@query-farm/vgi-rpc 0.7.1 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +6993 -38
- package/dist/index.js.map +43 -5
- package/package.json +1 -1
package/dist/index.js.map
CHANGED
|
@@ -1,12 +1,15 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
|
-
"sources": ["../node_modules/fzstd/esm/index.mjs", "../src/util/zstd.ts", "../src/
|
|
3
|
+
"sources": ["../node_modules/fzstd/esm/index.mjs", "../src/util/zstd.ts", "../src/access-log.ts", "../src/errors.ts", "../src/auth.ts", "../src/constants.ts", "../src/arrow/impl-arrowjs/index.ts", "../src/arrow/predicates.ts", "../src/external.ts", "../src/wire/response.ts", "../src/http/common.ts", "../src/client/capabilities.ts", "../src/client/introspect.ts", "../src/client/ipc.ts", "../src/wire/reader.ts", "../src/client/stream.ts", "../src/client/uploadUrl.ts", "../src/client/connect.ts", "../src/client/oauth.ts", "../src/client/pipe.ts", "../src/http/auth.ts", "../src/util/web-crypto.ts", "../src/http/bearer.ts", "../src/util/schema.ts", "../src/dispatch/describe.ts", "../src/types.ts", "../src/util/gzip.ts", "../src/http/handler.ts", "../src/wire/opaque.ts", "../src/wire/request.ts", "../node_modules/@noble/ciphers/utils.js", "../node_modules/@noble/ciphers/_arx.js", "../node_modules/@noble/ciphers/_poly1305.js", "../node_modules/@noble/ciphers/chacha.js", "../src/crypto.ts", "../src/http/token.ts", "../src/http/dispatch.ts", "../src/http/pages.ts", "../src/http/oauth-pkce.ts", "../src/http/sticky.ts", "../src/http/types.ts", "../node_modules/oauth4webapi/build/index.js", "../src/http/jwt.ts", "../src/http/mtls.ts", "../src/launcher/hash.ts", "../src/launcher/launch.ts", "../src/launcher/lock.ts", "../src/launcher/state.ts", "../src/launcher/serve-unix.ts", "../src/dispatch/stream.ts", "../src/dispatch/unary.ts", "../src/wire/writer.ts", "../src/schema.ts", "../src/protocol.ts", "../src/server.ts"],
|
|
4
4
|
"sourcesContent": [
|
|
5
5
|
"// Some numerical data is initialized as -1 even when it doesn't need initialization to help the JIT infer types\n// aliases for shorter compressed code (most minifers don't do this)\nvar ab = ArrayBuffer, u8 = Uint8Array, u16 = Uint16Array, i16 = Int16Array, u32 = Uint32Array, i32 = Int32Array;\nvar slc = function (v, s, e) {\n if (u8.prototype.slice)\n return u8.prototype.slice.call(v, s, e);\n if (s == null || s < 0)\n s = 0;\n if (e == null || e > v.length)\n e = v.length;\n var n = new u8(e - s);\n n.set(v.subarray(s, e));\n return n;\n};\nvar fill = function (v, n, s, e) {\n if (u8.prototype.fill)\n return u8.prototype.fill.call(v, n, s, e);\n if (s == null || s < 0)\n s = 0;\n if (e == null || e > v.length)\n e = v.length;\n for (; s < e; ++s)\n v[s] = n;\n return v;\n};\nvar cpw = function (v, t, s, e) {\n if (u8.prototype.copyWithin)\n return u8.prototype.copyWithin.call(v, t, s, e);\n if (s == null || s < 0)\n s = 0;\n if (e == null || e > v.length)\n e = v.length;\n while (s < e) {\n v[t++] = v[s++];\n }\n};\n/**\n * Codes for errors generated within this library\n */\nexport var ZstdErrorCode = {\n InvalidData: 0,\n WindowSizeTooLarge: 1,\n InvalidBlockType: 2,\n FSEAccuracyTooHigh: 3,\n DistanceTooFarBack: 4,\n UnexpectedEOF: 5\n};\n// error codes\nvar ec = [\n 'invalid zstd data',\n 'window size too large (>2046MB)',\n 'invalid block type',\n 'FSE accuracy too high',\n 'match distance too far back',\n 'unexpected EOF'\n];\nvar err = function (ind, msg, nt) {\n var e = new Error(msg || ec[ind]);\n e.code = ind;\n if (Error.captureStackTrace)\n Error.captureStackTrace(e, err);\n if (!nt)\n throw e;\n return e;\n};\nvar rb = function (d, b, n) {\n var i = 0, o = 0;\n for (; i < n; ++i)\n o |= d[b++] << (i << 3);\n return o;\n};\nvar b4 = function (d, b) { return (d[b] | (d[b + 1] << 8) | (d[b + 2] << 16) | (d[b + 3] << 24)) >>> 0; };\n// read Zstandard frame header\nvar rzfh = function (dat, w) {\n var n3 = dat[0] | (dat[1] << 8) | (dat[2] << 16);\n if (n3 == 0x2FB528 && dat[3] == 253) {\n // Zstandard\n var flg = dat[4];\n // single segment checksum dict flag frame content flag\n var ss = (flg >> 5) & 1, cc = (flg >> 2) & 1, df = flg & 3, fcf = flg >> 6;\n if (flg & 8)\n err(0);\n // byte\n var bt = 6 - ss;\n // dict bytes\n var db = df == 3 ? 4 : df;\n // dictionary id\n var di = rb(dat, bt, db);\n bt += db;\n // frame size bytes\n var fsb = fcf ? (1 << fcf) : ss;\n // frame source size\n var fss = rb(dat, bt, fsb) + ((fcf == 1) && 256);\n // window size\n var ws = fss;\n if (!ss) {\n // window descriptor\n var wb = 1 << (10 + (dat[5] >> 3));\n ws = wb + (wb >> 3) * (dat[5] & 7);\n }\n if (ws > 2145386496)\n err(1);\n var buf = new u8((w == 1 ? (fss || ws) : w ? 0 : ws) + 12);\n buf[0] = 1, buf[4] = 4, buf[8] = 8;\n return {\n b: bt + fsb,\n y: 0,\n l: 0,\n d: di,\n w: (w && w != 1) ? w : buf.subarray(12),\n e: ws,\n o: new i32(buf.buffer, 0, 3),\n u: fss,\n c: cc,\n m: Math.min(131072, ws)\n };\n }\n else if (((n3 >> 4) | (dat[3] << 20)) == 0x184D2A5) {\n // skippable\n return b4(dat, 4) + 8;\n }\n err(0);\n};\n// most significant bit for nonzero\nvar msb = function (val) {\n var bits = 0;\n for (; (1 << bits) <= val; ++bits)\n ;\n return bits - 1;\n};\n// read finite state entropy\nvar rfse = function (dat, bt, mal) {\n // table pos\n var tpos = (bt << 3) + 4;\n // accuracy log\n var al = (dat[bt] & 15) + 5;\n if (al > mal)\n err(3);\n // size\n var sz = 1 << al;\n // probabilities symbols repeat index high threshold\n var probs = sz, sym = -1, re = -1, i = -1, ht = sz;\n // optimization: single allocation is much faster\n var buf = new ab(512 + (sz << 2));\n var freq = new i16(buf, 0, 256);\n // same view as freq\n var dstate = new u16(buf, 0, 256);\n var nstate = new u16(buf, 512, sz);\n var bb1 = 512 + (sz << 1);\n var syms = new u8(buf, bb1, sz);\n var nbits = new u8(buf, bb1 + sz);\n while (sym < 255 && probs > 0) {\n var bits = msb(probs + 1);\n var cbt = tpos >> 3;\n // mask\n var msk = (1 << (bits + 1)) - 1;\n var val = ((dat[cbt] | (dat[cbt + 1] << 8) | (dat[cbt + 2] << 16)) >> (tpos & 7)) & msk;\n // mask (1 fewer bit)\n var msk1fb = (1 << bits) - 1;\n // max small value\n var msv = msk - probs - 1;\n // small value\n var sval = val & msk1fb;\n if (sval < msv)\n tpos += bits, val = sval;\n else {\n tpos += bits + 1;\n if (val > msk1fb)\n val -= msv;\n }\n freq[++sym] = --val;\n if (val == -1) {\n probs += val;\n syms[--ht] = sym;\n }\n else\n probs -= val;\n if (!val) {\n do {\n // repeat byte\n var rbt = tpos >> 3;\n re = ((dat[rbt] | (dat[rbt + 1] << 8)) >> (tpos & 7)) & 3;\n tpos += 2;\n sym += re;\n } while (re == 3);\n }\n }\n if (sym > 255 || probs)\n err(0);\n var sympos = 0;\n // sym step (coprime with sz - formula from zstd source)\n var sstep = (sz >> 1) + (sz >> 3) + 3;\n // sym mask\n var smask = sz - 1;\n for (var s = 0; s <= sym; ++s) {\n var sf = freq[s];\n if (sf < 1) {\n dstate[s] = -sf;\n continue;\n }\n // This is split into two loops in zstd to avoid branching, but as JS is higher-level that is unnecessary\n for (i = 0; i < sf; ++i) {\n syms[sympos] = s;\n do {\n sympos = (sympos + sstep) & smask;\n } while (sympos >= ht);\n }\n }\n // After spreading symbols, should be zero again\n if (sympos)\n err(0);\n for (i = 0; i < sz; ++i) {\n // next state\n var ns = dstate[syms[i]]++;\n // num bits\n var nb = nbits[i] = al - msb(ns);\n nstate[i] = (ns << nb) - sz;\n }\n return [(tpos + 7) >> 3, {\n b: al,\n s: syms,\n n: nbits,\n t: nstate\n }];\n};\n// read huffman\nvar rhu = function (dat, bt) {\n // index weight count\n var i = 0, wc = -1;\n // buffer header byte\n var buf = new u8(292), hb = dat[bt];\n // huffman weights\n var hw = buf.subarray(0, 256);\n // rank count\n var rc = buf.subarray(256, 268);\n // rank index\n var ri = new u16(buf.buffer, 268);\n // NOTE: at this point bt is 1 less than expected\n if (hb < 128) {\n // end byte, fse decode table\n var _a = rfse(dat, bt + 1, 6), ebt = _a[0], fdt = _a[1];\n bt += hb;\n var epos = ebt << 3;\n // last byte\n var lb = dat[bt];\n if (!lb)\n err(0);\n // state1 state2 state1 bits state2 bits\n var st1 = 0, st2 = 0, btr1 = fdt.b, btr2 = btr1;\n // fse pos\n // pre-increment to account for original deficit of 1\n var fpos = (++bt << 3) - 8 + msb(lb);\n for (;;) {\n fpos -= btr1;\n if (fpos < epos)\n break;\n var cbt = fpos >> 3;\n st1 += ((dat[cbt] | (dat[cbt + 1] << 8)) >> (fpos & 7)) & ((1 << btr1) - 1);\n hw[++wc] = fdt.s[st1];\n fpos -= btr2;\n if (fpos < epos)\n break;\n cbt = fpos >> 3;\n st2 += ((dat[cbt] | (dat[cbt + 1] << 8)) >> (fpos & 7)) & ((1 << btr2) - 1);\n hw[++wc] = fdt.s[st2];\n btr1 = fdt.n[st1];\n st1 = fdt.t[st1];\n btr2 = fdt.n[st2];\n st2 = fdt.t[st2];\n }\n if (++wc > 255)\n err(0);\n }\n else {\n wc = hb - 127;\n for (; i < wc; i += 2) {\n var byte = dat[++bt];\n hw[i] = byte >> 4;\n hw[i + 1] = byte & 15;\n }\n ++bt;\n }\n // weight exponential sum\n var wes = 0;\n for (i = 0; i < wc; ++i) {\n var wt = hw[i];\n // bits must be at most 11, same as weight\n if (wt > 11)\n err(0);\n wes += wt && (1 << (wt - 1));\n }\n // max bits\n var mb = msb(wes) + 1;\n // table size\n var ts = 1 << mb;\n // remaining sum\n var rem = ts - wes;\n // must be power of 2\n if (rem & (rem - 1))\n err(0);\n hw[wc++] = msb(rem) + 1;\n for (i = 0; i < wc; ++i) {\n var wt = hw[i];\n ++rc[hw[i] = wt && (mb + 1 - wt)];\n }\n // huf buf\n var hbuf = new u8(ts << 1);\n // symbols num bits\n var syms = hbuf.subarray(0, ts), nb = hbuf.subarray(ts);\n ri[mb] = 0;\n for (i = mb; i > 0; --i) {\n var pv = ri[i];\n fill(nb, i, pv, ri[i - 1] = pv + rc[i] * (1 << (mb - i)));\n }\n if (ri[0] != ts)\n err(0);\n for (i = 0; i < wc; ++i) {\n var bits = hw[i];\n if (bits) {\n var code = ri[bits];\n fill(syms, i, code, ri[bits] = code + (1 << (mb - bits)));\n }\n }\n return [bt, {\n n: nb,\n b: mb,\n s: syms\n }];\n};\n// Tables generated using this:\n// https://gist.github.com/101arrowz/a979452d4355992cbf8f257cbffc9edd\n// default literal length table\nvar dllt = /*#__PURE__*/ rfse(/*#__PURE__*/ new u8([\n 81, 16, 99, 140, 49, 198, 24, 99, 12, 33, 196, 24, 99, 102, 102, 134, 70, 146, 4\n]), 0, 6)[1];\n// default match length table\nvar dmlt = /*#__PURE__*/ rfse(/*#__PURE__*/ new u8([\n 33, 20, 196, 24, 99, 140, 33, 132, 16, 66, 8, 33, 132, 16, 66, 8, 33, 68, 68, 68, 68, 68, 68, 68, 68, 36, 9\n]), 0, 6)[1];\n// default offset code table\nvar doct = /*#__PURE__ */ rfse(/*#__PURE__*/ new u8([\n 32, 132, 16, 66, 102, 70, 68, 68, 68, 68, 36, 73, 2\n]), 0, 5)[1];\n// bits to baseline\nvar b2bl = function (b, s) {\n var len = b.length, bl = new i32(len);\n for (var i = 0; i < len; ++i) {\n bl[i] = s;\n s += 1 << b[i];\n }\n return bl;\n};\n// literal length bits\nvar llb = /*#__PURE__ */ new u8(( /*#__PURE__ */new i32([\n 0, 0, 0, 0, 16843009, 50528770, 134678020, 202050057, 269422093\n])).buffer, 0, 36);\n// literal length baseline\nvar llbl = /*#__PURE__ */ b2bl(llb, 0);\n// match length bits\nvar mlb = /*#__PURE__ */ new u8(( /*#__PURE__ */new i32([\n 0, 0, 0, 0, 0, 0, 0, 0, 16843009, 50528770, 117769220, 185207048, 252579084, 16\n])).buffer, 0, 53);\n// match length baseline\nvar mlbl = /*#__PURE__ */ b2bl(mlb, 3);\n// decode huffman stream\nvar dhu = function (dat, out, hu) {\n var len = dat.length, ss = out.length, lb = dat[len - 1], msk = (1 << hu.b) - 1, eb = -hu.b;\n if (!lb)\n err(0);\n var st = 0, btr = hu.b, pos = (len << 3) - 8 + msb(lb) - btr, i = -1;\n for (; pos > eb && i < ss;) {\n var cbt = pos >> 3;\n var val = (dat[cbt] | (dat[cbt + 1] << 8) | (dat[cbt + 2] << 16)) >> (pos & 7);\n st = ((st << btr) | val) & msk;\n out[++i] = hu.s[st];\n pos -= (btr = hu.n[st]);\n }\n if (pos != eb || i + 1 != ss)\n err(0);\n};\n// decode huffman stream 4x\n// TODO: use workers to parallelize\nvar dhu4 = function (dat, out, hu) {\n var bt = 6;\n var ss = out.length, sz1 = (ss + 3) >> 2, sz2 = sz1 << 1, sz3 = sz1 + sz2;\n dhu(dat.subarray(bt, bt += dat[0] | (dat[1] << 8)), out.subarray(0, sz1), hu);\n dhu(dat.subarray(bt, bt += dat[2] | (dat[3] << 8)), out.subarray(sz1, sz2), hu);\n dhu(dat.subarray(bt, bt += dat[4] | (dat[5] << 8)), out.subarray(sz2, sz3), hu);\n dhu(dat.subarray(bt), out.subarray(sz3), hu);\n};\n// read Zstandard block\nvar rzb = function (dat, st, out) {\n var _a;\n var bt = st.b;\n // byte 0 block type\n var b0 = dat[bt], btype = (b0 >> 1) & 3;\n st.l = b0 & 1;\n var sz = (b0 >> 3) | (dat[bt + 1] << 5) | (dat[bt + 2] << 13);\n // end byte for block\n var ebt = (bt += 3) + sz;\n if (btype == 1) {\n if (bt >= dat.length)\n return;\n st.b = bt + 1;\n if (out) {\n fill(out, dat[bt], st.y, st.y += sz);\n return out;\n }\n return fill(new u8(sz), dat[bt]);\n }\n if (ebt > dat.length)\n return;\n if (btype == 0) {\n st.b = ebt;\n if (out) {\n out.set(dat.subarray(bt, ebt), st.y);\n st.y += sz;\n return out;\n }\n return slc(dat, bt, ebt);\n }\n if (btype == 2) {\n // byte 3 lit btype size format\n var b3 = dat[bt], lbt = b3 & 3, sf = (b3 >> 2) & 3;\n // lit src size lit cmp sz 4 streams\n var lss = b3 >> 4, lcs = 0, s4 = 0;\n if (lbt < 2) {\n if (sf & 1)\n lss |= (dat[++bt] << 4) | ((sf & 2) && (dat[++bt] << 12));\n else\n lss = b3 >> 3;\n }\n else {\n s4 = sf;\n if (sf < 2)\n lss |= ((dat[++bt] & 63) << 4), lcs = (dat[bt] >> 6) | (dat[++bt] << 2);\n else if (sf == 2)\n lss |= (dat[++bt] << 4) | ((dat[++bt] & 3) << 12), lcs = (dat[bt] >> 2) | (dat[++bt] << 6);\n else\n lss |= (dat[++bt] << 4) | ((dat[++bt] & 63) << 12), lcs = (dat[bt] >> 6) | (dat[++bt] << 2) | (dat[++bt] << 10);\n }\n ++bt;\n // add literals to end - can never overlap with backreferences because unused literals always appended\n var buf = out ? out.subarray(st.y, st.y + st.m) : new u8(st.m);\n // starting point for literals\n var spl = buf.length - lss;\n if (lbt == 0)\n buf.set(dat.subarray(bt, bt += lss), spl);\n else if (lbt == 1)\n fill(buf, dat[bt++], spl);\n else {\n // huffman table\n var hu = st.h;\n if (lbt == 2) {\n var hud = rhu(dat, bt);\n // subtract description length\n lcs += bt - (bt = hud[0]);\n st.h = hu = hud[1];\n }\n else if (!hu)\n err(0);\n (s4 ? dhu4 : dhu)(dat.subarray(bt, bt += lcs), buf.subarray(spl), hu);\n }\n // num sequences\n var ns = dat[bt++];\n if (ns) {\n if (ns == 255)\n ns = (dat[bt++] | (dat[bt++] << 8)) + 0x7F00;\n else if (ns > 127)\n ns = ((ns - 128) << 8) | dat[bt++];\n // symbol compression modes\n var scm = dat[bt++];\n if (scm & 3)\n err(0);\n var dts = [dmlt, doct, dllt];\n for (var i = 2; i > -1; --i) {\n var md = (scm >> ((i << 1) + 2)) & 3;\n if (md == 1) {\n // rle buf\n var rbuf = new u8([0, 0, dat[bt++]]);\n dts[i] = {\n s: rbuf.subarray(2, 3),\n n: rbuf.subarray(0, 1),\n t: new u16(rbuf.buffer, 0, 1),\n b: 0\n };\n }\n else if (md == 2) {\n // accuracy log 8 for offsets, 9 for others\n _a = rfse(dat, bt, 9 - (i & 1)), bt = _a[0], dts[i] = _a[1];\n }\n else if (md == 3) {\n if (!st.t)\n err(0);\n dts[i] = st.t[i];\n }\n }\n var _b = st.t = dts, mlt = _b[0], oct = _b[1], llt = _b[2];\n var lb = dat[ebt - 1];\n if (!lb)\n err(0);\n var spos = (ebt << 3) - 8 + msb(lb) - llt.b, cbt = spos >> 3, oubt = 0;\n var lst = ((dat[cbt] | (dat[cbt + 1] << 8)) >> (spos & 7)) & ((1 << llt.b) - 1);\n cbt = (spos -= oct.b) >> 3;\n var ost = ((dat[cbt] | (dat[cbt + 1] << 8)) >> (spos & 7)) & ((1 << oct.b) - 1);\n cbt = (spos -= mlt.b) >> 3;\n var mst = ((dat[cbt] | (dat[cbt + 1] << 8)) >> (spos & 7)) & ((1 << mlt.b) - 1);\n for (++ns; --ns;) {\n var llc = llt.s[lst];\n var lbtr = llt.n[lst];\n var mlc = mlt.s[mst];\n var mbtr = mlt.n[mst];\n var ofc = oct.s[ost];\n var obtr = oct.n[ost];\n cbt = (spos -= ofc) >> 3;\n var ofp = 1 << ofc;\n var off = ofp + (((dat[cbt] | (dat[cbt + 1] << 8) | (dat[cbt + 2] << 16) | (dat[cbt + 3] << 24)) >>> (spos & 7)) & (ofp - 1));\n cbt = (spos -= mlb[mlc]) >> 3;\n var ml = mlbl[mlc] + (((dat[cbt] | (dat[cbt + 1] << 8) | (dat[cbt + 2] << 16)) >> (spos & 7)) & ((1 << mlb[mlc]) - 1));\n cbt = (spos -= llb[llc]) >> 3;\n var ll = llbl[llc] + (((dat[cbt] | (dat[cbt + 1] << 8) | (dat[cbt + 2] << 16)) >> (spos & 7)) & ((1 << llb[llc]) - 1));\n cbt = (spos -= lbtr) >> 3;\n lst = llt.t[lst] + (((dat[cbt] | (dat[cbt + 1] << 8)) >> (spos & 7)) & ((1 << lbtr) - 1));\n cbt = (spos -= mbtr) >> 3;\n mst = mlt.t[mst] + (((dat[cbt] | (dat[cbt + 1] << 8)) >> (spos & 7)) & ((1 << mbtr) - 1));\n cbt = (spos -= obtr) >> 3;\n ost = oct.t[ost] + (((dat[cbt] | (dat[cbt + 1] << 8)) >> (spos & 7)) & ((1 << obtr) - 1));\n if (off > 3) {\n st.o[2] = st.o[1];\n st.o[1] = st.o[0];\n st.o[0] = off -= 3;\n }\n else {\n var idx = off - (ll != 0);\n if (idx) {\n off = idx == 3 ? st.o[0] - 1 : st.o[idx];\n if (idx > 1)\n st.o[2] = st.o[1];\n st.o[1] = st.o[0];\n st.o[0] = off;\n }\n else\n off = st.o[0];\n }\n for (var i = 0; i < ll; ++i) {\n buf[oubt + i] = buf[spl + i];\n }\n oubt += ll, spl += ll;\n var stin = oubt - off;\n if (stin < 0) {\n var len = -stin;\n var bs = st.e + stin;\n if (len > ml)\n len = ml;\n for (var i = 0; i < len; ++i) {\n buf[oubt + i] = st.w[bs + i];\n }\n oubt += len, ml -= len, stin = 0;\n }\n for (var i = 0; i < ml; ++i) {\n buf[oubt + i] = buf[stin + i];\n }\n oubt += ml;\n }\n if (oubt != spl) {\n while (spl < buf.length) {\n buf[oubt++] = buf[spl++];\n }\n }\n else\n oubt = buf.length;\n if (out)\n st.y += oubt;\n else\n buf = slc(buf, 0, oubt);\n }\n else if (out) {\n st.y += lss;\n if (spl) {\n for (var i = 0; i < lss; ++i) {\n buf[i] = buf[spl + i];\n }\n }\n }\n else if (spl)\n buf = slc(buf, spl);\n st.b = ebt;\n return buf;\n }\n err(2);\n};\n// concat\nvar cct = function (bufs, ol) {\n if (bufs.length == 1)\n return bufs[0];\n var buf = new u8(ol);\n for (var i = 0, b = 0; i < bufs.length; ++i) {\n var chk = bufs[i];\n buf.set(chk, b);\n b += chk.length;\n }\n return buf;\n};\n/**\n * Decompresses Zstandard data\n * @param dat The input data\n * @param buf The output buffer. If unspecified, the function will allocate\n * exactly enough memory to fit the decompressed data. If your\n * data has multiple frames and you know the output size, specifying\n * it will yield better performance.\n * @returns The decompressed data\n */\nexport function decompress(dat, buf) {\n var bufs = [], nb = +!buf;\n var bt = 0, ol = 0;\n for (; dat.length;) {\n var st = rzfh(dat, nb || buf);\n if (typeof st == 'object') {\n if (nb) {\n buf = null;\n if (st.w.length == st.u) {\n bufs.push(buf = st.w);\n ol += st.u;\n }\n }\n else {\n bufs.push(buf);\n st.e = 0;\n }\n for (; !st.l;) {\n var blk = rzb(dat, st, buf);\n if (!blk)\n err(5);\n if (buf)\n st.e = st.y;\n else {\n bufs.push(blk);\n ol += blk.length;\n cpw(st.w, 0, blk.length);\n st.w.set(blk, st.w.length - blk.length);\n }\n }\n bt = st.b + (st.c * 4);\n }\n else\n bt = st;\n dat = dat.subarray(bt);\n }\n return cct(bufs, ol);\n}\n/**\n * Decompressor for Zstandard streamed data\n */\nvar Decompress = /*#__PURE__*/ (function () {\n /**\n * Creates a Zstandard decompressor\n * @param ondata The handler for stream data\n */\n function Decompress(ondata) {\n this.ondata = ondata;\n this.c = [];\n this.l = 0;\n this.z = 0;\n }\n /**\n * Pushes data to be decompressed\n * @param chunk The chunk of data to push\n * @param final Whether or not this is the last chunk in the stream\n */\n Decompress.prototype.push = function (chunk, final) {\n if (typeof this.s == 'number') {\n var sub = Math.min(chunk.length, this.s);\n chunk = chunk.subarray(sub);\n this.s -= sub;\n }\n var sl = chunk.length;\n var ncs = sl + this.l;\n if (!this.s) {\n if (final) {\n if (!ncs) {\n this.ondata(new u8(0), true);\n return;\n }\n // min for frame + one block\n if (ncs < 5)\n err(5);\n }\n else if (ncs < 18) {\n this.c.push(chunk);\n this.l = ncs;\n return;\n }\n if (this.l) {\n this.c.push(chunk);\n chunk = cct(this.c, ncs);\n this.c = [];\n this.l = 0;\n }\n if (typeof (this.s = rzfh(chunk)) == 'number')\n return this.push(chunk, final);\n }\n if (typeof this.s != 'number') {\n if (ncs < (this.z || 3)) {\n if (final)\n err(5);\n this.c.push(chunk);\n this.l = ncs;\n return;\n }\n if (this.l) {\n this.c.push(chunk);\n chunk = cct(this.c, ncs);\n this.c = [];\n this.l = 0;\n }\n if (!this.z && ncs < (this.z = (chunk[this.s.b] & 2) ? 4 : 3 + ((chunk[this.s.b] >> 3) | (chunk[this.s.b + 1] << 5) | (chunk[this.s.b + 2] << 13)))) {\n if (final)\n err(5);\n this.c.push(chunk);\n this.l = ncs;\n return;\n }\n else\n this.z = 0;\n for (;;) {\n var blk = rzb(chunk, this.s);\n if (!blk) {\n if (final)\n err(5);\n var adc = chunk.subarray(this.s.b);\n this.s.b = 0;\n this.c.push(adc), this.l += adc.length;\n return;\n }\n else {\n this.ondata(blk, false);\n cpw(this.s.w, 0, blk.length);\n this.s.w.set(blk, this.s.w.length - blk.length);\n }\n if (this.s.l) {\n var rest = chunk.subarray(this.s.b);\n this.s = this.s.c * 4;\n this.push(rest, final);\n return;\n }\n }\n }\n else if (final)\n err(5);\n };\n return Decompress;\n}());\nexport { Decompress };\n",
|
|
6
6
|
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Cross-runtime zstd compression/decompression.\n *\n * Decompression order of preference: Bun.zstd → node:zlib zstd (Node 22.15+,\n * Deno 2.6.9+) → fzstd pure-JS fallback. The fzstd fallback exists so\n * Cloudflare workerd — which has no native zstd — can still decode\n * `Content-Encoding: zstd` request bodies (the DuckDB VGI extension always\n * sends them). fzstd is decompression-only, so compression on workerd still\n * throws.\n */\n\nimport { decompress as fzstdDecompress } from \"fzstd\";\n\n// Resolve node:zlib via indirect-string require so esbuild/wrangler can't\n// trace it statically. On workerd we want the fzstd path, not a node:zlib\n// import that wouldn't have zstd anyway.\nconst _NODE_ZLIB_MOD = \"node:zlib\";\nconst isBun = typeof globalThis.Bun !== \"undefined\";\nfunction _loadZlibOrNull(): any | null {\n const req: any = (import.meta as any).require ?? (globalThis as any).require ?? null;\n if (!req) return null;\n try {\n return req(_NODE_ZLIB_MOD);\n } catch {\n return null;\n }\n}\n\n/** Return true when the current runtime can produce zstd-compressed output.\n *\n * Bun has `Bun.zstdCompressSync`; Node ≥22.15 / Deno ≥2.6.9 expose it via\n * `node:zlib`. Other runtimes (workerd, older Node) have no encoder. The\n * fzstd fallback is decompress-only so it doesn't count.\n */\nexport function isZstdCompressAvailable(): boolean {\n if (isBun) return true;\n const zlib = _loadZlibOrNull();\n return typeof zlib?.zstdCompressSync === \"function\";\n}\n\n/** Compress data with zstd at the given level (1-22). */\nexport async function zstdCompress(data: Uint8Array, level: number): Promise<Uint8Array<ArrayBuffer>> {\n if (isBun) {\n return new Uint8Array(Bun.zstdCompressSync(data, { level }));\n }\n const zlib = _loadZlibOrNull();\n const fn = zlib?.zstdCompressSync;\n if (typeof fn !== \"function\") {\n throw new Error(\n \"zstd compression is not available in this runtime. \" +\n \"Requires Bun or Node.js >= 22.15 / Deno >= 2.6.9. \" +\n \"(workerd has no native zstd encoder; fzstd is decompress-only.)\",\n );\n }\n return new Uint8Array(\n fn(data, {\n params: {\n [zlib.constants.ZSTD_c_compressionLevel]: level,\n },\n }),\n );\n}\n\n/**\n * Decompress zstd-compressed data, optionally bounding the output size.\n *\n * Zstd frames carry the decompressed size in the header and decompressors\n * trust it eagerly: a ~3 KB compressed body claiming 100 MB output would\n * allocate 100 MB. When `maxOutputSize` is supplied, this helper:\n *\n * 1. Reads `Frame_Content_Size` from the frame header. If declared and\n * above the cap, refuses *before* allocation with a clear error.\n * 2. Decompresses, then asserts the actual output size is also under the\n * cap (covers frames whose size is not in the header — a streaming\n * cap would be tighter, but neither Bun.zstdDecompressSync nor\n * node:zlib's sync API exposes one, so we use the post-check).\n *\n * Mirrors the Python server-side fix in `_decompress_body` and the\n * client-side fix in `external_fetch.fetch_url`.\n */\nexport async function zstdDecompress(data: Uint8Array, maxOutputSize?: number): Promise<Uint8Array<ArrayBuffer>> {\n if (maxOutputSize != null) {\n const declared = readZstdFrameContentSize(data);\n if (declared !== null && declared > maxOutputSize) {\n throw new Error(`zstd decompressed size (${declared}) would exceed cap (${maxOutputSize})`);\n }\n }\n\n let out: Uint8Array<ArrayBuffer>;\n if (isBun) {\n out = new Uint8Array(Bun.zstdDecompressSync(data));\n } else {\n const zlib = _loadZlibOrNull();\n const fn = zlib?.zstdDecompressSync;\n if (typeof fn === \"function\") {\n out = new Uint8Array(fn(data));\n } else {\n // workerd path: no native zstd, fall back to the pure-JS decoder.\n // fzstd is decompress-only and synchronous; cap-checking already ran\n // above against the frame header, but pure-JS decode of large inputs\n // is slow — keep the upstream maxOutputSize tight.\n //\n // CRITICAL: copy into a freshly-allocated ArrayBuffer so byteOffset is\n // 0. fzstd internally returns subarray views with arbitrary byteOffset\n // (often not 8-aligned), and downstream Arrow IPC readers create\n // BigInt64Array views relative to the buffer's byteOffset — those\n // throw `start offset of BigInt64Array should be a multiple of 8` if\n // the underlying offset isn't 8-aligned.\n const decoded = fzstdDecompress(data);\n out = new Uint8Array(decoded.byteLength);\n out.set(decoded);\n }\n }\n\n if (maxOutputSize != null && out.byteLength > maxOutputSize) {\n throw new Error(`zstd decompressed size (${out.byteLength}) exceeds cap (${maxOutputSize})`);\n }\n return out;\n}\n\n/**\n * Parse `Frame_Content_Size` from a zstd frame header.\n *\n * Returns the declared decompressed size, or `null` if the frame header\n * does not include it (frames may omit it for streaming compression) or\n * the input is too short / not a valid zstd frame magic.\n *\n * Frame format (RFC 8478): magic(4) | FHD(1) | window_desc(0|1) |\n * dict_id(0|1|2|4) | frame_content_size(0|1|2|4|8). FCS_size depends on\n * FCS_field_size (FHD bits 6-7) and Single_Segment_flag (FHD bit 5).\n */\nfunction readZstdFrameContentSize(data: Uint8Array): number | null {\n if (data.length < 6) return null;\n // Magic: 0xFD2FB528 little-endian.\n if (data[0] !== 0x28 || data[1] !== 0xb5 || data[2] !== 0x2f || data[3] !== 0xfd) {\n return null;\n }\n const fhd = data[4];\n const fcsFieldSize = (fhd >> 6) & 0x3;\n const singleSegment = ((fhd >> 5) & 0x1) === 1;\n const dictIdFlag = fhd & 0x3;\n // Per spec: FCS_size = 0 → 0 unless Single_Segment_flag is set, then 1.\n const fcsSize = fcsFieldSize === 0 ? (singleSegment ? 1 : 0) : fcsFieldSize === 1 ? 2 : fcsFieldSize === 2 ? 4 : 8;\n if (fcsSize === 0) return null;\n\n const windowDescSize = singleSegment ? 0 : 1;\n const dictIdSize = dictIdFlag === 0 ? 0 : dictIdFlag === 1 ? 1 : dictIdFlag === 2 ? 2 : 4;\n const fcsOffset = 5 + windowDescSize + dictIdSize;\n if (data.length < fcsOffset + fcsSize) return null;\n\n let fcs = 0n;\n for (let i = 0; i < fcsSize; i++) {\n fcs |= BigInt(data[fcsOffset + i]) << BigInt(i * 8);\n }\n // FCS_field_size == 1 (size 2) carries an offset of 256.\n if (fcsSize === 2) fcs += 256n;\n if (fcs > BigInt(Number.MAX_SAFE_INTEGER)) return Number.MAX_SAFE_INTEGER;\n return Number(fcs);\n}\n",
|
|
7
|
-
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n
|
|
7
