@pymthouse/builder-sdk 0.4.1-rc.3 → 0.4.2-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/README.md +10 -10
  2. package/dist/env.cjs +2 -12
  3. package/dist/env.cjs.map +1 -1
  4. package/dist/env.js +2 -12
  5. package/dist/env.js.map +1 -1
  6. package/dist/index.cjs +2 -12
  7. package/dist/index.cjs.map +1 -1
  8. package/dist/index.js +2 -12
  9. package/dist/index.js.map +1 -1
  10. package/dist/signer/server.cjs +2 -8
  11. package/dist/signer/server.cjs.map +1 -1
  12. package/dist/signer/server.js +2 -8
  13. package/dist/signer/server.js.map +1 -1
  14. package/dist/signer/webhook.cjs +0 -104
  15. package/dist/signer/webhook.cjs.map +1 -1
  16. package/dist/signer/webhook.d.cts +3 -14
  17. package/dist/signer/webhook.d.ts +3 -14
  18. package/dist/signer/webhook.js +1 -103
  19. package/dist/signer/webhook.js.map +1 -1
  20. package/package.json +2 -8
  21. package/dist/signer/webhook/adapters/oauth1.cjs +0 -18
  22. package/dist/signer/webhook/adapters/oauth1.cjs.map +0 -1
  23. package/dist/signer/webhook/adapters/oauth1.d.cts +0 -19
  24. package/dist/signer/webhook/adapters/oauth1.d.ts +0 -19
  25. package/dist/signer/webhook/adapters/oauth1.js +0 -16
  26. package/dist/signer/webhook/adapters/oauth1.js.map +0 -1
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/encoding.ts","../src/errors.ts","../src/string-utils.ts","../src/discovery.ts","../src/signer/fetch-json.ts","../src/signer/handler-errors.ts","../src/signer/json-fields.ts","../src/signer/mint-token.ts","../src/signer/device-exchange.ts","../src/signer/api-key-exchange.ts","../src/plan-pricing.ts","../src/ingest.ts","../src/usage.ts","../src/client.ts","../src/manifest.ts","../src/tokens.ts","../src/oauth-map.ts","../src/index.ts","../src/config.ts"],"names":["PmtHouseError","customFetch","allowInsecureRequests","discoveryRequest","processDiscoveryResponse","EXCHANGE_RESPONSE_ERROR","createHash","ResponseBodyError","OperationProcessingError","TOKEN_EXCHANGE_GRANT","SUBJECT_ACCESS_TOKEN_TYPE","exchangeApiKeyForSigner","genericTokenEndpointRequest","processGenericTokenEndpointResponse","clientCredentialsGrantRequest","processClientCredentialsResponse"],"mappings":";;;;;;;;;;;;;;;;AAIO,SAAS,uBAAA,CAAwB,UAAkB,YAAA,EAA8B;AACtF,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,YAAY,CAAA,CAAA;AACvC,EAAA,MAAM,GAAA,GACJ,OAAO,MAAA,KAAW,WAAA,GACd,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,MAAM,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA,GAC1C,KAAK,KAAA,CAAM,IAAA,CAAK,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,GAAG,CAAA,EAAG,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAC5F,EAAA,OAAO,SAAS,GAAG,CAAA,CAAA;AACrB;AAXA,IAAA,aAAA,GAAA,KAAA,CAAA;AAAA,EAAA,iBAAA,GAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACyBO,SAAS,eAAA,CACd,OACA,eAAA,EACe;AACf,EAAA,IAAI,iBAAiBA,qBAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAIA,qBAAA,CAAc,KAAA,CAAM,OAAA,IAAW,eAAA,EAAiB;AAAA,MACzD,IAAA,EAAM,kBAAA;AAAA,MACN,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,IAAIA,sBAAc,eAAA,EAAiB;AAAA,IACxC,IAAA,EAAM,kBAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACT,CAAA;AACH;AA5CaA;AAAb,IAAA,WAAA,GAAA,KAAA,CAAA;AAAA,EAAA,eAAA,GAAA;AAAO,IAAMA,qBAAA,GAAN,cAA4B,KAAA,CAAM;AAAA,MAC9B,MAAA;AAAA,MACA,IAAA;AAAA,MACA,OAAA;AAAA,MAET,YACE,OAAA,EACA;AAAA,QACE,MAAA,GAAS,GAAA;AAAA,QACT,IAAA,GAAO,iBAAA;AAAA,QACP;AAAA,OACF,GAII,EAAC,EACL;AACA,QAAA,KAAA,CAAM,OAAO,CAAA;AACb,QAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AACZ,QAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,QAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,QAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,MACjB;AAAA,KACF;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACtBO,SAAS,qBAAqB,KAAA,EAAuB;AAC1D,EAAA,IAAI,MAAM,KAAA,CAAM,MAAA;AAChB,EAAA,OAAO,GAAA,GAAM,MAAM,KAAA,CAAM,WAAA,CAAY,MAAM,CAAC,CAAA,IAAK,OAAO,EAAA,EAAI;AAC1D,IAAA,GAAA,EAAA;AAAA,EACF;AACA,EAAA,OAAO,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAC3B;AAEA,SAAS,kBAAA,CAAmB,OAAe,MAAA,EAAyB;AAClE,EAAA,IAAI,MAAA,CAAO,MAAA,GAAS,KAAA,CAAM,MAAA,EAAQ;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAA;AACpC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,CAAA,GAAI,KAAA,CAAM,WAAA,CAAY,KAAA,GAAQ,CAAC,CAAA,IAAK,CAAA;AAC1C,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,WAAA,CAAY,CAAC,CAAA,IAAK,CAAA;AACnC,IAAA,IAAI,CAAA,KAAM,CAAA,IAAA,CAAM,CAAA,GAAI,EAAA,OAAS,IAAI,EAAA,CAAA,EAAK;AACpC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,qBAAA,CAAsB,OAAe,MAAA,EAAwB;AACpE,EAAA,OAAO,kBAAA,CAAmB,KAAA,EAAO,MAAM,CAAA,GACnC,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAM,CAAA,GAC3C,KAAA;AACN;AAGO,SAAS,oBAAoB,SAAA,EAA2B;AAC7D,EAAA,IAAI,IAAA,GAAO,oBAAA,CAAqB,SAAA,CAAU,IAAA,EAAM,CAAA;AAChD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,OAAO,CAAA;AAC1C,EAAA,OAAO,qBAAqB,IAAI,CAAA;AAClC;AAGO,SAAS,6BAA6B,SAAA,EAA2B;AACtE,EAAA,IAAI,IAAA,GAAO,oBAAA,CAAqB,SAAA,CAAU,IAAA,EAAM,CAAA;AAChD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,cAAc,CAAA;AACjD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,OAAO,CAAA;AAC1C,EAAA,OAAO,qBAAqB,IAAI,CAAA;AAClC;AA3CA,IAAA,iBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,qBAAA,GAAA;AAAA,EAAA;AAAA,CAAA,CAAA;ACWO,SAAS,kCAAkC,EAAA,EAAgD;AAChG,EAAA,MAAM,gBAAgB,EAAA,CAAG,cAAA;AACzB,EAAA,MAAM,UAAU,EAAA,CAAG,QAAA;AACnB,EAAA,IAAI,CAAC,aAAA,IAAiB,CAAC,OAAA,EAAS;AAC9B,IAAA,MAAM,IAAIA,sBAAc,+DAAA,EAAiE;AAAA,MACvF,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO;AAAA,IACL,QAAQ,EAAA,CAAG,MAAA;AAAA,IACX,sBAAA,EAAwB,GAAG,sBAAA,IAA0B,EAAA;AAAA,IACrD,cAAA,EAAgB,aAAA;AAAA,IAChB,QAAA,EAAU,OAAA;AAAA,IACV,mBAAmB,EAAA,CAAG,iBAAA;AAAA,IACtB,+BAA+B,EAAA,CAAG;AAAA,GACpC;AACF;AAWA,SAAS,oBAAoB,SAAA,EAA2B;AACtD,EAAA,OAAO,qBAAqB,SAAS,CAAA;AACvC;AAUA,eAAsB,uBAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0C,EAAC,EACb;AAC9B,EAAA,MAAM,GAAA,GAAM,oBAAoB,SAAS,CAAA;AACzC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,GAAA,CAAI,GAAG,CAAA;AAErC,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAA,IAAS,UAAU,GAAA,GAAM,MAAA,CAAO,YAAY,YAAA,EAAc;AACrE,IAAA,OAAO,MAAA,CAAO,EAAA;AAAA,EAChB;AAEA,EAAA,MAAM,gBAAA,GAAmB,IAAI,GAAA,CAAI,GAAG,CAAA;AACpC,EAAA,MAAM,aAAA,GAAwD;AAAA,IAC5D,SAAA,EAAW,MAAA;AAAA,IACX,CAACC,wBAAW,GAAG;AAAA,GACjB;AACA,EAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,IAAA,aAAA,CAAcC,kCAAqB,CAAA,GAAI,IAAA;AAAA,EACzC;AAEA,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI;AACF,IAAA,QAAA,GAAW,MAAMC,6BAAA,CAAiB,gBAAA,EAAkB,aAAa,CAAA;AAAA,EACnE,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,yBAAyB,CAAC,CAAA;AAAA,EAClC;AAEA,EAAA,IAAI,EAAA;AACJ,EAAA,IAAI;AACF,IAAA,EAAA,GAAK,MAAMC,qCAAA,CAAyB,gBAAA,EAAkB,QAAQ,CAAA;AAAA,EAChE,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,uBAAuB,CAAC,CAAA;AAAA,EAChC;AAEA,EAAA,cAAA,CAAe,IAAI,GAAA,EAAK,EAAE,EAAA,EAAI,SAAA,EAAW,KAAK,CAAA;AAC9C,EAAA,OAAO,EAAA;AACT;AAEA,eAAsB,sBAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0C,EAAC,EACX;AAChC,EAAA,MAAM,EAAA,GAAK,MAAM,uBAAA,CAAwB,SAAA,EAAW,WAAW,OAAO,CAAA;AACtE,EAAA,OAAO,kCAAkC,EAAE,CAAA;AAC7C;AAEO,SAAS,oBAAoB,SAAA,EAA0B;AAC5D,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,cAAA,CAAe,KAAA,EAAM;AACrB,IAAA;AAAA,EACF;AACA,EAAA,cAAA,CAAe,MAAA,CAAO,mBAAA,CAAoB,SAAS,CAAC,CAAA;AACtD;AAEA,SAAS,uBAAuB,KAAA,EAA+B;AAC7D,EAAA,IAAI,iBAAiBJ,qBAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAIA,qBAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,MACtC,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA;AAAM,KAC/B,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAIA,sBAAc,uBAAA,EAAyB;AAAA,IAChD,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEA,SAAS,yBAAyB,KAAA,EAA+B;AAC/D,EAAA,IAAI,iBAAiBA,qBAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAIA,qBAAA,CAAc,CAAA,+BAAA,EAAkC,KAAA,CAAM,OAAO,CAAA,CAAA,EAAI;AAAA,MAC1E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAIA,sBAAc,+BAAA,EAAiC;AAAA,IACxD,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AA3IA,IA8BM,YAAA,EAOA,cAAA;AArCN,IAAA,cAAA,GAAA,KAAA,CAAA;AAAA,EAAA,kBAAA,GAAA;AAOA,IAAA,WAAA,EAAA;AACA,IAAA,iBAAA,EAAA;AAsBA,IAAM,YAAA,GAAe,IAAI,EAAA,GAAK,GAAA;AAO9B,IAAM,cAAA,uBAAqB,GAAA,EAAwB;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACnCnD,SAAS,uBAAA,CACP,MAAA,EACA,YAAA,EACA,MAAA,EACQ;AACR,EAAA,IAAI,OAAO,MAAA,CAAO,iBAAA,KAAsB,QAAA,EAAU;AAChD,IAAA,OAAO,MAAA,CAAO,iBAAA;AAAA,EAChB;AACA,EAAA,IAAI,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,EAAU;AACpC,IAAA,OAAO,MAAA,CAAO,KAAA;AAAA,EAChB;AACA,EAAA,OAAO,CAAA,EAAG,YAAY,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA;AACnC;AASA,eAAsB,0BAAA,CACpB,UACA,OAAA,EACkC;AAClC,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAI,IAAgC,EAAC;AAAA,EACnE,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAIA,qBAAA,CAAc,OAAA,CAAQ,kBAAA,EAAoB;AAAA,MAClD,MAAA,EAAQ,GAAA;AAAA,MACR,MAAM,OAAA,CAAQ,eAAA;AAAA,MACd,OAAA,EAAS,EAAE,MAAA,EAAQ,QAAA,CAAS,MAAA;AAAO,KACpC,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,cAAc,uBAAA,CAAwB,MAAA,EAAQ,OAAA,CAAQ,YAAA,EAAc,SAAS,MAAM,CAAA;AACzF,IAAA,MAAM,IAAIA,sBAAc,WAAA,EAAa;AAAA,MACnC,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,MAAM,OAAO,MAAA,CAAO,UAAU,QAAA,GAAW,MAAA,CAAO,QAAQ,OAAA,CAAQ,gBAAA;AAAA,MAChE,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,MAAA;AACT;AAjDA,IAAA,eAAA,GAAA,KAAA,CAAA;AAAA,EAAA,0BAAA,GAAA;AAAA,IAAA,WAAA,EAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACEA,SAAS,gBAAgB,KAAA,EAAwC;AAC/D,EAAA,IAAI,iBAAiBA,qBAAA,EAAe;AAClC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OACE,KAAA,YAAiB,SACjB,OAAQ,KAAA,CAAwB,WAAW,QAAA,IAC3C,OAAQ,MAAwB,IAAA,KAAS,QAAA;AAE7C;AAEO,SAAS,2BAA2B,KAAA,EAA0B;AACnE,EAAA,IAAI,eAAA,CAAgB,KAAK,CAAA,EAAG;AAC1B,IAAA,OAAO,IAAI,QAAA;AAAA,MACT,KAAK,SAAA,CAAU;AAAA,QACb,OAAO,KAAA,CAAM,IAAA;AAAA,QACb,mBAAmB,KAAA,CAAM,OAAA;AAAA,QACzB,SAAS,KAAA,CAAM;AAAA,OAChB,CAAA;AAAA,MACD;AAAA,QACE,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,KACF;AAAA,EACF;AACA,EAAA,MAAM,OAAA,GAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,gBAAA;AACzD,EAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO,gBAAA,EAAkB,iBAAA,EAAmB,OAAA,EAAS,CAAA,EAAG;AAAA,IAC3F,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;AAhCA,IAAA,mBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,8BAAA,GAAA;AAAA,IAAA,WAAA,EAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACEO,SAAS,eAAA,CACd,IAAA,EACA,GAAA,EACA,SAAA,EACA,gBAAgB,UAAA,EACR;AACR,EAAA,MAAM,KAAA,GAAQ,KAAK,GAAG,CAAA;AACtB,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,CAAC,KAAA,CAAM,MAAK,EAAG;AAC9C,IAAA,MAAM,IAAIA,qBAAA,CAAc,CAAA,EAAG,aAAa,CAAA,SAAA,EAAY,GAAG,CAAA,CAAA,EAAI;AAAA,MACzD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,MAAM,IAAA,EAAK;AACpB;AAEO,SAAS,aAAA,CAAc,MAA+B,SAAA,EAA2B;AACtF,EAAA,MAAM,YAAY,IAAA,CAAK,UAAA;AACvB,EAAA,IAAI,OAAO,cAAc,QAAA,IAAY,CAAC,OAAO,QAAA,CAAS,SAAS,CAAA,IAAK,SAAA,IAAa,CAAA,EAAG;AAClF,IAAA,MAAM,IAAIA,sBAAc,6BAAA,EAA+B;AAAA,MACrD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,SAAS,CAAA;AAC7B;AA3BA,IAAA,gBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,2BAAA,GAAA;AAAA,IAAA,WAAA,EAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACgBO,SAAS,kBAAkB,SAAA,EAA2B;AAC3D,EAAA,OAAO,qBAAqB,SAAS,CAAA;AACvC;AAEO,SAAS,gCAAA,CACd,IAAA,EACA,eAAA,GAAkB,yBAAA,EACC;AACnB,EAAA,MAAM,WAAA,GAAc,eAAA,CAAgB,IAAA,EAAM,cAAA,EAAgB,sBAAsB,gBAAgB,CAAA;AAChG,EAAA,MAAM,SAAA,GAAY,aAAA,CAAc,IAAA,EAAM,oBAAoB,CAAA;AAC1D,EAAA,MAAM,gBAAA,GAAmB,eAAA;AAAA,IACvB,IAAA;AAAA,IACA,kBAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,wBAAA,GAA2B,eAAA;AAAA,IAC/B,IAAA;AAAA,IACA,0BAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,SAAA,GAAY,MAAM,SAAA,GAAY,GAAA;AACpC,EAAA,MAAM,YAAY,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,SAAA,GAAY,MAAO,eAAe,CAAA;AAErE,EAAA,OAAO;AAAA,IACL,GAAA,EAAK,WAAA;AAAA,IACL,SAAA;AAAA,IACA,SAAA;AAAA,IACA,gBAAA;AAAA,IACA;AAAA,GACF;AACF;AAjDA,IAaM,yBAAA,EACA,oBAAA;AAdN,IAAA,eAAA,GAAA,KAAA,CAAA;AAAA,EAAA,0BAAA,GAAA;AAAA,IAAA,iBAAA,EAAA;AAKA,IAAA,gBAAA,EAAA;AAQA,IAAM,yBAAA,GAA4B,GAAA;AAClC,IAAM,oBAAA,GAAuB,wBAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACYtB,SAAS,yCACd,IAAA,EACQ;AACR,EAAA,MAAM,WAAW,IAAA,CAAK,KAAA;AACtB,EAAA,IAAI,QAAA,KAAa,QAAQ,OAAO,QAAA,KAAa,YAAY,CAAC,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACjF,IAAA,MAAM,MAAA,GAAS,QAAA;AACf,IAAA,KAAA,MAAW,GAAA,IAAO,CAAC,aAAA,EAAe,cAAc,CAAA,EAAY;AAC1D,MAAA,MAAM,KAAA,GAAQ,OAAO,GAAG,CAAA;AACxB,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,QAAA,OAAO,MAAM,IAAA,EAAK;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACA,EAAA,KAAA,MAAW,GAAA,IAAO,CAAC,aAAA,EAAe,cAAc,CAAA,EAAY;AAC1D,IAAA,MAAM,KAAA,GAAQ,KAAK,GAAG,CAAA;AACtB,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF;AACA,EAAA,MAAM,IAAIA,sBAAc,sDAAA,EAAwD;AAAA,IAC9E,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEO,SAAS,+BAAA,CACd,QACA,OAAA,EACwB;AACxB,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,IAAK,UAAA;AACrC,EAAA,MAAM,IAAA,GAA+B;AAAA,IACnC,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,UAAA,EAAY,QAAA;AAAA,IACZ,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,KAAA;AAAA,IACA,kBAAkB,MAAA,CAAO,gBAAA;AAAA,IACzB,0BAA0B,MAAA,CAAO,wBAAA;AAAA,IACjC,KAAA,EAAO;AAAA,MACL,aAAa,MAAA,CAAO,YAAA;AAAA,MACpB,cAAc,MAAA,CAAO,YAAA;AAAA,MACrB,WAAW,MAAA,CAAO,UAAA;AAAA,MAClB,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,KAAA;AAAA,MACA,kBAAkB,MAAA,CAAO,gBAAA;AAAA,MACzB,0BAA0B,MAAA,CAAO;AAAA;AACnC,GACF;AACA,EAAA,MAAM,SAAA,GAAY,OAAA,EAAS,SAAA,EAAW,IAAA,EAAK;AAC3C,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACA,EAAA,OAAO,IAAA;AACT;AAwCA,eAAsB,+BACpB,OAAA,EACmC;AACnC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAA;AACxD,EAAA,MAAM,EAAA,GAAK,MAAM,uBAAA,CAAwB,SAAA,EAAW,SAAA,EAAW;AAAA,IAC7D,mBAAmB,OAAA,CAAQ;AAAA,GAC5B,CAAA;AACD,EAAA,MAAM,gBAAgB,EAAA,CAAG,cAAA;AACzB,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAIA,sBAAc,mDAAA,EAAqD;AAAA,MAC3E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,WAAW,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,IAAK,kBAAkB,SAAS,CAAA;AACxE,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,IACjC,UAAA,EAAY,oBAAA;AAAA,IACZ,eAAe,OAAA,CAAQ,WAAA;AAAA,IACvB,kBAAA,EAAoB,yBAAA;AAAA,IACpB,QAAA;AAAA,IACA,QAAA,EAAU;AAAA,GACX,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAA,CAAM,MAAM,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,aAAA,EAAe;AAAA,IAC9C,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,mCAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,OAAO,QAAA,EAAS;AAAA,IACtB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,sCAAA;AAAA,IACpB,eAAA,EAAiB,wBAAA;AAAA,IACjB,YAAA,EAAc,4BAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,iCAAiC,MAAM,CAAA;AACtD,EAAA,OAAO;AAAA,IACL,cAAc,MAAA,CAAO,GAAA;AAAA,IACrB,UAAA,EAAY,aAAA,CAAc,MAAA,EAAQ,uBAAuB,CAAA;AAAA,IACzD,KAAA,EAAO,eAAA,CAAgB,MAAA,EAAQ,OAAA,EAAS,uBAAuB,CAAA;AAAA,IAC/D,kBAAkB,MAAA,CAAO,gBAAA;AAAA,IACzB,0BAA0B,MAAA,CAAO;AAAA,GACnC;AACF;AA5KA,IAsBM,sBACA,yBAAA,EACA,uBAAA;AAxBN,IAAA,oBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,+BAAA,GAAA;AAAA,IAAA,cAAA,EAAA;AACA,IAAA,aAAA,EAAA;AACA,IAAA,WAAA,EAAA;AACA,IAAA,iBAAA,EAAA;AACA,IAAA,eAAA,EAAA;AACA,IAAA,gBAAA,EAAA;AAEA,IAAA,eAAA,EAAA;AAeA,IAAM,oBAAA,GAAuB,iDAAA;AAC7B,IAAM,yBAAA,GAA4B,+CAAA;AAClC,IAAM,uBAAA,GAA0B,2BAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACxBhC,IAAA,wBAAA,GAAA,EAAA;AAAA,QAAA,CAAA,wBAAA,EAAA;AAAA,EAAA,2BAAA,EAAA,MAAA,2BAAA;AAAA,EAAA,uBAAA,EAAA,MAAA,uBAAA;AAAA,EAAA,2BAAA,EAAA,MAAA,2BAAA;AAAA,EAAA,6BAAA,EAAA,MAAA,6BAAA;AAAA,EAAA,8BAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAmBA,eAAsB,+BACpB,OAAA,EACoC;AACpC,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI;AACF,IAAA,IAAA,GAAO,MAAM,QAAQ,IAAA,EAAK;AAAA,EAC5B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAIA,sBAAc,2BAAA,EAA6B;AAAA,MACnD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACpE,IAAA,MAAM,IAAIA,sBAAc,oCAAA,EAAsC;AAAA,MAC5D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,YAAY,MAAA,CAAO,MAAA;AACzB,EAAA,IAAI,OAAO,SAAA,KAAc,QAAA,IAAY,CAAC,SAAA,CAAU,MAAK,EAAG;AACtD,IAAA,MAAM,IAAIA,sBAAc,kCAAA,EAAoC;AAAA,MAC1D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,KAAA,GACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,MAAA;AACN,EAAA,MAAM,QAAA,GACJ,OAAO,MAAA,CAAO,QAAA,KAAa,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACxD,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACrB,MAAA;AACN,EAAA,OAAO,EAAE,MAAA,EAAQ,SAAA,CAAU,IAAA,EAAK,EAAG,OAAO,QAAA,EAAS;AACrD;AAEA,eAAsB,8BAA8B,KAAA,EAMqB;AACvE,EAAA,MAAM,SAAA,GAAY,MAAM,KAAA,IAAS,KAAA;AACjC,EAAA,MAAM,YAAA,GAAe,4BAAA,CAA6B,KAAA,CAAM,SAAS,CAAA;AACjE,EAAA,MAAM,MAAM,CAAA,EAAG,YAAY,gBAAgB,kBAAA,CAAmB,KAAA,CAAM,cAAc,CAAC,CAAA,mBAAA,CAAA;AACnF,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,MAAM,CAAA,CAAA;AAAA,MACrC,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAA,CAAM,KAAA,GAAQ,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI,EAAE,CAAA;AAAA,IAC9D,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,8CAAA;AAAA,IACpB,eAAA,EAAiB,wBAAA;AAAA,IACjB,YAAA,EAAc,+BAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,cAAc,MAAA,CAAO,YAAA;AAC3B,EAAA,IAAI,OAAO,WAAA,KAAgB,QAAA,IAAY,CAAC,WAAA,CAAY,MAAK,EAAG;AAC1D,IAAA,MAAM,IAAIA,sBAAc,6CAAA,EAA+C;AAAA,MACrE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAMK;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,SAAA,GACJ,OAAO,MAAA,CAAO,UAAA,KAAe,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,GACtE,MAAA,CAAO,UAAA,GACP,GAAA;AACN,EAAA,MAAM,QACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,OAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,MAAM,IAAA,EAAK,GAClB,KAAA,CAAM,KAAA,EAAO,MAAK,IAAK,UAAA;AAE7B,EAAA,OAAO;AAAA,IACL,YAAA,EAAc,YAAY,IAAA,EAAK;AAAA,IAC/B,UAAA,EAAY,SAAA;AAAA,IACZ;AAAA,GACF;AACF;AAEA,eAAsB,4BAA4B,KAAA,EAUZ;AACpC,EAAA,MAAM,SAAA,GAAY,MAAM,6BAAA,CAA8B;AAAA,IACpD,WAAW,KAAA,CAAM,SAAA;AAAA,IACjB,gBAAgB,KAAA,CAAM,cAAA;AAAA,IACtB,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,OAAO,KAAA,CAAM;AAAA,GACd,CAAA;AAED,EAAA,OAAO,8BAAA,CAA+B;AAAA,IACpC,WAAW,KAAA,CAAM,SAAA;AAAA,IACjB,aAAa,KAAA,CAAM,WAAA;AAAA,IACnB,iBAAiB,KAAA,CAAM,eAAA;AAAA,IACvB,aAAa,SAAA,CAAU,YAAA;AAAA,IACvB,OAAO,SAAA,CAAU,KAAA;AAAA,IACjB,UAAU,KAAA,CAAM,QAAA;AAAA,IAChB,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,mBAAmB,KAAA,CAAM;AAAA,GAC1B,CAAA;AACH;AAEA,eAAsB,wBACpB,OAAA,EACiC;AACjC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAC,CAAA,4BAAA,CAAA;AACtD,EAAA,MAAM,IAAA,GAA+B,EAAE,MAAA,EAAQ,OAAA,CAAQ,MAAA,EAAO;AAC9D,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,IAAA,EAAK;AAAA,EAClC;AACA,EAAA,IAAI,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,EAAG;AAC5B,IAAA,IAAA,CAAK,QAAA,GAAW,OAAA,CAAQ,QAAA,CAAS,IAAA,EAAK;AAAA,EACxC;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,wCAAA;AAAA,IACpB,eAAA,EAAiBA,wBAAAA;AAAA,IACjB,YAAA,EAAc,yBAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,WAAA,GAAc,yCAAyC,MAAM,CAAA;AACnE,EAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,IAAa,MAAA,CAAO,UAAA;AAChD,EAAA,MAAM,SAAA,GACJ,OAAO,YAAA,KAAiB,QAAA,IAAY,aAAa,IAAA,EAAK,GAAI,YAAA,CAAa,IAAA,EAAK,GAAI,MAAA;AAElF,EAAA,OAAO,+BAAA;AAAA,IACL;AAAA,MACE,YAAA,EAAc,WAAA;AAAA,MACd,UAAA,EACE,OAAO,MAAA,CAAO,UAAA,KAAe,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,GACtE,MAAA,CAAO,UAAA,GACP,IAAA;AAAA,MACN,KAAA,EACE,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,UAAA;AAAA,MACN,kBACE,OAAO,MAAA,CAAO,gBAAA,KAAqB,QAAA,GAAW,OAAO,gBAAA,GAAmB,GAAA;AAAA,MAC1E,0BACE,OAAO,MAAA,CAAO,wBAAA,KAA6B,QAAA,GACvC,OAAO,wBAAA,GACP;AAAA,KACR;AAAA,IACA,EAAE,SAAA;AAAU,GACd;AACF;AAEO,SAAS,4BACd,MAAA,EACyC;AACzC,EAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,cAAA,CAAe,IAAA,EAAK;AAElD,EAAA,OAAO,eAAe,sBAAsB,OAAA,EAAqC;AAC/E,IAAA,IAAI;AACF,MAAA,IAAI,OAAA,CAAQ,WAAW,MAAA,EAAQ;AAC7B,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,oBAAA,EAAsB,CAAA,EAAG;AAAA,UACnE,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,8BAAA,CAA+B,OAAO,CAAA;AAC3D,MAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,QAAA,EAAU,IAAA,EAAK,IAAK,cAAA;AACrD,MAAA,IAAI,sBAAsB,cAAA,EAAgB;AACxC,QAAA,MAAM,IAAIL,sBAAc,kDAAA,EAAoD;AAAA,UAC1E,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA,SACP,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,2BAAA,CAA4B;AAAA,QAC/C,WAAW,MAAA,CAAO,SAAA;AAAA,QAClB,cAAA;AAAA,QACA,aAAa,MAAA,CAAO,WAAA;AAAA,QACpB,iBAAiB,MAAA,CAAO,eAAA;AAAA,QACxB,QAAQ,MAAA,CAAO,MAAA;AAAA,QACf,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,UAAU,MAAA,CAAO,QAAA;AAAA,QACjB,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAED,MAAA,MAAM,cAAA,GACJ,OAAO,MAAA,CAAO,SAAA,KAAc,QAAA,IAAY,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,GAC1D,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,GACtB,KAAA,CAAA;AAEN,MAAA,MAAM,OAAO,+BAAA,CAAgC,MAAA,EAAQ,EAAE,SAAA,EAAW,gBAAgB,CAAA;AAClF,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,QACxC,MAAA,EAAQ,GAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,eAAA,EAAiB;AAAA;AACnB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,2BAA2B,KAAK,CAAA;AAAA,IACzC;AAAA,EACF,CAAA;AACF;AAxPA,IAiBMK,wBAAAA;AAjBN,IAAA,qBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,gCAAA,GAAA;AAAA,IAAA,iBAAA,EAAA;AACA,IAAA,WAAA,EAAA;AACA,IAAA,eAAA,EAAA;AACA,IAAA,mBAAA,EAAA;AACA,IAAA,oBAAA,EAAA;AAaA,IAAMA,wBAAAA,GAA0B,2BAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;AChBzB,IAAM,qBAAA,GAAwB;AAErC,IAAM,oBAAA,GAAuB,CAAA;AAG7B,SAAS,sBAAsB,KAAA,EAAuB;AACpD,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,aAAa,EAAA,EAAI;AACnB,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,MAAM,KAAA,CAAM,MAAA;AAChB,EAAA,OAAO,MAAM,QAAA,GAAW,CAAA,IAAK,MAAM,GAAA,GAAM,CAAC,MAAM,GAAA,EAAK;AACnD,IAAA,GAAA,IAAO,CAAA;AAAA,EACT;AACA,EAAA,IAAI,GAAA,KAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,GAAA,GAAM,QAAA;AAAA,EACR;AACA,EAAA,MAAM,OAAA,GAAU,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAClC,EAAA,OAAO,OAAA,CAAQ,MAAA,GAAS,CAAA,GAAI,OAAA,GAAU,GAAA;AACxC;AAEO,SAAS,oBAAA,GAA+B;AAC7C,EAAA,OAAO,oBAAoB,qBAAqB,CAAA;AAClD;AAEO,SAAS,oBAAoB,KAAA,EAAuB;AACzD,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,IAAK,QAAQ,CAAA,EAAG;AACxC,IAAA,OAAO,oBAAA,EAAqB;AAAA,EAC9B;AACA,EAAA,OAAO,qBAAA,CAAsB,KAAA,CAAM,OAAA,CAAQ,oBAAoB,CAAC,CAAA;AAClE;AAEO,SAAS,mBAAmB,GAAA,EAA+C;AAChF,EAAA,IAAI,GAAA,KAAQ,IAAA,IAAQ,GAAA,KAAQ,MAAA,EAAW;AACrC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,EAAK;AACjC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,CAAA,GAAI,OAAO,OAAO,CAAA;AACxB,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,IAAK,IAAI,CAAA,EAAG;AAChC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,oBAAoB,CAAC,CAAA;AAC9B;AAGO,SAAS,6BAA6B,aAAA,EAA+B;AAC1E,EAAA,MAAM,GAAA,GAAM,OAAO,QAAA,CAAS,aAAa,IAAI,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,aAAa,CAAA,GAAI,CAAA;AAC1E,EAAA,OAAO,mBAAA,CAAoB,qBAAA,IAAyB,CAAA,GAAI,GAAA,GAAM,GAAA,CAAI,CAAA;AACpE;AAGO,SAAS,6BAA6B,GAAA,EAAwC;AACnF,EAAA,MAAM,IAAA,GAAO,mBAAmB,GAAG,CAAA;AACnC,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,MAAM,CAAA,GAAI,OAAO,IAAI,CAAA;AACrB,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,IAAK,KAAK,qBAAA,EAAuB;AACrD,IAAA,OAAO,CAAA,KAAM,wBAAwB,GAAA,GAAM,EAAA;AAAA,EAC7C;AACA,EAAA,MAAM,GAAA,GAAA,CAAO,CAAA,GAAI,qBAAA,GAAwB,CAAA,IAAK,GAAA;AAC9C,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,GAAG,CAAA,IAAK,OAAO,CAAA,EAAG;AACrC,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,OAAO,GAAA,GAAM,CAAA,KAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,KAAA,CAAM,GAAG,CAAC,CAAA,GAAI,GAAA,CAAI,OAAA,CAAQ,CAAC,CAAA;AAChE;AAEO,SAAS,wBAAwB,GAAA,EAAwC;AAC9E,EAAA,MAAM,IAAA,GAAO,mBAAmB,GAAG,CAAA;AACnC,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAI,CAAA,GAAI,GAAA;AAC5B,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,IAAI,CAAA,EAAG;AAC1B,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA,CAAK,QAAQ,CAAC,CAAA;AACvB;AAEO,SAAS,wBAAwB,GAAA,EAA4B;AAClE,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,EAAK;AACzB,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,CAAA,GAAI,OAAO,OAAO,CAAA;AACxB,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,IAAK,IAAI,CAAA,EAAG;AAChC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,CAAA;AACT;AAGO,SAAS,8BAAA,CACd,qBACA,aAAA,EACQ;AACR,EAAA,MAAM,eAAA,GAAkB,qBAAA;AACxB,EAAA,MAAM,MAAA,GAAS,OAAO,aAAa,CAAA;AACnC,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,MAAM,CAAA,IAAK,UAAU,CAAA,EAAG;AAC3C,IAAA,OAAO,mBAAA;AAAA,EACT;AACA,EAAA,MAAM,QAAQ,MAAA,GAAS,eAAA;AACvB,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,IAAK,SAAS,CAAA,EAAG;AACzC,IAAA,OAAO,mBAAA;AAAA,EACT;AACA,EAAA,OAAQ,sBAAsB,MAAA,CAAO,IAAA,CAAK,MAAM,KAAA,GAAQ,GAAS,CAAC,CAAA,GAAK,QAAA;AACzE;;;AC9GA,aAAA,EAAA;AACA,WAAA,EAAA;AACA,iBAAA,EAAA;AAqBO,SAAS,8BAA8B,KAAA,EAIlB;AAC1B,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,MAAM,QAAA,CAAS,SAAA;AAAA,IAC1B,gBAAgB,KAAA,CAAM,cAAA;AAAA,IACtB,mBAAA,EAAqB,KAAA,CAAM,QAAA,CAAS,oBAAA,CAAqB,QAAA,EAAS;AAAA,IAClE,MAAA,EAAQ,MAAM,QAAA,CAAS,cAAA;AAAA,IACvB,MAAA,EAAQ,MAAM,QAAA,CAAS,MAAA;AAAA,IACvB,QAAA,EAAU,MAAM,QAAA,CAAS,QAAA;AAAA,IACzB,OAAA,EAAS,MAAM,QAAA,CAAS,OAAA;AAAA,IACxB,kBAAkB,KAAA,CAAM,gBAAA;AAAA,IACxB,WAAA,EAAa,MAAM,QAAA,CAAS,WAAA;AAAA,IAC5B,aAAA,EAAe,MAAM,QAAA,CAAS,aAAA;AAAA,IAC9B,gBAAA,EAAkB,MAAM,QAAA,CAAS;AAAA,GACnC;AACF;AAEA,SAAS,SAAA,CAAU,WAAmB,cAAA,EAAgC;AACpE,EAAA,MAAM,SAAS,IAAI,GAAA,CAAI,oBAAA,CAAqB,SAAS,CAAC,CAAA,CAAE,MAAA;AACxD,EAAA,OAAO,CAAA,EAAG,MAAM,CAAA,aAAA,EAAgB,kBAAA,CAAmB,cAAc,CAAC,CAAA,qBAAA,CAAA;AACpE;AAEA,eAAe,iBAAiB,QAAA,EAAsD;AACpF,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,EAAA,IAAI,CAAC,IAAA,CAAK,IAAA,EAAK,EAAG;AAChB,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAkB,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AACvC,IAAA,OAAO,OAAO,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,IAAA,IAAQ,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,GACxE,MAAA,GACD,EAAC;AAAA,EACP,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAC;AAAA,EACV;AACF;AAEA,eAAsB,mBACpB,OAAA,EACmC;AACnC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,SAAA,CAAU,OAAA,CAAQ,SAAA,EAAW,QAAQ,cAAc,CAAA;AAC/D,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,IACnC,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,IAAA,GAAO,MAAM,gBAAA,CAAiB,QAAQ,CAAA;AAC5C,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,OAAA,GACJ,OAAO,IAAA,CAAK,KAAA,KAAU,WAClB,IAAA,CAAK,KAAA,GACL,CAAA,6BAAA,EAAgC,QAAA,CAAS,MAAM,CAAA,CAAA,CAAA;AACrD,IAAA,MAAM,IAAIL,sBAAc,OAAA,EAAS;AAAA,MAC/B,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,IAAA,EAAM,eAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,QAAA,EAAU,OAAA,CAAQ,IAAA,CAAK,QAAQ,CAAA;AAAA,IAC/B,SAAA,EAAW,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA;AAAA,IACjC,MAAA,EAAQ,IAAA,CAAK,MAAA,KAAW,WAAA,GAAc,WAAA,GAAc;AAAA,GACtD;AACF;AAEA,eAAsB,yBACpB,OAAA,EAC8F;AAC9F,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,SAAA,CAAU,OAAA,CAAQ,SAAA,EAAW,QAAQ,cAAc,CAAA;AAC/D,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,OAAA,CAAQ,SAAS,CAAA;AAAA,IACjD,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,IAAA,GAAO,MAAM,gBAAA,CAAiB,QAAQ,CAAA;AAC5C,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,OAAA,GACJ,OAAO,IAAA,CAAK,KAAA,KAAU,WAClB,IAAA,CAAK,KAAA,GACL,CAAA,mCAAA,EAAsC,QAAA,CAAS,MAAM,CAAA,CAAA,CAAA;AAC3D,IAAA,MAAM,IAAIA,sBAAc,OAAA,EAAS;AAAA,MAC/B,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,IAAA,EAAM,eAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAA,GAAI,IAAA,CAAK,UAAU,EAAC;AACjE,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,UAAA,CAAW,GAAA,CAAI,CAAC,KAAA,KAAU;AACjC,MAAA,MAAM,GAAA,GAAO,SAAS,EAAC;AACvB,MAAA,OAAO;AAAA,QACL,WAAW,OAAO,GAAA,CAAI,SAAA,KAAc,QAAA,GAAW,IAAI,SAAA,GAAY,MAAA;AAAA,QAC/D,EAAA,EAAI,IAAI,EAAA,KAAO,IAAA;AAAA,QACf,QAAA,EAAU,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AAAA,QAC9B,SAAA,EAAW,OAAA,CAAQ,GAAA,CAAI,SAAS,CAAA;AAAA,QAChC,MAAA,EAAQ,GAAA,CAAI,MAAA,KAAW,WAAA,GAAc,WAAA,GAAc;AAAA,OACrD;AAAA,IACF,CAAC;AAAA,GACH;AACF;;;ACpIA,SAAS,eAAA,CAAgB,KAAA,EAAiC,QAAA,GAAW,EAAA,EAAY;AAC/E,EAAA,IAAI;AACF,IAAA,OAAO,OAAO,KAAK,CAAA;AAAA,EACrB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,QAAA;AAAA,EACT;AACF;AAGO,SAAS,4BAAA,CAA6B,GAAA,mBAAY,IAAI,IAAA,EAAK,EAGhE;AACA,EAAA,MAAM,CAAA,GAAI,IAAI,cAAA,EAAe;AAC7B,EAAA,MAAM,CAAA,GAAI,IAAI,WAAA,EAAY;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAC,CAAC,CAAA;AACpD,EAAA,MAAM,GAAA,GAAM,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,CAAA,GAAI,CAAA,EAAG,CAAA,EAAG,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAC,CAAA;AAC3D,EAAA,OAAO,EAAE,WAAW,KAAA,CAAM,WAAA,IAAe,OAAA,EAAS,GAAA,CAAI,aAAY,EAAE;AACtE;AAMO,SAAS,oBAAoB,GAAA,EAAmC;AACrE,EAAA,IAAI,GAAA,IAAO,MAAM,OAAO,IAAA;AACxB,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,EAAK;AACzB,EAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,EAAA,MAAM,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA;AAC5B,EAAA,IAAI,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA,EAAG,OAAO,IAAA;AAC5B,EAAA,OAAO,OAAA;AACT;AAQO,SAAS,8BAAA,CACd,QACA,cAAA,EACsB;AACtB,EAAA,MAAM,IAAA,GAAO,QAAQ,MAAA,CAAO,CAAC,QAAQ,GAAA,CAAI,cAAA,KAAmB,cAAc,CAAA,IAAK,EAAC;AAChF,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,OAAO;AAAA,MACL,cAAA;AAAA,MACA,YAAA,EAAc,CAAA;AAAA,MACd,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,IAAI,YAAA,GAAe,CAAA;AACnB,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,IAAI,IAAI,MAAA,EAAQ;AACd,MAAA,MAAA,IAAU,MAAA,CAAO,IAAI,MAAM,CAAA;AAAA,IAC7B;AACA,IAAA,YAAA,IAAgB,GAAA,CAAI,YAAA;AAAA,EACtB;AAEA,EAAA,OAAO;AAAA,IACL,cAAA;AAAA,IACA,YAAA;AAAA,IACA,MAAA,EAAQ,OAAO,QAAA;AAAS,GAC1B;AACF;AAKO,SAAS,6BAAA,CACd,OACA,cAAA,EACsB;AACtB,EAAA,OAAO,8BAAA,CAA+B,KAAA,CAAM,MAAA,EAAQ,cAAc,CAAA;AACpE;AAKO,SAAS,yBAAyB,KAAA,EAAyB;AAChE,EAAA,MAAM,IAAA,GAAO,KAAA,CAAM,eAAA,IAAmB,EAAC;AACvC,EAAA,OAAO,CAAC,GAAG,IAAI,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM;AAC9B,IAAA,MAAM,CAAA,GAAI,CAAA,CAAE,QAAA,CAAS,aAAA,CAAc,EAAE,QAAQ,CAAA;AAC7C,IAAA,IAAI,CAAA,KAAM,GAAG,OAAO,CAAA;AACpB,IAAA,OAAO,CAAA,CAAE,OAAA,CAAQ,aAAA,CAAc,CAAA,CAAE,OAAO,CAAA;AAAA,EAC1C,CAAC,CAAA;AACH;AAGO,SAAS,4BAAA,CACd,OACA,cAAA,EACU;AACV,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAY;AAChC,EAAA,KAAA,MAAW,GAAA,IAAO,KAAA,CAAM,MAAA,IAAU,EAAC,EAAG;AACpC,IAAA,IAAI,GAAA,CAAI,cAAA,KAAmB,cAAA,IAAkB,GAAA,CAAI,cAAc,SAAA,EAAW;AACxE,MAAA,OAAA,CAAQ,GAAA,CAAI,IAAI,SAAS,CAAA;AAAA,IAC3B;AAAA,EACF;AACA,EAAA,OAAO,CAAC,GAAG,OAAO,CAAA;AACpB;AAGO,IAAM,oCAAA,GAAuC;AAY7C,SAAS,iCAAA,CACd,aACA,cAAA,EACkB;AAClB,EAAA,MAAM,IAAA,GAAO,WAAA,CAAY,MAAA,IAAU,EAAC;AACpC,EAAA,IAAI,YAAA,GAAe,CAAA;AACnB,EAAA,IAAI,mBAAA,GAAsB,EAAA;AAC1B,EAAA,IAAI,oBAAA,GAAuB,EAAA;AAC3B,EAAA,IAAI,wBAAA,GAA2B,EAAA;AAC/B,EAAA,IAAI,QAAA,GAAW,KAAA;AAEf,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,IAAI,GAAA,CAAI,mBAAmB,cAAA,EAAgB;AAC3C,IAAA,YAAA,IAAgB,GAAA,CAAI,YAAA;AACpB,IAAA,IAAI,GAAA,CAAI,QAAA,EAAU,QAAA,GAAW,GAAA,CAAI,QAAA;AACjC,IAAA,IAAI,IAAI,mBAAA,EAAqB;AAC3B,MAAA,mBAAA,IAAuB,MAAA,CAAO,IAAI,mBAAmB,CAAA;AAAA,IACvD;AACA,IAAA,IAAI,IAAI,oBAAA,EAAsB;AAC5B,MAAA,oBAAA,IAAwB,MAAA,CAAO,IAAI,oBAAoB,CAAA;AAAA,IACzD;AACA,IAAA,IAAI,IAAI,wBAAA,EAA0B;AAChC,MAAA,wBAAA,IAA4B,MAAA,CAAO,IAAI,wBAAwB,CAAA;AAAA,IACjE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,cAAA;AAAA,IACA,YAAA;AAAA,IACA,QAAA;AAAA,IACA,mBAAA,EAAqB,oBAAoB,QAAA,EAAS;AAAA,IAClD,oBAAA,EAAsB,qBAAqB,QAAA,EAAS;AAAA,IACpD,wBAAA,EAA0B,yBAAyB,QAAA;AAAS,GAC9D;AACF;AAGO,SAAS,0BACd,mBAAA,EAC+B;AAC/B,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,mBAAmB,CAAA,EAAG;AACtC,IAAA,SAAA,GAAY,mBAAA;AAAA,EACd,WAAW,mBAAA,EAAqB;AAC9B,IAAA,SAAA,GAAY,CAAC,mBAAmB,CAAA;AAAA,EAClC,CAAA,MAAO;AACL,IAAA,SAAA,GAAY,EAAC;AAAA,EACf;AACA,EAAA,MAAM,KAAA,uBAAY,GAAA,EAAyC;AAE3D,EAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,IAAA,KAAA,MAAW,GAAA,IAAO,QAAA,CAAS,eAAA,IAAmB,EAAC,EAAG;AAChD,MAAA,MAAM,EAAE,QAAA,EAAU,OAAA,EAAQ,GAAI,GAAA;AAC9B,MAAA,IAAI,CAAC,QAAA,IAAY,CAAC,OAAA,EAAS;AAC3B,MAAA,MAAM,MAAM,IAAA,CAAK,SAAA,CAAU,CAAC,QAAA,EAAU,OAAO,CAAC,CAAA;AAC9C,MAAA,MAAM,QAAA,GAAW,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAC9B,MAAA,MAAM,WAAA,GAAc,IAAI,QAAA,IAAY,KAAA;AAEpC,MAAA,MAAM,UAAA,GAAa,IAAI,mBAAA,IAAuB,GAAA;AAC9C,MAAA,MAAM,WAAA,GAAc,IAAI,oBAAA,IAAwB,GAAA;AAChD,MAAA,MAAM,eAAA,GAAkB,IAAI,wBAAA,IAA4B,GAAA;AAExD,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,KAAA,CAAM,IAAI,GAAA,EAAK;AAAA,UACb,QAAA;AAAA,UACA,OAAA;AAAA,UACA,cAAc,GAAA,CAAI,YAAA;AAAA,UAClB,QAAA,EAAU,WAAA;AAAA,UACV,mBAAA,EAAqB,UAAA;AAAA,UACrB,oBAAA,EAAsB,WAAA;AAAA,UACtB,wBAAA,EAA0B;AAAA,SAC3B,CAAA;AACD,QAAA;AAAA,MACF;AACA,MAAA,KAAA,CAAM,IAAI,GAAA,EAAK;AAAA,QACb,GAAG,QAAA;AAAA,QACH,YAAA,EAAc,QAAA,CAAS,YAAA,GAAe,GAAA,CAAI,YAAA;AAAA,QAC1C,mBAAA,EAAA,CACE,gBAAgB,QAAA,CAAS,mBAAmB,IAAI,eAAA,CAAgB,UAAU,GAC1E,QAAA,EAAS;AAAA,QACX,oBAAA,EAAA,CACE,gBAAgB,QAAA,CAAS,oBAAoB,IAAI,eAAA,CAAgB,WAAW,GAC5E,QAAA,EAAS;AAAA,QACX,wBAAA,EAAA,CACE,gBAAgB,QAAA,CAAS,wBAAwB,IAAI,eAAA,CAAgB,eAAe,GACpF,QAAA;AAAS,OACZ,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,OAAO,CAAC,GAAG,KAAA,CAAM,MAAA,EAAQ,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM;AACxC,IAAA,IAAI,CAAA,CAAE,aAAa,CAAA,CAAE,QAAA,SAAiB,CAAA,CAAE,OAAA,CAAQ,aAAA,CAAc,CAAA,CAAE,OAAO,CAAA;AACvE,IAAA,OAAO,CAAA,CAAE,QAAA,CAAS,aAAA,CAAc,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC5C,CAAC,CAAA;AACH;AAGO,SAAS,wBAAA,CACd,WAAA,EACA,cAAA,EACA,kBAAA,EACA,UAAA,EACqB;AACrB,EAAA,MAAM,OAAA,GAAU,iCAAA,CAAkC,WAAA,EAAa,cAAc,CAAA;AAC7E,EAAA,MAAM,cAAA,GAAiB,0BAA0B,kBAAkB,CAAA;AACnE,EAAA,MAAM,eAAA,GAA2C,UAAA,EAAY,eAAA,IAAmB,EAAC;AACjF,EAAA,OAAO;AAAA,IACL,UAAU,WAAA,CAAY,QAAA;AAAA,IACtB,QAAQ,WAAA,CAAY,MAAA;AAAA,IACpB,WAAA,EAAa;AAAA,MACX,gBAAgB,OAAA,CAAQ,cAAA;AAAA,MACxB,cAAc,OAAA,CAAQ,YAAA;AAAA,MACtB,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,qBAAqB,OAAA,CAAQ,mBAAA;AAAA,MAC7B,sBAAsB,OAAA,CAAQ,oBAAA;AAAA,MAC9B,0BAA0B,OAAA,CAAQ,wBAAA;AAAA,MAClC,cAAA;AAAA,MACA;AAAA;AACF,GACF;AACF;AAGO,IAAM,wBAAA,GAA2B;;;AC9OxC,aAAA,EAAA;AACA,cAAA,EAAA;AACA,WAAA,EAAA;ACTO,SAAS,yBAAyB,IAAA,EAAoC;AAC3E,EAAA,IAAI,CAAC,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AAC5D,IAAA,OAAO,EAAE,YAAA,EAAc,EAAC,EAAG,oBAAA,EAAsB,EAAC,EAAE;AAAA,EACtD;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,YAAA,GAAe,oBAAA,CAAqB,MAAA,CAAO,YAAY,CAAA;AAC7D,EAAA,MAAM,oBAAA,GAAuB,oBAAA,CAAqB,MAAA,CAAO,oBAAoB,CAAA;AAC7E,EAAA,MAAM,eAAA,GACJ,OAAO,MAAA,CAAO,eAAA,KAAoB,QAAA,IAAY,MAAA,CAAO,eAAA,CAAgB,IAAA,EAAK,GACtE,MAAA,CAAO,eAAA,CAAgB,IAAA,EAAK,GAC5B,MAAA;AACN,EAAA,OAAO,EAAE,YAAA,EAAc,oBAAA,EAAsB,eAAA,EAAgB;AAC/D;AAEA,SAAS,qBAAqB,GAAA,EAAuC;AACnE,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,SAAU,EAAC;AACjC,EAAA,OAAO,GAAA,CAAI,MAAA;AAAA,IACT,CAAC,CAAA,KACC,CAAC,CAAC,KACF,OAAO,CAAA,KAAM,QAAA,IACb,OAAQ,CAAA,CAA6B,QAAA,KAAa,QAAA,IAClD,OAAQ,EAA4B,OAAA,KAAY;AAAA,GACpD;AACF;AAEA,SAAS,WAAW,IAAA,EAAwD;AAC1E,EAAA,OAAO,CAAC,GAAG,IAAI,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM;AAC9B,IAAA,MAAM,CAAA,GAAI,CAAA,CAAE,QAAA,CAAS,aAAA,CAAc,EAAE,QAAQ,CAAA;AAC7C,IAAA,OAAO,MAAM,CAAA,GAAI,CAAA,CAAE,QAAQ,aAAA,CAAc,CAAA,CAAE,OAAO,CAAA,GAAI,CAAA;AAAA,EACxD,CAAC,CAAA;AACH;AAEO,SAAS,wBACd,IAAA,EAIQ;AACR,EAAA,IAAI,QAAQ,IAAA,EAAM;AAChB,IAAA,OAAO,aAAA;AAAA,EACT;AACA,EAAA,IAAI,IAAA,CAAK,eAAA,EAAiB,IAAA,EAAK,EAAG;AAChC,IAAA,OAAO,IAAA,CAAK,gBAAgB,IAAA,EAAK;AAAA,EACnC;AACA,EAAA,MAAM,IAAA,GAAO,UAAA,CAAW,IAAA,CAAK,YAAA,IAAgB,EAAE,CAAA;AAC/C,EAAA,MAAM,IAAA,GAAO,UAAA,CAAW,IAAA,CAAK,oBAAA,IAAwB,EAAE,CAAA;AACvD,EAAA,IAAI,IAAA,CAAK,MAAA,KAAW,CAAA,IAAK,IAAA,CAAK,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAOM,kBAAW,QAAQ,CAAA,CACvB,OAAO,IAAA,CAAK,SAAA,CAAU,EAAE,YAAA,EAAc,IAAA,EAAM,sBAAsB,IAAA,EAAM,CAAC,CAAA,CACzE,MAAA,CAAO,KAAK,CAAA,CACZ,KAAA,CAAM,GAAG,EAAE,CAAA;AAChB;;;AD1CA,iBAAA,EAAA;;;AERO,IAAM,qBAAA,GAAwB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAElD,IAAM,6BAAA,GAAgC,IAAA,CAAK,KAAA,CAAM,qBAAA,GAAwB,GAAI;AAG7E,IAAM,cAAA,GAAiB;AAGvB,IAAM,+BAAA,GAAkC;AAaxC,SAAS,2BAA2B,KAAA,EAA4B;AACrE,EAAA,MAAM,YAAY,KAAA,YAAiB,IAAA,GAAO,KAAA,GAAQ,IAAI,KAAK,KAAK,CAAA;AAChE,EAAA,OAAO,IAAI,IAAA,CAAK,SAAA,CAAU,OAAA,KAAY,qBAAqB,CAAA;AAC7D;AAGO,IAAM,sBAAA,GAAyB;AAM/B,SAAS,gBAAgB,QAAA,EAA2B;AACzD,EAAA,MAAM,CAAA,GAAI,SAAS,IAAA,EAAK;AACxB,EAAA,OAAO,CAAA,CAAE,WAAW,KAAK,CAAA,IAAK,EAAE,KAAA,CAAM,GAAG,EAAE,MAAA,IAAU,CAAA;AACvD;AAGO,SAAS,2BAA2B,QAAA,EAA2B;AACpE,EAAA,MAAM,CAAA,GAAI,SAAS,IAAA,EAAK;AACxB,EAAA,OAAO,CAAA,CAAE,MAAA,GAAS,CAAA,IAAK,CAAC,gBAAgB,CAAC,CAAA;AAC3C;AAEA,SAAS,uBAAuB,UAAA,EAA4B;AAC1D,EAAA,MAAM,UAAA,GAAa,WAAW,UAAA,CAAW,GAAA,EAAK,GAAG,CAAA,CAAE,UAAA,CAAW,KAAK,GAAG,CAAA;AACtE,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,WAAW,MAAA,GAAS,CAAC,CAAA,GAAI,CAAA,EAAG,GAAG,CAAA;AAC1E,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,OAAO,OAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA,CAAE,SAAS,MAAM,CAAA;AAAA,EACtD;AACA,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;AASO,SAAS,