts +0 -19
  24. package/dist/signer/webhook/adapters/oauth1.d.ts +0 -19
  25. package/dist/signer/webhook/adapters/oauth1.js +0 -16
  26. package/dist/signer/webhook/adapters/oauth1.js.map +0 -1
package/dist/signer/server.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/errors.ts","../../src/signer/handler-errors.ts","../../src/signer/forward.ts","../../src/signer/token-manager.ts","../../src/string-utils.ts","../../src/discovery.ts","../../src/encoding.ts","../../src/signer/fetch-json.ts","../../src/signer/json-fields.ts","../../src/signer/mint-token.ts","../../src/signer/device-exchange.ts","../../src/signer/api-key-exchange.ts","../../src/signer/proxy.ts","../../src/signer/server.ts"],"names":["EXCHANGE_RESPONSE_ERROR","cacheKey"],"mappings":";;;AAAO,IAAM,aAAA,GAAN,cAA4B,KAAA,CAAM;AAAA,EAC9B,MAAA;AAAA,EACA,IAAA;AAAA,EACA,OAAA;AAAA,EAET,YACE,OAAA,EACA;AAAA,IACE,MAAA,GAAS,GAAA;AAAA,IACT,IAAA,GAAO,iBAAA;AAAA,IACP;AAAA,GACF,GAII,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF,CAAA;;;ACrBA,SAAS,gBAAgB,KAAA,EAAwC;AAC/D,EAAA,IAAI,iBAAiB,aAAA,EAAe;AAClC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OACE,KAAA,YAAiB,SACjB,OAAQ,KAAA,CAAwB,WAAW,QAAA,IAC3C,OAAQ,MAAwB,IAAA,KAAS,QAAA;AAE7C;AAEO,SAAS,2BAA2B,KAAA,EAA0B;AACnE,EAAA,IAAI,eAAA,CAAgB,KAAK,CAAA,EAAG;AAC1B,IAAA,OAAO,IAAI,QAAA;AAAA,MACT,KAAK,SAAA,CAAU;AAAA,QACb,OAAO,KAAA,CAAM,IAAA;AAAA,QACb,mBAAmB,KAAA,CAAM,OAAA;AAAA,QACzB,SAAS,KAAA,CAAM;AAAA,OAChB,CAAA;AAAA,MACD;AAAA,QACE,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,KACF;AAAA,EACF;AACA,EAAA,MAAM,OAAA,GAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,gBAAA;AACzD,EAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO,gBAAA,EAAkB,iBAAA,EAAmB,OAAA,EAAS,CAAA,EAAG;AAAA,IAC3F,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;;;AC7BA,SAAS,uBAAuB,UAAA,EAA4B;AAC1D,EAAA,MAAM,UAAA,GAAa,WAAW,UAAA,CAAW,GAAA,EAAK,GAAG,CAAA,CAAE,UAAA,CAAW,KAAK,GAAG,CAAA;AACtE,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,WAAW,MAAA,GAAS,CAAC,CAAA,GAAI,CAAA,EAAG,GAAG,CAAA;AAC1E,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,OAAO,OAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA,CAAE,SAAS,MAAM,CAAA;AAAA,EACtD;AACA,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;AAEO,SAAS,iBAAiB,GAAA,EAAsC;AACrE,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,IAAA,EAAK,CAAE,MAAM,GAAG,CAAA;AAClC,EAAA,IAAI,KAAA,CAAM,SAAS,CAAA,EAAG;AACpB,IAAA,MAAM,IAAI,cAAc,mBAAA,EAAqB;AAAA,MAC3C,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,sBAAA,CAAuB,KAAA,CAAM,CAAC,CAAC,CAAA;AACnD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AACtC,IAAA,IAAI,CAAC,OAAA,IAAW,OAAO,OAAA,KAAY,QAAA,EAAU;AAC3C,MAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,IACzC;AACA,IAAA,OAAO,OAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,cAAc,8BAAA,EAAgC;AAAA,MACtD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACF;AAEA,SAAS,SAAA,CAAU,YAAqC,IAAA,EAAwB;AAC9E,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,MAAM,KAAA,GAAQ,QAAQ,GAAG,CAAA;AACzB,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF;AACA,EAAA,OAAO,EAAA;AACT;AAEO,SAAS,uBAAuB,OAAA,EAAqD;AAC1F,EAAA,MAAM,MAAA,GAAS,SAAA,CAAU,OAAA,EAAS,KAAK,CAAA;AACvC,EAAA,MAAM,QAAA,GAAW,SAAA,CAAU,OAAA,EAAS,WAAW,CAAA;AAC/C,EAAA,MAAM,YAAA,GAAe,SAAA,CAAU,OAAA,EAAS,kBAAA,EAAoB,iBAAiB,KAAK,CAAA;AAClF,EAAA,MAAM,gBAAA,GACJ,SAAA,CAAU,OAAA,EAAS,uBAAA,EAAyB,oBAAoB,CAAA,IAAK,kBAAA;AAEvE,EAAA,IAAI,CAAC,MAAA,IAAU,CAAC,QAAA,IAAY,CAAC,YAAA,EAAc;AACzC,IAAA,MAAM,IAAI,cAAc,4CAAA,EAA8C;AAAA,MACpE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,aAAA;AAAA,MACN,OAAA,EAAS,EAAE,MAAA,EAAQ,QAAA,EAAU,YAAA;AAAa,KAC3C,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,QAAA;AAAA,IACA,YAAA;AAAA,IACA;AAAA,GACF;AACF;AAEO,SAAS,wBAAwB,QAAA,EAAqD;AAC3F,EAAA,OAAO;AAAA,IACL,2BAA2B,QAAA,CAAS,MAAA;AAAA,IACpC,wBAAwB,QAAA,CAAS,QAAA;AAAA,IACjC,4BAA4B,QAAA,CAAS,YAAA;AAAA,IACrC,iCAAiC,QAAA,CAAS;AAAA,GAC5C;AACF;AAEA,SAAS,gBAAA,CACP,OAAA,EACA,eAAA,EACA,eAAA,EACA,oBAAoB,wBAAA,EACf;AACL,EAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,eAAe,CAAA;AAC1C,EAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AACpC,EAAA,IAAI,aAAa,QAAA,CAAS,QAAA;AAE1B,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,MAAM,MAAA,GAAS,gBAAgB,QAAA,CAAS,GAAG,IACvC,eAAA,CAAgB,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAC3B,eAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA,IAAK,iBAAA;AAAA,IAClD;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,CAAW,UAAA,CAAW,GAAG,CAAA,EAAG;AAC/B,IAAA,UAAA,GAAa,IAAI,UAAU,CAAA,CAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,EAAA,MAAA,CAAO,WAAW,UAAA,IAAc,iBAAA;AAChC,EAAA,MAAA,CAAO,SAAS,QAAA,CAAS,MAAA;AACzB,EAAA,OAAO,MAAA;AACT;AAEA,eAAsB,2BACpB,OAAA,EACmB;AACnB,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,QAAA,GAAW,sBAAA,CAAuB,gBAAA,CAAiB,OAAA,CAAQ,GAAG,CAAC,CAAA;AACrE,EAAA,MAAM,MAAA,GAAS,gBAAA;AAAA,IACb,OAAA,CAAQ,OAAA;AAAA,IACR,OAAA,CAAQ,eAAA;AAAA,IACR,OAAA,CAAQ,eAAA;AAAA,IACR,OAAA,CAAQ;AAAA,GACV;AAEA,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,OAAA,CAAQ,QAAQ,OAAO,CAAA;AACnD,EAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,OAAA,CAAQ,GAAG,CAAA,CAAE,CAAA;AACpD,EAAA,KAAA,MAAW,CAAC,MAAM,KAAK,CAAA,IAAK,OAAO,OAAA,CAAQ,uBAAA,CAAwB,QAAQ,CAAC,CAAA,EAAG;AAC7E,IAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,KAAK,CAAA;AAAA,EACzB;AACA,EAAA,OAAA,CAAQ,OAAO,MAAM,CAAA;AACrB,EAAA,OAAA,CAAQ,OAAO,gBAAgB,CAAA;AAE/B,EAAA,MAAM,IAAA,GAA0C;AAAA,IAC9C,MAAA,EAAQ,QAAQ,OAAA,CAAQ,MAAA;AAAA,IACxB,OAAA;AAAA,IACA,IAAA,EAAM,QAAQ,OAAA,CAAQ,IAAA;AAAA,IACtB,KAAA,EAAO;AAAA,GACT;AACA,EAAA,IAAI,OAAA,CAAQ,QAAQ,IAAA,EAAM;AACxB,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AAEA,EAAA,OAAO,SAAA,CAAU,QAAQ,IAAI,CAAA;AAC/B;;;ACrIA,SAAS,QAAA,CAAS,UAAkB,cAAA,EAAgC;AAClE,EAAA,OAAO,CAAA,EAAG,QAAQ,CAAA,EAAA,EAAK,cAAc,CAAA,CAAA;AACvC;AAYO,SAAS,yBAAyB,OAAA,EAAwD;AAC/F,EAAA,MAAM,eAAA,GAAkB,QAAQ,eAAA,IAAmB,GAAA;AACnD,EAAA,MAAM,KAAA,uBAAY,GAAA,EAA+B;AACjD,EAAA,MAAM,QAAA,uBAAe,GAAA,EAAwC;AAE7D,EAAA,SAAS,QAAA,CAAS,KAAA,EAA0B,GAAA,EAAa,YAAA,EAAgC;AACvF,IAAA,IAAI,cAAc,OAAO,KAAA;AACzB,IAAA,IAAI,GAAA,IAAO,KAAA,CAAM,SAAA,EAAW,OAAO,KAAA;AACnC,IAAA,IAAI,GAAA,IAAO,KAAA,CAAM,SAAA,EAAW,OAAO,KAAA;AACnC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,eAAe,OAAA,CACb,gBACA,cAAA,EAC4B;AAC5B,IAAA,MAAM,GAAA,GAAM,QAAA,CAAS,cAAA,EAAgB,cAAc,CAAA;AACnD,IAAA,MAAM,QAAA,GAAW,QAAA,CAAS,GAAA,CAAI,GAAG,CAAA;AACjC,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,OAAO,QAAA;AAAA,IACT;AAEA,IAAA,MAAM,OAAA,GAAU,QACb,IAAA,CAAK,cAAA,EAAgB,cAAc,CAAA,CACnC,IAAA,CAAK,CAAC,KAAA,KAAU;AACf,MAAA,MAAM,QAAA,GAAW,sBAAA,CAAuB,gBAAA,CAAiB,KAAA,CAAM,GAAG,CAAC,CAAA;AACnE,MAAA,IAAI,QAAA,CAAS,aAAa,cAAA,EAAgB;AACxC,QAAA,MAAM,IAAI,cAAc,sDAAA,EAAwD;AAAA,UAC9E,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM,mBAAA;AAAA,UACN,SAAS,EAAE,QAAA,EAAU,cAAA,EAAgB,MAAA,EAAQ,SAAS,QAAA;AAAS,SAChE,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,UAAA,GAAgC;AAAA,QACpC,GAAG,KAAA;AAAA,QACH,SAAA,EACE,KAAA,CAAM,SAAA,IACN,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,KAAA,CAAA,CAAO,KAAA,CAAM,SAAA,GAAY,IAAA,CAAK,GAAA,MAAS,eAAe;AAAA,OAC5E;AACA,MAAA,KAAA,CAAM,GAAA,CAAI,KAAK,UAAU,CAAA;AACzB,MAAA,QAAA,CAAS,OAAO,GAAG,CAAA;AACnB,MAAA,OAAO,UAAA;AAAA,IACT,CAAC,CAAA,CACA,KAAA,CAAM,CAAC,KAAA,KAAmB;AACzB,MAAA,QAAA,CAAS,OAAO,GAAG,CAAA;AACnB,MAAA,MAAM,KAAA;AAAA,IACR,CAAC,CAAA;AAEH,IAAA,QAAA,CAAS,GAAA,CAAI,KAAK,OAAO,CAAA;AACzB,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,IAAA,CAAK,gBAAgB,cAAA,EAAgB;AACnC,MAAA,OAAO,KAAA,CAAM,GAAA,CAAI,QAAA,CAAS,cAAA,EAAgB,cAAc,CAAC,CAAA;AAAA,IAC3D,CAAA;AAAA,IAEA,UAAA,CAAW,gBAAgB,cAAA,EAAgB;AACzC,MAAA,MAAM,GAAA,GAAM,QAAA,CAAS,cAAA,EAAgB,cAAc,CAAA;AACnD,MAAA,KAAA,CAAM,OAAO,GAAG,CAAA;AAChB,MAAA,QAAA,CAAS,OAAO,GAAG,CAAA;AAAA,IACrB,CAAA;AAAA,IAEA,MAAM,QAAA,CAAS,cAAA,EAAgB,cAAA,EAAgB,UAAA,GAAa,EAAC,EAAG;AAC9D,MAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,MAAA,MAAM,GAAA,GAAM,QAAA,CAAS,cAAA,EAAgB,cAAc,CAAA;AACnD,MAAA,MAAM,MAAA,GAAS,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAC5B,MAAA,IAAI,UAAU,QAAA,CAAS,MAAA,EAAQ,KAAK,UAAA,CAAW,YAAA,KAAiB,IAAI,CAAA,EAAG;AACrE,QAAA,OAAO,MAAA;AAAA,MACT;AAEA,MAAA,OAAO,OAAA,CAAQ,gBAAgB,cAAc,CAAA;AAAA,IAC/C;AAAA,GACF;AACF;;;AC5FO,SAAS,qBAAqB,KAAA,EAAuB;AAC1D,EAAA,IAAI,MAAM,KAAA,CAAM,MAAA;AAChB,EAAA,OAAO,GAAA,GAAM,MAAM,KAAA,CAAM,WAAA,CAAY,MAAM,CAAC,CAAA,IAAK,OAAO,EAAA,EAAI;AAC1D,IAAA,GAAA,EAAA;AAAA,EACF;AACA,EAAA,OAAO,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAC3B;AAEA,SAAS,kBAAA,CAAmB,OAAe,MAAA,EAAyB;AAClE,EAAA,IAAI,MAAA,CAAO,MAAA,GAAS,KAAA,CAAM,MAAA,EAAQ;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAA;AACpC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,CAAA,GAAI,KAAA,CAAM,WAAA,CAAY,KAAA,GAAQ,CAAC,CAAA,IAAK,CAAA;AAC1C,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,WAAA,CAAY,CAAC,CAAA,IAAK,CAAA;AACnC,IAAA,IAAI,CAAA,KAAM,CAAA,IAAA,CAAM,CAAA,GAAI,EAAA,OAAS,IAAI,EAAA,CAAA,EAAK;AACpC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,qBAAA,CAAsB,OAAe,MAAA,EAAwB;AACpE,EAAA,OAAO,kBAAA,CAAmB,KAAA,EAAO,MAAM,CAAA,GACnC,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAM,CAAA,GAC3C,KAAA;AACN;AAUO,SAAS,6BAA6B,SAAA,EAA2B;AACtE,EAAA,IAAI,IAAA,GAAO,oBAAA,CAAqB,SAAA,CAAU,IAAA,EAAM,CAAA;AAChD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,cAAc,CAAA;AACjD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,OAAO,CAAA;AAC1C,EAAA,OAAO,qBAAqB,IAAI,CAAA;AAClC;ACbA,IAAM,YAAA,GAAe,IAAI,EAAA,GAAK,GAAA;AAO9B,IAAM,cAAA,uBAAqB,GAAA,EAAwB;AAEnD,SAAS,oBAAoB,SAAA,EAA2B;AACtD,EAAA,OAAO,qBAAqB,SAAS,CAAA;AACvC;AAUA,eAAsB,uBAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0C,EAAC,EACb;AAC9B,EAAA,MAAM,GAAA,GAAM,oBAAoB,SAAS,CAAA;AACzC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,GAAA,CAAI,GAAG,CAAA;AAErC,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAA,IAAS,UAAU,GAAA,GAAM,MAAA,CAAO,YAAY,YAAA,EAAc;AACrE,IAAA,OAAO,MAAA,CAAO,EAAA;AAAA,EAChB;AAEA,EAAA,MAAM,gBAAA,GAAmB,IAAI,GAAA,CAAI,GAAG,CAAA;AACpC,EAAA,MAAM,aAAA,GAAwD;AAAA,IAC5D,SAAA,EAAW,MAAA;AAAA,IACX,CAAC,WAAW,GAAG;AAAA,GACjB;AACA,EAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,IAAA,aAAA,CAAc,qBAAqB,CAAA,GAAI,IAAA;AAAA,EACzC;AAEA,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI;AACF,IAAA,QAAA,GAAW,MAAM,gBAAA,CAAiB,gBAAA,EAAkB,aAAa,CAAA;AAAA,EACnE,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,yBAAyB,CAAC,CAAA;AAAA,EAClC;AAEA,EAAA,IAAI,EAAA;AACJ,EAAA,IAAI;AACF,IAAA,EAAA,GAAK,MAAM,wBAAA,CAAyB,gBAAA,EAAkB,QAAQ,CAAA;AAAA,EAChE,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,uBAAuB,CAAC,CAAA;AAAA,EAChC;AAEA,EAAA,cAAA,CAAe,IAAI,GAAA,EAAK,EAAE,EAAA,EAAI,SAAA,EAAW,KAAK,CAAA;AAC9C,EAAA,OAAO,EAAA;AACT;AAmBA,SAAS,uBAAuB,KAAA,EAA+B;AAC7D,EAAA,IAAI,iBAAiB,aAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAI,aAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,MACtC,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA;AAAM,KAC/B,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAI,cAAc,uBAAA,EAAyB;AAAA,IAChD,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEA,SAAS,yBAAyB,KAAA,EAA+B;AAC/D,EAAA,IAAI,iBAAiB,aAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAI,aAAA,CAAc,CAAA,+BAAA,EAAkC,KAAA,CAAM,OAAO,CAAA,CAAA,EAAI;AAAA,MAC1E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAI,cAAc,+BAAA,EAAiC;AAAA,IACxD,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;;;ACvIO,SAAS,uBAAA,CAAwB,UAAkB,YAAA,EAA8B;AACtF,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,YAAY,CAAA,CAAA;AACvC,EAAA,MAAM,GAAA,GACJ,OAAO,MAAA,KAAW,WAAA,GACd,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,MAAM,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA,GAC1C,KAAK,KAAA,CAAM,IAAA,CAAK,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,GAAG,CAAA,EAAG,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAC5F,EAAA,OAAO,SAAS,GAAG,CAAA,CAAA;AACrB;;;ACTA,SAAS,uBAAA,CACP,MAAA,EACA,YAAA,EACA,MAAA,EACQ;AACR,EAAA,IAAI,OAAO,MAAA,CAAO,iBAAA,KAAsB,QAAA,EAAU;AAChD,IAAA,OAAO,MAAA,CAAO,iBAAA;AAAA,EAChB;AACA,EAAA,IAAI,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,EAAU;AACpC,IAAA,OAAO,MAAA,CAAO,KAAA;AAAA,EAChB;AACA,EAAA,OAAO,CAAA,EAAG,YAAY,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA;AACnC;AASA,eAAsB,0BAAA,CACpB,UACA,OAAA,EACkC;AAClC,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAI,IAAgC,EAAC;AAAA,EACnE,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,aAAA,CAAc,OAAA,CAAQ,kBAAA,EAAoB;AAAA,MAClD,MAAA,EAAQ,GAAA;AAAA,MACR,MAAM,OAAA,CAAQ,eAAA;AAAA,MACd,OAAA,EAAS,EAAE,MAAA,EAAQ,QAAA,CAAS,MAAA;AAAO,KACpC,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,cAAc,uBAAA,CAAwB,MAAA,EAAQ,OAAA,CAAQ,YAAA,EAAc,SAAS,MAAM,CAAA;AACzF,IAAA,MAAM,IAAI,cAAc,WAAA,EAAa;AAAA,MACnC,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,MAAM,OAAO,MAAA,CAAO,UAAU,QAAA,GAAW,MAAA,CAAO,QAAQ,OAAA,CAAQ,gBAAA;AAAA,MAChE,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,MAAA;AACT;;;AC/CO,SAAS,eAAA,CACd,IAAA,EACA,GAAA,EACA,SAAA,EACA,gBAAgB,UAAA,EACR;AACR,EAAA,MAAM,KAAA,GAAQ,KAAK,GAAG,CAAA;AACtB,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,CAAC,KAAA,CAAM,MAAK,EAAG;AAC9C,IAAA,MAAM,IAAI,aAAA,CAAc,CAAA,EAAG,aAAa,CAAA,SAAA,EAAY,GAAG,CAAA,CAAA,EAAI;AAAA,MACzD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,MAAM,IAAA,EAAK;AACpB;AAEO,SAAS,aAAA,CAAc,MAA+B,SAAA,EAA2B;AACtF,EAAA,MAAM,YAAY,IAAA,CAAK,UAAA;AACvB,EAAA,IAAI,OAAO,cAAc,QAAA,IAAY,CAAC,OAAO,QAAA,CAAS,SAAS,CAAA,IAAK,SAAA,IAAa,CAAA,EAAG;AAClF,IAAA,MAAM,IAAI,cAAc,6BAAA,EAA+B;AAAA,MACrD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,SAAS,CAAA;AAC7B;;;ACnBO,IAAM,0BAAA,GAA6B;AAGnC,IAAM,+BAAA,GAAkC;AAE/C,IAAM,yBAAA,GAA4B,GAAA;AAClC,IAAM,oBAAA,GAAuB,wBAAA;AAEtB,SAAS,kBAAkB,SAAA,EAA2B;AAC3D,EAAA,OAAO,qBAAqB,SAAS,CAAA;AACvC;AAEO,SAAS,gCAAA,CACd,IAAA,EACA,eAAA,GAAkB,yBAAA,EACC;AACnB,EAAA,MAAM,WAAA,GAAc,eAAA,CAAgB,IAAA,EAAM,cAAA,EAAgB,sBAAsB,gBAAgB,CAAA;AAChG,EAAA,MAAM,SAAA,GAAY,aAAA,CAAc,IAAA,EAAM,oBAAoB,CAAA;AAC1D,EAAA,MAAM,gBAAA,GAAmB,eAAA;AAAA,IACvB,IAAA;AAAA,IACA,kBAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,wBAAA,GAA2B,eAAA;AAAA,IAC/B,IAAA;AAAA,IACA,0BAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,SAAA,GAAY,MAAM,SAAA,GAAY,GAAA;AACpC,EAAA,MAAM,YAAY,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,SAAA,GAAY,MAAO,eAAe,CAAA;AAErE,EAAA,OAAO;AAAA,IACL,GAAA,EAAK,WAAA;AAAA,IACL,SAAA;AAAA,IACA,SAAA;AAAA,IACA,gBAAA;AAAA,IACA;AAAA,GACF;AACF;AAEA,eAAsB,oBACpB,OAAA,EAC4B;AAC5B,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAA;AACxD,EAAA,MAAM,EAAA,GAAK,MAAM,uBAAA,CAAwB,SAAA,EAAW,SAAA,EAAW;AAAA,IAC7D,mBAAmB,OAAA,CAAQ;AAAA,GAC5B,CAAA;AACD,EAAA,MAAM,gBAAgB,EAAA,CAAG,cAAA;AACzB,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,cAAc,mDAAA,EAAqD;AAAA,MAC3E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,QAAA,GAAW,kBAAkB,SAAS,CAAA;AAC5C,EAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,IAC/B,UAAA,EAAY,oBAAA;AAAA,IACZ,KAAA,EAAO,0BAAA;AAAA,IACP,kBAAkB,OAAA,CAAQ,cAAA;AAAA,IAC1B;AAAA,GACD,CAAA;AAED,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,aAAA,EAAe;AAAA,IAC9C,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,mCAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,KAAK,QAAA,EAAS;AAAA,IACpB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,sCAAA;AAAA,IACpB,eAAA,EAAiB,oBAAA;AAAA,IACjB,YAAA,EAAc,mBAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,OAAO,iCAAiC,MAAM,CAAA;AAChD;;;ACxEA,IAAM,oBAAA,GAAuB,iDAAA;AAC7B,IAAM,yBAAA,GAA4B,+CAAA;AAClC,IAAM,uBAAA,GAA0B,2BAAA;AAEzB,SAAS,yCACd,IAAA,EACQ;AACR,EAAA,MAAM,WAAW,IAAA,CAAK,KAAA;AACtB,EAAA,IAAI,QAAA,KAAa,QAAQ,OAAO,QAAA,KAAa,YAAY,CAAC,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACjF,IAAA,MAAM,MAAA,GAAS,QAAA;AACf,IAAA,KAAA,MAAW,GAAA,IAAO,CAAC,aAAA,EAAe,cAAc,CAAA,EAAY;AAC1D,MAAA,MAAM,KAAA,GAAQ,OAAO,GAAG,CAAA;AACxB,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,QAAA,OAAO,MAAM,IAAA,EAAK;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACA,EAAA,KAAA,MAAW,GAAA,IAAO,CAAC,aAAA,EAAe,cAAc,CAAA,EAAY;AAC1D,IAAA,MAAM,KAAA,GAAQ,KAAK,GAAG,CAAA;AACtB,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF;AACA,EAAA,MAAM,IAAI,cAAc,sDAAA,EAAwD;AAAA,IAC9E,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEO,SAAS,+BAAA,CACd,QACA,OAAA,EACwB;AACxB,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,IAAK,UAAA;AACrC,EAAA,MAAM,IAAA,GAA+B;AAAA,IACnC,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,UAAA,EAAY,QAAA;AAAA,IACZ,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,KAAA;AAAA,IACA,kBAAkB,MAAA,CAAO,gBAAA;AAAA,IACzB,0BAA0B,MAAA,CAAO,wBAAA;AAAA,IACjC,KAAA,EAAO;AAAA,MACL,aAAa,MAAA,CAAO,YAAA;AAAA,MACpB,cAAc,MAAA,CAAO,YAAA;AAAA,MACrB,WAAW,MAAA,CAAO,UAAA;AAAA,MAClB,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,KAAA;AAAA,MACA,kBAAkB,MAAA,CAAO,gBAAA;AAAA,MACzB,0BAA0B,MAAA,CAAO;AAAA;AACnC,GACF;AACA,EAAA,MAAM,SAAA,GAAY,OAAA,EAAS,SAAA,EAAW,IAAA,EAAK;AAC3C,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACA,EAAA,OAAO,IAAA;AACT;AAEA,eAAsB,+BACpB,OAAA,EACoC;AACpC,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI;AACF,IAAA,IAAA,GAAO,MAAM,QAAQ,IAAA,EAAK;AAAA,EAC5B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,cAAc,2BAAA,EAA6B;AAAA,MACnD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACpE,IAAA,MAAM,IAAI,cAAc,oCAAA,EAAsC;AAAA,MAC5D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,iBAAiB,MAAA,CAAO,WAAA;AAC9B,EAAA,IAAI,OAAO,cAAA,KAAmB,QAAA,IAAY,CAAC,cAAA,CAAe,MAAK,EAAG;AAChE,IAAA,MAAM,IAAI,cAAc,uCAAA,EAAyC;AAAA,MAC/D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,WAAA,GAAc,eAAe,IAAA,EAAK;AACxC,EAAA,MAAM,KAAA,GACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,MAAA;AACN,EAAA,MAAM,QAAA,GACJ,OAAO,MAAA,CAAO,QAAA,KAAa,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACxD,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACrB,MAAA;AACN,EAAA,OAAO,EAAE,WAAA,EAAa,KAAA,EAAO,QAAA,EAAS;AACxC;AAEA,eAAsB,+BACpB,OAAA,EACmC;AACnC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAA;AACxD,EAAA,MAAM,EAAA,GAAK,MAAM,uBAAA,CAAwB,SAAA,EAAW,SAAA,EAAW;AAAA,IAC7D,mBAAmB,OAAA,CAAQ;AAAA,GAC5B,CAAA;AACD,EAAA,MAAM,gBAAgB,EAAA,CAAG,cAAA;AACzB,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,cAAc,mDAAA,EAAqD;AAAA,MAC3E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,WAAW,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,IAAK,kBAAkB,SAAS,CAAA;AACxE,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,IACjC,UAAA,EAAY,oBAAA;AAAA,IACZ,eAAe,OAAA,CAAQ,WAAA;AAAA,IACvB,kBAAA,EAAoB,yBAAA;AAAA,IACpB,QAAA;AAAA,IACA,QAAA,EAAU;AAAA,GACX,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAA,CAAM,MAAM,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,aAAA,EAAe;AAAA,IAC9C,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,mCAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,OAAO,QAAA,EAAS;AAAA,IACtB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,sCAAA;AAAA,IACpB,eAAA,EAAiB,wBAAA;AAAA,IACjB,YAAA,EAAc,4BAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,iCAAiC,MAAM,CAAA;AACtD,EAAA,OAAO;AAAA,IACL,cAAc,MAAA,CAAO,GAAA;AAAA,IACrB,UAAA,EAAY,aAAA,CAAc,MAAA,EAAQ,uBAAuB,CAAA;AAAA,IACzD,KAAA,EAAO,eAAA,CAAgB,MAAA,EAAQ,OAAA,EAAS,uBAAuB,CAAA;AAAA,IAC/D,kBAAkB,MAAA,CAAO,gBAAA;AAAA,IACzB,0BAA0B,MAAA,CAAO;AAAA,GACnC;AACF;AAEA,eAAsB,6BACpB,OAAA,EACiC;AACjC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAC,CAAA,2BAAA,CAAA;AACtD,EAAA,MAAM,IAAA,GAA+B,EAAE,WAAA,EAAa,OAAA,CAAQ,WAAA,EAAY;AACxE,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,IAAA,EAAK;AAAA,EAClC;AACA,EAAA,IAAI,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,EAAG;AAC5B,IAAA,IAAA,CAAK,QAAA,GAAW,OAAA,CAAQ,QAAA,CAAS,IAAA,EAAK;AAAA,EACxC;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,uCAAA;AAAA,IACpB,eAAA,EAAiB,uBAAA;AAAA,IACjB,YAAA,EAAc,wBAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,WAAA,GAAc,yCAAyC,MAAM,CAAA;AACnE,EAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,IAAa,MAAA,CAAO,UAAA;AAChD,EAAA,MAAM,SAAA,GACJ,OAAO,YAAA,KAAiB,QAAA,IAAY,aAAa,IAAA,EAAK,GAAI,YAAA,CAAa,IAAA,EAAK,GAAI,MAAA;AAClF,EAAA,OAAO,+BAAA;AAAA,IACL;AAAA,MACE,YAAA,EAAc,WAAA;AAAA,MACd,UAAA,EAAY,aAAA,CAAc,MAAA,EAAQ,uBAAuB,CAAA;AAAA,MACzD,KAAA,EACE,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,UAAA;AAAA,MACN,kBACE,OAAO,MAAA,CAAO,gBAAA,KAAqB,QAAA,GAAW,OAAO,gBAAA,GAAmB,GAAA;AAAA,MAC1E,0BACE,OAAO,MAAA,CAAO,wBAAA,KAA6B,QAAA,GACvC,OAAO,wBAAA,GACP;AAAA,KACR;AAAA,IACA,EAAE,SAAA;AAAU,GACd;AACF;AAMA,SAAS,YACP,MAAA,EACgG;AAChG,EAAA,IAAI,MAAA,IAAU,MAAA,IAAU,OAAO,MAAA,CAAO,SAAS,UAAA,EAAY;AACzD,IAAA,OAAO,MAAA,CAAO,IAAA;AAAA,EAChB;AACA,EAAA,OAAO,CAAC,WAAA,EAAa,OAAA,KACnB,8BAAA,CAA+B;AAAA,IAC7B,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,iBAAiB,MAAA,CAAO,eAAA;AAAA,IACxB,WAAA;AAAA,IACA,OAAO,OAAA,CAAQ,KAAA;AAAA,IACf,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,OAAO,MAAA,CAAO,KAAA;AAAA,IACd,mBAAmB,MAAA,CAAO;AAAA,GAC3B,CAAA;AACL;AAEA,SAAS,2BACP,MAAA,EACkD;AAClD,EAAA,IAAI,WAAA,IAAe,UAAU,OAAO,MAAA,CAAO,cAAc,QAAA,IAAY,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,EAAG;AAC5F,IAAA,OAAO,MAAA,CAAO,UAAU,IAAA,EAAK;AAAA,EAC/B;AACA,EAAA,IAAI,cAAA,IAAkB,MAAA,IAAU,OAAO,MAAA,CAAO,iBAAiB,UAAA,EAAY;AACzE,IAAA,OAAO,OAAO,YAAA,EAAa;AAAA,EAC7B;AACA,EAAA,OAAO,MAAA;AACT;AAEO,SAAS,4BACd,MAAA,EACyC;AACzC,EAAA,MAAM,IAAA,GAAO,YAAY,MAAM,CAAA;AAE/B,EAAA,OAAO,eAAe,sBAAsB,OAAA,EAAqC;AAC/E,IAAA,IAAI;AACF,MAAA,IAAI,OAAA,CAAQ,WAAW,MAAA,EAAQ;AAC7B,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,oBAAA,EAAsB,CAAA,EAAG;AAAA,UACnE,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,8BAAA,CAA+B,OAAO,CAAA;AAC3D,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO,WAAA,EAAa;AAAA,QAC5C,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,UAAU,MAAA,CAAO;AAAA,OAClB,CAAA;AACD,MAAA,MAAM,cAAA,GAAiB,MAAM,0BAAA,CAA2B,MAAM,CAAA;AAC9D,MAAA,MAAM,IAAA,GAAO,gCAAgC,MAAA,EAAQ;AAAA,QACnD,SAAA,EAAW,OAAO,cAAA,KAAmB,QAAA,GAAW,cAAA,GAAiB,KAAA;AAAA,OAClE,CAAA;AACD,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,QACxC,MAAA,EAAQ,GAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,eAAA,EAAiB;AAAA;AACnB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,2BAA2B,KAAK,CAAA;AAAA,IACzC;AAAA,EACF,CAAA;AACF;;;ACvRA,IAAMA,wBAAAA,GAA0B,2BAAA;AAEhC,eAAsB,+BACpB,OAAA,EACoC;AACpC,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI;AACF,IAAA,IAAA,GAAO,MAAM,QAAQ,IAAA,EAAK;AAAA,EAC5B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,cAAc,2BAAA,EAA6B;AAAA,MACnD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACpE,IAAA,MAAM,IAAI,cAAc,oCAAA,EAAsC;AAAA,MAC5D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,YAAY,MAAA,CAAO,MAAA;AACzB,EAAA,IAAI,OAAO,SAAA,KAAc,QAAA,IAAY,CAAC,SAAA,CAAU,MAAK,EAAG;AACtD,IAAA,MAAM,IAAI,cAAc,kCAAA,EAAoC;AAAA,MAC1D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,KAAA,GACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,MAAA;AACN,EAAA,MAAM,QAAA,GACJ,OAAO,MAAA,CAAO,QAAA,KAAa,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACxD,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACrB,MAAA;AACN,EAAA,OAAO,EAAE,MAAA,EAAQ,SAAA,CAAU,IAAA,EAAK,EAAG,OAAO,QAAA,EAAS;AACrD;AAEA,eAAsB,8BAA8B,KAAA,EAMqB;AACvE,EAAA,MAAM,SAAA,GAAY,MAAM,KAAA,IAAS,KAAA;AACjC,EAAA,MAAM,YAAA,GAAe,4BAAA,CAA6B,KAAA,CAAM,SAAS,CAAA;AACjE,EAAA,MAAM,MAAM,CAAA,EAAG,YAAY,gBAAgB,kBAAA,CAAmB,KAAA,CAAM,cAAc,CAAC,CAAA,mBAAA,CAAA;AACnF,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,MAAM,CAAA,CAAA;AAAA,MACrC,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAA,CAAM,KAAA,GAAQ,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI,EAAE,CAAA;AAAA,IAC9D,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,8CAAA;AAAA,IACpB,eAAA,EAAiB,wBAAA;AAAA,IACjB,YAAA,EAAc,+BAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,cAAc,MAAA,CAAO,YAAA;AAC3B,EAAA,IAAI,OAAO,WAAA,KAAgB,QAAA,IAAY,CAAC,WAAA,CAAY,MAAK,EAAG;AAC1D,IAAA,MAAM,IAAI,cAAc,6CAAA,EAA+C;AAAA,MACrE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAMA;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,SAAA,GACJ,OAAO,MAAA,CAAO,UAAA,KAAe,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,GACtE,MAAA,CAAO,UAAA,GACP,GAAA;AACN,EAAA,MAAM,QACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,OAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,MAAM,IAAA,EAAK,GAClB,KAAA,CAAM,KAAA,EAAO,MAAK,IAAK,UAAA;AAE7B,EAAA,OAAO;AAAA,IACL,YAAA,EAAc,YAAY,IAAA,EAAK;AAAA,IAC/B,UAAA,EAAY,SAAA;AAAA,IACZ;AAAA,GACF;AACF;AAEA,eAAsB,4BAA4B,KAAA,EAUZ;AACpC,EAAA,MAAM,SAAA,GAAY,MAAM,6BAAA,CAA8B;AAAA,IACpD,WAAW,KAAA,CAAM,SAAA;AAAA,IACjB,gBAAgB,KAAA,CAAM,cAAA;AAAA,IACtB,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,OAAO,KAAA,CAAM;AAAA,GACd,CAAA;AAED,EAAA,OAAO,8BAAA,CAA+B;AAAA,IACpC,WAAW,KAAA,CAAM,SAAA;AAAA,IACjB,aAAa,KAAA,CAAM,WAAA;AAAA,IACnB,iBAAiB,KAAA,CAAM,eAAA;AAAA,IACvB,aAAa,SAAA,CAAU,YAAA;AAAA,IACvB,OAAO,SAAA,CAAU,KAAA;AAAA,IACjB,UAAU,KAAA,CAAM,QAAA;AAAA,IAChB,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,mBAAmB,KAAA,CAAM;AAAA,GAC1B,CAAA;AACH;AAEA,eAAsB,wBACpB,OAAA,EACiC;AACjC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAC,CAAA,4BAAA,CAAA;AACtD,EAAA,MAAM,IAAA,GAA+B,EAAE,MAAA,EAAQ,OAAA,CAAQ,MAAA,EAAO;AAC9D,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,IAAA,EAAK;AAAA,EAClC;AACA,EAAA,IAAI,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,EAAG;AAC5B,IAAA,IAAA,CAAK,QAAA,GAAW,OAAA,CAAQ,QAAA,CAAS,IAAA,EAAK;AAAA,EACxC;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,wCAAA;AAAA,IACpB,eAAA,EAAiBA,wBAAAA;AAAA,IACjB,YAAA,EAAc,yBAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,WAAA,GAAc,yCAAyC,MAAM,CAAA;AACnE,EAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,IAAa,MAAA,CAAO,UAAA;AAChD,EAAA,MAAM,SAAA,GACJ,OAAO,YAAA,KAAiB,QAAA,IAAY,aAAa,IAAA,EAAK,GAAI,YAAA,CAAa,IAAA,EAAK,GAAI,MAAA;AAElF,EAAA,OAAO,+BAAA;AAAA,IACL;AAAA,MACE,YAAA,EAAc,WAAA;AAAA,MACd,UAAA,EACE,OAAO,MAAA,CAAO,UAAA,KAAe,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,GACtE,MAAA,CAAO,UAAA,GACP,IAAA;AAAA,MACN,KAAA,EACE,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,UAAA;AAAA,MACN,kBACE,OAAO,MAAA,CAAO,gBAAA,KAAqB,QAAA,GAAW,OAAO,gBAAA,GAAmB,GAAA;AAAA,MAC1E,0BACE,OAAO,MAAA,CAAO,wBAAA,KAA6B,QAAA,GACvC,OAAO,wBAAA,GACP;AAAA,KACR;AAAA,IACA,EAAE,SAAA;AAAU,GACd;AACF;AAEO,SAAS,4BACd,MAAA,EACyC;AACzC,EAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,cAAA,CAAe,IAAA,EAAK;AAElD,EAAA,OAAO,eAAe,sBAAsB,OAAA,EAAqC;AAC/E,IAAA,IAAI;AACF,MAAA,IAAI,OAAA,CAAQ,WAAW,MAAA,EAAQ;AAC7B,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,oBAAA,EAAsB,CAAA,EAAG;AAAA,UACnE,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,8BAAA,CAA+B,OAAO,CAAA;AAC3D,MAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,QAAA,EAAU,IAAA,EAAK,IAAK,cAAA;AACrD,MAAA,IAAI,sBAAsB,cAAA,EAAgB;AACxC,QAAA,MAAM,IAAI,cAAc,kDAAA,EAAoD;AAAA,UAC1E,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA,SACP,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,2BAAA,CAA4B;AAAA,QAC/C,WAAW,MAAA,CAAO,SAAA;AAAA,QAClB,cAAA;AAAA,QACA,aAAa,MAAA,CAAO,WAAA;AAAA,QACpB,iBAAiB,MAAA,CAAO,eAAA;AAAA,QACxB,QAAQ,MAAA,CAAO,MAAA;AAAA,QACf,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,UAAU,MAAA,CAAO,QAAA;AAAA,QACjB,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAED,MAAA,MAAM,cAAA,GACJ,OAAO,MAAA,CAAO,SAAA,KAAc,QAAA,IAAY,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,GAC1D,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,GACtB,KAAA,CAAA;AAEN,MAAA,MAAM,OAAO,+BAAA,CAAgC,MAAA,EAAQ,EAAE,SAAA,EAAW,gBAAgB,CAAA;AAClF,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,QACxC,MAAA,EAAQ,GAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,eAAA,EAAiB;AAAA;AACnB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,2BAA2B,KAAK,CAAA;AAAA,IACzC;AAAA,EACF,CAAA;AACF;;;AChOA,IAAM,0BAAA,GAA6B,GAAA;AACnC,IAAM,qBAAA,GAAwB,MAAM,EAAA,GAAK,GAAA;AACzC,IAAM,qBAAA,GAAwB,2BAAA;AAO9B,IAAM,iBAAA,uBAAwB,GAAA,EAAgC;AAEvD,SAAS,uBAAuB,IAAA,EAAsB;AAC3D,EAAA,OAAO,qBAAqB,IAAI,CAAA;AAClC;AAEA,SAAS,aAAA,CAAc,SAAiB,IAAA,EAAsB;AAC5D,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG;AACxB,IAAA,OAAO,CAAA,EAAG,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA;AAAA,EAC1B;AACA,EAAA,OAAO,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAC3B;AAEA,SAAS,gBAAgB,GAAA,EAA6B;AACpD,EAAA,IAAI,GAAA,KAAQ,MAAA,IAAa,GAAA,KAAQ,IAAA,EAAM;AACrC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,IAAA,OAAO,GAAA,CAAI,MAAA,GAAS,CAAA,GAAI,GAAA,GAAM,IAAA;AAAA,EAChC;AACA,EAAA,IAAI,OAAO,QAAQ,QAAA,IAAY,OAAO,QAAQ,SAAA,IAAa,OAAO,QAAQ,QAAA,EAAU;AAClF,IAAA,OAAO,OAAO,GAAG,CAAA;AAAA,EACnB;AACA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,qBAAqB,KAAA,EAM1B;AACT,EAAA,IAAI,KAAA,CAAM,aAAA,EAAe,IAAA,EAAK,EAAG;AAC/B,IAAA,OAAO,sBAAA,CAAuB,MAAM,aAAa,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,oBAAA,GAAuB,IAAA;AAC7B,EAAA,MAAM,OAAA,GAAU,KAAA,CAAM,UAAA,IAAc,KAAA,CAAM,WAAA,IAAe,IAAA;AACzD,EAAA,MAAM,IAAA,GAAO,OAAA,KAAY,oBAAA,GAAuB,IAAA,GAAO,OAAA;AACvD,EAAA,MAAM,IAAA,GACJ,KAAA,CAAM,MAAA,EAAQ,IAAA,EAAK,IACnB,MAAM,SAAA,EAAW,IAAA,EAAK,IACtB,CAAA,iBAAA,EAAoB,IAAI,CAAA,CAAA;AAC1B,EAAA,OAAO,uBAAuB,IAAI,CAAA;AACpC;AAEA,eAAsB,uBAAA,CACpB,OAAA,EACA,IAAA,EACA,WAAA,EACiB;AACjB,EAAA,MAAMC,SAAAA,GAAW,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,OAAO,CAAA,CAAA;AACnC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,GAAA,CAAIA,SAAQ,CAAA;AAC7C,EAAA,IAAI,MAAA,IAAU,MAAA,CAAO,KAAA,GAAQ,GAAA,GAAM,IAAA,EAAQ;AACzC,IAAA,iBAAA,CAAkB,OAAOA,SAAQ,CAAA;AACjC,IAAA,iBAAA,CAAkB,GAAA,CAAIA,WAAU,MAAM,CAAA;AACtC,IAAA,OAAO,MAAA,CAAO,KAAA;AAAA,EAChB;AAEA,EAAA,MAAM,KAAA,GAAQ,MAAM,WAAA,CAAY,OAAA,EAAS,IAAI,CAAA;AAC7C,EAAA,iBAAA,CAAkB,IAAIA,SAAAA,EAAU,EAAE,OAAO,KAAA,EAAO,GAAA,GAAM,uBAAuB,CAAA;AAE7E,EAAA,IAAI,iBAAA,CAAkB,OAAO,0BAAA,EAA4B;AACvD,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,IAAA,EAAK,CAAE,MAAK,CAAE,KAAA;AAC/C,IAAA,IAAI,WAAW,MAAA,EAAW;AACxB,MAAA,iBAAA,CAAkB,OAAO,MAAM,CAAA;AAAA,IACjC;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,uBAAuB,QAAA,EAAsC;AACjF,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,EAAA,IAAI,CAAC,IAAA,CAAK,IAAA,EAAK,EAAG;AAChB,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,IAAI;AACF,IAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,EACxB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,iEAAA;AAAA,MACP,gBAAgB,QAAA,CAAS,MAAA;AAAA,MACzB,MAAA,EAAQ,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,GAAG;AAAA,KAC3B;AAAA,EACF;AACF;AAEO,SAAS,4BAAA,CACd,SACG,IAAA,EAG8B;AACjC,EAAA,MAAM,MAAA,GAAS,IAAA,CACZ,GAAA,CAAI,CAAC,GAAA,KAAQ;AACZ,IAAA,MAAM,KAAA,GAAQ,eAAA,CAAgB,IAAA,CAAK,GAAG,CAAC,CAAA;AACvC,IAAA,OAAO,KAAA,KAAU,IAAA,GAAO,IAAA,GAAO,EAAE,KAAK,KAAA,EAAM;AAAA,EAC9C,CAAC,CAAA,CACA,MAAA,CAAO,CAAC,KAAA,KAAmD,UAAU,IAAI,CAAA;AAC5E,EAAA,MAAM,KAAA,GAAQ,OAAO,CAAC,CAAA;AACtB,EAAA,MAAM,QAAA,GAAW,OAAO,IAAA,CAAK,CAAC,UAAU,KAAA,CAAM,KAAA,KAAU,OAAO,KAAK,CAAA;AACpE,EAAA,IAAI,SAAS,QAAA,EAAU;AACrB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,OAAA,EAAS,CAAA,YAAA,EAAe,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,gBAAA;AAAA,KACxC;AAAA,EACF;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,KAAA,EAAM;AACzC;AAEO,SAAS,4BAAA,CACd,SACG,IAAA,EAG8B;AACjC,EAAA,MAAM,QAAA,GAAW,CAAC,KAAA,KAAuC;AACvD,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,EAAG;AACvD,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACpD,MAAA,MAAM,MAAA,GAAS,OAAO,KAAK,CAAA;AAC3B,MAAA,OAAO,MAAA,CAAO,QAAA,CAAS,MAAM,CAAA,GAAI,MAAA,GAAS,MAAA;AAAA,IAC5C;AACA,IAAA,OAAO,MAAA;AAAA,EACT,CAAA;AACA,EAAA,MAAM,MAAA,GAAS,IAAA,CACZ,GAAA,CAAI,CAAC,GAAA,KAAQ;AACZ,IAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,IAAA,CAAK,GAAG,CAAC,CAAA;AAChC,IAAA,OAAO,KAAA,KAAU,MAAA,GAAY,IAAA,GAAO,EAAE,KAAK,KAAA,EAAM;AAAA,EACnD,CAAC,CAAA,CACA,MAAA,CAAO,CAAC,KAAA,KAAmD,UAAU,IAAI,CAAA;AAC5E,EAAA,MAAM,KAAA,GAAQ,OAAO,CAAC,CAAA;AACtB,EAAA,MAAM,QAAA,GAAW,OAAO,IAAA,CAAK,CAAC,UAAU,KAAA,CAAM,KAAA,KAAU,OAAO,KAAK,CAAA;AACpE,EAAA,IAAI,SAAS,QAAA,EAAU;AACrB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,OAAA,EAAS,CAAA,YAAA,EAAe,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,gBAAA;AAAA,KACxC;AAAA,EACF;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,KAAA,EAAM;AACzC;AAEA,SAAS,UAAA,CAAW,QAAiC,IAAA,EAAwB;AAC3E,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,MAAM,KAAA,GAAQ,IAAI,GAAG,CAAA;AACrB,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AACA,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,EAAG;AACvD,MAAA,OAAO,MAAA,CAAO,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA;AAAA,IACjC;AAAA,EACF;AACA,EAAA,OAAO,EAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAA2C;AAClF,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACpE,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,WAAW,MAAA,CAAO,KAAA;AACxB,EAAA,IAAI,QAAA,KAAa,QAAQ,OAAO,QAAA,KAAa,YAAY,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAChF,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,QAAA;AACd,EAAA,MAAM,cAAA,GAAiB,UAAA,CAAW,KAAA,EAAO,kBAAA,EAAoB,gBAAgB,CAAA;AAC7E,EAAA,MAAM,YAAA,GAAe,UAAA,CAAW,KAAA,EAAO,yBAAA,EAA2B,sBAAsB,CAAA;AACxF,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,KAAA,EAAO,YAAA,EAAc,WAAW,CAAA;AAC7D,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,YAAA,IAAgB,CAAC,SAAA,EAAW;AAClD,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI,oBAAA;AACJ,EAAA,IAAI;AACF,IAAA,oBAAA,GAAuB,OAAO,YAAY,CAAA;AAAA,EAC5C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,SAAA;AAAA,IACA,cAAA;AAAA,IACA,oBAAA;AAAA,IACA,WAAA,EAAa,UAAA,CAAW,KAAA,EAAO,eAAA,EAAiB,aAAa,CAAA,IAAK,MAAA;AAAA,IAClE,aAAA,EAAe,UAAA,CAAW,KAAA,EAAO,kBAAA,EAAoB,eAAe,CAAA,IAAK,MAAA;AAAA,IACzE,kBACE,UAAA,CAAW,KAAA,EAAO,oBAAA,EAAsB,iBAAA,EAAmB,qBAAqB,CAAA,IAChF,MAAA;AAAA,IACF,MAAA,EAAQ,UAAA,CAAW,KAAA,EAAO,QAAQ,CAAA,IAAK,MAAA;AAAA,IACvC,YAAA,EAAc,UAAA,CAAW,KAAA,EAAO,eAAA,EAAiB,cAAc,CAAA,IAAK,MAAA;AAAA,IACpE,QAAA,EAAU,UAAA,CAAW,KAAA,EAAO,UAAU,CAAA,IAAK,MAAA;AAAA,IAC3C,OAAA,EAAS,UAAA,CAAW,KAAA,EAAO,UAAA,EAAY,SAAS,CAAA,IAAK;AAAA,GACvD;AACF;AAEO,SAAS,6BAA6B,IAAA,EAAqB;AAChE,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,CAAC,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACrE,IAAA,OAAQ,IAAA,CAAiC,KAAA;AAAA,EAC3C;AACF;AAEA,eAAsB,gBACpB,OAAA,EACgC;AAChC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,OAAA,GAAU,sBAAA,CAAuB,OAAA,CAAQ,OAAO,CAAA;AACtD,EAAA,MAAM,GAAA,GAAM,aAAA,CAAc,OAAA,EAAS,OAAA,CAAQ,IAAI,CAAA;AAC/C,EAAA,MAAM,SAAA,GAAY,QAAQ,SAAA,IAAa,GAAA;AACvC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,UAAU,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,SAAS,CAAA;AAC9D,EAAA,MAAM,OAAA,GAAkC,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAE7E,EAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,aAAA,EAAe,IAAA,EAAK;AACjD,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAA,CAAQ,aAAA,GAAgB,YAAA;AAAA,EAC1B,CAAA,MAAO;AACL,IAAA,MAAM,SAAA,GAAY,QAAQ,UAAA,IAAc,IAAA;AACxC,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,MAAM,QAAQ,MAAM,uBAAA;AAAA,QAClB,OAAA,CAAQ,OAAA;AAAA,QACR,MAAA;AAAA,QACA,OAAA,CAAQ;AAAA,OACV;AACA,MAAA,OAAA,CAAQ,aAAA,GAAgB,UAAU,KAAK,CAAA,CAAA;AAAA,IACzC;AAAA,EACF;AACA,EAAA,IAAI,QAAQ,YAAA,EAAc;AACxB,IAAA,KAAA,MAAW,CAAC,MAAM,KAAK,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,EAAG;AAChE,MAAA,IAAI,KAAA,CAAM,MAAK,EAAG;AAChB,QAAA,OAAA,CAAQ,IAAI,CAAA,GAAI,KAAA,CAAM,IAAA,EAAK;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,MACpC,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAA;AAAA,MACA,IAAA,EAAM,QAAQ,IAAA,KAAS,KAAA,CAAA,GAAY,SAAY,IAAA,CAAK,SAAA,CAAU,QAAQ,IAAI,CAAA;AAAA,MAC1E,QAAQ,UAAA,CAAW;AAAA,KACpB,CAAA;AACD,IAAA,OAAO;AAAA,MACL,QAAA;AAAA,MACA,UAAA,EAAY,GAAA;AAAA,MACZ,qBAAqB,OAAA,CAAQ;AAAA,KAC/B;AAAA,EACF,CAAA,SAAE;AACA,IAAA,YAAA,CAAa,OAAO,CAAA;AAAA,EACtB;AACF;AAWA,SAAS,yBAAyB,OAAA,EAAiE;AACjG,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,QAAQ,KAAA,IAAS,KAAA;AAAA,IAC5B,SAAA,EAAW,sBAAA,CAAuB,OAAA,CAAQ,SAAS,CAAA;AAAA,IACnD,SAAA,EAAW,QAAQ,SAAA,IAAa,GAAA;AAAA,IAChC,YAAA,EAAc,QAAQ,YAAA,IAAgB,qBAAA;AAAA,IACtC,MAAA,EAAQ,QAAQ,UAAA,IAAc,IAAA;AAAA,IAC9B,aAAa,OAAA,CAAQ;AAAA,GACvB;AACF;AAEA,SAAS,gBAAgB,UAAA,EAA+D;AACtF,EAAA,OAAO,EAAE,SAAA,EAAW,IAAA,EAAM,UAAA,EAAW;AACvC;AAEA,eAAe,iBAAA,CACb,KACA,OAAA,EAC+C;AAC/C,EAAA,MAAM,WAAW,MAAM,GAAA,CAAI,UAAU,CAAA,EAAG,GAAA,CAAI,SAAS,CAAA,OAAA,CAAA,EAAW;AAAA,IAC9D,OAAA;AAAA,IACA,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,SAAS;AAAA,GAC1C,CAAA;AACD,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,OAAO,EAAE,IAAI,KAAA,EAAM;AAAA,EACrB;AACA,EAAA,MAAM,IAAA,GAAQ,MAAM,sBAAA,CAAuB,QAAQ,CAAA;AACnD,EAAA,MAAM,UAAA,GACH,OAAO,IAAA,CAAK,OAAA,KAAY,QAAA,IAAY,IAAA,CAAK,OAAA,IACzC,OAAO,IAAA,CAAK,OAAA,KAAY,QAAA,IAAY,IAAA,CAAK,OAAA,IAC1C,MAAA;AACF,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,UAAA,EAAW;AAChC;AAEA,eAAe,aACb,GAAA,EAC0D;AAC1D,EAAA,IAAI,CAAC,IAAI,MAAA,EAAQ;AACf,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI;AACF,IAAA,MAAM,QAAQ,MAAM,GAAA,CAAI,WAAA,CAAY,GAAA,CAAI,cAAc,MAAM,CAAA;AAC5D,IAAA,MAAM,EAAE,EAAA,EAAI,UAAA,EAAW,GAAI,MAAM,kBAAkB,GAAA,EAAK;AAAA,MACtD,aAAA,EAAe,UAAU,KAAK,CAAA;AAAA,KAC/B,CAAA;AACD,IAAA,OAAO,EAAA,GAAK,eAAA,CAAgB,UAAU,CAAA,GAAI,IAAA;AAAA,EAC5C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAEA,eAAe,eACb,GAAA,EAC0D;AAC1D,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,IAAI,UAAA,EAAW,GAAI,MAAM,iBAAA,CAAkB,GAAA,EAAK,EAAE,CAAA;AAC1D,IAAA,OAAO,EAAA,GAAK,eAAA,CAAgB,UAAU,CAAA,GAAI,IAAA;AAAA,EAC5C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAEA,eAAe,gBAAgB,GAAA,EAA2C;AACxE,EAAA,IAAI;AACF,IAAA,MAAM,QAAQ,MAAM,GAAA,CAAI,WAAA,CAAY,GAAA,CAAI,cAAc,MAAM,CAAA;AAC5D,IAAA,MAAM,WAAW,MAAM,GAAA,CAAI,UAAU,CAAA,EAAG,GAAA,CAAI,SAAS,CAAA,uBAAA,CAAA,EAA2B;AAAA,MAC9E,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA;AAAA,QAC9B,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,SAAS;AAAA,KAC1C,CAAA;AACD,IAAA,OAAO,QAAA,CAAS,EAAA;AAAA,EAClB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,eAAe,4BACb,GAAA,EACsD;AACtD,EAAA,MAAM,SAAA,GAAY,MAAM,YAAA,CAAa,GAAG,CAAA;AACxC,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,OAAO,SAAA;AAAA,EACT;AACA,EAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,MAAM,eAAA,CAAgB,GAAG,CAAA,EAAG;AAC9B,IAAA,OAAO,eAAA,EAAgB;AAAA,EACzB;AACA,EAAA,OAAO,EAAE,WAAW,KAAA,EAAM;AAC5B;AAEA,eAAsB,4BACpB,OAAA,EACsD;AACtD,EAAA,MAAM,GAAA,GAAM,yBAAyB,OAAO,CAAA;AAE5C,EAAA,IAAI;AACF,IAAA,MAAM,SAAS,MAAM,GAAA,CAAI,UAAU,CAAA,EAAG,GAAA,CAAI,SAAS,CAAA,QAAA,CAAA,EAAY;AAAA,MAC7D,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,SAAS;AAAA,KAC1C,CAAA;AACD,IAAA,IAAI,OAAO,EAAA,EAAI;AACb,MAAA,OAAO,4BAA4B,GAAG,CAAA;AAAA,IACxC;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,OAAO,4BAA4B,GAAG,CAAA;AACxC;;;AC9YA,SAAS,oBAAA,GAAiC;AACxC,EAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,cAAA,EAAgB,CAAA,EAAG;AAAA,IAC7D,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;AAEA,SAAS,WAAW,MAAA,EAAgD;AAClE,EAAA,IAAI,kBAAkB,QAAA,EAAU;AAC9B,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,QAAA,CAAS,MAAA,CAAO,IAAA,KAAS,MAAA,GAAY,OAAO,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,IAAI,CAAA,EAAG;AAAA,IAClF,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;AAWO,SAAS,+BACd,MAAA,EAC0B;AAC1B,EAAA,eAAe,sBACb,cAAA,EAC2D;AAC3D,IAAA,IAAI,OAAO,qBAAA,EAAuB;AAChC,MAAA,OAAO,MAAA,CAAO,sBAAsB,cAAc,CAAA;AAAA,IACpD;AACA,IAAA,OAAO;AAAA,MACL,aAAa,MAAA,CAAO,oBAAA;AAAA,MACpB,iBAAiB,MAAA,CAAO;AAAA,KAC1B;AAAA,EACF;AAEA,EAAA,MAAM,eAAe,wBAAA,CAAyB;AAAA;AAAA;AAAA;AAAA,IAI5C,IAAA,EAAM,OAAO,cAAA,EAAgB,cAAA,KAAmB;AAC9C,MAAA,MAAM,EAAE,WAAA,EAAa,eAAA,EAAgB,GAAI,MAAM,sBAAsB,cAAc,CAAA;AACnF,MAAA,OAAO,mBAAA,CAAoB;AAAA,QACzB,WAAW,MAAA,CAAO,kBAAA;AAAA,QAClB,WAAA;AAAA,QACA,eAAA;AAAA,QACA,cAAA;AAAA,QACA,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAAA,IACH;AAAA,GACD,CAAA;AAED,EAAA,eAAe,aAAA,CACb,KAAA,EACA,cAAA,EACA,OAAA,EAC0B;AAC1B,IAAA,IAAI,CAAC,OAAO,UAAA,EAAY;AACtB,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,UAAA,CAAW,EAAE,KAAA,EAAO,cAAA,EAAgB,SAAS,CAAA;AACzE,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAO,WAAW,MAAM,CAAA;AAAA,EAC1B;AAEA,EAAA,eAAe,WAAA,CAAY,OAA0B,OAAA,EAAqC;AACxF,IAAA,OAAO,0BAAA,CAA2B;AAAA,MAChC,OAAA;AAAA,MACA,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,KAAK,KAAA,CAAM,GAAA;AAAA,MACX,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,mBAAmB,MAAA,CAAO,iBAAA;AAAA,MAC1B,OAAO,MAAA,CAAO;AAAA,KACf,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,OAAA,GAAU,eAAe,wBAAA,CAAyB,OAAA,EAAqC;AAC3F,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,YAAA,CAAa,OAAO,CAAA;AACjD,MAAA,IAAI,WAAW,IAAA,EAAM;AACnB,QAAA,OAAO,oBAAA,EAAqB;AAAA,MAC9B;AAEA,MAAA,MAAM,kBAAkB,MAAM,MAAA,CAAO,qBAAA,CAAsB,OAAO,GAAG,IAAA,EAAK;AAC1E,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,MAAM,IAAI,cAAc,4CAAA,EAA8C;AAAA,UACpE,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA,SACP,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,qBAAA,GAAA,CACzB,MAAM,MAAA,CAAO,qBAAA,CAAsB,OAAO,CAAA,EAAG,IAAA,EAAK,GACnD,MAAA,CAAO,iBAAA,CAAkB,IAAA,EAAK;AAClC,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,MAAM,IAAI,cAAc,4CAAA,EAA8C;AAAA,UACpE,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA,SACP,CAAA;AAAA,MACH;AAEA,MAAA,IAAI,KAAA,GAAQ,MAAM,YAAA,CAAa,QAAA,CAAS,gBAAgB,cAAc,CAAA;AACtE,MAAA,MAAM,OAAA,GAAU,MAAM,aAAA,CAAc,KAAA,EAAO,gBAAgB,OAAO,CAAA;AAClE,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAO,OAAA;AAAA,MACT;AAEA,MAAA,IAAI,QAAA,GAAW,MAAM,WAAA,CAAY,KAAA,EAAO,OAAO,CAAA;AAC/C,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,QAAA,YAAA,CAAa,UAAA,CAAW,gBAAgB,cAAc,CAAA;AACtD,QAAA,KAAA,GAAQ,MAAM,YAAA,CAAa,QAAA,CAAS,cAAA,EAAgB,cAAA,EAAgB;AAAA,UAClE,YAAA,EAAc;AAAA,SACf,CAAA;AACD,QAAA,MAAM,YAAA,GAAe,MAAM,aAAA,CAAc,KAAA,EAAO,gBAAgB,OAAO,CAAA;AACvE,QAAA,IAAI,YAAA,EAAc;AAChB,UAAA,OAAO,YAAA;AAAA,QACT;AACA,QAAA,QAAA,GAAW,MAAM,WAAA,CAAY,KAAA,EAAO,OAAO,CAAA;AAAA,MAC7C;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,2BAA2B,KAAK,CAAA;AAAA,IACzC;AAAA,EACF,CAAA;AAEA,EAAA,OAAA,CAAQ,iBAAiB,CAAC,cAAA,EAAgB,mBACxC,YAAA,CAAa,IAAA,CAAK,gBAAgB,cAAc,CAAA;AAClD,EAAA,OAAA,CAAQ,kBAAkB,CAAC,cAAA,EAAgB,mBACzC,YAAA,CAAa,UAAA,CAAW,gBAAgB,cAAc,CAAA;AAExD,EAAA,OAAO,OAAA;AACT","file":"server.js","sourcesContent":["export class PmtHouseError extends Error {\n readonly status: number;\n readonly code: string;\n readonly details?: unknown;\n\n constructor(\n message: string,\n {\n status = 500,\n code = \"pymthouse_error\",\n details,\n }: {\n status?: number;\n code?: string;\n details?: unknown;\n } = {},\n ) {\n super(message);\n this.name = \"PmtHouseError\";\n this.status = status;\n this.code = code;\n this.details = details;\n }\n}\n\nexport function toPmtHouseError(\n error: unknown,\n fallbackMessage: string,\n): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n\n if (error instanceof Error) {\n return new PmtHouseError(error.message || fallbackMessage, {\n code: \"unexpected_error\",\n status: 500,\n });\n }\n\n return new PmtHouseError(fallbackMessage, {\n code: \"unexpected_error\",\n status: 500,\n });\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nfunction isPmtHouseError(error: unknown): error is PmtHouseError {\n if (error instanceof PmtHouseError) {\n return true;\n }\n return (\n error instanceof Error &&\n typeof (error as PmtHouseError).status === \"number\" &&\n typeof (error as PmtHouseError).code === \"string\"\n );\n}\n\nexport function signerHandlerErrorResponse(error: unknown): Response {\n if (isPmtHouseError(error)) {\n return new Response(\n JSON.stringify({\n error: error.code,\n error_description: error.message,\n details: error.details,\n }),\n {\n status: error.status,\n headers: { \"Content-Type\": \"application/json\" },\n },\n );\n }\n const message = error instanceof Error ? error.message : \"Internal error\";\n return new Response(JSON.stringify({ error: \"internal_error\", error_description: message }), {\n status: 500,\n headers: { \"Content-Type\": \"application/json\" },\n });\n}\n","import { PmtHouseError } from \"../errors.js\";\nimport type { ForwardDirectSignerRequestOptions, SignerJwtIdentity } from \"./types.js\";\n\nfunction base64UrlPayloadToUtf8(payloadB64: string): string {\n const normalized = payloadB64.replaceAll(\"-\", \"+\").replaceAll(\"_\", \"/\");\n const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, \"=\");\n if (typeof Buffer !== \"undefined\") {\n return Buffer.from(padded, \"base64\").toString(\"utf8\");\n }\n return atob(padded);\n}\n\nexport function decodeJwtPayload(jwt: string): Record<string, unknown> {\n const parts = jwt.trim().split(\".\");\n if (parts.length < 2) {\n throw new PmtHouseError(\"Invalid JWT shape\", {\n status: 500,\n code: \"invalid_jwt\",\n });\n }\n try {\n const payloadJson = base64UrlPayloadToUtf8(parts[1]);\n const payload = JSON.parse(payloadJson) as Record<string, unknown>;\n if (!payload || typeof payload !== \"object\") {\n throw new Error(\"payload not an object\");\n }\n return payload;\n } catch {\n throw new PmtHouseError(\"Failed to decode JWT payload\", {\n status: 500,\n code: \"invalid_jwt\",\n });\n }\n}\n\nfunction readClaim(payload: Record<string, unknown>, ...keys: string[]): string {\n for (const key of keys) {\n const value = payload[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n return \"\";\n}\n\nexport function identityFromJwtPayload(payload: Record<string, unknown>): SignerJwtIdentity {\n const issuer = readClaim(payload, \"iss\");\n const clientId = readClaim(payload, \"client_id\");\n const usageSubject = readClaim(payload, \"external_user_id\", \"usage_subject\", \"sub\");\n const usageSubjectType =\n readClaim(payload, \"external_user_id_type\", \"usage_subject_type\") || \"external_user_id\";\n\n if (!issuer || !clientId || !usageSubject) {\n throw new PmtHouseError(\"JWT payload missing signer identity claims\", {\n status: 500,\n code: \"invalid_jwt\",\n details: { issuer, clientId, usageSubject },\n });\n }\n\n return {\n issuer,\n clientId,\n usageSubject,\n usageSubjectType,\n };\n}\n\nexport function livepeerIdentityHeaders(identity: SignerJwtIdentity): Record<string, string> {\n return {\n \"X-Livepeer-Usage-Issuer\": identity.issuer,\n \"X-Livepeer-Client-ID\": identity.clientId,\n \"X-Livepeer-Usage-Subject\": identity.usageSubject,\n \"X-Livepeer-Usage-Subject-Type\": identity.usageSubjectType,\n };\n}\n\nfunction resolveRemoteUrl(\n request: Request,\n remoteSignerUrl: string | URL,\n proxyPathPrefix?: string,\n defaultRemotePath = \"/generate-live-payment\",\n): URL {\n const remoteBase = new URL(remoteSignerUrl);\n const incoming = new URL(request.url);\n let remotePath = incoming.pathname;\n\n if (proxyPathPrefix) {\n const prefix = proxyPathPrefix.endsWith(\"/\")\n ? proxyPathPrefix.slice(0, -1)\n : proxyPathPrefix;\n if (remotePath.startsWith(prefix)) {\n remotePath = remotePath.slice(prefix.length) || defaultRemotePath;\n }\n }\n\n if (!remotePath.startsWith(\"/\")) {\n remotePath = `/${remotePath}`;\n }\n\n const target = new URL(remoteBase);\n target.pathname = remotePath || defaultRemotePath;\n target.search = incoming.search;\n return target;\n}\n\nexport async function forwardDirectSignerRequest(\n options: ForwardDirectSignerRequestOptions,\n): Promise<Response> {\n const fetchImpl = options.fetch ?? fetch;\n const identity = identityFromJwtPayload(decodeJwtPayload(options.jwt));\n const target = resolveRemoteUrl(\n options.request,\n options.remoteSignerUrl,\n options.proxyPathPrefix,\n options.defaultRemotePath,\n );\n\n const headers = new Headers(options.request.headers);\n headers.set(\"Authorization\", `Bearer ${options.jwt}`);\n for (const [name, value] of Object.entries(livepeerIdentityHeaders(identity))) {\n headers.set(name, value);\n }\n headers.delete(\"host\");\n headers.delete(\"content-length\");\n\n const init: RequestInit & { duplex?: \"half\" } = {\n method: options.request.method,\n headers,\n body: options.request.body,\n cache: \"no-store\",\n };\n if (options.request.body) {\n init.duplex = \"half\";\n }\n\n return fetchImpl(target, init);\n}\n","import { PmtHouseError } from \"../errors.js\";\nimport { decodeJwtPayload, identityFromJwtPayload } from \"./forward.js\";\nimport type { CachedSignerToken, SignerTokenManagerOptions } from \"./types.js\";\n\nfunction cacheKey(clientId: string, externalUserId: string): string {\n return `${clientId}\\0${externalUserId}`;\n}\n\nexport interface SignerTokenManager {\n getToken(\n publicClientId: string,\n externalUserId: string,\n options?: { forceRefresh?: boolean },\n ): Promise<CachedSignerToken>;\n invalidate(publicClientId: string, externalUserId: string): void;\n peek(publicClientId: string, externalUserId: string): CachedSignerToken | undefined;\n}\n\nexport function createSignerTokenManager(options: SignerTokenManagerOptions): SignerTokenManager {\n const ttlRefreshRatio = options.ttlRefreshRatio ?? 