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Cross-language conformance access-log hook.\n *\n * Emits one JSON record per RPC dispatch to a {@link Sink} (typically a file\n * descriptor opened in append mode). The record shape conforms to the\n * vgi-rpc access-log specification (`docs/access-log-spec.md` and\n * `vgi_rpc/access_log.schema.json` in the Python reference repo).\n *\n * Use {@link AccessLogHook} to align this implementation with `vgi-rpc-test\n * --access-log` so worker behaviour is checked across language ports by the\n * same tool that gates the conformance suite.\n */\n\nimport type { CallStatistics, DispatchHook, DispatchInfo, HookToken } from \"./types.js\";\n\n/** Where the hook writes formatted JSON lines. */\nexport interface AccessLogSink {\n /** Write one access-log line. The trailing newline is included by the caller. */\n write(line: string): void;\n}\n\n// Indirect-string require so esbuild can't pull node:fs into the bundle.\n// Workers should use a custom sink (e.g., one backed by `console.log`).\nconst _NODE_FS_MOD = \"node:fs\";\nfunction _loadWriteSync(): (fd: number, data: Uint8Array, offset?: number, len?: number) => number {\n const req: any = (import.meta as any).require ?? (globalThis as any).require ?? null;\n if (!req) {\n throw new Error(\n \"FdSink requires Node.js or Bun (node:fs.writeSync). For other runtimes, \" +\n \"supply a custom AccessLogSink that wraps console.log or your logger.\",\n );\n }\n return req(_NODE_FS_MOD).writeSync;\n}\n\n/** A sink backed by a file descriptor; uses synchronous writes for ordering. */\nexport class FdSink implements AccessLogSink {\n private readonly _writeSync = _loadWriteSync();\n constructor(private readonly fd: number) {}\n /** Write `line` to the file descriptor, looping until the buffer is fully flushed. */\n write(line: string): void {\n const buf = new TextEncoder().encode(line);\n let offset = 0;\n while (offset < buf.length) {\n const n = this._writeSync(this.fd, buf, offset, buf.length - offset);\n if (n <= 0) throw new Error(`access-log writeSync returned ${n}`);\n offset += n;\n }\n }\n}\n\ninterface StartToken {\n startNs: bigint;\n}\n\nfunction rfc3339Utc(): string {\n const d = new Date();\n const yyyy = d.getUTCFullYear().toString().padStart(4, \"0\");\n const mm = (d.getUTCMonth() + 1).toString().padStart(2, \"0\");\n const dd = d.getUTCDate().toString().padStart(2, \"0\");\n const hh = d.getUTCHours().toString().padStart(2, \"0\");\n const mi = d.getUTCMinutes().toString().padStart(2, \"0\");\n const ss = d.getUTCSeconds().toString().padStart(2, \"0\");\n const ms = d.getUTCMilliseconds().toString().padStart(3, \"0\");\n return `${yyyy}-${mm}-${dd}T${hh}:${mi}:${ss}.${ms}Z`;\n}\n\nfunction base64(bytes: Uint8Array): string {\n return Buffer.from(bytes).toString(\"base64\");\n}\n\n/** Round to 2 decimal places. */\nfunction roundTo2(f: number): number {\n return Math.round(f * 100) / 100;\n}\n\n/**\n * Options for {@link AccessLogHook}.\n *\n * `level` matches Python's logger-level gating in `_emit_access_log`:\n * at \"INFO\" the heavy `request_data` field (a base64 of the full\n * request batch — typically 8+ KiB per init RPC) is replaced with a\n * `truncated: true` marker plus `original_request_bytes`, so the\n * access-log schema's \"unary requires request_data unless truncated\"\n * invariant still holds. Bump to \"DEBUG\" to capture full payloads for\n * replay/audit.\n */\nexport interface AccessLogOptions {\n /** Server version string (optional). */\n serverVersion?: string;\n /** Verbosity for heavy fields. Default: \"INFO\". */\n level?: \"INFO\" | \"DEBUG\";\n}\n\nexport class AccessLogHook implements DispatchHook {\n private readonly serverVersion: string;\n private readonly level: \"INFO\" | \"DEBUG\";\n\n constructor(\n private readonly sink: AccessLogSink,\n options: AccessLogOptions | string = {},\n ) {\n // Backward compatibility: the original signature accepted a bare\n // serverVersion string as the second arg.\n if (typeof options === \"string\") {\n this.serverVersion = options;\n this.level = \"INFO\";\n } else {\n this.serverVersion = options.serverVersion ?? \"\";\n this.level = options.level ?? \"INFO\";\n }\n }\n\n /** Capture a high-resolution start timestamp; returned token feeds {@link onDispatchEnd}. */\n onDispatchStart(_info: DispatchInfo): HookToken {\n const token: StartToken = { startNs: process.hrtime.bigint() };\n return token;\n }\n\n /** Emit one access-log JSON record for the completed dispatch (best-effort;\n * write errors are swallowed so logging never breaks a request). */\n onDispatchEnd(token: HookToken, info: DispatchInfo, stats: CallStatistics, error?: Error): void {\n const t = token as StartToken | undefined;\n const durationMs = t ? roundTo2(Number(process.hrtime.bigint() - t.startNs) / 1_000_000) : 0;\n\n const status = error ? \"error\" : \"ok\";\n const errType = error ? ((error as Error & { type?: string }).type ?? error.constructor.name) : \"\";\n const errMsg = error?.message ?? \"\";\n\n const protocol = info.protocol ?? \"\";\n const rec: Record<string, unknown> = {\n timestamp: rfc3339Utc(),\n level: \"INFO\",\n logger: \"vgi_rpc.access\",\n message: `${protocol}.${info.method} ${status}`,\n server_id: info.serverId,\n protocol,\n protocol_hash: info.protocolHash ?? \"\",\n method: info.method,\n method_type: info.methodType,\n principal: info.principal ?? \"\",\n auth_domain: info.authDomain ?? \"\",\n authenticated: info.authenticated ?? false,\n remote_addr: info.remoteAddr ?? \"\",\n duration_ms: durationMs,\n status,\n error_type: errType,\n };\n\n if (errMsg) rec.error_message = errMsg;\n if (this.serverVersion) rec.server_version = this.serverVersion;\n if (info.protocolVersion) rec.protocol_version = info.protocolVersion;\n if (info.requestId) rec.request_id = info.requestId;\n if (info.requestData && info.requestData.length > 0) {\n // At INFO, the per-request base64 payload dominates record size\n // (an init RPC commonly logs 8+ KiB of base64 per call) and audit\n // consumers rarely need the bytes — they care about who/what/when.\n // Replace with a `truncated: true` marker so the access-log schema's\n // \"unary requires request_data unless truncated\" invariant holds.\n // Bump level to DEBUG to re-enable the full payload.\n const encoded = base64(info.requestData);\n if (this.level === \"DEBUG\") {\n rec.request_data = encoded;\n } else {\n rec.original_request_bytes = encoded.length;\n rec.truncated = true;\n }\n }\n if (info.methodType === \"stream\") {\n rec.stream_id = info.streamId ?? \"00000000000000000000000000000000\";\n }\n if (info.cancelled) rec.cancelled = true;\n\n if (\n stats.inputBatches +\n stats.outputBatches +\n stats.inputRows +\n stats.outputRows +\n stats.inputBytes +\n stats.outputBytes !==\n 0\n ) {\n rec.input_batches = stats.inputBatches;\n rec.output_batches = stats.outputBatches;\n rec.input_rows = stats.inputRows;\n rec.output_rows = stats.outputRows;\n rec.input_bytes = stats.inputBytes;\n rec.output_bytes = stats.outputBytes;\n }\n\n try {\n this.sink.write(`${JSON.stringify(rec)}\\n`);\n } catch {\n // best-effort\n }\n }\n}\n",
|
|
8
8
|
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/** Error thrown when the server encounters an RPC protocol error. */\nexport class RpcError extends Error {\n constructor(\n /** Remote error class name (e.g. `\"ValueError\"`). */\n public readonly errorType: string,\n /** Human-readable message from the remote error. */\n public readonly errorMessage: string,\n /** Remote stack-trace text, or an empty string when unavailable. */\n public readonly remoteTraceback: string,\n ) {\n super(`${errorType}: ${errorMessage}`);\n this.name = \"RpcError\";\n }\n}\n\n/** Error thrown when the client sends an unsupported request version. */\nexport class VersionError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"VersionError\";\n }\n}\n\n/** `vgi_rpc.error_kind` batch-metadata value for {@link MethodNotImplementedError}.\n * Mirrors Python's `vgi_rpc.metadata.ERROR_KIND_*` constants. */\nexport const ERROR_KIND_METHOD_NOT_IMPLEMENTED = \"method_not_implemented\";\n/** `vgi_rpc.error_kind` batch-metadata value for {@link SessionLostError}. */\nexport const ERROR_KIND_SESSION_LOST = \"session_lost\";\n/** `vgi_rpc.error_kind` batch-metadata value for {@link ServerDrainingError}. */\nexport const ERROR_KIND_SERVER_DRAINING = \"server_draining\";\nexport const ERROR_KIND_PROTOCOL_VERSION_MISMATCH = \"protocol_version_mismatch\";\n\n/** Raised when the client's declared `vgi_rpc.protocol_version` is\n * incompatible with the server's. Subclass of `VersionError` so existing\n * catch sites continue to write a typed error stream and keep serving.\n * Carries a directional message that tells the reader which side to\n * upgrade. Mirrors Python's `vgi_rpc.rpc.ProtocolVersionError`. */\nexport class ProtocolVersionError extends VersionError {\n static readonly errorKind = ERROR_KIND_PROTOCOL_VERSION_MISMATCH;\n readonly errorKind = ERROR_KIND_PROTOCOL_VERSION_MISMATCH;\n constructor(message: string) {\n super(message);\n this.name = \"ProtocolVersionError\";\n }\n}\n\nconst SEMVER_REGEX = /^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$/;\n\n/** Parse a canonical semver string into `[major, minor, patch]`. Throws on\n * any input that isn't `MAJOR.MINOR.PATCH` with non-negative integers and\n * no leading zeros (except literal `0`). No prereleases, no build metadata.\n * Mirrors Python's `vgi_rpc.metadata.parse_version`. */\nexport function parseProtocolVersion(value: string): [number, number, number] {\n const m = SEMVER_REGEX.exec(value);\n if (!m) {\n throw new Error(\n `Invalid protocol version '${value}': expected canonical semver ` +\n \"MAJOR.MINOR.PATCH with non-negative integers and no leading zeros \" +\n \"(no prereleases or build metadata).\",\n );\n }\n return [Number(m[1]), Number(m[2]), Number(m[3])];\n}\n\n/** Raised when a client invokes a method the server does not implement.\n *\n * Mirrors Python's `vgi_rpc.rpc.MethodNotImplementedError`. The static\n * `errorKind` is hoisted onto the error batch metadata as\n * `vgi_rpc.error_kind` so clients can branch on the typed marker without\n * string-matching the message.\n */\nexport class MethodNotImplementedError extends Error {\n /** Typed `vgi_rpc.error_kind` marker for this error class. */\n static readonly errorKind = ERROR_KIND_METHOD_NOT_IMPLEMENTED;\n /** Typed `vgi_rpc.error_kind` marker hoisted onto the error batch metadata. */\n readonly errorKind = ERROR_KIND_METHOD_NOT_IMPLEMENTED;\n constructor(message: string) {\n super(message);\n this.name = \"MethodNotImplementedError\";\n }\n}\n\n/** Raised when a sticky session token is malformed, expired, evicted, or\n * bound to a different worker / principal. HTTP-only. */\nexport class SessionLostError extends Error {\n /** Typed `vgi_rpc.error_kind` marker for this error class. */\n static readonly errorKind = ERROR_KIND_SESSION_LOST;\n /** Typed `vgi_rpc.error_kind` marker hoisted onto the error batch metadata. */\n readonly errorKind = ERROR_KIND_SESSION_LOST;\n constructor(message: string) {\n super(message);\n this.name = \"SessionLostError\";\n }\n}\n\n/** Raised when `ctx.openSession` is called while the server is draining. */\nexport class ServerDrainingError extends Error {\n /** Typed `vgi_rpc.error_kind` marker for this error class. */\n static readonly errorKind = ERROR_KIND_SERVER_DRAINING;\n /** Typed `vgi_rpc.error_kind` marker hoisted onto the error batch metadata. */\n readonly errorKind = ERROR_KIND_SERVER_DRAINING;\n constructor(message: string) {\n super(message);\n this.name = \"ServerDrainingError\";\n }\n}\n",
|
|
9
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { RpcError } from \"./errors.js\";\n\n/** Authentication context available to RPC handlers. */\nexport class AuthContext {\n /** Authentication domain/realm that vouched for the principal; empty string\n * when anonymous. */\n readonly domain: string;\n /** True when the request carried valid credentials. */\n readonly authenticated: boolean;\n /** Authenticated principal identifier, or `null` when anonymous. */\n readonly principal: string | null;\n /** Arbitrary verified claims about the principal (e.g. decoded JWT claims). */\n readonly claims: Record<string, any>;\n\n constructor(domain: string, authenticated: boolean, principal: string | null, claims: Record<string, any> = {}) {\n this.domain = domain;\n this.authenticated = authenticated;\n this.principal = principal;\n this.claims = claims;\n }\n\n /** Create an unauthenticated (anonymous) context. */\n static anonymous(): AuthContext {\n return new AuthContext(\"\", false, null);\n }\n\n /** Throw an RpcError if this context is not authenticated. */\n requireAuthenticated(): void {\n if (!this.authenticated) {\n throw new RpcError(\"AuthenticationError\", \"Authentication required\", \"\");\n }\n }\n}\n",
|
|
10
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n// Well-known metadata keys matching Python's metadata.py.\n\n/** Batch-metadata key carrying the invoked RPC method name. */\nexport const RPC_METHOD_KEY = \"vgi_rpc.method\";\n/** Batch-metadata key carrying a log batch's severity level. */\nexport const LOG_LEVEL_KEY = \"vgi_rpc.log_level\";\n/** Batch-metadata key carrying a log batch's message text. */\nexport const LOG_MESSAGE_KEY = \"vgi_rpc.log_message\";\n/** Batch-metadata key carrying a log batch's structured extra fields. */\nexport const LOG_EXTRA_KEY = \"vgi_rpc.log_extra\";\n/** Batch-metadata key carrying the wire request-framing version. */\nexport const REQUEST_VERSION_KEY = \"vgi_rpc.request_version\";\n/** Current wire request-framing version. Distinct from the application-level\n * {@link PROTOCOL_VERSION_KEY protocol version}. */\nexport const REQUEST_VERSION = \"1\";\n\n/** Batch-metadata key identifying the server instance that produced a batch. */\nexport const SERVER_ID_KEY = \"vgi_rpc.server_id\";\n/** Batch-metadata key carrying the client-supplied request id. */\nexport const REQUEST_ID_KEY = \"vgi_rpc.request_id\";\n\n/** Batch-metadata key carrying the service / protocol name. */\nexport const PROTOCOL_NAME_KEY = \"vgi_rpc.protocol_name\";\n/** Batch-metadata key carrying the `__describe__` response schema version. */\nexport const DESCRIBE_VERSION_KEY = \"vgi_rpc.describe_version\";\nexport const PROTOCOL_HASH_KEY = \"vgi_rpc.protocol_hash\";\n/** Current `__describe__` response schema version (the slim 8-column schema). */\nexport const DESCRIBE_VERSION = \"4\";\n\n/** Application protocol surface version. Carried on every request batch from\n * a client bound to a Protocol that declares `protocolVersion`; also emitted\n * in the __describe__ response metadata. Format: canonical semver\n * MAJOR.MINOR.PATCH. Enforced at the dispatch boundary on the server: exact\n * major+minor match required, patch ignored. Distinct from `REQUEST_VERSION`\n * (wire framing). Mirrors Python's `PROTOCOL_VERSION_KEY`. */\nexport const PROTOCOL_VERSION_KEY = \"vgi_rpc.protocol_version\";\n\n/** Reserved method name for the introspection (`__describe__`) call. */\nexport const DESCRIBE_METHOD_NAME = \"__describe__\";\n\n/** Batch-metadata key carrying the base64-encoded stream continuation/state token. */\nexport const STATE_KEY = \"vgi_rpc.stream_state#b64\";\nexport const CANCEL_KEY = \"vgi_rpc.cancel\";\n\nexport const LOCATION_KEY = \"vgi_rpc.location\";\nexport const LOCATION_SHA256_KEY = \"vgi_rpc.location.sha256\";\n\n/** HTTP response header set when an RPC error is returned over the HTTP transport. */\nexport const RPC_ERROR_HEADER = \"X-VGI-RPC-Error\";\n\n/** Top-level metadata key on an EXCEPTION batch identifying the error category.\n * Hoisted by `buildErrorBatch` when the thrown error has a static or instance\n * `errorKind` property. Mirrors Python's `vgi_rpc.metadata.ERROR_KIND_KEY`. */\nexport const ERROR_KIND_KEY = \"vgi_rpc.error_kind\";\n",