aAAa,QAAA,EAA+B;AAC1D,EAAA,IAAI;AACF,IAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AAChC,IAAA,IAAI,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG,OAAO,IAAA;AAC7B,IAAA,MAAM,WAAA,GAAc,sBAAA,CAAuB,KAAA,CAAM,CAAC,CAAC,CAAA;AACnD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AACtC,IAAA,IAAI,OAAO,OAAA,CAAQ,GAAA,KAAQ,QAAA,IAAY,CAAC,OAAO,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA,EAAG,OAAO,IAAA;AAC7E,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,MAAM,GAAI,CAAA;AAC3C,IAAA,IAAI,KAAA,IAAS,GAAG,OAAO,IAAA;AACvB,IAAA,OAAO,IAAI,KAAK,KAAK,CAAA;AAAA,EACvB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAMO,SAAS,2BAA2B,GAAA,EAAgD;AACzF,EAAA,MAAM,WAAA,GAAc,OAAO,GAAA,CAAI,YAAA,KAAiB,WAAW,GAAA,CAAI,YAAA,CAAa,MAAK,GAAI,EAAA;AACrF,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,MAAM,4DAA4D,CAAA;AAAA,EAC9E;AACA,EAAA,IAAI,eAAA,CAAgB,WAAW,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,SAAA,GACJ,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,IAAY,GAAA,CAAI,UAAA,CAAW,IAAA,EAAK,GACtD,GAAA,CAAI,UAAA,CAAW,IAAA,EAAK,GACpB,QAAA;AACN,EAAA,MAAM,YACJ,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,IAC1B,OAAO,QAAA,CAAS,GAAA,CAAI,UAAU,CAAA,IAC9B,IAAI,UAAA,GAAa,CAAA,GACb,KAAK,KAAA,CAAM,GAAA,CAAI,UAAU,CAAA,GACzB,6BAAA;AACN,EAAA,MAAM,KAAA,GACJ,OAAO,GAAA,CAAI,KAAA,KAAU,QAAA,IAAY,GAAA,CAAI,KAAA,CAAM,IAAA,EAAK,GAAI,GAAA,CAAI,KAAA,CAAM,IAAA,EAAK,GAAI,cAAA;AAEzE,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,SAAA;AAAA,IACA,SAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACnHA,WAAA,EAAA;AAGA,IAAM,2BAAA,uBAAkC,GAAA,CAAI;AAAA,EAC1C,+CAAA;AAAA,EACA;AACF,CAAC,CAAA;AAEM,SAAS,cAAc,KAAA,EAA+B;AAC3D,EAAA,IAAI,iBAAiBN,qBAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiBO,8BAAA,EAAmB;AACtC,IAAA,MAAM,QAAQ,KAAA,CAAM,KAAA;AACpB,IAAA,MAAM,cACJ,OAAO,KAAA,CAAM,sBAAsB,QAAA,GAC/B,KAAA,CAAM,oBACN,KAAA,CAAM,OAAA;AACZ,IAAA,MAAM,OAAA,GAAmC,EAAE,GAAG,KAAA,EAAM;AACpD,IAAA,IAAI,OAAO,KAAA,CAAM,SAAA,KAAc,QAAA,EAAU;AACvC,MAAA,OAAA,CAAQ,YAAY,KAAA,CAAM,SAAA;AAAA,IAC5B;AACA,IAAA,OAAO,IAAIP,sBAAc,WAAA,EAAa;AAAA,MACpC,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,MAAM,KAAA,CAAM,KAAA;AAAA,MACZ;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,iBAAiBQ,qCAAA,EAA0B;AAC7C,IAAA,OAAO,IAAIR,qBAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,MACtC,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,MAAM,IAAA,IAAQ,wBAAA;AAAA,MACpB,OAAA,EAAS,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA;AAAM,KAC/B,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAIA,qBAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,MACtC,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,IAAIA,sBAAc,kBAAA,EAAoB;AAAA,IAC3C,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEO,SAAS,gCACd,EAAA,EACuB;AACvB,EAAA,MAAM,SAAS,EAAA,CAAG,iBAAA;AAClB,EAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,CAAC,2BAAA,CAA4B,GAAA,CAAI,MAAM,CAAA,EAAG;AAC1E,IAAA,MAAM,IAAIA,sBAAc,yDAAA,EAA2D;AAAA,MACjF,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,iBAAA,EAAmB,MAAA;AAAO,KACtC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,KAAK,EAAA,CAAG,UAAA;AACd,EAAA,IAAI,OAAO,EAAA,KAAO,QAAA,IAAY,EAAA,CAAG,WAAA,OAAkB,QAAA,EAAU;AAC3D,IAAA,MAAM,IAAIA,sBAAc,iDAAA,EAAmD;AAAA,MACzE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,UAAA,EAAY,EAAA;AAAG,KAC3B,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,YAAY,EAAA,CAAG,UAAA;AACrB,EAAA,IAAI,OAAO,cAAc,QAAA,EAAU;AACjC,IAAA,MAAM,IAAIA,sBAAc,mCAAA,EAAqC;AAAA,MAC3D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,QAAQ,OAAO,EAAA,CAAG,KAAA,KAAU,QAAA,GAAW,GAAG,KAAA,GAAQ,EAAA;AAExD,EAAA,OAAO;AAAA,IACL,cAAc,EAAA,CAAG,YAAA;AAAA,IACjB,UAAA,EAAY,QAAA;AAAA,IACZ,UAAA,EAAY,SAAA;AAAA,IACZ,KAAA;AAAA,IACA,iBAAA,EAAmB;AAAA,GACrB;AACF;AAEO,SAAS,yCACd,EAAA,EACgC;AAChC,EAAA,MAAM,KAAK,EAAA,CAAG,UAAA;AACd,EAAA,IAAI,OAAO,EAAA,KAAO,QAAA,IAAY,EAAA,CAAG,WAAA,OAAkB,QAAA,EAAU;AAC3D,IAAA,MAAM,IAAIA,sBAAc,iDAAA,EAAmD;AAAA,MACzE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,UAAA,EAAY,EAAA;AAAG,KAC3B,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,cAAc,EAAA,CAAG,YAAA;AAAA,IACjB,UAAA,EAAY,QAAA;AAAA,IACZ,YAAY,EAAA,CAAG,UAAA;AAAA,IACf,OAAO,OAAO,EAAA,CAAG,KAAA,KAAU,QAAA,GAAW,GAAG,KAAA,GAAQ;AAAA,GACnD;AACF;AAEO,SAAS,UAAU,QAAA,EAA0B;AAClD,EAAA,OAAO,EAAE,WAAW,QAAA,EAAS;AAC/B;;;AHhDA,IAAMS,qBAAAA,GAAuB,iDAAA;AAC7B,IAAMC,0BAAAA,GAA4B,+CAAA;AAClC,IAAM,2BAAA,GAA8B,+CAAA;AAEpC,IAAM,sBAAA,GAAyB,uBAAA;AAKxB,SAAS,kBAAkB,KAAA,EAAuB;AACvD,EAAA,OAAO,KAAA,CACJ,OAAA,CAAQ,QAAA,EAAU,CAAC,IAAA,KAAS,IAAA,CAAK,WAAA,EAAa,CAAA,CAC9C,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AACtB;AAKO,SAAS,wBAAwB,QAAA,EAA0B;AAChE,EAAA,OAAO,CAAA,EAAG,sBAAsB,CAAA,EAAG,iBAAA,CAAkB,QAAQ,CAAC,CAAA,CAAA;AAChE;AAEO,IAAM,iBAAN,MAAqB;AAAA,EACT,SAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,eAAA;AAAA,EACA,SAAA;AAAA,EACA,MAAA;AAAA,EACA,iBAAA;AAAA,EAEjB,YAAY,OAAA,EAAgC;AAC1C,IAAA,IAAA,CAAK,SAAA,GAAY,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAA;AACvD,IAAA,IAAA,CAAK,iBAAiB,OAAA,CAAQ,cAAA;AAC9B,IAAA,IAAA,CAAK,cAAc,OAAA,CAAQ,WAAA;AAC3B,IAAA,IAAA,CAAK,kBAAkB,OAAA,CAAQ,eAAA;AAC/B,IAAA,IAAA,CAAK,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AAClC,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,MAAA;AACtB,IAAA,IAAA,CAAK,iBAAA,GAAoB,QAAQ,iBAAA,IAAqB,KAAA;AAAA,EACxD;AAAA,EAEA,MAAM,YAAA,CAAa,OAAA,GAA+B,EAAC,EAAmC;AACpF,IAAA,MAAM,KAAK,MAAM,uBAAA,CAAwB,IAAA,CAAK,SAAA,EAAW,KAAK,SAAA,EAAW;AAAA,MACvE,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,mBAAmB,IAAA,CAAK;AAAA,KACzB,CAAA;AACD,IAAA,OAAO,kCAAkC,EAAE,CAAA;AAAA,EAC7C;AAAA,EAEA,aAAa,GAAA,EAAsB;AACjC,IAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,GAAA,CAAI,IAAA,EAAM,CAAA;AACjD,IAAA,OAAO,cAAc,IAAA,CAAK,SAAA;AAAA,EAC5B;AAAA,EAEA,4BACE,YAAA,EAC8B;AAC9B,IAAA,MAAM,SAAS,YAAA,CAAa,GAAA,CAAI,KAAK,CAAA,EAAG,MAAK,IAAK,EAAA;AAClD,IAAA,MAAM,gBAAgB,YAAA,CAAa,GAAA,CAAI,iBAAiB,CAAA,EAAG,MAAK,IAAK,EAAA;AAErE,IAAA,IAAI,CAAC,MAAA,IAAU,CAAC,aAAA,EAAe;AAC7B,MAAA,MAAM,IAAIV,sBAAc,gCAAA,EAAkC;AAAA,QACxD,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,CAAC,IAAA,CAAK,YAAA,CAAa,MAAM,CAAA,EAAG;AAC9B,MAAA,MAAM,IAAIA,sBAAc,oCAAA,EAAsC;AAAA,QAC5D,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,SAAA;AACJ,IAAA,IAAI;AACF,MAAA,SAAA,GAAY,IAAI,IAAI,aAAa,CAAA;AAAA,IACnC,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAIA,sBAAc,oCAAA,EAAsC;AAAA,QAC5D,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,YAAA,GAAe,IAAI,GAAA,CAAI,IAAA,CAAK,SAAS,CAAA,CAAE,MAAA;AAC7C,IAAA,IAAI,SAAA,CAAU,MAAA,KAAW,YAAA,IAAgB,SAAA,CAAU,aAAa,cAAA,EAAgB;AAC9E,MAAA,MAAM,IAAIA,qBAAA;AAAA,QACR,0DAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA;AACR,OACF;AAAA,IACF;AAEA,IAAA,MAAM,WAAW,iBAAA,CAAkB,SAAA,CAAU,aAAa,GAAA,CAAI,WAAW,KAAK,EAAE,CAAA;AAChF,IAAA,MAAM,WAAW,SAAA,CAAU,YAAA,CAAa,IAAI,WAAW,CAAA,EAAG,MAAK,IAAK,EAAA;AAEpE,IAAA,IAAI,CAAC,QAAA,IAAY,CAAC,QAAA,EAAU;AAC1B,MAAA,MAAM,IAAIA,sBAAc,mDAAA,EAAqD;AAAA,QAC3E,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,OAAO;AAAA,MACL,MAAA;AAAA,MACA,aAAA;AAAA,MACA,QAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,YAAA,GAAoD;AACxD,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,MAAA,CAAA;AACpC,IAAA,OAAO,IAAA,CAAK,YAAwC,GAAA,EAAK;AAAA,MACvD,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,KAAA,EAAmD;AACrE,IAAA,MAAM,OAAA,GAAmC;AAAA,MACvC,gBAAgB,KAAA,CAAM;AAAA,KACxB;AACA,IAAA,IAAI,KAAA,CAAM,KAAA,EAAO,OAAA,CAAQ,KAAA,GAAQ,KAAA,CAAM,KAAA;AACvC,IAAA,IAAI,KAAA,CAAM,MAAA,EAAQ,OAAA,CAAQ,MAAA,GAAS,KAAA,CAAM,MAAA;AAEzC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,MAAA,CAAA;AACpC,IAAA,OAAO,IAAA,CAAK,YAA2B,GAAA,EAAK;AAAA,MAC1C,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA;AAAA,MAC5B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,MAAA,EAAmE;AACrF,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,MAAA,CAAQ,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,MAAA,CAAO,cAAc,CAAA;AAC5D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAkC,GAAA,CAAI,QAAA,EAAS,EAAG;AAAA,MAC5D,MAAA,EAAQ,QAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,oBACJ,KAAA,EACsC;AACtC,IAAA,MAAM,GAAA,GAAM,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,KAAA,CAAM,cAAc,CAAC,CAAA,MAAA,CAAA;AACtF,IAAA,MAAM,IAAA,GAAO,MAAM,KAAA,GAAQ,EAAE,OAAO,KAAA,CAAM,KAAA,KAAU,EAAC;AAErD,IAAA,OAAO,IAAA,CAAK,YAAyC,GAAA,EAAK;AAAA,MACxD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,MACzB,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iCAAiC,KAAA,EAGE;AACvC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,mBAAA,CAAA;AACpC,IAAA,OAAO,IAAA,CAAK,YAAyC,GAAA,EAAK;AAAA,MACxD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,QAC5C,cAAA,EAAgB,kBAAA;AAAA,QAChB,MAAA,EAAQ;AAAA,OACV;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAA,CAAM,KAAA,GAAQ,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI,EAAE,CAAA;AAAA,MAC9D,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,+BAA+B,KAAA,EAIF;AACjC,IAAA,IAAI,KAAA,CAAM,SAAA,EAAW,IAAA,EAAK,EAAG;AAC3B,MAAA,MAAM,EAAE,uBAAA,EAAAW,wBAAAA,EAAwB,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,qBAAA,EAAA,EAAA,wBAAA,CAAA,CAAA;AAC1C,MAAA,MAAM,SAAA,GAAY,MAAMA,wBAAAA,CAAwB;AAAA,QAC9C,SAAA,EAAW,KAAA,CAAM,SAAA,CAAU,IAAA,EAAK;AAAA,QAChC,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,OAAO,KAAA,CAAM,KAAA;AAAA,QACb,UAAU,IAAA,CAAK,cAAA;AAAA,QACf,OAAO,IAAA,CAAK;AAAA,OACb,CAAA;AACD,MAAA,OAAO;AAAA,QACL,cAAc,SAAA,CAAU,YAAA;AAAA,QACxB,YAAY,SAAA,CAAU,UAAA;AAAA,QACtB,YAAY,SAAA,CAAU,UAAA;AAAA,QACtB,OAAO,SAAA,CAAU,KAAA;AAAA,QACjB,iBAAA,EAAmB;AAAA,OACrB;AAAA,IACF;AAEA,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,gCAAA,CAAiC;AAAA,MAC5D,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,OAAO,KAAA,CAAM;AAAA,KACd,CAAA;AACD,IAAA,OAAO,KAAK,wBAAA,CAAyB,EAAE,OAAA,EAAS,SAAA,CAAU,cAAc,CAAA;AAAA,EAC1E;AAAA,EAEA,MAAM,uBACJ,KAAA,EACgC;AAChC,IAAA,MAAM,KAAK,MAAM,uBAAA,CAAwB,IAAA,CAAK,SAAA,EAAW,KAAK,SAAA,EAAW;AAAA,MACvE,mBAAmB,IAAA,CAAK;AAAA,KACzB,CAAA;AACD,IAAA,MAAM,MAAA,GAAS,SAAA,CAAU,IAAA,CAAK,WAAW,CAAA;AACzC,IAAA,MAAM,UAAA,GAAa,KAAK,aAAA,EAAc;AACtC,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,IAAA,MAAA,CAAO,GAAA,CAAI,eAAA,EAAiB,KAAA,CAAM,OAAO,CAAA;AACzC,IAAA,MAAA,CAAO,GAAA,CAAI,sBAAsBD,0BAAyB,CAAA;AAC1D,IAAA,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,uBAAA,CAAwB,KAAA,CAAM,QAAQ,CAAC,CAAA;AAE9D,IAAA,IAAI;AACF,MAAA,MAAM,WAAW,MAAME,wCAAA;AAAA,QACrB,EAAA;AAAA,QACA,MAAA;AAAA,QACA,UAAA;AAAA,QACAH,qBAAAA;AAAA,QACA,MAAA;AAAA,QACA,KAAK,yBAAA;AAA0B,OACjC;AACA,MAAA,MAAM,KAAK,MAAMI,gDAAA;AAAA,QACf,EAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,OAAO,gCAAgC,EAAE,CAAA;AAAA,IAC3C,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,cAAc,CAAC,CAAA;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAM,uBAAA,CACJ,KAAA,GAAQ,UAAA,EACiC;AACzC,IAAA,MAAM,KAAK,MAAM,uBAAA,CAAwB,IAAA,CAAK,SAAA,EAAW,KAAK,SAAA,EAAW;AAAA,MACvE,mBAAmB,IAAA,CAAK;AAAA,KACzB,CAAA;AACD,IAAA,MAAM,MAAA,GAAS,SAAA,CAAU,IAAA,CAAK,WAAW,CAAA;AACzC,IAAA,MAAM,UAAA,GAAa,KAAK,aAAA,EAAc;AACtC,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,IAAA,MAAA,CAAO,GAAA,CAAI,SAAS,KAAK,CAAA;AAEzB,IAAA,IAAI;AACF,MAAA,MAAM,WAAW,MAAMC,0CAAA;AAAA,QACrB,EAAA;AAAA,QACA,MAAA;AAAA,QACA,UAAA;AAAA,QACA,MAAA;AAAA,QACA,KAAK,yBAAA;AAA0B,OACjC;AACA,MAAA,MAAM,KAAK,MAAMC,6CAAA;AAAA,QACf,EAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,OAAO,yCAAyC,EAAE,CAAA;AAAA,IACpD,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,cAAc,CAAC,CAAA;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAM,yBAAyB,KAAA,EAGI;AACjC,IAAA,MAAM,KAAK,MAAM,uBAAA,CAAwB,IAAA,CAAK,SAAA,EAAW,KAAK,SAAA,EAAW;AAAA,MACvE,mBAAmB,IAAA,CAAK;AAAA,KACzB,CAAA;AACD,IAAA,MAAM,MAAA,GAAS,SAAA,CAAU,IAAA,CAAK,WAAW,CAAA;AACzC,IAAA,MAAM,UAAA,GAAa,KAAK,aAAA,EAAc;AACtC,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,IAAA,MAAA,CAAO,GAAA,CAAI,eAAA,EAAiB,KAAA,CAAM,OAAO,CAAA;AACzC,IAAA,MAAA,CAAO,GAAA,CAAI,sBAAsBL,0BAAyB,CAAA;AAC1D,IAAA,MAAA,CAAO,GAAA,CAAI,wBAAwB,2BAA2B,CAAA;AAC9D,IAAA,MAAM,iBAAA,GACJ,OAAO,KAAA,CAAM,QAAA,KAAa,YAAY,KAAA,CAAM,QAAA,CAAS,IAAA,EAAK,KAAM,EAAA,GAC5D,KAAA,CAAM,QAAA,CAAS,IAAA,KACf,IAAA,CAAK,SAAA;AACX,IAAA,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,oBAAA,CAAqB,iBAAiB,CAAC,CAAA;AAE9D,IAAA,IAAI;AACF,MAAA,MAAM,WAAW,MAAME,wCAAA;AAAA,QACrB,EAAA;AAAA,QACA,MAAA;AAAA,QACA,UAAA;AAAA,QACAH,qBAAAA;AAAA,QACA,MAAA;AAAA,QACA,KAAK,yBAAA;AAA0B,OACjC;AACA,MAAA,MAAM,KAAK,MAAMI,gDAAA;AAAA,QACf,EAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,OAAO,gCAAgC,EAAE,CAAA;AAAA,IAC3C,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,cAAc,CAAC,CAAA;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,2BACJ,KAAA,EACgC;AAChC,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,mBAAA,CAAoB;AAAA,MAC/C,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,KAAA,EAAO,MAAM,KAAA,IAAS;AAAA,KACvB,CAAA;AAED,IAAA,OAAO,KAAK,wBAAA,CAAyB;AAAA,MACnC,SAAS,SAAA,CAAU,YAAA;AAAA,MACnB,UAAU,KAAA,CAAM;AAAA,KACjB,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,yBAAyB,MAAA,EAEI;AACjC,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,IAAI;AACF,QAAA,OAAO,MAAM,IAAA,CAAK,wBAAA,CAAyB,EAAE,OAAA,EAAS,MAAA,CAAO,SAAS,CAAA;AAAA,MACxE,SAAS,KAAA,EAAO;AACd,QAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAA;AAC9B,QAAA,IAAA,CAAK,MAAA,EAAQ,OAAO,4DAAA,EAA8D;AAAA,UAChF,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,QAAQ,GAAA,CAAI;AAAA,SACb,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,uBAAA,CAAwB,UAAU,CAAA;AAClE,IAAA,IAAI,CAAC,aAAa,YAAA,EAAc;AAC9B,MAAA,MAAM,IAAIb,sBAAc,qDAAA,EAAuD;AAAA,QAC7E,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,KAAK,wBAAA,CAAyB,EAAE,OAAA,EAAS,YAAA,CAAa,cAAc,CAAA;AAAA,EAC7E;AAAA,EAEA,MAAM,QAAA,CAAS,KAAA,GAAyB,EAAC,EAA8B;AACrE,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,MAAA,CAAQ,CAAA;AACpD,IAAA,IAAI,MAAM,SAAA,EAAW,GAAA,CAAI,aAAa,GAAA,CAAI,WAAA,EAAa,MAAM,SAAS,CAAA;AACtE,IAAA,IAAI,MAAM,OAAA,EAAS,GAAA,CAAI,aAAa,GAAA,CAAI,SAAA,EAAW,MAAM,OAAO,CAAA;AAChE,IAAA,IAAI,MAAM,OAAA,EAAS,GAAA,CAAI,aAAa,GAAA,CAAI,SAAA,EAAW,MAAM,OAAO,CAAA;AAChE,IAAA,IAAI,MAAM,MAAA,EAAQ,GAAA,CAAI,aAAa,GAAA,CAAI,QAAA,EAAU,MAAM,MAAM,CAAA;AAC7D,IAAA,IAAI,MAAM,gBAAA,EAAkB,GAAA,CAAI,aAAa,GAAA,CAAI,kBAAA,EAAoB,MAAM,gBAAgB,CAAA;AAC3F,IAAA,IAAI,MAAM,aAAA,EAAe,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAW,QAAQ,CAAA;AAEjE,IAAA,OAAO,IAAA,CAAK,WAAA,CAA8B,GAAA,CAAI,QAAA,EAAS,EAAG;AAAA,MACxD,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,MAAA,EAAoE;AAC3F,IAAA,OAAO,kBAAA,CAAmB;AAAA,MACxB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,gBAAgB,IAAA,CAAK,cAAA;AAAA,MACrB,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,iBAAiB,IAAA,CAAK,eAAA;AAAA,MACtB,MAAA;AAAA,MACA,OAAO,IAAA,CAAK;AAAA,KACb,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,oBACJ,OAAA,EAC8F;AAC9F,IAAA,OAAO,wBAAA,CAAyB;AAAA,MAC9B,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,gBAAgB,IAAA,CAAK,cAAA;AAAA,MACrB,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,iBAAiB,IAAA,CAAK,eAAA;AAAA,MACtB,OAAA;AAAA,MACA,OAAO,IAAA,CAAK;AAAA,KACb,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,gBAAA,GAAmD;AACvD,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,eAAA,CAAA;AAAA,MACxB;AAAA,QACE,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA,EAEA,MAAM,mBAAA,GAA0D;AAC9D,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,mBAAA,CAAA;AACpC,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,WAAA;AAAA,MACtB,GAAA;AAAA,MACA;AAAA,QACE,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AACA,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,KAAK,UAAA,IAAc,CAAA;AAAA,MAC/B,QAAA,EAAU,IAAA,CAAK,QAAA,IAAY,IAAA,CAAK,SAAS;AAAC,KAC5C;AAAA,EACF;AAAA,EAEA,MAAM,mBAAmB,MAAA,EAAyC;AAChE,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,MAAM,CAAC,CAAA,KAAA,CAAA;AAAA,MAC5D;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,cAAA,EAAuD;AAC3E,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,cAAA,CAAgB,CAAA;AAC5D,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,cAAc,CAAA;AACrD,IAAA,OAAO,IAAA,CAAK,WAAA,CAAkC,GAAA,CAAI,QAAA,EAAS,EAAG;AAAA,MAC5D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,kBAAkB,cAAA,EAAyD;AAC/E,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,cAAc,CAAC,CAAA,WAAA,CAAA;AAAA,MACpE;AAAA,QACE,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA,EAEA,MAAM,kBAAA,CACJ,cAAA,EACA,KAAA,EACsF;AACtF,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,cAAc,CAAC,CAAA,WAAA,CAAA;AAAA,MACpE;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AAAA,QAC1B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,cAAA,EAAuD;AAC1E,IAAA,OAAO,IAAA,CAAK,gBAAgB,cAAc,CAAA;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAA,CACJ,cAAA,EACA,KAAA,EACoF;AACpF,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,kBAAA,CAAmB,cAAA,EAAgB;AAAA,MAC3D,iBAAiB,KAAA,CAAM,eAAA;AAAA,MACvB,MAAA,EAAQ,MAAM,MAAA,IAAU,QAAA;AAAA,MACxB,YAAY,KAAA,CAAM;AAAA,KACnB,CAAA;AACD,IAAA,MAAM,IAAA,GAAO,MAAA;AAQb,IAAA,MAAM,SAAS,MAAA,CAAO,UAAA;AACtB,IAAA,OAAO;AAAA,MACL,gBAAgB,MAAA,CAAO,cAAA;AAAA,MACvB,gBAAA,EACE,IAAA,CAAK,gBAAA,IAAoB,MAAA,EAAQ,gBAAA,IAAoB,GAAA;AAAA,MACvD,iBAAA,EACE,IAAA,CAAK,iBAAA,IAAqB,MAAA,EAAQ,iBAAA,IAAqB,GAAA;AAAA,MACzD,wBAAA,EACE,IAAA,CAAK,wBAAA,IAA4B,MAAA,EAAQ,wBAAA,IAA4B,GAAA;AAAA,MACvE,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,MAAA,EAAQ,SAAA,IAAa,KAAA;AAAA,MAClD,kBAAA,EACE,IAAA,CAAK,gBAAA,IAAoB,MAAA,EAAQ,gBAAA;AAAA,MACnC,kBAAkB,IAAA,CAAK,gBAAA;AAAA,MACvB,YAAY,IAAA,CAAK;AAAA,KACnB;AAAA,EACF;AAAA,EAEA,MAAM,oBAAoB,cAAA,EAA2D;AACnF,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,cAAc,CAAC,CAAA,aAAA,CAAA;AAAA,MACpE;AAAA,QACE,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA,EAEA,MAAM,0BAA0B,KAAA,EAKC;AAC/B,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,QAAA,CAAS;AAAA,MACtC,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,OAAA,EAAS;AAAA,KACV,CAAA;AACD,IAAA,MAAM,OAAA,GAAU,4BAAA,CAA6B,WAAA,EAAa,KAAA,CAAM,cAAc,CAAA;AAC9E,IAAA,MAAM,GAAA,GAAM,MAAM,aAAA,IAAiB,wBAAA;AACnC,IAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAC1C,IAAA,MAAM,mBAAA,GAAsB,MAAM,OAAA,CAAQ,GAAA;AAAA,MACxC,aAAA,CAAc,GAAA;AAAA,QAAI,CAAC,MAAA,KACjB,IAAA,CAAK,QAAA,CAAS;AAAA,UACZ,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,SAAS,KAAA,CAAM,OAAA;AAAA,UACf,OAAA,EAAS,gBAAA;AAAA,UACT;AAAA,SACD;AAAA;AACH,KACF;AACA,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,QAAA,CAAS;AAAA,MACrC,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,OAAA,EAAS,gBAAA;AAAA,MACT,QAAQ,KAAA,CAAM;AAAA,KACf,CAAA;AACD,IAAA,OAAO,wBAAA;AAAA,MACL,WAAA;AAAA,MACA,KAAA,CAAM,cAAA;AAAA,MACN,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,IAAA,EAGa;AAChC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,SAAA,CAAA;AACpC,IAAA,MAAM,OAAA,GAAkC;AAAA,MACtC,GAAG,KAAK,oBAAA;AAAqB,KAC/B;AACA,IAAA,IAAI,MAAM,WAAA,EAAa;AACrB,MAAA,OAAA,CAAQ,eAAe,IAAI,IAAA,CAAK,WAAA;AAAA,IAClC;AAEA,IAAA,IAAA,CAAK,QAAQ,KAAA,GAAQ,kBAAA,EAAoB,EAAE,MAAA,EAAQ,KAAA,EAAO,KAAK,CAAA;AAE/D,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,GAAA,EAAK;AAAA,MACzC,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA;AAAA,MACA,QAAQ,IAAA,EAAM,MAAA;AAAA,MACd,KAAA,EAAO;AAAA,KACR,CAAA;AAED,IAAA,MAAM,OAAO,QAAA,CAAS,OAAA,CAAQ,IAAI,MAAM,CAAA,EAAG,MAAK,IAAK,IAAA;AAErD,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,MAAA,OAAO;AAAA,QACL,QAAA,EAAU,IAAA;AAAA,QACV,IAAA,EAAM,IAAA,IAAQ,IAAA,EAAM,WAAA,IAAe,IAAA;AAAA,QACnC,WAAA,EAAa;AAAA,OACf;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,MAAM,QAAA,CAAS,IAAA,EAAK;AAChC,IAAA,MAAM,EAAA,GAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AACnD,IAAA,MAAM,YAAY,EAAA,CAAG,QAAA,CAAS,kBAAkB,CAAA,IAAK,EAAA,CAAG,SAAS,MAAM,CAAA;AACvE,IAAA,MAAM,SAAS,GAAA,IAAO,SAAA,GAAY,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA,GAAI,IAAA;AAE5D,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,OAAA,GAAW,UAAU,EAAC;AAC5B,MAAA,IAAI,WAAA;AACJ,MAAA,IAAI,OAAO,OAAA,CAAQ,iBAAA,KAAsB,QAAA,EAAU;AACjD,QAAA,WAAA,GAAc,OAAA,CAAQ,iBAAA;AAAA,MACxB,CAAA,MAAA,IAAW,OAAO,OAAA,CAAQ,KAAA,KAAU,QAAA,EAAU;AAC5C,QAAA,WAAA,GAAc,OAAA,CAAQ,KAAA;AAAA,MACxB,CAAA,MAAO;AACL,QAAA,WAAA,GAAc,CAAA,gBAAA,EAAmB,SAAS,MAAM,CAAA,CAAA,CAAA;AAAA,MAClD;AACA,MAAA,MAAM,IAAIA,sBAAc,WAAA,EAAa;AAAA,QACnC,QAAQ,QAAA,CAAS,MAAA;AAAA,QACjB,MAAM,OAAO,OAAA,CAAQ,KAAA,KAAU,QAAA,GAAW,QAAQ,KAAA,GAAQ,sBAAA;AAAA,QAC1D;AAAA,OACD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,CAAC,SAAA,IAAa,MAAA,KAAW,IAAA,EAAM;AACjC,MAAA,MAAM,IAAIA,sBAAc,uDAAA,EAAyD;AAAA,QAC/E,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM,kBAAA;AAAA,QACN,OAAA,EAAS,EAAE,WAAA,EAAa,EAAA,EAAI,SAAS,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAAE,OACxD,CAAA;AAAA,IACH;AAEA,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,yBAAyB,MAAM,CAAA;AAAA,MACzC,IAAA;AAAA,MACA,WAAA,EAAa;AAAA,KACf;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iCACJ,KAAA,EAC6B;AAC7B,IAAA,MAAM,KAAK,aAAA,CAAc;AAAA,MACvB,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,OAAO,KAAA,CAAM,KAAA;AAAA,MACb,MAAA,EAAQ;AAAA,KACT,CAAA;AACD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,0BAAA,CAA2B;AAAA,MACrD,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,KAAA,EAAO,MAAM,KAAA,IAAS,cAAA;AAAA,MACtB,UAAU,IAAA,CAAK;AAAA,KAChB,CAAA;AACD,IAAA,OAAO,2BAA2B,QAAQ,CAAA;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,KAAA,EAA+C;AACtE,IAAA,IAAI,KAAA,CAAM,cAAA,IAAkB,KAAA,CAAM,cAAA,KAAmB,KAAK,cAAA,EAAgB;AACxE,MAAA,MAAM,IAAIA,qBAAA;AAAA,QACR,2DAAA;AAAA,QACA,EAAE,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,gBAAA;AAAiB,OACxC;AAAA,IACF;AAEA,IAAA,MAAM,KAAK,aAAA,CAAc;AAAA,MACvB,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,OAAO,KAAA,CAAM,KAAA;AAAA,MACb,MAAA,EAAQ;AAAA,KACT,CAAA;AACD,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,mBAAA,CAAoB;AAAA,MAC/C,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,KAAA,EAAO;AAAA,KACR,CAAA;AACD,IAAA,MAAM,KAAK,sBAAA,CAAuB;AAAA,MAChC,SAAS,SAAA,CAAU,YAAA;AAAA,MACnB,UAAU,KAAA,CAAM;AAAA,KACjB,CAAA;AAAA,EACH;AAAA,EAEQ,yBAAA,GAEwB;AAC9B,IAAA,MAAM,CAAA,GAA0C;AAAA,MAC9C,CAACC,wBAAW,GAAG,IAAA,CAAK;AAAA,KACtB;AACA,IAAA,IAAI,KAAK,iBAAA,EAAmB;AAC1B,MAAA,CAAA,CAAEC,kCAAqB,CAAA,GAAI,IAAA;AAAA,IAC7B;AACA,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEQ,cAAA,GAAyB;AAC/B,IAAA,OAAO,CAAA,EAAG,KAAK,eAAA,EAAiB,gBAAgB,kBAAA,CAAmB,IAAA,CAAK,cAAc,CAAC,CAAA,CAAA;AAAA,EACzF;AAAA,EAEQ,eAAA,GAA0B;AAChC,IAAA,OAAO,IAAI,GAAA,CAAI,IAAA,CAAK,SAAS,CAAA,CAAE,MAAA;AAAA,EACjC;AAAA,EAEQ,cAAA,GAA8B;AACpC,IAAA,OAAO,KAAK,oBAAA,EAAqB;AAAA,EACnC;AAAA,EAEQ,oBAAA,GAA+C;AACrD,IAAA,OAAO;AAAA,MACL,aAAA,EAAe,uBAAA,CAAwB,IAAA,CAAK,WAAA,EAAa,KAAK,eAAe,CAAA;AAAA,MAC7E,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAAA,EAEQ,aAAA,GAA4B;AAClC,IAAA,OAAO,CAAC,GAAA,EAAK,OAAA,EAAS,KAAA,EAAO,OAAA,KAAY;AACvC,MAAA,OAAA,CAAQ,IAAI,eAAA,EAAiB,uBAAA,CAAwB,KAAK,WAAA,EAAa,IAAA,CAAK,eAAe,CAAC,CAAA;AAAA,IAC9F,CAAA;AAAA,EACF;AAAA,EAEA,MAAc,WAAA,CAAe,GAAA,EAAa,IAAA,EAA+B;AACvE,IAAA,IAAA,CAAK,MAAA,EAAQ,QAAQ,kBAAA,EAAoB;AAAA,MACvC,MAAA,EAAQ,KAAK,MAAA,IAAU,KAAA;AAAA,MACvB;AAAA,KACD,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,IAAI,CAAA;AAC/C,IAAA,MAAM,GAAA,GAAM,MAAM,QAAA,CAAS,IAAA,EAAK;AAChC,IAAA,MAAM,EAAA,GAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AACnD,IAAA,MAAM,YAAY,EAAA,CAAG,QAAA,CAAS,kBAAkB,CAAA,IAAK,EAAA,CAAG,SAAS,MAAM,CAAA;AACvE,IAAA,MAAM,MAAA,GAAS,OAAO,SAAA,GAAY,IAAA,CAAK,cAAc,GAAG,CAAA,GAAI,MAAM,IAAA,GAAO,IAAA;AAEzE,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,OAAA,GAAW,UAAU,EAAC;AAC5B,MAAA,IAAI,WAAA;AACJ,MAAA,IAAI,OAAO,OAAA,CAAQ,iBAAA,KAAsB,QAAA,EAAU;AACjD,QAAA,WAAA,GAAc,OAAA,CAAQ,iBAAA;AAAA,MACxB,CAAA,MAAA,IAAW,OAAO,OAAA,CAAQ,KAAA,KAAU,QAAA,EAAU;AAC5C,QAAA,WAAA,GAAc,OAAA,CAAQ,KAAA;AAAA,MACxB,CAAA,MAAO;AACL,QAAA,WAAA,GAAc,CAAA,gBAAA,EAAmB,SAAS,MAAM,CAAA,CAAA,CAAA;AAAA,MAClD;AAEA,MAAA,MAAM,IAAIF,sBAAc,WAAA,EAAa;AAAA,QACnC,QAAQ,QAAA,CAAS,MAAA;AAAA,QACjB,MACE,OAAO,OAAA,CAAQ,KAAA,KAAU,QAAA,GACrB,QAAQ,KAAA,GACR,sBAAA;AAAA,QACN;AAAA,OACD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,CAAC,SAAA,IAAa,MAAA,KAAW,IAAA,EAAM;AACjC,MAAA,MAAM,IAAIA,sBAAc,kDAAA,EAAoD;AAAA,QAC1E,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM,kBAAA;AAAA,QACN,OAAA,EAAS,EAAE,WAAA,EAAa,EAAA,EAAI,SAAS,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAAE,OACxD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEQ,cAAc,KAAA,EAAwB;AAC5C,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,CAAK,MAAM,KAAK,CAAA;AAAA,IACzB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEQ,QAAQ,KAAA,EAA+B;AAC7C,IAAA,IAAI,iBAAiBA,qBAAA,EAAe;AAClC,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,MAAA,OAAO,IAAIA,qBAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,QACtC,IAAA,EAAM,kBAAA;AAAA,QACN,MAAA,EAAQ;AAAA,OACT,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,IAAIA,sBAAc,kBAAA,EAAoB;AAAA,MAC3C,IAAA,EAAM,kBAAA;AAAA,MACN,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;;;AIj0BA,WAAA,EAAA;;;AC7BA,iBAAA,EAAA;AAQO,IAAM,gCAAA,GACX;AASF,SAAS,QAAQ,IAAA,EAA6B;AAC5C,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA;AAC9B,EAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,OAAO,OAAA,IAAW,IAAA;AACpB;AAGO,SAAS,gBAAA,GAA8C;AAC5D,EAAA,MAAM,SAAA,GAAY,QAAQ,sBAAsB,CAAA;AAChD,EAAA,MAAM,cAAA,GAAiB,QAAQ,4BAA4B,CAAA;AAC3D,EAAA,MAAM,WAAA,GAAc,QAAQ,yBAAyB,CAAA;AACrD,EAAA,MAAM,eAAA,GAAkB,QAAQ,6BAA6B,CAAA;AAC7D,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,kBAAkB,CAAC,WAAA,IAAe,CAAC,eAAA,EAAiB;AACrE,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,qBAAqB,SAAS,CAAA;AAAA,IACzC,cAAA;AAAA,IACA,WAAA;AAAA,IACA;AAAA,GACF;AACF;AAGO,SAAS,4BAAA,GAA8C;AAC5D,EAAA,MAAM,GAAA,GAAM,QAAQ,sBAAsB,CAAA;AAC1C,EAAA,IAAI,CAAC,KAAK,OAAO,IAAA;AACjB,EAAA,IAAI;AACF,IAAA,OAAO,oBAAA,CAAqB,IAAI,GAAA,CAAI,GAAG,EAAE,IAAI,CAAA;AAAA,EAC/C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAGO,SAAS,iCAAA,GAAmD;AACjE,EAAA,OAAO,QAAQ,4BAA4B,CAAA;AAC7C;AAGO,SAAS,qBAAA,GAAiC;AAC/C,EAAA,OAAO,kBAAiB,KAAM,IAAA;AAChC;AAGO,SAAS,iCAAiC,SAAA,EAA2B;AAC1E,EAAA,OAAO,oBAAoB,SAAS,CAAA;AACtC;AAGO,SAAS,yBAAyB,SAAA,EAA2B;AAClE,EAAA,OAAO,IAAI,GAAA,CAAI,oBAAA,CAAqB,UAAU,IAAA,EAAM,CAAC,CAAA,CAAE,MAAA;AACzD;;;ADhCA,cAAA,EAAA","file":"index.cjs","sourcesContent":["/**\n * Base64url-safe Basic auth encoding for `client_id:client_secret` (UTF-8).\n * Works in Node, Edge, and Workers without assuming `Buffer`.\n */\nexport function encodeClientSecretBasic(clientId: string, clientSecret: string): string {\n const raw = `${clientId}:${clientSecret}`;\n const b64 =\n typeof Buffer !== \"undefined\"\n ? Buffer.from(raw, \"utf8\").toString(\"base64\")\n : btoa(Array.from(new TextEncoder().encode(raw), (c) => String.fromCharCode(c)).join(\"\"));\n return `Basic ${b64}`;\n}\n","export class PmtHouseError extends Error {\n readonly status: number;\n readonly code: string;\n readonly details?: unknown;\n\n constructor(\n message: string,\n {\n status = 500,\n code = \"pymthouse_error\",\n details,\n }: {\n status?: number;\n code?: string;\n details?: unknown;\n } = {},\n ) {\n super(message);\n this.name = \"PmtHouseError\";\n this.status = status;\n this.code = code;\n this.details = details;\n }\n}\n\nexport function toPmtHouseError(\n error: unknown,\n fallbackMessage: string,\n): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n\n if (error instanceof Error) {\n return new PmtHouseError(error.message || fallbackMessage, {\n code: \"unexpected_error\",\n status: 500,\n });\n }\n\n return new PmtHouseError(fallbackMessage, {\n code: \"unexpected_error\",\n status: 500,\n });\n}\n","/** Removes trailing `/` without regex (linear time). */\nexport function stripTrailingSlashes(value: string): string {\n let end = value.length;\n while (end > 0 && (value.codePointAt(end - 1) ?? 0) === 47) {\n end--;\n }\n return value.slice(0, end);\n}\n\nfunction endsWithIgnoreCase(value: string, suffix: string): boolean {\n if (suffix.length > value.length) {\n return false;\n }\n const start = value.length - suffix.length;\n for (let i = 0; i < suffix.length; i++) {\n const a = value.codePointAt(start + i) ?? 0;\n const b = suffix.codePointAt(i) ?? 0;\n if (a !== b && (a | 32) !== (b | 32)) {\n return false;\n }\n }\n return true;\n}\n\nfunction stripSuffixIgnoreCase(value: string, suffix: string): string {\n return endsWithIgnoreCase(value, suffix)\n ? value.slice(0, value.length - suffix.length)\n : value;\n}\n\n/** Issuer URL (`…/oidc`) → Builder API base (`…/api/v1`). Linear-time; no regex. */\nexport function stripOidcPathSuffix(issuerUrl: string): string {\n let base = stripTrailingSlashes(issuerUrl.trim());\n base = stripSuffixIgnoreCase(base, \"/oidc\");\n return stripTrailingSlashes(base);\n}\n\n/** Issuer URL (`…/api/v1/oidc`) → host origin for signer/API-key routes. Linear-time; no regex. */\nexport function stripIssuerOriginFromOidcUrl(issuerUrl: string): string {\n let base = stripTrailingSlashes(issuerUrl.trim());\n base = stripSuffixIgnoreCase(base, \"/api/v1/oidc\");\n base = stripSuffixIgnoreCase(base, \"/oidc\");\n return stripTrailingSlashes(base);\n}\n\n/** Parse and validate an http(s) facade origin (no path). */\nexport function parseHttpOrigin(raw: string | undefined, fallback: string): string {\n const trimmed = (raw ?? fallback).trim();\n let parsed: URL;\n try {\n parsed = new URL(trimmed);\n } catch {\n throw new TypeError(\"Origin must be a valid http(s) URL\");\n }\n if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") {\n throw new TypeError(\"Origin must use http or https\");\n }\n return parsed.origin;\n}\n\n","import {\n allowInsecureRequests,\n customFetch,\n discoveryRequest,\n processDiscoveryResponse,\n type AuthorizationServer,\n} from \"oauth4webapi\";\nimport { PmtHouseError } from \"./errors.js\";\nimport { stripTrailingSlashes } from \"./string-utils.js\";\nimport type { FetchLike, OidcDiscoveryDocument } from \"./types.js\";\n\nexport function authorizationServerToOidcDocument(as: AuthorizationServer): OidcDiscoveryDocument {\n const tokenEndpoint = as.token_endpoint;\n const jwksUri = as.jwks_uri;\n if (!tokenEndpoint || !jwksUri) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint or jwks_uri\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n return {\n issuer: as.issuer,\n authorization_endpoint: as.authorization_endpoint ?? \"\",\n token_endpoint: tokenEndpoint,\n jwks_uri: jwksUri,\n userinfo_endpoint: as.userinfo_endpoint,\n device_authorization_endpoint: as.device_authorization_endpoint,\n };\n}\n\nconst CACHE_TTL_MS = 5 * 60 * 1000;\n\ntype CacheEntry = {\n as: AuthorizationServer;\n fetchedAt: number;\n};\n\nconst discoveryCache = new Map<string, CacheEntry>();\n\nfunction normalizedIssuerKey(issuerUrl: string): string {\n return stripTrailingSlashes(issuerUrl);\n}\n\nexport interface LoadAuthorizationServerOptions {\n force?: boolean;\n allowInsecureHttp?: boolean;\n}\n\n/**\n * Loads OIDC discovery metadata via oauth4webapi (RFC 8414 / OIDC Discovery), with a 5-minute cache.\n */\nexport async function loadAuthorizationServer(\n issuerUrl: string,\n fetchImpl: FetchLike,\n options: LoadAuthorizationServerOptions = {},\n): Promise<AuthorizationServer> {\n const key = normalizedIssuerKey(issuerUrl);\n const now = Date.now();\n const cached = discoveryCache.get(key);\n\n if (!options.force && cached && now - cached.fetchedAt < CACHE_TTL_MS) {\n return cached.as;\n }\n\n const issuerIdentifier = new URL(key);\n const discoveryOpts: Parameters<typeof discoveryRequest>[1] = {\n algorithm: \"oidc\",\n [customFetch]: fetchImpl,\n };\n if (options.allowInsecureHttp) {\n discoveryOpts[allowInsecureRequests] = true;\n }\n\n let response: Response;\n try {\n response = await discoveryRequest(issuerIdentifier, discoveryOpts);\n } catch (e) {\n throw mapDiscoveryNetworkError(e);\n }\n\n let as: AuthorizationServer;\n try {\n as = await processDiscoveryResponse(issuerIdentifier, response);\n } catch (e) {\n throw mapOAuthDiscoveryError(e);\n }\n\n discoveryCache.set(key, { as, fetchedAt: now });\n return as;\n}\n\nexport async function fetchDiscoveryDocument(\n issuerUrl: string,\n fetchImpl: FetchLike,\n options: LoadAuthorizationServerOptions = {},\n): Promise<OidcDiscoveryDocument> {\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, options);\n return authorizationServerToOidcDocument(as);\n}\n\nexport function clearDiscoveryCache(issuerUrl?: string): void {\n if (!issuerUrl) {\n discoveryCache.clear();\n return;\n }\n discoveryCache.delete(normalizedIssuerKey(issuerUrl));\n}\n\nfunction mapOAuthDiscoveryError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n if (error instanceof Error) {\n return new PmtHouseError(error.message, {\n status: 500,\n code: \"oidc_discovery_invalid\",\n details: { cause: error.cause },\n });\n }\n return new PmtHouseError(\"OIDC discovery failed\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n}\n\nfunction mapDiscoveryNetworkError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n if (error instanceof Error) {\n return new PmtHouseError(`Failed to load OIDC discovery: ${error.message}`, {\n status: 502,\n code: \"oidc_discovery_failed\",\n });\n }\n return new PmtHouseError(\"Failed to load OIDC discovery\", {\n status: 502,\n code: \"oidc_discovery_failed\",\n });\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nfunction oauthFailureDescription(\n parsed: Record<string, unknown>,\n failureLabel: string,\n status: number,\n): string {\n if (typeof parsed.error_description === \"string\") {\n return parsed.error_description;\n }\n if (typeof parsed.error === \"string\") {\n return parsed.error;\n }\n return `${failureLabel} (${status})`;\n}\n\nexport type ReadJsonObjectFromResponseOptions = {\n invalidJsonMessage: string;\n invalidJsonCode: string;\n failureLabel: string;\n defaultErrorCode: string;\n};\n\nexport async function readJsonObjectFromResponse(\n response: Response,\n options: ReadJsonObjectFromResponseOptions,\n): Promise<Record<string, unknown>> {\n const text = await response.text();\n let parsed: Record<string, unknown>;\n try {\n parsed = text ? (JSON.parse(text) as Record<string, unknown>) : {};\n } catch {\n throw new PmtHouseError(options.invalidJsonMessage, {\n status: 502,\n code: options.invalidJsonCode,\n details: { status: response.status },\n });\n }\n\n if (!response.ok) {\n const description = oauthFailureDescription(parsed, options.failureLabel, response.status);\n throw new PmtHouseError(description, {\n status: response.status,\n code: typeof parsed.error === \"string\" ? parsed.error : options.defaultErrorCode,\n details: parsed,\n });\n }\n\n return parsed;\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nfunction isPmtHouseError(error: unknown): error is PmtHouseError {\n if (error instanceof PmtHouseError) {\n return true;\n }\n return (\n error instanceof Error &&\n typeof (error as PmtHouseError).status === \"number\" &&\n typeof (error as PmtHouseError).code === \"string\"\n );\n}\n\nexport function signerHandlerErrorResponse(error: unknown): Response {\n if (isPmtHouseError(error)) {\n return new Response(\n JSON.stringify({\n error: error.code,\n error_description: error.message,\n details: error.details,\n }),\n {\n status: error.status,\n headers: { \"Content-Type\": \"application/json\" },\n },\n );\n }\n const message = error instanceof Error ? error.message : \"Internal error\";\n return new Response(JSON.stringify({ error: \"internal_error\", error_description: message }), {\n status: 500,\n headers: { \"Content-Type\": \"application/json\" },\n });\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nexport function readStringField(\n body: Record<string, unknown>,\n key: string,\n errorCode: string,\n messagePrefix = \"Response\",\n): string {\n const value = body[key];\n if (typeof value !== \"string\" || !value.trim()) {\n throw new PmtHouseError(`${messagePrefix} missing ${key}`, {\n status: 502,\n code: errorCode,\n });\n }\n return value.trim();\n}\n\nexport function readExpiresIn(body: Record<string, unknown>, errorCode: string): number {\n const expiresIn = body.expires_in;\n if (typeof expiresIn !== \"number\" || !Number.isFinite(expiresIn) || expiresIn <= 0) {\n throw new PmtHouseError(\"Response missing expires_in\", {\n status: 502,\n code: errorCode,\n });\n }\n return Math.floor(expiresIn);\n}\n","import { stripTrailingSlashes } from \"../string-utils.js\";\nimport { loadAuthorizationServer } from \"../discovery.js\";\nimport { encodeClientSecretBasic } from \"../encoding.