0.8;\n const cache = new Map<string, CachedSignerToken>();\n const inflight = new Map<string, Promise<CachedSignerToken>>();\n\n function isUsable(entry: CachedSignerToken, now: number, forceRefresh: boolean): boolean {\n if (forceRefresh) return false;\n if (now >= entry.expiresAt) return false;\n if (now >= entry.refreshAt) return false;\n return true;\n }\n\n async function refresh(\n publicClientId: string,\n externalUserId: string,\n ): Promise<CachedSignerToken> {\n const key = cacheKey(publicClientId, externalUserId);\n const existing = inflight.get(key);\n if (existing) {\n return existing;\n }\n\n const promise = options\n .mint(publicClientId, externalUserId)\n .then((token) => {\n const identity = identityFromJwtPayload(decodeJwtPayload(token.jwt));\n if (identity.clientId !== publicClientId) {\n throw new PmtHouseError(\"minted JWT client_id does not match public client id\", {\n status: 500,\n code: \"invalid_client_id\",\n details: { expected: publicClientId, actual: identity.clientId },\n });\n }\n\n const normalized: CachedSignerToken = {\n ...token,\n refreshAt:\n token.refreshAt ||\n Date.now() + Math.floor((token.expiresAt - Date.now()) * ttlRefreshRatio),\n };\n cache.set(key, normalized);\n inflight.delete(key);\n return normalized;\n })\n .catch((error: unknown) => {\n inflight.delete(key);\n throw error;\n });\n\n inflight.set(key, promise);\n return promise;\n }\n\n return {\n peek(publicClientId, externalUserId) {\n return cache.get(cacheKey(publicClientId, externalUserId));\n },\n\n invalidate(publicClientId, externalUserId) {\n const key = cacheKey(publicClientId, externalUserId);\n cache.delete(key);\n inflight.delete(key);\n },\n\n async getToken(publicClientId, externalUserId, getOptions = {}) {\n const now = Date.now();\n const key = cacheKey(publicClientId, externalUserId);\n const cached = cache.get(key);\n if (cached && isUsable(cached, now, getOptions.forceRefresh === true)) {\n return cached;\n }\n\n return refresh(publicClientId, externalUserId);\n },\n };\n}\n","/** Removes trailing `/` without regex (linear time). */\nexport function stripTrailingSlashes(value: string): string {\n let end = value.length;\n while (end > 0 && (value.codePointAt(end - 1) ?? 0) === 47) {\n end--;\n }\n return value.slice(0, end);\n}\n\nfunction endsWithIgnoreCase(value: string, suffix: string): boolean {\n if (suffix.length > value.length) {\n return false;\n }\n const start = value.length - suffix.length;\n for (let i = 0; i < suffix.length; i++) {\n const a = value.codePointAt(start + i) ?? 0;\n const b = suffix.codePointAt(i) ?? 0;\n if (a !== b && (a | 32) !== (b | 32)) {\n return false;\n }\n }\n return true;\n}\n\nfunction stripSuffixIgnoreCase(value: string, suffix: string): string {\n return endsWithIgnoreCase(value, suffix)\n ? value.slice(0, value.length - suffix.length)\n : value;\n}\n\n/** Issuer URL (`…/oidc`) → Builder API base (`…/api/v1`). Linear-time; no regex. */\nexport function stripOidcPathSuffix(issuerUrl: string): string {\n let base = stripTrailingSlashes(issuerUrl.trim());\n base = stripSuffixIgnoreCase(base, \"/oidc\");\n return stripTrailingSlashes(base);\n}\n\n/** Issuer URL (`…/api/v1/oidc`) → host origin for signer/API-key routes. Linear-time; no regex. */\nexport function stripIssuerOriginFromOidcUrl(issuerUrl: string): string {\n let base = stripTrailingSlashes(issuerUrl.trim());\n base = stripSuffixIgnoreCase(base, \"/api/v1/oidc\");\n base = stripSuffixIgnoreCase(base, \"/oidc\");\n return stripTrailingSlashes(base);\n}\n\n/** Parse and validate an http(s) facade origin (no path). */\nexport function parseHttpOrigin(raw: string | undefined, fallback: string): string {\n const trimmed = (raw ?? fallback).trim();\n let parsed: URL;\n try {\n parsed = new URL(trimmed);\n } catch {\n throw new TypeError(\"Origin must be a valid http(s) URL\");\n }\n if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") {\n throw new TypeError(\"Origin must use http or https\");\n }\n return parsed.origin;\n}\n\n","import {\n allowInsecureRequests,\n customFetch,\n discoveryRequest,\n processDiscoveryResponse,\n type AuthorizationServer,\n} from \"oauth4webapi\";\nimport { PmtHouseError } from \"./errors.js\";\nimport { stripTrailingSlashes } from \"./string-utils.js\";\nimport type { FetchLike, OidcDiscoveryDocument } from \"./types.js\";\n\nexport function authorizationServerToOidcDocument(as: AuthorizationServer): OidcDiscoveryDocument {\n const tokenEndpoint = as.token_endpoint;\n const jwksUri = as.jwks_uri;\n if (!tokenEndpoint || !jwksUri) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint or jwks_uri\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n return {\n issuer: as.issuer,\n authorization_endpoint: as.authorization_endpoint ?? \"\",\n token_endpoint: tokenEndpoint,\n jwks_uri: jwksUri,\n userinfo_endpoint: as.userinfo_endpoint,\n device_authorization_endpoint: as.device_authorization_endpoint,\n };\n}\n\nconst CACHE_TTL_MS = 5 * 60 * 1000;\n\ntype CacheEntry = {\n as: AuthorizationServer;\n fetchedAt: number;\n};\n\nconst discoveryCache = new Map<string, CacheEntry>();\n\nfunction normalizedIssuerKey(issuerUrl: string): string {\n return stripTrailingSlashes(issuerUrl);\n}\n\nexport interface LoadAuthorizationServerOptions {\n force?: boolean;\n allowInsecureHttp?: boolean;\n}\n\n/**\n * Loads OIDC discovery metadata via oauth4webapi (RFC 8414 / OIDC Discovery), with a 5-minute cache.\n */\nexport async function loadAuthorizationServer(\n issuerUrl: string,\n fetchImpl: FetchLike,\n options: LoadAuthorizationServerOptions = {},\n): Promise<AuthorizationServer> {\n const key = normalizedIssuerKey(issuerUrl);\n const now = Date.now();\n const cached = discoveryCache.get(key);\n\n if (!options.force && cached && now - cached.fetchedAt < CACHE_TTL_MS) {\n return cached.as;\n }\n\n const issuerIdentifier = new URL(key);\n const discoveryOpts: Parameters<typeof discoveryRequest>[1] = {\n algorithm: \"oidc\",\n [customFetch]: fetchImpl,\n };\n if (options.allowInsecureHttp) {\n discoveryOpts[allowInsecureRequests] = true;\n }\n\n let response: Response;\n try {\n response = await discoveryRequest(issuerIdentifier, discoveryOpts);\n } catch (e) {\n throw mapDiscoveryNetworkError(e);\n }\n\n let as: AuthorizationServer;\n try {\n as = await processDiscoveryResponse(issuerIdentifier, response);\n } catch (e) {\n throw mapOAuthDiscoveryError(e);\n }\n\n discoveryCache.set(key, { as, fetchedAt: now });\n return as;\n}\n\nexport async function fetchDiscoveryDocument(\n issuerUrl: string,\n fetchImpl: FetchLike,\n options: LoadAuthorizationServerOptions = {},\n): Promise<OidcDiscoveryDocument> {\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, options);\n return authorizationServerToOidcDocument(as);\n}\n\nexport function clearDiscoveryCache(issuerUrl?: string): void {\n if (!issuerUrl) {\n discoveryCache.clear();\n return;\n }\n discoveryCache.delete(normalizedIssuerKey(issuerUrl));\n}\n\nfunction mapOAuthDiscoveryError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n if (error instanceof Error) {\n return new PmtHouseError(error.message, {\n status: 500,\n code: \"oidc_discovery_invalid\",\n details: { cause: error.cause },\n });\n }\n return new PmtHouseError(\"OIDC discovery failed\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n}\n\nfunction mapDiscoveryNetworkError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n if (error instanceof Error) {\n return new PmtHouseError(`Failed to load OIDC discovery: ${error.message}`, {\n status: 502,\n code: \"oidc_discovery_failed\",\n });\n }\n return new PmtHouseError(\"Failed to load OIDC discovery\", {\n status: 502,\n code: \"oidc_discovery_failed\",\n });\n}\n","/**\n * Base64url-safe Basic auth encoding for `client_id:client_secret` (UTF-8).\n * Works in Node, Edge, and Workers without assuming `Buffer`.\n */\nexport function encodeClientSecretBasic(clientId: string, clientSecret: string): string {\n const raw = `${clientId}:${clientSecret}`;\n const b64 =\n typeof Buffer !== \"undefined\"\n ? Buffer.from(raw, \"utf8\").toString(\"base64\")\n : btoa(Array.from(new TextEncoder().encode(raw), (c) => String.fromCharCode(c)).join(\"\"));\n return `Basic ${b64}`;\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nfunction oauthFailureDescription(\n parsed: Record<string, unknown>,\n failureLabel: string,\n status: number,\n): string {\n if (typeof parsed.error_description === \"string\") {\n return parsed.error_description;\n }\n if (typeof parsed.error === \"string\") {\n return parsed.error;\n }\n return `${failureLabel} (${status})`;\n}\n\nexport type ReadJsonObjectFromResponseOptions = {\n invalidJsonMessage: string;\n invalidJsonCode: string;\n failureLabel: string;\n defaultErrorCode: string;\n};\n\nexport async function readJsonObjectFromResponse(\n response: Response,\n options: ReadJsonObjectFromResponseOptions,\n): Promise<Record<string, unknown>> {\n const text = await response.text();\n let parsed: Record<string, unknown>;\n try {\n parsed = text ? (JSON.parse(text) as Record<string, unknown>) : {};\n } catch {\n throw new PmtHouseError(options.invalidJsonMessage, {\n status: 502,\n code: options.invalidJsonCode,\n details: { status: response.status },\n });\n }\n\n if (!response.ok) {\n const description = oauthFailureDescription(parsed, options.failureLabel, response.status);\n throw new PmtHouseError(description, {\n status: response.status,\n code: typeof parsed.error === \"string\" ? parsed.error : options.defaultErrorCode,\n details: parsed,\n });\n }\n\n return parsed;\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nexport function readStringField(\n body: Record<string, unknown>,\n key: string,\n errorCode: string,\n messagePrefix = \"Response\",\n): string {\n const value = body[key];\n if (typeof value !== \"string\" || !value.trim()) {\n throw new PmtHouseError(`${messagePrefix} missing ${key}`, {\n status: 502,\n code: errorCode,\n });\n }\n return value.trim();\n}\n\nexport function readExpiresIn(body: Record<string, unknown>, errorCode: string): number {\n const expiresIn = body.expires_in;\n if (typeof expiresIn !== \"number\" || !Number.isFinite(expiresIn) || expiresIn <= 0) {\n throw new PmtHouseError(\"Response missing expires_in\", {\n status: 502,\n code: errorCode,\n });\n }\n return Math.floor(expiresIn);\n}\n","import { stripTrailingSlashes } from \"../string-utils.js\";\nimport { loadAuthorizationServer } from \"../discovery.js\";\nimport { encodeClientSecretBasic } from \"../encoding.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { readExpiresIn, readStringField } from \"./json-fields.js\";\nimport type { CachedSignerToken, MintUserSignerTokenOptions, MintUserSignerTokenResponse } from \"./types.js\";\n\nexport const SIGN_MINT_USER_TOKEN_SCOPE = \"sign:mint_user_token\";\n\n/** @deprecated Signer JWT `aud` is the OIDC issuer URL; kept for legacy callers. */\nexport const LIVEPEER_REMOTE_SIGNER_AUDIENCE = \"livepeer-remote-signer\";\n\nconst DEFAULT_TTL_REFRESH_RATIO = 0.8;\nconst TOKEN_RESPONSE_ERROR = \"invalid_token_response\";\n\nexport function signerJwtAudience(issuerUrl: string): string {\n return stripTrailingSlashes(issuerUrl);\n}\n\nexport function parseMintUserSignerTokenResponse(\n body: Record<string, unknown>,\n ttlRefreshRatio = DEFAULT_TTL_REFRESH_RATIO,\n): CachedSignerToken {\n const accessToken = readStringField(body, \"access_token\", TOKEN_RESPONSE_ERROR, \"Token response\");\n const expiresIn = readExpiresIn(body, TOKEN_RESPONSE_ERROR);\n const balanceUsdMicros = readStringField(\n body,\n \"balanceUsdMicros\",\n TOKEN_RESPONSE_ERROR,\n \"Token response\",\n );\n const lifetimeGrantedUsdMicros = readStringField(\n body,\n \"lifetimeGrantedUsdMicros\",\n TOKEN_RESPONSE_ERROR,\n \"Token response\",\n );\n const now = Date.now();\n const expiresAt = now + expiresIn * 1000;\n const refreshAt = now + Math.floor(expiresIn * 1000 * ttlRefreshRatio);\n\n return {\n jwt: accessToken,\n expiresAt,\n refreshAt,\n balanceUsdMicros,\n lifetimeGrantedUsdMicros,\n };\n}\n\nexport async function mintUserSignerToken(\n options: MintUserSignerTokenOptions,\n): Promise<CachedSignerToken> {\n const fetchImpl = options.fetch ?? fetch;\n const issuerUrl = stripTrailingSlashes(options.issuerUrl);\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, {\n allowInsecureHttp: options.allowInsecureHttp,\n });\n const tokenEndpoint = as.token_endpoint;\n if (!tokenEndpoint) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n\n const audience = signerJwtAudience(issuerUrl);\n const body = new URLSearchParams({\n grant_type: \"client_credentials\",\n scope: SIGN_MINT_USER_TOKEN_SCOPE,\n external_user_id: options.externalUserId,\n audience,\n });\n\n const response = await fetchImpl(tokenEndpoint, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: body.toString(),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Token endpoint returned invalid JSON\",\n invalidJsonCode: TOKEN_RESPONSE_ERROR,\n failureLabel: \"Token mint failed\",\n defaultErrorCode: \"token_mint_failed\",\n });\n\n return parseMintUserSignerTokenResponse(parsed);\n}\n\nexport function toMintUserSignerTokenResponse(token: CachedSignerToken): MintUserSignerTokenResponse {\n const expiresIn = Math.max(1, Math.floor((token.expiresAt - Date.now()) / 1000));\n return {\n access_token: token.jwt,\n expires_in: expiresIn,\n balanceUsdMicros: token.balanceUsdMicros,\n lifetimeGrantedUsdMicros: token.lifetimeGrantedUsdMicros,\n };\n}\n","import { loadAuthorizationServer } from \"../discovery.js\";\nimport { encodeClientSecretBasic } from \"../encoding.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { stripTrailingSlashes } from \"../string-utils.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { readExpiresIn, readStringField } from \"./json-fields.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport {\n parseMintUserSignerTokenResponse,\n signerJwtAudience,\n} from \"./mint-token.js\";\nimport type {\n DeviceExchangeHandlerConfig,\n DeviceExchangeHandlerConfigRemote,\n DeviceExchangeMintContext,\n DeviceExchangeMintResult,\n DeviceExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeDeviceTokenForSignerOptions,\n MintSignerTokenFromDeviceTokenOptions,\n} from \"./types.js\";\n\nconst TOKEN_EXCHANGE_GRANT = \"urn:ietf:params:oauth:grant-type:token-exchange\";\nconst SUBJECT_ACCESS_TOKEN_TYPE = \"urn:ietf:params:oauth:token-type:access_token\";\nconst EXCHANGE_RESPONSE_ERROR = \"invalid_exchange_response\";\n\nexport function extractSignerAccessTokenFromExchangeBody(\n body: Record<string, unknown>,\n): string {\n const tokenObj = body.token;\n if (tokenObj !== null && typeof tokenObj === \"object\" && !Array.isArray(tokenObj)) {\n const nested = tokenObj as Record<string, unknown>;\n for (const key of [\"accessToken\", \"access_token\"] as const) {\n const value = nested[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n }\n for (const key of [\"accessToken\", \"access_token\"] as const) {\n const value = body[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n throw new PmtHouseError(\"Device exchange response missing signer access token\", {\n status: 502,\n code: \"invalid_exchange_response\",\n });\n}\n\nexport function normalizeDeviceExchangeResponse(\n minted: DeviceExchangeMintResult,\n options?: { signerUrl?: string },\n): DeviceExchangeResponse {\n const scope = minted.scope.trim() || \"sign:job\";\n const body: DeviceExchangeResponse = {\n access_token: minted.access_token,\n token_type: \"Bearer\",\n expires_in: minted.expires_in,\n scope,\n balanceUsdMicros: minted.balanceUsdMicros,\n lifetimeGrantedUsdMicros: minted.lifetimeGrantedUsdMicros,\n token: {\n accessToken: minted.access_token,\n access_token: minted.access_token,\n expiresIn: minted.expires_in,\n expires_in: minted.expires_in,\n scope,\n balanceUsdMicros: minted.balanceUsdMicros,\n lifetimeGrantedUsdMicros: minted.lifetimeGrantedUsdMicros,\n },\n };\n const signerUrl = options?.signerUrl?.trim();\n if (signerUrl) {\n body.signerUrl = signerUrl;\n }\n return body;\n}\n\nexport async function parseDeviceExchangeRequestBody(\n request: Request,\n): Promise<DeviceExchangeRequestBody> {\n let body: unknown;\n try {\n body = await request.json();\n } catch {\n throw new PmtHouseError(\"Request body must be JSON\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n throw new PmtHouseError(\"Request body must be a JSON object\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const record = body as Record<string, unknown>;\n const deviceTokenRaw = record.deviceToken;\n if (typeof deviceTokenRaw !== \"string\" || !deviceTokenRaw.trim()) {\n throw new PmtHouseError(\"Request body must include deviceToken\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const deviceToken = deviceTokenRaw.trim();\n const scope =\n typeof record.scope === \"string\" && record.scope.trim()\n ? record.scope.trim()\n : undefined;\n const clientId =\n typeof record.clientId === \"string\" && record.clientId.trim()\n ? record.clientId.trim()\n : undefined;\n return { deviceToken, scope, clientId };\n}\n\nexport async function mintSignerTokenFromDeviceToken(\n options: MintSignerTokenFromDeviceTokenOptions,\n): Promise<DeviceExchangeMintResult> {\n const fetchImpl = options.fetch ?? fetch;\n const issuerUrl = stripTrailingSlashes(options.issuerUrl);\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, {\n allowInsecureHttp: options.allowInsecureHttp,\n });\n const tokenEndpoint = as.token_endpoint;\n if (!tokenEndpoint) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n\n const audience = options.audience?.trim() || signerJwtAudience(issuerUrl);\n const params = new URLSearchParams({\n grant_type: TOKEN_EXCHANGE_GRANT,\n subject_token: options.deviceToken,\n subject_token_type: SUBJECT_ACCESS_TOKEN_TYPE,\n audience,\n resource: audience,\n });\n if (options.scope?.trim()) {\n params.set(\"scope\", options.scope.trim());\n }\n\n const response = await fetchImpl(tokenEndpoint, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: params.toString(),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Token endpoint returned invalid JSON\",\n invalidJsonCode: \"invalid_token_response\",\n failureLabel: \"Signer JWT exchange failed\",\n defaultErrorCode: \"token_exchange_failed\",\n });\n\n const cached = parseMintUserSignerTokenResponse(parsed);\n return {\n access_token: cached.jwt,\n expires_in: readExpiresIn(parsed, EXCHANGE_RESPONSE_ERROR),\n scope: readStringField(parsed, \"scope\", EXCHANGE_RESPONSE_ERROR),\n balanceUsdMicros: cached.balanceUsdMicros,\n lifetimeGrantedUsdMicros: cached.lifetimeGrantedUsdMicros,\n };\n}\n\nexport async function exchangeDeviceTokenForSigner(\n options: ExchangeDeviceTokenForSignerOptions,\n): Promise<DeviceExchangeResponse> {\n const fetchImpl = options.fetch ?? fetch;\n const url = `${stripTrailingSlashes(options.facadeUrl)}/api/signer/device/exchange`;\n const body: Record<string, string> = { deviceToken: options.deviceToken };\n if (options.scope?.trim()) {\n body.scope = options.scope.trim();\n }\n if (options.clientId?.trim()) {\n body.clientId = options.clientId.trim();\n }\n\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Device exchange returned invalid JSON\",\n invalidJsonCode: EXCHANGE_RESPONSE_ERROR,\n failureLabel: \"Device exchange failed\",\n defaultErrorCode: \"device_exchange_failed\",\n });\n\n const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);\n const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;\n const signerUrl =\n typeof signerUrlRaw === \"string\" && signerUrlRaw.trim() ? signerUrlRaw.trim() : undefined;\n return normalizeDeviceExchangeResponse(\n {\n access_token: accessToken,\n expires_in: readExpiresIn(parsed, EXCHANGE_RESPONSE_ERROR),\n scope:\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : \"sign:job\",\n balanceUsdMicros:\n typeof parsed.balanceUsdMicros === \"string\" ? parsed.balanceUsdMicros : \"0\",\n lifetimeGrantedUsdMicros:\n typeof parsed.lifetimeGrantedUsdMicros === \"string\"\n ? parsed.lifetimeGrantedUsdMicros\n : \"0\",\n },\n { signerUrl },\n );\n}\n\ntype CreateDeviceExchangeHandlerInput =\n | DeviceExchangeHandlerConfig\n | DeviceExchangeHandlerConfigRemote;\n\nfunction resolveMint(\n config: CreateDeviceExchangeHandlerInput,\n): (deviceToken: string, context: DeviceExchangeMintContext) => Promise<DeviceExchangeMintResult> {\n if (\"mint\" in config && typeof config.mint === \"function\") {\n return config.mint;\n }\n return (deviceToken, context) =>\n mintSignerTokenFromDeviceToken({\n issuerUrl: config.issuerUrl,\n m2mClientId: config.m2mClientId,\n m2mClientSecret: config.m2mClientSecret,\n deviceToken,\n scope: context.scope,\n audience: config.audience,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n}\n\nfunction resolveSignerUrlFromConfig(\n config: CreateDeviceExchangeHandlerInput,\n): string | Promise<string | undefined> | undefined {\n if (\"signerUrl\" in config && typeof config.signerUrl === \"string\" && config.signerUrl.trim()) {\n return config.signerUrl.trim();\n }\n if (\"getSignerUrl\" in config && typeof config.getSignerUrl === \"function\") {\n return config.getSignerUrl();\n }\n return undefined;\n}\n\nexport function createDeviceExchangeHandler(\n config: CreateDeviceExchangeHandlerInput,\n): (request: Request) => Promise<Response> {\n const mint = resolveMint(config);\n\n return async function deviceExchangeHandler(request: Request): Promise<Response> {\n try {\n if (request.method !== \"POST\") {\n return new Response(JSON.stringify({ error: \"method_not_allowed\" }), {\n status: 405,\n headers: { \"Content-Type\": \"application/json\" },\n });\n }\n\n const parsed = await parseDeviceExchangeRequestBody(request);\n const minted = await mint(parsed.deviceToken, {\n scope: parsed.scope,\n clientId: parsed.clientId,\n });\n const signerUrlValue = await resolveSignerUrlFromConfig(config);\n const body = normalizeDeviceExchangeResponse(minted, {\n signerUrl: typeof signerUrlValue === \"string\" ? signerUrlValue : undefined,\n });\n return new Response(JSON.stringify(body), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": \"no-store\",\n },\n });\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n };\n}\n","import { stripIssuerOriginFromOidcUrl, stripTrailingSlashes } from \"../string-utils.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport {\n extractSignerAccessTokenFromExchangeBody,\n mintSignerTokenFromDeviceToken,\n normalizeDeviceExchangeResponse,\n} from \"./device-exchange.js\";\nimport type {\n ApiKeyExchangeHandlerConfig,\n ApiKeyExchangeMintResult,\n ApiKeyExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeApiKeyForSignerOptions,\n} from \"./types.js\";\n\nconst EXCHANGE_RESPONSE_ERROR = \"invalid_exchange_response\";\n\nexport async function parseApiKeyExchangeRequestBody(\n request: Request,\n): Promise<ApiKeyExchangeRequestBody> {\n let body: unknown;\n try {\n body = await request.json();\n } catch {\n throw new PmtHouseError(\"Request body must be JSON\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n throw new PmtHouseError(\"Request body must be a JSON object\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const record = body as Record<string, unknown>;\n const apiKeyRaw = record.apiKey;\n if (typeof apiKeyRaw !