|
|
9
11
|
"// arrow-js backend for vgi-rpc-typescript's Arrow facade.\n\nimport {\n Binary as A_Binary,\n Bool as A_Bool,\n Data as A_Data,\n type DataType as A_DataType,\n DataType as A_DataTypeNS,\n DateDay as A_DateDay,\n Decimal as A_Decimal,\n Dictionary as A_Dictionary,\n DurationMicrosecond as A_DurationMicrosecond,\n Field as A_Field,\n FixedSizeBinary as A_FixedSizeBinary,\n Float32 as A_Float32,\n Float64 as A_Float64,\n Int8 as A_Int8,\n Int16 as A_Int16,\n Int32 as A_Int32,\n Int64 as A_Int64,\n LargeBinary as A_LargeBinary,\n LargeUtf8 as A_LargeUtf8,\n List as A_List,\n Map_ as A_Map,\n Null as A_Null,\n RecordBatch as A_RecordBatch,\n Schema as A_Schema,\n Struct as A_Struct,\n TimeMicrosecond as A_TimeMicrosecond,\n Timestamp as A_Timestamp,\n TimeUnit as A_TimeUnit,\n Type as A_Type,\n Uint8 as A_Uint8,\n Uint16 as A_Uint16,\n Uint32 as A_Uint32,\n Uint64 as A_Uint64,\n Utf8 as A_Utf8,\n makeData as a_makeData,\n vectorFromArray as a_vectorFromArray,\n RecordBatchReader,\n RecordBatchStreamWriter,\n} from \"@query-farm/apache-arrow\";\n\n// Local type-only helpers used by conformBatchToSchema.\ntype _NeedsCast = (src: A_DataType, dst: A_DataType) => boolean;\n\nimport type {\n IncrementalEncoder,\n VgiBackendInfo,\n VgiBatch,\n VgiColumnData,\n VgiDataType,\n VgiField,\n VgiSchema,\n} from \"../types.js\";\n\nexport const backend: VgiBackendInfo = { name: \"arrow-js\", opaquePassthrough: true };\n\n// ----- Type factories ------------------------------------------------------\n\nexport const nullType = (): VgiDataType => new A_Null() as unknown as VgiDataType;\nexport const bool = (): VgiDataType => new A_Bool() as unknown as VgiDataType;\nexport const int8 = (): VgiDataType => new A_Int8() as unknown as VgiDataType;\nexport const int16 = (): VgiDataType => new A_Int16() as unknown as VgiDataType;\nexport const int32 = (): VgiDataType => new A_Int32() as unknown as VgiDataType;\nexport const int64 = (): VgiDataType => new A_Int64() as unknown as VgiDataType;\nexport const uint8 = (): VgiDataType => new A_Uint8() as unknown as VgiDataType;\nexport const uint16 = (): VgiDataType => new A_Uint16() as unknown as VgiDataType;\nexport const uint32 = (): VgiDataType => new A_Uint32() as unknown as VgiDataType;\nexport const uint64 = (): VgiDataType => new A_Uint64() as unknown as VgiDataType;\nexport const float32 = (): VgiDataType => new A_Float32() as unknown as VgiDataType;\nexport const float64 = (): VgiDataType => new A_Float64() as unknown as VgiDataType;\nexport const utf8 = (): VgiDataType => new A_Utf8() as unknown as VgiDataType;\nexport const binary = (): VgiDataType => new A_Binary() as unknown as VgiDataType;\n\n/** Microsecond Timestamp with optional timezone. */\nexport const timestampMicro = (timezone: string | null = null): VgiDataType =>\n new A_Timestamp(A_TimeUnit.MICROSECOND, timezone) as unknown as VgiDataType;\n\n/** Date32 with day resolution. */\nexport const dateDay = (): VgiDataType => new A_DateDay() as unknown as VgiDataType;\n/** Time64 with microsecond resolution. */\nexport const timeMicro = (): VgiDataType => new A_TimeMicrosecond() as unknown as VgiDataType;\n/** Duration with microsecond resolution. */\nexport const durationMicro = (): VgiDataType => new A_DurationMicrosecond() as unknown as VgiDataType;\n/** Decimal128 by default; pass bitWidth=256 for Decimal256. */\nexport const decimal = (precision: number, scale: number, bitWidth: 128 | 256 = 128): VgiDataType =>\n new A_Decimal(scale, precision, bitWidth) as unknown as VgiDataType;\n/** FixedSizeBinary with the given byte width. */\nexport const fixedSizeBinary = (byteWidth: number): VgiDataType =>\n new A_FixedSizeBinary(byteWidth) as unknown as VgiDataType;\n/** LargeUtf8 — 64-bit-offset UTF-8 string. */\nexport const largeUtf8 = (): VgiDataType => new A_LargeUtf8() as unknown as VgiDataType;\n/** LargeBinary — 64-bit-offset binary blob. */\nexport const largeBinary = (): VgiDataType => new A_LargeBinary() as unknown as VgiDataType;\n/** List of `child` items. The child field carries name + nullability + type. */\nexport const list = (child: VgiField): VgiDataType => new A_List(child as unknown as A_Field) as unknown as VgiDataType;\n/** Struct of `fields`. */\nexport const struct = (fields: readonly VgiField[]): VgiDataType =>\n new A_Struct(fields as unknown as A_Field[]) as unknown as VgiDataType;\n/** Map (key → value) carried as a List<Struct<key,value>>. arrow-js's Map_\n * constructor takes a child Field whose type is a Struct of [key, value]. */\nexport const map = (keyField: VgiField, valueField: VgiField, keysSorted = false): VgiDataType => {\n const k = keyField as unknown as A_Field;\n const v = valueField as unknown as A_Field;\n const entriesField = new A_Field(\"entries\", new A_Struct([k, v]), /* nullable */ false);\n return new A_Map(entriesField, keysSorted) as unknown as VgiDataType;\n};\n/** Dictionary-encoded type. `indices` must be an integer type.\n *\n * `id` is left undefined by default so arrow-js's internal `getId()`\n * counter assigns a fresh unique id per Dictionary instance. Passing\n * `-1` (or any concrete number) here would short-circuit that counter\n * and produce id collisions when multiple Dictionary types are used. */\nexport const dictionary = (indices: VgiDataType, values: VgiDataType, id?: number, ordered = false): VgiDataType =>\n new A_Dictionary(values as A_DataType, indices as any, id, ordered) as unknown as VgiDataType;\n\nexport function field(name: string, type: VgiDataType, nullable = true, metadata?: Map<string, string>): VgiField {\n return new A_Field(name, type as A_DataType, nullable, metadata ?? new Map()) as unknown as VgiField;\n}\n\nexport function schema(fields: readonly VgiField[], metadata?: Map<string, string>): VgiSchema {\n return new A_Schema(fields as A_Field[], metadata ?? new Map()) as unknown as VgiSchema;\n}\n\n// ----- IPC -----------------------------------------------------------------\n\nexport function serializeSchema(s: VgiSchema): Uint8Array {\n const writer = new RecordBatchStreamWriter();\n writer.reset(undefined, s as unknown as A_Schema);\n writer.close();\n return writer.toUint8Array(true);\n}\n\nexport function deserializeSchema(bytes: Uint8Array): VgiSchema {\n const reader = RecordBatchReader.from(bytes);\n const batches = [...reader];\n if (batches.length > 0) return batches[0].schema as unknown as VgiSchema;\n if (reader.schema) return reader.schema as unknown as VgiSchema;\n throw new Error(\"Cannot deserialize schema from empty IPC stream\");\n}\n\nexport function serializeBatch(batch: VgiBatch): Uint8Array {\n const a = batch as unknown as A_RecordBatch;\n const writer = new RecordBatchStreamWriter();\n writer.reset(undefined, a.schema);\n (writer as any)._writeRecordBatch(a);\n writer.close();\n return writer.toUint8Array(true);\n}\n\n/**\n * Incremental IPC encoder over arrow-js's `RecordBatchStreamWriter`. Each\n * call drains the writer's internal sink queue and returns the new bytes,\n * so the caller can flush them synchronously between lockstep turns.\n *\n * `_writeRecordBatch` is called directly (rather than the public `write`)\n * to bypass arrow-js's schema comparison, which would auto-close the\n * writer and silently drop a batch whose schema differs only in\n * nullability — our output schema is fixed at open time and all batches\n * are structurally compatible.\n */\nexport function createIncrementalEncoder(s: VgiSchema): IncrementalEncoder {\n const writer = new RecordBatchStreamWriter();\n writer.reset(undefined, s as unknown as A_Schema);\n const drain = (): Uint8Array => {\n const values = (writer as any)._sink._values as Uint8Array[];\n const total = values.reduce((n, c) => n + c.length, 0);\n const out = new Uint8Array(total);\n let off = 0;\n for (const c of values) {\n out.set(c, off);\n off += c.length;\n }\n values.length = 0;\n return out;\n };\n return {\n start: () => drain(),\n writeBatch(batch: VgiBatch): Uint8Array {\n (writer as any)._writeRecordBatch(batch as unknown as A_RecordBatch);\n return drain();\n },\n // EOS marker: continuation (0xFFFFFFFF) + metadata length (0x00000000).\n finish: () => new Uint8Array(new Int32Array([-1, 0]).buffer),\n };\n}\n\nexport function deserializeBatch(bytes: Uint8Array): VgiBatch {\n const reader = RecordBatchReader.from(bytes);\n const batches = [...reader];\n if (batches.length === 0) {\n const sch = reader.schema ?? new A_Schema([]);\n // Build an empty batch matching the schema. arrow-js quirk: empty IPC\n // streams may not give us a Schema; default to no fields.\n const structType = new A_Struct(sch.fields);\n const data = a_makeData({ type: structType, length: 0, children: [], nullCount: 0 });\n return new A_RecordBatch(sch, data) as unknown as VgiBatch;\n }\n return batches[0] as unknown as VgiBatch;\n}\n\n// ----- Construction --------------------------------------------------------\n\nexport function columnFromArray(values: any[], type: VgiDataType): VgiColumnData {\n return a_vectorFromArray(values, type as A_DataType).data[0] as VgiColumnData;\n}\n\n/** Build a 1-row batch from {colName: value} dict (Int64 numbers auto-coerced). */\nexport function singleRowBatch(s: VgiSchema, values: Record<string, any>): VgiBatch {\n const a = s as unknown as A_Schema;\n const children = a.fields.map((f) => {\n let val = values[f.name];\n if (f.type.typeId === A_Type.Int && (f.type as any).bitWidth === 64) {\n if (typeof val === \"number\") val = BigInt(val);\n }\n return a_vectorFromArray([val], f.type).data[0];\n });\n const structType = new A_Struct(a.fields);\n const data = a_makeData({ type: structType, length: 1, children, nullCount: 0 });\n return new A_RecordBatch(a, data) as unknown as VgiBatch;\n}\n\n/** Build an N-row batch from columnar arrays. */\nexport function batchFromColumns(s: VgiSchema, columns: Record<string, any[]>): VgiBatch {\n const a = s as unknown as A_Schema;\n const numRows = a.fields.length > 0 ? (columns[a.fields[0].name]?.length ?? 0) : 0;\n const children = a.fields.map((f) => {\n const vals = columns[f.name];\n if (!vals) return a_makeData({ type: f.type, length: numRows, nullCount: numRows });\n return a_vectorFromArray(vals, f.type).data[0];\n });\n const structType = new A_Struct(a.fields);\n const data = a_makeData({ type: structType, length: numRows, children, nullCount: 0 });\n return new A_RecordBatch(a, data) as unknown as VgiBatch;\n}\n\n/** Build a batch from pre-built column-data handles + schema. */\nexport function batchFromColumnData(\n s: VgiSchema,\n numRows: number,\n columnData: VgiColumnData[],\n metadata?: Map<string, string>,\n): VgiBatch {\n const a = s as unknown as A_Schema;\n const structType = new A_Struct(a.fields);\n const data = a_makeData({\n type: structType,\n length: numRows,\n children: columnData as any[],\n nullCount: 0,\n });\n // arrow-js Schema doesn't carry batch-level metadata; attach it when present\n // by cloning with a fresh metadata map.\n const finalSchema = metadata && metadata.size > 0 ? new A_Schema(a.fields, metadata) : a;\n return new A_RecordBatch(finalSchema, data) as unknown as VgiBatch;\n}\n\n/** Empty-Data builder used when assembling batches with pre-built children. */\nexport function emptyColumnData(type: VgiDataType): VgiColumnData {\n return makeEmptyDataRecursive(type as A_DataType) as VgiColumnData;\n}\n\n/**\n * 0-row batch with optional batch-level metadata (used for log/error/empty\n * tombstone batches by the wire layer).