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { readExpiresIn, readStringField } from \"./json-fields.js\";\nimport type { CachedSignerToken, MintUserSignerTokenOptions, MintUserSignerTokenResponse } from \"./types.js\";\n\nexport const SIGN_MINT_USER_TOKEN_SCOPE = \"sign:mint_user_token\";\n\n/** @deprecated Signer JWT `aud` is the OIDC issuer URL; kept for legacy callers. */\nexport const LIVEPEER_REMOTE_SIGNER_AUDIENCE = \"livepeer-remote-signer\";\n\nconst DEFAULT_TTL_REFRESH_RATIO = 0.8;\nconst TOKEN_RESPONSE_ERROR = \"invalid_token_response\";\n\nexport function signerJwtAudience(issuerUrl: string): string {\n return stripTrailingSlashes(issuerUrl);\n}\n\nexport function parseMintUserSignerTokenResponse(\n body: Record<string, unknown>,\n ttlRefreshRatio = DEFAULT_TTL_REFRESH_RATIO,\n): CachedSignerToken {\n const accessToken = readStringField(body, \"access_token\", TOKEN_RESPONSE_ERROR, \"Token response\");\n const expiresIn = readExpiresIn(body, TOKEN_RESPONSE_ERROR);\n const balanceUsdMicros = readStringField(\n body,\n \"balanceUsdMicros\",\n TOKEN_RESPONSE_ERROR,\n \"Token response\",\n );\n const lifetimeGrantedUsdMicros = readStringField(\n body,\n \"lifetimeGrantedUsdMicros\",\n TOKEN_RESPONSE_ERROR,\n \"Token response\",\n );\n const now = Date.now();\n const expiresAt = now + expiresIn * 1000;\n const refreshAt = now + Math.floor(expiresIn * 1000 * ttlRefreshRatio);\n\n return {\n jwt: accessToken,\n expiresAt,\n refreshAt,\n balanceUsdMicros,\n lifetimeGrantedUsdMicros,\n };\n}\n\nexport async function mintUserSignerToken(\n options: MintUserSignerTokenOptions,\n): Promise<CachedSignerToken> {\n const fetchImpl = options.fetch ?? fetch;\n const issuerUrl = stripTrailingSlashes(options.issuerUrl);\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, {\n allowInsecureHttp: options.allowInsecureHttp,\n });\n const tokenEndpoint = as.token_endpoint;\n if (!tokenEndpoint) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n\n const audience = signerJwtAudience(issuerUrl);\n const body = new URLSearchParams({\n grant_type: \"client_credentials\",\n scope: SIGN_MINT_USER_TOKEN_SCOPE,\n external_user_id: options.externalUserId,\n audience,\n });\n\n const response = await fetchImpl(tokenEndpoint, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: body.toString(),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Token endpoint returned invalid JSON\",\n invalidJsonCode: TOKEN_RESPONSE_ERROR,\n failureLabel: \"Token mint failed\",\n defaultErrorCode: \"token_mint_failed\",\n });\n\n return parseMintUserSignerTokenResponse(parsed);\n}\n\nexport function toMintUserSignerTokenResponse(token: CachedSignerToken): MintUserSignerTokenResponse {\n const expiresIn = Math.max(1, Math.floor((token.expiresAt - Date.now()) / 1000));\n return {\n access_token: token.jwt,\n expires_in: expiresIn,\n balanceUsdMicros: token.balanceUsdMicros,\n lifetimeGrantedUsdMicros: token.lifetimeGrantedUsdMicros,\n };\n}\n","import { loadAuthorizationServer } from \"../discovery.js\";\nimport { encodeClientSecretBasic } from \"../encoding.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { stripTrailingSlashes } from \"../string-utils.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { readExpiresIn, readStringField } from \"./json-fields.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport {\n parseMintUserSignerTokenResponse,\n signerJwtAudience,\n} from \"./mint-token.js\";\nimport type {\n DeviceExchangeHandlerConfig,\n DeviceExchangeHandlerConfigRemote,\n DeviceExchangeMintContext,\n DeviceExchangeMintResult,\n DeviceExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeDeviceTokenForSignerOptions,\n MintSignerTokenFromDeviceTokenOptions,\n} from \"./types.js\";\n\nconst TOKEN_EXCHANGE_GRANT = \"urn:ietf:params:oauth:grant-type:token-exchange\";\nconst SUBJECT_ACCESS_TOKEN_TYPE = \"urn:ietf:params:oauth:token-type:access_token\";\nconst EXCHANGE_RESPONSE_ERROR = \"invalid_exchange_response\";\n\nexport function extractSignerAccessTokenFromExchangeBody(\n body: Record<string, unknown>,\n): string {\n const tokenObj = body.token;\n if (tokenObj !== null && typeof tokenObj === \"object\" && !Array.isArray(tokenObj)) {\n const nested = tokenObj as Record<string, unknown>;\n for (const key of [\"accessToken\", \"access_token\"] as const) {\n const value = nested[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n }\n for (const key of [\"accessToken\", \"access_token\"] as const) {\n const value = body[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n throw new PmtHouseError(\"Device exchange response missing signer access token\", {\n status: 502,\n code: \"invalid_exchange_response\",\n });\n}\n\nexport function normalizeDeviceExchangeResponse(\n minted: DeviceExchangeMintResult,\n options?: { signerUrl?: string },\n): DeviceExchangeResponse {\n const scope = minted.scope.trim() || \"sign:job\";\n const body: DeviceExchangeResponse = {\n access_token: minted.access_token,\n token_type: \"Bearer\",\n expires_in: minted.expires_in,\n scope,\n balanceUsdMicros: minted.balanceUsdMicros,\n lifetimeGrantedUsdMicros: minted.lifetimeGrantedUsdMicros,\n token: {\n accessToken: minted.access_token,\n access_token: minted.access_token,\n expiresIn: minted.expires_in,\n expires_in: minted.expires_in,\n scope,\n balanceUsdMicros: minted.balanceUsdMicros,\n lifetimeGrantedUsdMicros: minted.lifetimeGrantedUsdMicros,\n },\n };\n const signerUrl = options?.signerUrl?.trim();\n if (signerUrl) {\n body.signerUrl = signerUrl;\n }\n return body;\n}\n\nexport async function parseDeviceExchangeRequestBody(\n request: Request,\n): Promise<DeviceExchangeRequestBody> {\n let body: unknown;\n try {\n body = await request.json();\n } catch {\n throw new PmtHouseError(\"Request body must be JSON\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n throw new PmtHouseError(\"Request body must be a JSON object\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const record = body as Record<string, unknown>;\n const deviceTokenRaw = record.deviceToken;\n if (typeof deviceTokenRaw !== \"string\" || !deviceTokenRaw.trim()) {\n throw new PmtHouseError(\"Request body must include deviceToken\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const deviceToken = deviceTokenRaw.trim();\n const scope =\n typeof record.scope === \"string\" && record.scope.trim()\n ? record.scope.trim()\n : undefined;\n const clientId =\n typeof record.clientId === \"string\" && record.clientId.trim()\n ? record.clientId.trim()\n : undefined;\n return { deviceToken, scope, clientId };\n}\n\nexport async function mintSignerTokenFromDeviceToken(\n options: MintSignerTokenFromDeviceTokenOptions,\n): Promise<DeviceExchangeMintResult> {\n const fetchImpl = options.fetch ?? fetch;\n const issuerUrl = stripTrailingSlashes(options.issuerUrl);\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, {\n allowInsecureHttp: options.allowInsecureHttp,\n });\n const tokenEndpoint = as.token_endpoint;\n if (!tokenEndpoint) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n\n const audience = options.audience?.trim() || signerJwtAudience(issuerUrl);\n const params = new URLSearchParams({\n grant_type: TOKEN_EXCHANGE_GRANT,\n subject_token: options.deviceToken,\n subject_token_type: SUBJECT_ACCESS_TOKEN_TYPE,\n audience,\n resource: audience,\n });\n if (options.scope?.trim()) {\n params.set(\"scope\", options.scope.trim());\n }\n\n const response = await fetchImpl(tokenEndpoint, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: params.toString(),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Token endpoint returned invalid JSON\",\n invalidJsonCode: \"invalid_token_response\",\n failureLabel: \"Signer JWT exchange failed\",\n defaultErrorCode: \"token_exchange_failed\",\n });\n\n const cached = parseMintUserSignerTokenResponse(parsed);\n return {\n access_token: cached.jwt,\n expires_in: readExpiresIn(parsed, EXCHANGE_RESPONSE_ERROR),\n scope: readStringField(parsed, \"scope\", EXCHANGE_RESPONSE_ERROR),\n balanceUsdMicros: cached.balanceUsdMicros,\n lifetimeGrantedUsdMicros: cached.lifetimeGrantedUsdMicros,\n };\n}\n\nexport async function exchangeDeviceTokenForSigner(\n options: ExchangeDeviceTokenForSignerOptions,\n): Promise<DeviceExchangeResponse> {\n const fetchImpl = options.fetch ?? fetch;\n const url = `${stripTrailingSlashes(options.facadeUrl)}/api/signer/device/exchange`;\n const body: Record<string, string> = { deviceToken: options.deviceToken };\n if (options.scope?.trim()) {\n body.scope = options.scope.trim();\n }\n if (options.clientId?.trim()) {\n body.clientId = options.clientId.trim();\n }\n\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Device exchange returned invalid JSON\",\n invalidJsonCode: EXCHANGE_RESPONSE_ERROR,\n failureLabel: \"Device exchange failed\",\n defaultErrorCode: \"device_exchange_failed\",\n });\n\n const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);\n const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;\n const signerUrl =\n typeof signerUrlRaw === \"string\" && signerUrlRaw.trim() ? signerUrlRaw.trim() : undefined;\n return normalizeDeviceExchangeResponse(\n {\n access_token: accessToken,\n expires_in: readExpiresIn(parsed, EXCHANGE_RESPONSE_ERROR),\n scope:\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : \"sign:job\",\n balanceUsdMicros:\n typeof parsed.balanceUsdMicros === \"string\" ? parsed.balanceUsdMicros : \"0\",\n lifetimeGrantedUsdMicros:\n typeof parsed.lifetimeGrantedUsdMicros === \"string\"\n ? parsed.lifetimeGrantedUsdMicros\n : \"0\",\n },\n { signerUrl },\n );\n}\n\ntype CreateDeviceExchangeHandlerInput =\n | DeviceExchangeHandlerConfig\n | DeviceExchangeHandlerConfigRemote;\n\nfunction resolveMint(\n config: CreateDeviceExchangeHandlerInput,\n): (deviceToken: string, context: DeviceExchangeMintContext) => Promise<DeviceExchangeMintResult> {\n if (\"mint\" in config && typeof config.mint === \"function\") {\n return config.mint;\n }\n return (deviceToken, context) =>\n mintSignerTokenFromDeviceToken({\n issuerUrl: config.issuerUrl,\n m2mClientId: config.m2mClientId,\n m2mClientSecret: config.m2mClientSecret,\n deviceToken,\n scope: context.scope,\n audience: config.audience,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n}\n\nfunction resolveSignerUrlFromConfig(\n config: CreateDeviceExchangeHandlerInput,\n): string | Promise<string | undefined> | undefined {\n if (\"signerUrl\" in config && typeof config.signerUrl === \"string\" && config.signerUrl.trim()) {\n return config.signerUrl.trim();\n }\n if (\"getSignerUrl\" in config && typeof config.getSignerUrl === \"function\") {\n return config.getSignerUrl();\n }\n return undefined;\n}\n\nexport function createDeviceExchangeHandler(\n config: CreateDeviceExchangeHandlerInput,\n): (request: Request) => Promise<Response> {\n const mint = resolveMint(config);\n\n return async function deviceExchangeHandler(request: Request): Promise<Response> {\n try {\n if (request.method !== \"POST\") {\n return new Response(JSON.stringify({ error: \"method_not_allowed\" }), {\n status: 405,\n headers: { \"Content-Type\": \"application/json\" },\n });\n }\n\n const parsed = await parseDeviceExchangeRequestBody(request);\n const minted = await mint(parsed.deviceToken, {\n scope: parsed.scope,\n clientId: parsed.clientId,\n });\n const signerUrlValue = await resolveSignerUrlFromConfig(config);\n const body = normalizeDeviceExchangeResponse(minted, {\n signerUrl: typeof signerUrlValue === \"string\" ? signerUrlValue : undefined,\n });\n return new Response(JSON.stringify(body), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": \"no-store\",\n },\n });\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n };\n}\n","import { stripIssuerOriginFromOidcUrl, stripTrailingSlashes } from \"../string-utils.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport {\n extractSignerAccessTokenFromExchangeBody,\n mintSignerTokenFromDeviceToken,\n normalizeDeviceExchangeResponse,\n} from \"./device-exchange.js\";\nimport type {\n ApiKeyExchangeHandlerConfig,\n ApiKeyExchangeMintResult,\n ApiKeyExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeApiKeyForSignerOptions,\n} from \"./types.js\";\n\nconst EXCHANGE_RESPONSE_ERROR = \"invalid_exchange_response\";\n\nexport async function parseApiKeyExchangeRequestBody(\n request: Request,\n): Promise<ApiKeyExchangeRequestBody> {\n let body: unknown;\n try {\n body = await request.json();\n } catch {\n throw new PmtHouseError(\"Request body must be JSON\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n throw new PmtHouseError(\"Request body must be a JSON object\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const record = body as Record<string, unknown>;\n const apiKeyRaw = record.apiKey;\n if (typeof apiKeyRaw !== \"string\" || !apiKeyRaw.trim()) {\n throw new PmtHouseError(\"Request body must include apiKey\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const scope =\n typeof record.scope === \"string\" && record.scope.trim()\n ? record.scope.trim()\n : undefined;\n const clientId =\n typeof record.clientId === \"string\" && record.clientId.trim()\n ? record.clientId.trim()\n : undefined;\n return { apiKey: apiKeyRaw.trim(), scope, clientId };\n}\n\nexport async function mintUserAccessTokenFromApiKey(input: {\n issuerUrl: string;\n publicClientId: string;\n apiKey: string;\n scope?: string;\n fetch?: typeof fetch;\n}): Promise<{ access_token: string; expires_in: number; scope: string }> {\n const fetchImpl = input.fetch ?? fetch;\n const issuerOrigin = stripIssuerOriginFromOidcUrl(input.issuerUrl);\n const url = `${issuerOrigin}/api/v1/apps/${encodeURIComponent(input.publicClientId)}/auth/api-key/token`;\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${input.apiKey}`,\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(input.scope ? { scope: input.scope } : {}),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"API key token exchange returned invalid JSON\",\n invalidJsonCode: \"invalid_token_response\",\n failureLabel: \"API key token exchange failed\",\n defaultErrorCode: \"api_key_token_exchange_failed\",\n });\n\n const accessToken = parsed.access_token;\n if (typeof accessToken !== \"string\" || !accessToken.trim()) {\n throw new PmtHouseError(\"API key token exchange missing access_token\", {\n status: 502,\n code: EXCHANGE_RESPONSE_ERROR,\n });\n }\n\n const expiresIn =\n typeof parsed.expires_in === \"number\" && Number.isFinite(parsed.expires_in)\n ? parsed.expires_in\n : 900;\n const scope =\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : input.scope?.trim() || \"sign:job\";\n\n return {\n access_token: accessToken.trim(),\n expires_in: expiresIn,\n scope,\n };\n}\n\nexport async function mintSignerSessionFromApiKey(input: {\n issuerUrl: string;\n publicClientId: string;\n m2mClientId: string;\n m2mClientSecret: string;\n apiKey: string;\n scope?: string;\n audience?: string;\n fetch?: typeof fetch;\n allowInsecureHttp?: boolean;\n}): Promise<ApiKeyExchangeMintResult> {\n const userToken = await mintUserAccessTokenFromApiKey({\n issuerUrl: input.issuerUrl,\n publicClientId: input.publicClientId,\n apiKey: input.apiKey,\n scope: input.scope,\n fetch: input.fetch,\n });\n\n return mintSignerTokenFromDeviceToken({\n issuerUrl: input.issuerUrl,\n m2mClientId: input.m2mClientId,\n m2mClientSecret: input.m2mClientSecret,\n deviceToken: userToken.access_token,\n scope: userToken.scope,\n audience: input.audience,\n fetch: input.fetch,\n allowInsecureHttp: input.allowInsecureHttp,\n });\n}\n\nexport async function exchangeApiKeyForSigner(\n options: ExchangeApiKeyForSignerOptions,\n): Promise<DeviceExchangeResponse> {\n const fetchImpl = options.fetch ?? fetch;\n const url = `${stripTrailingSlashes(options.facadeUrl)}/api/pymthouse/keys/exchange`;\n const body: Record<string, string> = { apiKey: options.apiKey };\n if (options.scope?.trim()) {\n body.scope = options.scope.trim();\n }\n if (options.clientId?.trim()) {\n body.clientId = options.clientId.trim();\n }\n\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"API key exchange returned invalid JSON\",\n invalidJsonCode: EXCHANGE_RESPONSE_ERROR,\n failureLabel: \"API key exchange failed\",\n defaultErrorCode: \"api_key_exchange_failed\",\n });\n\n const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);\n const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;\n const signerUrl =\n typeof signerUrlRaw === \"string\" && signerUrlRaw.trim() ? signerUrlRaw.trim() : undefined;\n\n return normalizeDeviceExchangeResponse(\n {\n access_token: accessToken,\n expires_in:\n typeof parsed.expires_in === \"number\" && Number.isFinite(parsed.expires_in)\n ? parsed.expires_in\n : 3600,\n scope:\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : \"sign:job\",\n balanceUsdMicros:\n typeof parsed.balanceUsdMicros === \"string\" ? parsed.balanceUsdMicros : \"0\",\n lifetimeGrantedUsdMicros:\n typeof parsed.lifetimeGrantedUsdMicros === \"string\"\n ? parsed.lifetimeGrantedUsdMicros\n : \"0\",\n },\n { signerUrl },\n );\n}\n\nexport function createApiKeyExchangeHandler(\n config: ApiKeyExchangeHandlerConfig,\n): (request: Request) => Promise<Response> {\n const publicClientId = config.publicClientId.trim();\n\n return async function apiKeyExchangeHandler(request: Request): Promise<Response> {\n try {\n if (request.method !== \"POST\") {\n return new Response(JSON.stringify({ error: \"method_not_allowed\" }), {\n status: 405,\n headers: { \"Content-Type\": \"application/json\" },\n });\n }\n\n const parsed = await parseApiKeyExchangeRequestBody(request);\n const effectiveClientId = parsed.clientId?.trim() || publicClientId;\n if (effectiveClientId !== publicClientId) {\n throw new PmtHouseError(\"clientId does not match configured public client\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n\n const minted = await mintSignerSessionFromApiKey({\n issuerUrl: config.issuerUrl,\n publicClientId,\n m2mClientId: config.m2mClientId,\n m2mClientSecret: config.m2mClientSecret,\n apiKey: parsed.apiKey,\n scope: parsed.scope,\n audience: config.audience,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n\n const signerUrlValue =\n typeof config.signerUrl === \"string\" && config.signerUrl.trim()\n ? config.signerUrl.trim()\n : undefined;\n\n const body = normalizeDeviceExchangeResponse(minted, { signerUrl: signerUrlValue });\n return new Response(JSON.stringify(body), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": \"no-store\",\n },\n });\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n };\n}\n","/** Network cost pass-through: $1 retail per $1M of network USD-micros metered. */\nexport const NETWORK_USD_PER_MICRO = 0.000001;\n\nconst RETAIL_RATE_DECIMALS = 9;\n\n/** Strip trailing fractional zeros without regex (avoids ReDoS on user-facing inputs). */\nfunction trimFixedDecimalZeros(fixed: string): string {\n const dotIndex = fixed.indexOf(\".\");\n if (dotIndex === -1) {\n return fixed;\n }\n let end = fixed.length;\n while (end > dotIndex + 1 && fixed[end - 1] === \"0\") {\n end -= 1;\n }\n if (end === dotIndex + 1) {\n end = dotIndex;\n }\n const trimmed = fixed.slice(0, end);\n return trimmed.length > 0 ? trimmed : \"0\";\n}\n\nexport function defaultRetailRateUsd(): string {\n return formatRetailRateUsd(NETWORK_USD_PER_MICRO);\n}\n\nexport function formatRetailRateUsd(value: number): string {\n if (!Number.isFinite(value) || value < 0) {\n return defaultRetailRateUsd();\n }\n return trimFixedDecimalZeros(value.toFixed(RETAIL_RATE_DECIMALS));\n}\n\nexport function parseRetailRateUsd(raw: string | null | undefined): string | null {\n if (raw === null || raw === undefined) {\n return null;\n }\n const trimmed = String(raw).trim();\n if (!trimmed) {\n return null;\n }\n const n = Number(trimmed);\n if (!Number.isFinite(n) || n < 0) {\n return null;\n }\n return formatRetailRateUsd(n);\n}\n\n/** Markup percent (e.g. 50 = 50%) → retail USD per network USD-micro. */\nexport function markupPercentToRetailRateUsd(markupPercent: number): string {\n const pct = Number.isFinite(markupPercent) ? Math.max(0, markupPercent) : 0;\n return formatRetailRateUsd(NETWORK_USD_PER_MICRO * (1 + pct / 100));\n}\n\n/** Retail USD per micro → markup percent string for UI (one decimal). */\nexport function retailRateUsdToMarkupPercent(raw: string | null | undefined): string {\n const rate = parseRetailRateUsd(raw);\n if (!rate) {\n return \"\";\n }\n const n = Number(rate);\n if (!Number.isFinite(n) || n <= NETWORK_USD_PER_MICRO) {\n return n === NETWORK_USD_PER_MICRO ? \"0\" : \"\";\n }\n const pct = (n / NETWORK_USD_PER_MICRO - 1) * 100;\n if (!Number.isFinite(pct) || pct <= 0) {\n return \"\";\n }\n return pct % 1 === 0 ? String(Math.round(pct)) : pct.toFixed(1);\n}\n\nexport function retailRateUsdPerMillion(raw: string | null | undefined): string {\n const rate = parseRetailRateUsd(raw);\n if (!rate) {\n return \"\";\n }\n const perM = Number(rate) * 1_000_000;\n if (!Number.isFinite(perM)) {\n return \"\";\n }\n return perM.toFixed(2);\n}\n\nexport function parseMarkupPercentInput(raw: string): number | null {\n const trimmed = raw.trim();\n if (!trimmed) {\n return null;\n }\n const n = Number(trimmed);\n if (!Number.isFinite(n) || n < 0) {\n return null;\n }\n return n;\n}\n\n/** Apply retail rate (USD per network micro) to network fee micros. */\nexport function applyRetailRateToNetworkMicros(\n networkFeeUsdMicros: bigint,\n retailRateUsd: string,\n): bigint {\n const networkPerMicro = NETWORK_USD_PER_MICRO;\n const retail = Number(retailRateUsd);\n if (!Number.isFinite(retail) || retail <= 0) {\n return networkFeeUsdMicros;\n }\n const ratio = retail / networkPerMicro;\n if (!Number.isFinite(ratio) || ratio <= 0) {\n return networkFeeUsdMicros;\n }\n return (networkFeeUsdMicros * BigInt(Math.round(ratio * 1_000_000))) / 1_000_000n;\n}\n","import { encodeClientSecretBasic } from \"./encoding.js\";\nimport { PmtHouseError } from \"./errors.js\";\nimport { stripTrailingSlashes } from \"./string-utils.js\";\nimport type {\n FetchLike,\n SignedTicketIngestInput,\n SignedTicketIngestResult,\n} from \"./types.js\";\nimport type { SignerUsageSnapshot } from \"./signer/proxy.js\";\n\nexport type IngestSignedTicketOptions = {\n issuerUrl: string;\n publicClientId: string;\n m2mClientId: string;\n m2mClientSecret: string;\n ticket: SignedTicketIngestInput;\n fetch?: FetchLike;\n};\n\nexport type IngestSignedTicketsBatchOptions = Omit<IngestSignedTicketOptions, \"ticket\"> & {\n tickets: SignedTicketIngestInput[];\n};\n\nexport function signerSnapshotToIngestPayload(input: {\n snapshot: SignerUsageSnapshot;\n externalUserId: string;\n gatewayRequestId?: string;\n}): SignedTicketIngestInput {\n return {\n requestId: input.snapshot.requestId,\n externalUserId: input.externalUserId,\n networkFeeUsdMicros: input.snapshot.computedFeeUsdMicros.toString(),\n feeWei: input.snapshot.computedFeeWei,\n pixels: input.snapshot.pixels,\n pipeline: input.snapshot.pipeline,\n modelId: input.snapshot.modelId,\n gatewayRequestId: input.gatewayRequestId,\n ethUsdPrice: input.snapshot.ethUsdPrice,\n ethUsdRoundId: input.snapshot.ethUsdRoundId,\n ethUsdObservedAt: input.snapshot.ethUsdObservedAt,\n };\n}\n\nfunction ingestUrl(issuerUrl: string, publicClientId: string): string {\n const origin = new URL(stripTrailingSlashes(issuerUrl)).origin;\n return `${origin}/api/v1/apps/${encodeURIComponent(publicClientId)}/usage/signed-tickets`;\n}\n\nasync function readJsonResponse(response: Response): Promise<Record<string, unknown>> {\n const text = await response.text();\n if (!text.trim()) {\n return {};\n }\n try {\n const parsed: unknown = JSON.parse(text);\n return typeof parsed === \"object\" && parsed !== null && !Array.isArray(parsed)\n ? (parsed as Record<string, unknown>)\n : {};\n } catch {\n return {};\n }\n}\n\nexport async function ingestSignedTicket(\n options: IngestSignedTicketOptions,\n): Promise<SignedTicketIngestResult> {\n const fetchImpl = options.fetch ?? fetch;\n const url = ingestUrl(options.issuerUrl, options.publicClientId);\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(options.ticket),\n cache: \"no-store\",\n });\n\n const body = await readJsonResponse(response);\n if (!response.ok) {\n const message =\n typeof body.error === \"string\"\n ? body.error\n : `Signed-ticket ingest failed (${response.status})`;\n throw new PmtHouseError(message, {\n status: response.status,\n code: \"ingest_failed\",\n details: body,\n });\n }\n\n return {\n ingested: Boolean(body.ingested),\n duplicate: Boolean(body.duplicate),\n source: body.source === \"openmeter\" ? \"openmeter\" : \"disabled\",\n };\n}\n\nexport async function ingestSignedTicketsBatch(\n options: IngestSignedTicketsBatchOptions,\n): Promise<{ results: Array<SignedTicketIngestResult & { requestId?: string; ok?: boolean }> }> {\n const fetchImpl = options.fetch ?? fetch;\n const url = ingestUrl(options.issuerUrl, options.publicClientId);\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify({ tickets: options.tickets }),\n cache: \"no-store\",\n });\n\n const body = await readJsonResponse(response);\n if (!response.ok) {\n const message =\n typeof body.error === \"string\"\n ? body.error\n : `Signed-ticket batch ingest failed (${response.status})`;\n throw new PmtHouseError(message, {\n status: response.status,\n code: \"ingest_failed\",\n details: body,\n });\n }\n\n const rawResults = Array.isArray(body.results) ? body.results : [];\n return {\n results: rawResults.map((entry) => {\n const row = (entry ?? {}) as Record<string, unknown>;\n return {\n requestId: typeof row.requestId === \"string\" ? row.requestId : undefined,\n ok: row.ok === true,\n ingested: Boolean(row.ingested),\n duplicate: Boolean(row.duplicate),\n source: row.source === \"openmeter\" ? \"openmeter\" : \"disabled\",\n };\n }),\n };\n}\n","import type {\n UsageApiResponse,\n UsageByPipelineModelFiatRow,\n UsageByUserRow,\n UsageDailyPipelineRow,\n UsageForExternalUser,\n MeScopeUsagePayload,\n} from \"./types.js\";\n\nfunction parseSafeBigInt(value: string | number | bigint, fallback = 0n): bigint {\n try {\n return BigInt(value);\n } catch {\n return fallback;\n }\n}\n\n/** ISO bounds for the current calendar month in UTC (billing-friendly window). */\nexport function getUtcCalendarMonthIsoBounds(now: Date = new Date()): {\n startDate: string;\n endDate: string;\n} {\n const y = now.getUTCFullYear();\n const m = now.getUTCMonth();\n const start = new Date(Date.UTC(y, m, 1, 0, 0, 0, 0));\n const end = new Date(Date.UTC(y, m + 1, 0, 23, 59, 59, 999));\n return { startDate: start.toISOString(), endDate: end.toISOString() };\n}\n\n/**\n * Parse a single date query value. Accepts ISO strings understood by `Date.parse`.\n * Returns `null` when missing, empty, or invalid.\n */\nexport function parseUsageDateParam(raw: string | null): string | null {\n if (raw == null) return null;\n const trimmed = raw.trim();\n if (!trimmed) return null;\n const t = Date.parse(trimmed);\n if (Number.isNaN(t)) return null;\n return trimmed;\n}\n\n/**\n * Sum all `byUser` buckets whose `externalUserId` matches the provider user.\n *\n * PymtHouse may emit multiple rows for the same external user during transitions\n * (e.g. legacy internal ids vs external id on `usage_records.user_id`).\n */\nexport function aggregateUsageByExternalUserId(\n byUser: UsageByUserRow[] | undefined,\n externalUserId: string,\n): UsageForExternalUser {\n const rows = byUser?.filter((row) => row.externalUserId === externalUserId) ?? [];\n if (rows.length === 0) {\n return {\n externalUserId,\n requestCount: 0,\n feeWei: \"0\",\n };\n }\n\n let feeWei = 0n;\n let requestCount = 0;\n for (const row of rows) {\n if (row.feeWei) {\n feeWei += BigInt(row.feeWei);\n }\n requestCount += row.requestCount;\n }\n\n return {\n externalUserId,\n requestCount,\n feeWei: feeWei.toString(),\n };\n}\n\n/**\n * Convenience over {@link aggregateUsageByExternalUserId} using a full Usage API response.\n */\nexport function summarizeUsageForExternalUser(\n usage: UsageApiResponse,\n externalUserId: string,\n): UsageForExternalUser {\n return aggregateUsageByExternalUserId(usage.byUser, externalUserId);\n}\n\n/**\n * Returns `byPipelineModel` rows from a Usage API response, sorted by `pipeline` then `modelId`.\n */\nexport function listUsageByPipelineModel(usage: UsageApiResponse) {\n const rows = usage.byPipelineModel ?? [];\n return [...rows].sort((a, b) => {\n const p = a.pipeline.localeCompare(b.pipeline);\n if (p !== 0) return p;\n return a.modelId.localeCompare(b.modelId);\n });\n}\n\n/** Map `externalUserId` to internal `endUserId` values for follow-up pipeline_model queries. */\nexport function getEndUserIdsForExternalUser(\n usage: UsageApiResponse,\n externalUserId: string,\n): string[] {\n const userIds = new Set<string>();\n for (const row of usage.byUser ?? []) {\n if (row.externalUserId === externalUserId && row.endUserId !== \"unknown\") {\n userIds.add(row.endUserId);\n }\n }\n return [...userIds];\n}\n\n/** @deprecated Use {@link getEndUserIdsForExternalUser}. */\nexport const getUsageRecordUserIdsForExternalUser = getEndUserIdsForExternalUser;\n\nexport interface UsageFiatSummary {\n externalUserId: string;\n requestCount: number;\n currency: string;\n networkFeeUsdMicros: string;\n ownerChargeUsdMicros: string;\n endUserBillableUsdMicros: string;\n}\n\n/** Sum fiat usage fields across duplicate `byUser` buckets for one external user. */\nexport function summarizeUsageFiatForExternalUser(\n usageByUser: UsageApiResponse,\n externalUserId: string,\n): UsageFiatSummary {\n const rows = usageByUser.byUser ?? [];\n let requestCount = 0;\n let networkFeeUsdMicros = 0n;\n let ownerChargeUsdMicros = 0n;\n let endUserBillableUsdMicros = 0n;\n let currency = \"USD\";\n\n for (const row of rows) {\n if (row.externalUserId !== externalUserId) continue;\n requestCount += row.requestCount;\n if (row.currency) currency = row.currency;\n if (row.networkFeeUsdMicros) {\n networkFeeUsdMicros += BigInt(row.networkFeeUsdMicros);\n }\n if (row.ownerChargeUsdMicros) {\n ownerChargeUsdMicros += BigInt(row.ownerChargeUsdMicros);\n }\n if (row.endUserBillableUsdMicros) {\n endUserBillableUsdMicros += BigInt(row.endUserBillableUsdMicros);\n }\n }\n\n return {\n externalUserId,\n requestCount,\n currency,\n networkFeeUsdMicros: networkFeeUsdMicros.toString(),\n ownerChargeUsdMicros: ownerChargeUsdMicros.toString(),\n endUserBillableUsdMicros: endUserBillableUsdMicros.toString(),\n };\n}\n\n/** Merge and sort pipeline/model rows from multiple Usage API responses. */\nexport function mergeUsageByPipelineModel(\n usagePipelineModels: UsageApiResponse | UsageApiResponse[] | undefined,\n): UsageByPipelineModelFiatRow[] {\n let responses: UsageApiResponse[];\n if (Array.isArray(usagePipelineModels)) {\n responses = usagePipelineModels;\n } else if (usagePipelineModels) {\n responses = [usagePipelineModels];\n } else {\n responses = [];\n }\n const byKey = new Map<string, UsageByPipelineModelFiatRow>();\n\n for (const response of responses) {\n for (const row of response.byPipelineModel ?? []) {\n const { pipeline, modelId } = row;\n if (!pipeline || !modelId) continue;\n const key = JSON.stringify([pipeline, modelId]);\n const existing = byKey.get(key);\n const rowCurrency = row.currency ?? \"USD\";\n\n const networkFee = row.networkFeeUsdMicros ?? \"0\";\n const ownerCharge = row.ownerChargeUsdMicros ?? \"0\";\n const endUserBillable = row.endUserBillableUsdMicros ?? \"0\";\n\n if (!existing) {\n byKey.set(key, {\n pipeline,\n modelId,\n requestCount: row.requestCount,\n currency: rowCurrency,\n networkFeeUsdMicros: networkFee,\n ownerChargeUsdMicros: ownerCharge,\n endUserBillableUsdMicros: endUserBillable,\n });\n continue;\n }\n byKey.set(key, {\n ...existing,\n requestCount: existing.requestCount + row.requestCount,\n networkFeeUsdMicros: (\n parseSafeBigInt(existing.networkFeeUsdMicros) + parseSafeBigInt(networkFee)\n ).toString(),\n ownerChargeUsdMicros: (\n parseSafeBigInt(existing.ownerChargeUsdMicros) + parseSafeBigInt(ownerCharge)\n ).toString(),\n endUserBillableUsdMicros: (\n parseSafeBigInt(existing.endUserBillableUsdMicros) + parseSafeBigInt(endUserBillable)\n ).toString(),\n });\n }\n }\n\n return [...byKey.values()].sort((a, b) => {\n if (a.pipeline === b.pipeline) return a.modelId.localeCompare(b.modelId);\n return a.pipeline.localeCompare(b.pipeline);\n });\n}\n\n/** Build the session-scoped `scope=me` usage payload for integrator BFFs. */\nexport function buildMeScopeUsagePayload(\n usageByUser: UsageApiResponse,\n externalUserId: string,\n usagePipelineModel?: UsageApiResponse | UsageApiResponse[],\n usageDaily?: UsageApiResponse,\n): MeScopeUsagePayload {\n const summary = summarizeUsageFiatForExternalUser(usageByUser, externalUserId);\n const pipelineModels = mergeUsageByPipelineModel(usagePipelineModel);\n const dailyByPipeline: UsageDailyPipelineRow[] = usageDaily?.byDailyPipeline ?? [];\n return {\n clientId: usageByUser.clientId,\n period: usageByUser.period,\n currentUser: {\n externalUserId: summary.externalUserId,\n requestCount: summary.requestCount,\n currency: summary.currency,\n networkFeeUsdMicros: summary.networkFeeUsdMicros,\n ownerChargeUsdMicros: summary.ownerChargeUsdMicros,\n endUserBillableUsdMicros: summary.endUserBillableUsdMicros,\n pipelineModels,\n dailyByPipeline,\n },\n };\n}\n\n/** Default cap for parallel pipeline_model fetches per external user (matches NaaP BFF). */\nexport const DEFAULT_MAX_END_USER_IDS = 25;\n","import {\n allowInsecureRequests,\n clientCredentialsGrantRequest,\n customFetch,\n genericTokenEndpointRequest,\n processClientCredentialsResponse,\n processGenericTokenEndpointResponse,\n type ClientAuth,\n type ClientCredentialsGrantRequestOptions,\n type TokenEndpointRequestOptions,\n} from \"oauth4webapi\";\nimport { encodeClientSecretBasic } from \"./encoding.js\";\nimport { loadAuthorizationServer, authorizationServerToOidcDocument } from \"./discovery.js\";\nimport { PmtHouseError } from \"./errors.js\";\nimport { parseAppManifestResponse } from \"./manifest.js\";\nimport { stripTrailingSlashes } from \"./string-utils.js\";\nimport { SIGN_JOB_SCOPE, parseSignerSessionExchange } from \"./tokens.js\";\nimport type { SignerSessionToken } from \"./tokens.js\";\nimport {\n buildMeScopeUsagePayload,\n DEFAULT_MAX_END_USER_IDS,\n getEndUserIdsForExternalUser,\n} from \"./usage.js\";\nimport {\n mapOAuthError,\n m2mClient,\n tokenEndpointResponseToClientCredentials,\n tokenEndpointResponseToExchange,\n} from \"./oauth-map.js\";\nimport type {\n AppUserRecord,\n ApproveDeviceLoginInput,\n ClientCredentialsTokenResponse,\n DeviceApprovalInput,\n FetchLike,\n GetAppManifestResult,\n GetDiscoveryOptions,\n MeScopeUsagePayload,\n MintSignerSessionForExternalUserInput,\n MintUserSignerSessionTokenInput,\n MintUserAccessTokenInput,\n MintUserAccessTokenResponse,\n OidcDiscoveryDocument,\n ParsedDeviceApprovalRedirect,\n PmtHouseClientOptions,\n TokenExchangeResponse,\n UpsertAppUserInput,\n BillingProduct,\n ListBillingProductsResult,\n PlanSyncResult,\n SignerRoutingResponse,\n SignedTicketIngestInput,\n SignedTicketIngestResult,\n UsageApiResponse,\n UsageQueryInput,\n UsageBalanceResponse,\n UserAllowanceGrantInput,\n UserAllowancesResponse,\n UserSubscriptionResponse,\n GrantSource,\n} from \"./types.js\";\nimport {\n ingestSignedTicket,\n ingestSignedTicketsBatch,\n} from \"./ingest.js\";\n\nconst TOKEN_EXCHANGE_GRANT = \"urn:ietf:params:oauth:grant-type:token-exchange\";\nconst SUBJECT_ACCESS_TOKEN_TYPE = \"urn:ietf:params:oauth:token-type:access_token\";\nconst REQUESTED_ACCESS_TOKEN_TYPE = \"urn:ietf:params:oauth:token-type:access_token\";\n\nconst DEVICE_RESOURCE_PREFIX = \"urn:pmth:device_code:\";\n\n/**\n * Normalize RFC 8628 user codes for comparison and resource URIs (uppercase, strip separators).\n */\nexport function normalizeUserCode(value: string): string {\n return value\n .replace(/[a-z]/g, (char) => char.toUpperCase())\n .replace(/\\W/g, \"\");\n}\n\n/**\n * RFC 8707 resource indicator for NaaP Option B device approval (`urn:pmth:device_code:<normalized>`).