== \"string\" || !apiKeyRaw.trim()) {\n throw new PmtHouseError(\"Request body must include apiKey\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const scope =\n typeof record.scope === \"string\" && record.scope.trim()\n ? record.scope.trim()\n : undefined;\n const clientId =\n typeof record.clientId === \"string\" && record.clientId.trim()\n ? record.clientId.trim()\n : undefined;\n return { apiKey: apiKeyRaw.trim(), scope, clientId };\n}\n\nexport async function mintUserAccessTokenFromApiKey(input: {\n issuerUrl: string;\n publicClientId: string;\n apiKey: string;\n scope?: string;\n fetch?: typeof fetch;\n}): Promise<{ access_token: string; expires_in: number; scope: string }> {\n const fetchImpl = input.fetch ?? fetch;\n const issuerOrigin = stripIssuerOriginFromOidcUrl(input.issuerUrl);\n const url = `${issuerOrigin}/api/v1/apps/${encodeURIComponent(input.publicClientId)}/auth/api-key/token`;\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${input.apiKey}`,\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(input.scope ? { scope: input.scope } : {}),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"API key token exchange returned invalid JSON\",\n invalidJsonCode: \"invalid_token_response\",\n failureLabel: \"API key token exchange failed\",\n defaultErrorCode: \"api_key_token_exchange_failed\",\n });\n\n const accessToken = parsed.access_token;\n if (typeof accessToken !== \"string\" || !accessToken.trim()) {\n throw new PmtHouseError(\"API key token exchange missing access_token\", {\n status: 502,\n code: EXCHANGE_RESPONSE_ERROR,\n });\n }\n\n const expiresIn =\n typeof parsed.expires_in === \"number\" && Number.isFinite(parsed.expires_in)\n ? parsed.expires_in\n : 900;\n const scope =\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : input.scope?.trim() || \"sign:job\";\n\n return {\n access_token: accessToken.trim(),\n expires_in: expiresIn,\n scope,\n };\n}\n\nexport async function mintSignerSessionFromApiKey(input: {\n issuerUrl: string;\n publicClientId: string;\n m2mClientId: string;\n m2mClientSecret: string;\n apiKey: string;\n scope?: string;\n audience?: string;\n fetch?: typeof fetch;\n allowInsecureHttp?: boolean;\n}): Promise<ApiKeyExchangeMintResult> {\n const userToken = await mintUserAccessTokenFromApiKey({\n issuerUrl: input.issuerUrl,\n publicClientId: input.publicClientId,\n apiKey: input.apiKey,\n scope: input.scope,\n fetch: input.fetch,\n });\n\n return mintSignerTokenFromDeviceToken({\n issuerUrl: input.issuerUrl,\n m2mClientId: input.m2mClientId,\n m2mClientSecret: input.m2mClientSecret,\n deviceToken: userToken.access_token,\n scope: userToken.scope,\n audience: input.audience,\n fetch: input.fetch,\n allowInsecureHttp: input.allowInsecureHttp,\n });\n}\n\nexport async function exchangeApiKeyForSigner(\n options: ExchangeApiKeyForSignerOptions,\n): Promise<DeviceExchangeResponse> {\n const fetchImpl = options.fetch ?? fetch;\n const url = `${stripTrailingSlashes(options.facadeUrl)}/api/pymthouse/keys/exchange`;\n const body: Record<string, string> = { apiKey: options.apiKey };\n if (options.scope?.trim()) {\n body.scope = options.scope.trim();\n }\n if (options.clientId?.trim()) {\n body.clientId = options.clientId.trim();\n }\n\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"API key exchange returned invalid JSON\",\n invalidJsonCode: EXCHANGE_RESPONSE_ERROR,\n failureLabel: \"API key exchange failed\",\n defaultErrorCode: \"api_key_exchange_failed\",\n });\n\n const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);\n const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;\n const signerUrl =\n typeof signerUrlRaw === \"string\" && signerUrlRaw.trim() ? signerUrlRaw.trim() : undefined;\n\n return normalizeDeviceExchangeResponse(\n {\n access_token: accessToken,\n expires_in:\n typeof parsed.expires_in === \"number\" && Number.isFinite(parsed.expires_in)\n ? parsed.expires_in\n : 3600,\n scope:\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : \"sign:job\",\n balanceUsdMicros:\n typeof parsed.balanceUsdMicros === \"string\" ? parsed.balanceUsdMicros : \"0\",\n lifetimeGrantedUsdMicros:\n typeof parsed.lifetimeGrantedUsdMicros === \"string\"\n ? parsed.lifetimeGrantedUsdMicros\n : \"0\",\n },\n { signerUrl },\n );\n}\n\nexport function createApiKeyExchangeHandler(\n config: ApiKeyExchangeHandlerConfig,\n): (request: Request) => Promise<Response> {\n const publicClientId = config.publicClientId.trim();\n\n return async function apiKeyExchangeHandler(request: Request): Promise<Response> {\n try {\n if (request.method !== \"POST\") {\n return new Response(JSON.stringify({ error: \"method_not_allowed\" }), {\n status: 405,\n headers: { \"Content-Type\": \"application/json\" },\n });\n }\n\n const parsed = await parseApiKeyExchangeRequestBody(request);\n const effectiveClientId = parsed.clientId?.trim() || publicClientId;\n if (effectiveClientId !== publicClientId) {\n throw new PmtHouseError(\"clientId does not match configured public client\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n\n const minted = await mintSignerSessionFromApiKey({\n issuerUrl: config.issuerUrl,\n publicClientId,\n m2mClientId: config.m2mClientId,\n m2mClientSecret: config.m2mClientSecret,\n apiKey: parsed.apiKey,\n scope: parsed.scope,\n audience: config.audience,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n\n const signerUrlValue =\n typeof config.signerUrl === \"string\" && config.signerUrl.trim()\n ? config.signerUrl.trim()\n : undefined;\n\n const body = normalizeDeviceExchangeResponse(minted, { signerUrl: signerUrlValue });\n return new Response(JSON.stringify(body), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": \"no-store\",\n },\n });\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n };\n}\n","import { stripTrailingSlashes } from \"../string-utils.js\";\nimport type { FetchLike } from \"../types.js\";\nimport type {\n ForwardToSignerOptions,\n ForwardToSignerResult,\n ProbeSignerHttpReachabilityOptions,\n SignerDmzGate,\n} from \"./types.js\";\n\nexport type { ForwardToSignerOptions, ForwardToSignerResult, ProbeSignerHttpReachabilityOptions };\n\nexport type SignerUsageSnapshot = {\n requestId: string;\n computedFeeWei: string;\n computedFeeUsdMicros: bigint;\n ethUsdPrice?: string;\n ethUsdRoundId?: string;\n ethUsdObservedAt?: string;\n pixels?: string;\n billableSecs?: string;\n pipeline?: string;\n modelId?: string;\n};\n\nconst HTTP_DMZ_TOKEN_MAX_ENTRIES = 100;\nconst HTTP_DMZ_TOKEN_TTL_MS = 3.5 * 60 * 1000;\nconst DEFAULT_PROBE_SUBJECT = \"signer-reachability-probe\";\n\ntype DmzTokenCacheEntry = {\n token: string;\n expMs: number;\n};\n\nconst httpDmzTokenCache = new Map<string, DmzTokenCacheEntry>();\n\nexport function normalizeSignerBaseUrl(base: string): string {\n return stripTrailingSlashes(base);\n}\n\nfunction joinSignerUrl(baseUrl: string, path: string): string {\n if (path.startsWith(\"/\")) {\n return `${baseUrl}${path}`;\n }\n return `${baseUrl}/${path}`;\n}\n\nfunction aliasBodyString(raw: unknown): string | null {\n if (raw === undefined || raw === null) {\n return null;\n }\n if (typeof raw === \"string\") {\n return raw.length > 0 ? raw : null;\n }\n if (typeof raw === \"number\" || typeof raw === \"boolean\" || typeof raw === \"bigint\") {\n return String(raw);\n }\n return null;\n}\n\nexport function resolveSignerBaseUrl(input: {\n envUrl?: string | null;\n storedUrl?: string | null;\n storedPort?: number | null;\n testSignerUrl?: string | null;\n defaultPort?: number;\n}): string {\n if (input.testSignerUrl?.trim()) {\n return normalizeSignerBaseUrl(input.testSignerUrl);\n }\n\n const legacyBareSignerPort = 8081;\n const rawPort = input.storedPort ?? input.defaultPort ?? 8080;\n const port = rawPort === legacyBareSignerPort ? 8080 : rawPort;\n const base =\n input.envUrl?.trim() ||\n input.storedUrl?.trim() ||\n `http://127.0.0.1:${port}`;\n return normalizeSignerBaseUrl(base);\n}\n\nexport async function getCachedDmzBearerToken(\n subject: string,\n gate: SignerDmzGate,\n getDmzToken: (subject: string, gate: SignerDmzGate) => Promise<string>,\n): Promise<string> {\n const cacheKey = `${gate}:${subject}`;\n const now = Date.now();\n const cached = httpDmzTokenCache.get(cacheKey);\n if (cached && cached.expMs > now + 15_000) {\n httpDmzTokenCache.delete(cacheKey);\n httpDmzTokenCache.set(cacheKey, cached);\n return cached.token;\n }\n\n const token = await getDmzToken(subject, gate);\n httpDmzTokenCache.set(cacheKey, { token, expMs: now + HTTP_DMZ_TOKEN_TTL_MS });\n\n if (httpDmzTokenCache.size > HTTP_DMZ_TOKEN_MAX_ENTRIES) {\n const oldest = httpDmzTokenCache.keys().next().value;\n if (oldest !== undefined) {\n httpDmzTokenCache.delete(oldest);\n }\n }\n\n return token;\n}\n\nexport async function readSignerUpstreamBody(response: Response): Promise<unknown> {\n const text = await response.text();\n if (!text.trim()) {\n return {};\n }\n try {\n return JSON.parse(text) as unknown;\n } catch {\n return {\n error: \"Signer DMZ returned a non-JSON body (often Apache auth failure)\",\n upstreamStatus: response.status,\n detail: text.slice(0, 800),\n };\n }\n}\n\nexport function pickConflictingStringAliases(\n body: Record<string, unknown>,\n ...keys: string[]\n):\n | { ok: true; value: string | undefined }\n | { ok: false; message: string } {\n const values = keys\n .map((key) => {\n const value = aliasBodyString(body[key]);\n return value === null ? null : { key, value };\n })\n .filter((entry): entry is { key: string; value: string } => entry !== null);\n const first = values[0];\n const conflict = values.find((entry) => entry.value !== first?.value);\n if (first && conflict) {\n return {\n ok: false,\n message: `Conflicting ${keys.join(\"/\")} in request body`,\n };\n }\n return { ok: true, value: first?.value };\n}\n\nexport function pickConflictingNumberAliases(\n body: Record<string, unknown>,\n ...keys: string[]\n):\n | { ok: true; value: number | undefined }\n | { ok: false; message: string } {\n const parseNum = (value: unknown): number | undefined => {\n if (typeof value === \"number\" && Number.isFinite(value)) {\n return value;\n }\n if (typeof value === \"string\" && value.trim() !== \"\") {\n const parsed = Number(value);\n return Number.isFinite(parsed) ? parsed : undefined;\n }\n return undefined;\n };\n const values = keys\n .map((key) => {\n const value = parseNum(body[key]);\n return value === undefined ? null : { key, value };\n })\n .filter((entry): entry is { key: string; value: number } => entry !== null);\n const first = values[0];\n const conflict = values.find((entry) => entry.value !== first?.value);\n if (first && conflict) {\n return {\n ok: false,\n message: `Conflicting ${keys.join(\"/\")} in request body`,\n };\n }\n return { ok: true, value: first?.value };\n}\n\nfunction pickString(obj: Record<string, unknown>, ...keys: string[]): string {\n for (const key of keys) {\n const value = obj[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n if (typeof value === \"number\" && Number.isFinite(value)) {\n return String(Math.trunc(value));\n }\n }\n return \"\";\n}\n\nexport function parseSignerUsageSnapshot(body: unknown): SignerUsageSnapshot | null {\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n return null;\n }\n const record = body as Record<string, unknown>;\n const usageRaw = record.usage;\n if (usageRaw === null || typeof usageRaw !== \"object\" || Array.isArray(usageRaw)) {\n return null;\n }\n const usage = usageRaw as Record<string, unknown>;\n const computedFeeWei = pickString(usage, \"computed_fee_wei\", \"computedFeeWei\");\n const usdMicrosStr = pickString(usage, \"computed_fee_usd_micros\", \"computedFeeUsdMicros\");\n const requestId = pickString(usage, \"request_id\", \"requestId\");\n if (!computedFeeWei || !usdMicrosStr || !requestId) {\n return null;\n }\n let computedFeeUsdMicros: bigint;\n try {\n computedFeeUsdMicros = BigInt(usdMicrosStr);\n } catch {\n return null;\n }\n return {\n requestId,\n computedFeeWei,\n computedFeeUsdMicros,\n ethUsdPrice: pickString(usage, \"eth_usd_price\", \"ethUsdPrice\") || undefined,\n ethUsdRoundId: pickString(usage, \"eth_usd_round_id\", \"ethUsdRoundId\") || undefined,\n ethUsdObservedAt:\n pickString(usage, \"eth_usd_updated_at\", \"ethUsdUpdatedAt\", \"eth_usd_observed_at\") ||\n undefined,\n pixels: pickString(usage, \"pixels\") || undefined,\n billableSecs: pickString(usage, \"billable_secs\", \"billableSecs\") || undefined,\n pipeline: pickString(usage, \"pipeline\") || undefined,\n modelId: pickString(usage, \"model_id\", \"modelId\") || undefined,\n };\n}\n\nexport function stripSignerUsageFromResponse(body: unknown): void {\n if (body !== null && typeof body === \"object\" && !Array.isArray(body)) {\n delete (body as Record<string, unknown>).usage;\n }\n}\n\nexport async function forwardToSigner(\n options: ForwardToSignerOptions,\n): Promise<ForwardToSignerResult> {\n const fetchImpl = options.fetch ?? fetch;\n const baseUrl = normalizeSignerBaseUrl(options.baseUrl);\n const url = joinSignerUrl(baseUrl, options.path);\n const timeoutMs = options.timeoutMs ?? 30_000;\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), timeoutMs);\n const headers: Record<string, string> = { \"Content-Type\": \"application/json\" };\n\n const explicitAuth = options.authorization?.trim();\n if (explicitAuth) {\n headers.Authorization = explicitAuth;\n } else {\n const attachJwt = options.forwardJwt ?? true;\n if (attachJwt) {\n const token = await getCachedDmzBearerToken(\n options.subject,\n \"http\",\n options.getDmzToken,\n );\n headers.Authorization = `Bearer ${token}`;\n }\n }\n if (options.extraHeaders) {\n for (const [name, value] of Object.entries(options.extraHeaders)) {\n if (value.trim()) {\n headers[name] = value.trim();\n }\n }\n }\n\n try {\n const response = await fetchImpl(url, {\n method: options.method,\n headers,\n body: options.body === undefined ? undefined : JSON.stringify(options.body),\n signal: controller.signal,\n });\n return {\n response,\n requestUrl: url,\n authorizationHeader: headers.Authorization,\n };\n } finally {\n clearTimeout(timeout);\n }\n}\n\ntype SignerProbeContext = {\n fetchImpl: FetchLike;\n signerUrl: string;\n timeoutMs: number;\n probeSubject: string;\n useJwt: boolean;\n getDmzToken: ProbeSignerHttpReachabilityOptions[\"getDmzToken\"];\n};\n\nfunction createSignerProbeContext(options: ProbeSignerHttpReachabilityOptions): SignerProbeContext {\n return {\n fetchImpl: options.fetch ?? fetch,\n signerUrl: normalizeSignerBaseUrl(options.signerUrl),\n timeoutMs: options.timeoutMs ?? 5000,\n probeSubject: options.probeSubject ?? DEFAULT_PROBE_SUBJECT,\n useJwt: options.forwardJwt ?? true,\n getDmzToken: options.getDmzToken,\n };\n}\n\nfunction reachableResult(ethAddress?: string): { reachable: true; ethAddress?: string } {\n return { reachable: true, ethAddress };\n}\n\nasync function fetchSignerStatus(\n ctx: SignerProbeContext,\n headers: Record<string, string>,\n): Promise<{ ok: boolean; ethAddress?: string }> {\n const response = await ctx.fetchImpl(`${ctx.signerUrl}/status`, {\n headers,\n signal: AbortSignal.timeout(ctx.timeoutMs),\n });\n if (!response.ok) {\n return { ok: false };\n }\n const data = (await readSignerUpstreamBody(response)) as Record<string, unknown>;\n const ethAddress =\n (typeof data.Address === \"string\" && data.Address) ||\n (typeof data.address === \"string\" && data.address) ||\n undefined;\n return { ok: true, ethAddress };\n}\n\nasync function tryJwtStatus(\n ctx: SignerProbeContext,\n): Promise<{ reachable: true; ethAddress?: string } | null> {\n if (!ctx.useJwt) {\n return null;\n }\n try {\n const token = await ctx.getDmzToken(ctx.probeSubject, \"http\");\n const { ok, ethAddress } = await fetchSignerStatus(ctx, {\n Authorization: `Bearer ${token}`,\n });\n return ok ? reachableResult(ethAddress) : null;\n } catch {\n return null;\n }\n}\n\nasync function tryPlainStatus(\n ctx: SignerProbeContext,\n): Promise<{ reachable: true; ethAddress?: string } | null> {\n try {\n const { ok, ethAddress } = await fetchSignerStatus(ctx, {});\n return ok ? reachableResult(ethAddress) : null;\n } catch {\n return null;\n }\n}\n\nasync function trySigningProbe(ctx: SignerProbeContext): Promise<boolean> {\n try {\n const token = await ctx.getDmzToken(ctx.probeSubject, \"http\");\n const response = await ctx.fetchImpl(`${ctx.signerUrl}/sign-orchestrator-info`, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${token}`,\n \"Content-Type\": \"application/json\",\n },\n body: \"{}\",\n signal: AbortSignal.timeout(ctx.timeoutMs),\n });\n return response.ok;\n } catch {\n return false;\n }\n}\n\nasync function runSignerReachabilityProbes(\n ctx: SignerProbeContext,\n): Promise<{ reachable: boolean; ethAddress?: string }> {\n const jwtResult = await tryJwtStatus(ctx);\n if (jwtResult) {\n return jwtResult;\n }\n const plainResult = await tryPlainStatus(ctx);\n if (plainResult) {\n return plainResult;\n }\n if (await trySigningProbe(ctx)) {\n return reachableResult();\n }\n return { reachable: false };\n}\n\nexport async function probeSignerHttpReachability(\n options: ProbeSignerHttpReachabilityOptions,\n): Promise<{ reachable: boolean; ethAddress?: string }> {\n const ctx = createSignerProbeContext(options);\n\n try {\n const health = await ctx.fetchImpl(`${ctx.signerUrl}/healthz`, {\n signal: AbortSignal.timeout(ctx.timeoutMs),\n });\n if (health.ok) {\n return runSignerReachabilityProbes(ctx);\n }\n } catch {\n /* fall through to /status probes */\n }\n\n return runSignerReachabilityProbes(ctx);\n}\n","import { PmtHouseError } from \"../errors.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport { createSignerTokenManager } from \"./token-manager.js\";\nimport { forwardDirectSignerRequest } from \"./forward.js\";\nimport { mintUserSignerToken } from \"./mint-token.js\";\nimport type {\n CachedSignerToken,\n DirectSignerBeforeSignResult,\n DirectSignerProxyConfig,\n} from \"./types.js\";\n\nfunction unauthorizedResponse(): Response {\n return new Response(JSON.stringify({ error: \"unauthorized\" }), {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" },\n });\n}\n\nfunction toResponse(result: DirectSignerBeforeSignResult): Response {\n if (result instanceof Response) {\n return result;\n }\n return new Response(result.body === undefined ? null : JSON.stringify(result.body), {\n status: result.status,\n headers: { \"Content-Type\": \"application/json\" },\n });\n}\n\nexport interface DirectSignerProxyHandler {\n (request: Request): Promise<Response>;\n getCachedUsage(\n publicClientId: string,\n externalUserId: string,\n ): CachedSignerToken | undefined;\n invalidateToken(publicClientId: string, externalUserId: string): void;\n}\n\nexport function createDirectSignerProxyHandler(\n config: DirectSignerProxyConfig,\n): DirectSignerProxyHandler {\n async function resolveM2MCredentials(\n publicClientId: string,\n ): Promise<{ m2mClientId: string; m2mClientSecret: string }> {\n if (config.resolveM2MCredentials) {\n return config.resolveM2MCredentials(publicClientId);\n }\n return {\n m2mClientId: config.pymthouseM2MClientId,\n m2mClientSecret: config.pymthouseM2MClientSecret,\n };\n }\n\n const tokenManager = createSignerTokenManager({\n // `publicClientId` selects the M2M credentials so the minted JWT's\n // `client_id` matches the cache partition key. The token manager rejects any\n // minted token whose `client_id` diverges from `publicClientId`.\n mint: async (publicClientId, externalUserId) => {\n const { m2mClientId, m2mClientSecret } = await resolveM2MCredentials(publicClientId);\n return mintUserSignerToken({\n issuerUrl: config.pymthouseIssuerUrl,\n m2mClientId,\n m2mClientSecret,\n externalUserId,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n },\n });\n\n async function runBeforeSign(\n token: CachedSignerToken,\n externalUserId: string,\n request: Request,\n ): Promise<Response | null> {\n if (!config.beforeSign) {\n return null;\n }\n const result = await config.beforeSign({ token, externalUserId, request });\n if (!result) {\n return null;\n }\n return toResponse(result);\n }\n\n async function forwardOnce(token: CachedSignerToken, request: Request): Promise<Response> {\n return forwardDirectSignerRequest({\n request,\n remoteSignerUrl: config.remoteSignerUrl,\n jwt: token.jwt,\n proxyPathPrefix: config.proxyPathPrefix,\n defaultRemotePath: config.defaultRemotePath,\n fetch: config.fetch,\n });\n }\n\n const handler = async function directSignerProxyHandler(request: Request): Promise<Response> {\n try {\n const session = await config.authenticate(request);\n if (session == null) {\n return unauthorizedResponse();\n }\n\n const externalUserId = (await config.resolveExternalUserId(session)).trim();\n if (!externalUserId) {\n throw new PmtHouseError(\"resolveExternalUserId returned an empty id\", {\n status: 500,\n code: \"invalid_external_user_id\",\n });\n }\n\n const publicClientId = config.resolvePublicClientId\n ? (await config.resolvePublicClientId(session)).trim()\n : config.pymthouseClientId.trim();\n if (!publicClientId) {\n throw new PmtHouseError(\"resolvePublicClientId returned an empty id\", {\n status: 500,\n code: \"invalid_client_id\",\n });\n }\n\n let token = await tokenManager.getToken(publicClientId, externalUserId);\n const blocked = await runBeforeSign(token, externalUserId, request);\n if (blocked) {\n return blocked;\n }\n\n let upstream = await forwardOnce(token, request);\n if (upstream.status === 401) {\n tokenManager.invalidate(publicClientId, externalUserId);\n token = await tokenManager.getToken(publicClientId, externalUserId, {\n forceRefresh: true,\n });\n const retryBlocked = await runBeforeSign(token, externalUserId, request);\n if (retryBlocked) {\n return retryBlocked;\n }\n upstream = await forwardOnce(token, request);\n }\n\n return upstream;\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n } as DirectSignerProxyHandler;\n\n handler.getCachedUsage = (publicClientId, externalUserId) =>\n tokenManager.peek(publicClientId, externalUserId);\n handler.invalidateToken = (publicClientId, externalUserId) =>\n tokenManager.invalidate(publicClientId, externalUserId);\n\n return handler;\n}\n\nexport { createSignerTokenManager, type SignerTokenManager } from \"./token-manager.js\";\nexport { forwardDirectSignerRequest, decodeJwtPayload, identityFromJwtPayload, livepeerIdentityHeaders } from \"./forward.js\";\nexport {\n mintUserSignerToken,\n parseMintUserSignerTokenResponse,\n SIGN_MINT_USER_TOKEN_SCOPE,\n signerJwtAudience,\n LIVEPEER_REMOTE_SIGNER_AUDIENCE,\n} from \"./mint-token.js\";\nexport {\n createDeviceExchangeHandler,\n exchangeDeviceTokenForSigner,\n extractSignerAccessTokenFromExchangeBody,\n mintSignerTokenFromDeviceToken,\n normalizeDeviceExchangeResponse,\n parseDeviceExchangeRequestBody,\n} from \"./device-exchange.js\";\nexport {\n createApiKeyExchangeHandler,\n exchangeApiKeyForSigner,\n mintSignerSessionFromApiKey,\n mintUserAccessTokenFromApiKey,\n parseApiKeyExchangeRequestBody,\n} from \"./api-key-exchange.js\";\nexport {\n forwardToSigner,\n getCachedDmzBearerToken,\n normalizeSignerBaseUrl,\n parseSignerUsageSnapshot,\n pickConflictingNumberAliases,\n pickConflictingStringAliases,\n probeSignerHttpReachability,\n readSignerUpstreamBody,\n resolveSignerBaseUrl,\n stripSignerUsageFromResponse,\n} from \"./proxy.js\";\nexport type {\n CachedSignerToken,\n DirectSignerBeforeSignContext,\n DirectSignerBeforeSignResult,\n DirectSignerProxyConfig,\n ApiKeyExchangeHandlerConfig,\n ApiKeyExchangeMintResult,\n ApiKeyExchangeRequestBody,\n DeviceExchangeHandlerConfig,\n DeviceExchangeHandlerConfigRemote,\n DeviceExchangeMintContext,\n DeviceExchangeMintResult,\n DeviceExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeApiKeyForSignerOptions,\n ExchangeDeviceTokenForSignerOptions,\n ForwardDirectSignerRequestOptions,\n ForwardToSignerOptions,\n ForwardToSignerResult,\n M2MClientCredentials,\n MintSignerTokenFromDeviceTokenOptions,\n MintUserSignerTokenOptions,\n MintUserSignerTokenResponse,\n ProbeSignerHttpReachabilityOptions,\n SignerDmzGate,\n SignerJwtIdentity,\n SignerTokenManagerOptions,\n} from \"./types.js\";\nexport type { SignerUsageSnapshot } from \"./proxy.js\";\n"]}