\n */\nexport function emptyBatchWithMetadata(s: VgiSchema, metadata?: Map<string, string>): VgiBatch {\n const a = s as unknown as A_Schema;\n const children = a.fields.map((f) => makeEmptyDataRecursive(f.type));\n const structType = new A_Struct(a.fields);\n const data = a_makeData({ type: structType, length: 0, children, nullCount: 0 });\n return new A_RecordBatch(a, data, metadata) as unknown as VgiBatch;\n}\n\n/** Recursive empty-Data builder — needed for nested types so arrow-js's\n * IPC writer doesn't crash on List/Map/Struct/Union with absent children. */\nfunction makeEmptyDataRecursive(type: A_DataType): any {\n const M = { DataType: A_DataTypeNS, Data: A_Data };\n if (M.DataType.isStruct(type)) {\n const children = (type as any).children.map((f: any) => makeEmptyDataRecursive(f.type));\n return a_makeData({ type, length: 0, children, nullCount: 0 } as any);\n }\n if (M.DataType.isList(type)) {\n const childData = makeEmptyDataRecursive((type as any).children[0].type);\n return a_makeData({ type, length: 0, child: childData, nullCount: 0, valueOffsets: new Int32Array([0]) } as any);\n }\n if (M.DataType.isFixedSizeList(type)) {\n const childData = makeEmptyDataRecursive((type as any).children[0].type);\n return a_makeData({ type, length: 0, child: childData, nullCount: 0 } as any);\n }\n if (M.DataType.isMap(type)) {\n const entryType = (type as any).children[0]?.type;\n const entryData = entryType\n ? makeEmptyDataRecursive(entryType)\n : a_makeData({ type: new A_Struct([]), length: 0, children: [], nullCount: 0 });\n return a_makeData({ type, length: 0, child: entryData, nullCount: 0, valueOffsets: new Int32Array([0]) } as any);\n }\n if (M.DataType.isUnion(type)) {\n const children = (type as any).children.map((f: any) => makeEmptyDataRecursive(f.type));\n if (M.DataType.isDenseUnion(type)) {\n return a_makeData({\n type,\n length: 0,\n typeIds: new Int8Array(0),\n valueOffsets: new Int32Array(0),\n children,\n nullCount: 0,\n } as any);\n }\n return a_makeData({\n type,\n length: 0,\n typeIds: new Int8Array(0),\n children,\n nullCount: 0,\n } as any);\n }\n return a_makeData({ type, length: 0, nullCount: 0 });\n}\n\n/** 1-row result batch: vectorFromArray each value, support raw Data\n * passthrough (for Map/opaque types whose .get(0) is unreliable). */\nexport function singleRowBatchWithMetadata(\n s: VgiSchema,\n values: Record<string, any>,\n metadata?: Map<string, string>,\n): VgiBatch {\n const a = s as unknown as A_Schema;\n const M = { DataType: A_DataTypeNS, Data: A_Data };\n const children = a.fields.map((f) => {\n const val = values[f.name];\n if (val instanceof M.Data) return val;\n return a_vectorFromArray([val], f.type).data[0];\n });\n const structType = new A_Struct(a.fields);\n const data = a_makeData({ type: structType, length: 1, children, nullCount: 0 });\n return new A_RecordBatch(a, data, metadata) as unknown as VgiBatch;\n}\n\n/** Tag a value as a raw Data passthrough. arrow-js: returns true if the\n * value is an arrow-js Data instance. flechette: always false (the\n * flechette backend doesn't surface this opaque-type quirk). */\nexport function isOpaqueData(val: unknown): boolean {\n const M = { DataType: A_DataTypeNS, Data: A_Data };\n return val instanceof M.Data;\n}\n\n/** Re-emit a batch with a different metadata map (same schema + data). */\nexport function withBatchMetadata(batch: VgiBatch, metadata: Map<string, string>): VgiBatch {\n const a = batch as unknown as A_RecordBatch;\n return new A_RecordBatch(a.schema, a.data, metadata) as unknown as VgiBatch;\n}\n\n/**\n * Serialize a sequence of batches into a single multi-batch IPC stream.\n * arrow-js's `RecordBatchStreamWriter` writes schema + N batches + EOS\n * incrementally — exactly what consumers expect for a producer/exchange\n * response that emits more than one batch.\n */\nexport function serializeBatches(schema: VgiSchema, batches: VgiBatch[]): Uint8Array {\n const writer = new RecordBatchStreamWriter();\n writer.reset(undefined, schema as unknown as A_Schema);\n for (const batch of batches) {\n (writer as any)._writeRecordBatch(batch as unknown as A_RecordBatch);\n }\n writer.close();\n return writer.toUint8Array(true);\n}\n\n/**\n * Rebuild a batch's data to match a target schema's field types.\n *\n * Lives on the backend because every line touches arrow-js internals\n * (Data.children, Data.clone, vectorFromArray, makeData with nullBitmap\n * passthrough). flechette's IPC reader produces specific types upfront, so\n * its `conformBatchToSchema` is a no-op — keeping this code out of the\n * shared util/ tree is what lets the worker-cf bundle drop arrow-js.\n */\nconst _needsValueCast: _NeedsCast = (src, dst) => {\n if (src.typeId === dst.typeId) return false;\n if (src.constructor === dst.constructor) return false;\n return true;\n};\n\nconst _isNumeric = (t: A_DataType): boolean => t.typeId === A_Type.Int || t.typeId === A_Type.Float;\n\nexport function conformBatchToSchema(batch: VgiBatch, schema: VgiSchema): VgiBatch {\n const a = batch as unknown as A_RecordBatch;\n if (a.numRows === 0) return batch;\n const s = schema as unknown as A_Schema;\n\n if (a.schema.fields.length !== s.fields.length) {\n throw new TypeError(`Field count mismatch: expected ${s.fields.length}, got ${a.schema.fields.length}`);\n }\n for (let i = 0; i < s.fields.length; i++) {\n if (a.schema.fields[i].name !== s.fields[i].name) {\n throw new TypeError(\n `Field name mismatch at index ${i}: expected '${s.fields[i].name}', got '${a.schema.fields[i].name}'`,\n );\n }\n }\n\n const children = s.fields.map((f, i) => {\n const srcChild = a.data.children[i];\n const srcType = srcChild.type;\n const dstType = f.type;\n\n if (!_needsValueCast(srcType, dstType)) {\n return srcChild.clone(dstType);\n }\n if (_isNumeric(srcType) && _isNumeric(dstType)) {\n const col = a.getChildAt(i)!;\n const values: number[] = [];\n for (let r = 0; r < a.numRows; r++) {\n const v = col.get(r);\n values.push(typeof v === \"bigint\" ? Number(v) : (v as number));\n }\n return a_vectorFromArray(values, dstType).data[0];\n }\n return srcChild.clone(dstType);\n });\n\n const structType = new A_Struct(s.fields);\n const data = a_makeData({\n type: structType,\n length: a.numRows,\n children,\n nullCount: a.data.nullCount,\n nullBitmap: a.data.nullBitmap,\n });\n return new A_RecordBatch(s, data, a.metadata) as unknown as VgiBatch;\n}\n",
|
|
12
|
+
"// Backend-agnostic Arrow type predicates. typeId values match the Arrow Type\n// enum and agree across arrow-js and flechette.\n\nimport type { VgiDataType } from \"./types.js\";\n\nexport const TypeId = {\n Null: 1,\n Int: 2,\n Float: 3,\n Binary: 4,\n Utf8: 5,\n Bool: 6,\n Decimal: 7,\n Date: 8,\n Time: 9,\n Timestamp: 10,\n Interval: 11,\n List: 12,\n Struct: 13,\n Union: 14,\n FixedSizeBinary: 15,\n FixedSizeList: 16,\n Map: 17,\n Duration: 18,\n LargeBinary: 19,\n LargeUtf8: 20,\n Dictionary: -1,\n} as const;\n\nexport const isNull = (t: VgiDataType): boolean => t.typeId === TypeId.Null;\nexport const isInt = (t: VgiDataType): boolean => t.typeId === TypeId.Int;\nexport const isFloat = (t: VgiDataType): boolean => t.typeId === TypeId.Float;\nexport const isBinary = (t: VgiDataType): boolean => t.typeId === TypeId.Binary || t.typeId === TypeId.LargeBinary;\nexport const isUtf8 = (t: VgiDataType): boolean => t.typeId === TypeId.Utf8 || t.typeId === TypeId.LargeUtf8;\nexport const isLargeUtf8 = (t: VgiDataType): boolean => t.typeId === TypeId.LargeUtf8;\nexport const isLargeBinary = (t: VgiDataType): boolean => t.typeId === TypeId.LargeBinary;\nexport const isBool = (t: VgiDataType): boolean => t.typeId === TypeId.Bool;\nexport const isDecimal = (t: VgiDataType): boolean => t.typeId === TypeId.Decimal;\nexport const isDate = (t: VgiDataType): boolean => t.typeId === TypeId.Date;\nexport const isTime = (t: VgiDataType): boolean => t.typeId === TypeId.Time;\nexport const isTimestamp = (t: VgiDataType): boolean => t.typeId === TypeId.Timestamp;\nexport const isDuration = (t: VgiDataType): boolean => t.typeId === TypeId.Duration;\nexport const isList = (t: VgiDataType): boolean => t.typeId === TypeId.List;\nexport const isStruct = (t: VgiDataType): boolean => t.typeId === TypeId.Struct;\nexport const isMap = (t: VgiDataType): boolean => t.typeId === TypeId.Map;\nexport const isFixedSizeBinary = (t: VgiDataType): boolean => t.typeId === TypeId.FixedSizeBinary;\nexport const isDictionary = (t: VgiDataType): boolean => t.typeId === TypeId.Dictionary;\n\nexport function isBatch(x: unknown): x is import(\"./types.js\").VgiBatch {\n return (\n x != null &&\n typeof (x as any).numRows === \"number\" &&\n (x as any).schema != null &&\n Array.isArray((x as any).schema.fields)\n );\n}\n",
|
|
10
13
|
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * External storage support for large Arrow IPC batches.\n *\n * When a batch exceeds a configurable threshold, it is serialized to IPC,\n * optionally compressed with zstd, and uploaded to pluggable storage.\n * The batch is replaced with a zero-row \"pointer batch\" containing the\n * download URL and SHA-256 checksum in metadata.\n */\n\nimport { deserializeBatch, serializeBatch, type VgiBatch, type VgiSchema } from \"./arrow/index.js\";\nimport { LOCATION_KEY, LOCATION_SHA256_KEY, LOG_LEVEL_KEY } from \"./constants.js\";\nimport { zstdCompress, zstdDecompress } from \"./util/zstd.js\";\nimport { buildEmptyBatch } from \"./wire/response.js\";\n\n// ---------------------------------------------------------------------------\n// Interfaces and configuration\n// ---------------------------------------------------------------------------\n\n/** Pluggable storage backend for uploading large batches. */\nexport interface ExternalStorage {\n /** Upload IPC data and return a URL for retrieval. */\n upload(data: Uint8Array, contentEncoding: string): Promise<string>;\n}\n\n/** A pre-signed PUT/GET URL pair for client-side data upload. */\nexport interface UploadUrl {\n /** Pre-signed PUT URL the client uploads to. */\n uploadUrl: string;\n /** Pre-signed GET URL the server fetches from. */\n downloadUrl: string;\n /** Expiration time (UTC) for the URL pair. */\n expiresAt: Date;\n}\n\n/**\n * Generates pre-signed upload URL pairs for client-vended externalization.\n *\n * Implementations must be safe to call from multiple concurrent requests.\n * Object lifecycle is the operator's responsibility — uploaded objects are\n * not automatically deleted by vgi-rpc.\n */\nexport interface UploadUrlProvider {\n /** Allocate one upload/download URL pair. */\n generateUploadUrl(): Promise<UploadUrl> | UploadUrl;\n}\n\n/** Configuration for external storage of large batches. */\nexport interface ExternalLocationConfig {\n /** Storage backend for uploading. */\n storage: ExternalStorage;\n /** Minimum batch byte size to trigger externalization. Default: 1MB. */\n externalizeThresholdBytes?: number;\n /** Optional zstd compression for uploaded data. */\n compression?: {\n /** Compression algorithm; only `\"zstd\"` is currently supported. */\n algorithm: \"zstd\";\n /** zstd compression level. Default: 3. */\n level?: number;\n };\n /** URL validator called before fetching. Throw to reject. Default: HTTPS-only. */\n urlValidator?: ((url: string) => void) | null;\n}\n\nconst DEFAULT_THRESHOLD = 1_048_576; // 1 MB\n\n// ---------------------------------------------------------------------------\n// URL validation\n// ---------------------------------------------------------------------------\n\n/** Default validator that rejects non-HTTPS URLs. */\nexport function httpsOnlyValidator(url: string): void {\n const parsed = new URL(url);\n if (parsed.protocol !== \"https:\") {\n throw new Error(`External location URL must use HTTPS, got \"${parsed.protocol}\"`);\n }\n}\n\n// ---------------------------------------------------------------------------\n// SHA-256 helpers\n// ---------------------------------------------------------------------------\n\nasync function sha256Hex(data: Uint8Array): Promise<string> {\n // Copy to a plain ArrayBuffer to satisfy Web Crypto API type requirements\n const buf = new ArrayBuffer(data.byteLength);\n new Uint8Array(buf).set(data);\n const hash = await crypto.subtle.digest(\"SHA-256\", buf);\n return Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\");\n}\n\n// ---------------------------------------------------------------------------\n// Detection\n// ---------------------------------------------------------------------------\n\n/** Returns true if the batch is a zero-row pointer to external data. */\nexport function isExternalLocationBatch(batch: VgiBatch): boolean {\n if (batch.numRows !== 0) return false;\n const meta = batch.metadata;\n if (!meta) return false;\n return meta.has(LOCATION_KEY) && !meta.has(LOG_LEVEL_KEY);\n}\n\n// ---------------------------------------------------------------------------\n// Pointer batch creation\n// ---------------------------------------------------------------------------\n\n/** Create a zero-row pointer batch with location URL and optional SHA-256. */\nexport function makeExternalLocationBatch(schema: VgiSchema, url: string, sha256?: string): VgiBatch {\n const metadata = new Map<string, string>();\n metadata.set(LOCATION_KEY, url);\n if (sha256) {\n metadata.set(LOCATION_SHA256_KEY, sha256);\n }\n return buildEmptyBatch(schema, metadata);\n}\n\n// ---------------------------------------------------------------------------\n// IPC serialization helpers\n// ---------------------------------------------------------------------------\n\nfunction serializeBatchToIpc(batch: VgiBatch): Uint8Array {\n return serializeBatch(batch);\n}\n\nfunction batchByteSize(batch: VgiBatch): number {\n // Estimate from IPC serialization size for threshold check.\n return serializeBatch(batch).byteLength;\n}\n\n// ---------------------------------------------------------------------------\n// Write path: externalization\n// ---------------------------------------------------------------------------\n\n/**\n * Maybe externalize a batch if it exceeds the threshold.\n * Returns the original batch unchanged if below threshold or no config.\n */\nexport async function maybeExternalizeBatch(\n batch: VgiBatch,\n config?: ExternalLocationConfig | null,\n): Promise<VgiBatch> {\n if (!config?.storage) return batch;\n if (batch.numRows === 0) return batch;\n\n const threshold = config.externalizeThresholdBytes ?? DEFAULT_THRESHOLD;\n if (batchByteSize(batch) < threshold) return batch;\n\n // Serialize to IPC\n let ipcData = serializeBatchToIpc(batch);\n\n // Compute SHA-256 of raw IPC bytes (pre-compression)\n const checksum = await sha256Hex(ipcData);\n\n // Optionally compress\n let contentEncoding = \"\";\n if (config.compression?.algorithm === \"zstd\") {\n ipcData = (await zstdCompress(ipcData, config.compression.level ?? 3)) as Uint8Array;\n contentEncoding = \"zstd\";\n }\n\n // Upload\n const url = await config.storage.upload(ipcData, contentEncoding);\n\n // Return pointer batch\n return makeExternalLocationBatch(batch.schema, url, checksum);\n}\n\n// ---------------------------------------------------------------------------\n// Read path: resolution\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve an external pointer batch by fetching the data from the URL.\n * Returns the original batch unchanged if not a pointer or no config.\n */\nexport async function resolveExternalLocation(\n batch: VgiBatch,\n config?: ExternalLocationConfig | null,\n): Promise<VgiBatch> {\n if (!config) return batch;\n if (!isExternalLocationBatch(batch)) return batch;\n\n const url = batch.metadata?.get(LOCATION_KEY);\n if (!url) return batch;\n\n // Validate URL\n const validator = config.urlValidator === null ? undefined : (config.urlValidator ?? httpsOnlyValidator);\n if (validator) {\n validator(url);\n }\n\n // Fetch\n const response = await fetch(url);\n if (!response.ok) {\n throw new Error(`External location fetch failed: ${response.status} ${response.statusText} [url: ${url}]`);\n }\n let data = new Uint8Array(await response.arrayBuffer());\n\n // Decompress if needed. Cap the decompressed size at 16x the\n // compressed body — generous for typical Arrow IPC zstd ratios but\n // tight enough that a tiny response cannot inflate to multi-GB.\n // Mirrors Python's external_fetch.fetch_url.\n const contentEncoding = response.headers.get(\"Content-Encoding\");\n if (contentEncoding === \"zstd\") {\n const cap = data.byteLength * 16;\n data = new Uint8Array(await zstdDecompress(data, cap));\n }\n\n // Verify SHA-256 if present\n const expectedSha256 = batch.metadata?.get(LOCATION_SHA256_KEY);\n if (expectedSha256) {\n const actualSha256 = await sha256Hex(data);\n if (actualSha256 !== expectedSha256) {\n throw new Error(`SHA-256 checksum mismatch for ${url}: expected ${expectedSha256}, got ${actualSha256}`);\n }\n }\n\n // Parse IPC stream\n const resolved = deserializeBatch(data);\n if (resolved.numRows === 0 && resolved.schema.fields.length === 0) {\n throw new Error(`No data batch found in external IPC stream from ${url}`);\n }\n return resolved;\n}\n",