\n */\nexport function buildDeviceCodeResource(userCode: string): string {\n return `${DEVICE_RESOURCE_PREFIX}${normalizeUserCode(userCode)}`;\n}\n\nexport class PmtHouseClient {\n private readonly issuerUrl: string;\n private readonly publicClientId: string;\n private readonly m2mClientId: string;\n private readonly m2mClientSecret: string;\n private readonly fetchImpl: FetchLike;\n private readonly logger?: PmtHouseClientOptions[\"logger\"];\n private readonly allowInsecureHttp: boolean;\n\n constructor(options: PmtHouseClientOptions) {\n this.issuerUrl = stripTrailingSlashes(options.issuerUrl);\n this.publicClientId = options.publicClientId;\n this.m2mClientId = options.m2mClientId;\n this.m2mClientSecret = options.m2mClientSecret;\n this.fetchImpl = options.fetch ?? fetch;\n this.logger = options.logger;\n this.allowInsecureHttp = options.allowInsecureHttp ?? false;\n }\n\n async getDiscovery(options: GetDiscoveryOptions = {}): Promise<OidcDiscoveryDocument> {\n const as = await loadAuthorizationServer(this.issuerUrl, this.fetchImpl, {\n force: options.force,\n allowInsecureHttp: this.allowInsecureHttp,\n });\n return authorizationServerToOidcDocument(as);\n }\n\n verifyIssuer(iss: string): boolean {\n const candidate = stripTrailingSlashes(iss.trim());\n return candidate === this.issuerUrl;\n }\n\n parseDeviceApprovalRedirect(\n searchParams: URLSearchParams,\n ): ParsedDeviceApprovalRedirect {\n const issuer = searchParams.get(\"iss\")?.trim() ?? \"\";\n const targetLinkUri = searchParams.get(\"target_link_uri\")?.trim() ?? \"\";\n\n if (!issuer || !targetLinkUri) {\n throw new PmtHouseError(\"Missing iss or target_link_uri\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n\n if (!this.verifyIssuer(issuer)) {\n throw new PmtHouseError(\"Issuer mismatch for initiate login\", {\n status: 400,\n code: \"invalid_issuer\",\n });\n }\n\n let targetUrl: URL;\n try {\n targetUrl = new URL(targetLinkUri);\n } catch {\n throw new PmtHouseError(\"target_link_uri is not a valid URL\", {\n status: 400,\n code: \"invalid_target\",\n });\n }\n\n const issuerOrigin = new URL(this.issuerUrl).origin;\n if (targetUrl.origin !== issuerOrigin || targetUrl.pathname !== \"/oidc/device\") {\n throw new PmtHouseError(\n \"target_link_uri does not point to the issuer device path\",\n {\n status: 400,\n code: \"invalid_target\",\n },\n );\n }\n\n const userCode = normalizeUserCode(targetUrl.searchParams.get(\"user_code\") ?? \"\");\n const clientId = targetUrl.searchParams.get(\"client_id\")?.trim() ?? \"\";\n\n if (!userCode || !clientId) {\n throw new PmtHouseError(\"target_link_uri is missing user_code or client_id\", {\n status: 400,\n code: \"invalid_target\",\n });\n }\n\n return {\n issuer,\n targetLinkUri,\n userCode,\n clientId,\n };\n }\n\n async listAppUsers(): Promise<{ users: AppUserRecord[] }> {\n const url = `${this.getAppsBaseUrl()}/users`;\n return this.requestJson<{ users: AppUserRecord[] }>(url, {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n });\n }\n\n async upsertAppUser(input: UpsertAppUserInput): Promise<AppUserRecord> {\n const payload: Record<string, unknown> = {\n externalUserId: input.externalUserId,\n };\n if (input.email) payload.email = input.email;\n if (input.status) payload.status = input.status;\n\n const url = `${this.getAppsBaseUrl()}/users`;\n return this.requestJson<AppUserRecord>(url, {\n method: \"POST\",\n headers: this.builderHeaders(),\n body: JSON.stringify(payload),\n cache: \"no-store\",\n });\n }\n\n async deleteAppUser(params: { externalUserId: string }): Promise<{ success: boolean }> {\n const url = new URL(`${this.getAppsBaseUrl()}/users`);\n url.searchParams.set(\"externalUserId\", params.externalUserId);\n return this.requestJson<{ success: boolean }>(url.toString(), {\n method: \"DELETE\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n });\n }\n\n async mintUserAccessToken(\n input: MintUserAccessTokenInput,\n ): Promise<MintUserAccessTokenResponse> {\n const url = `${this.getAppsBaseUrl()}/users/${encodeURIComponent(input.externalUserId)}/token`;\n const body = input.scope ? { scope: input.scope } : {};\n\n return this.requestJson<MintUserAccessTokenResponse>(url, {\n method: \"POST\",\n headers: this.builderHeaders(),\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n }\n\n /**\n * Exchange a long-lived dashboard API key (`pmth_*`) for a short-lived user JWT.\n */\n async exchangeApiKeyForUserAccessToken(input: {\n apiKey: string;\n scope?: string;\n }): Promise<MintUserAccessTokenResponse> {\n const url = `${this.getAppsBaseUrl()}/auth/api-key/token`;\n return this.requestJson<MintUserAccessTokenResponse>(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${input.apiKey.trim()}`,\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(input.scope ? { scope: input.scope } : {}),\n cache: \"no-store\",\n });\n }\n\n /**\n * Exchange a dashboard API key for a signer session via a trusted facade (recommended)\n * or directly when M2M credentials are available on this client.\n */\n async exchangeApiKeyForSignerSession(input: {\n apiKey: string;\n scope?: string;\n facadeUrl?: string;\n }): Promise<TokenExchangeResponse> {\n if (input.facadeUrl?.trim()) {\n const { exchangeApiKeyForSigner } = await import(\"./signer/api-key-exchange.js\");\n const exchanged = await exchangeApiKeyForSigner({\n facadeUrl: input.facadeUrl.trim(),\n apiKey: input.apiKey,\n scope: input.scope,\n clientId: this.publicClientId,\n fetch: this.fetchImpl,\n });\n return {\n access_token: exchanged.access_token,\n token_type: exchanged.token_type,\n expires_in: exchanged.expires_in,\n scope: exchanged.scope,\n issued_token_type: \"urn:ietf:params:oauth:token-type:access_token\",\n };\n }\n\n const userToken = await this.exchangeApiKeyForUserAccessToken({\n apiKey: input.apiKey,\n scope: input.scope,\n });\n return this.exchangeForSignerSession({ userJwt: userToken.access_token });\n }\n\n async completeDeviceApproval(\n input: DeviceApprovalInput,\n ): Promise<TokenExchangeResponse> {\n const as = await loadAuthorizationServer(this.issuerUrl, this.fetchImpl, {\n allowInsecureHttp: this.allowInsecureHttp,\n });\n const client = m2mClient(this.m2mClientId);\n const clientAuth = this.m2mClientAuth();\n const params = new URLSearchParams();\n params.set(\"subject_token\", input.userJwt);\n params.set(\"subject_token_type\", SUBJECT_ACCESS_TOKEN_TYPE);\n params.set(\"resource\", buildDeviceCodeResource(input.userCode));\n\n try {\n const response = await genericTokenEndpointRequest(\n as,\n client,\n clientAuth,\n TOKEN_EXCHANGE_GRANT,\n params,\n this.tokenEndpointFetchOptions(),\n );\n const tr = await processGenericTokenEndpointResponse(\n as,\n client,\n response,\n );\n return tokenEndpointResponseToExchange(tr);\n } catch (e) {\n throw mapOAuthError(e);\n }\n }\n\n async issueMachineAccessToken(\n scope = \"sign:job\",\n ): Promise<ClientCredentialsTokenResponse> {\n const as = await loadAuthorizationServer(this.issuerUrl, this.fetchImpl, {\n allowInsecureHttp: this.allowInsecureHttp,\n });\n const client = m2mClient(this.m2mClientId);\n const clientAuth = this.m2mClientAuth();\n const params = new URLSearchParams();\n params.set(\"scope\", scope);\n\n try {\n const response = await clientCredentialsGrantRequest(\n as,\n client,\n clientAuth,\n params,\n this.tokenEndpointFetchOptions(),\n );\n const tr = await processClientCredentialsResponse(\n as,\n client,\n response,\n );\n return tokenEndpointResponseToClientCredentials(tr);\n } catch (e) {\n throw mapOAuthError(e);\n }\n }\n\n async exchangeForSignerSession(input: {\n userJwt: string;\n resource?: string;\n }): Promise<TokenExchangeResponse> {\n const as = await loadAuthorizationServer(this.issuerUrl, this.fetchImpl, {\n allowInsecureHttp: this.allowInsecureHttp,\n });\n const client = m2mClient(this.m2mClientId);\n const clientAuth = this.m2mClientAuth();\n const params = new URLSearchParams();\n params.set(\"subject_token\", input.userJwt);\n params.set(\"subject_token_type\", SUBJECT_ACCESS_TOKEN_TYPE);\n params.set(\"requested_token_type\", REQUESTED_ACCESS_TOKEN_TYPE);\n const resourceCandidate =\n typeof input.resource === \"string\" && input.resource.trim() !== \"\"\n ? input.resource.trim()\n : this.issuerUrl;\n params.set(\"resource\", stripTrailingSlashes(resourceCandidate));\n\n try {\n const response = await genericTokenEndpointRequest(\n as,\n client,\n clientAuth,\n TOKEN_EXCHANGE_GRANT,\n params,\n this.tokenEndpointFetchOptions(),\n );\n const tr = await processGenericTokenEndpointResponse(\n as,\n client,\n response,\n );\n return tokenEndpointResponseToExchange(tr);\n } catch (e) {\n throw mapOAuthError(e);\n }\n }\n\n /**\n * Mint a short-lived per-user JWT with the Builder API, then exchange it for\n * a long-lived opaque signer session token at the PymtHouse OIDC token endpoint.\n */\n async mintUserSignerSessionToken(\n input: MintUserSignerSessionTokenInput,\n ): Promise<TokenExchangeResponse> {\n const userToken = await this.mintUserAccessToken({\n externalUserId: input.externalUserId,\n scope: input.scope ?? \"sign:job\",\n });\n\n return this.exchangeForSignerSession({\n userJwt: userToken.access_token,\n resource: input.resource,\n });\n }\n\n async createSignerSessionToken(params: {\n userJwt?: string;\n }): Promise<TokenExchangeResponse> {\n if (params.userJwt) {\n try {\n return await this.exchangeForSignerSession({ userJwt: params.userJwt });\n } catch (error) {\n const err = this.asError(error);\n this.logger?.warn?.(\"User JWT exchange failed, falling back to machine exchange\", {\n code: err.code,\n status: err.status,\n });\n }\n }\n\n const machineToken = await this.issueMachineAccessToken(\"sign:job\");\n if (!machineToken.access_token) {\n throw new PmtHouseError(\"Client credentials flow did not return access_token\", {\n status: 502,\n code: \"invalid_token_response\",\n });\n }\n\n return this.exchangeForSignerSession({ userJwt: machineToken.access_token });\n }\n\n async getUsage(input: UsageQueryInput = {}): Promise<UsageApiResponse> {\n const url = new URL(`${this.getAppsBaseUrl()}/usage`);\n if (input.startDate) url.searchParams.set(\"startDate\", input.startDate);\n if (input.endDate) url.searchParams.set(\"endDate\", input.endDate);\n if (input.groupBy) url.searchParams.set(\"groupBy\", input.groupBy);\n if (input.userId) url.searchParams.set(\"userId\", input.userId);\n if (input.gatewayRequestId) url.searchParams.set(\"gatewayRequestId\", input.gatewayRequestId);\n if (input.includeRetail) url.searchParams.set(\"include\", \"retail\");\n\n return this.requestJson<UsageApiResponse>(url.toString(), {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n });\n }\n\n /**\n * Session-scoped usage for one `externalUserId`: user rollup plus merged pipeline/model breakdown.\n */\n async ingestSignedTicket(ticket: SignedTicketIngestInput): Promise<SignedTicketIngestResult> {\n return ingestSignedTicket({\n issuerUrl: this.issuerUrl,\n publicClientId: this.publicClientId,\n m2mClientId: this.m2mClientId,\n m2mClientSecret: this.m2mClientSecret,\n ticket,\n fetch: this.fetchImpl,\n });\n }\n\n async ingestSignedTickets(\n tickets: SignedTicketIngestInput[],\n ): Promise<{ results: Array<SignedTicketIngestResult & { requestId?: string; ok?: boolean }> }> {\n return ingestSignedTicketsBatch({\n issuerUrl: this.issuerUrl,\n publicClientId: this.publicClientId,\n m2mClientId: this.m2mClientId,\n m2mClientSecret: this.m2mClientSecret,\n tickets,\n fetch: this.fetchImpl,\n });\n }\n\n async getSignerRouting(): Promise<SignerRoutingResponse> {\n return this.requestJson<SignerRoutingResponse>(\n `${this.getAppsBaseUrl()}/signer/routing`,\n {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n }\n\n async listBillingProducts(): Promise<ListBillingProductsResult> {\n const url = `${this.getAppsBaseUrl()}/plans?apiVersion=2`;\n const body = await this.requestJson<ListBillingProductsResult & { plans?: BillingProduct[] }>(\n url,\n {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n return {\n apiVersion: body.apiVersion ?? 2,\n products: body.products ?? body.plans ?? [],\n };\n }\n\n async syncBillingProduct(planId: string): Promise<PlanSyncResult> {\n return this.requestJson<PlanSyncResult>(\n `${this.getAppsBaseUrl()}/plans/${encodeURIComponent(planId)}/sync`,\n {\n method: \"POST\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n }\n\n async getUsageBalance(externalUserId: string): Promise<UsageBalanceResponse> {\n const url = new URL(`${this.getAppsBaseUrl()}/usage/balance`);\n url.searchParams.set(\"externalUserId\", externalUserId);\n return this.requestJson<UsageBalanceResponse>(url.toString(), {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n });\n }\n\n async getUserAllowances(externalUserId: string): Promise<UserAllowancesResponse> {\n return this.requestJson<UserAllowancesResponse>(\n `${this.getAppsBaseUrl()}/users/${encodeURIComponent(externalUserId)}/allowances`,\n {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n }\n\n async grantUserAllowance(\n externalUserId: string,\n input: UserAllowanceGrantInput,\n ): Promise<UserAllowancesResponse & { grantedUsdMicros?: string; featureKey?: string }> {\n return this.requestJson(\n `${this.getAppsBaseUrl()}/users/${encodeURIComponent(externalUserId)}/allowances`,\n {\n method: \"POST\",\n headers: this.builderHeaders(),\n body: JSON.stringify(input),\n cache: \"no-store\",\n },\n );\n }\n\n /**\n * @deprecated Removed from PymtHouse — use {@link getUsageBalance} or {@link getUserAllowances}.\n */\n async getUserCredits(externalUserId: string): Promise<UsageBalanceResponse> {\n return this.getUsageBalance(externalUserId);\n }\n\n /**\n * @deprecated Removed from PymtHouse — use {@link grantUserAllowance} (`POST .../allowances`).\n */\n async grantUserCredits(\n externalUserId: string,\n input: { amountUsdMicros: string; source?: GrantSource; featureKey?: string },\n ): Promise<UsageBalanceResponse & { grantedUsdMicros?: string; featureKey?: string }> {\n const result = await this.grantUserAllowance(externalUserId, {\n amountUsdMicros: input.amountUsdMicros,\n source: input.source ?? \"manual\",\n featureKey: input.featureKey,\n });\n const flat = result as UserAllowancesResponse & {\n balanceUsdMicros?: string;\n consumedUsdMicros?: string;\n lifetimeGrantedUsdMicros?: string;\n hasAccess?: boolean;\n grantedUsdMicros?: string;\n featureKey?: string;\n };\n const nested = result.allowances;\n return {\n externalUserId: result.externalUserId,\n balanceUsdMicros:\n flat.balanceUsdMicros ?? nested?.balanceUsdMicros ?? \"0\",\n consumedUsdMicros:\n flat.consumedUsdMicros ?? nested?.consumedUsdMicros ?? \"0\",\n lifetimeGrantedUsdMicros:\n flat.lifetimeGrantedUsdMicros ?? nested?.lifetimeGrantedUsdMicros ?? \"0\",\n hasAccess: flat.hasAccess ?? nested?.hasAccess ?? false,\n remainingUsdMicros:\n flat.balanceUsdMicros ?? nested?.balanceUsdMicros,\n grantedUsdMicros: flat.grantedUsdMicros,\n featureKey: flat.featureKey,\n };\n }\n\n async getUserSubscription(externalUserId: string): Promise<UserSubscriptionResponse> {\n return this.requestJson<UserSubscriptionResponse>(\n `${this.getAppsBaseUrl()}/users/${encodeURIComponent(externalUserId)}/subscription`,\n {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n }\n\n async fetchUsageForExternalUser(input: {\n externalUserId: string;\n startDate: string;\n endDate: string;\n maxEndUserIds?: number;\n }): Promise<MeScopeUsagePayload> {\n const usageByUser = await this.getUsage({\n startDate: input.startDate,\n endDate: input.endDate,\n groupBy: \"user\",\n });\n const userIds = getEndUserIdsForExternalUser(usageByUser, input.externalUserId);\n const cap = input.maxEndUserIds ?? DEFAULT_MAX_END_USER_IDS;\n const cappedUserIds = userIds.slice(0, cap);\n const usagePipelineModels = await Promise.all(\n cappedUserIds.map((userId) =>\n this.getUsage({\n startDate: input.startDate,\n endDate: input.endDate,\n groupBy: \"pipeline_model\",\n userId,\n }),\n ),\n );\n const usageDaily = await this.getUsage({\n startDate: input.startDate,\n endDate: input.endDate,\n groupBy: \"daily_pipeline\",\n userId: input.externalUserId,\n });\n return buildMeScopeUsagePayload(\n usageByUser,\n input.externalUserId,\n usagePipelineModels,\n usageDaily,\n );\n }\n\n async getAppManifest(opts?: {\n ifNoneMatch?: string;\n signal?: AbortSignal;\n }): Promise<GetAppManifestResult> {\n const url = `${this.getAppsBaseUrl()}/manifest`;\n const headers: Record<string, string> = {\n ...this.builderHeadersRecord(),\n };\n if (opts?.ifNoneMatch) {\n headers[\"If-None-Match\"] = opts.ifNoneMatch;\n }\n\n this.logger?.debug?.(\"PmtHouse request\", { method: \"GET\", url });\n\n const response = await this.fetchImpl(url, {\n method: \"GET\",\n headers,\n signal: opts?.signal,\n cache: \"no-store\",\n });\n\n const etag = response.headers.get(\"etag\")?.trim() ?? null;\n\n if (response.status === 304) {\n return {\n manifest: null,\n etag: etag ?? opts?.ifNoneMatch ?? null,\n notModified: true,\n };\n }\n\n const raw = await response.text();\n const ct = response.headers.get(\"content-type\") ?? \"\";\n const looksJson = ct.includes(\"application/json\") || ct.includes(\"json\");\n const parsed = raw && looksJson ? this.safeParseJson(raw) : null;\n\n if (!response.ok) {\n const details = (parsed ?? {}) as Record<string, unknown>;\n let description: string;\n if (typeof details.error_description === \"string\") {\n description = details.error_description;\n } else if (typeof details.error === \"string\") {\n description = details.error;\n } else {\n description = `Request failed (${response.status})`;\n }\n throw new PmtHouseError(description, {\n status: response.status,\n code: typeof details.error === \"string\" ? details.error : \"pymthouse_http_error\",\n details,\n });\n }\n\n if (!looksJson || parsed === null) {\n throw new PmtHouseError(\"Expected JSON response from Builder manifest endpoint\", {\n status: 502,\n code: \"invalid_response\",\n details: { contentType: ct, preview: raw.slice(0, 200) },\n });\n }\n\n return {\n manifest: parseAppManifestResponse(parsed),\n etag,\n notModified: false,\n };\n }\n\n /**\n * Upsert an external user, mint a short-lived JWT, and exchange for an opaque signer session.\n */\n async mintSignerSessionForExternalUser(\n input: MintSignerSessionForExternalUserInput,\n ): Promise<SignerSessionToken> {\n await this.upsertAppUser({\n externalUserId: input.externalUserId,\n email: input.email,\n status: \"active\",\n });\n const exchange = await this.mintUserSignerSessionToken({\n externalUserId: input.externalUserId,\n scope: input.scope ?? SIGN_JOB_SCOPE,\n resource: this.issuerUrl,\n });\n return parseSignerSessionExchange(exchange);\n }\n\n /**\n * Approve a pending RFC 8628 device code for an external user (Option B).\n */\n async approveDeviceLogin(input: ApproveDeviceLoginInput): Promise<void> {\n if (input.publicClientId && input.publicClientId !== this.publicClientId) {\n throw new PmtHouseError(\n \"publicClientId does not match configured public client id\",\n { status: 400, code: \"invalid_client\" },\n );\n }\n\n await this.upsertAppUser({\n externalUserId: input.externalUserId,\n email: input.email,\n status: \"active\",\n });\n const userToken = await this.mintUserAccessToken({\n externalUserId: input.externalUserId,\n scope: SIGN_JOB_SCOPE,\n });\n await this.completeDeviceApproval({\n userJwt: userToken.access_token,\n userCode: input.userCode,\n });\n }\n\n private tokenEndpointFetchOptions():\n | ClientCredentialsGrantRequestOptions\n | TokenEndpointRequestOptions {\n const o: ClientCredentialsGrantRequestOptions = {\n [customFetch]: this.fetchImpl,\n };\n if (this.allowInsecureHttp) {\n o[allowInsecureRequests] = true;\n }\n return o;\n }\n\n private getAppsBaseUrl(): string {\n return `${this.getIssuerOrigin()}/api/v1/apps/${encodeURIComponent(this.publicClientId)}`;\n }\n\n private getIssuerOrigin(): string {\n return new URL(this.issuerUrl).origin;\n }\n\n private builderHeaders(): HeadersInit {\n return this.builderHeadersRecord();\n }\n\n private builderHeadersRecord(): Record<string, string> {\n return {\n Authorization: encodeClientSecretBasic(this.m2mClientId, this.m2mClientSecret),\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n };\n }\n\n private m2mClientAuth(): ClientAuth {\n return (_as, _client, _body, headers) => {\n headers.set(\"Authorization\", encodeClientSecretBasic(this.m2mClientId, this.m2mClientSecret));\n };\n }\n\n private async requestJson<T>(url: string, init: RequestInit): Promise<T> {\n this.logger?.debug?.(\"PmtHouse request\", {\n method: init.method ?? \"GET\",\n url,\n });\n\n const response = await this.fetchImpl(url, init);\n const raw = await response.text();\n const ct = response.headers.get(\"content-type\") ?? \"\";\n const looksJson = ct.includes(\"application/json\") || ct.includes(\"json\");\n const parsed = raw && looksJson ? this.safeParseJson(raw) : raw ? null : null;\n\n if (!response.ok) {\n const details = (parsed ?? {}) as Record<string, unknown>;\n let description: string;\n if (typeof details.error_description === \"string\") {\n description = details.error_description;\n } else if (typeof details.error === \"string\") {\n description = details.error;\n } else {\n description = `Request failed (${response.status})`;\n }\n\n throw new PmtHouseError(description, {\n status: response.status,\n code:\n typeof details.error === \"string\"\n ? details.error\n : \"pymthouse_http_error\",\n details,\n });\n }\n\n if (!looksJson || parsed === null) {\n throw new PmtHouseError(\"Expected JSON response from Builder or Usage API\", {\n status: 502,\n code: \"invalid_response\",\n details: { contentType: ct, preview: raw.slice(0, 200) },\n });\n }\n\n if (!parsed) {\n return {} as T;\n }\n\n return parsed as T;\n }\n\n private safeParseJson(value: string): unknown {\n try {\n return JSON.parse(value);\n } catch {\n return null;\n }\n }\n\n private asError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n\n if (error instanceof Error) {\n return new PmtHouseError(error.message, {\n code: \"unexpected_error\",\n status: 500,\n });\n }\n\n return new PmtHouseError(\"Unexpected error\", {\n code: \"unexpected_error\",\n status: 500,\n });\n }\n}\n","import { createHash } from \"node:crypto\";\n\nimport type { AppManifestCapability, AppManifestResponse } from \"./types.js\";\n\nexport function parseAppManifestResponse(json: unknown): AppManifestResponse {\n if (!json || typeof json !== \"object\" || Array.isArray(json)) {\n return { capabilities: [], excludedCapabilities: [] };\n }\n const record = json as Record<string, unknown>;\n const capabilities = parseCapabilityArray(record.capabilities);\n const excludedCapabilities = parseCapabilityArray(record.excludedCapabilities);\n const manifestVersion =\n typeof record.manifestVersion === \"string\" && record.manifestVersion.trim()\n ? record.manifestVersion.trim()\n : undefined;\n return { capabilities, excludedCapabilities, manifestVersion };\n}\n\nfunction parseCapabilityArray(raw: unknown): AppManifestCapability[] {\n if (!Array.isArray(raw)) return [];\n return raw.filter(\n (c): c is AppManifestCapability =>\n !!c &&\n typeof c === \"object\" &&\n typeof (c as { pipeline?: unknown }).pipeline === \"string\" &&\n typeof (c as { modelId?: unknown }).modelId === \"string\",\n );\n}\n\nfunction sortedCaps(caps: AppManifestCapability[]): AppManifestCapability[] {\n return [...caps].sort((a, b) => {\n const p = a.pipeline.localeCompare(b.pipeline);\n return p === 0 ? a.modelId.localeCompare(b.modelId) : p;\n });\n}\n\nexport function computeManifestRevision(\n data: Pick<\n AppManifestResponse,\n \"capabilities\" | \"excludedCapabilities\" | \"manifestVersion\"\n > | null,\n): string {\n if (data == null) {\n return \"unavailable\";\n }\n if (data.manifestVersion?.trim()) {\n return data.manifestVersion.trim();\n }\n const caps = sortedCaps(data.capabilities ?? []);\n const excl = sortedCaps(data.excludedCapabilities ?? []);\n if (caps.length === 0 && excl.length === 0) {\n return \"empty\";\n }\n return createHash(\"sha256\")\n .update(JSON.stringify({ capabilities: caps, excludedCapabilities: excl }))\n .digest(\"hex\")\n .slice(0, 24);\n}\n","import type { TokenExchangeResponse } from \"./types.js\";\n\n/**\n * Matches PymtHouse `gateway-token-exchange.ts` opaque signer session TTL (~90 days).\n *\n * Any change here must stay in sync with the upstream PymtHouse value.\n */\nexport const SIGNER_SESSION_TTL_MS = 90 * 24 * 60 * 60 * 1000;\n\nexport const SIGNER_SESSION_EXPIRES_IN_SEC = Math.floor(SIGNER_SESSION_TTL_MS / 1000);\n\n/** Default end-user scope for Builder-minted user tokens and signer sessions. */\nexport const SIGN_JOB_SCOPE = \"sign:job\";\n\n/** @deprecated Use {@link SIGNER_SESSION_TTL_MS}. */\nexport const PYMTHOUSE_SIGNER_SESSION_TTL_MS = SIGNER_SESSION_TTL_MS;\n\nexport interface SignerSessionToken {\n accessToken: string;\n tokenType: string;\n expiresIn: number;\n scope: string;\n}\n\n/**\n * Compute the implied expiry for an opaque signer session key whose creation\n * timestamp is known but whose token body carries no expiry of its own.\n */\nexport function computeSignerSessionExpiry(input: Date | string): Date {\n const createdAt = input instanceof Date ? input : new Date(input);\n return new Date(createdAt.getTime() + SIGNER_SESSION_TTL_MS);\n}\n\n/** @deprecated Use {@link computeSignerSessionExpiry}. */\nexport const computePymthouseExpiry = computeSignerSessionExpiry;\n\n/**\n * Cheap shape check — true for inputs that look like a 3-segment JWT.\n * Does NOT validate the signature; callers must not use this for trust.\n */\nexport function isLikelyOidcJwt(rawToken: string): boolean {\n const t = rawToken.trim();\n return t.startsWith(\"eyJ\") && t.split(\".\").length >= 3;\n}\n\n/** True when the token is an opaque signer session (not a JWT). */\nexport function isOpaqueSignerSessionToken(rawToken: string): boolean {\n const t = rawToken.trim();\n return t.length > 0 && !isLikelyOidcJwt(t);\n}\n\nfunction base64UrlPayloadToUtf8(payloadB64: string): string {\n const normalized = payloadB64.replaceAll(\"-\", \"+\").replaceAll(\"_\", \"/\");\n const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, \"=\");\n if (typeof Buffer !== \"undefined\") {\n return Buffer.from(padded, \"base64\").toString(\"utf8\");\n }\n return atob(padded);\n}\n\n/**\n * Best-effort `exp` extraction from a JWT payload. Returns null on any\n * parse error, missing/invalid `exp`, or non-finite numeric value.\n *\n * Security note: the JWT is not verified. Use only for UX-level expiry\n * display or soft-cleanup of unusable keys, never for authorization.\n */\nexport function decodeJwtExp(rawToken: string): Date | null {\n try {\n const parts = rawToken.split(\".\");\n if (parts.length < 2) return null;\n const payloadJson = base64UrlPayloadToUtf8(parts[1]);\n const payload = JSON.parse(payloadJson) as { exp?: number };\n if (typeof payload.exp !== \"number\" || !Number.isFinite(payload.exp)) return null;\n const expMs = Math.floor(payload.exp * 1000);\n if (expMs <= 0) return null;\n return new Date(expMs);\n } catch {\n return null;\n }\n}\n\n/**\n * Normalize an RFC 8693 token exchange response into a signer session token.\n * Validates that the access token is opaque (not a JWT).\n */\nexport function parseSignerSessionExchange(res: TokenExchangeResponse): SignerSessionToken {\n const accessToken = typeof res.access_token === \"string\" ? res.access_token.trim() : \"\";\n if (!accessToken) {\n throw new Error(\"PymtHouse signer session exchange returned no access_token\");\n }\n if (isLikelyOidcJwt(accessToken)) {\n throw new Error(\n \"PymtHouse signer session exchange returned a JWT; expected opaque signer session token\",\n );\n }\n\n const tokenType =\n typeof res.token_type === \"string\" && res.token_type.trim()\n ? res.token_type.trim()\n : \"Bearer\";\n const expiresIn =\n typeof res.expires_in === \"number\" &&\n Number.isFinite(res.expires_in) &&\n res.expires_in > 0\n ? Math.floor(res.expires_in)\n : SIGNER_SESSION_EXPIRES_IN_SEC;\n const scope =\n typeof res.scope === \"string\" && res.scope.trim() ? res.scope.trim() : SIGN_JOB_SCOPE;\n\n return {\n accessToken,\n tokenType,\n expiresIn,\n scope,\n };\n}\n","import { type Client, OperationProcessingError, ResponseBodyError } from \"oauth4webapi\";\nimport { PmtHouseError } from \"./errors.js\";\nimport type { ClientCredentialsTokenResponse, TokenExchangeResponse } from \"./types.js\";\n\nconst ACCEPTED_ISSUED_TOKEN_TYPES = new Set([\n \"urn:ietf:params:oauth:token-type:access_token\",\n \"urn:pmth:token-type:remote-signer-session\",\n]);\n\nexport function mapOAuthError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n\n if (error instanceof ResponseBodyError) {\n const cause = error.cause as Record<string, unknown>;\n const description =\n typeof error.error_description === \"string\"\n ? error.error_description\n : error.message;\n const details: Record<string, unknown> = { ...cause };\n if (typeof cause.error_uri === \"string\") {\n details.error_uri = cause.error_uri;\n }\n return new PmtHouseError(description, {\n status: error.status,\n code: error.error,\n details,\n });\n }\n\n if (error instanceof OperationProcessingError) {\n return new PmtHouseError(error.message, {\n status: 502,\n code: error.code ?? \"oauth_processing_error\",\n details: { cause: error.cause },\n });\n }\n\n if (error instanceof Error) {\n return new PmtHouseError(error.message, {\n status: 500,\n code: \"unexpected_error\",\n });\n }\n\n return new PmtHouseError(\"Unexpected error\", {\n status: 500,\n code: \"unexpected_error\",\n });\n}\n\nexport function tokenEndpointResponseToExchange(\n tr: import(\"oauth4webapi\").TokenEndpointResponse,\n): TokenExchangeResponse {\n const issued = tr.issued_token_type;\n if (typeof issued !== \"string\" || !ACCEPTED_ISSUED_TOKEN_TYPES.has(issued)) {\n throw new PmtHouseError(\"Token exchange returned an unexpected issued_token_type\", {\n status: 502,\n code: \"invalid_token_response\",\n details: { issued_token_type: issued },\n });\n }\n\n const tt = tr.token_type;\n if (typeof tt !== \"string\" || tt.toLowerCase() !== \"bearer\") {\n throw new PmtHouseError(\"Token endpoint returned a non-Bearer token_type\", {\n status: 502,\n code: \"invalid_token_response\",\n details: { token_type: tt },\n });\n }\n\n const expiresIn = tr.expires_in;\n if (typeof expiresIn !== \"number\") {\n throw new PmtHouseError(\"Token response missing expires_in\", {\n status: 502,\n code: \"invalid_token_response\",\n });\n }\n\n const scope = typeof tr.scope === \"string\" ? tr.scope : \"\";\n\n return {\n access_token: tr.access_token,\n token_type: \"Bearer\",\n expires_in: expiresIn,\n scope,\n issued_token_type: issued,\n };\n}\n\nexport function tokenEndpointResponseToClientCredentials(\n tr: import(\"oauth4webapi\").TokenEndpointResponse,\n): ClientCredentialsTokenResponse {\n const tt = tr.token_type;\n if (typeof tt !== \"string\" || tt.toLowerCase() !== \"bearer\") {\n throw new PmtHouseError(\"Token endpoint returned a non-Bearer token_type\", {\n status: 502,\n code: \"invalid_token_response\",\n details: { token_type: tt },\n });\n }\n\n return {\n access_token: tr.access_token,\n token_type: \"Bearer\",\n expires_in: tr.expires_in,\n scope: typeof tr.scope === \"string\" ? tr.scope : undefined,\n };\n}\n\nexport function m2mClient(clientId: string): Client {\n return { client_id: clientId };\n}\n","export {\n applyRetailRateToNetworkMicros,\n defaultRetailRateUsd,\n markupPercentToRetailRateUsd,\n NETWORK_USD_PER_MICRO,\n parseMarkupPercentInput,\n parseRetailRateUsd,\n retailRateUsdPerMillion,\n retailRateUsdToMarkupPercent,\n} from \"./plan-pricing.js\";\nexport {\n ingestSignedTicket,\n ingestSignedTicketsBatch,\n signerSnapshotToIngestPayload,\n} from \"./ingest.js\";\nexport {\n aggregateUsageByExternalUserId,\n buildMeScopeUsagePayload,\n DEFAULT_MAX_END_USER_IDS,\n getEndUserIdsForExternalUser,\n getUsageRecordUserIdsForExternalUser,\n getUtcCalendarMonthIsoBounds,\n listUsageByPipelineModel,\n mergeUsageByPipelineModel,\n parseUsageDateParam,\n summarizeUsageFiatForExternalUser,\n summarizeUsageForExternalUser,\n} from \"./usage.js\";\nexport { PmtHouseClient, buildDeviceCodeResource, normalizeUserCode } from \"./client.js\";\nexport { PmtHouseError, toPmtHouseError } from \"./errors.js\";\nexport {\n getBuilderApiV1BaseFromIssuerUrl,\n getPymthouseIssuerOrigin,\n getPymthouseIssuerUrlFromEnv,\n getPymthousePublicClientIdFromEnv,\n isPymthouseConfigured,\n PYMTHOUSE_NOT_CONFIGURED_MESSAGE,\n readPymthouseEnv,\n} from \"./config.js\";\nexport {\n clearDiscoveryCache,\n fetchDiscoveryDocument,\n loadAuthorizationServer,\n authorizationServerToOidcDocument,\n} from \"./discovery.js\";\nexport { computeManifestRevision, parseAppManifestResponse } from \"./manifest.js\";\nexport {\n computePymthouseExpiry,\n computeSignerSessionExpiry,\n decodeJwtExp,\n isLikelyOidcJwt,\n isOpaqueSignerSessionToken,\n parseSignerSessionExchange,\n PYMTHOUSE_SIGNER_SESSION_TTL_MS,\n SIGNER_SESSION_EXPIRES_IN_SEC,\n SIGNER_SESSION_TTL_MS,\n SIGN_JOB_SCOPE,\n} from \"./tokens.js\";\nexport type { SignerSessionToken } from \"./tokens.js\";\nexport type { LoadAuthorizationServerOptions } from \"./discovery.js\";\nexport type {\n AllowancePolicy,\n AppManifestCapability,\n AppManifestResponse,\n AppUserRecord,\n ApproveDeviceLoginInput,\n BillingProduct,\n BillingSyncState,\n BillingSyncStatus,\n CapabilityPriceRule,\n ClientCredentialsTokenResponse,\n DeviceApprovalInput,\n FetchLike,\n GetAppManifestResult,\n GetDiscoveryOptions,\n GrantSource,\n ListBillingProductsResult,\n MeScopeUsagePayload,\n MintSignerSessionForExternalUserInput,\n MintUserAccessTokenInput,\n MintUserAccessTokenResponse,\n MintUserSignerSessionTokenInput,\n OidcDiscoveryDocument,\n ParsedDeviceApprovalRedirect,\n PlanSyncResult,\n PmtHouseClientOptions,\n SignedTicketIngestInput,\n SignedTicketIngestResult,\n SignerRoutingConfig,\n SignerRoutingResponse,\n TokenExchangeResponse,\n UpsertAppUserInput,\n UsageApiResponse,\n UsageByPipelineModelFiatRow,\n UsageDailyPipelineRow,\n UsageByPipelineModelRow,\n UsageByUserRow,\n UsageForExternalUser,\n UsageQueryInput,\n UsageTotals,\n UsageBalanceResponse,\n UserAllowanceGrantInput,\n UserAllowancesResponse,\n UserCreditGrantInput,\n UserCreditsResponse,\n UserSubscriptionResponse,\n} from \"./types.js\";\n","import {\n stripOidcPathSuffix,\n stripTrailingSlashes,\n} from \"./string-utils.js\";\n\nexport { parseHttpOrigin } from \"./string-utils.js\";\n\n/** Operator hint when Builder / Usage cannot run. */\nexport const PYMTHOUSE_NOT_CONFIGURED_MESSAGE =\n \"PymtHouse is not configured. Set PYMTHOUSE_ISSUER_URL, PYMTHOUSE_PUBLIC_CLIENT_ID, PYMTHOUSE_M2M_CLIENT_ID, and PYMTHOUSE_M2M_CLIENT_SECRET, then restart.\";\n\nexport interface PymthouseEnvConfig {\n issuerUrl: string;\n publicClientId: string;\n m2mClientId: string;\n m2mClientSecret: string;\n}\n\nfunction trimEnv(name: string): string | null {\n const value = process.env[name];\n if (!value) return null;\n const trimmed = value.trim();\n return trimmed || null;\n}\n\n/** Read `PYMTHOUSE_*` env vars without throwing. Returns null when incomplete. */\nexport function readPymthouseEnv(): PymthouseEnvConfig | null {\n const issuerUrl = trimEnv(\"PYMTHOUSE_ISSUER_URL\");\n const publicClientId = trimEnv(\"PYMTHOUSE_PUBLIC_CLIENT_ID\");\n const m2mClientId = trimEnv(\"PYMTHOUSE_M2M_CLIENT_ID\");\n const m2mClientSecret = trimEnv(\"PYMTHOUSE_M2M_CLIENT_SECRET\");\n if (!issuerUrl || !publicClientId || !m2mClientId || !m2mClientSecret) {\n return null;\n }\n return {\n issuerUrl: stripTrailingSlashes(issuerUrl),\n publicClientId,\n m2mClientId,\n m2mClientSecret,\n };\n}\n\n/** Read `PYMTHOUSE_ISSUER_URL` without requiring full M2M configuration. */\nexport function getPymthouseIssuerUrlFromEnv(): string | null {\n const raw = trimEnv(\"PYMTHOUSE_ISSUER_URL\");\n if (!raw) return null;\n try {\n return stripTrailingSlashes(new URL(raw).href);\n } catch {\n return null;\n }\n}\n\n/** Read `PYMTHOUSE_PUBLIC_CLIENT_ID` without requiring full M2M configuration. */\nexport function getPymthousePublicClientIdFromEnv(): string | null {\n return trimEnv(\"PYMTHOUSE_PUBLIC_CLIENT_ID\");\n}\n\n/** True when all vars required by `createPmtHouseClientFromEnv` are present. */\nexport function isPymthouseConfigured(): boolean {\n return readPymthouseEnv() !== null;\n}\n\n/** Resolve Builder API base (`…/api/v1`) from issuer URL (`…/api/v1/oidc`). */\nexport function getBuilderApiV1BaseFromIssuerUrl(issuerUrl: string): string {\n return stripOidcPathSuffix(issuerUrl);\n}\n\n/** Origin of the OIDC issuer host (e.g. `https://pymthouse.com`). */\nexport function getPymthouseIssuerOrigin(issuerUrl: string): string {\n return new URL(stripTrailingSlashes(issuerUrl.trim())).origin;\n}\n"]}