1
+ {"version":3,"sources":["../../src/errors.ts","../../src/signer/handler-errors.ts","../../src/signer/forward.ts","../../src/signer/token-manager.ts","../../src/string-utils.ts","../../src/discovery.ts","../../src/encoding.ts","../../src/signer/fetch-json.ts","../../src/signer/json-fields.ts","../../src/signer/mint-token.ts","../../src/signer/device-exchange.ts","../../src/signer/api-key-exchange.ts","../../src/signer/proxy.ts","../../src/signer/server.ts"],"names":["EXCHANGE_RESPONSE_ERROR","cacheKey"],"mappings":";;;AAAO,IAAM,aAAA,GAAN,cAA4B,KAAA,CAAM;AAAA,EAC9B,MAAA;AAAA,EACA,IAAA;AAAA,EACA,OAAA;AAAA,EAET,YACE,OAAA,EACA;AAAA,IACE,MAAA,GAAS,GAAA;AAAA,IACT,IAAA,GAAO,iBAAA;AAAA,IACP;AAAA,GACF,GAII,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF,CAAA;;;ACrBO,SAAS,2BAA2B,KAAA,EAA0B;AACnE,EAAA,IAAI,iBAAiB,aAAA,EAAe;AAClC,IAAA,OAAO,IAAI,QAAA;AAAA,MACT,KAAK,SAAA,CAAU;AAAA,QACb,OAAO,KAAA,CAAM,IAAA;AAAA,QACb,mBAAmB,KAAA,CAAM,OAAA;AAAA,QACzB,SAAS,KAAA,CAAM;AAAA,OAChB,CAAA;AAAA,MACD;AAAA,QACE,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,KACF;AAAA,EACF;AACA,EAAA,MAAM,OAAA,GAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,gBAAA;AACzD,EAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO,gBAAA,EAAkB,iBAAA,EAAmB,OAAA,EAAS,CAAA,EAAG;AAAA,IAC3F,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;;;AClBA,SAAS,uBAAuB,UAAA,EAA4B;AAC1D,EAAA,MAAM,UAAA,GAAa,WAAW,UAAA,CAAW,GAAA,EAAK,GAAG,CAAA,CAAE,UAAA,CAAW,KAAK,GAAG,CAAA;AACtE,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,WAAW,MAAA,GAAS,CAAC,CAAA,GAAI,CAAA,EAAG,GAAG,CAAA;AAC1E,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,OAAO,OAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA,CAAE,SAAS,MAAM,CAAA;AAAA,EACtD;AACA,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;AAEO,SAAS,iBAAiB,GAAA,EAAsC;AACrE,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,IAAA,EAAK,CAAE,MAAM,GAAG,CAAA;AAClC,EAAA,IAAI,KAAA,CAAM,SAAS,CAAA,EAAG;AACpB,IAAA,MAAM,IAAI,cAAc,mBAAA,EAAqB;AAAA,MAC3C,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,sBAAA,CAAuB,KAAA,CAAM,CAAC,CAAC,CAAA;AACnD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AACtC,IAAA,IAAI,CAAC,OAAA,IAAW,OAAO,OAAA,KAAY,QAAA,EAAU;AAC3C,MAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,IACzC;AACA,IAAA,OAAO,OAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,cAAc,8BAAA,EAAgC;AAAA,MACtD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACF;AAEA,SAAS,SAAA,CAAU,YAAqC,IAAA,EAAwB;AAC9E,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,MAAM,KAAA,GAAQ,QAAQ,GAAG,CAAA;AACzB,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF;AACA,EAAA,OAAO,EAAA;AACT;AAEO,SAAS,uBAAuB,OAAA,EAAqD;AAC1F,EAAA,MAAM,MAAA,GAAS,SAAA,CAAU,OAAA,EAAS,KAAK,CAAA;AACvC,EAAA,MAAM,QAAA,GAAW,SAAA,CAAU,OAAA,EAAS,WAAW,CAAA;AAC/C,EAAA,MAAM,YAAA,GAAe,SAAA,CAAU,OAAA,EAAS,kBAAA,EAAoB,iBAAiB,KAAK,CAAA;AAClF,EAAA,MAAM,gBAAA,GACJ,SAAA,CAAU,OAAA,EAAS,uBAAA,EAAyB,oBAAoB,CAAA,IAAK,kBAAA;AAEvE,EAAA,IAAI,CAAC,MAAA,IAAU,CAAC,QAAA,IAAY,CAAC,YAAA,EAAc;AACzC,IAAA,MAAM,IAAI,cAAc,4CAAA,EAA8C;AAAA,MACpE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,aAAA;AAAA,MACN,OAAA,EAAS,EAAE,MAAA,EAAQ,QAAA,EAAU,YAAA;AAAa,KAC3C,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,QAAA;AAAA,IACA,YAAA;AAAA,IACA;AAAA,GACF;AACF;AAEO,SAAS,wBAAwB,QAAA,EAAqD;AAC3F,EAAA,OAAO;AAAA,IACL,2BAA2B,QAAA,CAAS,MAAA;AAAA,IACpC,wBAAwB,QAAA,CAAS,QAAA;AAAA,IACjC,4BAA4B,QAAA,CAAS,YAAA;AAAA,IACrC,iCAAiC,QAAA,CAAS;AAAA,GAC5C;AACF;AAEA,SAAS,gBAAA,CACP,OAAA,EACA,eAAA,EACA,eAAA,EACA,oBAAoB,wBAAA,EACf;AACL,EAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,eAAe,CAAA;AAC1C,EAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AACpC,EAAA,IAAI,aAAa,QAAA,CAAS,QAAA;AAE1B,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,MAAM,MAAA,GAAS,gBAAgB,QAAA,CAAS,GAAG,IACvC,eAAA,CAAgB,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAC3B,eAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA,IAAK,iBAAA;AAAA,IAClD;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,CAAW,UAAA,CAAW,GAAG,CAAA,EAAG;AAC/B,IAAA,UAAA,GAAa,IAAI,UAAU,CAAA,CAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,EAAA,MAAA,CAAO,WAAW,UAAA,IAAc,iBAAA;AAChC,EAAA,MAAA,CAAO,SAAS,QAAA,CAAS,MAAA;AACzB,EAAA,OAAO,MAAA;AACT;AAEA,eAAsB,2BACpB,OAAA,EACmB;AACnB,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,QAAA,GAAW,sBAAA,CAAuB,gBAAA,CAAiB,OAAA,CAAQ,GAAG,CAAC,CAAA;AACrE,EAAA,MAAM,MAAA,GAAS,gBAAA;AAAA,IACb,OAAA,CAAQ,OAAA;AAAA,IACR,OAAA,CAAQ,eAAA;AAAA,IACR,OAAA,CAAQ,eAAA;AAAA,IACR,OAAA,CAAQ;AAAA,GACV;AAEA,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,OAAA,CAAQ,QAAQ,OAAO,CAAA;AACnD,EAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,OAAA,CAAQ,GAAG,CAAA,CAAE,CAAA;AACpD,EAAA,KAAA,MAAW,CAAC,MAAM,KAAK,CAAA,IAAK,OAAO,OAAA,CAAQ,uBAAA,CAAwB,QAAQ,CAAC,CAAA,EAAG;AAC7E,IAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,KAAK,CAAA;AAAA,EACzB;AACA,EAAA,OAAA,CAAQ,OAAO,MAAM,CAAA;AACrB,EAAA,OAAA,CAAQ,OAAO,gBAAgB,CAAA;AAE/B,EAAA,MAAM,IAAA,GAA0C;AAAA,IAC9C,MAAA,EAAQ,QAAQ,OAAA,CAAQ,MAAA;AAAA,IACxB,OAAA;AAAA,IACA,IAAA,EAAM,QAAQ,OAAA,CAAQ,IAAA;AAAA,IACtB,KAAA,EAAO;AAAA,GACT;AACA,EAAA,IAAI,OAAA,CAAQ,QAAQ,IAAA,EAAM;AACxB,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AAEA,EAAA,OAAO,SAAA,CAAU,QAAQ,IAAI,CAAA;AAC/B;;;ACrIA,SAAS,QAAA,CAAS,UAAkB,cAAA,EAAgC;AAClE,EAAA,OAAO,CAAA,EAAG,QAAQ,CAAA,EAAA,EAAK,cAAc,CAAA,CAAA;AACvC;AAYO,SAAS,yBAAyB,OAAA,EAAwD;AAC/F,EAAA,MAAM,eAAA,GAAkB,QAAQ,eAAA,IAAmB,GAAA;AACnD,EAAA,MAAM,KAAA,uBAAY,GAAA,EAA+B;AACjD,EAAA,MAAM,QAAA,uBAAe,GAAA,EAAwC;AAE7D,EAAA,SAAS,QAAA,CAAS,KAAA,EAA0B,GAAA,EAAa,YAAA,EAAgC;AACvF,IAAA,IAAI,cAAc,OAAO,KAAA;AACzB,IAAA,IAAI,GAAA,IAAO,KAAA,CAAM,SAAA,EAAW,OAAO,KAAA;AACnC,IAAA,IAAI,GAAA,IAAO,KAAA,CAAM,SAAA,EAAW,OAAO,KAAA;AACnC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,eAAe,OAAA,CACb,gBACA,cAAA,EAC4B;AAC5B,IAAA,MAAM,GAAA,GAAM,QAAA,CAAS,cAAA,EAAgB,cAAc,CAAA;AACnD,IAAA,MAAM,QAAA,GAAW,QAAA,CAAS,GAAA,CAAI,GAAG,CAAA;AACjC,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,OAAO,QAAA;AAAA,IACT;AAEA,IAAA,MAAM,OAAA,GAAU,QACb,IAAA,CAAK,cAAA,EAAgB,cAAc,CAAA,CACnC,IAAA,CAAK,CAAC,KAAA,KAAU;AACf,MAAA,MAAM,QAAA,GAAW,sBAAA,CAAuB,gBAAA,CAAiB,KAAA,CAAM,GAAG,CAAC,CAAA;AACnE,MAAA,IAAI,QAAA,CAAS,aAAa,cAAA,EAAgB;AACxC,QAAA,MAAM,IAAI,cAAc,sDAAA,EAAwD;AAAA,UAC9E,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM,mBAAA;AAAA,UACN,SAAS,EAAE,QAAA,EAAU,cAAA,EAAgB,MAAA,EAAQ,SAAS,QAAA;AAAS,SAChE,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,UAAA,GAAgC;AAAA,QACpC,GAAG,KAAA;AAAA,QACH,SAAA,EACE,KAAA,CAAM,SAAA,IACN,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,KAAA,CAAA,CAAO,KAAA,CAAM,SAAA,GAAY,IAAA,CAAK,GAAA,MAAS,eAAe;AAAA,OAC5E;AACA,MAAA,KAAA,CAAM,GAAA,CAAI,KAAK,UAAU,CAAA;AACzB,MAAA,QAAA,CAAS,OAAO,GAAG,CAAA;AACnB,MAAA,OAAO,UAAA;AAAA,IACT,CAAC,CAAA,CACA,KAAA,CAAM,CAAC,KAAA,KAAmB;AACzB,MAAA,QAAA,CAAS,OAAO,GAAG,CAAA;AACnB,MAAA,MAAM,KAAA;AAAA,IACR,CAAC,CAAA;AAEH,IAAA,QAAA,CAAS,GAAA,CAAI,KAAK,OAAO,CAAA;AACzB,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,IAAA,CAAK,gBAAgB,cAAA,EAAgB;AACnC,MAAA,OAAO,KAAA,CAAM,GAAA,CAAI,QAAA,CAAS,cAAA,EAAgB,cAAc,CAAC,CAAA;AAAA,IAC3D,CAAA;AAAA,IAEA,UAAA,CAAW,gBAAgB,cAAA,EAAgB;AACzC,MAAA,MAAM,GAAA,GAAM,QAAA,CAAS,cAAA,EAAgB,cAAc,CAAA;AACnD,MAAA,KAAA,CAAM,OAAO,GAAG,CAAA;AAChB,MAAA,QAAA,CAAS,OAAO,GAAG,CAAA;AAAA,IACrB,CAAA;AAAA,IAEA,MAAM,QAAA,CAAS,cAAA,EAAgB,cAAA,EAAgB,UAAA,GAAa,EAAC,EAAG;AAC9D,MAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,MAAA,MAAM,GAAA,GAAM,QAAA,CAAS,cAAA,EAAgB,cAAc,CAAA;AACnD,MAAA,MAAM,MAAA,GAAS,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAC5B,MAAA,IAAI,UAAU,QAAA,CAAS,MAAA,EAAQ,KAAK,UAAA,CAAW,YAAA,KAAiB,IAAI,CAAA,EAAG;AACrE,QAAA,OAAO,MAAA;AAAA,MACT;AAEA,MAAA,OAAO,OAAA,CAAQ,gBAAgB,cAAc,CAAA;AAAA,IAC/C;AAAA,GACF;AACF;;;AC5FO,SAAS,qBAAqB,KAAA,EAAuB;AAC1D,EAAA,IAAI,MAAM,KAAA,CAAM,MAAA;AAChB,EAAA,OAAO,GAAA,GAAM,MAAM,KAAA,CAAM,WAAA,CAAY,MAAM,CAAC,CAAA,IAAK,OAAO,EAAA,EAAI;AAC1D,IAAA,GAAA,EAAA;AAAA,EACF;AACA,EAAA,OAAO,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAC3B;AAEA,SAAS,kBAAA,CAAmB,OAAe,MAAA,EAAyB;AAClE,EAAA,IAAI,MAAA,CAAO,MAAA,GAAS,KAAA,CAAM,MAAA,EAAQ;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAA;AACpC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,CAAA,GAAI,KAAA,CAAM,WAAA,CAAY,KAAA,GAAQ,CAAC,CAAA,IAAK,CAAA;AAC1C,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,WAAA,CAAY,CAAC,CAAA,IAAK,CAAA;AACnC,IAAA,IAAI,CAAA,KAAM,CAAA,IAAA,CAAM,CAAA,GAAI,EAAA,OAAS,IAAI,EAAA,CAAA,EAAK;AACpC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,qBAAA,CAAsB,OAAe,MAAA,EAAwB;AACpE,EAAA,OAAO,kBAAA,CAAmB,KAAA,EAAO,MAAM,CAAA,GACnC,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAM,CAAA,GAC3C,KAAA;AACN;AAUO,SAAS,6BAA6B,SAAA,EAA2B;AACtE,EAAA,IAAI,IAAA,GAAO,oBAAA,CAAqB,SAAA,CAAU,IAAA,EAAM,CAAA;AAChD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,cAAc,CAAA;AACjD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,OAAO,CAAA;AAC1C,EAAA,OAAO,qBAAqB,IAAI,CAAA;AAClC;ACbA,IAAM,YAAA,GAAe,IAAI,EAAA,GAAK,GAAA;AAO9B,IAAM,cAAA,uBAAqB,GAAA,EAAwB;AAEnD,SAAS,oBAAoB,SAAA,EAA2B;AACtD,EAAA,OAAO,qBAAqB,SAAS,CAAA;AACvC;AAUA,eAAsB,uBAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0C,EAAC,EACb;AAC9B,EAAA,MAAM,GAAA,GAAM,oBAAoB,SAAS,CAAA;AACzC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,GAAA,CAAI,GAAG,CAAA;AAErC,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAA,IAAS,UAAU,GAAA,GAAM,MAAA,CAAO,YAAY,YAAA,EAAc;AACrE,IAAA,OAAO,MAAA,CAAO,EAAA;AAAA,EAChB;AAEA,EAAA,MAAM,gBAAA,GAAmB,IAAI,GAAA,CAAI,GAAG,CAAA;AACpC,EAAA,MAAM,aAAA,GAAwD;AAAA,IAC5D,SAAA,EAAW,MAAA;AAAA,IACX,CAAC,WAAW,GAAG;AAAA,GACjB;AACA,EAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,IAAA,aAAA,CAAc,qBAAqB,CAAA,GAAI,IAAA;AAAA,EACzC;AAEA,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI;AACF,IAAA,QAAA,GAAW,MAAM,gBAAA,CAAiB,gBAAA,EAAkB,aAAa,CAAA;AAAA,EACnE,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,yBAAyB,CAAC,CAAA;AAAA,EAClC;AAEA,EAAA,IAAI,EAAA;AACJ,EAAA,IAAI;AACF,IAAA,EAAA,GAAK,MAAM,wBAAA,CAAyB,gBAAA,EAAkB,QAAQ,CAAA;AAAA,EAChE,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,uBAAuB,CAAC,CAAA;AAAA,EAChC;AAEA,EAAA,cAAA,CAAe,IAAI,GAAA,EAAK,EAAE,EAAA,EAAI,SAAA,EAAW,KAAK,CAAA;AAC9C,EAAA,OAAO,EAAA;AACT;AAmBA,SAAS,uBAAuB,KAAA,EAA+B;AAC7D,EAAA,IAAI,iBAAiB,aAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAI,aAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,MACtC,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA;AAAM,KAC/B,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAI,cAAc,uBAAA,EAAyB;AAAA,IAChD,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEA,SAAS,yBAAyB,KAAA,EAA+B;AAC/D,EAAA,IAAI,iBAAiB,aAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAI,aAAA,CAAc,CAAA,+BAAA,EAAkC,KAAA,CAAM,OAAO,CAAA,CAAA,EAAI;AAAA,MAC1E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAI,cAAc,+BAAA,EAAiC;AAAA,IACxD,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;;;ACvIO,SAAS,uBAAA,CAAwB,UAAkB,YAAA,EAA8B;AACtF,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,YAAY,CAAA,CAAA;AACvC,EAAA,MAAM,GAAA,GACJ,OAAO,MAAA,KAAW,WAAA,GACd,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,MAAM,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA,GAC1C,KAAK,KAAA,CAAM,IAAA,CAAK,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,GAAG,CAAA,EAAG,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAC5F,EAAA,OAAO,SAAS,GAAG,CAAA,CAAA;AACrB;;;ACTA,SAAS,uBAAA,CACP,MAAA,EACA,YAAA,EACA,MAAA,EACQ;AACR,EAAA,IAAI,OAAO,MAAA,CAAO,iBAAA,KAAsB,QAAA,EAAU;AAChD,IAAA,OAAO,MAAA,CAAO,iBAAA;AAAA,EAChB;AACA,EAAA,IAAI,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,EAAU;AACpC,IAAA,OAAO,MAAA,CAAO,KAAA;AAAA,EAChB;AACA,EAAA,OAAO,CAAA,EAAG,YAAY,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA;AACnC;AASA,eAAsB,0BAAA,CACpB,UACA,OAAA,EACkC;AAClC,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAI,IAAgC,EAAC;AAAA,EACnE,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,aAAA,CAAc,OAAA,CAAQ,kBAAA,EAAoB;AAAA,MAClD,MAAA,EAAQ,GAAA;AAAA,MACR,MAAM,OAAA,CAAQ,eAAA;AAAA,MACd,OAAA,EAAS,EAAE,MAAA,EAAQ,QAAA,CAAS,MAAA;AAAO,KACpC,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,cAAc,uBAAA,CAAwB,MAAA,EAAQ,OAAA,CAAQ,YAAA,EAAc,SAAS,MAAM,CAAA;AACzF,IAAA,MAAM,IAAI,cAAc,WAAA,EAAa;AAAA,MACnC,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,MAAM,OAAO,MAAA,CAAO,UAAU,QAAA,GAAW,MAAA,CAAO,QAAQ,OAAA,CAAQ,gBAAA;AAAA,MAChE,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,MAAA;AACT;;;AC/CO,SAAS,eAAA,CACd,IAAA,EACA,GAAA,EACA,SAAA,EACA,gBAAgB,UAAA,EACR;AACR,EAAA,MAAM,KAAA,GAAQ,KAAK,GAAG,CAAA;AACtB,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,CAAC,KAAA,CAAM,MAAK,EAAG;AAC9C,IAAA,MAAM,IAAI,aAAA,CAAc,CAAA,EAAG,aAAa,CAAA,SAAA,EAAY,GAAG,CAAA,CAAA,EAAI;AAAA,MACzD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,MAAM,IAAA,EAAK;AACpB;AAEO,SAAS,aAAA,CAAc,MAA+B,SAAA,EAA2B;AACtF,EAAA,MAAM,YAAY,IAAA,CAAK,UAAA;AACvB,EAAA,IAAI,OAAO,cAAc,QAAA,IAAY,CAAC,OAAO,QAAA,CAAS,SAAS,CAAA,IAAK,SAAA,IAAa,CAAA,EAAG;AAClF,IAAA,MAAM,IAAI,cAAc,6BAAA,EAA+B;AAAA,MACrD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,SAAS,CAAA;AAC7B;;;ACnBO,IAAM,0BAAA,GAA6B;AAGnC,IAAM,+BAAA,GAAkC;AAE/C,IAAM,yBAAA,GAA4B,GAAA;AAClC,IAAM,oBAAA,GAAuB,wBAAA;AAEtB,SAAS,kBAAkB,SAAA,EAA2B;AAC3D,EAAA,OAAO,qBAAqB,SAAS,CAAA;AACvC;AAEO,SAAS,gCAAA,CACd,IAAA,EACA,eAAA,GAAkB,yBAAA,EACC;AACnB,EAAA,MAAM,WAAA,GAAc,eAAA,CAAgB,IAAA,EAAM,cAAA,EAAgB,sBAAsB,gBAAgB,CAAA;AAChG,EAAA,MAAM,SAAA,GAAY,aAAA,CAAc,IAAA,EAAM,oBAAoB,CAAA;AAC1D,EAAA,MAAM,gBAAA,GAAmB,eAAA;AAAA,IACvB,IAAA;AAAA,IACA,kBAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,wBAAA,GAA2B,eAAA;AAAA,IAC/B,IAAA;AAAA,IACA,0BAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,SAAA,GAAY,MAAM,SAAA,GAAY,GAAA;AACpC,EAAA,MAAM,YAAY,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,SAAA,GAAY,MAAO,eAAe,CAAA;AAErE,EAAA,OAAO;AAAA,IACL,GAAA,EAAK,WAAA;AAAA,IACL,SAAA;AAAA,IACA,SAAA;AAAA,IACA,gBAAA;AAAA,IACA;AAAA,GACF;AACF;AAEA,eAAsB,oBACpB,OAAA,EAC4B;AAC5B,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAA;AACxD,EAAA,MAAM,EAAA,GAAK,MAAM,uBAAA,CAAwB,SAAA,EAAW,SAAA,EAAW;AAAA,IAC7D,mBAAmB,OAAA,CAAQ;AAAA,GAC5B,CAAA;AACD,EAAA,MAAM,gBAAgB,EAAA,CAAG,cAAA;AACzB,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,cAAc,mDAAA,EAAqD;AAAA,MAC3E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,QAAA,GAAW,kBAAkB,SAAS,CAAA;AAC5C,EAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,IAC/B,UAAA,EAAY,oBAAA;AAAA,IACZ,KAAA,EAAO,0BAAA;AAAA,IACP,kBAAkB,OAAA,CAAQ,cAAA;AAAA,IAC1B;AAAA,GACD,CAAA;AAED,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,aAAA,EAAe;AAAA,IAC9C,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,mCAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,KAAK,QAAA,EAAS;AAAA,IACpB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,sCAAA;AAAA,IACpB,eAAA,EAAiB,oBAAA;AAAA,IACjB,YAAA,EAAc,mBAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,OAAO,iCAAiC,MAAM,CAAA;AAChD;;;ACxEA,IAAM,oBAAA,GAAuB,iDAAA;AAC7B,IAAM,yBAAA,GAA4B,+CAAA;AAClC,IAAM,uBAAA,GAA0B,2BAAA;AAEzB,SAAS,yCACd,IAAA,EACQ;AACR,EAAA,MAAM,WAAW,IAAA,CAAK,KAAA;AACtB,EAAA,IAAI,QAAA,KAAa,QAAQ,OAAO,QAAA,KAAa,YAAY,CAAC,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACjF,IAAA,MAAM,MAAA,GAAS,QAAA;AACf,IAAA,KAAA,MAAW,GAAA,IAAO,CAAC,aAAA,EAAe,cAAc,CAAA,EAAY;AAC1D,MAAA,MAAM,KAAA,GAAQ,OAAO,GAAG,CAAA;AACxB,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,QAAA,OAAO,MAAM,IAAA,EAAK;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACA,EAAA,KAAA,MAAW,GAAA,IAAO,CAAC,aAAA,EAAe,cAAc,CAAA,EAAY;AAC1D,IAAA,MAAM,KAAA,GAAQ,KAAK,GAAG,CAAA;AACtB,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF;AACA,EAAA,MAAM,IAAI,cAAc,sDAAA,EAAwD;AAAA,IAC9E,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEO,SAAS,+BAAA,CACd,QACA,OAAA,EACwB;AACxB,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,IAAK,UAAA;AACrC,EAAA,MAAM,IAAA,GAA+B;AAAA,IACnC,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,UAAA,EAAY,QAAA;AAAA,IACZ,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,KAAA;AAAA,IACA,kBAAkB,MAAA,CAAO,gBAAA;AAAA,IACzB,0BAA0B,MAAA,CAAO,wBAAA;AAAA,IACjC,KAAA,EAAO;AAAA,MACL,aAAa,MAAA,CAAO,YAAA;AAAA,MACpB,cAAc,MAAA,CAAO,YAAA;AAAA,MACrB,WAAW,MAAA,CAAO,UAAA;AAAA,MAClB,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,KAAA;AAAA,MACA,kBAAkB,MAAA,CAAO,gBAAA;AAAA,MACzB,0BAA0B,MAAA,CAAO;AAAA;AACnC,GACF;AACA,EAAA,MAAM,SAAA,GAAY,OAAA,EAAS,SAAA,EAAW,IAAA,EAAK;AAC3C,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACA,EAAA,OAAO,IAAA;AACT;AAEA,eAAsB,+BACpB,OAAA,EACoC;AACpC,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI;AACF,IAAA,IAAA,GAAO,MAAM,QAAQ,IAAA,EAAK;AAAA,EAC5B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,cAAc,2BAAA,EAA6B;AAAA,MACnD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACpE,IAAA,MAAM,IAAI,cAAc,oCAAA,EAAsC;AAAA,MAC5D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,iBAAiB,MAAA,CAAO,WAAA;AAC9B,EAAA,IAAI,OAAO,cAAA,KAAmB,QAAA,IAAY,CAAC,cAAA,CAAe,MAAK,EAAG;AAChE,IAAA,MAAM,IAAI,cAAc,uCAAA,EAAyC;AAAA,MAC/D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,WAAA,GAAc,eAAe,IAAA,EAAK;AACxC,EAAA,MAAM,KAAA,GACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,MAAA;AACN,EAAA,MAAM,QAAA,GACJ,OAAO,MAAA,CAAO,QAAA,KAAa,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACxD,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACrB,MAAA;AACN,EAAA,OAAO,EAAE,WAAA,EAAa,KAAA,EAAO,QAAA,EAAS;AACxC;AAEA,eAAsB,+BACpB,OAAA,EACmC;AACnC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAA;AACxD,EAAA,MAAM,EAAA,GAAK,MAAM,uBAAA,CAAwB,SAAA,EAAW,SAAA,EAAW;AAAA,IAC7D,mBAAmB,OAAA,CAAQ;AAAA,GAC5B,CAAA;AACD,EAAA,MAAM,gBAAgB,EAAA,CAAG,cAAA;AACzB,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,cAAc,mDAAA,EAAqD;AAAA,MAC3E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,IAAK,+BAAA;AAC7C,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,IACjC,UAAA,EAAY,oBAAA;AAAA,IACZ,eAAe,OAAA,CAAQ,WAAA;AAAA,IACvB,kBAAA,EAAoB,yBAAA;AAAA,IACpB,QAAA;AAAA,IACA,QAAA,EAAU;AAAA,GACX,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAA,CAAM,MAAM,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,aAAA,EAAe;AAAA,IAC9C,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,mCAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,OAAO,QAAA,EAAS;AAAA,IACtB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,sCAAA;AAAA,IACpB,eAAA,EAAiB,wBAAA;AAAA,IACjB,YAAA,EAAc,4BAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,iCAAiC,MAAM,CAAA;AACtD,EAAA,OAAO;AAAA,IACL,cAAc,MAAA,CAAO,GAAA;AAAA,IACrB,UAAA,EAAY,aAAA,CAAc,MAAA,EAAQ,uBAAuB,CAAA;AAAA,IACzD,KAAA,EAAO,eAAA,CAAgB,MAAA,EAAQ,OAAA,EAAS,uBAAuB,CAAA;AAAA,IAC/D,kBAAkB,MAAA,CAAO,gBAAA;AAAA,IACzB,0BAA0B,MAAA,CAAO;AAAA,GACnC;AACF;AAEA,eAAsB,6BACpB,OAAA,EACiC;AACjC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAC,CAAA,2BAAA,CAAA;AACtD,EAAA,MAAM,IAAA,GAA+B,EAAE,WAAA,EAAa,OAAA,CAAQ,WAAA,EAAY;AACxE,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,IAAA,EAAK;AAAA,EAClC;AACA,EAAA,IAAI,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,EAAG;AAC5B,IAAA,IAAA,CAAK,QAAA,GAAW,OAAA,CAAQ,QAAA,CAAS,IAAA,EAAK;AAAA,EACxC;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,uCAAA;AAAA,IACpB,eAAA,EAAiB,uBAAA;AAAA,IACjB,YAAA,EAAc,wBAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,WAAA,GAAc,yCAAyC,MAAM,CAAA;AACnE,EAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,IAAa,MAAA,CAAO,UAAA;AAChD,EAAA,MAAM,SAAA,GACJ,OAAO,YAAA,KAAiB,QAAA,IAAY,aAAa,IAAA,EAAK,GAAI,YAAA,CAAa,IAAA,EAAK,GAAI,MAAA;AAClF,EAAA,OAAO,+BAAA;AAAA,IACL;AAAA,MACE,YAAA,EAAc,WAAA;AAAA,MACd,UAAA,EAAY,aAAA,CAAc,MAAA,EAAQ,uBAAuB,CAAA;AAAA,MACzD,KAAA,EACE,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,UAAA;AAAA,MACN,kBACE,OAAO,MAAA,CAAO,gBAAA,KAAqB,QAAA,GAAW,OAAO,gBAAA,GAAmB,GAAA;AAAA,MAC1E,0BACE,OAAO,MAAA,CAAO,wBAAA,KAA6B,QAAA,GACvC,OAAO,wBAAA,GACP;AAAA,KACR;AAAA,IACA,EAAE,SAAA;AAAU,GACd;AACF;AAMA,SAAS,YACP,MAAA,EACgG;AAChG,EAAA,IAAI,MAAA,IAAU,MAAA,IAAU,OAAO,MAAA,CAAO,SAAS,UAAA,EAAY;AACzD,IAAA,OAAO,MAAA,CAAO,IAAA;AAAA,EAChB;AACA,EAAA,OAAO,CAAC,WAAA,EAAa,OAAA,KACnB,8BAAA,CAA+B;AAAA,IAC7B,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,iBAAiB,MAAA,CAAO,eAAA;AAAA,IACxB,WAAA;AAAA,IACA,OAAO,OAAA,CAAQ,KAAA;AAAA,IACf,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,OAAO,MAAA,CAAO,KAAA;AAAA,IACd,mBAAmB,MAAA,CAAO;AAAA,GAC3B,CAAA;AACL;AAEA,SAAS,2BACP,MAAA,EACkD;AAClD,EAAA,IAAI,WAAA,IAAe,UAAU,OAAO,MAAA,CAAO,cAAc,QAAA,IAAY,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,EAAG;AAC5F,IAAA,OAAO,MAAA,CAAO,UAAU,IAAA,EAAK;AAAA,EAC/B;AACA,EAAA,IAAI,cAAA,IAAkB,MAAA,IAAU,OAAO,MAAA,CAAO,iBAAiB,UAAA,EAAY;AACzE,IAAA,OAAO,OAAO,YAAA,EAAa;AAAA,EAC7B;AACA,EAAA,OAAO,MAAA;AACT;AAEO,SAAS,4BACd,MAAA,EACyC;AACzC,EAAA,MAAM,IAAA,GAAO,YAAY,MAAM,CAAA;AAE/B,EAAA,OAAO,eAAe,sBAAsB,OAAA,EAAqC;AAC/E,IAAA,IAAI;AACF,MAAA,IAAI,OAAA,CAAQ,WAAW,MAAA,EAAQ;AAC7B,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,oBAAA,EAAsB,CAAA,EAAG;AAAA,UACnE,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,8BAAA,CAA+B,OAAO,CAAA;AAC3D,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO,WAAA,EAAa;AAAA,QAC5C,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,UAAU,MAAA,CAAO;AAAA,OAClB,CAAA;AACD,MAAA,MAAM,cAAA,GAAiB,MAAM,0BAAA,CAA2B,MAAM,CAAA;AAC9D,MAAA,MAAM,IAAA,GAAO,gCAAgC,MAAA,EAAQ;AAAA,QACnD,SAAA,EAAW,OAAO,cAAA,KAAmB,QAAA,GAAW,cAAA,GAAiB,KAAA;AAAA,OAClE,CAAA;AACD,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,QACxC,MAAA,EAAQ,GAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,eAAA,EAAiB;AAAA;AACnB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,2BAA2B,KAAK,CAAA;AAAA,IACzC;AAAA,EACF,CAAA;AACF;;;ACvRA,IAAMA,wBAAAA,GAA0B,2BAAA;AAEhC,eAAsB,+BACpB,OAAA,EACoC;AACpC,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI;AACF,IAAA,IAAA,GAAO,MAAM,QAAQ,IAAA,EAAK;AAAA,EAC5B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,cAAc,2BAAA,EAA6B;AAAA,MACnD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACpE,IAAA,MAAM,IAAI,cAAc,oCAAA,EAAsC;AAAA,MAC5D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,YAAY,MAAA,CAAO,MAAA;AACzB,EAAA,IAAI,OAAO,SAAA,KAAc,QAAA,IAAY,CAAC,SAAA,CAAU,MAAK,EAAG;AACtD,IAAA,MAAM,IAAI,cAAc,kCAAA,EAAoC;AAAA,MAC1D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,KAAA,GACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,MAAA;AACN,EAAA,MAAM,QAAA,GACJ,OAAO,MAAA,CAAO,QAAA,KAAa,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACxD,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACrB,MAAA;AACN,EAAA,OAAO,EAAE,MAAA,EAAQ,SAAA,CAAU,IAAA,EAAK,EAAG,OAAO,QAAA,EAAS;AACrD;AAEA,eAAsB,8BAA8B,KAAA,EAMqB;AACvE,EAAA,MAAM,SAAA,GAAY,MAAM,KAAA,IAAS,KAAA;AACjC,EAAA,MAAM,YAAA,GAAe,4BAAA,CAA6B,KAAA,CAAM,SAAS,CAAA;AACjE,EAAA,MAAM,MAAM,CAAA,EAAG,YAAY,gBAAgB,kBAAA,CAAmB,KAAA,CAAM,cAAc,CAAC,CAAA,mBAAA,CAAA;AACnF,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,MAAM,CAAA,CAAA;AAAA,MACrC,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAA,CAAM,KAAA,GAAQ,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI,EAAE,CAAA;AAAA,IAC9D,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,8CAAA;AAAA,IACpB,eAAA,EAAiB,wBAAA;AAAA,IACjB,YAAA,EAAc,+BAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,cAAc,MAAA,CAAO,YAAA;AAC3B,EAAA,IAAI,OAAO,WAAA,KAAgB,QAAA,IAAY,CAAC,WAAA,CAAY,MAAK,EAAG;AAC1D,IAAA,MAAM,IAAI,cAAc,6CAAA,EAA+C;AAAA,MACrE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAMA;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,SAAA,GACJ,OAAO,MAAA,CAAO,UAAA,KAAe,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,GACtE,MAAA,CAAO,UAAA,GACP,GAAA;AACN,EAAA,MAAM,QACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,OAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,MAAM,IAAA,EAAK,GAClB,KAAA,CAAM,KAAA,EAAO,MAAK,IAAK,UAAA;AAE7B,EAAA,OAAO;AAAA,IACL,YAAA,EAAc,YAAY,IAAA,EAAK;AAAA,IAC/B,UAAA