|
|
11
14
|
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n emptyBatchWithMetadata,\n isInt,\n singleRowBatchWithMetadata,\n type VgiBatch,\n type VgiSchema,\n} from \"../arrow/index.js\";\nimport {\n ERROR_KIND_KEY,\n LOG_EXTRA_KEY,\n LOG_LEVEL_KEY,\n LOG_MESSAGE_KEY,\n REQUEST_ID_KEY,\n SERVER_ID_KEY,\n} from \"../constants.js\";\n\n/**\n * Coerce values for Int64 schema fields from Number to BigInt.\n * Handles both single values and arrays. Returns a new record with coerced values.\n */\nexport function coerceInt64(schema: VgiSchema, values: Record<string, any>): Record<string, any> {\n const result: Record<string, any> = { ...values };\n for (const f of schema.fields) {\n const val = result[f.name];\n if (val === undefined) continue;\n if (!isInt(f.type) || (f.type as any).bitWidth !== 64) continue;\n\n if (Array.isArray(val)) {\n result[f.name] = val.map((v: any) => (typeof v === \"number\" ? BigInt(v) : v));\n } else if (typeof val === \"number\") {\n result[f.name] = BigInt(val);\n }\n }\n return result;\n}\n\n/**\n * Build a 1-row result batch with optional metadata.\n * For unary methods, `values` maps field names to single values.\n */\nexport function buildResultBatch(\n schema: VgiSchema,\n values: Record<string, any>,\n serverId: string,\n requestId: string | null,\n): VgiBatch {\n const metadata = new Map<string, string>();\n metadata.set(SERVER_ID_KEY, serverId);\n if (requestId !== null) {\n metadata.set(REQUEST_ID_KEY, requestId);\n }\n\n if (schema.fields.length === 0) {\n return buildEmptyBatch(schema, metadata);\n }\n\n // Validate required fields\n for (const f of schema.fields) {\n if (values[f.name] === undefined && !f.nullable) {\n const got = Object.keys(values);\n throw new TypeError(`Handler result missing required field '${f.name}'. Got keys: [${got.join(\", \")}]`);\n }\n }\n\n const coerced = coerceInt64(schema, values);\n return singleRowBatchWithMetadata(schema, coerced, metadata);\n}\n\n/**\n * Build a 0-row error batch with EXCEPTION metadata matching Python's Message.from_exception().\n */\nexport function buildErrorBatch(schema: VgiSchema, error: Error, serverId: string, requestId: string | null): VgiBatch {\n const metadata = new Map<string, string>();\n metadata.set(LOG_LEVEL_KEY, \"EXCEPTION\");\n // Prefer the standard `error.name` property (which user classes can set\n // via `this.name = \"Foo\"` even after a bundler renames the class) over\n // `constructor.name`, which is fragile under minification.\n const exceptionType = typeof error.name === \"string\" && error.name !== \"Error\" ? error.name : error.constructor.name;\n metadata.set(LOG_MESSAGE_KEY, `${exceptionType}: ${error.message}`);\n\n // Hoist `errorKind` (typed-exception marker) into the EXCEPTION batch\n // metadata as a top-level `vgi_rpc.error_kind` field so clients can\n // branch on the kind without parsing the log_extra JSON blob. Mirrors\n // Python's `Message.from_exception()` + `add_to_metadata()` hoisting.\n const errorKind =\n (error as { errorKind?: unknown }).errorKind ??\n ((error.constructor as { errorKind?: unknown }).errorKind as unknown);\n if (typeof errorKind === \"string\" && errorKind.length > 0) {\n metadata.set(ERROR_KIND_KEY, errorKind);\n }\n\n const extra: Record<string, any> = {\n exception_type: exceptionType,\n exception_message: error.message,\n traceback: error.stack ?? \"\",\n };\n if (typeof errorKind === \"string\" && errorKind.length > 0) {\n extra.error_kind = errorKind;\n }\n metadata.set(LOG_EXTRA_KEY, JSON.stringify(extra));\n metadata.set(SERVER_ID_KEY, serverId);\n if (requestId !== null) {\n metadata.set(REQUEST_ID_KEY, requestId);\n }\n\n return buildEmptyBatch(schema, metadata);\n}\n\n/**\n * Build a 0-row log batch.\n */\nexport function buildLogBatch(\n schema: VgiSchema,\n level: string,\n message: string,\n extra?: Record<string, any>,\n serverId?: string,\n requestId?: string | null,\n): VgiBatch {\n const metadata = new Map<string, string>();\n metadata.set(LOG_LEVEL_KEY, level);\n metadata.set(LOG_MESSAGE_KEY, message);\n if (extra) {\n metadata.set(LOG_EXTRA_KEY, JSON.stringify(extra));\n }\n if (serverId != null) {\n metadata.set(SERVER_ID_KEY, serverId);\n }\n if (requestId != null) {\n metadata.set(REQUEST_ID_KEY, requestId);\n }\n\n return buildEmptyBatch(schema, metadata);\n}\n\n/**\n * Build a 0-row batch from a schema with metadata.\n * Used for error/log batches.\n */\nexport function buildEmptyBatch(schema: VgiSchema, metadata?: Map<string, string>): VgiBatch {\n return emptyBatchWithMetadata(schema, metadata);\n}\n",
|
|
12
15
|
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n conformBatchToSchema,\n deserializeBatch,\n serializeBatches,\n type VgiBatch,\n type VgiSchema,\n} from \"../arrow/index.js\";\nimport { RPC_ERROR_HEADER } from \"../constants.js\";\nimport type { CookieSpec } from \"../types.js\";\n\n/** MIME type for Arrow IPC stream request and response bodies. */\nexport const ARROW_CONTENT_TYPE = \"application/vnd.apache.arrow.stream\";\n\n// Sticky session header conventions (HTTP-only). Mirrors Python's\n// `vgi_rpc.http._common`. Headers — not cookies — so multiple concurrent\n// sessions to one host from a single client multiplex correctly.\nexport const SESSION_HEADER = \"VGI-Session\";\nexport const SESSION_ACCEPT_HEADER = \"VGI-Session-Accept\";\nexport const SESSION_CLOSE_HEADER = \"VGI-Session-Close\";\nexport const STICKY_ENABLED_HEADER = \"VGI-Sticky-Enabled\";\nexport const STICKY_DEFAULT_TTL_HEADER = \"VGI-Sticky-Default-TTL\";\nexport const STICKY_ECHO_HEADERS_HEADER = \"VGI-Sticky-Echo-Headers\";\n\n/** Prefix the server uses to tell the client \"echo this header on subsequent\n * requests in this session\". Clients capture and replay\n * `VGI-Echo-<name>: <value>` as plain `<name>: <value>` for the session\n * lifetime — used for client-driven routing (e.g. `fly-force-instance-id`). */\nexport const ECHO_HEADER_PREFIX = \"VGI-Echo-\";\n\n/** Framework-managed sticky session teardown endpoint path component.\n * `DELETE {prefix}/__session__` idempotently closes the session referenced\n * by the request's `VGI-Session` header. */\nexport const SESSION_ENDPOINT = \"__session__\";\n\n/** Serialize a CookieSpec into a Set-Cookie header value. */\nexport function formatSetCookieHeader(c: CookieSpec): string {\n const parts: string[] = [];\n if (c.delete) {\n parts.push(`${c.name}=`);\n parts.push(\"Max-Age=0\");\n } else {\n parts.push(`${c.name}=${c.value}`);\n if (c.maxAge !== undefined) parts.push(`Max-Age=${c.maxAge}`);\n if (c.expires) parts.push(`Expires=${c.expires.toUTCString()}`);\n }\n if (c.path) parts.push(`Path=${c.path}`);\n if (c.domain) parts.push(`Domain=${c.domain}`);\n if (c.secure) parts.push(\"Secure\");\n if (c.httpOnly) parts.push(\"HttpOnly\");\n if (c.sameSite) parts.push(`SameSite=${c.sameSite}`);\n if (c.partitioned) parts.push(\"Partitioned\");\n return parts.join(\"; \");\n}\n\n/** Append Set-Cookie headers for each queued CookieSpec onto an existing Headers object. */\nexport function appendCookieHeaders(headers: Headers, cookies: readonly CookieSpec[]): void {\n for (const c of cookies) {\n headers.append(\"Set-Cookie\", formatSetCookieHeader(c));\n }\n}\n\nexport class HttpRpcError extends Error {\n constructor(\n message: string,\n public readonly statusCode: number,\n ) {\n super(message);\n this.name = \"HttpRpcError\";\n }\n}\n\n/**\n * Serialize a schema + batches into a complete IPC stream as Uint8Array.\n *\n * A single IPC stream is `[schema_msg, batch_msg, batch_msg, ..., EOS]`.\n * Each backend implements `serializeBatches` to write that atomically —\n * arrow-js via `RecordBatchStreamWriter`, flechette via `tablesToIPC`\n * (added in our flechette fork). Naive concatenation of per-batch streams\n * produces multiple EOS markers and breaks readers.\n */\nexport function serializeIpcStream(schema: VgiSchema, batches: VgiBatch[]): Uint8Array {\n const conformed = batches.map((b) => conformBatchToSchema(b, schema));\n return serializeBatches(schema, conformed);\n}\n\n/**\n * Create a Response with Arrow IPC content type.\n *\n * Server errors (status 500) are translated to HTTP 200 with an\n * ``X-VGI-RPC-Error: true`` header so that clients which discard\n * response bodies on 5xx still receive the Arrow IPC error metadata.\n * Client errors (400, 401, 404, 415) are passed through unchanged.\n */\nexport function arrowResponse(body: Uint8Array, status = 200, extraHeaders?: Headers): Response {\n const headers = extraHeaders ?? new Headers();\n headers.set(\"Content-Type\", ARROW_CONTENT_TYPE);\n if (status === 500) {\n headers.set(RPC_ERROR_HEADER, \"true\");\n return new Response(body as unknown as BodyInit, { status: 200, headers });\n }\n return new Response(body as unknown as BodyInit, { status, headers });\n}\n\n/** Read schema + first batch from an IPC stream body via the facade. */\nexport async function readRequestFromBody(body: Uint8Array): Promise<{ schema: VgiSchema; batch: VgiBatch }> {\n const batch = deserializeBatch(body);\n // Reject only truly empty bodies. A zero-field, zero-row batch with batch\n // metadata is a legal exchange/cancel/continuation signal — the state\n // token rides on `batch.metadata` and downstream code (cancel detection,\n // schema conformance gating) is built to handle it.\n if (batch.schema.fields.length === 0 && batch.numRows === 0 && (batch.metadata?.size ?? 0) === 0) {\n throw new HttpRpcError(\"Empty IPC stream: no schema\", 400);\n }\n return { schema: batch.schema, batch };\n}\n",
|
|
@@ -18,9 +21,44 @@
|
|
|
18
21
|
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Client-side request-body externalization.\n *\n * When a request body would exceed the server-advertised `maxRequestBytes`,\n * we (1) call `{prefix}/__upload_url__/init` to get a pre-signed upload URL,\n * (2) PUT the body to that URL, and (3) replace the inline body with a\n * zero-row \"pointer\" IPC stream that carries the original RPC dispatch\n * metadata plus `vgi_rpc.location: <download-url>`. The server then resolves\n * the pointer and dispatches normally.\n *\n * Mirrors Python's `_externalize_via_upload_url()` and `request_upload_urls()`.\n */\n\nimport { Field, Int64, RecordBatchReader, Schema } from \"@query-farm/apache-arrow\";\nimport { REQUEST_VERSION, REQUEST_VERSION_KEY, RPC_METHOD_KEY } from \"../constants.js\";\nimport { RpcError } from \"../errors.js\";\nimport { makeExternalLocationBatch } from \"../external.js\";\nimport { ARROW_CONTENT_TYPE, serializeIpcStream } from \"../http/common.js\";\nimport { buildRequestIpc } from \"./ipc.js\";\n\nconst UPLOAD_URL_METHOD = \"__upload_url__\";\nconst UPLOAD_URL_PARAMS_SCHEMA = new Schema([new Field(\"count\", new Int64(), false)]);\n\nexport interface UploadUrlPair {\n uploadUrl: string;\n downloadUrl: string;\n expiresAt: Date;\n}\n\n/**\n * POST `__upload_url__/init` and return the requested number of pre-signed\n * URL pairs. Server must have an `uploadUrlProvider` configured; otherwise\n * the route returns 404 and we surface that as `RpcError(\"NotSupported\")`.