1
+ {"version":3,"sources":["../src/encoding.ts","../src/errors.ts","../src/string-utils.ts","../src/discovery.ts","../src/signer/fetch-json.ts","../src/signer/handler-errors.ts","../src/signer/json-fields.ts","../src/signer/mint-token.ts","../src/signer/device-exchange.ts","../src/signer/api-key-exchange.ts","../src/plan-pricing.ts","../src/ingest.ts","../src/usage.ts","../src/client.ts","../src/manifest.ts","../src/tokens.ts","../src/oauth-map.ts","../src/index.ts","../src/config.ts"],"names":["PmtHouseError","customFetch","allowInsecureRequests","discoveryRequest","processDiscoveryResponse","EXCHANGE_RESPONSE_ERROR","createHash","ResponseBodyError","OperationProcessingError","TOKEN_EXCHANGE_GRANT","SUBJECT_ACCESS_TOKEN_TYPE","exchangeApiKeyForSigner","genericTokenEndpointRequest","processGenericTokenEndpointResponse","clientCredentialsGrantRequest","processClientCredentialsResponse"],"mappings":";;;;;;;;;;;;;;;;AAIO,SAAS,uBAAA,CAAwB,UAAkB,YAAA,EAA8B;AACtF,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,YAAY,CAAA,CAAA;AACvC,EAAA,MAAM,GAAA,GACJ,OAAO,MAAA,KAAW,WAAA,GACd,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,MAAM,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA,GAC1C,KAAK,KAAA,CAAM,IAAA,CAAK,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,GAAG,CAAA,EAAG,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAC5F,EAAA,OAAO,SAAS,GAAG,CAAA,CAAA;AACrB;AAXA,IAAA,aAAA,GAAA,KAAA,CAAA;AAAA,EAAA,iBAAA,GAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACyBO,SAAS,eAAA,CACd,OACA,eAAA,EACe;AACf,EAAA,IAAI,iBAAiBA,qBAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAIA,qBAAA,CAAc,KAAA,CAAM,OAAA,IAAW,eAAA,EAAiB;AAAA,MACzD,IAAA,EAAM,kBAAA;AAAA,MACN,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,IAAIA,sBAAc,eAAA,EAAiB;AAAA,IACxC,IAAA,EAAM,kBAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACT,CAAA;AACH;AA5CaA;AAAb,IAAA,WAAA,GAAA,KAAA,CAAA;AAAA,EAAA,eAAA,GAAA;AAAO,IAAMA,qBAAA,GAAN,cAA4B,KAAA,CAAM;AAAA,MAC9B,MAAA;AAAA,MACA,IAAA;AAAA,MACA,OAAA;AAAA,MAET,YACE,OAAA,EACA;AAAA,QACE,MAAA,GAAS,GAAA;AAAA,QACT,IAAA,GAAO,iBAAA;AAAA,QACP;AAAA,OACF,GAII,EAAC,EACL;AACA,QAAA,KAAA,CAAM,OAAO,CAAA;AACb,QAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AACZ,QAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,QAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,QAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,MACjB;AAAA,KACF;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACtBO,SAAS,qBAAqB,KAAA,EAAuB;AAC1D,EAAA,IAAI,MAAM,KAAA,CAAM,MAAA;AAChB,EAAA,OAAO,GAAA,GAAM,MAAM,KAAA,CAAM,WAAA,CAAY,MAAM,CAAC,CAAA,IAAK,OAAO,EAAA,EAAI;AAC1D,IAAA,GAAA,EAAA;AAAA,EACF;AACA,EAAA,OAAO,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAC3B;AAEA,SAAS,kBAAA,CAAmB,OAAe,MAAA,EAAyB;AAClE,EAAA,IAAI,MAAA,CAAO,MAAA,GAAS,KAAA,CAAM,MAAA,EAAQ;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAA;AACpC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,MAAM,CAAA,GAAI,KAAA,CAAM,WAAA,CAAY,KAAA,GAAQ,CAAC,CAAA,IAAK,CAAA;AAC1C,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,WAAA,CAAY,CAAC,CAAA,IAAK,CAAA;AACnC,IAAA,IAAI,CAAA,KAAM,CAAA,IAAA,CAAM,CAAA,GAAI,EAAA,OAAS,IAAI,EAAA,CAAA,EAAK;AACpC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,qBAAA,CAAsB,OAAe,MAAA,EAAwB;AACpE,EAAA,OAAO,kBAAA,CAAmB,KAAA,EAAO,MAAM,CAAA,GACnC,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAM,CAAA,GAC3C,KAAA;AACN;AAGO,SAAS,oBAAoB,SAAA,EAA2B;AAC7D,EAAA,IAAI,IAAA,GAAO,oBAAA,CAAqB,SAAA,CAAU,IAAA,EAAM,CAAA;AAChD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,OAAO,CAAA;AAC1C,EAAA,OAAO,qBAAqB,IAAI,CAAA;AAClC;AAGO,SAAS,6BAA6B,SAAA,EAA2B;AACtE,EAAA,IAAI,IAAA,GAAO,oBAAA,CAAqB,SAAA,CAAU,IAAA,EAAM,CAAA;AAChD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,cAAc,CAAA;AACjD,EAAA,IAAA,GAAO,qBAAA,CAAsB,MAAM,OAAO,CAAA;AAC1C,EAAA,OAAO,qBAAqB,IAAI,CAAA;AAClC;AA3CA,IAAA,iBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,qBAAA,GAAA;AAAA,EAAA;AAAA,CAAA,CAAA;ACWO,SAAS,kCAAkC,EAAA,EAAgD;AAChG,EAAA,MAAM,gBAAgB,EAAA,CAAG,cAAA;AACzB,EAAA,MAAM,UAAU,EAAA,CAAG,QAAA;AACnB,EAAA,IAAI,CAAC,aAAA,IAAiB,CAAC,OAAA,EAAS;AAC9B,IAAA,MAAM,IAAIA,sBAAc,+DAAA,EAAiE;AAAA,MACvF,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO;AAAA,IACL,QAAQ,EAAA,CAAG,MAAA;AAAA,IACX,sBAAA,EAAwB,GAAG,sBAAA,IAA0B,EAAA;AAAA,IACrD,cAAA,EAAgB,aAAA;AAAA,IAChB,QAAA,EAAU,OAAA;AAAA,IACV,mBAAmB,EAAA,CAAG,iBAAA;AAAA,IACtB,+BAA+B,EAAA,CAAG;AAAA,GACpC;AACF;AAWA,SAAS,oBAAoB,SAAA,EAA2B;AACtD,EAAA,OAAO,qBAAqB,SAAS,CAAA;AACvC;AAUA,eAAsB,uBAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0C,EAAC,EACb;AAC9B,EAAA,MAAM,GAAA,GAAM,oBAAoB,SAAS,CAAA;AACzC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,GAAA,CAAI,GAAG,CAAA;AAErC,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAA,IAAS,UAAU,GAAA,GAAM,MAAA,CAAO,YAAY,YAAA,EAAc;AACrE,IAAA,OAAO,MAAA,CAAO,EAAA;AAAA,EAChB;AAEA,EAAA,MAAM,gBAAA,GAAmB,IAAI,GAAA,CAAI,GAAG,CAAA;AACpC,EAAA,MAAM,aAAA,GAAwD;AAAA,IAC5D,SAAA,EAAW,MAAA;AAAA,IACX,CAACC,wBAAW,GAAG;AAAA,GACjB;AACA,EAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,IAAA,aAAA,CAAcC,kCAAqB,CAAA,GAAI,IAAA;AAAA,EACzC;AAEA,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI;AACF,IAAA,QAAA,GAAW,MAAMC,6BAAA,CAAiB,gBAAA,EAAkB,aAAa,CAAA;AAAA,EACnE,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,yBAAyB,CAAC,CAAA;AAAA,EAClC;AAEA,EAAA,IAAI,EAAA;AACJ,EAAA,IAAI;AACF,IAAA,EAAA,GAAK,MAAMC,qCAAA,CAAyB,gBAAA,EAAkB,QAAQ,CAAA;AAAA,EAChE,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,uBAAuB,CAAC,CAAA;AAAA,EAChC;AAEA,EAAA,cAAA,CAAe,IAAI,GAAA,EAAK,EAAE,EAAA,EAAI,SAAA,EAAW,KAAK,CAAA;AAC9C,EAAA,OAAO,EAAA;AACT;AAEA,eAAsB,sBAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0C,EAAC,EACX;AAChC,EAAA,MAAM,EAAA,GAAK,MAAM,uBAAA,CAAwB,SAAA,EAAW,WAAW,OAAO,CAAA;AACtE,EAAA,OAAO,kCAAkC,EAAE,CAAA;AAC7C;AAEO,SAAS,oBAAoB,SAAA,EAA0B;AAC5D,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,cAAA,CAAe,KAAA,EAAM;AACrB,IAAA;AAAA,EACF;AACA,EAAA,cAAA,CAAe,MAAA,CAAO,mBAAA,CAAoB,SAAS,CAAC,CAAA;AACtD;AAEA,SAAS,uBAAuB,KAAA,EAA+B;AAC7D,EAAA,IAAI,iBAAiBJ,qBAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAIA,qBAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,MACtC,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA;AAAM,KAC/B,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAIA,sBAAc,uBAAA,EAAyB;AAAA,IAChD,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEA,SAAS,yBAAyB,KAAA,EAA+B;AAC/D,EAAA,IAAI,iBAAiBA,qBAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAIA,qBAAA,CAAc,CAAA,+BAAA,EAAkC,KAAA,CAAM,OAAO,CAAA,CAAA,EAAI;AAAA,MAC1E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAIA,sBAAc,+BAAA,EAAiC;AAAA,IACxD,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AA3IA,IA8BM,YAAA,EAOA,cAAA;AArCN,IAAA,cAAA,GAAA,KAAA,CAAA;AAAA,EAAA,kBAAA,GAAA;AAOA,IAAA,WAAA,EAAA;AACA,IAAA,iBAAA,EAAA;AAsBA,IAAM,YAAA,GAAe,IAAI,EAAA,GAAK,GAAA;AAO9B,IAAM,cAAA,uBAAqB,GAAA,EAAwB;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACnCnD,SAAS,uBAAA,CACP,MAAA,EACA,YAAA,EACA,MAAA,EACQ;AACR,EAAA,IAAI,OAAO,MAAA,CAAO,iBAAA,KAAsB,QAAA,EAAU;AAChD,IAAA,OAAO,MAAA,CAAO,iBAAA;AAAA,EAChB;AACA,EAAA,IAAI,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,EAAU;AACpC,IAAA,OAAO,MAAA,CAAO,KAAA;AAAA,EAChB;AACA,EAAA,OAAO,CAAA,EAAG,YAAY,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA;AACnC;AASA,eAAsB,0BAAA,CACpB,UACA,OAAA,EACkC;AAClC,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAI,IAAgC,EAAC;AAAA,EACnE,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAIA,qBAAA,CAAc,OAAA,CAAQ,kBAAA,EAAoB;AAAA,MAClD,MAAA,EAAQ,GAAA;AAAA,MACR,MAAM,OAAA,CAAQ,eAAA;AAAA,MACd,OAAA,EAAS,EAAE,MAAA,EAAQ,QAAA,CAAS,MAAA;AAAO,KACpC,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,cAAc,uBAAA,CAAwB,MAAA,EAAQ,OAAA,CAAQ,YAAA,EAAc,SAAS,MAAM,CAAA;AACzF,IAAA,MAAM,IAAIA,sBAAc,WAAA,EAAa;AAAA,MACnC,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,MAAM,OAAO,MAAA,CAAO,UAAU,QAAA,GAAW,MAAA,CAAO,QAAQ,OAAA,CAAQ,gBAAA;AAAA,MAChE,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,MAAA;AACT;AAjDA,IAAA,eAAA,GAAA,KAAA,CAAA;AAAA,EAAA,0BAAA,GAAA;AAAA,IAAA,WAAA,EAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACEO,SAAS,2BAA2B,KAAA,EAA0B;AACnE,EAAA,IAAI,iBAAiBA,qBAAA,EAAe;AAClC,IAAA,OAAO,IAAI,QAAA;AAAA,MACT,KAAK,SAAA,CAAU;AAAA,QACb,OAAO,KAAA,CAAM,IAAA;AAAA,QACb,mBAAmB,KAAA,CAAM,OAAA;AAAA,QACzB,SAAS,KAAA,CAAM;AAAA,OAChB,CAAA;AAAA,MACD;AAAA,QACE,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,KACF;AAAA,EACF;AACA,EAAA,MAAM,OAAA,GAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,gBAAA;AACzD,EAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO,gBAAA,EAAkB,iBAAA,EAAmB,OAAA,EAAS,CAAA,EAAG;AAAA,IAC3F,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;AArBA,IAAA,mBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,8BAAA,GAAA;AAAA,IAAA,WAAA,EAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACEO,SAAS,eAAA,CACd,IAAA,EACA,GAAA,EACA,SAAA,EACA,gBAAgB,UAAA,EACR;AACR,EAAA,MAAM,KAAA,GAAQ,KAAK,GAAG,CAAA;AACtB,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,CAAC,KAAA,CAAM,MAAK,EAAG;AAC9C,IAAA,MAAM,IAAIA,qBAAA,CAAc,CAAA,EAAG,aAAa,CAAA,SAAA,EAAY,GAAG,CAAA,CAAA,EAAI;AAAA,MACzD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,MAAM,IAAA,EAAK;AACpB;AAEO,SAAS,aAAA,CAAc,MAA+B,SAAA,EAA2B;AACtF,EAAA,MAAM,YAAY,IAAA,CAAK,UAAA;AACvB,EAAA,IAAI,OAAO,cAAc,QAAA,IAAY,CAAC,OAAO,QAAA,CAAS,SAAS,CAAA,IAAK,SAAA,IAAa,CAAA,EAAG;AAClF,IAAA,MAAM,IAAIA,sBAAc,6BAAA,EAA+B;AAAA,MACrD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,SAAS,CAAA;AAC7B;AA3BA,IAAA,gBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,2BAAA,GAAA;AAAA,IAAA,WAAA,EAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACoBO,SAAS,gCAAA,CACd,IAAA,EACA,eAAA,GAAkB,yBAAA,EACC;AACnB,EAAA,MAAM,WAAA,GAAc,eAAA,CAAgB,IAAA,EAAM,cAAA,EAAgB,sBAAsB,gBAAgB,CAAA;AAChG,EAAA,MAAM,SAAA,GAAY,aAAA,CAAc,IAAA,EAAM,oBAAoB,CAAA;AAC1D,EAAA,MAAM,gBAAA,GAAmB,eAAA;AAAA,IACvB,IAAA;AAAA,IACA,kBAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,wBAAA,GAA2B,eAAA;AAAA,IAC/B,IAAA;AAAA,IACA,0BAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF;AACA,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,SAAA,GAAY,MAAM,SAAA,GAAY,GAAA;AACpC,EAAA,MAAM,YAAY,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,SAAA,GAAY,MAAO,eAAe,CAAA;AAErE,EAAA,OAAO;AAAA,IACL,GAAA,EAAK,WAAA;AAAA,IACL,SAAA;AAAA,IACA,SAAA;AAAA,IACA,gBAAA;AAAA,IACA;AAAA,GACF;AACF;AAjDA,IAaM,yBAAA,EACA,oBAAA;AAdN,IAAA,eAAA,GAAA,KAAA,CAAA;AAAA,EAAA,0BAAA,GAAA;AAKA,IAAA,gBAAA,EAAA;AAQA,IAAM,yBAAA,GAA4B,GAAA;AAClC,IAAM,oBAAA,GAAuB,wBAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACStB,SAAS,yCACd,IAAA,EACQ;AACR,EAAA,MAAM,WAAW,IAAA,CAAK,KAAA;AACtB,EAAA,IAAI,QAAA,KAAa,QAAQ,OAAO,QAAA,KAAa,YAAY,CAAC,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACjF,IAAA,MAAM,MAAA,GAAS,QAAA;AACf,IAAA,KAAA,MAAW,GAAA,IAAO,CAAC,aAAA,EAAe,cAAc,CAAA,EAAY;AAC1D,MAAA,MAAM,KAAA,GAAQ,OAAO,GAAG,CAAA;AACxB,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,QAAA,OAAO,MAAM,IAAA,EAAK;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACA,EAAA,KAAA,MAAW,GAAA,IAAO,CAAC,aAAA,EAAe,cAAc,CAAA,EAAY;AAC1D,IAAA,MAAM,KAAA,GAAQ,KAAK,GAAG,CAAA;AACtB,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAK,EAAG;AAC7C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF;AACA,EAAA,MAAM,IAAIA,sBAAc,sDAAA,EAAwD;AAAA,IAC9E,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEO,SAAS,+BAAA,CACd,QACA,OAAA,EACwB;AACxB,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,IAAK,UAAA;AACrC,EAAA,MAAM,IAAA,GAA+B;AAAA,IACnC,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,UAAA,EAAY,QAAA;AAAA,IACZ,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,KAAA;AAAA,IACA,kBAAkB,MAAA,CAAO,gBAAA;AAAA,IACzB,0BAA0B,MAAA,CAAO,wBAAA;AAAA,IACjC,KAAA,EAAO;AAAA,MACL,aAAa,MAAA,CAAO,YAAA;AAAA,MACpB,cAAc,MAAA,CAAO,YAAA;AAAA,MACrB,WAAW,MAAA,CAAO,UAAA;AAAA,MAClB,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,KAAA;AAAA,MACA,kBAAkB,MAAA,CAAO,gBAAA;AAAA,MACzB,0BAA0B,MAAA,CAAO;AAAA;AACnC,GACF;AACA,EAAA,MAAM,SAAA,GAAY,OAAA,EAAS,SAAA,EAAW,IAAA,EAAK;AAC3C,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACA,EAAA,OAAO,IAAA;AACT;AAwCA,eAAsB,+BACpB,OAAA,EACmC;AACnC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAA;AACxD,EAAA,MAAM,EAAA,GAAK,MAAM,uBAAA,CAAwB,SAAA,EAAW,SAAA,EAAW;AAAA,IAC7D,mBAAmB,OAAA,CAAQ;AAAA,GAC5B,CAAA;AACD,EAAA,MAAM,gBAAgB,EAAA,CAAG,cAAA;AACzB,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAIA,sBAAc,mDAAA,EAAqD;AAAA,MAC3E,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAMA,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,IAAK,SAAA;AAC7C,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,IACjC,UAAA,EAAY,oBAAA;AAAA,IACZ,eAAe,OAAA,CAAQ,WAAA;AAAA,IACvB,kBAAA,EAAoB,yBAAA;AAAA,IACpB,QAAA;AAAA,IACA,QAAA,EAAU;AAAA,GACX,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,KAAA,CAAM,MAAM,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,aAAA,EAAe;AAAA,IAC9C,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,mCAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,OAAO,QAAA,EAAS;AAAA,IACtB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,sCAAA;AAAA,IACpB,eAAA,EAAiB,wBAAA;AAAA,IACjB,YAAA,EAAc,4BAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,iCAAiC,MAAM,CAAA;AACtD,EAAA,OAAO;AAAA,IACL,cAAc,MAAA,CAAO,GAAA;AAAA,IACrB,UAAA,EAAY,aAAA,CAAc,MAAA,EAAQ,uBAAuB,CAAA;AAAA,IACzD,KAAA,EAAO,eAAA,CAAgB,MAAA,EAAQ,OAAA,EAAS,uBAAuB,CAAA;AAAA,IAC/D,kBAAkB,MAAA,CAAO,gBAAA;AAAA,IACzB,0BAA0B,MAAA,CAAO;AAAA,GACnC;AACF;AA7KA,IAmBM,sBACA,yBAAA,EACA,uBAAA;AArBN,IAAA,oBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,+BAAA,GAAA;AAAA,IAAA,cAAA,EAAA;AACA,IAAA,aAAA,EAAA;AACA,IAAA,WAAA,EAAA;AACA,IAAA,iBAAA,EAAA;AACA,IAAA,eAAA,EAAA;AACA,IAAA,gBAAA,EAAA;AAEA,IAAA,eAAA,EAAA;AAYA,IAAM,oBAAA,GAAuB,iDAAA;AAC7B,IAAM,yBAAA,GAA4B,+CAAA;AAClC,IAAM,uBAAA,GAA0B,2BAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACrBhC,IAAA,wBAAA,GAAA,EAAA;AAAA,QAAA,CAAA,wBAAA,EAAA;AAAA,EAAA,2BAAA,EAAA,MAAA,2BAAA;AAAA,EAAA,uBAAA,EAAA,MAAA,uBAAA;AAAA,EAAA,2BAAA,EAAA,MAAA,2BAAA;AAAA,EAAA,6BAAA,EAAA,MAAA,6BAAA;AAAA,EAAA,8BAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAmBA,eAAsB,+BACpB,OAAA,EACoC;AACpC,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI;AACF,IAAA,IAAA,GAAO,MAAM,QAAQ,IAAA,EAAK;AAAA,EAC5B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAIA,sBAAc,2BAAA,EAA6B;AAAA,MACnD,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,IAAI,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AACpE,IAAA,MAAM,IAAIA,sBAAc,oCAAA,EAAsC;AAAA,MAC5D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,YAAY,MAAA,CAAO,MAAA;AACzB,EAAA,IAAI,OAAO,SAAA,KAAc,QAAA,IAAY,CAAC,SAAA,CAAU,MAAK,EAAG;AACtD,IAAA,MAAM,IAAIA,sBAAc,kCAAA,EAAoC;AAAA,MAC1D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AACA,EAAA,MAAM,KAAA,GACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,MAAA;AACN,EAAA,MAAM,QAAA,GACJ,OAAO,MAAA,CAAO,QAAA,KAAa,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACxD,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GACrB,MAAA;AACN,EAAA,OAAO,EAAE,MAAA,EAAQ,SAAA,CAAU,IAAA,EAAK,EAAG,OAAO,QAAA,EAAS;AACrD;AAEA,eAAsB,8BAA8B,KAAA,EAMqB;AACvE,EAAA,MAAM,SAAA,GAAY,MAAM,KAAA,IAAS,KAAA;AACjC,EAAA,MAAM,YAAA,GAAe,4BAAA,CAA6B,KAAA,CAAM,SAAS,CAAA;AACjE,EAAA,MAAM,MAAM,CAAA,EAAG,YAAY,gBAAgB,kBAAA,CAAmB,KAAA,CAAM,cAAc,CAAC,CAAA,mBAAA,CAAA;AACnF,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,MAAM,CAAA,CAAA;AAAA,MACrC,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAA,CAAM,KAAA,GAAQ,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI,EAAE,CAAA;AAAA,IAC9D,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,8CAAA;AAAA,IACpB,eAAA,EAAiB,wBAAA;AAAA,IACjB,YAAA,EAAc,+BAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,cAAc,MAAA,CAAO,YAAA;AAC3B,EAAA,IAAI,OAAO,WAAA,KAAgB,QAAA,IAAY,CAAC,WAAA,CAAY,MAAK,EAAG;AAC1D,IAAA,MAAM,IAAIA,sBAAc,6CAAA,EAA+C;AAAA,MACrE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAMK;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,SAAA,GACJ,OAAO,MAAA,CAAO,UAAA,KAAe,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,GACtE,MAAA,CAAO,UAAA,GACP,GAAA;AACN,EAAA,MAAM,QACJ,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,OAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,MAAM,IAAA,EAAK,GAClB,KAAA,CAAM,KAAA,EAAO,MAAK,IAAK,UAAA;AAE7B,EAAA,OAAO;AAAA,IACL,YAAA,EAAc,YAAY,IAAA,EAAK;AAAA,IAC/B,UAAA,EAAY,SAAA;AAAA,IACZ;AAAA,GACF;AACF;AAEA,eAAsB,4BAA4B,KAAA,EAUZ;AACpC,EAAA,MAAM,SAAA,GAAY,MAAM,6BAAA,CAA8B;AAAA,IACpD,WAAW,KAAA,CAAM,SAAA;AAAA,IACjB,gBAAgB,KAAA,CAAM,cAAA;AAAA,IACtB,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,OAAO,KAAA,CAAM;AAAA,GACd,CAAA;AAED,EAAA,OAAO,8BAAA,CAA+B;AAAA,IACpC,WAAW,KAAA,CAAM,SAAA;AAAA,IACjB,aAAa,KAAA,CAAM,WAAA;AAAA,IACnB,iBAAiB,KAAA,CAAM,eAAA;AAAA,IACvB,aAAa,SAAA,CAAU,YAAA;AAAA,IACvB,OAAO,SAAA,CAAU,KAAA;AAAA,IACjB,UAAU,KAAA,CAAM,QAAA;AAAA,IAChB,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,mBAAmB,KAAA,CAAM;AAAA,GAC1B,CAAA;AACH;AAEA,eAAsB,wBACpB,OAAA,EACiC;AACjC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAC,CAAA,4BAAA,CAAA;AACtD,EAAA,MAAM,IAAA,GAA+B,EAAE,MAAA,EAAQ,OAAA,CAAQ,MAAA,EAAO;AAC9D,EAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,IAAA,EAAK,EAAG;AACzB,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,IAAA,EAAK;AAAA,EAClC;AACA,EAAA,IAAI,OAAA,CAAQ,QAAA,EAAU,IAAA,EAAK,EAAG;AAC5B,IAAA,IAAA,CAAK,QAAA,GAAW,OAAA,CAAQ,QAAA,CAAS,IAAA,EAAK;AAAA,EACxC;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,MAAA,GAAS,MAAM,0BAAA,CAA2B,QAAA,EAAU;AAAA,IACxD,kBAAA,EAAoB,wCAAA;AAAA,IACpB,eAAA,EAAiBA,wBAAAA;AAAA,IACjB,YAAA,EAAc,yBAAA;AAAA,IACd,gBAAA,EAAkB;AAAA,GACnB,CAAA;AAED,EAAA,MAAM,WAAA,GAAc,yCAAyC,MAAM,CAAA;AACnE,EAAA,MAAM,YAAA,GAAe,MAAA,CAAO,SAAA,IAAa,MAAA,CAAO,UAAA;AAChD,EAAA,MAAM,SAAA,GACJ,OAAO,YAAA,KAAiB,QAAA,IAAY,aAAa,IAAA,EAAK,GAAI,YAAA,CAAa,IAAA,EAAK,GAAI,MAAA;AAElF,EAAA,OAAO,+BAAA;AAAA,IACL;AAAA,MACE,YAAA,EAAc,WAAA;AAAA,MACd,UAAA,EACE,OAAO,MAAA,CAAO,UAAA,KAAe,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,GACtE,MAAA,CAAO,UAAA,GACP,IAAA;AAAA,MACN,KAAA,EACE,OAAO,MAAA,CAAO,KAAA,KAAU,QAAA,IAAY,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClD,MAAA,CAAO,KAAA,CAAM,IAAA,EAAK,GAClB,UAAA;AAAA,MACN,kBACE,OAAO,MAAA,CAAO,gBAAA,KAAqB,QAAA,GAAW,OAAO,gBAAA,GAAmB,GAAA;AAAA,MAC1E,0BACE,OAAO,MAAA,CAAO,wBAAA,KAA6B,QAAA,GACvC,OAAO,wBAAA,GACP;AAAA,KACR;AAAA,IACA,EAAE,SAAA;AAAU,GACd;AACF;AAEO,SAAS,4BACd,MAAA,EACyC;AACzC,EAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,cAAA,CAAe,IAAA,EAAK;AAElD,EAAA,OAAO,eAAe,sBAAsB,OAAA,EAAqC;AAC/E,IAAA,IAAI;AACF,MAAA,IAAI,OAAA,CAAQ,WAAW,MAAA,EAAQ;AAC7B,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,oBAAA,EAAsB,CAAA,EAAG;AAAA,UACnE,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,8BAAA,CAA+B,OAAO,CAAA;AAC3D,MAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,QAAA,EAAU,IAAA,EAAK,IAAK,cAAA;AACrD,MAAA,IAAI,sBAAsB,cAAA,EAAgB;AACxC,QAAA,MAAM,IAAIL,sBAAc,kDAAA,EAAoD;AAAA,UAC1E,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA,SACP,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,2BAAA,CAA4B;AAAA,QAC/C,WAAW,MAAA,CAAO,SAAA;AAAA,QAClB,cAAA;AAAA,QACA,aAAa,MAAA,CAAO,WAAA;AAAA,QACpB,iBAAiB,MAAA,CAAO,eAAA;AAAA,QACxB,QAAQ,MAAA,CAAO,MAAA;AAAA,QACf,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,UAAU,MAAA,CAAO,QAAA;AAAA,QACjB,OAAO,MAAA,CAAO,KAAA;AAAA,QACd,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAED,MAAA,MAAM,cAAA,GACJ,OAAO,MAAA,CAAO,SAAA,KAAc,QAAA,IAAY,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,GAC1D,MAAA,CAAO,SAAA,CAAU,IAAA,EAAK,GACtB,KAAA,CAAA;AAEN,MAAA,MAAM,OAAO,+BAAA,CAAgC,MAAA,EAAQ,EAAE,SAAA,EAAW,gBAAgB,CAAA;AAClF,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,QACxC,MAAA,EAAQ,GAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,eAAA,EAAiB;AAAA;AACnB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,2BAA2B,KAAK,CAAA;AAAA,IACzC;AAAA,EACF,CAAA;AACF;AAxPA,IAiBMK,wBAAAA;AAjBN,IAAA,qBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,gCAAA,GAAA;AAAA,IAAA,iBAAA,EAAA;AACA,IAAA,WAAA,EAAA;AACA,IAAA,eAAA,EAAA;AACA,IAAA,mBAAA,EAAA;AACA,IAAA,oBAAA,EAAA;AAaA,IAAMA,wBAAAA,GAA0B,2BAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;AChBzB,IAAM,qBAAA,GAAwB;AAErC,IAAM,oBAAA,GAAuB,CAAA;AAG7B,SAAS,sBAAsB,KAAA,EAAuB;AACpD,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,aAAa,EAAA,EAAI;AACnB,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,MAAM,KAAA,CAAM,MAAA;AAChB,EAAA,OAAO,MAAM,QAAA,GAAW,CAAA,IAAK,MAAM,GAAA,GAAM,CAAC,MAAM,GAAA,EAAK;AACnD,IAAA,GAAA,IAAO,CAAA;AAAA,EACT;AACA,EAAA,IAAI,GAAA,KAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,GAAA,GAAM,QAAA;AAAA,EACR;AACA,EAAA,MAAM,OAAA,GAAU,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAClC,EAAA,OAAO,OAAA,CAAQ,MAAA,GAAS,CAAA,GAAI,OAAA,GAAU,GAAA;AACxC;AAEO,SAAS,oBAAA,GAA+B;AAC7C,EAAA,OAAO,oBAAoB,qBAAqB,CAAA;AAClD;AAEO,SAAS,oBAAoB,KAAA,EAAuB;AACzD,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,IAAK,QAAQ,CAAA,EAAG;AACxC,IAAA,OAAO,oBAAA,EAAqB;AAAA,EAC9B;AACA,EAAA,OAAO,qBAAA,CAAsB,KAAA,CAAM,OAAA,CAAQ,oBAAoB,CAAC,CAAA;AAClE;AAEO,SAAS,mBAAmB,GAAA,EAA+C;AAChF,EAAA,IAAI,GAAA,KAAQ,IAAA,IAAQ,GAAA,KAAQ,MAAA,EAAW;AACrC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,EAAK;AACjC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,CAAA,GAAI,OAAO,OAAO,CAAA;AACxB,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,IAAK,IAAI,CAAA,EAAG;AAChC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,oBAAoB,CAAC,CAAA;AAC9B;AAGO,SAAS,6BAA6B,aAAA,EAA+B;AAC1E,EAAA,MAAM,GAAA,GAAM,OAAO,QAAA,CAAS,aAAa,IAAI,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,aAAa,CAAA,GAAI,CAAA;AAC1E,EAAA,OAAO,mBAAA,CAAoB,qBAAA,IAAyB,CAAA,GAAI,GAAA,GAAM,GAAA,CAAI,CAAA;AACpE;AAGO,SAAS,6BAA6B,GAAA,EAAwC;AACnF,EAAA,MAAM,IAAA,GAAO,mBAAmB,GAAG,CAAA;AACnC,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,MAAM,CAAA,GAAI,OAAO,IAAI,CAAA;AACrB,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,IAAK,KAAK,qBAAA,EAAuB;AACrD,IAAA,OAAO,CAAA,KAAM,wBAAwB,GAAA,GAAM,EAAA;AAAA,EAC7C;AACA,EAAA,MAAM,GAAA,GAAA,CAAO,CAAA,GAAI,qBAAA,GAAwB,CAAA,IAAK,GAAA;AAC9C,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,GAAG,CAAA,IAAK,OAAO,CAAA,EAAG;AACrC,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,OAAO,GAAA,GAAM,CAAA,KAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,KAAA,CAAM,GAAG,CAAC,CAAA,GAAI,GAAA,CAAI,OAAA,CAAQ,CAAC,CAAA;AAChE;AAEO,SAAS,wBAAwB,GAAA,EAAwC;AAC9E,EAAA,MAAM,IAAA,GAAO,mBAAmB,GAAG,CAAA;AACnC,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAI,CAAA,GAAI,GAAA;AAC5B,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,IAAI,CAAA,EAAG;AAC1B,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA,CAAK,QAAQ,CAAC,CAAA;AACvB;AAEO,SAAS,wBAAwB,GAAA,EAA4B;AAClE,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,EAAK;AACzB,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,CAAA,GAAI,OAAO,OAAO,CAAA;AACxB,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,IAAK,IAAI,CAAA,EAAG;AAChC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,CAAA;AACT;AAGO,SAAS,8BAAA,CACd,qBACA,aAAA,EACQ;AACR,EAAA,MAAM,eAAA,GAAkB,qBAAA;AACxB,EAAA,MAAM,MAAA,GAAS,OAAO,aAAa,CAAA;AACnC,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,MAAM,CAAA,IAAK,UAAU,CAAA,EAAG;AAC3C,IAAA,OAAO,mBAAA;AAAA,EACT;AACA,EAAA,MAAM,QAAQ,MAAA,GAAS,eAAA;AACvB,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,IAAK,SAAS,CAAA,EAAG;AACzC,IAAA,OAAO,mBAAA;AAAA,EACT;AACA,EAAA,OAAQ,sBAAsB,MAAA,CAAO,IAAA,CAAK,MAAM,KAAA,GAAQ,GAAS,CAAC,CAAA,GAAK,QAAA;AACzE;;;AC9GA,aAAA,EAAA;AACA,WAAA,EAAA;AACA,iBAAA,EAAA;AAqBO,SAAS,8BAA8B,KAAA,EAIlB;AAC1B,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,MAAM,QAAA,CAAS,SAAA;AAAA,IAC1B,gBAAgB,KAAA,CAAM,cAAA;AAAA,IACtB,mBAAA,EAAqB,KAAA,CAAM,QAAA,CAAS,oBAAA,CAAqB,QAAA,EAAS;AAAA,IAClE,MAAA,EAAQ,MAAM,QAAA,CAAS,cAAA;AAAA,IACvB,MAAA,EAAQ,MAAM,QAAA,CAAS,MAAA;AAAA,IACvB,QAAA,EAAU,MAAM,QAAA,CAAS,QAAA;AAAA,IACzB,OAAA,EAAS,MAAM,QAAA,CAAS,OAAA;AAAA,IACxB,kBAAkB,KAAA,CAAM,gBAAA;AAAA,IACxB,WAAA,EAAa,MAAM,QAAA,CAAS,WAAA;AAAA,IAC5B,aAAA,EAAe,MAAM,QAAA,CAAS,aAAA;AAAA,IAC9B,gBAAA,EAAkB,MAAM,QAAA,CAAS;AAAA,GACnC;AACF;AAEA,SAAS,SAAA,CAAU,WAAmB,cAAA,EAAgC;AACpE,EAAA,MAAM,SAAS,IAAI,GAAA,CAAI,oBAAA,CAAqB,SAAS,CAAC,CAAA,CAAE,MAAA;AACxD,EAAA,OAAO,CAAA,EAAG,MAAM,CAAA,aAAA,EAAgB,kBAAA,CAAmB,cAAc,CAAC,CAAA,qBAAA,CAAA;AACpE;AAEA,eAAe,iBAAiB,QAAA,EAAsD;AACpF,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,EAAA,IAAI,CAAC,IAAA,CAAK,IAAA,EAAK,EAAG;AAChB,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAkB,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AACvC,IAAA,OAAO,OAAO,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,IAAA,IAAQ,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,GACxE,MAAA,GACD,EAAC;AAAA,EACP,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAC;AAAA,EACV;AACF;AAEA,eAAsB,mBACpB,OAAA,EACmC;AACnC,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,SAAA,CAAU,OAAA,CAAQ,SAAA,EAAW,QAAQ,cAAc,CAAA;AAC/D,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,MAAM,CAAA;AAAA,IACnC,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,IAAA,GAAO,MAAM,gBAAA,CAAiB,QAAQ,CAAA;AAC5C,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,OAAA,GACJ,OAAO,IAAA,CAAK,KAAA,KAAU,WAClB,IAAA,CAAK,KAAA,GACL,CAAA,6BAAA,EAAgC,QAAA,CAAS,MAAM,CAAA,CAAA,CAAA;AACrD,IAAA,MAAM,IAAIL,sBAAc,OAAA,EAAS;AAAA,MAC/B,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,IAAA,EAAM,eAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,QAAA,EAAU,OAAA,CAAQ,IAAA,CAAK,QAAQ,CAAA;AAAA,IAC/B,SAAA,EAAW,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA;AAAA,IACjC,MAAA,EAAQ,IAAA,CAAK,MAAA,KAAW,WAAA,GAAc,WAAA,GAAc;AAAA,GACtD;AACF;AAEA,eAAsB,yBACpB,OAAA,EAC8F;AAC9F,EAAA,MAAM,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AACnC,EAAA,MAAM,GAAA,GAAM,SAAA,CAAU,OAAA,CAAQ,SAAA,EAAW,QAAQ,cAAc,CAAA;AAC/D,EAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACpC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,aAAA,EAAe,uBAAA,CAAwB,OAAA,CAAQ,WAAA,EAAa,QAAQ,eAAe,CAAA;AAAA,MACnF,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,OAAA,CAAQ,SAAS,CAAA;AAAA,IACjD,KAAA,EAAO;AAAA,GACR,CAAA;AAED,EAAA,MAAM,IAAA,GAAO,MAAM,gBAAA,CAAiB,QAAQ,CAAA;AAC5C,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,OAAA,GACJ,OAAO,IAAA,CAAK,KAAA,KAAU,WAClB,IAAA,CAAK,KAAA,GACL,CAAA,mCAAA,EAAsC,QAAA,CAAS,MAAM,CAAA,CAAA,CAAA;AAC3D,IAAA,MAAM,IAAIA,sBAAc,OAAA,EAAS;AAAA,MAC/B,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,IAAA,EAAM,eAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAA,GAAI,IAAA,CAAK,UAAU,EAAC;AACjE,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,UAAA,CAAW,GAAA,CAAI,CAAC,KAAA,KAAU;AACjC,MAAA,MAAM,GAAA,GAAO,SAAS,EAAC;AACvB,MAAA,OAAO;AAAA,QACL,WAAW,OAAO,GAAA,CAAI,SAAA,KAAc,QAAA,GAAW,IAAI,SAAA,GAAY,MAAA;AAAA,QAC/D,EAAA,EAAI,IAAI,EAAA,KAAO,IAAA;AAAA,QACf,QAAA,EAAU,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AAAA,QAC9B,SAAA,EAAW,OAAA,CAAQ,GAAA,CAAI,SAAS,CAAA;AAAA,QAChC,MAAA,EAAQ,GAAA,CAAI,MAAA,KAAW,WAAA,GAAc,WAAA,GAAc;AAAA,OACrD;AAAA,IACF,CAAC;AAAA,GACH;AACF;;;ACpIA,SAAS,eAAA,CAAgB,KAAA,EAAiC,QAAA,GAAW,EAAA,EAAY;AAC/E,EAAA,IAAI;AACF,IAAA,OAAO,OAAO,KAAK,CAAA;AAAA,EACrB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,QAAA;AAAA,EACT;AACF;AAGO,SAAS,4BAAA,CAA6B,GAAA,mBAAY,IAAI,IAAA,EAAK,EAGhE;AACA,EAAA,MAAM,CAAA,GAAI,IAAI,cAAA,EAAe;AAC7B,EAAA,MAAM,CAAA,GAAI,IAAI,WAAA,EAAY;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAC,CAAC,CAAA;AACpD,EAAA,MAAM,GAAA,GAAM,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,CAAA,GAAI,CAAA,EAAG,CAAA,EAAG,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAC,CAAA;AAC3D,EAAA,OAAO,EAAE,WAAW,KAAA,CAAM,WAAA,IAAe,OAAA,EAAS,GAAA,CAAI,aAAY,EAAE;AACtE;AAMO,SAAS,oBAAoB,GAAA,EAAmC;AACrE,EAAA,IAAI,GAAA,IAAO,MAAM,OAAO,IAAA;AACxB,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,EAAK;AACzB,EAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,EAAA,MAAM,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA;AAC5B,EAAA,IAAI,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA,EAAG,OAAO,IAAA;AAC5B,EAAA,OAAO,OAAA;AACT;AAQO,SAAS,8BAAA,CACd,QACA,cAAA,EACsB;AACtB,EAAA,MAAM,IAAA,GAAO,QAAQ,MAAA,CAAO,CAAC,QAAQ,GAAA,CAAI,cAAA,KAAmB,cAAc,CAAA,IAAK,EAAC;AAChF,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,OAAO;AAAA,MACL,cAAA;AAAA,MACA,YAAA,EAAc,CAAA;AAAA,MACd,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,IAAI,YAAA,GAAe,CAAA;AACnB,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,IAAI,IAAI,MAAA,EAAQ;AACd,MAAA,MAAA,IAAU,MAAA,CAAO,IAAI,MAAM,CAAA;AAAA,IAC7B;AACA,IAAA,YAAA,IAAgB,GAAA,CAAI,YAAA;AAAA,EACtB;AAEA,EAAA,OAAO;AAAA,IACL,cAAA;AAAA,IACA,YAAA;AAAA,IACA,MAAA,EAAQ,OAAO,QAAA;AAAS,GAC1B;AACF;AAKO,SAAS,6BAAA,CACd,OACA,cAAA,EACsB;AACtB,EAAA,OAAO,8BAAA,CAA+B,KAAA,CAAM,MAAA,EAAQ,cAAc,CAAA;AACpE;AAKO,SAAS,yBAAyB,KAAA,EAAyB;AAChE,EAAA,MAAM,IAAA,GAAO,KAAA,CAAM,eAAA,IAAmB,EAAC;AACvC,EAAA,OAAO,CAAC,GAAG,IAAI,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM;AAC9B,IAAA,MAAM,CAAA,GAAI,CAAA,CAAE,QAAA,CAAS,aAAA,CAAc,EAAE,QAAQ,CAAA;AAC7C,IAAA,IAAI,CAAA,KAAM,GAAG,OAAO,CAAA;AACpB,IAAA,OAAO,CAAA,CAAE,OAAA,CAAQ,aAAA,CAAc,CAAA,CAAE,OAAO,CAAA;AAAA,EAC1C,CAAC,CAAA;AACH;AAGO,SAAS,4BAAA,CACd,OACA,cAAA,EACU;AACV,EAAA,MAAM,OAAA,uBAAc,GAAA,EAAY;AAChC,EAAA,KAAA,MAAW,GAAA,IAAO,KAAA,CAAM,MAAA,IAAU,EAAC,EAAG;AACpC,IAAA,IAAI,GAAA,CAAI,cAAA,KAAmB,cAAA,IAAkB,GAAA,CAAI,cAAc,SAAA,EAAW;AACxE,MAAA,OAAA,CAAQ,GAAA,CAAI,IAAI,SAAS,CAAA;AAAA,IAC3B;AAAA,EACF;AACA,EAAA,OAAO,CAAC,GAAG,OAAO,CAAA;AACpB;AAGO,IAAM,oCAAA,GAAuC;AAY7C,SAAS,iCAAA,CACd,aACA,cAAA,EACkB;AAClB,EAAA,MAAM,IAAA,GAAO,WAAA,CAAY,MAAA,IAAU,EAAC;AACpC,EAAA,IAAI,YAAA,GAAe,CAAA;AACnB,EAAA,IAAI,mBAAA,GAAsB,EAAA;AAC1B,EAAA,IAAI,oBAAA,GAAuB,EAAA;AAC3B,EAAA,IAAI,wBAAA,GAA2B,EAAA;AAC/B,EAAA,IAAI,QAAA,GAAW,KAAA;AAEf,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,IAAI,GAAA,CAAI,mBAAmB,cAAA,EAAgB;AAC3C,IAAA,YAAA,IAAgB,GAAA,CAAI,YAAA;AACpB,IAAA,IAAI,GAAA,CAAI,QAAA,EAAU,QAAA,GAAW,GAAA,CAAI,QAAA;AACjC,IAAA,IAAI,IAAI,mBAAA,EAAqB;AAC3B,MAAA,mBAAA,IAAuB,MAAA,CAAO,IAAI,mBAAmB,CAAA;AAAA,IACvD;AACA,IAAA,IAAI,IAAI,oBAAA,EAAsB;AAC5B,MAAA,oBAAA,IAAwB,MAAA,CAAO,IAAI,oBAAoB,CAAA;AAAA,IACzD;AACA,IAAA,IAAI,IAAI,wBAAA,EAA0B;AAChC,MAAA,wBAAA,IAA4B,MAAA,CAAO,IAAI,wBAAwB,CAAA;AAAA,IACjE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,cAAA;AAAA,IACA,YAAA;AAAA,IACA,QAAA;AAAA,IACA,mBAAA,EAAqB,oBAAoB,QAAA,EAAS;AAAA,IAClD,oBAAA,EAAsB,qBAAqB,QAAA,EAAS;AAAA,IACpD,wBAAA,EAA0B,yBAAyB,QAAA;AAAS,GAC9D;AACF;AAGO,SAAS,0BACd,mBAAA,EAC+B;AAC/B,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,mBAAmB,CAAA,EAAG;AACtC,IAAA,SAAA,GAAY,mBAAA;AAAA,EACd,WAAW,mBAAA,EAAqB;AAC9B,IAAA,SAAA,GAAY,CAAC,mBAAmB,CAAA;AAAA,EAClC,CAAA,MAAO;AACL,IAAA,SAAA,GAAY,EAAC;AAAA,EACf;AACA,EAAA,MAAM,KAAA,uBAAY,GAAA,EAAyC;AAE3D,EAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,IAAA,KAAA,MAAW,GAAA,IAAO,QAAA,CAAS,eAAA,IAAmB,EAAC,EAAG;AAChD,MAAA,MAAM,EAAE,QAAA,EAAU,OAAA,EAAQ,GAAI,GAAA;AAC9B,MAAA,IAAI,CAAC,QAAA,IAAY,CAAC,OAAA,EAAS;AAC3B,MAAA,MAAM,MAAM,IAAA,CAAK,SAAA,CAAU,CAAC,QAAA,EAAU,OAAO,CAAC,CAAA;AAC9C,MAAA,MAAM,QAAA,GAAW,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAC9B,MAAA,MAAM,WAAA,GAAc,IAAI,QAAA,IAAY,KAAA;AAEpC,MAAA,MAAM,UAAA,GAAa,IAAI,mBAAA,IAAuB,GAAA;AAC9C,MAAA,MAAM,WAAA,GAAc,IAAI,oBAAA,IAAwB,GAAA;AAChD,MAAA,MAAM,eAAA,GAAkB,IAAI,wBAAA,IAA4B,GAAA;AAExD,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,KAAA,CAAM,IAAI,GAAA,EAAK;AAAA,UACb,QAAA;AAAA,UACA,OAAA;AAAA,UACA,cAAc,GAAA,CAAI,YAAA;AAAA,UAClB,QAAA,EAAU,WAAA;AAAA,UACV,mBAAA,EAAqB,UAAA;AAAA,UACrB,oBAAA,EAAsB,WAAA;AAAA,UACtB,wBAAA,EAA0B;AAAA,SAC3B,CAAA;AACD,QAAA;AAAA,MACF;AACA,MAAA,KAAA,CAAM,IAAI,GAAA,EAAK;AAAA,QACb,GAAG,QAAA;AAAA,QACH,YAAA,EAAc,QAAA,CAAS,YAAA,GAAe,GAAA,CAAI,YAAA;AAAA,QAC1C,mBAAA,EAAA,CACE,gBAAgB,QAAA,CAAS,mBAAmB,IAAI,eAAA,CAAgB,UAAU,GAC1E,QAAA,EAAS;AAAA,QACX,oBAAA,EAAA,CACE,gBAAgB,QAAA,CAAS,oBAAoB,IAAI,eAAA,CAAgB,WAAW,GAC5E,QAAA,EAAS;AAAA,QACX,wBAAA,EAAA,CACE,gBAAgB,QAAA,CAAS,wBAAwB,IAAI,eAAA,CAAgB,eAAe,GACpF,QAAA;AAAS,OACZ,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,OAAO,CAAC,GAAG,KAAA,CAAM,MAAA,EAAQ,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM;AACxC,IAAA,IAAI,CAAA,CAAE,aAAa,CAAA,CAAE,QAAA,SAAiB,CAAA,CAAE,OAAA,CAAQ,aAAA,CAAc,CAAA,CAAE,OAAO,CAAA;AACvE,IAAA,OAAO,CAAA,CAAE,QAAA,CAAS,aAAA,CAAc,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC5C,CAAC,CAAA;AACH;AAGO,SAAS,wBAAA,CACd,WAAA,EACA,cAAA,EACA,kBAAA,EACA,UAAA,EACqB;AACrB,EAAA,MAAM,OAAA,GAAU,iCAAA,CAAkC,WAAA,EAAa,cAAc,CAAA;AAC7E,EAAA,MAAM,cAAA,GAAiB,0BAA0B,kBAAkB,CAAA;AACnE,EAAA,MAAM,eAAA,GAA2C,UAAA,EAAY,eAAA,IAAmB,EAAC;AACjF,EAAA,OAAO;AAAA,IACL,UAAU,WAAA,CAAY,QAAA;AAAA,IACtB,QAAQ,WAAA,CAAY,MAAA;AAAA,IACpB,WAAA,EAAa;AAAA,MACX,gBAAgB,OAAA,CAAQ,cAAA;AAAA,MACxB,cAAc,OAAA,CAAQ,YAAA;AAAA,MACtB,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,qBAAqB,OAAA,CAAQ,mBAAA;AAAA,MAC7B,sBAAsB,OAAA,CAAQ,oBAAA;AAAA,MAC9B,0BAA0B,OAAA,CAAQ,wBAAA;AAAA,MAClC,cAAA;AAAA,MACA;AAAA;AACF,GACF;AACF;AAGO,IAAM,wBAAA,GAA2B;;;AC9OxC,aAAA,EAAA;AACA,cAAA,EAAA;AACA,WAAA,EAAA;ACTO,SAAS,yBAAyB,IAAA,EAAoC;AAC3E,EAAA,IAAI,CAAC,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG;AAC5D,IAAA,OAAO,EAAE,YAAA,EAAc,EAAC,EAAG,oBAAA,EAAsB,EAAC,EAAE;AAAA,EACtD;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,MAAM,YAAA,GAAe,oBAAA,CAAqB,MAAA,CAAO,YAAY,CAAA;AAC7D,EAAA,MAAM,oBAAA,GAAuB,oBAAA,CAAqB,MAAA,CAAO,oBAAoB,CAAA;AAC7E,EAAA,MAAM,eAAA,GACJ,OAAO,MAAA,CAAO,eAAA,KAAoB,QAAA,IAAY,MAAA,CAAO,eAAA,CAAgB,IAAA,EAAK,GACtE,MAAA,CAAO,eAAA,CAAgB,IAAA,EAAK,GAC5B,MAAA;AACN,EAAA,OAAO,EAAE,YAAA,EAAc,oBAAA,EAAsB,eAAA,EAAgB;AAC/D;AAEA,SAAS,qBAAqB,GAAA,EAAuC;AACnE,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,SAAU,EAAC;AACjC,EAAA,OAAO,GAAA,CAAI,MAAA;AAAA,IACT,CAAC,CAAA,KACC,CAAC,CAAC,KACF,OAAO,CAAA,KAAM,QAAA,IACb,OAAQ,CAAA,CAA6B,QAAA,KAAa,QAAA,IAClD,OAAQ,EAA4B,OAAA,KAAY;AAAA,GACpD;AACF;AAEA,SAAS,WAAW,IAAA,EAAwD;AAC1E,EAAA,OAAO,CAAC,GAAG,IAAI,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM;AAC9B,IAAA,MAAM,CAAA,GAAI,CAAA,CAAE,QAAA,CAAS,aAAA,CAAc,EAAE,QAAQ,CAAA;AAC7C,IAAA,OAAO,MAAM,CAAA,GAAI,CAAA,CAAE,QAAQ,aAAA,CAAc,CAAA,CAAE,OAAO,CAAA,GAAI,CAAA;AAAA,EACxD,CAAC,CAAA;AACH;AAEO,SAAS,wBACd,IAAA,EAIQ;AACR,EAAA,IAAI,QAAQ,IAAA,EAAM;AAChB,IAAA,OAAO,aAAA;AAAA,EACT;AACA,EAAA,IAAI,IAAA,CAAK,eAAA,EAAiB,IAAA,EAAK,EAAG;AAChC,IAAA,OAAO,IAAA,CAAK,gBAAgB,IAAA,EAAK;AAAA,EACnC;AACA,EAAA,MAAM,IAAA,GAAO,UAAA,CAAW,IAAA,CAAK,YAAA,IAAgB,EAAE,CAAA;AAC/C,EAAA,MAAM,IAAA,GAAO,UAAA,CAAW,IAAA,CAAK,oBAAA,IAAwB,EAAE,CAAA;AACvD,EAAA,IAAI,IAAA,CAAK,MAAA,KAAW,CAAA,IAAK,IAAA,CAAK,WAAW,CAAA,EAAG;AAC1C,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAOM,kBAAW,QAAQ,CAAA,CACvB,OAAO,IAAA,CAAK,SAAA,CAAU,EAAE,YAAA,EAAc,IAAA,EAAM,sBAAsB,IAAA,EAAM,CAAC,CAAA,CACzE,MAAA,CAAO,KAAK,CAAA,CACZ,KAAA,CAAM,GAAG,EAAE,CAAA;AAChB;;;AD1CA,iBAAA,EAAA;;;AERO,IAAM,qBAAA,GAAwB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAElD,IAAM,6BAAA,GAAgC,IAAA,CAAK,KAAA,CAAM,qBAAA,GAAwB,GAAI;AAG7E,IAAM,cAAA,GAAiB;AAGvB,IAAM,+BAAA,GAAkC;AAaxC,SAAS,2BAA2B,KAAA,EAA4B;AACrE,EAAA,MAAM,YAAY,KAAA,YAAiB,IAAA,GAAO,KAAA,GAAQ,IAAI,KAAK,KAAK,CAAA;AAChE,EAAA,OAAO,IAAI,IAAA,CAAK,SAAA,CAAU,OAAA,KAAY,qBAAqB,CAAA;AAC7D;AAGO,IAAM,sBAAA,GAAyB;AAM/B,SAAS,gBAAgB,QAAA,EAA2B;AACzD,EAAA,MAAM,CAAA,GAAI,SAAS,IAAA,EAAK;AACxB,EAAA,OAAO,CAAA,CAAE,WAAW,KAAK,CAAA,IAAK,EAAE,KAAA,CAAM,GAAG,EAAE,MAAA,IAAU,CAAA;AACvD;AAGO,SAAS,2BAA2B,QAAA,EAA2B;AACpE,EAAA,MAAM,CAAA,GAAI,SAAS,IAAA,EAAK;AACxB,EAAA,OAAO,CAAA,CAAE,MAAA,GAAS,CAAA,IAAK,CAAC,gBAAgB,CAAC,CAAA;AAC3C;AAEA,SAAS,uBAAuB,UAAA,EAA4B;AAC1D,EAAA,MAAM,UAAA,GAAa,WAAW,UAAA,CAAW,GAAA,EAAK,GAAG,CAAA,CAAE,UAAA,CAAW,KAAK,GAAG,CAAA;AACtE,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,WAAW,MAAA,GAAS,CAAC,CAAA,GAAI,CAAA,EAAG,GAAG,CAAA;AAC1E,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,OAAO,OAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA,CAAE,SAAS,MAAM,CAAA;AAAA,EACtD;AACA,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;AASO,SAAS,aAAa,QAAA,EAA+B;AAC1D,EAAA,IAAI;AACF,IAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AAChC,IAAA,IAAI,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG,OAAO,IAAA;AAC7B,IAAA,MAAM,WAAA,GAAc,sBAAA,CAAuB,KAAA,CAAM,CAAC,CAAC,CAAA;AACnD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AACtC,IAAA,IAAI,OAAO,OAAA,CAAQ,GAAA,KAAQ,QAAA,IAAY,CAAC,OAAO,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA,EAAG,OAAO,IAAA;AAC7E,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,MAAM,GAAI,CAAA;AAC3C,IAAA,IAAI,KAAA,IAAS,GAAG,OAAO,IAAA;AACvB,IAAA,OAAO,IAAI,KAAK,KAAK,CAAA;AAAA,EACvB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAMO,SAAS,2BAA2B,GAAA,EAAgD;AACzF,EAAA,MAAM,WAAA,GAAc,OAAO,GAAA,CAAI,YAAA,KAAiB,WAAW,GAAA,CAAI,YAAA,CAAa,MAAK,GAAI,EAAA;AACrF,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,MAAM,4DAA4D,CAAA;AAAA,EAC9E;AACA,EAAA,IAAI,eAAA,CAAgB,WAAW,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,SAAA,GACJ,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,IAAY,GAAA,CAAI,UAAA,CAAW,IAAA,EAAK,GACtD,GAAA,CAAI,UAAA,CAAW,IAAA,EAAK,GACpB,QAAA;AACN,EAAA,MAAM,YACJ,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,IAC1B,OAAO,QAAA,CAAS,GAAA,CAAI,UAAU,CAAA,IAC9B,IAAI,UAAA,GAAa,CAAA,GACb,KAAK,KAAA,CAAM,GAAA,CAAI,UAAU,CAAA,GACzB,6BAAA;AACN,EAAA,MAAM,KAAA,GACJ,OAAO,GAAA,CAAI,KAAA,KAAU,QAAA,IAAY,GAAA,CAAI,KAAA,CAAM,IAAA,EAAK,GAAI,GAAA,CAAI,KAAA,CAAM,IAAA,EAAK,GAAI,cAAA;AAEzE,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,SAAA;AAAA,IACA,SAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACnHA,WAAA,EAAA;AAGA,IAAM,2BAAA,uBAAkC,GAAA,CAAI;AAAA,EAC1C,+CAAA;AAAA,EACA;AACF,CAAC,CAAA;AAEM,SAAS,cAAc,KAAA,EAA+B;AAC3D,EAAA,IAAI,iBAAiBN,qBAAA,EAAe;AAClC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiBO,8BAAA,EAAmB;AACtC,IAAA,MAAM,QAAQ,KAAA,CAAM,KAAA;AACpB,IAAA,MAAM,cACJ,OAAO,KAAA,CAAM,sBAAsB,QAAA,GAC/B,KAAA,CAAM,oBACN,KAAA,CAAM,OAAA;AACZ,IAAA,MAAM,OAAA,GAAmC,EAAE,GAAG,KAAA,EAAM;AACpD,IAAA,IAAI,OAAO,KAAA,CAAM,SAAA,KAAc,QAAA,EAAU;AACvC,MAAA,OAAA,CAAQ,YAAY,KAAA,CAAM,SAAA;AAAA,IAC5B;AACA,IAAA,OAAO,IAAIP,sBAAc,WAAA,EAAa;AAAA,MACpC,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,MAAM,KAAA,CAAM,KAAA;AAAA,MACZ;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,iBAAiBQ,qCAAA,EAA0B;AAC7C,IAAA,OAAO,IAAIR,qBAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,MACtC,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,MAAM,IAAA,IAAQ,wBAAA;AAAA,MACpB,OAAA,EAAS,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA;AAAM,KAC/B,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAIA,qBAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,MACtC,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,IAAIA,sBAAc,kBAAA,EAAoB;AAAA,IAC3C,MAAA,EAAQ,GAAA;AAAA,IACR,IAAA,EAAM;AAAA,GACP,CAAA;AACH;AAEO,SAAS,gCACd,EAAA,EACuB;AACvB,EAAA,MAAM,SAAS,EAAA,CAAG,iBAAA;AAClB,EAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,CAAC,2BAAA,CAA4B,GAAA,CAAI,MAAM,CAAA,EAAG;AAC1E,IAAA,MAAM,IAAIA,sBAAc,yDAAA,EAA2D;AAAA,MACjF,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,iBAAA,EAAmB,MAAA;AAAO,KACtC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,KAAK,EAAA,CAAG,UAAA;AACd,EAAA,IAAI,OAAO,EAAA,KAAO,QAAA,IAAY,EAAA,CAAG,WAAA,OAAkB,QAAA,EAAU;AAC3D,IAAA,MAAM,IAAIA,sBAAc,iDAAA,EAAmD;AAAA,MACzE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,UAAA,EAAY,EAAA;AAAG,KAC3B,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,YAAY,EAAA,CAAG,UAAA;AACrB,EAAA,IAAI,OAAO,cAAc,QAAA,EAAU;AACjC,IAAA,MAAM,IAAIA,sBAAc,mCAAA,EAAqC;AAAA,MAC3D,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,QAAQ,OAAO,EAAA,CAAG,KAAA,KAAU,QAAA,GAAW,GAAG,KAAA,GAAQ,EAAA;AAExD,EAAA,OAAO;AAAA,IACL,cAAc,EAAA,CAAG,YAAA;AAAA,IACjB,UAAA,EAAY,QAAA;AAAA,IACZ,UAAA,EAAY,SAAA;AAAA,IACZ,KAAA;AAAA,IACA,iBAAA,EAAmB;AAAA,GACrB;AACF;AAEO,SAAS,yCACd,EAAA,EACgC;AAChC,EAAA,MAAM,KAAK,EAAA,CAAG,UAAA;AACd,EAAA,IAAI,OAAO,EAAA,KAAO,QAAA,IAAY,EAAA,CAAG,WAAA,OAAkB,QAAA,EAAU;AAC3D,IAAA,MAAM,IAAIA,sBAAc,iDAAA,EAAmD;AAAA,MACzE,MAAA,EAAQ,GAAA;AAAA,MACR,IAAA,EAAM,wBAAA;AAAA,MACN,OAAA,EAAS,EAAE,UAAA,EAAY,EAAA;AAAG,KAC3B,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,cAAc,EAAA,CAAG,YAAA;AAAA,IACjB,UAAA,EAAY,QAAA;AAAA,IACZ,YAAY,EAAA,CAAG,UAAA;AAAA,IACf,OAAO,OAAO,EAAA,CAAG,KAAA,KAAU,QAAA,GAAW,GAAG,KAAA,GAAQ;AAAA,GACnD;AACF;AAEO,SAAS,UAAU,QAAA,EAA0B;AAClD,EAAA,OAAO,EAAE,WAAW,QAAA,EAAS;AAC/B;;;AHhDA,IAAMS,qBAAAA,GAAuB,iDAAA;AAC7B,IAAMC,0BAAAA,GAA4B,+CAAA;AAClC,IAAM,2BAAA,GAA8B,+CAAA;AAEpC,IAAM,sBAAA,GAAyB,uBAAA;AAKxB,SAAS,kBAAkB,KAAA,EAAuB;AACvD,EAAA,OAAO,KAAA,CACJ,OAAA,CAAQ,QAAA,EAAU,CAAC,IAAA,KAAS,IAAA,CAAK,WAAA,EAAa,CAAA,CAC9C,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AACtB;AAKO,SAAS,wBAAwB,QAAA,EAA0B;AAChE,EAAA,OAAO,CAAA,EAAG,sBAAsB,CAAA,EAAG,iBAAA,CAAkB,QAAQ,CAAC,CAAA,CAAA;AAChE;AAEO,IAAM,iBAAN,MAAqB;AAAA,EACT,SAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,eAAA;AAAA,EACA,SAAA;AAAA,EACA,MAAA;AAAA,EACA,iBAAA;AAAA,EAEjB,YAAY,OAAA,EAAgC;AAC1C,IAAA,IAAA,CAAK,SAAA,GAAY,oBAAA,CAAqB,OAAA,CAAQ,SAAS,CAAA;AACvD,IAAA,IAAA,CAAK,iBAAiB,OAAA,CAAQ,cAAA;AAC9B,IAAA,IAAA,CAAK,cAAc,OAAA,CAAQ,WAAA;AAC3B,IAAA,IAAA,CAAK,kBAAkB,OAAA,CAAQ,eAAA;AAC/B,IAAA,IAAA,CAAK,SAAA,GAAY,QAAQ,KAAA,IAAS,KAAA;AAClC,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,MAAA;AACtB,IAAA,IAAA,CAAK,iBAAA,GAAoB,QAAQ,iBAAA,IAAqB,KAAA;AAAA,EACxD;AAAA,EAEA,MAAM,YAAA,CAAa,OAAA,GAA+B,EAAC,EAAmC;AACpF,IAAA,MAAM,KAAK,MAAM,uBAAA,CAAwB,IAAA,CAAK,SAAA,EAAW,KAAK,SAAA,EAAW;AAAA,MACvE,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,mBAAmB,IAAA,CAAK;AAAA,KACzB,CAAA;AACD,IAAA,OAAO,kCAAkC,EAAE,CAAA;AAAA,EAC7C;AAAA,EAEA,aAAa,GAAA,EAAsB;AACjC,IAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,GAAA,CAAI,IAAA,EAAM,CAAA;AACjD,IAAA,OAAO,cAAc,IAAA,CAAK,SAAA;AAAA,EAC5B;AAAA,EAEA,4BACE,YAAA,EAC8B;AAC9B,IAAA,MAAM,SAAS,YAAA,CAAa,GAAA,CAAI,KAAK,CAAA,EAAG,MAAK,IAAK,EAAA;AAClD,IAAA,MAAM,gBAAgB,YAAA,CAAa,GAAA,CAAI,iBAAiB,CAAA,EAAG,MAAK,IAAK,EAAA;AAErE,IAAA,IAAI,CAAC,MAAA,IAAU,CAAC,aAAA,EAAe;AAC7B,MAAA,MAAM,IAAIV,sBAAc,gCAAA,EAAkC;AAAA,QACxD,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,CAAC,IAAA,CAAK,YAAA,CAAa,MAAM,CAAA,EAAG;AAC9B,MAAA,MAAM,IAAIA,sBAAc,oCAAA,EAAsC;AAAA,QAC5D,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,SAAA;AACJ,IAAA,IAAI;AACF,MAAA,SAAA,GAAY,IAAI,IAAI,aAAa,CAAA;AAAA,IACnC,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAIA,sBAAc,oCAAA,EAAsC;AAAA,QAC5D,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,YAAA,GAAe,IAAI,GAAA,CAAI,IAAA,CAAK,SAAS,CAAA,CAAE,MAAA;AAC7C,IAAA,IAAI,SAAA,CAAU,MAAA,KAAW,YAAA,IAAgB,SAAA,CAAU,aAAa,cAAA,EAAgB;AAC9E,MAAA,MAAM,IAAIA,qBAAA;AAAA,QACR,0DAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,GAAA;AAAA,UACR,IAAA,EAAM;AAAA;AACR,OACF;AAAA,IACF;AAEA,IAAA,MAAM,WAAW,iBAAA,CAAkB,SAAA,CAAU,aAAa,GAAA,CAAI,WAAW,KAAK,EAAE,CAAA;AAChF,IAAA,MAAM,WAAW,SAAA,CAAU,YAAA,CAAa,IAAI,WAAW,CAAA,EAAG,MAAK,IAAK,EAAA;AAEpE,IAAA,IAAI,CAAC,QAAA,IAAY,CAAC,QAAA,EAAU;AAC1B,MAAA,MAAM,IAAIA,sBAAc,mDAAA,EAAqD;AAAA,QAC3E,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,OAAO;AAAA,MACL,MAAA;AAAA,MACA,aAAA;AAAA,MACA,QAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,YAAA,GAAoD;AACxD,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,MAAA,CAAA;AACpC,IAAA,OAAO,IAAA,CAAK,YAAwC,GAAA,EAAK;AAAA,MACvD,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,KAAA,EAAmD;AACrE,IAAA,MAAM,OAAA,GAAmC;AAAA,MACvC,gBAAgB,KAAA,CAAM;AAAA,KACxB;AACA,IAAA,IAAI,KAAA,CAAM,KAAA,EAAO,OAAA,CAAQ,KAAA,GAAQ,KAAA,CAAM,KAAA;AACvC,IAAA,IAAI,KAAA,CAAM,MAAA,EAAQ,OAAA,CAAQ,MAAA,GAAS,KAAA,CAAM,MAAA;AAEzC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,MAAA,CAAA;AACpC,IAAA,OAAO,IAAA,CAAK,YAA2B,GAAA,EAAK;AAAA,MAC1C,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA;AAAA,MAC5B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,MAAA,EAAmE;AACrF,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,MAAA,CAAQ,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,MAAA,CAAO,cAAc,CAAA;AAC5D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAkC,GAAA,CAAI,QAAA,EAAS,EAAG;AAAA,MAC5D,MAAA,EAAQ,QAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,oBACJ,KAAA,EACsC;AACtC,IAAA,MAAM,GAAA,GAAM,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,KAAA,CAAM,cAAc,CAAC,CAAA,MAAA,CAAA;AACtF,IAAA,MAAM,IAAA,GAAO,MAAM,KAAA,GAAQ,EAAE,OAAO,KAAA,CAAM,KAAA,KAAU,EAAC;AAErD,IAAA,OAAO,IAAA,CAAK,YAAyC,GAAA,EAAK;AAAA,MACxD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,MACzB,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iCAAiC,KAAA,EAGE;AACvC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,mBAAA,CAAA;AACpC,IAAA,OAAO,IAAA,CAAK,YAAyC,GAAA,EAAK;AAAA,MACxD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,QAC5C,cAAA,EAAgB,kBAAA;AAAA,QAChB,MAAA,EAAQ;AAAA,OACV;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAA,CAAM,KAAA,GAAQ,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI,EAAE,CAAA;AAAA,MAC9D,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,+BAA+B,KAAA,EAIF;AACjC,IAAA,IAAI,KAAA,CAAM,SAAA,EAAW,IAAA,EAAK,EAAG;AAC3B,MAAA,MAAM,EAAE,uBAAA,EAAAW,wBAAAA,EAAwB,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,qBAAA,EAAA,EAAA,wBAAA,CAAA,CAAA;AAC1C,MAAA,MAAM,SAAA,GAAY,MAAMA,wBAAAA,CAAwB;AAAA,QAC9C,SAAA,EAAW,KAAA,CAAM,SAAA,CAAU,IAAA,EAAK;AAAA,QAChC,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,OAAO,KAAA,CAAM,KAAA;AAAA,QACb,UAAU,IAAA,CAAK,cAAA;AAAA,QACf,OAAO,IAAA,CAAK;AAAA,OACb,CAAA;AACD,MAAA,OAAO;AAAA,QACL,cAAc,SAAA,CAAU,YAAA;AAAA,QACxB,YAAY,SAAA,CAAU,UAAA;AAAA,QACtB,YAAY,SAAA,CAAU,UAAA;AAAA,QACtB,OAAO,SAAA,CAAU,KAAA;AAAA,QACjB,iBAAA,EAAmB;AAAA,OACrB;AAAA,IACF;AAEA,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,gCAAA,CAAiC;AAAA,MAC5D,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,OAAO,KAAA,CAAM;AAAA,KACd,CAAA;AACD,IAAA,OAAO,KAAK,wBAAA,CAAyB,EAAE,OAAA,EAAS,SAAA,CAAU,cAAc,CAAA;AAAA,EAC1E;AAAA,EAEA,MAAM,uBACJ,KAAA,EACgC;AAChC,IAAA,MAAM,KAAK,MAAM,uBAAA,CAAwB,IAAA,CAAK,SAAA,EAAW,KAAK,SAAA,EAAW;AAAA,MACvE,mBAAmB,IAAA,CAAK;AAAA,KACzB,CAAA;AACD,IAAA,MAAM,MAAA,GAAS,SAAA,CAAU,IAAA,CAAK,WAAW,CAAA;AACzC,IAAA,MAAM,UAAA,GAAa,KAAK,aAAA,EAAc;AACtC,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,IAAA,MAAA,CAAO,GAAA,CAAI,eAAA,EAAiB,KAAA,CAAM,OAAO,CAAA;AACzC,IAAA,MAAA,CAAO,GAAA,CAAI,sBAAsBD,0BAAyB,CAAA;AAC1D,IAAA,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,uBAAA,CAAwB,KAAA,CAAM,QAAQ,CAAC,CAAA;AAE9D,IAAA,IAAI;AACF,MAAA,MAAM,WAAW,MAAME,wCAAA;AAAA,QACrB,EAAA;AAAA,QACA,MAAA;AAAA,QACA,UAAA;AAAA,QACAH,qBAAAA;AAAA,QACA,MAAA;AAAA,QACA,KAAK,yBAAA;AAA0B,OACjC;AACA,MAAA,MAAM,KAAK,MAAMI,gDAAA;AAAA,QACf,EAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,OAAO,gCAAgC,EAAE,CAAA;AAAA,IAC3C,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,cAAc,CAAC,CAAA;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAM,uBAAA,CACJ,KAAA,GAAQ,UAAA,EACiC;AACzC,IAAA,MAAM,KAAK,MAAM,uBAAA,CAAwB,IAAA,CAAK,SAAA,EAAW,KAAK,SAAA,EAAW;AAAA,MACvE,mBAAmB,IAAA,CAAK;AAAA,KACzB,CAAA;AACD,IAAA,MAAM,MAAA,GAAS,SAAA,CAAU,IAAA,CAAK,WAAW,CAAA;AACzC,IAAA,MAAM,UAAA,GAAa,KAAK,aAAA,EAAc;AACtC,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,IAAA,MAAA,CAAO,GAAA,CAAI,SAAS,KAAK,CAAA;AAEzB,IAAA,IAAI;AACF,MAAA,MAAM,WAAW,MAAMC,0CAAA;AAAA,QACrB,EAAA;AAAA,QACA,MAAA;AAAA,QACA,UAAA;AAAA,QACA,MAAA;AAAA,QACA,KAAK,yBAAA;AAA0B,OACjC;AACA,MAAA,MAAM,KAAK,MAAMC,6CAAA;AAAA,QACf,EAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,OAAO,yCAAyC,EAAE,CAAA;AAAA,IACpD,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,cAAc,CAAC,CAAA;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,MAAM,yBAAyB,KAAA,EAGI;AACjC,IAAA,MAAM,KAAK,MAAM,uBAAA,CAAwB,IAAA,CAAK,SAAA,EAAW,KAAK,SAAA,EAAW;AAAA,MACvE,mBAAmB,IAAA,CAAK;AAAA,KACzB,CAAA;AACD,IAAA,MAAM,MAAA,GAAS,SAAA,CAAU,IAAA,CAAK,WAAW,CAAA;AACzC,IAAA,MAAM,UAAA,GAAa,KAAK,aAAA,EAAc;AACtC,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,IAAA,MAAA,CAAO,GAAA,CAAI,eAAA,EAAiB,KAAA,CAAM,OAAO,CAAA;AACzC,IAAA,MAAA,CAAO,GAAA,CAAI,sBAAsBL,0BAAyB,CAAA;AAC1D,IAAA,MAAA,CAAO,GAAA,CAAI,wBAAwB,2BAA2B,CAAA;AAC9D,IAAA,MAAM,iBAAA,GACJ,OAAO,KAAA,CAAM,QAAA,KAAa,YAAY,KAAA,CAAM,QAAA,CAAS,IAAA,EAAK,KAAM,EAAA,GAC5D,KAAA,CAAM,QAAA,CAAS,IAAA,KACf,IAAA,CAAK,SAAA;AACX,IAAA,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,oBAAA,CAAqB,iBAAiB,CAAC,CAAA;AAE9D,IAAA,IAAI;AACF,MAAA,MAAM,WAAW,MAAME,wCAAA;AAAA,QACrB,EAAA;AAAA,QACA,MAAA;AAAA,QACA,UAAA;AAAA,QACAH,qBAAAA;AAAA,QACA,MAAA;AAAA,QACA,KAAK,yBAAA;AAA0B,OACjC;AACA,MAAA,MAAM,KAAK,MAAMI,gDAAA;AAAA,QACf,EAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,OAAO,gCAAgC,EAAE,CAAA;AAAA,IAC3C,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,cAAc,CAAC,CAAA;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,2BACJ,KAAA,EACgC;AAChC,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,mBAAA,CAAoB;AAAA,MAC/C,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,KAAA,EAAO,MAAM,KAAA,IAAS;AAAA,KACvB,CAAA;AAED,IAAA,OAAO,KAAK,wBAAA,CAAyB;AAAA,MACnC,SAAS,SAAA,CAAU,YAAA;AAAA,MACnB,UAAU,KAAA,CAAM;AAAA,KACjB,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,yBAAyB,MAAA,EAEI;AACjC,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,IAAI;AACF,QAAA,OAAO,MAAM,IAAA,CAAK,wBAAA,CAAyB,EAAE,OAAA,EAAS,MAAA,CAAO,SAAS,CAAA;AAAA,MACxE,SAAS,KAAA,EAAO;AACd,QAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAA;AAC9B,QAAA,IAAA,CAAK,MAAA,EAAQ,OAAO,4DAAA,EAA8D;AAAA,UAChF,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,QAAQ,GAAA,CAAI;AAAA,SACb,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,uBAAA,CAAwB,UAAU,CAAA;AAClE,IAAA,IAAI,CAAC,aAAa,YAAA,EAAc;AAC9B,MAAA,MAAM,IAAIb,sBAAc,qDAAA,EAAuD;AAAA,QAC7E,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,KAAK,wBAAA,CAAyB,EAAE,OAAA,EAAS,YAAA,CAAa,cAAc,CAAA;AAAA,EAC7E;AAAA,EAEA,MAAM,QAAA,CAAS,KAAA,GAAyB,EAAC,EAA8B;AACrE,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,MAAA,CAAQ,CAAA;AACpD,IAAA,IAAI,MAAM,SAAA,EAAW,GAAA,CAAI,aAAa,GAAA,CAAI,WAAA,EAAa,MAAM,SAAS,CAAA;AACtE,IAAA,IAAI,MAAM,OAAA,EAAS,GAAA,CAAI,aAAa,GAAA,CAAI,SAAA,EAAW,MAAM,OAAO,CAAA;AAChE,IAAA,IAAI,MAAM,OAAA,EAAS,GAAA,CAAI,aAAa,GAAA,CAAI,SAAA,EAAW,MAAM,OAAO,CAAA;AAChE,IAAA,IAAI,MAAM,MAAA,EAAQ,GAAA,CAAI,aAAa,GAAA,CAAI,QAAA,EAAU,MAAM,MAAM,CAAA;AAC7D,IAAA,IAAI,MAAM,gBAAA,EAAkB,GAAA,CAAI,aAAa,GAAA,CAAI,kBAAA,EAAoB,MAAM,gBAAgB,CAAA;AAC3F,IAAA,IAAI,MAAM,aAAA,EAAe,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAW,QAAQ,CAAA;AAEjE,IAAA,OAAO,IAAA,CAAK,WAAA,CAA8B,GAAA,CAAI,QAAA,EAAS,EAAG;AAAA,MACxD,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,MAAA,EAAoE;AAC3F,IAAA,OAAO,kBAAA,CAAmB;AAAA,MACxB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,gBAAgB,IAAA,CAAK,cAAA;AAAA,MACrB,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,iBAAiB,IAAA,CAAK,eAAA;AAAA,MACtB,MAAA;AAAA,MACA,OAAO,IAAA,CAAK;AAAA,KACb,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,oBACJ,OAAA,EAC8F;AAC9F,IAAA,OAAO,wBAAA,CAAyB;AAAA,MAC9B,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,gBAAgB,IAAA,CAAK,cAAA;AAAA,MACrB,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,iBAAiB,IAAA,CAAK,eAAA;AAAA,MACtB,OAAA;AAAA,MACA,OAAO,IAAA,CAAK;AAAA,KACb,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,gBAAA,GAAmD;AACvD,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,eAAA,CAAA;AAAA,MACxB;AAAA,QACE,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA,EAEA,MAAM,mBAAA,GAA0D;AAC9D,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,mBAAA,CAAA;AACpC,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,WAAA;AAAA,MACtB,GAAA;AAAA,MACA;AAAA,QACE,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AACA,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,KAAK,UAAA,IAAc,CAAA;AAAA,MAC/B,QAAA,EAAU,IAAA,CAAK,QAAA,IAAY,IAAA,CAAK,SAAS;AAAC,KAC5C;AAAA,EACF;AAAA,EAEA,MAAM,mBAAmB,MAAA,EAAyC;AAChE,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,MAAM,CAAC,CAAA,KAAA,CAAA;AAAA,MAC5D;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,cAAA,EAAuD;AAC3E,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,cAAA,CAAgB,CAAA;AAC5D,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,cAAc,CAAA;AACrD,IAAA,OAAO,IAAA,CAAK,WAAA,CAAkC,GAAA,CAAI,QAAA,EAAS,EAAG;AAAA,MAC5D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,MAC7B,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,kBAAkB,cAAA,EAAyD;AAC/E,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,cAAc,CAAC,CAAA,WAAA,CAAA;AAAA,MACpE;AAAA,QACE,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA,EAEA,MAAM,kBAAA,CACJ,cAAA,EACA,KAAA,EACsF;AACtF,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,cAAc,CAAC,CAAA,WAAA,CAAA;AAAA,MACpE;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AAAA,QAC1B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,cAAA,EAAuD;AAC1E,IAAA,OAAO,IAAA,CAAK,gBAAgB,cAAc,CAAA;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAA,CACJ,cAAA,EACA,KAAA,EACoF;AACpF,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,kBAAA,CAAmB,cAAA,EAAgB;AAAA,MAC3D,iBAAiB,KAAA,CAAM,eAAA;AAAA,MACvB,MAAA,EAAQ,MAAM,MAAA,IAAU,QAAA;AAAA,MACxB,YAAY,KAAA,CAAM;AAAA,KACnB,CAAA;AACD,IAAA,MAAM,IAAA,GAAO,MAAA;AAQb,IAAA,MAAM,SAAS,MAAA,CAAO,UAAA;AACtB,IAAA,OAAO;AAAA,MACL,gBAAgB,MAAA,CAAO,cAAA;AAAA,MACvB,gBAAA,EACE,IAAA,CAAK,gBAAA,IAAoB,MAAA,EAAQ,gBAAA,IAAoB,GAAA;AAAA,MACvD,iBAAA,EACE,IAAA,CAAK,iBAAA,IAAqB,MAAA,EAAQ,iBAAA,IAAqB,GAAA;AAAA,MACzD,wBAAA,EACE,IAAA,CAAK,wBAAA,IAA4B,MAAA,EAAQ,wBAAA,IAA4B,GAAA;AAAA,MACvE,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,MAAA,EAAQ,SAAA,IAAa,KAAA;AAAA,MAClD,kBAAA,EACE,IAAA,CAAK,gBAAA,IAAoB,MAAA,EAAQ,gBAAA;AAAA,MACnC,kBAAkB,IAAA,CAAK,gBAAA;AAAA,MACvB,YAAY,IAAA,CAAK;AAAA,KACnB;AAAA,EACF;AAAA,EAEA,MAAM,oBAAoB,cAAA,EAA2D;AACnF,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,MACV,GAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,OAAA,EAAU,kBAAA,CAAmB,cAAc,CAAC,CAAA,aAAA,CAAA;AAAA,MACpE;AAAA,QACE,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,cAAA,EAAe;AAAA,QAC7B,KAAA,EAAO;AAAA;AACT,KACF;AAAA,EACF;AAAA,EAEA,MAAM,0BAA0B,KAAA,EAKC;AAC/B,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,QAAA,CAAS;AAAA,MACtC,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,OAAA,EAAS;AAAA,KACV,CAAA;AACD,IAAA,MAAM,OAAA,GAAU,4BAAA,CAA6B,WAAA,EAAa,KAAA,CAAM,cAAc,CAAA;AAC9E,IAAA,MAAM,GAAA,GAAM,MAAM,aAAA,IAAiB,wBAAA;AACnC,IAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAC1C,IAAA,MAAM,mBAAA,GAAsB,MAAM,OAAA,CAAQ,GAAA;AAAA,MACxC,aAAA,CAAc,GAAA;AAAA,QAAI,CAAC,MAAA,KACjB,IAAA,CAAK,QAAA,CAAS;AAAA,UACZ,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,SAAS,KAAA,CAAM,OAAA;AAAA,UACf,OAAA,EAAS,gBAAA;AAAA,UACT;AAAA,SACD;AAAA;AACH,KACF;AACA,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,QAAA,CAAS;AAAA,MACrC,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,OAAA,EAAS,gBAAA;AAAA,MACT,QAAQ,KAAA,CAAM;AAAA,KACf,CAAA;AACD,IAAA,OAAO,wBAAA;AAAA,MACL,WAAA;AAAA,MACA,KAAA,CAAM,cAAA;AAAA,MACN,mBAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,IAAA,EAGa;AAChC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,cAAA,EAAgB,CAAA,SAAA,CAAA;AACpC,IAAA,MAAM,OAAA,GAAkC;AAAA,MACtC,GAAG,KAAK,oBAAA;AAAqB,KAC/B;AACA,IAAA,IAAI,MAAM,WAAA,EAAa;AACrB,MAAA,OAAA,CAAQ,eAAe,IAAI,IAAA,CAAK,WAAA;AAAA,IAClC;AAEA,IAAA,IAAA,CAAK,QAAQ,KAAA,GAAQ,kBAAA,EAAoB,EAAE,MAAA,EAAQ,KAAA,EAAO,KAAK,CAAA;AAE/D,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,GAAA,EAAK;AAAA,MACzC,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA;AAAA,MACA,QAAQ,IAAA,EAAM,MAAA;AAAA,MACd,KAAA,EAAO;AAAA,KACR,CAAA;AAED,IAAA,MAAM,OAAO,QAAA,CAAS,OAAA,CAAQ,IAAI,MAAM,CAAA,EAAG,MAAK,IAAK,IAAA;AAErD,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,MAAA,OAAO;AAAA,QACL,QAAA,EAAU,IAAA;AAAA,QACV,IAAA,EAAM,IAAA,IAAQ,IAAA,EAAM,WAAA,IAAe,IAAA;AAAA,QACnC,WAAA,EAAa;AAAA,OACf;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,MAAM,QAAA,CAAS,IAAA,EAAK;AAChC,IAAA,MAAM,EAAA,GAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AACnD,IAAA,MAAM,YAAY,EAAA,CAAG,QAAA,CAAS,kBAAkB,CAAA,IAAK,EAAA,CAAG,SAAS,MAAM,CAAA;AACvE,IAAA,MAAM,SAAS,GAAA,IAAO,SAAA,GAAY,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA,GAAI,IAAA;AAE5D,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,OAAA,GAAW,UAAU,EAAC;AAC5B,MAAA,IAAI,WAAA;AACJ,MAAA,IAAI,OAAO,OAAA,CAAQ,iBAAA,KAAsB,QAAA,EAAU;AACjD,QAAA,WAAA,GAAc,OAAA,CAAQ,iBAAA;AAAA,MACxB,CAAA,MAAA,IAAW,OAAO,OAAA,CAAQ,KAAA,KAAU,QAAA,EAAU;AAC5C,QAAA,WAAA,GAAc,OAAA,CAAQ,KAAA;AAAA,MACxB,CAAA,MAAO;AACL,QAAA,WAAA,GAAc,CAAA,gBAAA,EAAmB,SAAS,MAAM,CAAA,CAAA,CAAA;AAAA,MAClD;AACA,MAAA,MAAM,IAAIA,sBAAc,WAAA,EAAa;AAAA,QACnC,QAAQ,QAAA,CAAS,MAAA;AAAA,QACjB,MAAM,OAAO,OAAA,CAAQ,KAAA,KAAU,QAAA,GAAW,QAAQ,KAAA,GAAQ,sBAAA;AAAA,QAC1D;AAAA,OACD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,CAAC,SAAA,IAAa,MAAA,KAAW,IAAA,EAAM;AACjC,MAAA,MAAM,IAAIA,sBAAc,uDAAA,EAAyD;AAAA,QAC/E,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM,kBAAA;AAAA,QACN,OAAA,EAAS,EAAE,WAAA,EAAa,EAAA,EAAI,SAAS,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAAE,OACxD,CAAA;AAAA,IACH;AAEA,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,yBAAyB,MAAM,CAAA;AAAA,MACzC,IAAA;AAAA,MACA,WAAA,EAAa;AAAA,KACf;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iCACJ,KAAA,EAC6B;AAC7B,IAAA,MAAM,KAAK,aAAA,CAAc;AAAA,MACvB,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,OAAO,KAAA,CAAM,KAAA;AAAA,MACb,MAAA,EAAQ;AAAA,KACT,CAAA;AACD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,0BAAA,CAA2B;AAAA,MACrD,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,KAAA,EAAO,MAAM,KAAA,IAAS,cAAA;AAAA,MACtB,UAAU,IAAA,CAAK;AAAA,KAChB,CAAA;AACD,IAAA,OAAO,2BAA2B,QAAQ,CAAA;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,KAAA,EAA+C;AACtE,IAAA,IAAI,KAAA,CAAM,cAAA,IAAkB,KAAA,CAAM,cAAA,KAAmB,KAAK,cAAA,EAAgB;AACxE,MAAA,MAAM,IAAIA,qBAAA;AAAA,QACR,2DAAA;AAAA,QACA,EAAE,MAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,gBAAA;AAAiB,OACxC;AAAA,IACF;AAEA,IAAA,MAAM,KAAK,aAAA,CAAc;AAAA,MACvB,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,OAAO,KAAA,CAAM,KAAA;AAAA,MACb,MAAA,EAAQ;AAAA,KACT,CAAA;AACD,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,mBAAA,CAAoB;AAAA,MAC/C,gBAAgB,KAAA,CAAM,cAAA;AAAA,MACtB,KAAA,EAAO;AAAA,KACR,CAAA;AACD,IAAA,MAAM,KAAK,sBAAA,CAAuB;AAAA,MAChC,SAAS,SAAA,CAAU,YAAA;AAAA,MACnB,UAAU,KAAA,CAAM;AAAA,KACjB,CAAA;AAAA,EACH;AAAA,EAEQ,yBAAA,GAEwB;AAC9B,IAAA,MAAM,CAAA,GAA0C;AAAA,MAC9C,CAACC,wBAAW,GAAG,IAAA,CAAK;AAAA,KACtB;AACA,IAAA,IAAI,KAAK,iBAAA,EAAmB;AAC1B,MAAA,CAAA,CAAEC,kCAAqB,CAAA,GAAI,IAAA;AAAA,IAC7B;AACA,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEQ,cAAA,GAAyB;AAC/B,IAAA,OAAO,CAAA,EAAG,KAAK,eAAA,EAAiB,gBAAgB,kBAAA,CAAmB,IAAA,CAAK,cAAc,CAAC,CAAA,CAAA;AAAA,EACzF;AAAA,EAEQ,eAAA,GAA0B;AAChC,IAAA,OAAO,IAAI,GAAA,CAAI,IAAA,CAAK,SAAS,CAAA,CAAE,MAAA;AAAA,EACjC;AAAA,EAEQ,cAAA,GAA8B;AACpC,IAAA,OAAO,KAAK,oBAAA,EAAqB;AAAA,EACnC;AAAA,EAEQ,oBAAA,GAA+C;AACrD,IAAA,OAAO;AAAA,MACL,aAAA,EAAe,uBAAA,CAAwB,IAAA,CAAK,WAAA,EAAa,KAAK,eAAe,CAAA;AAAA,MAC7E,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAAA,EAEQ,aAAA,GAA4B;AAClC,IAAA,OAAO,CAAC,GAAA,EAAK,OAAA,EAAS,KAAA,EAAO,OAAA,KAAY;AACvC,MAAA,OAAA,CAAQ,IAAI,eAAA,EAAiB,uBAAA,CAAwB,KAAK,WAAA,EAAa,IAAA,CAAK,eAAe,CAAC,CAAA;AAAA,IAC9F,CAAA;AAAA,EACF;AAAA,EAEA,MAAc,WAAA,CAAe,GAAA,EAAa,IAAA,EAA+B;AACvE,IAAA,IAAA,CAAK,MAAA,EAAQ,QAAQ,kBAAA,EAAoB;AAAA,MACvC,MAAA,EAAQ,KAAK,MAAA,IAAU,KAAA;AAAA,MACvB;AAAA,KACD,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,IAAI,CAAA;AAC/C,IAAA,MAAM,GAAA,GAAM,MAAM,QAAA,CAAS,IAAA,EAAK;AAChC,IAAA,MAAM,EAAA,GAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AACnD,IAAA,MAAM,YAAY,EAAA,CAAG,QAAA,CAAS,kBAAkB,CAAA,IAAK,EAAA,CAAG,SAAS,MAAM,CAAA;AACvE,IAAA,MAAM,MAAA,GAAS,OAAO,SAAA,GAAY,IAAA,CAAK,cAAc,GAAG,CAAA,GAAI,MAAM,IAAA,GAAO,IAAA;AAEzE,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,OAAA,GAAW,UAAU,EAAC;AAC5B,MAAA,IAAI,WAAA;AACJ,MAAA,IAAI,OAAO,OAAA,CAAQ,iBAAA,KAAsB,QAAA,EAAU;AACjD,QAAA,WAAA,GAAc,OAAA,CAAQ,iBAAA;AAAA,MACxB,CAAA,MAAA,IAAW,OAAO,OAAA,CAAQ,KAAA,KAAU,QAAA,EAAU;AAC5C,QAAA,WAAA,GAAc,OAAA,CAAQ,KAAA;AAAA,MACxB,CAAA,MAAO;AACL,QAAA,WAAA,GAAc,CAAA,gBAAA,EAAmB,SAAS,MAAM,CAAA,CAAA,CAAA;AAAA,MAClD;AAEA,MAAA,MAAM,IAAIF,sBAAc,WAAA,EAAa;AAAA,QACnC,QAAQ,QAAA,CAAS,MAAA;AAAA,QACjB,MACE,OAAO,OAAA,CAAQ,KAAA,KAAU,QAAA,GACrB,QAAQ,KAAA,GACR,sBAAA;AAAA,QACN;AAAA,OACD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,CAAC,SAAA,IAAa,MAAA,KAAW,IAAA,EAAM;AACjC,MAAA,MAAM,IAAIA,sBAAc,kDAAA,EAAoD;AAAA,QAC1E,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM,kBAAA;AAAA,QACN,OAAA,EAAS,EAAE,WAAA,EAAa,EAAA,EAAI,SAAS,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAAE,OACxD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEQ,cAAc,KAAA,EAAwB;AAC5C,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,CAAK,MAAM,KAAK,CAAA;AAAA,IACzB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEQ,QAAQ,KAAA,EAA+B;AAC7C,IAAA,IAAI,iBAAiBA,qBAAA,EAAe;AAClC,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,MAAA,OAAO,IAAIA,qBAAA,CAAc,KAAA,CAAM,OAAA,EAAS;AAAA,QACtC,IAAA,EAAM,kBAAA;AAAA,QACN,MAAA,EAAQ;AAAA,OACT,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,IAAIA,sBAAc,kBAAA,EAAoB;AAAA,MAC3C,IAAA,EAAM,kBAAA;AAAA,MACN,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;;;AIj0BA,WAAA,EAAA;;;AC7BA,iBAAA,EAAA;AAQO,IAAM,gCAAA,GACX;AASF,SAAS,QAAQ,IAAA,EAA6B;AAC5C,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,GAAA,CAAI,IAAI,CAAA;AAC9B,EAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,OAAO,OAAA,IAAW,IAAA;AACpB;AAGO,SAAS,gBAAA,GAA8C;AAC5D,EAAA,MAAM,SAAA,GAAY,QAAQ,sBAAsB,CAAA;AAChD,EAAA,MAAM,cAAA,GAAiB,QAAQ,4BAA4B,CAAA;AAC3D,EAAA,MAAM,WAAA,GAAc,QAAQ,yBAAyB,CAAA;AACrD,EAAA,MAAM,eAAA,GAAkB,QAAQ,6BAA6B,CAAA;AAC7D,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,kBAAkB,CAAC,WAAA,IAAe,CAAC,eAAA,EAAiB;AACrE,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,qBAAqB,SAAS,CAAA;AAAA,IACzC,cAAA;AAAA,IACA,WAAA;AAAA,IACA;AAAA,GACF;AACF;AAGO,SAAS,4BAAA,GAA8C;AAC5D,EAAA,MAAM,GAAA,GAAM,QAAQ,sBAAsB,CAAA;AAC1C,EAAA,IAAI,CAAC,KAAK,OAAO,IAAA;AACjB,EAAA,IAAI;AACF,IAAA,OAAO,oBAAA,CAAqB,IAAI,GAAA,CAAI,GAAG,EAAE,IAAI,CAAA;AAAA,EAC/C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAGO,SAAS,iCAAA,GAAmD;AACjE,EAAA,OAAO,QAAQ,4BAA4B,CAAA;AAC7C;AAGO,SAAS,qBAAA,GAAiC;AAC/C,EAAA,OAAO,kBAAiB,KAAM,IAAA;AAChC;AAGO,SAAS,iCAAiC,SAAA,EAA2B;AAC1E,EAAA,OAAO,oBAAoB,SAAS,CAAA;AACtC;AAGO,SAAS,yBAAyB,SAAA,EAA2B;AAClE,EAAA,OAAO,IAAI,GAAA,CAAI,oBAAA,CAAqB,UAAU,IAAA,EAAM,CAAC,CAAA,CAAE,MAAA;AACzD;;;ADhCA,cAAA,EAAA","file":"index.cjs","sourcesContent":["/**\n * Base64url-safe Basic auth encoding for `client_id:client_secret` (UTF-8).\n * Works in Node, Edge, and Workers without assuming `Buffer`.\n */\nexport function encodeClientSecretBasic(clientId: string, clientSecret: string): string {\n const raw = `${clientId}:${clientSecret}`;\n const b64 =\n typeof Buffer !== \"undefined\"\n ? Buffer.from(raw, \"utf8\").toString(\"base64\")\n : btoa(Array.from(new TextEncoder().encode(raw), (c) => String.fromCharCode(c)).join(\"\"));\n return `Basic ${b64}`;\n}\n","export class PmtHouseError extends Error {\n readonly status: number;\n readonly code: string;\n readonly details?: unknown;\n\n constructor(\n message: string,\n {\n status = 500,\n code = \"pymthouse_error\",\n details,\n }: {\n status?: number;\n code?: string;\n details?: unknown;\n } = {},\n ) {\n super(message);\n this.name = \"PmtHouseError\";\n this.status = status;\n this.code = code;\n this.details = details;\n }\n}\n\nexport function toPmtHouseError(\n error: unknown,\n fallbackMessage: string,\n): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n\n if (error instanceof Error) {\n return new PmtHouseError(error.message || fallbackMessage, {\n code: \"unexpected_error\",\n status: 500,\n });\n }\n\n return new PmtHouseError(fallbackMessage, {\n code: \"unexpected_error\",\n status: 500,\n });\n}\n","/** Removes trailing `/` without regex (linear time). */\nexport function stripTrailingSlashes(value: string): string {\n let end = value.length;\n while (end > 0 && (value.codePointAt(end - 1) ?? 0) === 47) {\n end--;\n }\n return value.slice(0, end);\n}\n\nfunction endsWithIgnoreCase(value: string, suffix: string): boolean {\n if (suffix.length > value.length) {\n return false;\n }\n const start = value.length - suffix.length;\n for (let i = 0; i < suffix.length; i++) {\n const a = value.codePointAt(start + i) ?? 0;\n const b = suffix.codePointAt(i) ?? 0;\n if (a !== b && (a | 32) !== (b | 32)) {\n return false;\n }\n }\n return true;\n}\n\nfunction stripSuffixIgnoreCase(value: string, suffix: string): string {\n return endsWithIgnoreCase(value, suffix)\n ? value.slice(0, value.length - suffix.length)\n : value;\n}\n\n/** Issuer URL (`…/oidc`) → Builder API base (`…/api/v1`). Linear-time; no regex. */\nexport function stripOidcPathSuffix(issuerUrl: string): string {\n let base = stripTrailingSlashes(issuerUrl.trim());\n base = stripSuffixIgnoreCase(base, \"/oidc\");\n return stripTrailingSlashes(base);\n}\n\n/** Issuer URL (`…/api/v1/oidc`) → host origin for signer/API-key routes. Linear-time; no regex. */\nexport function stripIssuerOriginFromOidcUrl(issuerUrl: string): string {\n let base = stripTrailingSlashes(issuerUrl.trim());\n base = stripSuffixIgnoreCase(base, \"/api/v1/oidc\");\n base = stripSuffixIgnoreCase(base, \"/oidc\");\n return stripTrailingSlashes(base);\n}\n\n/** Parse and validate an http(s) facade origin (no path). */\nexport function parseHttpOrigin(raw: string | undefined, fallback: string): string {\n const trimmed = (raw ?? fallback).trim();\n let parsed: URL;\n try {\n parsed = new URL(trimmed);\n } catch {\n throw new TypeError(\"Origin must be a valid http(s) URL\");\n }\n if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") {\n throw new TypeError(\"Origin must use http or https\");\n }\n return parsed.origin;\n}\n\n","import {\n allowInsecureRequests,\n customFetch,\n discoveryRequest,\n processDiscoveryResponse,\n type AuthorizationServer,\n} from \"oauth4webapi\";\nimport { PmtHouseError } from \"./errors.js\";\nimport { stripTrailingSlashes } from \"./string-utils.js\";\nimport type { FetchLike, OidcDiscoveryDocument } from \"./types.js\";\n\nexport function authorizationServerToOidcDocument(as: AuthorizationServer): OidcDiscoveryDocument {\n const tokenEndpoint = as.token_endpoint;\n const jwksUri = as.jwks_uri;\n if (!tokenEndpoint || !jwksUri) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint or jwks_uri\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n return {\n issuer: as.issuer,\n authorization_endpoint: as.authorization_endpoint ?? \"\",\n token_endpoint: tokenEndpoint,\n jwks_uri: jwksUri,\n userinfo_endpoint: as.userinfo_endpoint,\n device_authorization_endpoint: as.device_authorization_endpoint,\n };\n}\n\nconst CACHE_TTL_MS = 5 * 60 * 1000;\n\ntype CacheEntry = {\n as: AuthorizationServer;\n fetchedAt: number;\n};\n\nconst discoveryCache = new Map<string, CacheEntry>();\n\nfunction normalizedIssuerKey(issuerUrl: string): string {\n return stripTrailingSlashes(issuerUrl);\n}\n\nexport interface LoadAuthorizationServerOptions {\n force?: boolean;\n allowInsecureHttp?: boolean;\n}\n\n/**\n * Loads OIDC discovery metadata via oauth4webapi (RFC 8414 / OIDC Discovery), with a 5-minute cache.\n */\nexport async function loadAuthorizationServer(\n issuerUrl: string,\n fetchImpl: FetchLike,\n options: LoadAuthorizationServerOptions = {},\n): Promise<AuthorizationServer> {\n const key = normalizedIssuerKey(issuerUrl);\n const now = Date.now();\n const cached = discoveryCache.get(key);\n\n if (!options.force && cached && now - cached.fetchedAt < CACHE_TTL_MS) {\n return cached.as;\n }\n\n const issuerIdentifier = new URL(key);\n const discoveryOpts: Parameters<typeof discoveryRequest>[1] = {\n algorithm: \"oidc\",\n [customFetch]: fetchImpl,\n };\n if (options.allowInsecureHttp) {\n discoveryOpts[allowInsecureRequests] = true;\n }\n\n let response: Response;\n try {\n response = await discoveryRequest(issuerIdentifier, discoveryOpts);\n } catch (e) {\n throw mapDiscoveryNetworkError(e);\n }\n\n let as: AuthorizationServer;\n try {\n as = await processDiscoveryResponse(issuerIdentifier, response);\n } catch (e) {\n throw mapOAuthDiscoveryError(e);\n }\n\n discoveryCache.set(key, { as, fetchedAt: now });\n return as;\n}\n\nexport async function fetchDiscoveryDocument(\n issuerUrl: string,\n fetchImpl: FetchLike,\n options: LoadAuthorizationServerOptions = {},\n): Promise<OidcDiscoveryDocument> {\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, options);\n return authorizationServerToOidcDocument(as);\n}\n\nexport function clearDiscoveryCache(issuerUrl?: string): void {\n if (!issuerUrl) {\n discoveryCache.clear();\n return;\n }\n discoveryCache.delete(normalizedIssuerKey(issuerUrl));\n}\n\nfunction mapOAuthDiscoveryError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n if (error instanceof Error) {\n return new PmtHouseError(error.message, {\n status: 500,\n code: \"oidc_discovery_invalid\",\n details: { cause: error.cause },\n });\n }\n return new PmtHouseError(\"OIDC discovery failed\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n}\n\nfunction mapDiscoveryNetworkError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n if (error instanceof Error) {\n return new PmtHouseError(`Failed to load OIDC discovery: ${error.message}`, {\n status: 502,\n code: \"oidc_discovery_failed\",\n });\n }\n return new PmtHouseError(\"Failed to load OIDC discovery\", {\n status: 502,\n code: \"oidc_discovery_failed\",\n });\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nfunction oauthFailureDescription(\n parsed: Record<string, unknown>,\n failureLabel: string,\n status: number,\n): string {\n if (typeof parsed.error_description === \"string\") {\n return parsed.error_description;\n }\n if (typeof parsed.error === \"string\") {\n return parsed.error;\n }\n return `${failureLabel} (${status})`;\n}\n\nexport type ReadJsonObjectFromResponseOptions = {\n invalidJsonMessage: string;\n invalidJsonCode: string;\n failureLabel: string;\n defaultErrorCode: string;\n};\n\nexport async function readJsonObjectFromResponse(\n response: Response,\n options: ReadJsonObjectFromResponseOptions,\n): Promise<Record<string, unknown>> {\n const text = await response.text();\n let parsed: Record<string, unknown>;\n try {\n parsed = text ? (JSON.parse(text) as Record<string, unknown>) : {};\n } catch {\n throw new PmtHouseError(options.invalidJsonMessage, {\n status: 502,\n code: options.invalidJsonCode,\n details: { status: response.status },\n });\n }\n\n if (!response.ok) {\n const description = oauthFailureDescription(parsed, options.failureLabel, response.status);\n throw new PmtHouseError(description, {\n status: response.status,\n code: typeof parsed.error === \"string\" ? parsed.error : options.defaultErrorCode,\n details: parsed,\n });\n }\n\n return parsed;\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nexport function signerHandlerErrorResponse(error: unknown): Response {\n if (error instanceof PmtHouseError) {\n return new Response(\n JSON.stringify({\n error: error.code,\n error_description: error.message,\n details: error.details,\n }),\n {\n status: error.status,\n headers: { \"Content-Type\": \"application/json\" },\n },\n );\n }\n const message = error instanceof Error ? error.message : \"Internal error\";\n return new Response(JSON.stringify({ error: \"internal_error\", error_description: message }), {\n status: 500,\n headers: { \"Content-Type\": \"application/json\" },\n });\n}\n","import { PmtHouseError } from \"../errors.js\";\n\nexport function readStringField(\n body: Record<string, unknown>,\n key: string,\n errorCode: string,\n messagePrefix = \"Response\",\n): string {\n const value = body[key];\n if (typeof value !== \"string\" || !value.trim()) {\n throw new PmtHouseError(`${messagePrefix} missing ${key}`, {\n status: 502,\n code: errorCode,\n });\n }\n return value.trim();\n}\n\nexport function readExpiresIn(body: Record<string, unknown>, errorCode: string): number {\n const expiresIn = body.expires_in;\n if (typeof expiresIn !== \"number\" || !Number.isFinite(expiresIn) || expiresIn <= 0) {\n throw new PmtHouseError(\"Response missing expires_in\", {\n status: 502,\n code: errorCode,\n });\n }\n return Math.floor(expiresIn);\n}\n","import { stripTrailingSlashes } from \"../string-utils.js\";\nimport { loadAuthorizationServer } from \"../discovery.js\";\nimport { encodeClientSecretBasic } from \"../encoding.