,EAAY,SAAA;AAAA,IACZ;AAAA,GACF;AACF;AAEA,eAAsB,4BAA4B,KAAA,EAUZ;AACpC,EAAA,MAAM,SAAA,GAAY,MAAM,6BAAA,CAA8B;AAAA,IACpD,WAAW,KAAA,CAAM,SAAA;AAAA,IACjB,gBAAgB,KAAA,CAAM,cAAA;AAAA,IACtB,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,OAAO,KAAA,CAAM;AAAA,GACd,CAAA;AAED,EAAA,OAAO,8BAAA,CAA+B;AAAA,IACpC,WAAW,KAAA,CAAM,SAAA;AAAA,IACjB,aAAa,KAAA,CAAM,WAAA;AAAA,IACnB,iBAAiB,KAAA,CAAM,eAAA;AAAA,IACvB,aAAa,SAAA,CAAU,YAAA;AAAA,IACvB,OAAO,SAAA,CAAU,KAAA;AAAA,IACjB,UAAU,KAAA,CAAM,QAAA;AAAA,IAChB,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,mBAAmB,KAAA,CAAM;AAAA,GAC1B,CAAA;AACH;AAEA,eAAsB,wBACpB,OAAA,EACiC;AACjC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAC,CAAA,4BAAA,CAAA;AACtD,EAAA,MAAM,IAAA,GAA+B,EAAE,MAAA,EAAQ,OAAA,CAAQ,MAAA,EAAO;AAC9D,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,IAAA,EAAK;AAAA,EAClC;AACA,EAAA,IAAI,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,EAAG;AAC5B,IAAA,IAAA,CAAK,QAAA,GAAW,OAAA,CAAQ,QAAA,CAAS,IAAA,EAAK;AAAA,EACxC;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,wCAAA;AAAA,IACpB,eAAA,EAAiBA,wBAAAA;AAAA,IACjB,YAAA,EAAc,yBAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,WAAA,GAAc,yCAAyC,MAAM,CAAA;AACnE,EAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,IAAa,MAAA,CAAO,UAAA;AAChD,EAAA,MAAM,SAAA,GACJ,OAAO,YAAA,KAAiB,QAAA,IAAY,aAAa,IAAA,EAAK,GAAI,YAAA,CAAa,IAAA,EAAK,GAAI,MAAA;AAElF,EAAA,OAAO,+BAAA;AAAA,IACL;AAAA,MACE,YAAA,EAAc,WAAA;AAAA,MACd,UAAA,EACE,OAAO,MAAA,CAAO,UAAA,KAAe,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,GACtE,MAAA,CAAO,UAAA,GACP,IAAA;AAAA,MACN,KAAA,EACE,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,UAAA;AAAA,MACN,kBACE,OAAO,MAAA,CAAO,gBAAA,KAAqB,QAAA,GAAW,OAAO,gBAAA,GAAmB,GAAA;AAAA,MAC1E,0BACE,OAAO,MAAA,CAAO,wBAAA,KAA6B,QAAA,GACvC,OAAO,wBAAA,GACP;AAAA,KACR;AAAA,IACA,EAAE,SAAA;AAAU,GACd;AACF;AAEO,SAAS,4BACd,MAAA,EACyC;AACzC,EAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,cAAA,CAAe,IAAA,EAAK;AAElD,EAAA,OAAO,eAAe,sBAAsB,OAAA,EAAqC;AAC/E,IAAA,IAAI;AACF,MAAA,IAAI,OAAA,CAAQ,WAAW,MAAA,EAAQ;AAC7B,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,oBAAA,EAAsB,CAAA,EAAG;AAAA,UACnE,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,8BAAA,CAA+B,OAAO,CAAA;AAC3D,MAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,QAAA,EAAU,IAAA,EAAK,IAAK,cAAA;AACrD,MAAA,IAAI,sBAAsB,cAAA,EAAgB;AACxC,QAAA,MAAM,IAAI,cAAc,kDAAA,EAAoD;AAAA,UAC1E,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA,SACP,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,2BAAA,CAA4B;AAAA,QAC/C,WAAW,MAAA,CAAO,SAAA;AAAA,QAClB,cAAA;AAAA,QACA,aAAa,MAAA,CAAO,WAAA;AAAA,QACpB,iBAAiB,MAAA,CAAO,eAAA;AAAA,QACxB,QAAQ,MAAA,CAAO,MAAA;AAAA,QACf,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,UAAU,MAAA,CAAO,QAAA;AAAA,QACjB,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAED,MAAA,MAAM,cAAA,GACJ,OAAO,MAAA,CAAO,SAAA,KAAc,QAAA,IAAY,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,GAC1D,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,GACtB,KAAA,CAAA;AAEN,MAAA,MAAM,OAAO,+BAAA,CAAgC,MAAA,EAAQ,EAAE,SAAA,EAAW,gBAAgB,CAAA;AAClF,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,QACxC,MAAA,EAAQ,GAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,eAAA,EAAiB;AAAA;AACnB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,2BAA2B,KAAK,CAAA;AAAA,IACzC;AAAA,EACF,CAAA;AACF;;;AChOA,IAAM,0BAAA,GAA6B,GAAA;AACnC,IAAM,qBAAA,GAAwB,MAAM,EAAA,GAAK,GAAA;AACzC,IAAM,qBAAA,GAAwB,2BAAA;AAO9B,IAAM,iBAAA,uBAAwB,GAAA,EAAgC;AAEvD,SAAS,uBAAuB,IAAA,EAAsB;AAC3D,EAAA,OAAO,qBAAqB,IAAI,CAAA;AAClC;AAEA,SAAS,aAAA,CAAc,SAAiB,IAAA,EAAsB;AAC5D,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG;AACxB,IAAA,OAAO,CAAA,EAAG,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA;AAAA,EAC1B;AACA,EAAA,OAAO,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAC3B;AAEA,SAAS,gBAAgB,GAAA,EAA6B;AACpD,EAAA,IAAI,GAAA,KAAQ,MAAA,IAAa,GAAA,KAAQ,IAAA,EAAM;AACrC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,IAAA,OAAO,GAAA,CAAI,MAAA,GAAS,CAAA,GAAI,GAAA,GAAM,IAAA;AAAA,EAChC;AACA,EAAA,IAAI,OAAO,QAAQ,QAAA,IAAY,OAAO,QAAQ,SAAA,IAAa,OAAO,QAAQ,QAAA,EAAU;AAClF,IAAA,OAAO,OAAO,GAAG,CAAA;AAAA,EACnB;AACA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,qBAAqB,KAAA,EAM1B;AACT,EAAA,IAAI,KAAA,CAAM,aAAA,EAAe,IAAA,EAAK,EAAG;AAC/B,IAAA,OAAO,sBAAA,CAAuB,MAAM,aAAa,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,oBAAA,GAAuB,IAAA;AAC7B,EAAA,MAAM,OAAA,GAAU,KAAA,CAAM,UAAA,IAAc,KAAA,CAAM,WAAA,IAAe,IAAA;AACzD,EAAA,MAAM,IAAA,GAAO,OAAA,KAAY,oBAAA,GAAuB,IAAA,GAAO,OAAA;AACvD,EAAA,MAAM,IAAA,GACJ,KAAA,CAAM,MAAA,EAAQ,IAAA,EAAK,IACnB,MAAM,SAAA,EAAW,IAAA,EAAK,IACtB,CAAA,iBAAA,EAAoB,IAAI,CAAA,CAAA;AAC1B,EAAA,OAAO,uBAAuB,IAAI,CAAA;AACpC;AAEA,eAAsB,uBAAA,CACpB,OAAA,EACA,IAAA,EACA,WAAA,EACiB;AACjB,EAAA,MAAMC,SAAAA,GAAW,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,OAAO,CAAA,CAAA;AACnC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,GAAA,CAAIA,SAAQ,CAAA;AAC7C,EAAA,IAAI,MAAA,IAAU,MAAA,CAAO,KAAA,GAAQ,GAAA,GAAM,IAAA,EAAQ;AACzC,IAAA,iBAAA,CAAkB,OAAOA,SAAQ,CAAA;AACjC,IAAA,iBAAA,CAAkB,GAAA,CAAIA,WAAU,MAAM,CAAA;AACtC,IAAA,OAAO,MAAA,CAAO,KAAA;AAAA,EAChB;AAEA,EAAA,MAAM,KAAA,GAAQ,MAAM,WAAA,CAAY,OAAA,EAAS,IAAI,CAAA;AAC7C,EAAA,iBAAA,CAAkB,IAAIA,SAAAA,EAAU,EAAE,OAAO,KAAA,EAAO,GAAA,GAAM,uBAAuB,CAAA;AAE7E,EAAA,IAAI,iBAAA,CAAkB,OAAO,0BAAA,EAA4B;AACvD,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,IAAA,EAAK,CAAE,MAAK,CAAE,KAAA;AAC/C,IAAA,IAAI,WAAW,MAAA,EAAW;AACxB,MAAA,iBAAA,CAAkB,OAAO,MAAM,CAAA;AAAA,IACjC;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,uBAAuB,QAAA,EAAsC;AACjF,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,EAAA,IAAI,CAAC,IAAA,CAAK,IAAA,EAAK,EAAG;AAChB,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,IAAI;AACF,IAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,EACxB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,iEAAA;AAAA,MACP,gBAAgB,QAAA,CAAS,MAAA;AAAA,MACzB,MAAA,EAAQ,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,GAAG;AAAA,KAC3B;AAAA,EACF;AACF;AAEO,SAAS,4BAAA,CACd,SACG,IAAA,EAG8B;AACjC,EAAA,MAAM,MAAA,GAAS,IAAA,CACZ,GAAA,CAAI,CAAC,GAAA,KAAQ;AACZ,IAAA,MAAM,KAAA,GAAQ,eAAA,CAAgB,IAAA,CAAK,GAAG,CAAC,CAAA;AACvC,IAAA,OAAO,KAAA,KAAU,IAAA,GAAO,IAAA,GAAO,EAAE,KAAK,KAAA,EAAM;AAAA,EAC9C,CAAC,CAAA,CACA,MAAA,CAAO,CAAC,KAAA,KAAmD,UAAU,IAAI,CAAA;AAC5E,EAAA,MAAM,KAAA,GAAQ,OAAO,CAAC,CAAA;AACtB,EAAA,MAAM,QAAA,GAAW,OAAO,IAAA,CAAK,CAAC,UAAU,KAAA,CAAM,KAAA,KAAU,OAAO,KAAK,CAAA;AACpE,EAAA,IAAI,SAAS,QAAA,EAAU;AACrB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,OAAA,EAAS,CAAA,YAAA,EAAe,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,gBAAA;AAAA,KACxC;AAAA,EACF;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,KAAA,EAAM;AACzC;AAEO,SAAS,4BAAA,CACd,SACG,IAAA,EAG8B;AACjC,EAAA,MAAM,QAAA,GAAW,CAAC,KAAA,KAAuC;AACvD,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,EAAG;AACvD,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACpD,MAAA,MAAM,MAAA,GAAS,OAAO,KAAK,CAAA;AAC3B,MAAA,OAAO,MAAA,CAAO,QAAA,CAAS,MAAM,CAAA,GAAI,MAAA,GAAS,MAAA;AAAA,IAC5C;AACA,IAAA,OAAO,MAAA;AAAA,EACT,CAAA;AACA,EAAA,MAAM,MAAA,GAAS,IAAA,CACZ,GAAA,CAAI,CAAC,GAAA,KAAQ;AACZ,IAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,IAAA,CAAK,GAAG,CAAC,CAAA;AAChC,IAAA,OAAO,KAAA,KAAU,MAAA,GAAY,IAAA,GAAO,EAAE,KAAK,KAAA,EAAM;AAAA,EACnD,CAAC,CAAA,CACA,MAAA,CAAO,CAAC,KAAA,KAAmD,UAAU,IAAI,CAAA;AAC5E,EAAA,MAAM,KAAA,GAAQ,OAAO,CAAC,CAAA;AACtB,EAAA,MAAM,QAAA,GAAW,OAAO,IAAA,CAAK,CAAC,UAAU,KAAA,CAAM,KAAA,KAAU,OAAO,KAAK,CAAA;AACpE,EAAA,IAAI,SAAS,QAAA,EAAU;AACrB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,OAAA,EAAS,CAAA,YAAA,EAAe,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,gBAAA;AAAA,KACxC;AAAA,EACF;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,KAAA,EAAM;AACzC;AAEA,SAAS,UAAA,CAAW,QAAiC,IAAA,EAAwB;AAC3E,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,MAAM,KAAA,GAAQ,IAAI,GAAG,CAAA;AACrB,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AACA,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,EAAG;AACvD,MAAA,OAAO,MAAA,CAAO,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA;AAAA,IACjC;AAAA,EACF;AACA,EAAA,OAAO,EAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAA2C;AAClF,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACpE,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,WAAW,MAAA,CAAO,KAAA;AACxB,EAAA,IAAI,QAAA,KAAa,QAAQ,OAAO,QAAA,KAAa,YAAY,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAChF,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,QAAA;AACd,EAAA,MAAM,cAAA,GAAiB,UAAA,CAAW,KAAA,EAAO,kBAAA,EAAoB,gBAAgB,CAAA;AAC7E,EAAA,MAAM,YAAA,GAAe,UAAA,CAAW,KAAA,EAAO,yBAAA,EAA2B,sBAAsB,CAAA;AACxF,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,KAAA,EAAO,YAAA,EAAc,WAAW,CAAA;AAC7D,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,YAAA,IAAgB,CAAC,SAAA,EAAW;AAClD,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI,oBAAA;AACJ,EAAA,IAAI;AACF,IAAA,oBAAA,GAAuB,OAAO,YAAY,CAAA;AAAA,EAC5C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,SAAA;AAAA,IACA,cAAA;AAAA,IACA,oBAAA;AAAA,IACA,WAAA,EAAa,UAAA,CAAW,KAAA,EAAO,eAAA,EAAiB,aAAa,CAAA,IAAK,MAAA;AAAA,IAClE,aAAA,EAAe,UAAA,CAAW,KAAA,EAAO,kBAAA,EAAoB,eAAe,CAAA,IAAK,MAAA;AAAA,IACzE,kBACE,UAAA,CAAW,KAAA,EAAO,oBAAA,EAAsB,iBAAA,EAAmB,qBAAqB,CAAA,IAChF,MAAA;AAAA,IACF,MAAA,EAAQ,UAAA,CAAW,KAAA,EAAO,QAAQ,CAAA,IAAK,MAAA;AAAA,IACvC,YAAA,EAAc,UAAA,CAAW,KAAA,EAAO,eAAA,EAAiB,cAAc,CAAA,IAAK,MAAA;AAAA,IACpE,QAAA,EAAU,UAAA,CAAW,KAAA,EAAO,UAAU,CAAA,IAAK,MAAA;AAAA,IAC3C,OAAA,EAAS,UAAA,CAAW,KAAA,EAAO,UAAA,EAAY,SAAS,CAAA,IAAK;AAAA,GACvD;AACF;AAEO,SAAS,6BAA6B,IAAA,EAAqB;AAChE,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,CAAC,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACrE,IAAA,OAAQ,IAAA,CAAiC,KAAA;AAAA,EAC3C;AACF;AAEA,eAAsB,gBACpB,OAAA,EACgC;AAChC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,OAAA,GAAU,sBAAA,CAAuB,OAAA,CAAQ,OAAO,CAAA;AACtD,EAAA,MAAM,GAAA,GAAM,aAAA,CAAc,OAAA,EAAS,OAAA,CAAQ,IAAI,CAAA;AAC/C,EAAA,MAAM,SAAA,GAAY,QAAQ,SAAA,IAAa,GAAA;AACvC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,UAAU,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,SAAS,CAAA;AAC9D,EAAA,MAAM,OAAA,GAAkC,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAE7E,EAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,aAAA,EAAe,IAAA,EAAK;AACjD,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAA,CAAQ,aAAA,GAAgB,YAAA;AAAA,EAC1B,CAAA,MAAO;AACL,IAAA,MAAM,SAAA,GAAY,QAAQ,UAAA,IAAc,IAAA;AACxC,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,MAAM,QAAQ,MAAM,uBAAA;AAAA,QAClB,OAAA,CAAQ,OAAA;AAAA,QACR,MAAA;AAAA,QACA,OAAA,CAAQ;AAAA,OACV;AACA,MAAA,OAAA,CAAQ,aAAA,GAAgB,UAAU,KAAK,CAAA,CAAA;AAAA,IACzC;AAAA,EACF;AACA,EAAA,IAAI,QAAQ,YAAA,EAAc;AACxB,IAAA,KAAA,MAAW,CAAC,MAAM,KAAK,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,EAAG;AAChE,MAAA,IAAI,KAAA,CAAM,MAAK,EAAG;AAChB,QAAA,OAAA,CAAQ,IAAI,CAAA,GAAI,KAAA,CAAM,IAAA,EAAK;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,MACpC,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAA;AAAA,MACA,IAAA,EAAM,QAAQ,IAAA,KAAS,KAAA,CAAA,GAAY,SAAY,IAAA,CAAK,SAAA,CAAU,QAAQ,IAAI,CAAA;AAAA,MAC1E,QAAQ,UAAA,CAAW;AAAA,KACpB,CAAA;AACD,IAAA,OAAO;AAAA,MACL,QAAA;AAAA,MACA,UAAA,EAAY,GAAA;AAAA,MACZ,qBAAqB,OAAA,CAAQ;AAAA,KAC/B;AAAA,EACF,CAAA,SAAE;AACA,IAAA,YAAA,CAAa,OAAO,CAAA;AAAA,EACtB;AACF;AAWA,SAAS,yBAAyB,OAAA,EAAiE;AACjG,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,QAAQ,KAAA,IAAS,KAAA;AAAA,IAC5B,SAAA,EAAW,sBAAA,CAAuB,OAAA,CAAQ,SAAS,CAAA;AAAA,IACnD,SAAA,EAAW,QAAQ,SAAA,IAAa,GAAA;AAAA,IAChC,YAAA,EAAc,QAAQ,YAAA,IAAgB,qBAAA;AAAA,IACtC,MAAA,EAAQ,QAAQ,UAAA,IAAc,IAAA;AAAA,IAC9B,aAAa,OAAA,CAAQ;AAAA,GACvB;AACF;AAEA,SAAS,gBAAgB,UAAA,EAA+D;AACtF,EAAA,OAAO,EAAE,SAAA,EAAW,IAAA,EAAM,UAAA,EAAW;AACvC;AAEA,eAAe,iBAAA,CACb,KACA,OAAA,EAC+C;AAC/C,EAAA,MAAM,WAAW,MAAM,GAAA,CAAI,UAAU,CAAA,EAAG,GAAA,CAAI,SAAS,CAAA,OAAA,CAAA,EAAW;AAAA,IAC9D,OAAA;AAAA,IACA,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,SAAS;AAAA,GAC1C,CAAA;AACD,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,OAAO,EAAE,IAAI,KAAA,EAAM;AAAA,EACrB;AACA,EAAA,MAAM,IAAA,GAAQ,MAAM,sBAAA,CAAuB,QAAQ,CAAA;AACnD,EAAA,MAAM,UAAA,GACH,OAAO,IAAA,CAAK,OAAA,KAAY,QAAA,IAAY,IAAA,CAAK,OAAA,IACzC,OAAO,IAAA,CAAK,OAAA,KAAY,QAAA,IAAY,IAAA,CAAK,OAAA,IAC1C,MAAA;AACF,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,UAAA,EAAW;AAChC;AAEA,eAAe,aACb,GAAA,EAC0D;AAC1D,EAAA,IAAI,CAAC,IAAI,MAAA,EAAQ;AACf,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI;AACF,IAAA,MAAM,QAAQ,MAAM,GAAA,CAAI,WAAA,CAAY,GAAA,CAAI,cAAc,MAAM,CAAA;AAC5D,IAAA,MAAM,EAAE,EAAA,EAAI,UAAA,EAAW,GAAI,MAAM,kBAAkB,GAAA,EAAK;AAAA,MACtD,aAAA,EAAe,UAAU,KAAK,CAAA;AAAA,KAC/B,CAAA;AACD,IAAA,OAAO,EAAA,GAAK,eAAA,CAAgB,UAAU,CAAA,GAAI,IAAA;AAAA,EAC5C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAEA,eAAe,eACb,GAAA,EAC0D;AAC1D,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,IAAI,UAAA,EAAW,GAAI,MAAM,iBAAA,CAAkB,GAAA,EAAK,EAAE,CAAA;AAC1D,IAAA,OAAO,EAAA,GAAK,eAAA,CAAgB,UAAU,CAAA,GAAI,IAAA;AAAA,EAC5C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAEA,eAAe,gBAAgB,GAAA,EAA2C;AACxE,EAAA,IAAI;AACF,IAAA,MAAM,QAAQ,MAAM,GAAA,CAAI,WAAA,CAAY,GAAA,CAAI,cAAc,MAAM,CAAA;AAC5D,IAAA,MAAM,WAAW,MAAM,GAAA,CAAI,UAAU,CAAA,EAAG,GAAA,CAAI,SAAS,CAAA,uBAAA,CAAA,EAA2B;AAAA,MAC9E,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA;AAAA,QAC9B,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,SAAS;AAAA,KAC1C,CAAA;AACD,IAAA,OAAO,QAAA,CAAS,EAAA;AAAA,EAClB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,eAAe,4BACb,GAAA,EACsD;AACtD,EAAA,MAAM,SAAA,GAAY,MAAM,YAAA,CAAa,GAAG,CAAA;AACxC,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,OAAO,SAAA;AAAA,EACT;AACA,EAAA,MAAM,WAAA,GAAc,MAAM,cAAA,CAAe,GAAG,CAAA;AAC5C,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,IAAI,MAAM,eAAA,CAAgB,GAAG,CAAA,EAAG;AAC9B,IAAA,OAAO,eAAA,EAAgB;AAAA,EACzB;AACA,EAAA,OAAO,EAAE,WAAW,KAAA,EAAM;AAC5B;AAEA,eAAsB,4BACpB,OAAA,EACsD;AACtD,EAAA,MAAM,GAAA,GAAM,yBAAyB,OAAO,CAAA;AAE5C,EAAA,IAAI;AACF,IAAA,MAAM,SAAS,MAAM,GAAA,CAAI,UAAU,CAAA,EAAG,GAAA,CAAI,SAAS,CAAA,QAAA,CAAA,EAAY;AAAA,MAC7D,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,SAAS;AAAA,KAC1C,CAAA;AACD,IAAA,IAAI,OAAO,EAAA,EAAI;AACb,MAAA,OAAO,4BAA4B,GAAG,CAAA;AAAA,IACxC;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,OAAO,4BAA4B,GAAG,CAAA;AACxC;;;AC9YA,SAAS,oBAAA,GAAiC;AACxC,EAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,cAAA,EAAgB,CAAA,EAAG;AAAA,IAC7D,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;AAEA,SAAS,WAAW,MAAA,EAAgD;AAClE,EAAA,IAAI,kBAAkB,QAAA,EAAU;AAC9B,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,QAAA,CAAS,MAAA,CAAO,IAAA,KAAS,MAAA,GAAY,OAAO,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,IAAI,CAAA,EAAG;AAAA,IAClF,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;AAWO,SAAS,+BACd,MAAA,EAC0B;AAC1B,EAAA,eAAe,sBACb,cAAA,EAC2D;AAC3D,IAAA,IAAI,OAAO,qBAAA,EAAuB;AAChC,MAAA,OAAO,MAAA,CAAO,sBAAsB,cAAc,CAAA;AAAA,IACpD;AACA,IAAA,OAAO;AAAA,MACL,aAAa,MAAA,CAAO,oBAAA;AAAA,MACpB,iBAAiB,MAAA,CAAO;AAAA,KAC1B;AAAA,EACF;AAEA,EAAA,MAAM,eAAe,wBAAA,CAAyB;AAAA;AAAA;AAAA;AAAA,IAI5C,IAAA,EAAM,OAAO,cAAA,EAAgB,cAAA,KAAmB;AAC9C,MAAA,MAAM,EAAE,WAAA,EAAa,eAAA,EAAgB,GAAI,MAAM,sBAAsB,cAAc,CAAA;AACnF,MAAA,OAAO,mBAAA,CAAoB;AAAA,QACzB,WAAW,MAAA,CAAO,kBAAA;AAAA,QAClB,WAAA;AAAA,QACA,eAAA;AAAA,QACA,cAAA;AAAA,QACA,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAAA,IACH;AAAA,GACD,CAAA;AAED,EAAA,eAAe,aAAA,CACb,KAAA,EACA,cAAA,EACA,OAAA,EAC0B;AAC1B,IAAA,IAAI,CAAC,OAAO,UAAA,EAAY;AACtB,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,UAAA,CAAW,EAAE,KAAA,EAAO,cAAA,EAAgB,SAAS,CAAA;AACzE,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAO,WAAW,MAAM,CAAA;AAAA,EAC1B;AAEA,EAAA,eAAe,WAAA,CAAY,OAA0B,OAAA,EAAqC;AACxF,IAAA,OAAO,0BAAA,CAA2B;AAAA,MAChC,OAAA;AAAA,MACA,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,KAAK,KAAA,CAAM,GAAA;AAAA,MACX,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,mBAAmB,MAAA,CAAO,iBAAA;AAAA,MAC1B,OAAO,MAAA,CAAO;AAAA,KACf,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,OAAA,GAAU,eAAe,wBAAA,CAAyB,OAAA,EAAqC;AAC3F,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,YAAA,CAAa,OAAO,CAAA;AACjD,MAAA,IAAI,WAAW,IAAA,EAAM;AACnB,QAAA,OAAO,oBAAA,EAAqB;AAAA,MAC9B;AAEA,MAAA,MAAM,kBAAkB,MAAM,MAAA,CAAO,qBAAA,CAAsB,OAAO,GAAG,IAAA,EAAK;AAC1E,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,MAAM,IAAI,cAAc,4CAAA,EAA8C;AAAA,UACpE,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA,SACP,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,qBAAA,GAAA,CACzB,MAAM,MAAA,CAAO,qBAAA,CAAsB,OAAO,CAAA,EAAG,IAAA,EAAK,GACnD,MAAA,CAAO,iBAAA,CAAkB,IAAA,EAAK;AAClC,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,MAAM,IAAI,cAAc,4CAAA,EAA8C;AAAA,UACpE,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA,SACP,CAAA;AAAA,MACH;AAEA,MAAA,IAAI,KAAA,GAAQ,MAAM,YAAA,CAAa,QAAA,CAAS,gBAAgB,cAAc,CAAA;AACtE,MAAA,MAAM,OAAA,GAAU,MAAM,aAAA,CAAc,KAAA,EAAO,gBAAgB,OAAO,CAAA;AAClE,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,OAAO,OAAA;AAAA,MACT;AAEA,MAAA,IAAI,QAAA,GAAW,MAAM,WAAA,CAAY,KAAA,EAAO,OAAO,CAAA;AAC/C,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,QAAA,YAAA,CAAa,UAAA,CAAW,gBAAgB,cAAc,CAAA;AACtD,QAAA,KAAA,GAAQ,MAAM,YAAA,CAAa,QAAA,CAAS,cAAA,EAAgB,cAAA,EAAgB;AAAA,UAClE,YAAA,EAAc;AAAA,SACf,CAAA;AACD,QAAA,MAAM,YAAA,GAAe,MAAM,aAAA,CAAc,KAAA,EAAO,gBAAgB,OAAO,CAAA;AACvE,QAAA,IAAI,YAAA,EAAc;AAChB,UAAA,OAAO,YAAA;AAAA,QACT;AACA,QAAA,QAAA,GAAW,MAAM,WAAA,CAAY,KAAA,EAAO,OAAO,CAAA;AAAA,MAC7C;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,2BAA2B,KAAK,CAAA;AAAA,IACzC;AAAA,EACF,CAAA;AAEA,EAAA,OAAA,CAAQ,iBAAiB,CAAC,cAAA,EAAgB,mBACxC,YAAA,CAAa,IAAA,CAAK,gBAAgB,cAAc,CAAA;AAClD,EAAA,OAAA,CAAQ,kBAAkB,CAAC,cAAA,EAAgB,mBACzC,YAAA,CAAa,UAAA,CAAW,gBAAgB,cAAc,CAAA;AAExD,EAAA,OAAO,OAAA;AACT","file":"server.js","sourcesContent":["export class PmtHouseError extends Error {\n readonly status: number;\n readonly code: string;\n readonly details?: unknown;\n\n constructor(\n message: string,\n {\n status = 500,\n code = \"pymthouse_error\",\n details,\n }: {\n status?: number;\n code?: string;\n details?: unknown;\n } = {},\n ) {\n super(message);\n this.name = \"PmtHouseError\";\n this.status = status;\n this.code = code;\n this.details = details;\n }\n}\n\nexport function toPmtHouseError(\n error: unknown,\n fallbackMessage: string,\n): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n\n if (error instanceof Error) {\n return new PmtHouseError(error.message || fallbackMessage, {\n code: \"unexpected_error\",\n status: 500,\n });\n }\n\n return new PmtHouseError(fallbackMessage, {\n code: \"unexpected_error\",\n status: 500,\n });\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nexport function signerHandlerErrorResponse(error: unknown): Response {\n if (error instanceof PmtHouseError) {\n return new Response(\n JSON.stringify({\n error: error.code,\n error_description: error.message,\n details: error.details,\n }),\n {\n status: error.status,\n headers: { \"Content-Type\": \"application/json\" },\n },\n );\n }\n const message = error instanceof Error ? error.message : \"Internal error\";\n return new Response(JSON.stringify({ error: \"internal_error\", error_description: message }), {\n status: 500,\n headers: { \"Content-Type\": \"application/json\" },\n });\n}\n","import { PmtHouseError } from \"../errors.js\";\nimport type { ForwardDirectSignerRequestOptions, SignerJwtIdentity } from \"./types.js\";\n\nfunction base64UrlPayloadToUtf8(payloadB64: string): string {\n const normalized = payloadB64.replaceAll(\"-\", \"+\").replaceAll(\"_\", \"/\");\n const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, \"=\");\n if (typeof Buffer !== \"undefined\") {\n return Buffer.from(padded, \"base64\").toString(\"utf8\");\n }\n return atob(padded);\n}\n\nexport function decodeJwtPayload(jwt: string): Record<string, unknown> {\n const parts = jwt.trim().split(\".\");\n if (parts.length < 2) {\n throw new PmtHouseError(\"Invalid JWT shape\", {\n status: 500,\n code: \"invalid_jwt\",\n });\n }\n try {\n const payloadJson = base64UrlPayloadToUtf8(parts[1]);\n const payload = JSON.parse(payloadJson) as Record<string, unknown>;\n if (!payload || typeof payload !== \"object\") {\n throw new Error(\"payload not an object\");\n }\n return payload;\n } catch {\n throw new PmtHouseError(\"Failed to decode JWT payload\", {\n status: 500,\n code: \"invalid_jwt\",\n });\n }\n}\n\nfunction readClaim(payload: Record<string, unknown>, ...keys: string[]): string {\n for (const key of keys) {\n const value = payload[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n return \"\";\n}\n\nexport function identityFromJwtPayload(payload: Record<string, unknown>): SignerJwtIdentity {\n const issuer = readClaim(payload, \"iss\");\n const clientId = readClaim(payload, \"client_id\");\n const usageSubject = readClaim(payload, \"external_user_id\", \"usage_subject\", \"sub\");\n const usageSubjectType =\n readClaim(payload, \"external_user_id_type\", \"usage_subject_type\") || \"external_user_id\";\n\n if (!issuer || !clientId || !usageSubject) {\n throw new PmtHouseError(\"JWT payload missing signer identity claims\", {\n status: 500,\n code: \"invalid_jwt\",\n details: { issuer, clientId, usageSubject },\n });\n }\n\n return {\n issuer,\n clientId,\n usageSubject,\n usageSubjectType,\n };\n}\n\nexport function livepeerIdentityHeaders(identity: SignerJwtIdentity): Record<string, string> {\n return {\n \"X-Livepeer-Usage-Issuer\": identity.issuer,\n \"X-Livepeer-Client-ID\": identity.clientId,\n \"X-Livepeer-Usage-Subject\": identity.usageSubject,\n \"X-Livepeer-Usage-Subject-Type\": identity.usageSubjectType,\n };\n}\n\nfunction resolveRemoteUrl(\n request: Request,\n remoteSignerUrl: string | URL,\n proxyPathPrefix?: string,\n defaultRemotePath = \"/generate-live-payment\",\n): URL {\n const remoteBase = new URL(remoteSignerUrl);\n const incoming = new URL(request.url);\n let remotePath = incoming.pathname;\n\n if (proxyPathPrefix) {\n const prefix = proxyPathPrefix.endsWith(\"/\")\n ? proxyPathPrefix.slice(0, -1)\n : proxyPathPrefix;\n if (remotePath.startsWith(prefix)) {\n remotePath = remotePath.slice(prefix.length) || defaultRemotePath;\n }\n }\n\n if (!remotePath.startsWith(\"/\")) {\n remotePath = `/${remotePath}`;\n }\n\n const target = new URL(remoteBase);\n target.pathname = remotePath || defaultRemotePath;\n target.search = incoming.search;\n return target;\n}\n\nexport async function forwardDirectSignerRequest(\n options: ForwardDirectSignerRequestOptions,\n): Promise<Response> {\n const fetchImpl = options.fetch ?? fetch;\n const identity = identityFromJwtPayload(decodeJwtPayload(options.jwt));\n const target = resolveRemoteUrl(\n options.request,\n options.remoteSignerUrl,\n options.proxyPathPrefix,\n options.defaultRemotePath,\n );\n\n const headers = new Headers(options.request.headers);\n headers.set(\"Authorization\", `Bearer ${options.jwt}`);\n for (const [name, value] of Object.entries(livepeerIdentityHeaders(identity))) {\n headers.set(name, value);\n }\n headers.delete(\"host\");\n headers.delete(\"content-length\");\n\n const init: RequestInit & { duplex?: \"half\" } = {\n method: options.request.method,\n headers,\n body: options.request.body,\n cache: \"no-store\",\n };\n if (options.request.body) {\n init.duplex = \"half\";\n }\n\n return fetchImpl(target, init);\n}\n","import { PmtHouseError } from \"../errors.js\";\nimport { decodeJwtPayload, identityFromJwtPayload } from \"./forward.js\";\nimport type { CachedSignerToken, SignerTokenManagerOptions } from \"./types.js\";\n\nfunction cacheKey(clientId: string, externalUserId: string): string {\n return `${clientId}\\0${externalUserId}`;\n}\n\nexport interface SignerTokenManager {\n getToken(\n publicClientId: string,\n externalUserId: string,\n options?: { forceRefresh?: boolean },\n ): Promise<CachedSignerToken>;\n invalidate(publicClientId: string, externalUserId: string): void;\n peek(publicClientId: string, externalUserId: string): CachedSignerToken | undefined;\n}\n\nexport function createSignerTokenManager(options: SignerTokenManagerOptions): SignerTokenManager {\n const ttlRefreshRatio = options.ttlRefreshRatio ?? 