\n */\nexport async function requestUploadUrls(\n baseUrl: string,\n prefix: string,\n count: number,\n authorization?: string,\n): Promise<UploadUrlPair[]> {\n const body = buildRequestIpc(UPLOAD_URL_PARAMS_SCHEMA, { count: BigInt(count) }, UPLOAD_URL_METHOD);\n const headers: Record<string, string> = { \"Content-Type\": ARROW_CONTENT_TYPE };\n if (authorization) headers.Authorization = authorization;\n\n const resp = await fetch(`${baseUrl}${prefix}/${UPLOAD_URL_METHOD}/init`, {\n method: \"POST\",\n headers,\n body: body as unknown as BodyInit,\n });\n if (resp.status === 404) {\n throw new RpcError(\"NotSupported\", \"Server does not support upload URLs\", \"\");\n }\n if (resp.status === 401) {\n throw new RpcError(\"AuthenticationError\", \"Authentication required\", \"\");\n }\n if (!resp.ok) {\n throw new RpcError(\"HttpError\", `__upload_url__/init failed: HTTP ${resp.status}`, \"\");\n }\n\n const respBody = new Uint8Array(await resp.arrayBuffer());\n const reader = await RecordBatchReader.from(respBody);\n await reader.open();\n\n const pairs: UploadUrlPair[] = [];\n for (const batch of reader.readAll()) {\n if (batch.numRows === 0) continue;\n for (let r = 0; r < batch.numRows; r++) {\n const uploadUrl = batch.getChildAt(0)?.get(r) as string;\n const downloadUrl = batch.getChildAt(1)?.get(r) as string;\n const expiresRaw = batch.getChildAt(2)?.get(r);\n // Timestamp(us) → either a Date, a number (ms), or a bigint (us)\n let expiresAt: Date;\n if (expiresRaw instanceof Date) {\n expiresAt = expiresRaw;\n } else if (typeof expiresRaw === \"bigint\") {\n expiresAt = new Date(Number(expiresRaw / 1000n));\n } else if (typeof expiresRaw === \"number\") {\n expiresAt = new Date(expiresRaw);\n } else {\n expiresAt = new Date();\n }\n pairs.push({ uploadUrl, downloadUrl, expiresAt });\n }\n }\n\n if (pairs.length === 0) {\n throw new RpcError(\"ProtocolError\", \"Server returned no upload URLs\", \"\");\n }\n return pairs;\n}\n\n/**\n * Build the externalized pointer body to send in place of *originalBody*.\n *\n * The pointer is a zero-row IPC stream whose first batch carries:\n * - same schema as the original request batch\n * - merged custom_metadata: original RPC dispatch keys + `vgi_rpc.location`\n *\n * The server's request reader honours the dispatch keys for routing, then\n * resolves the pointer to fetch the inline batch for parameter extraction.\n */\nasync function buildPointerRequestBody(originalBody: Uint8Array, downloadUrl: string): Promise<Uint8Array> {\n const reader = await RecordBatchReader.from(originalBody);\n await reader.open();\n const schema = reader.schema;\n if (!schema) {\n throw new RpcError(\"ProtocolError\", \"Original request body has no schema\", \"\");\n }\n const batches = reader.readAll();\n if (batches.length === 0) {\n throw new RpcError(\"ProtocolError\", \"Original request body has no batches\", \"\");\n }\n const original = batches[0];\n const originalMeta = original.metadata ?? new Map<string, string>();\n\n const pointer = makeExternalLocationBatch(schema, downloadUrl);\n const merged = new Map<string, string>(pointer.metadata ?? new Map());\n // Preserve the original RPC dispatch metadata so the server can route.\n const method = originalMeta.get(RPC_METHOD_KEY);\n const version = originalMeta.get(REQUEST_VERSION_KEY) ?? REQUEST_VERSION;\n if (method) merged.set(RPC_METHOD_KEY, method);\n merged.set(REQUEST_VERSION_KEY, version);\n // Carry over any other keys (request id, state token for exchange, etc).\n for (const [k, v] of originalMeta) {\n if (!merged.has(k)) merged.set(k, v);\n }\n\n // Re-emit the pointer batch with merged metadata.\n const { RecordBatch } = await import(\"@query-farm/apache-arrow\");\n const pointerWithMeta = new RecordBatch(schema as any, (pointer as any).data, merged);\n return serializeIpcStream(schema, [pointerWithMeta]);\n}\n\nexport interface ExternalizeOptions {\n baseUrl: string;\n prefix: string;\n authorization?: string;\n /** Optional per-URL validator; throw to reject. */\n urlValidator?: ((url: string) => void) | null;\n}\n\n/**\n * Upload *body* via a server-vended URL and return the pointer-batch body\n * that should be sent in place of the original. Throws if the server does\n * not advertise upload-URL support or the upload fails.\n */\nexport async function externalizeRequestBody(body: Uint8Array, opts: ExternalizeOptions): Promise<Uint8Array> {\n const pairs = await requestUploadUrls(opts.baseUrl, opts.prefix, 1, opts.authorization);\n const pair = pairs[0];\n\n if (opts.urlValidator) {\n opts.urlValidator(pair.uploadUrl);\n opts.urlValidator(pair.downloadUrl);\n }\n\n const putResp = await fetch(pair.uploadUrl, {\n method: \"PUT\",\n headers: { \"Content-Type\": ARROW_CONTENT_TYPE },\n body: body as unknown as BodyInit,\n });\n if (!putResp.ok) {\n throw new RpcError(\"ExternalUploadFailed\", `PUT to upload URL failed: HTTP ${putResp.status}`, \"\");\n }\n\n return buildPointerRequestBody(body, pair.downloadUrl);\n}\n",
|
|
19
22
|
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { RecordBatch, Schema } from \"@query-farm/apache-arrow\";\nimport { LOG_LEVEL_KEY, STATE_KEY } from \"../constants.js\";\nimport { RpcError } from \"../errors.js\";\nimport { isExternalLocationBatch, resolveExternalLocation } from \"../external.js\";\nimport { ARROW_CONTENT_TYPE } from \"../http/common.js\";\nimport {\n type HttpServerCapabilities,\n isCapabilitySnapshotFresh,\n parseCapabilitiesFromHeaders,\n} from \"./capabilities.js\";\nimport { httpIntrospect, type MethodInfo, type ServiceDescription } from \"./introspect.js\";\nimport {\n buildRequestIpc,\n dispatchLogOrError,\n extractBatchRows,\n readResponseBatches,\n readSequentialStreams,\n} from \"./ipc.js\";\nimport { HttpStreamSession } from \"./stream.js\";\nimport type { HttpConnectOptions, StreamSession } from \"./types.js\";\nimport { externalizeRequestBody } from \"./uploadUrl.js\";\n\ntype CompressFn = (data: Uint8Array, level: number) => Promise<Uint8Array>;\ntype DecompressFn = (data: Uint8Array) => Promise<Uint8Array>;\n\n/** A connected RPC client, returned by {@link httpConnect}, {@link pipeConnect}, and {@link subprocessConnect}. */\nexport interface RpcClient {\n /** Invoke a unary method. Returns the single result row, or `null` for void methods. Parameter defaults from `__describe__` are applied automatically. */\n call(method: string, params?: Record<string, any>): Promise<Record<string, any> | null>;\n /** Open a streaming method, returning a {@link StreamSession} for exchange or producer iteration. */\n stream(method: string, params?: Record<string, any>): Promise<StreamSession>;\n /** Fetch the server's method/protocol description (cached after the first call). */\n describe(): Promise<ServiceDescription>;\n /** Release transport resources; for subprocess clients this also terminates the child process. */\n close(): void;\n}\n\n/**\n * Connect to a vgi-rpc server over HTTP. The returned client lazily introspects\n * the server (caching `__describe__`) on the first call and transparently handles\n * zstd compression, authorization, and 413 request externalization.\n */\nexport function httpConnect(baseUrl: string, options?: HttpConnectOptions): RpcClient {\n const prefix = (options?.prefix ?? \"\").replace(/\\/+$/, \"\");\n const onLog = options?.onLog;\n const compressionLevel = options?.compressionLevel;\n const authorization = options?.authorization;\n const externalConfig = options?.externalLocation;\n\n let methodCache: Map<string, MethodInfo> | null = null;\n /** Application protocol surface version discovered via __describe__. When\n * non-empty, the client emits it on every request as\n * `vgi_rpc.protocol_version` so a versioned server can validate at the\n * dispatch boundary. */\n let serverProtocolVersion = \"\";\n let compressFn: CompressFn | undefined;\n let decompressFn: DecompressFn | undefined;\n let compressionLoaded = false;\n let capabilities: HttpServerCapabilities | null = null;\n\n function updateCapabilitiesFromResponse(resp: Response): void {\n const next = parseCapabilitiesFromHeaders(resp.headers);\n // Only treat the snapshot as authoritative when the server actually\n // emitted capability hints. Otherwise leave any prior cache in place.\n if (next.maxRequestBytes != null || next.uploadUrlSupport) {\n capabilities = next;\n }\n }\n\n async function maybeExternalize(body: Uint8Array): Promise<Uint8Array> {\n const caps = isCapabilitySnapshotFresh(capabilities) ? capabilities : null;\n if (!caps) return body;\n if (!caps.uploadUrlSupport) return body;\n if (caps.maxRequestBytes == null || body.byteLength <= caps.maxRequestBytes) return body;\n return externalizeRequestBody(body, {\n baseUrl,\n prefix,\n authorization,\n urlValidator: externalConfig?.urlValidator ?? null,\n });\n }\n\n /**\n * Send a POST request, transparently retrying with externalization if\n * the server returns 413 (Payload Too Large) and advertises upload-URL\n * support. Mirrors Python's 413 fallback in `_HttpProxy._post_with_externalization`.\n */\n async function postWithExternalization(url: string, body: Uint8Array): Promise<Response> {\n const sendBody = await maybeExternalize(body);\n let resp = await fetch(url, {\n method: \"POST\",\n headers: buildHeaders(),\n body: (await prepareBody(sendBody)) as unknown as BodyInit,\n });\n updateCapabilitiesFromResponse(resp);\n\n if (resp.status === 413 && capabilities?.uploadUrlSupport && body.byteLength > 0) {\n // Refresh-and-retry: caps tell us we can externalize.\n const externalized = await externalizeRequestBody(body, {\n baseUrl,\n prefix,\n authorization,\n urlValidator: externalConfig?.urlValidator ?? null,\n });\n resp = await fetch(url, {\n method: \"POST\",\n headers: buildHeaders(),\n body: (await prepareBody(externalized)) as unknown as BodyInit,\n });\n updateCapabilitiesFromResponse(resp);\n }\n\n return resp;\n }\n\n async function ensureCompression(): Promise<void> {\n if (compressionLoaded || compressionLevel == null) return;\n try {\n const mod = await import(\"../util/zstd.js\");\n compressFn = mod.zstdCompress;\n decompressFn = mod.zstdDecompress;\n } catch {\n // zstd not available in this runtime\n }\n compressionLoaded = true;\n }\n\n function buildHeaders(): Record<string, string> {\n const headers: Record<string, string> = {\n \"Content-Type\": ARROW_CONTENT_TYPE,\n };\n if (compressionLevel != null && compressFn) {\n headers[\"Content-Encoding\"] = \"zstd\";\n }\n if (compressionLevel != null && decompressFn) {\n headers[\"Accept-Encoding\"] = \"zstd\";\n }\n if (authorization) {\n headers.Authorization = authorization;\n }\n return headers;\n }\n\n async function prepareBody(content: Uint8Array): Promise<Uint8Array> {\n if (compressionLevel != null && compressFn) {\n return await compressFn(content, compressionLevel);\n }\n return content;\n }\n\n function checkAuth(resp: Response): void {\n if (resp.status === 401) {\n throw new RpcError(\"AuthenticationError\", \"Authentication required\", \"\");\n }\n }\n\n async function readResponse(resp: Response): Promise<Uint8Array<ArrayBuffer>> {\n let body = new Uint8Array(await resp.arrayBuffer());\n if (resp.headers.get(\"Content-Encoding\") === \"zstd\" && decompressFn) {\n body = new Uint8Array(await decompressFn(body));\n }\n return body;\n }\n\n async function ensureMethodCache(): Promise<Map<string, MethodInfo>> {\n if (methodCache) return methodCache;\n await ensureCompression();\n const desc = await httpIntrospect(baseUrl, {\n prefix,\n authorization,\n compressionLevel,\n compressFn,\n decompressFn,\n });\n methodCache = new Map(desc.methods.map((m) => [m.name, m]));\n serverProtocolVersion = desc.protocolVersion;\n return methodCache;\n }\n\n return {\n async call(method: string, params?: Record<string, any>): Promise<Record<string, any> | null> {\n await ensureCompression();\n const methods = await ensureMethodCache();\n const info = methods.get(method);\n if (!info) {\n throw new Error(`Unknown method: '${method}'`);\n }\n\n // Apply defaults\n const fullParams = { ...(info.defaults ?? {}), ...(params ?? {}) };\n\n const body = buildRequestIpc(info.paramsSchema, fullParams, method, { protocolVersion: serverProtocolVersion });\n const resp = await postWithExternalization(`${baseUrl}${prefix}/${method}`, body);\n checkAuth(resp);\n\n const responseBody = await readResponse(resp);\n const { batches } = await readResponseBatches(responseBody);\n\n // Process batches: dispatch logs, resolve external pointers, find result\n let resultBatch: RecordBatch | null = null;\n for (let batch of batches) {\n if (batch.numRows === 0) {\n // Check for external location pointer batch\n if (isExternalLocationBatch(batch as any)) {\n batch = (await resolveExternalLocation(batch as any, externalConfig)) as any;\n } else {\n dispatchLogOrError(batch, onLog);\n continue;\n }\n }\n resultBatch = batch;\n }\n\n if (!resultBatch) {\n // Void return (result schema has no fields)\n return null;\n }\n\n // Extract single-row result\n const rows = extractBatchRows(resultBatch);\n if (rows.length === 0) return null;\n\n const result = rows[0];\n // For void methods (empty result schema), return null\n if (info.resultSchema.fields.length === 0) return null;\n\n // For single-field results, return the whole object\n return result;\n },\n\n async stream(method: string, params?: Record<string, any>): Promise<HttpStreamSession> {\n await ensureCompression();\n const methods = await ensureMethodCache();\n const info = methods.get(method);\n if (!info) {\n throw new Error(`Unknown method: '${method}'`);\n }\n\n // Apply defaults\n const fullParams = { ...(info.defaults ?? {}), ...(params ?? {}) };\n\n const body = buildRequestIpc(info.paramsSchema, fullParams, method, { protocolVersion: serverProtocolVersion });\n const resp = await postWithExternalization(`${baseUrl}${prefix}/${method}/init`, body);\n checkAuth(resp);\n\n const responseBody = await readResponse(resp);\n\n // Parse the response: may contain header stream + data stream\n let header: Record<string, any> | null = null;\n let stateToken: string | null = null;\n const pendingBatches: RecordBatch[] = [];\n let finished = false;\n let streamSchema: Schema | null = null;\n\n if (info.headerSchema) {\n // Response may contain two concatenated IPC streams:\n // 1. Header stream\n // 2. Data stream (with state token and/or data batches)\n const reader = await readSequentialStreams(responseBody);\n\n // First stream: header\n const headerStream = await reader.readStream();\n if (headerStream) {\n for (const batch of headerStream.batches as any[]) {\n if (batch.numRows === 0) {\n dispatchLogOrError(batch, onLog);\n continue;\n }\n const rows = extractBatchRows(batch);\n if (rows.length > 0) {\n header = rows[0];\n }\n }\n }\n\n // Second stream: data/state\n const dataStream = await reader.readStream();\n if (dataStream) {\n streamSchema = dataStream.schema as any;\n }\n const headerErrorBatches: RecordBatch[] = [];\n if (dataStream) {\n for (const batch of dataStream.batches as any[]) {\n if (batch.numRows === 0) {\n // Check for state token\n const token = batch.metadata?.get(STATE_KEY);\n if (token) {\n stateToken = token;\n continue;\n }\n const level = batch.metadata?.get(LOG_LEVEL_KEY);\n if (level === \"EXCEPTION\") {\n headerErrorBatches.push(batch);\n continue;\n }\n dispatchLogOrError(batch, onLog);\n continue;\n }\n pendingBatches.push(batch);\n }\n }\n\n if (headerErrorBatches.length > 0) {\n if (pendingBatches.length > 0 || stateToken !