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { readExpiresIn, readStringField } from \"./json-fields.js\";\nimport type { CachedSignerToken, MintUserSignerTokenOptions, MintUserSignerTokenResponse } from \"./types.js\";\n\nexport const SIGN_MINT_USER_TOKEN_SCOPE = \"sign:mint_user_token\";\n\n/** @deprecated Signer JWT `aud` is the OIDC issuer URL; kept for legacy callers. */\nexport const LIVEPEER_REMOTE_SIGNER_AUDIENCE = \"livepeer-remote-signer\";\n\nconst DEFAULT_TTL_REFRESH_RATIO = 0.8;\nconst TOKEN_RESPONSE_ERROR = \"invalid_token_response\";\n\nexport function signerJwtAudience(issuerUrl: string): string {\n return stripTrailingSlashes(issuerUrl);\n}\n\nexport function parseMintUserSignerTokenResponse(\n body: Record<string, unknown>,\n ttlRefreshRatio = DEFAULT_TTL_REFRESH_RATIO,\n): CachedSignerToken {\n const accessToken = readStringField(body, \"access_token\", TOKEN_RESPONSE_ERROR, \"Token response\");\n const expiresIn = readExpiresIn(body, TOKEN_RESPONSE_ERROR);\n const balanceUsdMicros = readStringField(\n body,\n \"balanceUsdMicros\",\n TOKEN_RESPONSE_ERROR,\n \"Token response\",\n );\n const lifetimeGrantedUsdMicros = readStringField(\n body,\n \"lifetimeGrantedUsdMicros\",\n TOKEN_RESPONSE_ERROR,\n \"Token response\",\n );\n const now = Date.now();\n const expiresAt = now + expiresIn * 1000;\n const refreshAt = now + Math.floor(expiresIn * 1000 * ttlRefreshRatio);\n\n return {\n jwt: accessToken,\n expiresAt,\n refreshAt,\n balanceUsdMicros,\n lifetimeGrantedUsdMicros,\n };\n}\n\nexport async function mintUserSignerToken(\n options: MintUserSignerTokenOptions,\n): Promise<CachedSignerToken> {\n const fetchImpl = options.fetch ?? fetch;\n const issuerUrl = stripTrailingSlashes(options.issuerUrl);\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, {\n allowInsecureHttp: options.allowInsecureHttp,\n });\n const tokenEndpoint = as.token_endpoint;\n if (!tokenEndpoint) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n\n const audience = signerJwtAudience(issuerUrl);\n const body = new URLSearchParams({\n grant_type: \"client_credentials\",\n scope: SIGN_MINT_USER_TOKEN_SCOPE,\n external_user_id: options.externalUserId,\n audience,\n });\n\n const response = await fetchImpl(tokenEndpoint, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: body.toString(),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Token endpoint returned invalid JSON\",\n invalidJsonCode: TOKEN_RESPONSE_ERROR,\n failureLabel: \"Token mint failed\",\n defaultErrorCode: \"token_mint_failed\",\n });\n\n return parseMintUserSignerTokenResponse(parsed);\n}\n\nexport function toMintUserSignerTokenResponse(token: CachedSignerToken): MintUserSignerTokenResponse {\n const expiresIn = Math.max(1, Math.floor((token.expiresAt - Date.now()) / 1000));\n return {\n access_token: token.jwt,\n expires_in: expiresIn,\n balanceUsdMicros: token.balanceUsdMicros,\n lifetimeGrantedUsdMicros: token.lifetimeGrantedUsdMicros,\n };\n}\n","import { loadAuthorizationServer } from \"../discovery.js\";\nimport { encodeClientSecretBasic } from \"../encoding.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { stripTrailingSlashes } from \"../string-utils.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { readExpiresIn, readStringField } from \"./json-fields.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport { parseMintUserSignerTokenResponse } from \"./mint-token.js\";\nimport type {\n DeviceExchangeHandlerConfig,\n DeviceExchangeHandlerConfigRemote,\n DeviceExchangeMintContext,\n DeviceExchangeMintResult,\n DeviceExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeDeviceTokenForSignerOptions,\n MintSignerTokenFromDeviceTokenOptions,\n} from \"./types.js\";\n\nconst TOKEN_EXCHANGE_GRANT = \"urn:ietf:params:oauth:grant-type:token-exchange\";\nconst SUBJECT_ACCESS_TOKEN_TYPE = \"urn:ietf:params:oauth:token-type:access_token\";\nconst EXCHANGE_RESPONSE_ERROR = \"invalid_exchange_response\";\n\nexport function extractSignerAccessTokenFromExchangeBody(\n body: Record<string, unknown>,\n): string {\n const tokenObj = body.token;\n if (tokenObj !== null && typeof tokenObj === \"object\" && !Array.isArray(tokenObj)) {\n const nested = tokenObj as Record<string, unknown>;\n for (const key of [\"accessToken\", \"access_token\"] as const) {\n const value = nested[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n }\n for (const key of [\"accessToken\", \"access_token\"] as const) {\n const value = body[key];\n if (typeof value === \"string\" && value.trim()) {\n return value.trim();\n }\n }\n throw new PmtHouseError(\"Device exchange response missing signer access token\", {\n status: 502,\n code: \"invalid_exchange_response\",\n });\n}\n\nexport function normalizeDeviceExchangeResponse(\n minted: DeviceExchangeMintResult,\n options?: { signerUrl?: string },\n): DeviceExchangeResponse {\n const scope = minted.scope.trim() || \"sign:job\";\n const body: DeviceExchangeResponse = {\n access_token: minted.access_token,\n token_type: \"Bearer\",\n expires_in: minted.expires_in,\n scope,\n balanceUsdMicros: minted.balanceUsdMicros,\n lifetimeGrantedUsdMicros: minted.lifetimeGrantedUsdMicros,\n token: {\n accessToken: minted.access_token,\n access_token: minted.access_token,\n expiresIn: minted.expires_in,\n expires_in: minted.expires_in,\n scope,\n balanceUsdMicros: minted.balanceUsdMicros,\n lifetimeGrantedUsdMicros: minted.lifetimeGrantedUsdMicros,\n },\n };\n const signerUrl = options?.signerUrl?.trim();\n if (signerUrl) {\n body.signerUrl = signerUrl;\n }\n return body;\n}\n\nexport async function parseDeviceExchangeRequestBody(\n request: Request,\n): Promise<DeviceExchangeRequestBody> {\n let body: unknown;\n try {\n body = await request.json();\n } catch {\n throw new PmtHouseError(\"Request body must be JSON\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n throw new PmtHouseError(\"Request body must be a JSON object\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const record = body as Record<string, unknown>;\n const deviceTokenRaw = record.deviceToken;\n if (typeof deviceTokenRaw !== \"string\" || !deviceTokenRaw.trim()) {\n throw new PmtHouseError(\"Request body must include deviceToken\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const deviceToken = deviceTokenRaw.trim();\n const scope =\n typeof record.scope === \"string\" && record.scope.trim()\n ? record.scope.trim()\n : undefined;\n const clientId =\n typeof record.clientId === \"string\" && record.clientId.trim()\n ? record.clientId.trim()\n : undefined;\n return { deviceToken, scope, clientId };\n}\n\nexport async function mintSignerTokenFromDeviceToken(\n options: MintSignerTokenFromDeviceTokenOptions,\n): Promise<DeviceExchangeMintResult> {\n const fetchImpl = options.fetch ?? fetch;\n const issuerUrl = stripTrailingSlashes(options.issuerUrl);\n const as = await loadAuthorizationServer(issuerUrl, fetchImpl, {\n allowInsecureHttp: options.allowInsecureHttp,\n });\n const tokenEndpoint = as.token_endpoint;\n if (!tokenEndpoint) {\n throw new PmtHouseError(\"OIDC discovery document is missing token_endpoint\", {\n status: 500,\n code: \"oidc_discovery_invalid\",\n });\n }\n\n // Default the token-exchange audience/resource to the OIDC issuer URL, which is\n // what the IdP's token-exchange grant validates against (e.g. pymthouse's\n // signerJwtAudience()). The legacy \"livepeer-remote-signer\" literal is rejected\n // with invalid_target by current issuers.\n const audience = options.audience?.trim() || issuerUrl;\n const params = new URLSearchParams({\n grant_type: TOKEN_EXCHANGE_GRANT,\n subject_token: options.deviceToken,\n subject_token_type: SUBJECT_ACCESS_TOKEN_TYPE,\n audience,\n resource: audience,\n });\n if (options.scope?.trim()) {\n params.set(\"scope\", options.scope.trim());\n }\n\n const response = await fetchImpl(tokenEndpoint, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: params.toString(),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Token endpoint returned invalid JSON\",\n invalidJsonCode: \"invalid_token_response\",\n failureLabel: \"Signer JWT exchange failed\",\n defaultErrorCode: \"token_exchange_failed\",\n });\n\n const cached = parseMintUserSignerTokenResponse(parsed);\n return {\n access_token: cached.jwt,\n expires_in: readExpiresIn(parsed, EXCHANGE_RESPONSE_ERROR),\n scope: readStringField(parsed, \"scope\", EXCHANGE_RESPONSE_ERROR),\n balanceUsdMicros: cached.balanceUsdMicros,\n lifetimeGrantedUsdMicros: cached.lifetimeGrantedUsdMicros,\n };\n}\n\nexport async function exchangeDeviceTokenForSigner(\n options: ExchangeDeviceTokenForSignerOptions,\n): Promise<DeviceExchangeResponse> {\n const fetchImpl = options.fetch ?? fetch;\n const url = `${stripTrailingSlashes(options.facadeUrl)}/api/signer/device/exchange`;\n const body: Record<string, string> = { deviceToken: options.deviceToken };\n if (options.scope?.trim()) {\n body.scope = options.scope.trim();\n }\n if (options.clientId?.trim()) {\n body.clientId = options.clientId.trim();\n }\n\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"Device exchange returned invalid JSON\",\n invalidJsonCode: EXCHANGE_RESPONSE_ERROR,\n failureLabel: \"Device exchange failed\",\n defaultErrorCode: \"device_exchange_failed\",\n });\n\n const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);\n const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;\n const signerUrl =\n typeof signerUrlRaw === \"string\" && signerUrlRaw.trim() ? signerUrlRaw.trim() : undefined;\n return normalizeDeviceExchangeResponse(\n {\n access_token: accessToken,\n expires_in: readExpiresIn(parsed, EXCHANGE_RESPONSE_ERROR),\n scope:\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : \"sign:job\",\n balanceUsdMicros:\n typeof parsed.balanceUsdMicros === \"string\" ? parsed.balanceUsdMicros : \"0\",\n lifetimeGrantedUsdMicros:\n typeof parsed.lifetimeGrantedUsdMicros === \"string\"\n ? parsed.lifetimeGrantedUsdMicros\n : \"0\",\n },\n { signerUrl },\n );\n}\n\ntype CreateDeviceExchangeHandlerInput =\n | DeviceExchangeHandlerConfig\n | DeviceExchangeHandlerConfigRemote;\n\nfunction resolveMint(\n config: CreateDeviceExchangeHandlerInput,\n): (deviceToken: string, context: DeviceExchangeMintContext) => Promise<DeviceExchangeMintResult> {\n if (\"mint\" in config && typeof config.mint === \"function\") {\n return config.mint;\n }\n return (deviceToken, context) =>\n mintSignerTokenFromDeviceToken({\n issuerUrl: config.issuerUrl,\n m2mClientId: config.m2mClientId,\n m2mClientSecret: config.m2mClientSecret,\n deviceToken,\n scope: context.scope,\n audience: config.audience,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n}\n\nfunction resolveSignerUrlFromConfig(\n config: CreateDeviceExchangeHandlerInput,\n): string | Promise<string | undefined> | undefined {\n if (\"signerUrl\" in config && typeof config.signerUrl === \"string\" && config.signerUrl.trim()) {\n return config.signerUrl.trim();\n }\n if (\"getSignerUrl\" in config && typeof config.getSignerUrl === \"function\") {\n return config.getSignerUrl();\n }\n return undefined;\n}\n\nexport function createDeviceExchangeHandler(\n config: CreateDeviceExchangeHandlerInput,\n): (request: Request) => Promise<Response> {\n const mint = resolveMint(config);\n\n return async function deviceExchangeHandler(request: Request): Promise<Response> {\n try {\n if (request.method !== \"POST\") {\n return new Response(JSON.stringify({ error: \"method_not_allowed\" }), {\n status: 405,\n headers: { \"Content-Type\": \"application/json\" },\n });\n }\n\n const parsed = await parseDeviceExchangeRequestBody(request);\n const minted = await mint(parsed.deviceToken, {\n scope: parsed.scope,\n clientId: parsed.clientId,\n });\n const signerUrlValue = await resolveSignerUrlFromConfig(config);\n const body = normalizeDeviceExchangeResponse(minted, {\n signerUrl: typeof signerUrlValue === \"string\" ? signerUrlValue : undefined,\n });\n return new Response(JSON.stringify(body), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": \"no-store\",\n },\n });\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n };\n}\n","import { stripIssuerOriginFromOidcUrl, stripTrailingSlashes } from \"../string-utils.js\";\nimport { PmtHouseError } from \"../errors.js\";\nimport { readJsonObjectFromResponse } from \"./fetch-json.js\";\nimport { signerHandlerErrorResponse } from \"./handler-errors.js\";\nimport {\n extractSignerAccessTokenFromExchangeBody,\n mintSignerTokenFromDeviceToken,\n normalizeDeviceExchangeResponse,\n} from \"./device-exchange.js\";\nimport type {\n ApiKeyExchangeHandlerConfig,\n ApiKeyExchangeMintResult,\n ApiKeyExchangeRequestBody,\n DeviceExchangeResponse,\n ExchangeApiKeyForSignerOptions,\n} from \"./types.js\";\n\nconst EXCHANGE_RESPONSE_ERROR = \"invalid_exchange_response\";\n\nexport async function parseApiKeyExchangeRequestBody(\n request: Request,\n): Promise<ApiKeyExchangeRequestBody> {\n let body: unknown;\n try {\n body = await request.json();\n } catch {\n throw new PmtHouseError(\"Request body must be JSON\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n if (body === null || typeof body !== \"object\" || Array.isArray(body)) {\n throw new PmtHouseError(\"Request body must be a JSON object\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const record = body as Record<string, unknown>;\n const apiKeyRaw = record.apiKey;\n if (typeof apiKeyRaw !== \"string\" || !apiKeyRaw.trim()) {\n throw new PmtHouseError(\"Request body must include apiKey\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n const scope =\n typeof record.scope === \"string\" && record.scope.trim()\n ? record.scope.trim()\n : undefined;\n const clientId =\n typeof record.clientId === \"string\" && record.clientId.trim()\n ? record.clientId.trim()\n : undefined;\n return { apiKey: apiKeyRaw.trim(), scope, clientId };\n}\n\nexport async function mintUserAccessTokenFromApiKey(input: {\n issuerUrl: string;\n publicClientId: string;\n apiKey: string;\n scope?: string;\n fetch?: typeof fetch;\n}): Promise<{ access_token: string; expires_in: number; scope: string }> {\n const fetchImpl = input.fetch ?? fetch;\n const issuerOrigin = stripIssuerOriginFromOidcUrl(input.issuerUrl);\n const url = `${issuerOrigin}/api/v1/apps/${encodeURIComponent(input.publicClientId)}/auth/api-key/token`;\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${input.apiKey}`,\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(input.scope ? { scope: input.scope } : {}),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"API key token exchange returned invalid JSON\",\n invalidJsonCode: \"invalid_token_response\",\n failureLabel: \"API key token exchange failed\",\n defaultErrorCode: \"api_key_token_exchange_failed\",\n });\n\n const accessToken = parsed.access_token;\n if (typeof accessToken !== \"string\" || !accessToken.trim()) {\n throw new PmtHouseError(\"API key token exchange missing access_token\", {\n status: 502,\n code: EXCHANGE_RESPONSE_ERROR,\n });\n }\n\n const expiresIn =\n typeof parsed.expires_in === \"number\" && Number.isFinite(parsed.expires_in)\n ? parsed.expires_in\n : 900;\n const scope =\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : input.scope?.trim() || \"sign:job\";\n\n return {\n access_token: accessToken.trim(),\n expires_in: expiresIn,\n scope,\n };\n}\n\nexport async function mintSignerSessionFromApiKey(input: {\n issuerUrl: string;\n publicClientId: string;\n m2mClientId: string;\n m2mClientSecret: string;\n apiKey: string;\n scope?: string;\n audience?: string;\n fetch?: typeof fetch;\n allowInsecureHttp?: boolean;\n}): Promise<ApiKeyExchangeMintResult> {\n const userToken = await mintUserAccessTokenFromApiKey({\n issuerUrl: input.issuerUrl,\n publicClientId: input.publicClientId,\n apiKey: input.apiKey,\n scope: input.scope,\n fetch: input.fetch,\n });\n\n return mintSignerTokenFromDeviceToken({\n issuerUrl: input.issuerUrl,\n m2mClientId: input.m2mClientId,\n m2mClientSecret: input.m2mClientSecret,\n deviceToken: userToken.access_token,\n scope: userToken.scope,\n audience: input.audience,\n fetch: input.fetch,\n allowInsecureHttp: input.allowInsecureHttp,\n });\n}\n\nexport async function exchangeApiKeyForSigner(\n options: ExchangeApiKeyForSignerOptions,\n): Promise<DeviceExchangeResponse> {\n const fetchImpl = options.fetch ?? fetch;\n const url = `${stripTrailingSlashes(options.facadeUrl)}/api/pymthouse/keys/exchange`;\n const body: Record<string, string> = { apiKey: options.apiKey };\n if (options.scope?.trim()) {\n body.scope = options.scope.trim();\n }\n if (options.clientId?.trim()) {\n body.clientId = options.clientId.trim();\n }\n\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n\n const parsed = await readJsonObjectFromResponse(response, {\n invalidJsonMessage: \"API key exchange returned invalid JSON\",\n invalidJsonCode: EXCHANGE_RESPONSE_ERROR,\n failureLabel: \"API key exchange failed\",\n defaultErrorCode: \"api_key_exchange_failed\",\n });\n\n const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);\n const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;\n const signerUrl =\n typeof signerUrlRaw === \"string\" && signerUrlRaw.trim() ? signerUrlRaw.trim() : undefined;\n\n return normalizeDeviceExchangeResponse(\n {\n access_token: accessToken,\n expires_in:\n typeof parsed.expires_in === \"number\" && Number.isFinite(parsed.expires_in)\n ? parsed.expires_in\n : 3600,\n scope:\n typeof parsed.scope === \"string\" && parsed.scope.trim()\n ? parsed.scope.trim()\n : \"sign:job\",\n balanceUsdMicros:\n typeof parsed.balanceUsdMicros === \"string\" ? parsed.balanceUsdMicros : \"0\",\n lifetimeGrantedUsdMicros:\n typeof parsed.lifetimeGrantedUsdMicros === \"string\"\n ? parsed.lifetimeGrantedUsdMicros\n : \"0\",\n },\n { signerUrl },\n );\n}\n\nexport function createApiKeyExchangeHandler(\n config: ApiKeyExchangeHandlerConfig,\n): (request: Request) => Promise<Response> {\n const publicClientId = config.publicClientId.trim();\n\n return async function apiKeyExchangeHandler(request: Request): Promise<Response> {\n try {\n if (request.method !== \"POST\") {\n return new Response(JSON.stringify({ error: \"method_not_allowed\" }), {\n status: 405,\n headers: { \"Content-Type\": \"application/json\" },\n });\n }\n\n const parsed = await parseApiKeyExchangeRequestBody(request);\n const effectiveClientId = parsed.clientId?.trim() || publicClientId;\n if (effectiveClientId !== publicClientId) {\n throw new PmtHouseError(\"clientId does not match configured public client\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n\n const minted = await mintSignerSessionFromApiKey({\n issuerUrl: config.issuerUrl,\n publicClientId,\n m2mClientId: config.m2mClientId,\n m2mClientSecret: config.m2mClientSecret,\n apiKey: parsed.apiKey,\n scope: parsed.scope,\n audience: config.audience,\n fetch: config.fetch,\n allowInsecureHttp: config.allowInsecureHttp,\n });\n\n const signerUrlValue =\n typeof config.signerUrl === \"string\" && config.signerUrl.trim()\n ? config.signerUrl.trim()\n : undefined;\n\n const body = normalizeDeviceExchangeResponse(minted, { signerUrl: signerUrlValue });\n return new Response(JSON.stringify(body), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": \"no-store\",\n },\n });\n } catch (error) {\n return signerHandlerErrorResponse(error);\n }\n };\n}\n","/** Network cost pass-through: $1 retail per $1M of network USD-micros metered. */\nexport const NETWORK_USD_PER_MICRO = 0.000001;\n\nconst RETAIL_RATE_DECIMALS = 9;\n\n/** Strip trailing fractional zeros without regex (avoids ReDoS on user-facing inputs). */\nfunction trimFixedDecimalZeros(fixed: string): string {\n const dotIndex = fixed.indexOf(\".\");\n if (dotIndex === -1) {\n return fixed;\n }\n let end = fixed.length;\n while (end > dotIndex + 1 && fixed[end - 1] === \"0\") {\n end -= 1;\n }\n if (end === dotIndex + 1) {\n end = dotIndex;\n }\n const trimmed = fixed.slice(0, end);\n return trimmed.length > 0 ? trimmed : \"0\";\n}\n\nexport function defaultRetailRateUsd(): string {\n return formatRetailRateUsd(NETWORK_USD_PER_MICRO);\n}\n\nexport function formatRetailRateUsd(value: number): string {\n if (!Number.isFinite(value) || value < 0) {\n return defaultRetailRateUsd();\n }\n return trimFixedDecimalZeros(value.toFixed(RETAIL_RATE_DECIMALS));\n}\n\nexport function parseRetailRateUsd(raw: string | null | undefined): string | null {\n if (raw === null || raw === undefined) {\n return null;\n }\n const trimmed = String(raw).trim();\n if (!trimmed) {\n return null;\n }\n const n = Number(trimmed);\n if (!Number.isFinite(n) || n < 0) {\n return null;\n }\n return formatRetailRateUsd(n);\n}\n\n/** Markup percent (e.g. 50 = 50%) → retail USD per network USD-micro. */\nexport function markupPercentToRetailRateUsd(markupPercent: number): string {\n const pct = Number.isFinite(markupPercent) ? Math.max(0, markupPercent) : 0;\n return formatRetailRateUsd(NETWORK_USD_PER_MICRO * (1 + pct / 100));\n}\n\n/** Retail USD per micro → markup percent string for UI (one decimal). */\nexport function retailRateUsdToMarkupPercent(raw: string | null | undefined): string {\n const rate = parseRetailRateUsd(raw);\n if (!rate) {\n return \"\";\n }\n const n = Number(rate);\n if (!Number.isFinite(n) || n <= NETWORK_USD_PER_MICRO) {\n return n === NETWORK_USD_PER_MICRO ? \"0\" : \"\";\n }\n const pct = (n / NETWORK_USD_PER_MICRO - 1) * 100;\n if (!Number.isFinite(pct) || pct <= 0) {\n return \"\";\n }\n return pct % 1 === 0 ? String(Math.round(pct)) : pct.toFixed(1);\n}\n\nexport function retailRateUsdPerMillion(raw: string | null | undefined): string {\n const rate = parseRetailRateUsd(raw);\n if (!rate) {\n return \"\";\n }\n const perM = Number(rate) * 1_000_000;\n if (!Number.isFinite(perM)) {\n return \"\";\n }\n return perM.toFixed(2);\n}\n\nexport function parseMarkupPercentInput(raw: string): number | null {\n const trimmed = raw.trim();\n if (!trimmed) {\n return null;\n }\n const n = Number(trimmed);\n if (!Number.isFinite(n) || n < 0) {\n return null;\n }\n return n;\n}\n\n/** Apply retail rate (USD per network micro) to network fee micros. */\nexport function applyRetailRateToNetworkMicros(\n networkFeeUsdMicros: bigint,\n retailRateUsd: string,\n): bigint {\n const networkPerMicro = NETWORK_USD_PER_MICRO;\n const retail = Number(retailRateUsd);\n if (!Number.isFinite(retail) || retail <= 0) {\n return networkFeeUsdMicros;\n }\n const ratio = retail / networkPerMicro;\n if (!Number.isFinite(ratio) || ratio <= 0) {\n return networkFeeUsdMicros;\n }\n return (networkFeeUsdMicros * BigInt(Math.round(ratio * 1_000_000))) / 1_000_000n;\n}\n","import { encodeClientSecretBasic } from \"./encoding.js\";\nimport { PmtHouseError } from \"./errors.js\";\nimport { stripTrailingSlashes } from \"./string-utils.js\";\nimport type {\n FetchLike,\n SignedTicketIngestInput,\n SignedTicketIngestResult,\n} from \"./types.js\";\nimport type { SignerUsageSnapshot } from \"./signer/proxy.js\";\n\nexport type IngestSignedTicketOptions = {\n issuerUrl: string;\n publicClientId: string;\n m2mClientId: string;\n m2mClientSecret: string;\n ticket: SignedTicketIngestInput;\n fetch?: FetchLike;\n};\n\nexport type IngestSignedTicketsBatchOptions = Omit<IngestSignedTicketOptions, \"ticket\"> & {\n tickets: SignedTicketIngestInput[];\n};\n\nexport function signerSnapshotToIngestPayload(input: {\n snapshot: SignerUsageSnapshot;\n externalUserId: string;\n gatewayRequestId?: string;\n}): SignedTicketIngestInput {\n return {\n requestId: input.snapshot.requestId,\n externalUserId: input.externalUserId,\n networkFeeUsdMicros: input.snapshot.computedFeeUsdMicros.toString(),\n feeWei: input.snapshot.computedFeeWei,\n pixels: input.snapshot.pixels,\n pipeline: input.snapshot.pipeline,\n modelId: input.snapshot.modelId,\n gatewayRequestId: input.gatewayRequestId,\n ethUsdPrice: input.snapshot.ethUsdPrice,\n ethUsdRoundId: input.snapshot.ethUsdRoundId,\n ethUsdObservedAt: input.snapshot.ethUsdObservedAt,\n };\n}\n\nfunction ingestUrl(issuerUrl: string, publicClientId: string): string {\n const origin = new URL(stripTrailingSlashes(issuerUrl)).origin;\n return `${origin}/api/v1/apps/${encodeURIComponent(publicClientId)}/usage/signed-tickets`;\n}\n\nasync function readJsonResponse(response: Response): Promise<Record<string, unknown>> {\n const text = await response.text();\n if (!text.trim()) {\n return {};\n }\n try {\n const parsed: unknown = JSON.parse(text);\n return typeof parsed === \"object\" && parsed !== null && !Array.isArray(parsed)\n ? (parsed as Record<string, unknown>)\n : {};\n } catch {\n return {};\n }\n}\n\nexport async function ingestSignedTicket(\n options: IngestSignedTicketOptions,\n): Promise<SignedTicketIngestResult> {\n const fetchImpl = options.fetch ?? fetch;\n const url = ingestUrl(options.issuerUrl, options.publicClientId);\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(options.ticket),\n cache: \"no-store\",\n });\n\n const body = await readJsonResponse(response);\n if (!response.ok) {\n const message =\n typeof body.error === \"string\"\n ? body.error\n : `Signed-ticket ingest failed (${response.status})`;\n throw new PmtHouseError(message, {\n status: response.status,\n code: \"ingest_failed\",\n details: body,\n });\n }\n\n return {\n ingested: Boolean(body.ingested),\n duplicate: Boolean(body.duplicate),\n source: body.source === \"openmeter\" ? \"openmeter\" : \"disabled\",\n };\n}\n\nexport async function ingestSignedTicketsBatch(\n options: IngestSignedTicketsBatchOptions,\n): Promise<{ results: Array<SignedTicketIngestResult & { requestId?: string; ok?: boolean }> }> {\n const fetchImpl = options.fetch ?? fetch;\n const url = ingestUrl(options.issuerUrl, options.publicClientId);\n const response = await fetchImpl(url, {\n method: \"POST\",\n headers: {\n Authorization: encodeClientSecretBasic(options.m2mClientId, options.m2mClientSecret),\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify({ tickets: options.tickets }),\n cache: \"no-store\",\n });\n\n const body = await readJsonResponse(response);\n if (!response.ok) {\n const message =\n typeof body.error === \"string\"\n ? body.error\n : `Signed-ticket batch ingest failed (${response.status})`;\n throw new PmtHouseError(message, {\n status: response.status,\n code: \"ingest_failed\",\n details: body,\n });\n }\n\n const rawResults = Array.isArray(body.results) ? body.results : [];\n return {\n results: rawResults.map((entry) => {\n const row = (entry ?? {}) as Record<string, unknown>;\n return {\n requestId: typeof row.requestId === \"string\" ? row.requestId : undefined,\n ok: row.ok === true,\n ingested: Boolean(row.ingested),\n duplicate: Boolean(row.duplicate),\n source: row.source === \"openmeter\" ? \"openmeter\" : \"disabled\",\n };\n }),\n };\n}\n","import type {\n UsageApiResponse,\n UsageByPipelineModelFiatRow,\n UsageByUserRow,\n UsageDailyPipelineRow,\n UsageForExternalUser,\n MeScopeUsagePayload,\n} from \"./types.js\";\n\nfunction parseSafeBigInt(value: string | number | bigint, fallback = 0n): bigint {\n try {\n return BigInt(value);\n } catch {\n return fallback;\n }\n}\n\n/** ISO bounds for the current calendar month in UTC (billing-friendly window). */\nexport function getUtcCalendarMonthIsoBounds(now: Date = new Date()): {\n startDate: string;\n endDate: string;\n} {\n const y = now.getUTCFullYear();\n const m = now.getUTCMonth();\n const start = new Date(Date.UTC(y, m, 1, 0, 0, 0, 0));\n const end = new Date(Date.UTC(y, m + 1, 0, 23, 59, 59, 999));\n return { startDate: start.toISOString(), endDate: end.toISOString() };\n}\n\n/**\n * Parse a single date query value. Accepts ISO strings understood by `Date.parse`.\n * Returns `null` when missing, empty, or invalid.\n */\nexport function parseUsageDateParam(raw: string | null): string | null {\n if (raw == null) return null;\n const trimmed = raw.trim();\n if (!trimmed) return null;\n const t = Date.parse(trimmed);\n if (Number.isNaN(t)) return null;\n return trimmed;\n}\n\n/**\n * Sum all `byUser` buckets whose `externalUserId` matches the provider user.\n *\n * PymtHouse may emit multiple rows for the same external user during transitions\n * (e.g. legacy internal ids vs external id on `usage_records.user_id`).\n */\nexport function aggregateUsageByExternalUserId(\n byUser: UsageByUserRow[] | undefined,\n externalUserId: string,\n): UsageForExternalUser {\n const rows = byUser?.filter((row) => row.externalUserId === externalUserId) ?? [];\n if (rows.length === 0) {\n return {\n externalUserId,\n requestCount: 0,\n feeWei: \"0\",\n };\n }\n\n let feeWei = 0n;\n let requestCount = 0;\n for (const row of rows) {\n if (row.feeWei) {\n feeWei += BigInt(row.feeWei);\n }\n requestCount += row.requestCount;\n }\n\n return {\n externalUserId,\n requestCount,\n feeWei: feeWei.toString(),\n };\n}\n\n/**\n * Convenience over {@link aggregateUsageByExternalUserId} using a full Usage API response.\n */\nexport function summarizeUsageForExternalUser(\n usage: UsageApiResponse,\n externalUserId: string,\n): UsageForExternalUser {\n return aggregateUsageByExternalUserId(usage.byUser, externalUserId);\n}\n\n/**\n * Returns `byPipelineModel` rows from a Usage API response, sorted by `pipeline` then `modelId`.\n */\nexport function listUsageByPipelineModel(usage: UsageApiResponse) {\n const rows = usage.byPipelineModel ?? [];\n return [...rows].sort((a, b) => {\n const p = a.pipeline.localeCompare(b.pipeline);\n if (p !== 0) return p;\n return a.modelId.localeCompare(b.modelId);\n });\n}\n\n/** Map `externalUserId` to internal `endUserId` values for follow-up pipeline_model queries. */\nexport function getEndUserIdsForExternalUser(\n usage: UsageApiResponse,\n externalUserId: string,\n): string[] {\n const userIds = new Set<string>();\n for (const row of usage.byUser ?? []) {\n if (row.externalUserId === externalUserId && row.endUserId !== \"unknown\") {\n userIds.add(row.endUserId);\n }\n }\n return [...userIds];\n}\n\n/** @deprecated Use {@link getEndUserIdsForExternalUser}. */\nexport const getUsageRecordUserIdsForExternalUser = getEndUserIdsForExternalUser;\n\nexport interface UsageFiatSummary {\n externalUserId: string;\n requestCount: number;\n currency: string;\n networkFeeUsdMicros: string;\n ownerChargeUsdMicros: string;\n endUserBillableUsdMicros: string;\n}\n\n/** Sum fiat usage fields across duplicate `byUser` buckets for one external user. */\nexport function summarizeUsageFiatForExternalUser(\n usageByUser: UsageApiResponse,\n externalUserId: string,\n): UsageFiatSummary {\n const rows = usageByUser.byUser ?? [];\n let requestCount = 0;\n let networkFeeUsdMicros = 0n;\n let ownerChargeUsdMicros = 0n;\n let endUserBillableUsdMicros = 0n;\n let currency = \"USD\";\n\n for (const row of rows) {\n if (row.externalUserId !== externalUserId) continue;\n requestCount += row.requestCount;\n if (row.currency) currency = row.currency;\n if (row.networkFeeUsdMicros) {\n networkFeeUsdMicros += BigInt(row.networkFeeUsdMicros);\n }\n if (row.ownerChargeUsdMicros) {\n ownerChargeUsdMicros += BigInt(row.ownerChargeUsdMicros);\n }\n if (row.endUserBillableUsdMicros) {\n endUserBillableUsdMicros += BigInt(row.endUserBillableUsdMicros);\n }\n }\n\n return {\n externalUserId,\n requestCount,\n currency,\n networkFeeUsdMicros: networkFeeUsdMicros.toString(),\n ownerChargeUsdMicros: ownerChargeUsdMicros.toString(),\n endUserBillableUsdMicros: endUserBillableUsdMicros.toString(),\n };\n}\n\n/** Merge and sort pipeline/model rows from multiple Usage API responses. */\nexport function mergeUsageByPipelineModel(\n usagePipelineModels: UsageApiResponse | UsageApiResponse[] | undefined,\n): UsageByPipelineModelFiatRow[] {\n let responses: UsageApiResponse[];\n if (Array.isArray(usagePipelineModels)) {\n responses = usagePipelineModels;\n } else if (usagePipelineModels) {\n responses = [usagePipelineModels];\n } else {\n responses = [];\n }\n const byKey = new Map<string, UsageByPipelineModelFiatRow>();\n\n for (const response of responses) {\n for (const row of response.byPipelineModel ?? []) {\n const { pipeline, modelId } = row;\n if (!pipeline || !modelId) continue;\n const key = JSON.stringify([pipeline, modelId]);\n const existing = byKey.get(key);\n const rowCurrency = row.currency ?? \"USD\";\n\n const networkFee = row.networkFeeUsdMicros ?? \"0\";\n const ownerCharge = row.ownerChargeUsdMicros ?? \"0\";\n const endUserBillable = row.endUserBillableUsdMicros ?? \"0\";\n\n if (!existing) {\n byKey.set(key, {\n pipeline,\n modelId,\n requestCount: row.requestCount,\n currency: rowCurrency,\n networkFeeUsdMicros: networkFee,\n ownerChargeUsdMicros: ownerCharge,\n endUserBillableUsdMicros: endUserBillable,\n });\n continue;\n }\n byKey.set(key, {\n ...existing,\n requestCount: existing.requestCount + row.requestCount,\n networkFeeUsdMicros: (\n parseSafeBigInt(existing.networkFeeUsdMicros) + parseSafeBigInt(networkFee)\n ).toString(),\n ownerChargeUsdMicros: (\n parseSafeBigInt(existing.ownerChargeUsdMicros) + parseSafeBigInt(ownerCharge)\n ).toString(),\n endUserBillableUsdMicros: (\n parseSafeBigInt(existing.endUserBillableUsdMicros) + parseSafeBigInt(endUserBillable)\n ).toString(),\n });\n }\n }\n\n return [...byKey.values()].sort((a, b) => {\n if (a.pipeline === b.pipeline) return a.modelId.localeCompare(b.modelId);\n return a.pipeline.localeCompare(b.pipeline);\n });\n}\n\n/** Build the session-scoped `scope=me` usage payload for integrator BFFs. */\nexport function buildMeScopeUsagePayload(\n usageByUser: UsageApiResponse,\n externalUserId: string,\n usagePipelineModel?: UsageApiResponse | UsageApiResponse[],\n usageDaily?: UsageApiResponse,\n): MeScopeUsagePayload {\n const summary = summarizeUsageFiatForExternalUser(usageByUser, externalUserId);\n const pipelineModels = mergeUsageByPipelineModel(usagePipelineModel);\n const dailyByPipeline: UsageDailyPipelineRow[] = usageDaily?.byDailyPipeline ?? [];\n return {\n clientId: usageByUser.clientId,\n period: usageByUser.period,\n currentUser: {\n externalUserId: summary.externalUserId,\n requestCount: summary.requestCount,\n currency: summary.currency,\n networkFeeUsdMicros: summary.networkFeeUsdMicros,\n ownerChargeUsdMicros: summary.ownerChargeUsdMicros,\n endUserBillableUsdMicros: summary.endUserBillableUsdMicros,\n pipelineModels,\n dailyByPipeline,\n },\n };\n}\n\n/** Default cap for parallel pipeline_model fetches per external user (matches NaaP BFF). */\nexport const DEFAULT_MAX_END_USER_IDS = 25;\n","import {\n allowInsecureRequests,\n clientCredentialsGrantRequest,\n customFetch,\n genericTokenEndpointRequest,\n processClientCredentialsResponse,\n processGenericTokenEndpointResponse,\n type ClientAuth,\n type ClientCredentialsGrantRequestOptions,\n type TokenEndpointRequestOptions,\n} from \"oauth4webapi\";\nimport { encodeClientSecretBasic } from \"./encoding.js\";\nimport { loadAuthorizationServer, authorizationServerToOidcDocument } from \"./discovery.js\";\nimport { PmtHouseError } from \"./errors.js\";\nimport { parseAppManifestResponse } from \"./manifest.js\";\nimport { stripTrailingSlashes } from \"./string-utils.js\";\nimport { SIGN_JOB_SCOPE, parseSignerSessionExchange } from \"./tokens.js\";\nimport type { SignerSessionToken } from \"./tokens.js\";\nimport {\n buildMeScopeUsagePayload,\n DEFAULT_MAX_END_USER_IDS,\n getEndUserIdsForExternalUser,\n} from \"./usage.js\";\nimport {\n mapOAuthError,\n m2mClient,\n tokenEndpointResponseToClientCredentials,\n tokenEndpointResponseToExchange,\n} from \"./oauth-map.js\";\nimport type {\n AppUserRecord,\n ApproveDeviceLoginInput,\n ClientCredentialsTokenResponse,\n DeviceApprovalInput,\n FetchLike,\n GetAppManifestResult,\n GetDiscoveryOptions,\n MeScopeUsagePayload,\n MintSignerSessionForExternalUserInput,\n MintUserSignerSessionTokenInput,\n MintUserAccessTokenInput,\n MintUserAccessTokenResponse,\n OidcDiscoveryDocument,\n ParsedDeviceApprovalRedirect,\n PmtHouseClientOptions,\n TokenExchangeResponse,\n UpsertAppUserInput,\n BillingProduct,\n ListBillingProductsResult,\n PlanSyncResult,\n SignerRoutingResponse,\n SignedTicketIngestInput,\n SignedTicketIngestResult,\n UsageApiResponse,\n UsageQueryInput,\n UsageBalanceResponse,\n UserAllowanceGrantInput,\n UserAllowancesResponse,\n UserSubscriptionResponse,\n GrantSource,\n} from \"./types.js\";\nimport {\n ingestSignedTicket,\n ingestSignedTicketsBatch,\n} from \"./ingest.js\";\n\nconst TOKEN_EXCHANGE_GRANT = \"urn:ietf:params:oauth:grant-type:token-exchange\";\nconst SUBJECT_ACCESS_TOKEN_TYPE = \"urn:ietf:params:oauth:token-type:access_token\";\nconst REQUESTED_ACCESS_TOKEN_TYPE = \"urn:ietf:params:oauth:token-type:access_token\";\n\nconst DEVICE_RESOURCE_PREFIX = \"urn:pmth:device_code:\";\n\n/**\n * Normalize RFC 8628 user codes for comparison and resource URIs (uppercase, strip separators).\n */\nexport function normalizeUserCode(value: string): string {\n return value\n .replace(/[a-z]/g, (char) => char.toUpperCase())\n .replace(/\\W/g, \"\");\n}\n\n/**\n * RFC 8707 resource indicator for NaaP Option B device approval (`urn:pmth:device_code:<normalized>`).