0.8;\n const cache = new Map<string, CachedSignerToken>();\n const inflight = new Map<string, Promise<CachedSignerToken>>();\n\n function isUsable(entry: CachedSignerToken, now: number, forceRefresh: boolean): boolean {\n if (forceRefresh) return false;\n if (now >= entry.expiresAt) return false;\n if (now >= entry.refreshAt) return false;\n return true;\n }\n\n async function refresh(\n publicClientId: string,\n externalUserId: string,\n ): Promise<CachedSignerToken> {\n const key = cacheKey(publicClientId, externalUserId);\n const existing = inflight.get(key);\n if (existing) {\n return existing;\n }\n\n const promise = options\n .mint(publicClientId, externalUserId)\n .then((token) => {\n const identity = identityFromJwtPayload(decodeJwtPayload(token.jwt));\n if (identity.clientId !== publicClientId) {\n throw new PmtHouseError(\"minted JWT client_id does not match public client id\", {\n status: 500,\n code: \"invalid_client_id\",\n details: { expected: publicClientId, actual: identity.clientId },\n });\n }\n\n const normalized: CachedSignerToken = {\n ...token,\n refreshAt:\n token.refreshAt ||\n Date.now() + Math.floor((token.expiresAt - Date.now()) * ttlRefreshRatio),\n };\n cache.set(key, normalized);\n inflight.delete(key);\n return normalized;\n })\n .catch((error: unknown) => {\n inflight.delete(key);\n throw error;\n });\n\n inflight.set(key, promise);\n return promise;\n }\n\n return {\n peek(publicClientId, externalUserId) {\n return cache.get(cacheKey(publicClientId, externalUserId));\n },\n\n invalidate(publicClientId, externalUserId) {\n const key = cacheKey(publicClientId, externalUserId);\n cache.delete(key);\n inflight.delete(key);\n },\n\n async getToken(publicClientId, externalUserId, getOptions = {}) {\n const now = Date.now();\n const key = cacheKey(publicClientId, externalUserId);\n const cached = cache.get(key);\n if (cached && isUsable(cached, now, getOptions.forceRefresh === true)) {\n return cached;\n }\n\n return refresh(publicClientId, externalUserId);\n },\n };\n}\n","/** Removes trailing `/` without regex (linear time). */\nexport function stripTrailingSlashes(value: string): string {\n let end = value.length;\n while (end > 0 && (value.codePointAt(end - 1) ?? 0) === 47) {\n end--;\n }\n return value.slice(0, end);\n}\n\nfunction endsWithIgnoreCase(value: string, suffix: string): boolean {\n if (suffix.length > value.length) {\n return false;\n }\n const start = value.length - suffix.length;\n for (let i = 0; i < suffix.length; i++) {\n const a = value.codePointAt(start + i) ?? 0;\n const b = suffix.codePointAt(i) ?? 0;\n if (a !== b && (a | 32) !== (b | 32)) {\n return false;\n }\n }\n return true;\n}\n\nfunction stripSuffixIgnoreCase(value: string, suffix: string): string {\n return endsWithIgnoreCase(value, suffix)\n ? value.slice(0, value.length - suffix.length)\n : value;\n}\n\n/** Issuer URL (`…/oidc`) → Builder API base (`…/api/v1`). Linear-time; no regex. */\nexport function stripOidcPathSuffix(issuerUrl: string): string {\n let base = stripTrailingSlashes(issuerUrl.trim());\n base = stripSuffixIgnoreCase(base, \"/oidc\");\n return stripTrailingSlashes(base);\n}\n\n/** Issuer URL (`…/api/v1/oidc`) → host origin for signer/API-key routes. Linear-time; no regex. */\nexport function stripIssuerOriginFromOidcUrl(issuerUrl: string): string {\n let base = stripTrailingSlashes(issuerUrl.trim());\n base = stripSuffixIgnoreCase(base, \"/api/v1/oidc\");\n base = stripSuffixIgnoreCase(base, \"/oidc\");\n return stripTrailingSlashes(base);\n}\n\n/** Parse and validate an http(s) facade origin (no path). */\nexport function parseHttpOrigin(raw: string | undefined, fallback: string): string {\n const trimmed = (raw ?? fallback).trim();\n let parsed: URL;\n try {\n parsed = new URL(trimmed);\n } catch {\n throw new TypeError(\"Origin must be a valid http(s) URL\");\n }\n if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") {\n throw new TypeError(\"Origin must use http or https\");\n }\n return parsed.origin;\n}\n\n","import {\n allowInsecureRequests,\n customFetch,\n discoveryRequest,\n processDiscoveryResponse,\n type AuthorizationServer,\n} from \"oauth4webapi\";\nimport { PmtHouseError } from \"./errors.js\";\nimport { stripTrailingSlashes } from \"./string-utils.js\";\nimport type { FetchLike, OidcDiscoveryDocument } from \"./types.js\";\n\nexport function authorizationServerToOidcDocument(as: AuthorizationServer): OidcDiscoveryDocument {\n const tokenEndpoint = as.token_endpoint;\n const jwksUri = as.jwks_uri;\n if (!tokenEndpoint || !jwksUri) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint or jwks_uri\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n return {\n issuer: as.issuer,\n authorization_endpoint: as.authorization_endpoint ?? \"\",\n token_endpoint: tokenEndpoint,\n jwks_uri: jwksUri,\n userinfo_endpoint: as.userinfo_endpoint,\n device_authorization_endpoint: as.device_authorization_endpoint,\n };\n}\n\nconst CACHE_TTL_MS = 5 * 60 * 1000;\n\ntype CacheEntry = {\n as: AuthorizationServer;\n fetchedAt: number;\n};\n\nconst discoveryCache = new Map<string, CacheEntry>();\n\nfunction normalizedIssuerKey(issuerUrl: string): string {\n return stripTrailingSlashes(issuerUrl);\n}\n\nexport interface LoadAuthorizationServerOptions {\n force?: boolean;\n allowInsecureHttp?: boolean;\n}\n\n/**\n * Loads OIDC discovery metadata via oauth4webapi (RFC 8414 / OIDC Discovery), with a 5-minute cache.\n */\nexport async function loadAuthorizationServer(\n issuerUrl: string,\n fetchImpl: FetchLike,\n options: LoadAuthorizationServerOptions = {},\n): Promise<AuthorizationServer> {\n const key = normalizedIssuerKey(issuerUrl);\n const now = Date.now();\n const cached = discoveryCache.get(key);\n\n if (!options.force && cached && now - cached.fetchedAt < CACHE_TTL_MS) {\n return cached.as;\n }\n\n const issuerIdentifier = new URL(key);\n const discoveryOpts: Parameters<typeof discoveryRequest>[1] = {\n algorithm: \"oidc\",\n [customFetch]: fetchImpl,\n };\n if (options.allowInsecureHttp) {\n discoveryOpts[allowInsecureRequests] = true;\n }\n\n let response: Response;\n try {\n response = await discoveryRequest(issuerIdentifier, discoveryOpts);\n } catch (e) {\n throw mapDiscoveryNetworkError(e);\n }\n\n let as: AuthorizationServer;\n try {\n as = await processDiscoveryResponse(issuerIdentifier, response);\n } catch (e) {\n throw mapOAuthDiscoveryError(e);\n }\n\n discoveryCache.set(key, { as, fetchedAt: now });\n return as;\n}\n\nexport async function fetchDiscoveryDocument(\n issuerUrl: string,\n fetchImpl: FetchLike,\n options: LoadAuthorizationServerOptions = {},\n): Promise<OidcDiscoveryDocument> {\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, options);\n return authorizationServerToOidcDocument(as);\n}\n\nexport function clearDiscoveryCache(issuerUrl?: string): void {\n if (!issuerUrl) {\n discoveryCache.clear();\n return;\n }\n discoveryCache.delete(normalizedIssuerKey(issuerUrl));\n}\n\nfunction mapOAuthDiscoveryError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n if (error instanceof Error) {\n return new PmtHouseError(error.message, {\n status: 500,\n code: \"oidc_discovery_invalid\",\n details: { cause: error.cause },\n });\n }\n return new PmtHouseError(\"OIDC discovery failed\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n}\n\nfunction mapDiscoveryNetworkError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n if (error instanceof Error) {\n return new PmtHouseError(`Failed to load OIDC discovery: ${error.message}`, {\n status: 502,\n code: \"oidc_discovery_failed\",\n });\n }\n return new PmtHouseError(\"Failed to load OIDC discovery\", {\n status: 502,\n code: \"oidc_discovery_failed\",\n });\n}\n","/**\n * Base64url-safe Basic auth encoding for `client_id:client_secret` (UTF-8).\n * Works in Node, Edge, and Workers without assuming `Buffer`.\n */\nexport function encodeClientSecretBasic(clientId: string, clientSecret: string): string {\n const raw = `${clientId}:${clientSecret}`;\n const b64 =\n typeof Buffer !== \"undefined\"\n ? Buffer.from(raw, \"utf8\").toString(\"base64\")\n : btoa(Array.from(new TextEncoder().encode(raw), (c) => String.fromCharCode(c)).join(\"\"));\n return `Basic ${b64}`;\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nfunction oauthFailureDescription(\n parsed: Record<string, unknown>,\n failureLabel: string,\n status: number,\n): string {\n if (typeof parsed.error_description === \"string\") {\n return parsed.error_description;\n }\n if (typeof parsed.error === \"string\") {\n return parsed.error;\n }\n return `${failureLabel} (${status})`;\n}\n\nexport type ReadJsonObjectFromResponseOptions = {\n invalidJsonMessage: string;\n invalidJsonCode: string;\n failureLabel: string;\n defaultErrorCode: string;\n};\n\nexport async function readJsonObjectFromResponse(\n response: Response,\n options: ReadJsonObjectFromResponseOptions,\n): Promise<Record<string, unknown>> {\n const text = await response.text();\n let parsed: Record<string, unknown>;\n try {\n parsed = text ? (JSON.parse(text) as Record<string, unknown>) : {};\n } catch {\n throw new PmtHouseError(options.invalidJsonMessage, {\n status: 502,\n code: options.invalidJsonCode,\n details: { status: response.status },\n });\n }\n\n if (!response.ok) {\n const description = oauthFailureDescription(parsed, options.failureLabel, response.status);\n throw new PmtHouseError(description, {\n status: response.status,\n code: typeof parsed.error === \"string\" ? parsed.error : options.defaultErrorCode,\n details: parsed,\n });\n }\n\n return parsed;\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nexport function readStringField(\n body: Record<string, unknown>,\n key: string,\n errorCode: string,\n messagePrefix = \"Response\",\n): string {\n const value = body[key];\n if (typeof value !== \"string\" || !value.trim()) {\n throw new PmtHouseError(`${messagePrefix} missing ${key}`, {\n status: 502,\n code: errorCode,\n });\n }\n return value.trim();\n}\n\nexport function readExpiresIn(body: Record<string, unknown>, errorCode: string): number {\n const expiresIn = body.expires_in;\n if (typeof expiresIn !== \"number\" || !Number.isFinite(expiresIn) || expiresIn <= 0) {\n throw new PmtHouseError(\"Response missing expires_in\", {\n status: 502,\n code: errorCode,\n });\n }\n return Math.floor(expiresIn);\n}\n","import { stripTrailingSlashes } from \"../string-utils.js\";\nimport { loadAuthorizationServer } from \"../discovery.js\";\nimport { encodeClientSecretBasic } from \"../encoding.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { readExpiresIn, readStringField } from \"./json-fields.js\";\nimport type { CachedSignerToken, MintUserSignerTokenOptions, MintUserSignerTokenResponse } from \"./types.js\";\n\nexport const SIGN_MINT_USER_TOKEN_SCOPE = \"sign:mint_user_token\";\n\n/** @deprecated Signer JWT `aud` is the OIDC issuer URL; kept for legacy callers. */\nexport const LIVEPEER_REMOTE_SIGNER_AUDIENCE = \"livepeer-remote-signer\";\n\nconst DEFAULT_TTL_REFRESH_RATIO = 0.8;\nconst TOKEN_RESPONSE_ERROR = \"invalid_token_response\";\n\nexport function signerJwtAudience(issuerUrl: string): string {\n return stripTrailingSlashes(issuerUrl);\n}\n\nexport function parseMintUserSignerTokenResponse(\n body: Record<string, unknown>,\n ttlRefreshRatio = DEFAULT_TTL_REFRESH_RATIO,\n): CachedSignerToken {\n const accessToken = readStringField(body, \"access_token\", TOKEN_RESPONSE_ERROR, \"Token response\");\n const expiresIn = readExpiresIn(body, TOKEN_RESPONSE_ERROR);\n const balanceUsdMicros = readStringField(\n body,\n \"balanceUsdMicros\",\n TOKEN_RESPONSE_ERROR,\n \"Token response\",\n );\n const lifetimeGrantedUsdMicros = readStringField(\n body,\n \"lifetimeGrantedUsdMicros\",\n TOKEN_RESPONSE_ERROR,\n \"Token response\",\n );\n const now = Date.now();\n const expiresAt = now + expiresIn * 1000;\n const refreshAt = now + Math.floor(expiresIn * 1000 * ttlRefreshRatio);\n\n return {\n jwt: accessToken,\n expiresAt,\n refreshAt,\n balanceUsdMicros,\n lifetimeGrantedUsdMicros,\n };\n}\n\nexport async function mintUserSignerToken(\n options: MintUserSignerTokenOptions,\n): Promise<CachedSignerToken> {\n const fetchImpl = options.fetch ?? fetch;\n const issuerUrl = stripTrailingSlashes(options.issuerUrl);\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, {\n allowInsecureHttp: options.allowInsecureHttp,\n });\n const tokenEndpoint = as.token_endpoint;\n if (!tokenEndpoint) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n\n const audience = signerJwtAudience(issuerUrl);\n const body = new URLSearchParams({\n grant_type: \"client_credentials\",\n scope: SIGN_MINT_USER_TOKEN_SCOPE,\n external_user_id: options.externalUserId,\n audience,\n });\n\n const response = await fetchImpl(tokenEndpoint, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: body.toString(),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Token endpoint returned invalid JSON\",\n invalidJsonCode: TOKEN_RESPONSE_ERROR,\n failureLabel: \"Token mint failed\",\n defaultErrorCode: \"token_mint_failed\",\n });\n\n return parseMintUserSignerTokenResponse(parsed);\n}\n\nexport function toMintUserSignerTokenResponse(token: CachedSignerToken): MintUserSignerTokenResponse {\n const expiresIn = Math.max(1, Math.floor((token.expiresAt - Date.now()) / 1000));\n return {\n access_token: token.jwt,\n expires_in: expiresIn,\n balanceUsdMicros: token.balanceUsdMicros,\n lifetimeGrantedUsdMicros: token.lifetimeGrantedUsdMicros,\n };\n}\n","import { loadAuthorizationServer } from \"../discovery.js\";\nimport { encodeClientSecretBasic } from \"../encoding.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { stripTrailingSlashes } from \"../string-utils.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { readExpiresIn, readStringField } from \"./json-fields.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport {\n LIVEPEER_REMOTE_SIGNER_AUDIENCE,\n parseMintUserSignerTokenResponse,\n} from \"./mint-token.js\";\nimport type {\n DeviceExchangeHandlerConfig,\n DeviceExchangeHandlerConfigRemote,\n DeviceExchangeMintContext,\n DeviceExchangeMintResult,\n DeviceExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeDeviceTokenForSignerOptions,\n MintSignerTokenFromDeviceTokenOptions,\n} from \"./types.js\";\n\nconst TOKEN_EXCHANGE_GRANT = \"urn:ietf:params:oauth:grant-type:token-exchange\";\nconst SUBJECT_ACCESS_TOKEN_TYPE = \"urn:ietf:params:oauth:token-type:access_token\";\nconst EXCHANGE_RESPONSE_ERROR = \"invalid_exchange_response\";\n\nexport function extractSignerAccessTokenFromExchangeBody(\n body: Record<string, unknown>,\n): string {\n const tokenObj = body.token;\n if (tokenObj !== null && typeof tokenObj === \"object\" && !Array.isArray(tokenObj)) {\n const nested = tokenObj as Record<string, unknown>;\n for (const key of [\"accessToken\", \"access_token\"] as const) {\n const value = nested[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n }\n for (const key of [\"accessToken\", \"access_token\"] as const) {\n const value = body[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n throw new PmtHouseError(\"Device exchange response missing signer access token\", {\n status: 502,\n code: \"invalid_exchange_response\",\n });\n}\n\nexport function normalizeDeviceExchangeResponse(\n minted: DeviceExchangeMintResult,\n options?: { signerUrl?: string },\n): DeviceExchangeResponse {\n const scope = minted.scope.trim() || \"sign:job\";\n const body: DeviceExchangeResponse = {\n access_token: minted.access_token,\n token_type: \"Bearer\",\n expires_in: minted.expires_in,\n scope,\n balanceUsdMicros: minted.balanceUsdMicros,\n lifetimeGrantedUsdMicros: minted.lifetimeGrantedUsdMicros,\n token: {\n accessToken: minted.access_token,\n access_token: minted.access_token,\n expiresIn: minted.expires_in,\n expires_in: minted.expires_in,\n scope,\n balanceUsdMicros: minted.balanceUsdMicros,\n lifetimeGrantedUsdMicros: minted.lifetimeGrantedUsdMicros,\n },\n };\n const signerUrl = options?.signerUrl?.trim();\n if (signerUrl) {\n body.signerUrl = signerUrl;\n }\n return body;\n}\n\nexport async function parseDeviceExchangeRequestBody(\n request: Request,\n): Promise<DeviceExchangeRequestBody> {\n let body: unknown;\n try {\n body = await request.json();\n } catch {\n throw new PmtHouseError(\"Request body must be JSON\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n throw new PmtHouseError(\"Request body must be a JSON object\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const record = body as Record<string, unknown>;\n const deviceTokenRaw = record.deviceToken;\n if (typeof deviceTokenRaw !== \"string\" || !deviceTokenRaw.trim()) {\n throw new PmtHouseError(\"Request body must include deviceToken\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const deviceToken = deviceTokenRaw.trim();\n const scope =\n typeof record.scope === \"string\" && record.scope.trim()\n ? record.scope.trim()\n : undefined;\n const clientId =\n typeof record.clientId === \"string\" && record.clientId.trim()\n ? record.clientId.trim()\n : undefined;\n return { deviceToken, scope, clientId };\n}\n\nexport async function mintSignerTokenFromDeviceToken(\n options: MintSignerTokenFromDeviceTokenOptions,\n): Promise<DeviceExchangeMintResult> {\n const fetchImpl = options.fetch ?? fetch;\n const issuerUrl = stripTrailingSlashes(options.issuerUrl);\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, {\n allowInsecureHttp: options.allowInsecureHttp,\n });\n const tokenEndpoint = as.token_endpoint;\n if (!tokenEndpoint) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n\n const audience = options.audience?.trim() || LIVEPEER_REMOTE_SIGNER_AUDIENCE;\n const params = new URLSearchParams({\n grant_type: TOKEN_EXCHANGE_GRANT,\n subject_token: options.deviceToken,\n subject_token_type: SUBJECT_ACCESS_TOKEN_TYPE,\n audience,\n resource: audience,\n });\n if (options.scope?.trim()) {\n params.set(\"scope\", options.scope.trim());\n }\n\n const response = await fetchImpl(tokenEndpoint, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: params.toString(),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Token endpoint returned invalid JSON\",\n invalidJsonCode: \"invalid_token_response\",\n failureLabel: \"Signer JWT exchange failed\",\n defaultErrorCode: \"token_exchange_failed\",\n });\n\n const cached = parseMintUserSignerTokenResponse(parsed);\n return {\n access_token: cached.jwt,\n expires_in: readExpiresIn(parsed, EXCHANGE_RESPONSE_ERROR),\n scope: readStringField(parsed, \"scope\", EXCHANGE_RESPONSE_ERROR),\n balanceUsdMicros: cached.balanceUsdMicros,\n lifetimeGrantedUsdMicros: cached.lifetimeGrantedUsdMicros,\n };\n}\n\nexport async function exchangeDeviceTokenForSigner(\n options: ExchangeDeviceTokenForSignerOptions,\n): Promise<DeviceExchangeResponse> {\n const fetchImpl = options.fetch ?? fetch;\n const url = `${stripTrailingSlashes(options.facadeUrl)}/api/signer/device/exchange`;\n const body: Record<string, string> = { deviceToken: options.deviceToken };\n if (options.scope?.trim()) {\n body.scope = options.scope.trim();\n }\n if (options.clientId?.trim()) {\n body.clientId = options.clientId.trim();\n }\n\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Device exchange returned invalid JSON\",\n invalidJsonCode: EXCHANGE_RESPONSE_ERROR,\n failureLabel: \"Device exchange failed\",\n defaultErrorCode: \"device_exchange_failed\",\n });\n\n const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);\n const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;\n const signerUrl =\n typeof signerUrlRaw === \"string\" && signerUrlRaw.trim() ? signerUrlRaw.trim() : undefined;\n return normalizeDeviceExchangeResponse(\n {\n access_token: accessToken,\n expires_in: readExpiresIn(parsed, EXCHANGE_RESPONSE_ERROR),\n scope:\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : \"sign:job\",\n balanceUsdMicros:\n typeof parsed.balanceUsdMicros === \"string\" ? parsed.balanceUsdMicros : \"0\",\n lifetimeGrantedUsdMicros:\n typeof parsed.lifetimeGrantedUsdMicros === \"string\"\n ? parsed.lifetimeGrantedUsdMicros\n : \"0\",\n },\n { signerUrl },\n );\n}\n\ntype CreateDeviceExchangeHandlerInput =\n | DeviceExchangeHandlerConfig\n | DeviceExchangeHandlerConfigRemote;\n\nfunction resolveMint(\n config: CreateDeviceExchangeHandlerInput,\n): (deviceToken: string, context: DeviceExchangeMintContext) => Promise<DeviceExchangeMintResult> {\n if (\"mint\" in config && typeof config.mint === \"function\") {\n return config.mint;\n }\n return (deviceToken, context) =>\n mintSignerTokenFromDeviceToken({\n issuerUrl: config.issuerUrl,\n m2mClientId: config.m2mClientId,\n m2mClientSecret: config.m2mClientSecret,\n deviceToken,\n scope: context.scope,\n audience: config.audience,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n}\n\nfunction resolveSignerUrlFromConfig(\n config: CreateDeviceExchangeHandlerInput,\n): string | Promise<string | undefined> | undefined {\n if (\"signerUrl\" in config && typeof config.signerUrl === \"string\" && config.signerUrl.trim()) {\n return config.signerUrl.trim();\n }\n if (\"getSignerUrl\" in config && typeof config.getSignerUrl === \"function\") {\n return config.getSignerUrl();\n }\n return undefined;\n}\n\nexport function createDeviceExchangeHandler(\n config: CreateDeviceExchangeHandlerInput,\n): (request: Request) => Promise<Response> {\n const mint = resolveMint(config);\n\n return async function deviceExchangeHandler(request: Request): Promise<Response> {\n try {\n if (request.method !== \"POST\") {\n return new Response(JSON.stringify({ error: \"method_not_allowed\" }), {\n status: 405,\n headers: { \"Content-Type\": \"application/json\" },\n });\n }\n\n const parsed = await parseDeviceExchangeRequestBody(request);\n const minted = await mint(parsed.deviceToken, {\n scope: parsed.scope,\n clientId: parsed.clientId,\n });\n const signerUrlValue = await resolveSignerUrlFromConfig(config);\n const body = normalizeDeviceExchangeResponse(minted, {\n signerUrl: typeof signerUrlValue === \"string\" ? signerUrlValue : undefined,\n });\n return new Response(JSON.stringify(body), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": \"no-store\",\n },\n });\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n };\n}\n","import { stripIssuerOriginFromOidcUrl, stripTrailingSlashes } from \"../string-utils.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport {\n extractSignerAccessTokenFromExchangeBody,\n mintSignerTokenFromDeviceToken,\n normalizeDeviceExchangeResponse,\n} from \"./device-exchange.js\";\nimport type {\n ApiKeyExchangeHandlerConfig,\n ApiKeyExchangeMintResult,\n ApiKeyExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeApiKeyForSignerOptions,\n} from \"./types.js\";\n\nconst EXCHANGE_RESPONSE_ERROR = \"invalid_exchange_response\";\n\nexport async function parseApiKeyExchangeRequestBody(\n request: Request,\n): Promise<ApiKeyExchangeRequestBody> {\n let body: unknown;\n try {\n body = await request.json();\n } catch {\n throw new PmtHouseError(\"Request body must be JSON\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n throw new PmtHouseError(\"Request body must be a JSON object\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const record = body as Record<string, unknown>;\n const apiKeyRaw = record.apiKey;\n if (typeof apiKeyRaw !== \"string\" || !apiKeyRaw.trim()) {\n throw new PmtHouseError(\"Request body must include apiKey\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const scope =\n typeof record.scope === \"string\" && record.scope.trim()\n ? record.scope.trim()\n : undefined;\n const clientId =\n typeof record.clientId === \"string\" && record.clientId.trim()\n ? record.clientId.trim()\n : undefined;\n return { apiKey: apiKeyRaw.trim(), scope, clientId };\n}\n\nexport async function mintUserAccessTokenFromApiKey(input: {\n issuerUrl: string;\n publicClientId: string;\n apiKey: string;\n scope?: string;\n fetch?: typeof fetch;\n}): Promise<{ access_token: string; expires_in: number; scope: string }> {\n const fetchImpl = input.fetch ?? fetch;\n const issuerOrigin = stripIssuerOriginFromOidcUrl(input.issuerUrl);\n const url = `${issuerOrigin}/api/v1/apps/${encodeURIComponent(input.publicClientId)}/auth/api-key/token`;\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${input.apiKey}`,\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(input.scope ? { scope: input.scope } : {}),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"API key token exchange returned invalid JSON\",\n invalidJsonCode: \"invalid_token_response\",\n failureLabel: \"API key token exchange failed\",\n defaultErrorCode: \"api_key_token_exchange_failed\",\n });\n\n const accessToken = parsed.access_token;\n if (typeof accessToken !== \"string\" || !accessToken.trim()) {\n throw new PmtHouseError(\"API key token exchange missing access_token\", {\n status: 502,\n code: EXCHANGE_RESPONSE_ERROR,\n });\n }\n\n const expiresIn =\n typeof parsed.expires_in === \"number\" && Number.isFinite(parsed.expires_in)\n ? parsed.expires_in\n : 900;\n const scope =\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : input.scope?.trim() || \"sign:job\";\n\n return {\n access_token: accessToken.trim(),\n expires_in: expiresIn,\n scope,\n };\n}\n\nexport async function mintSignerSessionFromApiKey(input: {\n issuerUrl: string;\n publicClientId: string;\n m2mClientId: string;\n m2mClientSecret: string;\n apiKey: string;\n scope?: string;\n audience?: string;\n fetch?: typeof fetch;\n allowInsecureHttp?: boolean;\n}): Promise<ApiKeyExchangeMintResult> {\n const userToken = await mintUserAccessTokenFromApiKey({\n issuerUrl: input.issuerUrl,\n publicClientId: input.publicClientId,\n apiKey: input.apiKey,\n scope: input.scope,\n fetch: input.fetch,\n });\n\n return mintSignerTokenFromDeviceToken({\n issuerUrl: input.issuerUrl,\n m2mClientId: input.m2mClientId,\n m2mClientSecret: input.m2mClientSecret,\n deviceToken: userToken.access_token,\n scope: userToken.scope,\n audience: input.audience,\n fetch: input.fetch,\n allowInsecureHttp: input.allowInsecureHttp,\n });\n}\n\nexport async function exchangeApiKeyForSigner(\n options: ExchangeApiKeyForSignerOptions,\n): Promise<DeviceExchangeResponse> {\n const fetchImpl = options.fetch ?? fetch;\n const url = `${stripTrailingSlashes(options.facadeUrl)}/api/pymthouse/keys/exchange`;\n const body: Record<string, string> = { apiKey: options.apiKey };\n if (options.scope?.trim()) {\n body.scope = options.scope.trim();\n }\n if (options.clientId?.trim()) {\n body.clientId = options.clientId.trim();\n }\n\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"API key exchange returned invalid JSON\",\n invalidJsonCode: EXCHANGE_RESPONSE_ERROR,\n failureLabel: \"API key exchange failed\",\n defaultErrorCode: \"api_key_exchange_failed\",\n });\n\n const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);\n const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;\n const signerUrl =\n typeof signerUrlRaw === \"string\" && signerUrlRaw.trim() ? signerUrlRaw.trim() : undefined;\n\n return normalizeDeviceExchangeResponse(\n {\n access_token: accessToken,\n expires_in:\n typeof parsed.expires_in === \"number\" && Number.isFinite(parsed.expires_in)\n ? parsed.expires_in\n : 3600,\n scope:\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : \"sign:job\",\n balanceUsdMicros:\n typeof parsed.balanceUsdMicros === \"string\" ? parsed.balanceUsdMicros : \"0\",\n lifetimeGrantedUsdMicros:\n typeof parsed.lifetimeGrantedUsdMicros === \"string\"\n ? parsed.lifetimeGrantedUsdMicros\n : \"0\",\n },\n { signerUrl },\n );\n}\n\nexport function createApiKeyExchangeHandler(\n config: ApiKeyExchangeHandlerConfig,\n): (request: Request) => Promise<Response> {\n const publicClientId = config.publicClientId.trim();\n\n return async function apiKeyExchangeHandler(request: Request): Promise<Response> {\n try {\n if (request.method !== \"POST\") {\n return new Response(JSON.stringify({ error: \"method_not_allowed\" }), {\n status: 405,\n headers: { \"Content-Type\": \"application/json\" },\n });\n }\n\n const parsed = await parseApiKeyExchangeRequestBody(request);\n const effectiveClientId = parsed.clientId?.trim() || publicClientId;\n if (effectiveClientId !== publicClientId) {\n throw new PmtHouseError(\"clientId does not match configured public client\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n\n const minted = await mintSignerSessionFromApiKey({\n issuerUrl: config.issuerUrl,\n publicClientId,\n m2mClientId: config.m2mClientId,\n m2mClientSecret: config.m2mClientSecret,\n apiKey: parsed.apiKey,\n scope: parsed.scope,\n audience: config.audience,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n\n const signerUrlValue =\n typeof config.signerUrl === \"string\" && config.signerUrl.trim()\n ? config.signerUrl.trim()\n : undefined;\n\n const body = normalizeDeviceExchangeResponse(minted, { signerUrl: signerUrlValue });\n return new Response(JSON.stringify(body), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": \"no-store\",\n },\n });\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n };\n}\n","import { stripTrailingSlashes } from \"../string-utils.js\";\nimport type { FetchLike } from \"../types.js\";\nimport type {\n ForwardToSignerOptions,\n ForwardToSignerResult,\n ProbeSignerHttpReachabilityOptions,\n SignerDmzGate,\n} from \"./types.js\";\n\nexport type { ForwardToSignerOptions, ForwardToSignerResult, ProbeSignerHttpReachabilityOptions };\n\nexport type SignerUsageSnapshot = {\n requestId: string;\n computedFeeWei: string;\n computedFeeUsdMicros: bigint;\n ethUsdPrice?: string;\n ethUsdRoundId?: string;\n ethUsdObservedAt?: string;\n pixels?: string;\n billableSecs?: string;\n pipeline?: string;\n modelId?: string;\n};\n\nconst HTTP_DMZ_TOKEN_MAX_ENTRIES = 100;\nconst HTTP_DMZ_TOKEN_TTL_MS = 3.5 * 60 * 1000;\nconst DEFAULT_PROBE_SUBJECT = \"signer-reachability-probe\";\n\ntype DmzTokenCacheEntry = {\n token: string;\n expMs: number;\n};\n\nconst httpDmzTokenCache = new Map<string, DmzTokenCacheEntry>();\n\nexport function normalizeSignerBaseUrl(base: string): string {\n return stripTrailingSlashes(base);\n}\n\nfunction joinSignerUrl(baseUrl: string, path: string): string {\n if (path.startsWith(\"/\")) {\n return `${baseUrl}${path}`;\n }\n return `${baseUrl}/${path}`;\n}\n\nfunction aliasBodyString(raw: unknown): string | null {\n if (raw === undefined || raw === null) {\n return null;\n }\n if (typeof raw === \"string\") {\n return raw.length > 0 ? raw : null;\n }\n if (typeof raw === \"number\" || typeof raw === \"boolean\" || typeof raw === \"bigint\") {\n return String(raw);\n }\n return null;\n}\n\nexport function resolveSignerBaseUrl(input: {\n envUrl?: string | null;\n storedUrl?: string | null;\n storedPort?: number | null;\n testSignerUrl?: string | null;\n defaultPort?: number;\n}): string {\n if (input.testSignerUrl?.trim()) {\n return normalizeSignerBaseUrl(input.testSignerUrl);\n }\n\n const legacyBareSignerPort = 8081;\n const rawPort = input.storedPort ?? input.defaultPort ?? 8080;\n const port = rawPort === legacyBareSignerPort ? 8080 : rawPort;\n const base =\n input.envUrl?.trim() ||\n input.storedUrl?.trim() ||\n `http://127.0.0.1:${port}`;\n return normalizeSignerBaseUrl(base);\n}\n\nexport async function getCachedDmzBearerToken(\n subject: string,\n gate: SignerDmzGate,\n getDmzToken: (subject: string, gate: SignerDmzGate) => Promise<string>,\n): Promise<string> {\n const cacheKey = `${gate}:${subject}`;\n const now = Date.now();\n const cached = httpDmzTokenCache.get(cacheKey);\n if (cached && cached.expMs > now + 15_000) {\n httpDmzTokenCache.delete(cacheKey);\n httpDmzTokenCache.set(cacheKey, cached);\n return cached.token;\n }\n\n const token = await getDmzToken(subject, gate);\n httpDmzTokenCache.set(cacheKey, { token, expMs: now + HTTP_DMZ_TOKEN_TTL_MS });\n\n if (httpDmzTokenCache.size > HTTP_DMZ_TOKEN_MAX_ENTRIES) {\n const oldest = httpDmzTokenCache.keys().next().value;\n if (oldest !== undefined) {\n httpDmzTokenCache.delete(oldest);\n }\n }\n\n return token;\n}\n\nexport async function readSignerUpstreamBody(response: Response): Promise<unknown> {\n const text = await response.text();\n if (!text.trim()) {\n return {};\n }\n try {\n return JSON.parse(text) as unknown;\n } catch {\n return {\n error: \"Signer DMZ returned a non-JSON body (often Apache auth failure)\",\n upstreamStatus: response.status,\n detail: text.slice(0, 800),\n };\n }\n}\n\nexport function pickConflictingStringAliases(\n body: Record<string, unknown>,\n ...keys: string[]\n):\n | { ok: true; value: string | undefined }\n | { ok: false; message: string } {\n const values = keys\n .map((key) => {\n const value = aliasBodyString(body[key]);\n return value === null ? null : { key, value };\n })\n .filter((entry): entry is { key: string; value: string } => entry !== null);\n const first = values[0];\n const conflict = values.find((entry) => entry.value !== first?.value);\n if (first && conflict) {\n return {\n ok: false,\n message: `Conflicting ${keys.join(\"/\")} in request body`,\n };\n }\n return { ok: true, value: first?.value };\n}\n\nexport function pickConflictingNumberAliases(\n body: Record<string, unknown>,\n ...keys: string[]\n):\n | { ok: true; value: number | undefined }\n | { ok: false; message: string } {\n const parseNum = (value: unknown): number | undefined => {\n if (typeof value === \"number\" && Number.isFinite(value)) {\n return value;\n }\n if (typeof value === \"string\" && value.trim() !== \"\") {\n const parsed = Number(value);\n return Number.isFinite(parsed) ? parsed : undefined;\n }\n return undefined;\n };\n const values = keys\n .map((key) => {\n const value = parseNum(body[key]);\n return value === undefined ? null : { key, value };\n })\n .filter((entry): entry is { key: string; value: number } => entry !== null);\n const first = values[0];\n const conflict = values.find((entry) => entry.value !== first?.value);\n if (first && conflict) {\n return {\n ok: false,\n message: `Conflicting ${keys.join(\"/\")} in request body`,\n };\n }\n return { ok: true, value: first?.value };\n}\n\nfunction pickString(obj: Record<string, unknown>, ...keys: string[]): string {\n for (const key of keys) {\n const value = obj[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n if (typeof value === \"number\" && Number.isFinite(value)) {\n return String(Math.trunc(value));\n }\n }\n return \"\";\n}\n\nexport function parseSignerUsageSnapshot(body: unknown): SignerUsageSnapshot | null {\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n return null;\n }\n const record = body as Record<string, unknown>;\n const usageRaw = record.usage;\n if (usageRaw === null || typeof usageRaw !== \"object\" || Array.isArray(usageRaw)) {\n return null;\n }\n const usage = usageRaw as Record<string, unknown>;\n const computedFeeWei = pickString(usage, \"computed_fee_wei\", \"computedFeeWei\");\n const usdMicrosStr = pickString(usage, \"computed_fee_usd_micros\", \"computedFeeUsdMicros\");\n const requestId = pickString(usage, \"request_id\", \"requestId\");\n if (!computedFeeWei || !usdMicrosStr || !requestId) {\n return null;\n }\n let computedFeeUsdMicros: bigint;\n try {\n computedFeeUsdMicros = BigInt(usdMicrosStr);\n } catch {\n return null;\n }\n return {\n requestId,\n computedFeeWei,\n computedFeeUsdMicros,\n ethUsdPrice: pickString(usage, \"eth_usd_price\", \"ethUsdPrice\") || undefined,\n ethUsdRoundId: pickString(usage, \"eth_usd_round_id\", \"ethUsdRoundId\") || undefined,\n ethUsdObservedAt:\n pickString(usage, \"eth_usd_updated_at\", \"ethUsdUpdatedAt\", \"eth_usd_observed_at\") ||\n undefined,\n pixels: pickString(usage, \"pixels\") || undefined,\n billableSecs: pickString(usage, \"billable_secs\", \"billableSecs\") || undefined,\n pipeline: pickString(usage, \"pipeline\") || undefined,\n modelId: pickString(usage, \"model_id\", \"modelId\") || undefined,\n };\n}\n\nexport function stripSignerUsageFromResponse(body: unknown): void {\n if (body !== null && typeof body === \"object\" && !Array.isArray(body)) {\n delete (body as Record<string, unknown>).usage;\n }\n}\n\nexport async function forwardToSigner(\n options: ForwardToSignerOptions,\n): Promise<ForwardToSignerResult> {\n const fetchImpl = options.fetch ?? fetch;\n const baseUrl = normalizeSignerBaseUrl(options.baseUrl);\n const url = joinSignerUrl(baseUrl, options.path);\n const timeoutMs = options.timeoutMs ?? 30_000;\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), timeoutMs);\n const headers: Record<string, string> = { \"Content-Type\": \"application/json\" };\n\n const explicitAuth = options.authorization?.trim();\n if (explicitAuth) {\n headers.Authorization = explicitAuth;\n } else {\n const attachJwt = options.forwardJwt ?? true;\n if (attachJwt) {\n const token = await getCachedDmzBearerToken(\n options.subject,\n \"http\",\n options.getDmzToken,\n );\n headers.Authorization = `Bearer ${token}`;\n }\n }\n if (options.extraHeaders) {\n for (const [name, value] of Object.entries(options.extraHeaders)) {\n if (value.trim()) {\n headers[name] = value.trim();\n }\n }\n }\n\n try {\n const response = await fetchImpl(url, {\n method: options.method,\n headers,\n body: options.body === undefined ? undefined : JSON.stringify(options.body),\n signal: controller.signal,\n });\n return {\n response,\n requestUrl: url,\n authorizationHeader: headers.Authorization,\n };\n } finally {\n clearTimeout(timeout);\n }\n}\n\ntype SignerProbeContext = {\n fetchImpl: FetchLike;\n signerUrl: string;\n timeoutMs: number;\n probeSubject: string;\n useJwt: boolean;\n getDmzToken: ProbeSignerHttpReachabilityOptions[\"getDmzToken\"];\n};\n\nfunction createSignerProbeContext(options: ProbeSignerHttpReachabilityOptions): SignerProbeContext {\n return {\n fetchImpl: options.fetch ?? fetch,\n signerUrl: normalizeSignerBaseUrl(options.signerUrl),\n timeoutMs: options.timeoutMs ?? 5000,\n probeSubject: options.probeSubject ?? DEFAULT_PROBE_SUBJECT,\n useJwt: options.forwardJwt ?? true,\n getDmzToken: options.getDmzToken,\n };\n}\n\nfunction reachableResult(ethAddress?: string): { reachable: true; ethAddress?: string } {\n return { reachable: true, ethAddress };\n}\n\nasync function fetchSignerStatus(\n ctx: SignerProbeContext,\n headers: Record<string, string>,\n): Promise<{ ok: boolean; ethAddress?: string }> {\n const response = await ctx.fetchImpl(`${ctx.signerUrl}/status`, {\n headers,\n signal: AbortSignal.timeout(ctx.timeoutMs),\n });\n if (!response.ok) {\n return { ok: false };\n }\n const data = (await readSignerUpstreamBody(response)) as Record<string, unknown>;\n const ethAddress =\n (typeof data.Address === \"string\" && data.Address) ||\n (typeof data.address === \"string\" && data.address) ||\n undefined;\n return { ok: true, ethAddress };\n}\n\nasync function tryJwtStatus(\n ctx: SignerProbeContext,\n): Promise<{ reachable: true; ethAddress?: string } | null> {\n if (!ctx.useJwt) {\n return null;\n }\n try {\n const token = await ctx.getDmzToken(ctx.probeSubject, \"http\");\n const { ok, ethAddress } = await fetchSignerStatus(ctx, {\n Authorization: `Bearer ${token}`,\n });\n return ok ? reachableResult(ethAddress) : null;\n } catch {\n return null;\n }\n}\n\nasync function tryPlainStatus(\n ctx: SignerProbeContext,\n): Promise<{ reachable: true; ethAddress?: string } | null> {\n try {\n const { ok, ethAddress } = await fetchSignerStatus(ctx, {});\n return ok ? reachableResult(ethAddress) : null;\n } catch {\n return null;\n }\n}\n\nasync function trySigningProbe(ctx: SignerProbeContext): Promise<boolean> {\n try {\n const token = await ctx.getDmzToken(ctx.probeSubject, \"http\");\n const response = await ctx.fetchImpl(`${ctx.signerUrl}/sign-orchestrator-info`, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${token}`,\n \"Content-Type\": \"application/json\",\n },\n body: \"{}\",\n signal: AbortSignal.timeout(ctx.timeoutMs),\n });\n return response.ok;\n } catch {\n return false;\n }\n}\n\nasync function runSignerReachabilityProbes(\n ctx: SignerProbeContext,\n): Promise<{ reachable: boolean; ethAddress?: string }> {\n const jwtResult = await tryJwtStatus(ctx);\n if (jwtResult) {\n return jwtResult;\n }\n const plainResult = await tryPlainStatus(ctx);\n if (plainResult) {\n return plainResult;\n }\n if (await trySigningProbe(ctx)) {\n return reachableResult();\n }\n return { reachable: false };\n}\n\nexport async function probeSignerHttpReachability(\n options: ProbeSignerHttpReachabilityOptions,\n): Promise<{ reachable: boolean; ethAddress?: string }> {\n const ctx = createSignerProbeContext(options);\n\n try {\n const health = await ctx.fetchImpl(`${ctx.signerUrl}/healthz`, {\n signal: AbortSignal.timeout(ctx.timeoutMs),\n });\n if (health.ok) {\n return runSignerReachabilityProbes(ctx);\n }\n } catch {\n /* fall through to /status probes */\n }\n\n return runSignerReachabilityProbes(ctx);\n}\n","import { PmtHouseError } from \"../errors.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport { createSignerTokenManager } from \"./token-manager.js\";\nimport { forwardDirectSignerRequest } from \"./forward.js\";\nimport { mintUserSignerToken } from \"./mint-token.js\";\nimport type {\n CachedSignerToken,\n DirectSignerBeforeSignResult,\n DirectSignerProxyConfig,\n} from \"./types.js\";\n\nfunction unauthorizedResponse(): Response {\n return new Response(JSON.stringify({ error: \"unauthorized\" }), {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" },\n });\n}\n\nfunction toResponse(result: DirectSignerBeforeSignResult): Response {\n if (result instanceof Response) {\n return result;\n }\n return new Response(result.body === undefined ? null : JSON.stringify(result.body), {\n status: result.status,\n headers: { \"Content-Type\": \"application/json\" },\n });\n}\n\nexport interface DirectSignerProxyHandler {\n (request: Request): Promise<Response>;\n getCachedUsage(\n publicClientId: string,\n externalUserId: string,\n ): CachedSignerToken | undefined;\n invalidateToken(publicClientId: string, externalUserId: string): void;\n}\n\nexport function createDirectSignerProxyHandler(\n config: DirectSignerProxyConfig,\n): DirectSignerProxyHandler {\n async function resolveM2MCredentials(\n publicClientId: string,\n ): Promise<{ m2mClientId: string; m2mClientSecret: string }> {\n if (config.resolveM2MCredentials) {\n return config.resolveM2MCredentials(publicClientId);\n }\n return {\n m2mClientId: config.pymthouseM2MClientId,\n m2mClientSecret: config.pymthouseM2MClientSecret,\n };\n }\n\n const tokenManager = createSignerTokenManager({\n // `publicClientId` selects the M2M credentials so the minted JWT's\n // `client_id` matches the cache partition key. The token manager rejects any\n // minted token whose `client_id` diverges from `publicClientId`.\n mint: async (publicClientId, externalUserId) => {\n const { m2mClientId, m2mClientSecret } = await resolveM2MCredentials(publicClientId);\n return mintUserSignerToken({\n issuerUrl: config.pymthouseIssuerUrl,\n m2mClientId,\n m2mClientSecret,\n externalUserId,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n },\n });\n\n async function runBeforeSign(\n token: CachedSignerToken,\n externalUserId: string,\n request: Request,\n ): Promise<Response | null> {\n if (!config.beforeSign) {\n return null;\n }\n const result = await config.beforeSign({ token, externalUserId, request });\n if (!result) {\n return null;\n }\n return toResponse(result);\n }\n\n async function forwardOnce(token: CachedSignerToken, request: Request): Promise<Response> {\n return forwardDirectSignerRequest({\n request,\n remoteSignerUrl: config.remoteSignerUrl,\n jwt: token.jwt,\n proxyPathPrefix: config.proxyPathPrefix,\n defaultRemotePath: config.defaultRemotePath,\n fetch: config.fetch,\n });\n }\n\n const handler = async function directSignerProxyHandler(request: Request): Promise<Response> {\n try {\n const session = await config.authenticate(request);\n if (session == null) {\n return unauthorizedResponse();\n }\n\n const externalUserId = (await config.resolveExternalUserId(session)).trim();\n if (!externalUserId) {\n throw new PmtHouseError(\"resolveExternalUserId returned an empty id\", {\n status: 500,\n code: \"invalid_external_user_id\",\n });\n }\n\n const publicClientId = config.resolvePublicClientId\n ? (await config.resolvePublicClientId(session)).trim()\n : config.pymthouseClientId.trim();\n if (!publicClientId) {\n throw new PmtHouseError(\"resolvePublicClientId returned an empty id\", {\n status: 500,\n code: \"invalid_client_id\",\n });\n }\n\n let token = await tokenManager.getToken(publicClientId, externalUserId);\n const blocked = await runBeforeSign(token, externalUserId, request);\n if (blocked) {\n return blocked;\n }\n\n let upstream = await forwardOnce(token, request);\n if (upstream.status === 401) {\n tokenManager.invalidate(publicClientId, externalUserId);\n token = await tokenManager.getToken(publicClientId, externalUserId, {\n forceRefresh: true,\n });\n const retryBlocked = await runBeforeSign(token, externalUserId, request);\n if (retryBlocked) {\n return retryBlocked;\n }\n upstream = await forwardOnce(token, request);\n }\n\n return upstream;\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n } as DirectSignerProxyHandler;\n\n handler.getCachedUsage = (publicClientId, externalUserId) =>\n tokenManager.peek(publicClientId, externalUserId);\n handler.invalidateToken = (publicClientId, externalUserId) =>\n tokenManager.invalidate(publicClientId, externalUserId);\n\n return handler;\n}\n\nexport { createSignerTokenManager, type SignerTokenManager } from \"./token-manager.js\";\nexport { forwardDirectSignerRequest, decodeJwtPayload, identityFromJwtPayload, livepeerIdentityHeaders } from \"./forward.js\";\nexport {\n mintUserSignerToken,\n parseMintUserSignerTokenResponse,\n SIGN_MINT_USER_TOKEN_SCOPE,\n signerJwtAudience,\n LIVEPEER_REMOTE_SIGNER_AUDIENCE,\n} from \"./mint-token.js\";\nexport {\n createDeviceExchangeHandler,\n exchangeDeviceTokenForSigner,\n extractSignerAccessTokenFromExchangeBody,\n mintSignerTokenFromDeviceToken,\n normalizeDeviceExchangeResponse,\n parseDeviceExchangeRequestBody,\n} from \"./device-exchange.js\";\nexport {\n createApiKeyExchangeHandler,\n exchangeApiKeyForSigner,\n mintSignerSessionFromApiKey,\n mintUserAccessTokenFromApiKey,\n parseApiKeyExchangeRequestBody,\n} from \"./api-key-exchange.js\";\nexport {\n forwardToSigner,\n getCachedDmzBearerToken,\n normalizeSignerBaseUrl,\n parseSignerUsageSnapshot,\n pickConflictingNumberAliases,\n pickConflictingStringAliases,\n probeSignerHttpReachability,\n readSignerUpstreamBody,\n resolveSignerBaseUrl,\n stripSignerUsageFromResponse,\n} from \"./proxy.js\";\nexport type {\n CachedSignerToken,\n DirectSignerBeforeSignContext,\n DirectSignerBeforeSignResult,\n DirectSignerProxyConfig,\n ApiKeyExchangeHandlerConfig,\n ApiKeyExchangeMintResult,\n ApiKeyExchangeRequestBody,\n DeviceExchangeHandlerConfig,\n DeviceExchangeHandlerConfigRemote,\n DeviceExchangeMintContext,\n DeviceExchangeMintResult,\n DeviceExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeApiKeyForSignerOptions,\n ExchangeDeviceTokenForSignerOptions,\n ForwardDirectSignerRequestOptions,\n ForwardToSignerOptions,\n ForwardToSignerResult,\n M2MClientCredentials,\n MintSignerTokenFromDeviceTokenOptions,\n MintUserSignerTokenOptions,\n MintUserSignerTokenResponse,\n ProbeSignerHttpReachabilityOptions,\n SignerDmzGate,\n SignerJwtIdentity,\n SignerTokenManagerOptions,\n} from \"./types.js\";\nexport type { SignerUsageSnapshot } from \"./proxy.js\";\n"]}