\n */\nexport function buildDeviceCodeResource(userCode: string): string {\n return `${DEVICE_RESOURCE_PREFIX}${normalizeUserCode(userCode)}`;\n}\n\nexport class PmtHouseClient {\n private readonly issuerUrl: string;\n private readonly publicClientId: string;\n private readonly m2mClientId: string;\n private readonly m2mClientSecret: string;\n private readonly fetchImpl: FetchLike;\n private readonly logger?: PmtHouseClientOptions[\"logger\"];\n private readonly allowInsecureHttp: boolean;\n\n constructor(options: PmtHouseClientOptions) {\n this.issuerUrl = stripTrailingSlashes(options.issuerUrl);\n this.publicClientId = options.publicClientId;\n this.m2mClientId = options.m2mClientId;\n this.m2mClientSecret = options.m2mClientSecret;\n this.fetchImpl = options.fetch ?? fetch;\n this.logger = options.logger;\n this.allowInsecureHttp = options.allowInsecureHttp ?? false;\n }\n\n async getDiscovery(options: GetDiscoveryOptions = {}): Promise<OidcDiscoveryDocument> {\n const as = await loadAuthorizationServer(this.issuerUrl, this.fetchImpl, {\n force: options.force,\n allowInsecureHttp: this.allowInsecureHttp,\n });\n return authorizationServerToOidcDocument(as);\n }\n\n verifyIssuer(iss: string): boolean {\n const candidate = stripTrailingSlashes(iss.trim());\n return candidate === this.issuerUrl;\n }\n\n parseDeviceApprovalRedirect(\n searchParams: URLSearchParams,\n ): ParsedDeviceApprovalRedirect {\n const issuer = searchParams.get(\"iss\")?.trim() ?? \"\";\n const targetLinkUri = searchParams.get(\"target_link_uri\")?.trim() ?? \"\";\n\n if (!issuer || !targetLinkUri) {\n throw new PmtHouseError(\"Missing iss or target_link_uri\", {\n status: 400,\n code: \"invalid_request\",\n });\n }\n\n if (!this.verifyIssuer(issuer)) {\n throw new PmtHouseError(\"Issuer mismatch for initiate login\", {\n status: 400,\n code: \"invalid_issuer\",\n });\n }\n\n let targetUrl: URL;\n try {\n targetUrl = new URL(targetLinkUri);\n } catch {\n throw new PmtHouseError(\"target_link_uri is not a valid URL\", {\n status: 400,\n code: \"invalid_target\",\n });\n }\n\n const issuerOrigin = new URL(this.issuerUrl).origin;\n if (targetUrl.origin !== issuerOrigin || targetUrl.pathname !== \"/oidc/device\") {\n throw new PmtHouseError(\n \"target_link_uri does not point to the issuer device path\",\n {\n status: 400,\n code: \"invalid_target\",\n },\n );\n }\n\n const userCode = normalizeUserCode(targetUrl.searchParams.get(\"user_code\") ?? \"\");\n const clientId = targetUrl.searchParams.get(\"client_id\")?.trim() ?? \"\";\n\n if (!userCode || !clientId) {\n throw new PmtHouseError(\"target_link_uri is missing user_code or client_id\", {\n status: 400,\n code: \"invalid_target\",\n });\n }\n\n return {\n issuer,\n targetLinkUri,\n userCode,\n clientId,\n };\n }\n\n async listAppUsers(): Promise<{ users: AppUserRecord[] }> {\n const url = `${this.getAppsBaseUrl()}/users`;\n return this.requestJson<{ users: AppUserRecord[] }>(url, {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n });\n }\n\n async upsertAppUser(input: UpsertAppUserInput): Promise<AppUserRecord> {\n const payload: Record<string, unknown> = {\n externalUserId: input.externalUserId,\n };\n if (input.email) payload.email = input.email;\n if (input.status) payload.status = input.status;\n\n const url = `${this.getAppsBaseUrl()}/users`;\n return this.requestJson<AppUserRecord>(url, {\n method: \"POST\",\n headers: this.builderHeaders(),\n body: JSON.stringify(payload),\n cache: \"no-store\",\n });\n }\n\n async deleteAppUser(params: { externalUserId: string }): Promise<{ success: boolean }> {\n const url = new URL(`${this.getAppsBaseUrl()}/users`);\n url.searchParams.set(\"externalUserId\", params.externalUserId);\n return this.requestJson<{ success: boolean }>(url.toString(), {\n method: \"DELETE\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n });\n }\n\n async mintUserAccessToken(\n input: MintUserAccessTokenInput,\n ): Promise<MintUserAccessTokenResponse> {\n const url = `${this.getAppsBaseUrl()}/users/${encodeURIComponent(input.externalUserId)}/token`;\n const body = input.scope ? { scope: input.scope } : {};\n\n return this.requestJson<MintUserAccessTokenResponse>(url, {\n method: \"POST\",\n headers: this.builderHeaders(),\n body: JSON.stringify(body),\n cache: \"no-store\",\n });\n }\n\n /**\n * Exchange a long-lived dashboard API key (`pmth_*`) for a short-lived user JWT.\n */\n async exchangeApiKeyForUserAccessToken(input: {\n apiKey: string;\n scope?: string;\n }): Promise<MintUserAccessTokenResponse> {\n const url = `${this.getAppsBaseUrl()}/auth/api-key/token`;\n return this.requestJson<MintUserAccessTokenResponse>(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${input.apiKey.trim()}`,\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n },\n body: JSON.stringify(input.scope ? { scope: input.scope } : {}),\n cache: \"no-store\",\n });\n }\n\n /**\n * Exchange a dashboard API key for a signer session via a trusted facade (recommended)\n * or directly when M2M credentials are available on this client.\n */\n async exchangeApiKeyForSignerSession(input: {\n apiKey: string;\n scope?: string;\n facadeUrl?: string;\n }): Promise<TokenExchangeResponse> {\n if (input.facadeUrl?.trim()) {\n const { exchangeApiKeyForSigner } = await import(\"./signer/api-key-exchange.js\");\n const exchanged = await exchangeApiKeyForSigner({\n facadeUrl: input.facadeUrl.trim(),\n apiKey: input.apiKey,\n scope: input.scope,\n clientId: this.publicClientId,\n fetch: this.fetchImpl,\n });\n return {\n access_token: exchanged.access_token,\n token_type: exchanged.token_type,\n expires_in: exchanged.expires_in,\n scope: exchanged.scope,\n issued_token_type: \"urn:ietf:params:oauth:token-type:access_token\",\n };\n }\n\n const userToken = await this.exchangeApiKeyForUserAccessToken({\n apiKey: input.apiKey,\n scope: input.scope,\n });\n return this.exchangeForSignerSession({ userJwt: userToken.access_token });\n }\n\n async completeDeviceApproval(\n input: DeviceApprovalInput,\n ): Promise<TokenExchangeResponse> {\n const as = await loadAuthorizationServer(this.issuerUrl, this.fetchImpl, {\n allowInsecureHttp: this.allowInsecureHttp,\n });\n const client = m2mClient(this.m2mClientId);\n const clientAuth = this.m2mClientAuth();\n const params = new URLSearchParams();\n params.set(\"subject_token\", input.userJwt);\n params.set(\"subject_token_type\", SUBJECT_ACCESS_TOKEN_TYPE);\n params.set(\"resource\", buildDeviceCodeResource(input.userCode));\n\n try {\n const response = await genericTokenEndpointRequest(\n as,\n client,\n clientAuth,\n TOKEN_EXCHANGE_GRANT,\n params,\n this.tokenEndpointFetchOptions(),\n );\n const tr = await processGenericTokenEndpointResponse(\n as,\n client,\n response,\n );\n return tokenEndpointResponseToExchange(tr);\n } catch (e) {\n throw mapOAuthError(e);\n }\n }\n\n async issueMachineAccessToken(\n scope = \"sign:job\",\n ): Promise<ClientCredentialsTokenResponse> {\n const as = await loadAuthorizationServer(this.issuerUrl, this.fetchImpl, {\n allowInsecureHttp: this.allowInsecureHttp,\n });\n const client = m2mClient(this.m2mClientId);\n const clientAuth = this.m2mClientAuth();\n const params = new URLSearchParams();\n params.set(\"scope\", scope);\n\n try {\n const response = await clientCredentialsGrantRequest(\n as,\n client,\n clientAuth,\n params,\n this.tokenEndpointFetchOptions(),\n );\n const tr = await processClientCredentialsResponse(\n as,\n client,\n response,\n );\n return tokenEndpointResponseToClientCredentials(tr);\n } catch (e) {\n throw mapOAuthError(e);\n }\n }\n\n async exchangeForSignerSession(input: {\n userJwt: string;\n resource?: string;\n }): Promise<TokenExchangeResponse> {\n const as = await loadAuthorizationServer(this.issuerUrl, this.fetchImpl, {\n allowInsecureHttp: this.allowInsecureHttp,\n });\n const client = m2mClient(this.m2mClientId);\n const clientAuth = this.m2mClientAuth();\n const params = new URLSearchParams();\n params.set(\"subject_token\", input.userJwt);\n params.set(\"subject_token_type\", SUBJECT_ACCESS_TOKEN_TYPE);\n params.set(\"requested_token_type\", REQUESTED_ACCESS_TOKEN_TYPE);\n const resourceCandidate =\n typeof input.resource === \"string\" && input.resource.trim() !== \"\"\n ? input.resource.trim()\n : this.issuerUrl;\n params.set(\"resource\", stripTrailingSlashes(resourceCandidate));\n\n try {\n const response = await genericTokenEndpointRequest(\n as,\n client,\n clientAuth,\n TOKEN_EXCHANGE_GRANT,\n params,\n this.tokenEndpointFetchOptions(),\n );\n const tr = await processGenericTokenEndpointResponse(\n as,\n client,\n response,\n );\n return tokenEndpointResponseToExchange(tr);\n } catch (e) {\n throw mapOAuthError(e);\n }\n }\n\n /**\n * Mint a short-lived per-user JWT with the Builder API, then exchange it for\n * a long-lived opaque signer session token at the PymtHouse OIDC token endpoint.\n */\n async mintUserSignerSessionToken(\n input: MintUserSignerSessionTokenInput,\n ): Promise<TokenExchangeResponse> {\n const userToken = await this.mintUserAccessToken({\n externalUserId: input.externalUserId,\n scope: input.scope ?? \"sign:job\",\n });\n\n return this.exchangeForSignerSession({\n userJwt: userToken.access_token,\n resource: input.resource,\n });\n }\n\n async createSignerSessionToken(params: {\n userJwt?: string;\n }): Promise<TokenExchangeResponse> {\n if (params.userJwt) {\n try {\n return await this.exchangeForSignerSession({ userJwt: params.userJwt });\n } catch (error) {\n const err = this.asError(error);\n this.logger?.warn?.(\"User JWT exchange failed, falling back to machine exchange\", {\n code: err.code,\n status: err.status,\n });\n }\n }\n\n const machineToken = await this.issueMachineAccessToken(\"sign:job\");\n if (!machineToken.access_token) {\n throw new PmtHouseError(\"Client credentials flow did not return access_token\", {\n status: 502,\n code: \"invalid_token_response\",\n });\n }\n\n return this.exchangeForSignerSession({ userJwt: machineToken.access_token });\n }\n\n async getUsage(input: UsageQueryInput = {}): Promise<UsageApiResponse> {\n const url = new URL(`${this.getAppsBaseUrl()}/usage`);\n if (input.startDate) url.searchParams.set(\"startDate\", input.startDate);\n if (input.endDate) url.searchParams.set(\"endDate\", input.endDate);\n if (input.groupBy) url.searchParams.set(\"groupBy\", input.groupBy);\n if (input.userId) url.searchParams.set(\"userId\", input.userId);\n if (input.gatewayRequestId) url.searchParams.set(\"gatewayRequestId\", input.gatewayRequestId);\n if (input.includeRetail) url.searchParams.set(\"include\", \"retail\");\n\n return this.requestJson<UsageApiResponse>(url.toString(), {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n });\n }\n\n /**\n * Session-scoped usage for one `externalUserId`: user rollup plus merged pipeline/model breakdown.\n */\n async ingestSignedTicket(ticket: SignedTicketIngestInput): Promise<SignedTicketIngestResult> {\n return ingestSignedTicket({\n issuerUrl: this.issuerUrl,\n publicClientId: this.publicClientId,\n m2mClientId: this.m2mClientId,\n m2mClientSecret: this.m2mClientSecret,\n ticket,\n fetch: this.fetchImpl,\n });\n }\n\n async ingestSignedTickets(\n tickets: SignedTicketIngestInput[],\n ): Promise<{ results: Array<SignedTicketIngestResult & { requestId?: string; ok?: boolean }> }> {\n return ingestSignedTicketsBatch({\n issuerUrl: this.issuerUrl,\n publicClientId: this.publicClientId,\n m2mClientId: this.m2mClientId,\n m2mClientSecret: this.m2mClientSecret,\n tickets,\n fetch: this.fetchImpl,\n });\n }\n\n async getSignerRouting(): Promise<SignerRoutingResponse> {\n return this.requestJson<SignerRoutingResponse>(\n `${this.getAppsBaseUrl()}/signer/routing`,\n {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n }\n\n async listBillingProducts(): Promise<ListBillingProductsResult> {\n const url = `${this.getAppsBaseUrl()}/plans?apiVersion=2`;\n const body = await this.requestJson<ListBillingProductsResult & { plans?: BillingProduct[] }>(\n url,\n {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n return {\n apiVersion: body.apiVersion ?? 2,\n products: body.products ?? body.plans ?? [],\n };\n }\n\n async syncBillingProduct(planId: string): Promise<PlanSyncResult> {\n return this.requestJson<PlanSyncResult>(\n `${this.getAppsBaseUrl()}/plans/${encodeURIComponent(planId)}/sync`,\n {\n method: \"POST\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n }\n\n async getUsageBalance(externalUserId: string): Promise<UsageBalanceResponse> {\n const url = new URL(`${this.getAppsBaseUrl()}/usage/balance`);\n url.searchParams.set(\"externalUserId\", externalUserId);\n return this.requestJson<UsageBalanceResponse>(url.toString(), {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n });\n }\n\n async getUserAllowances(externalUserId: string): Promise<UserAllowancesResponse> {\n return this.requestJson<UserAllowancesResponse>(\n `${this.getAppsBaseUrl()}/users/${encodeURIComponent(externalUserId)}/allowances`,\n {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n }\n\n async grantUserAllowance(\n externalUserId: string,\n input: UserAllowanceGrantInput,\n ): Promise<UserAllowancesResponse & { grantedUsdMicros?: string; featureKey?: string }> {\n return this.requestJson(\n `${this.getAppsBaseUrl()}/users/${encodeURIComponent(externalUserId)}/allowances`,\n {\n method: \"POST\",\n headers: this.builderHeaders(),\n body: JSON.stringify(input),\n cache: \"no-store\",\n },\n );\n }\n\n /**\n * @deprecated Removed from PymtHouse — use {@link getUsageBalance} or {@link getUserAllowances}.\n */\n async getUserCredits(externalUserId: string): Promise<UsageBalanceResponse> {\n return this.getUsageBalance(externalUserId);\n }\n\n /**\n * @deprecated Removed from PymtHouse — use {@link grantUserAllowance} (`POST .../allowances`).\n */\n async grantUserCredits(\n externalUserId: string,\n input: { amountUsdMicros: string; source?: GrantSource; featureKey?: string },\n ): Promise<UsageBalanceResponse & { grantedUsdMicros?: string; featureKey?: string }> {\n const result = await this.grantUserAllowance(externalUserId, {\n amountUsdMicros: input.amountUsdMicros,\n source: input.source ?? \"manual\",\n featureKey: input.featureKey,\n });\n const flat = result as UserAllowancesResponse & {\n balanceUsdMicros?: string;\n consumedUsdMicros?: string;\n lifetimeGrantedUsdMicros?: string;\n hasAccess?: boolean;\n grantedUsdMicros?: string;\n featureKey?: string;\n };\n const nested = result.allowances;\n return {\n externalUserId: result.externalUserId,\n balanceUsdMicros:\n flat.balanceUsdMicros ?? nested?.balanceUsdMicros ?? \"0\",\n consumedUsdMicros:\n flat.consumedUsdMicros ?? nested?.consumedUsdMicros ?? \"0\",\n lifetimeGrantedUsdMicros:\n flat.lifetimeGrantedUsdMicros ?? nested?.lifetimeGrantedUsdMicros ?? \"0\",\n hasAccess: flat.hasAccess ?? nested?.hasAccess ?? false,\n remainingUsdMicros:\n flat.balanceUsdMicros ?? nested?.balanceUsdMicros,\n grantedUsdMicros: flat.grantedUsdMicros,\n featureKey: flat.featureKey,\n };\n }\n\n async getUserSubscription(externalUserId: string): Promise<UserSubscriptionResponse> {\n return this.requestJson<UserSubscriptionResponse>(\n `${this.getAppsBaseUrl()}/users/${encodeURIComponent(externalUserId)}/subscription`,\n {\n method: \"GET\",\n headers: this.builderHeaders(),\n cache: \"no-store\",\n },\n );\n }\n\n async fetchUsageForExternalUser(input: {\n externalUserId: string;\n startDate: string;\n endDate: string;\n maxEndUserIds?: number;\n }): Promise<MeScopeUsagePayload> {\n const usageByUser = await this.getUsage({\n startDate: input.startDate,\n endDate: input.endDate,\n groupBy: \"user\",\n });\n const userIds = getEndUserIdsForExternalUser(usageByUser, input.externalUserId);\n const cap = input.maxEndUserIds ?? DEFAULT_MAX_END_USER_IDS;\n const cappedUserIds = userIds.slice(0, cap);\n const usagePipelineModels = await Promise.all(\n cappedUserIds.map((userId) =>\n this.getUsage({\n startDate: input.startDate,\n endDate: input.endDate,\n groupBy: \"pipeline_model\",\n userId,\n }),\n ),\n );\n const usageDaily = await this.getUsage({\n startDate: input.startDate,\n endDate: input.endDate,\n groupBy: \"daily_pipeline\",\n userId: input.externalUserId,\n });\n return buildMeScopeUsagePayload(\n usageByUser,\n input.externalUserId,\n usagePipelineModels,\n usageDaily,\n );\n }\n\n async getAppManifest(opts?: {\n ifNoneMatch?: string;\n signal?: AbortSignal;\n }): Promise<GetAppManifestResult> {\n const url = `${this.getAppsBaseUrl()}/manifest`;\n const headers: Record<string, string> = {\n ...this.builderHeadersRecord(),\n };\n if (opts?.ifNoneMatch) {\n headers[\"If-None-Match\"] = opts.ifNoneMatch;\n }\n\n this.logger?.debug?.(\"PmtHouse request\", { method: \"GET\", url });\n\n const response = await this.fetchImpl(url, {\n method: \"GET\",\n headers,\n signal: opts?.signal,\n cache: \"no-store\",\n });\n\n const etag = response.headers.get(\"etag\")?.trim() ?? null;\n\n if (response.status === 304) {\n return {\n manifest: null,\n etag: etag ?? opts?.ifNoneMatch ?? null,\n notModified: true,\n };\n }\n\n const raw = await response.text();\n const ct = response.headers.get(\"content-type\") ?? \"\";\n const looksJson = ct.includes(\"application/json\") || ct.includes(\"json\");\n const parsed = raw && looksJson ? this.safeParseJson(raw) : null;\n\n if (!response.ok) {\n const details = (parsed ?? {}) as Record<string, unknown>;\n let description: string;\n if (typeof details.error_description === \"string\") {\n description = details.error_description;\n } else if (typeof details.error === \"string\") {\n description = details.error;\n } else {\n description = `Request failed (${response.status})`;\n }\n throw new PmtHouseError(description, {\n status: response.status,\n code: typeof details.error === \"string\" ? details.error : \"pymthouse_http_error\",\n details,\n });\n }\n\n if (!looksJson || parsed === null) {\n throw new PmtHouseError(\"Expected JSON response from Builder manifest endpoint\", {\n status: 502,\n code: \"invalid_response\",\n details: { contentType: ct, preview: raw.slice(0, 200) },\n });\n }\n\n return {\n manifest: parseAppManifestResponse(parsed),\n etag,\n notModified: false,\n };\n }\n\n /**\n * Upsert an external user, mint a short-lived JWT, and exchange for an opaque signer session.\n */\n async mintSignerSessionForExternalUser(\n input: MintSignerSessionForExternalUserInput,\n ): Promise<SignerSessionToken> {\n await this.upsertAppUser({\n externalUserId: input.externalUserId,\n email: input.email,\n status: \"active\",\n });\n const exchange = await this.mintUserSignerSessionToken({\n externalUserId: input.externalUserId,\n scope: input.scope ?? SIGN_JOB_SCOPE,\n resource: this.issuerUrl,\n });\n return parseSignerSessionExchange(exchange);\n }\n\n /**\n * Approve a pending RFC 8628 device code for an external user (Option B).\n */\n async approveDeviceLogin(input: ApproveDeviceLoginInput): Promise<void> {\n if (input.publicClientId && input.publicClientId !== this.publicClientId) {\n throw new PmtHouseError(\n \"publicClientId does not match configured public client id\",\n { status: 400, code: \"invalid_client\" },\n );\n }\n\n await this.upsertAppUser({\n externalUserId: input.externalUserId,\n email: input.email,\n status: \"active\",\n });\n const userToken = await this.mintUserAccessToken({\n externalUserId: input.externalUserId,\n scope: SIGN_JOB_SCOPE,\n });\n await this.completeDeviceApproval({\n userJwt: userToken.access_token,\n userCode: input.userCode,\n });\n }\n\n private tokenEndpointFetchOptions():\n | ClientCredentialsGrantRequestOptions\n | TokenEndpointRequestOptions {\n const o: ClientCredentialsGrantRequestOptions = {\n [customFetch]: this.fetchImpl,\n };\n if (this.allowInsecureHttp) {\n o[allowInsecureRequests] = true;\n }\n return o;\n }\n\n private getAppsBaseUrl(): string {\n return `${this.getIssuerOrigin()}/api/v1/apps/${encodeURIComponent(this.publicClientId)}`;\n }\n\n private getIssuerOrigin(): string {\n return new URL(this.issuerUrl).origin;\n }\n\n private builderHeaders(): HeadersInit {\n return this.builderHeadersRecord();\n }\n\n private builderHeadersRecord(): Record<string, string> {\n return {\n Authorization: encodeClientSecretBasic(this.m2mClientId, this.m2mClientSecret),\n \"Content-Type\": \"application/json\",\n Accept: \"application/json\",\n };\n }\n\n private m2mClientAuth(): ClientAuth {\n return (_as, _client, _body, headers) => {\n headers.set(\"Authorization\", encodeClientSecretBasic(this.m2mClientId, this.m2mClientSecret));\n };\n }\n\n private async requestJson<T>(url: string, init: RequestInit): Promise<T> {\n this.logger?.debug?.(\"PmtHouse request\", {\n method: init.method ?? \"GET\",\n url,\n });\n\n const response = await this.fetchImpl(url, init);\n const raw = await response.text();\n const ct = response.headers.get(\"content-type\") ?? \"\";\n const looksJson = ct.includes(\"application/json\") || ct.includes(\"json\");\n const parsed = raw && looksJson ? this.safeParseJson(raw) : raw ? null : null;\n\n if (!response.ok) {\n const details = (parsed ?? {}) as Record<string, unknown>;\n let description: string;\n if (typeof details.error_description === \"string\") {\n description = details.error_description;\n } else if (typeof details.error === \"string\") {\n description = details.error;\n } else {\n description = `Request failed (${response.status})`;\n }\n\n throw new PmtHouseError(description, {\n status: response.status,\n code:\n typeof details.error === \"string\"\n ? details.error\n : \"pymthouse_http_error\",\n details,\n });\n }\n\n if (!looksJson || parsed === null) {\n throw new PmtHouseError(\"Expected JSON response from Builder or Usage API\", {\n status: 502,\n code: \"invalid_response\",\n details: { contentType: ct, preview: raw.slice(0, 200) },\n });\n }\n\n if (!parsed) {\n return {} as T;\n }\n\n return parsed as T;\n }\n\n private safeParseJson(value: string): unknown {\n try {\n return JSON.parse(value);\n } catch {\n return null;\n }\n }\n\n private asError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n\n if (error instanceof Error) {\n return new PmtHouseError(error.message, {\n code: \"unexpected_error\",\n status: 500,\n });\n }\n\n return new PmtHouseError(\"Unexpected error\", {\n code: \"unexpected_error\",\n status: 500,\n });\n }\n}\n","import { createHash } from \"node:crypto\";\n\nimport type { AppManifestCapability, AppManifestResponse } from \"./types.js\";\n\nexport function parseAppManifestResponse(json: unknown): AppManifestResponse {\n if (!json || typeof json !== \"object\" || Array.isArray(json)) {\n return { capabilities: [], excludedCapabilities: [] };\n }\n const record = json as Record<string, unknown>;\n const capabilities = parseCapabilityArray(record.capabilities);\n const excludedCapabilities = parseCapabilityArray(record.excludedCapabilities);\n const manifestVersion =\n typeof record.manifestVersion === \"string\" && record.manifestVersion.trim()\n ? record.manifestVersion.trim()\n : undefined;\n return { capabilities, excludedCapabilities, manifestVersion };\n}\n\nfunction parseCapabilityArray(raw: unknown): AppManifestCapability[] {\n if (!Array.isArray(raw)) return [];\n return raw.filter(\n (c): c is AppManifestCapability =>\n !!c &&\n typeof c === \"object\" &&\n typeof (c as { pipeline?: unknown }).pipeline === \"string\" &&\n typeof (c as { modelId?: unknown }).modelId === \"string\",\n );\n}\n\nfunction sortedCaps(caps: AppManifestCapability[]): AppManifestCapability[] {\n return [...caps].sort((a, b) => {\n const p = a.pipeline.localeCompare(b.pipeline);\n return p === 0 ? a.modelId.localeCompare(b.modelId) : p;\n });\n}\n\nexport function computeManifestRevision(\n data: Pick<\n AppManifestResponse,\n \"capabilities\" | \"excludedCapabilities\" | \"manifestVersion\"\n > | null,\n): string {\n if (data == null) {\n return \"unavailable\";\n }\n if (data.manifestVersion?.trim()) {\n return data.manifestVersion.trim();\n }\n const caps = sortedCaps(data.capabilities ?? []);\n const excl = sortedCaps(data.excludedCapabilities ?? []);\n if (caps.length === 0 && excl.length === 0) {\n return \"empty\";\n }\n return createHash(\"sha256\")\n .update(JSON.stringify({ capabilities: caps, excludedCapabilities: excl }))\n .digest(\"hex\")\n .slice(0, 24);\n}\n","import type { TokenExchangeResponse } from \"./types.js\";\n\n/**\n * Matches PymtHouse `gateway-token-exchange.ts` opaque signer session TTL (~90 days).\n *\n * Any change here must stay in sync with the upstream PymtHouse value.\n */\nexport const SIGNER_SESSION_TTL_MS = 90 * 24 * 60 * 60 * 1000;\n\nexport const SIGNER_SESSION_EXPIRES_IN_SEC = Math.floor(SIGNER_SESSION_TTL_MS / 1000);\n\n/** Default end-user scope for Builder-minted user tokens and signer sessions. */\nexport const SIGN_JOB_SCOPE = \"sign:job\";\n\n/** @deprecated Use {@link SIGNER_SESSION_TTL_MS}. */\nexport const PYMTHOUSE_SIGNER_SESSION_TTL_MS = SIGNER_SESSION_TTL_MS;\n\nexport interface SignerSessionToken {\n accessToken: string;\n tokenType: string;\n expiresIn: number;\n scope: string;\n}\n\n/**\n * Compute the implied expiry for an opaque signer session key whose creation\n * timestamp is known but whose token body carries no expiry of its own.\n */\nexport function computeSignerSessionExpiry(input: Date | string): Date {\n const createdAt = input instanceof Date ? input : new Date(input);\n return new Date(createdAt.getTime() + SIGNER_SESSION_TTL_MS);\n}\n\n/** @deprecated Use {@link computeSignerSessionExpiry}. */\nexport const computePymthouseExpiry = computeSignerSessionExpiry;\n\n/**\n * Cheap shape check — true for inputs that look like a 3-segment JWT.\n * Does NOT validate the signature; callers must not use this for trust.\n */\nexport function isLikelyOidcJwt(rawToken: string): boolean {\n const t = rawToken.trim();\n return t.startsWith(\"eyJ\") && t.split(\".\").length >= 3;\n}\n\n/** True when the token is an opaque signer session (not a JWT). */\nexport function isOpaqueSignerSessionToken(rawToken: string): boolean {\n const t = rawToken.trim();\n return t.length > 0 && !isLikelyOidcJwt(t);\n}\n\nfunction base64UrlPayloadToUtf8(payloadB64: string): string {\n const normalized = payloadB64.replaceAll(\"-\", \"+\").replaceAll(\"_\", \"/\");\n const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, \"=\");\n if (typeof Buffer !== \"undefined\") {\n return Buffer.from(padded, \"base64\").toString(\"utf8\");\n }\n return atob(padded);\n}\n\n/**\n * Best-effort `exp` extraction from a JWT payload. Returns null on any\n * parse error, missing/invalid `exp`, or non-finite numeric value.\n *\n * Security note: the JWT is not verified. Use only for UX-level expiry\n * display or soft-cleanup of unusable keys, never for authorization.\n */\nexport function decodeJwtExp(rawToken: string): Date | null {\n try {\n const parts = rawToken.split(\".\");\n if (parts.length < 2) return null;\n const payloadJson = base64UrlPayloadToUtf8(parts[1]);\n const payload = JSON.parse(payloadJson) as { exp?: number };\n if (typeof payload.exp !== \"number\" || !Number.isFinite(payload.exp)) return null;\n const expMs = Math.floor(payload.exp * 1000);\n if (expMs <= 0) return null;\n return new Date(expMs);\n } catch {\n return null;\n }\n}\n\n/**\n * Normalize an RFC 8693 token exchange response into a signer session token.\n * Validates that the access token is opaque (not a JWT).\n */\nexport function parseSignerSessionExchange(res: TokenExchangeResponse): SignerSessionToken {\n const accessToken = typeof res.access_token === \"string\" ? res.access_token.trim() : \"\";\n if (!accessToken) {\n throw new Error(\"PymtHouse signer session exchange returned no access_token\");\n }\n if (isLikelyOidcJwt(accessToken)) {\n throw new Error(\n \"PymtHouse signer session exchange returned a JWT; expected opaque signer session token\",\n );\n }\n\n const tokenType =\n typeof res.token_type === \"string\" && res.token_type.trim()\n ? res.token_type.trim()\n : \"Bearer\";\n const expiresIn =\n typeof res.expires_in === \"number\" &&\n Number.isFinite(res.expires_in) &&\n res.expires_in > 0\n ? Math.floor(res.expires_in)\n : SIGNER_SESSION_EXPIRES_IN_SEC;\n const scope =\n typeof res.scope === \"string\" && res.scope.trim() ? res.scope.trim() : SIGN_JOB_SCOPE;\n\n return {\n accessToken,\n tokenType,\n expiresIn,\n scope,\n };\n}\n","import { type Client, OperationProcessingError, ResponseBodyError } from \"oauth4webapi\";\nimport { PmtHouseError } from \"./errors.js\";\nimport type { ClientCredentialsTokenResponse, TokenExchangeResponse } from \"./types.js\";\n\nconst ACCEPTED_ISSUED_TOKEN_TYPES = new Set([\n \"urn:ietf:params:oauth:token-type:access_token\",\n \"urn:pmth:token-type:remote-signer-session\",\n]);\n\nexport function mapOAuthError(error: unknown): PmtHouseError {\n if (error instanceof PmtHouseError) {\n return error;\n }\n\n if (error instanceof ResponseBodyError) {\n const cause = error.cause as Record<string, unknown>;\n const description =\n typeof error.error_description === \"string\"\n ? error.error_description\n : error.message;\n const details: Record<string, unknown> = { ...cause };\n if (typeof cause.error_uri === \"string\") {\n details.error_uri = cause.error_uri;\n }\n return new PmtHouseError(description, {\n status: error.status,\n code: error.error,\n details,\n });\n }\n\n if (error instanceof OperationProcessingError) {\n return new PmtHouseError(error.message, {\n status: 502,\n code: error.code ?? \"oauth_processing_error\",\n details: { cause: error.cause },\n });\n }\n\n if (error instanceof Error) {\n return new PmtHouseError(error.message, {\n status: 500,\n code: \"unexpected_error\",\n });\n }\n\n return new PmtHouseError(\"Unexpected error\", {\n status: 500,\n code: \"unexpected_error\",\n });\n}\n\nexport function tokenEndpointResponseToExchange(\n tr: import(\"oauth4webapi\").TokenEndpointResponse,\n): TokenExchangeResponse {\n const issued = tr.issued_token_type;\n if (typeof issued !== \"string\" || !ACCEPTED_ISSUED_TOKEN_TYPES.has(issued)) {\n throw new PmtHouseError(\"Token exchange returned an unexpected issued_token_type\", {\n status: 502,\n code: \"invalid_token_response\",\n details: { issued_token_type: issued },\n });\n }\n\n const tt = tr.token_type;\n if (typeof tt !== \"string\" || tt.toLowerCase() !== \"bearer\") {\n throw new PmtHouseError(\"Token endpoint returned a non-Bearer token_type\", {\n status: 502,\n code: \"invalid_token_response\",\n details: { token_type: tt },\n });\n }\n\n const expiresIn = tr.expires_in;\n if (typeof expiresIn !== \"number\") {\n throw new PmtHouseError(\"Token response missing expires_in\", {\n status: 502,\n code: \"invalid_token_response\",\n });\n }\n\n const scope = typeof tr.scope === \"string\" ? tr.scope : \"\";\n\n return {\n access_token: tr.access_token,\n token_type: \"Bearer\",\n expires_in: expiresIn,\n scope,\n issued_token_type: issued,\n };\n}\n\nexport function tokenEndpointResponseToClientCredentials(\n tr: import(\"oauth4webapi\").TokenEndpointResponse,\n): ClientCredentialsTokenResponse {\n const tt = tr.token_type;\n if (typeof tt !== \"string\" || tt.toLowerCase() !== \"bearer\") {\n throw new PmtHouseError(\"Token endpoint returned a non-Bearer token_type\", {\n status: 502,\n code: \"invalid_token_response\",\n details: { token_type: tt },\n });\n }\n\n return {\n access_token: tr.access_token,\n token_type: \"Bearer\",\n expires_in: tr.expires_in,\n scope: typeof tr.scope === \"string\" ? tr.scope : undefined,\n };\n}\n\nexport function m2mClient(clientId: string): Client {\n return { client_id: clientId };\n}\n","export {\n applyRetailRateToNetworkMicros,\n defaultRetailRateUsd,\n markupPercentToRetailRateUsd,\n NETWORK_USD_PER_MICRO,\n parseMarkupPercentInput,\n parseRetailRateUsd,\n retailRateUsdPerMillion,\n retailRateUsdToMarkupPercent,\n} from \"./plan-pricing.js\";\nexport {\n ingestSignedTicket,\n ingestSignedTicketsBatch,\n signerSnapshotToIngestPayload,\n} from \"./ingest.js\";\nexport {\n aggregateUsageByExternalUserId,\n buildMeScopeUsagePayload,\n DEFAULT_MAX_END_USER_IDS,\n getEndUserIdsForExternalUser,\n getUsageRecordUserIdsForExternalUser,\n getUtcCalendarMonthIsoBounds,\n listUsageByPipelineModel,\n mergeUsageByPipelineModel,\n parseUsageDateParam,\n summarizeUsageFiatForExternalUser,\n summarizeUsageForExternalUser,\n} from \"./usage.js\";\nexport { PmtHouseClient, buildDeviceCodeResource, normalizeUserCode } from \"./client.js\";\nexport { PmtHouseError, toPmtHouseError } from \"./errors.js\";\nexport {\n getBuilderApiV1BaseFromIssuerUrl,\n getPymthouseIssuerOrigin,\n getPymthouseIssuerUrlFromEnv,\n getPymthousePublicClientIdFromEnv,\n isPymthouseConfigured,\n PYMTHOUSE_NOT_CONFIGURED_MESSAGE,\n readPymthouseEnv,\n} from \"./config.js\";\nexport {\n clearDiscoveryCache,\n fetchDiscoveryDocument,\n loadAuthorizationServer,\n authorizationServerToOidcDocument,\n} from \"./discovery.js\";\nexport { computeManifestRevision, parseAppManifestResponse } from \"./manifest.js\";\nexport {\n computePymthouseExpiry,\n computeSignerSessionExpiry,\n decodeJwtExp,\n isLikelyOidcJwt,\n isOpaqueSignerSessionToken,\n parseSignerSessionExchange,\n PYMTHOUSE_SIGNER_SESSION_TTL_MS,\n SIGNER_SESSION_EXPIRES_IN_SEC,\n SIGNER_SESSION_TTL_MS,\n SIGN_JOB_SCOPE,\n} from \"./tokens.js\";\nexport type { SignerSessionToken } from \"./tokens.js\";\nexport type { LoadAuthorizationServerOptions } from \"./discovery.js\";\nexport type {\n AllowancePolicy,\n AppManifestCapability,\n AppManifestResponse,\n AppUserRecord,\n ApproveDeviceLoginInput,\n BillingProduct,\n BillingSyncState,\n BillingSyncStatus,\n CapabilityPriceRule,\n ClientCredentialsTokenResponse,\n DeviceApprovalInput,\n FetchLike,\n GetAppManifestResult,\n GetDiscoveryOptions,\n GrantSource,\n ListBillingProductsResult,\n MeScopeUsagePayload,\n MintSignerSessionForExternalUserInput,\n MintUserAccessTokenInput,\n MintUserAccessTokenResponse,\n MintUserSignerSessionTokenInput,\n OidcDiscoveryDocument,\n ParsedDeviceApprovalRedirect,\n PlanSyncResult,\n PmtHouseClientOptions,\n SignedTicketIngestInput,\n SignedTicketIngestResult,\n SignerRoutingConfig,\n SignerRoutingResponse,\n TokenExchangeResponse,\n UpsertAppUserInput,\n UsageApiResponse,\n UsageByPipelineModelFiatRow,\n UsageDailyPipelineRow,\n UsageByPipelineModelRow,\n UsageByUserRow,\n UsageForExternalUser,\n UsageQueryInput,\n UsageTotals,\n UsageBalanceResponse,\n UserAllowanceGrantInput,\n UserAllowancesResponse,\n UserCreditGrantInput,\n UserCreditsResponse,\n UserSubscriptionResponse,\n} from \"./types.js\";\n","import {\n stripOidcPathSuffix,\n stripTrailingSlashes,\n} from \"./string-utils.js\";\n\nexport { parseHttpOrigin } from \"./string-utils.js\";\n\n/** Operator hint when Builder / Usage cannot run. */\nexport const PYMTHOUSE_NOT_CONFIGURED_MESSAGE =\n \"PymtHouse is not configured. Set PYMTHOUSE_ISSUER_URL, PYMTHOUSE_PUBLIC_CLIENT_ID, PYMTHOUSE_M2M_CLIENT_ID, and PYMTHOUSE_M2M_CLIENT_SECRET, then restart.\";\n\nexport interface PymthouseEnvConfig {\n issuerUrl: string;\n publicClientId: string;\n m2mClientId: string;\n m2mClientSecret: string;\n}\n\nfunction trimEnv(name: string): string | null {\n const value = process.env[name];\n if (!value) return null;\n const trimmed = value.trim();\n return trimmed || null;\n}\n\n/** Read `PYMTHOUSE_*` env vars without throwing. Returns null when incomplete. */\nexport function readPymthouseEnv(): PymthouseEnvConfig | null {\n const issuerUrl = trimEnv(\"PYMTHOUSE_ISSUER_URL\");\n const publicClientId = trimEnv(\"PYMTHOUSE_PUBLIC_CLIENT_ID\");\n const m2mClientId = trimEnv(\"PYMTHOUSE_M2M_CLIENT_ID\");\n const m2mClientSecret = trimEnv(\"PYMTHOUSE_M2M_CLIENT_SECRET\");\n if (!issuerUrl || !publicClientId || !m2mClientId || !m2mClientSecret) {\n return null;\n }\n return {\n issuerUrl: stripTrailingSlashes(issuerUrl),\n publicClientId,\n m2mClientId,\n m2mClientSecret,\n };\n}\n\n/** Read `PYMTHOUSE_ISSUER_URL` without requiring full M2M configuration. */\nexport function getPymthouseIssuerUrlFromEnv(): string | null {\n const raw = trimEnv(\"PYMTHOUSE_ISSUER_URL\");\n if (!raw) return null;\n try {\n return stripTrailingSlashes(new URL(raw).href);\n } catch {\n return null;\n }\n}\n\n/** Read `PYMTHOUSE_PUBLIC_CLIENT_ID` without requiring full M2M configuration. */\nexport function getPymthousePublicClientIdFromEnv(): string | null {\n return trimEnv(\"PYMTHOUSE_PUBLIC_CLIENT_ID\");\n}\n\n/** True when all vars required by `createPmtHouseClientFromEnv` are present. */\nexport function isPymthouseConfigured(): boolean {\n return readPymthouseEnv() !== null;\n}\n\n/** Resolve Builder API base (`…/api/v1`) from issuer URL (`…/api/v1/oidc`). */\nexport function getBuilderApiV1BaseFromIssuerUrl(issuerUrl: string): string {\n return stripOidcPathSuffix(issuerUrl);\n}\n\n/** Origin of the OIDC issuer host (e.g. `https://pymthouse.com`). */\nexport function getPymthouseIssuerOrigin(issuerUrl: string): string {\n return new URL(stripTrailingSlashes(issuerUrl.trim())).origin;\n}\n"]}