== null) {\n pendingBatches.push(...headerErrorBatches);\n } else {\n for (const batch of headerErrorBatches) {\n dispatchLogOrError(batch, onLog);\n }\n }\n }\n\n if (!dataStream && !stateToken) {\n finished = true;\n }\n } else {\n // Single IPC stream: data/state (no header)\n const { schema: responseSchema, batches } = await readResponseBatches(responseBody);\n streamSchema = responseSchema;\n\n // Collect error batches separately — only defer them if there are\n // data batches or state tokens (mid-stream errors). Otherwise throw\n // immediately (init-only errors like exchange_error_on_init).\n const errorBatches: RecordBatch[] = [];\n\n for (const batch of batches) {\n if (batch.numRows === 0) {\n // Check for state token\n const token = batch.metadata?.get(STATE_KEY);\n if (token) {\n stateToken = token;\n continue;\n }\n // Collect EXCEPTION batches for deferred dispatch\n const level = batch.metadata?.get(LOG_LEVEL_KEY);\n if (level === \"EXCEPTION\") {\n errorBatches.push(batch);\n continue;\n }\n dispatchLogOrError(batch, onLog);\n continue;\n }\n pendingBatches.push(batch);\n }\n\n // If we have data batches or a state token, defer errors to iteration.\n // Otherwise throw immediately (error on init).\n if (errorBatches.length > 0) {\n if (pendingBatches.length > 0 || stateToken !== null) {\n pendingBatches.push(...errorBatches);\n } else {\n // No data, no state — this is a pure init error. Throw now.\n for (const batch of errorBatches) {\n dispatchLogOrError(batch, onLog);\n }\n }\n }\n }\n\n if (pendingBatches.length === 0 && stateToken === null) {\n finished = true;\n }\n\n // Determine output schema: prefer the IPC stream schema from the init\n // response (it carries the server's actual output schema even for\n // zero-row token batches), then pending batch schemas, then describe info.\n const outputSchema =\n (streamSchema && streamSchema.fields.length > 0 ? streamSchema : null) ??\n (pendingBatches.length > 0 ? pendingBatches[0].schema : null) ??\n info.outputSchema ??\n info.resultSchema;\n\n return new HttpStreamSession({\n baseUrl,\n prefix,\n method,\n stateToken,\n outputSchema,\n inputSchema: info.inputSchema,\n onLog,\n pendingBatches,\n finished,\n header,\n compressionLevel,\n compressFn,\n decompressFn,\n authorization,\n externalConfig,\n postFn: postWithExternalization,\n });\n },\n\n async describe(): Promise<ServiceDescription> {\n await ensureCompression();\n return httpIntrospect(baseUrl, {\n prefix,\n authorization,\n compressionLevel,\n compressFn,\n decompressFn,\n });\n },\n\n close(): void {\n // No-op (HTTP stateless)\n },\n };\n}\n",
|
|
20
23
|
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/** RFC 9728 OAuth Protected Resource Metadata (client-side response). */\nexport interface OAuthResourceMetadataResponse {\n /** The protected resource's canonical URL (`resource`). */\n resource: string;\n /** Authorization-server issuer URLs; the first is used for OIDC discovery (`authorization_servers`). */\n authorizationServers: string[];\n /** Scopes the resource advertises (`scopes_supported`). */\n scopesSupported?: string[];\n /** Advertised bearer methods, e.g. `[\"header\"]` (`bearer_methods_supported`). */\n bearerMethodsSupported?: string[];\n /** JWS algorithms the resource accepts (`resource_signing_alg_values_supported`). */\n resourceSigningAlgValuesSupported?: string[];\n /** Human-readable resource name (`resource_name`). */\n resourceName?: string;\n /** Documentation URL for the resource (`resource_documentation`). */\n resourceDocumentation?: string;\n /** Policy URL for the resource (`resource_policy_uri`). */\n resourcePolicyUri?: string;\n /** Terms-of-service URL for the resource (`resource_tos_uri`). */\n resourceTosUri?: string;\n /** OAuth client_id advertised by the server. */\n clientId?: string;\n /** OAuth client_secret advertised by the server. */\n clientSecret?: string;\n /** When true, use the OIDC id_token as the Bearer token instead of access_token. */\n useIdTokenAsBearer?: boolean;\n /** OAuth client_id for device code flow. */\n deviceCodeClientId?: string;\n /** OAuth client_secret for device code flow. */\n deviceCodeClientSecret?: string;\n}\n\nfunction parseMetadataJson(json: Record<string, any>): OAuthResourceMetadataResponse {\n const result: OAuthResourceMetadataResponse = {\n resource: json.resource,\n authorizationServers: json.authorization_servers,\n };\n if (json.scopes_supported) result.scopesSupported = json.scopes_supported;\n if (json.bearer_methods_supported) result.bearerMethodsSupported = json.bearer_methods_supported;\n if (json.resource_signing_alg_values_supported)\n result.resourceSigningAlgValuesSupported = json.resource_signing_alg_values_supported;\n if (json.resource_name) result.resourceName = json.resource_name;\n if (json.resource_documentation) result.resourceDocumentation = json.resource_documentation;\n if (json.resource_policy_uri) result.resourcePolicyUri = json.resource_policy_uri;\n if (json.resource_tos_uri) result.resourceTosUri = json.resource_tos_uri;\n if (json.client_id) result.clientId = json.client_id;\n if (json.client_secret) result.clientSecret = json.client_secret;\n if (json.use_id_token_as_bearer) result.useIdTokenAsBearer = json.use_id_token_as_bearer;\n if (json.device_code_client_id) result.deviceCodeClientId = json.device_code_client_id;\n if (json.device_code_client_secret) result.deviceCodeClientSecret = json.device_code_client_secret;\n return result;\n}\n\n/**\n * Discover OAuth Protected Resource Metadata (RFC 9728) from a vgi-rpc server.\n * Returns `null` if the server does not serve the well-known endpoint.\n */\nexport async function httpOAuthMetadata(\n baseUrl: string,\n prefix?: string,\n): Promise<OAuthResourceMetadataResponse | null> {\n const effectivePrefix = (prefix ?? \"\").replace(/\\/+$/, \"\");\n const metadataUrl = `${baseUrl.replace(/\\/+$/, \"\")}/.well-known/oauth-protected-resource${effectivePrefix}`;\n\n try {\n return await fetchOAuthMetadata(metadataUrl);\n } catch {\n return null;\n }\n}\n\n/**\n * Fetch OAuth Protected Resource Metadata from an explicit metadata URL.\n */\nexport async function fetchOAuthMetadata(metadataUrl: string): Promise<OAuthResourceMetadataResponse> {\n const response = await fetch(metadataUrl);\n if (!response.ok) {\n throw new Error(`Failed to fetch OAuth metadata from ${metadataUrl}: ${response.status}`);\n }\n const json = await response.json();\n return parseMetadataJson(json);\n}\n\n/**\n * Extract the `resource_metadata` URL from a WWW-Authenticate Bearer challenge.\n * Returns `null` if no resource_metadata parameter is found.\n */\nexport function parseResourceMetadataUrl(wwwAuthenticate: string): string | null {\n // Parse Bearer challenge parameters per RFC 6750\n const bearerMatch = wwwAuthenticate.match(/^Bearer\\s+(.*)/i);\n if (!bearerMatch) return null;\n\n const params = bearerMatch[1];\n const metadataMatch = params.match(/resource_metadata=\"([^\"]+)\"/);\n if (!metadataMatch) return null;\n\n return metadataMatch[1];\n}\n\n/**\n * Extract the `client_id` from a WWW-Authenticate Bearer challenge.\n * Returns `null` if no client_id parameter is found.\n */\nexport function parseClientId(wwwAuthenticate: string): string | null {\n const bearerMatch = wwwAuthenticate.match(/^Bearer\\s+(.*)/i);\n if (!bearerMatch) return null;\n\n const params = bearerMatch[1];\n const clientIdMatch = params.match(/client_id=\"([^\"]+)\"/);\n if (!clientIdMatch) return null;\n\n return clientIdMatch[1];\n}\n\n/**\n * Extract the `client_secret` from a WWW-Authenticate Bearer challenge.\n * Returns `null` if no client_secret parameter is found.\n */\nexport function parseClientSecret(wwwAuthenticate: string): string | null {\n const bearerMatch = wwwAuthenticate.match(/^Bearer\\s+(.*)/i);\n if (!bearerMatch) return null;\n\n const params = bearerMatch[1];\n const match = params.match(/client_secret=\"([^\"]+)\"/);\n if (!match) return null;\n\n return match[1];\n}\n\n/**\n * Extract the `use_id_token_as_bearer` flag from a WWW-Authenticate Bearer challenge.\n * Returns `true` if the parameter is present and set to \"true\", `false` otherwise.\n */\nexport function parseUseIdTokenAsBearer(wwwAuthenticate: string): boolean {\n const bearerMatch = wwwAuthenticate.match(/^Bearer\\s+(.*)/i);\n if (!bearerMatch) return false;\n\n const params = bearerMatch[1];\n const match = params.match(/use_id_token_as_bearer=\"([^\"]+)\"/);\n if (!match) return false;\n\n return match[1] === \"true\";\n}\n\n/**\n * Extract the `device_code_client_id` from a WWW-Authenticate Bearer challenge.\n * Returns `null` if no device_code_client_id parameter is found.\n */\nexport function parseDeviceCodeClientId(wwwAuthenticate: string): string | null {\n const bearerMatch = wwwAuthenticate.match(/^Bearer\\s+(.*)/i);\n if (!bearerMatch) return null;\n\n const params = bearerMatch[1];\n const match = params.match(/device_code_client_id=\"([^\"]+)\"/);\n if (!match) return null;\n\n return match[1];\n}\n\n/**\n * Extract the `device_code_client_secret` from a WWW-Authenticate Bearer challenge.\n * Returns `null` if no device_code_client_secret parameter is found.\n */\nexport function parseDeviceCodeClientSecret(wwwAuthenticate: string): string | null {\n const bearerMatch = wwwAuthenticate.match(/^Bearer\\s+(.*)/i);\n if (!bearerMatch) return null;\n\n const params = bearerMatch[1];\n const match = params.match(/device_code_client_secret=\"([^\"]+)\"/);\n if (!match) return null;\n\n return match[1];\n}\n",
|
|
21
|
-
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n Field,\n makeData,\n RecordBatch,\n RecordBatchStreamWriter,\n Schema,\n Struct,\n vectorFromArray,\n} from \"@query-farm/apache-arrow\";\nimport { DESCRIBE_METHOD_NAME } from \"../constants.js\";\nimport { RpcError } from \"../errors.js\";\nimport { type ExternalLocationConfig, isExternalLocationBatch, resolveExternalLocation } from \"../external.js\";\nimport { serializeIpcStream } from \"../http/common.js\";\nimport { IpcStreamReader } from \"../wire/reader.js\";\nimport type { RpcClient } from \"./connect.js\";\nimport { type MethodInfo, parseDescribeResponse, type ServiceDescription } from \"./introspect.js\";\nimport { buildRequestIpc, dispatchLogOrError, extractBatchRows, inferArrowType } from \"./ipc.js\";\nimport type { LogMessage, PipeConnectOptions, StreamSession, SubprocessConnectOptions } from \"./types.js\";\n\n// ---------------------------------------------------------------------------\n// Writable abstraction\n// ---------------------------------------------------------------------------\n\ninterface PipeWritable {\n write(data: Uint8Array): void;\n flush?(): void;\n end(): void;\n}\n\ntype WriteFn = (bytes: Uint8Array) => void;\n\n// ---------------------------------------------------------------------------\n// PipeIncrementalWriter — batch-by-batch IPC writing for lockstep streaming\n// ---------------------------------------------------------------------------\n\nclass PipeIncrementalWriter {\n private writer: RecordBatchStreamWriter;\n private writeFn: WriteFn;\n private closed = false;\n\n constructor(writeFn: WriteFn, schema: Schema) {\n this.writeFn = writeFn;\n this.writer = new RecordBatchStreamWriter();\n this.writer.reset(undefined, schema);\n this.drain(); // flushes schema message\n }\n\n write(batch: RecordBatch): void {\n if (this.closed) throw new Error(\"PipeIncrementalWriter already closed\");\n (this.writer as any)._writeRecordBatch(batch);\n this.drain();\n }\n\n close(): void {\n if (this.closed) return;\n this.closed = true;\n // EOS marker: continuation (0xFFFFFFFF) + metadata length (0x00000000)\n const eos = new Uint8Array(new Int32Array([-1, 0]).buffer);\n this.writeFn(eos);\n }\n\n private drain(): void {\n const values = (this.writer as any)._sink._values as Uint8Array[];\n for (const chunk of values) {\n this.writeFn(chunk);\n }\n values.length = 0;\n }\n}\n\n// ---------------------------------------------------------------------------\n// PipeStreamSession — lockstep streaming over pipes\n// ---------------------------------------------------------------------------\n\n/**\n * {@link StreamSession} implementation for the pipe/subprocess transport.\n * Drives lockstep streaming over a single bidirectional pipe: each\n * {@link PipeStreamSession.exchange} or iteration step writes one input batch\n * and reads one output batch. Holds the connection's single-threaded busy lock\n * until closed.\n */\nexport class PipeStreamSession implements StreamSession {\n private _reader: IpcStreamReader;\n private _writeFn: WriteFn;\n private _onLog?: (msg: LogMessage) => void;\n private _header: Record<string, any> | null;\n private _inputWriter: PipeIncrementalWriter | null = null;\n private _inputSchema: Schema | null = null;\n private _outputStreamOpened = false;\n private _closed = false;\n private _outputSchema: Schema;\n private _releaseBusy: () => void;\n private _setDrainPromise: (p: Promise<void>) => void;\n private _externalConfig?: ExternalLocationConfig;\n\n constructor(opts: {\n reader: IpcStreamReader;\n writeFn: WriteFn;\n onLog?: (msg: LogMessage) => void;\n header: Record<string, any> | null;\n outputSchema: Schema;\n releaseBusy: () => void;\n setDrainPromise: (p: Promise<void>) => void;\n externalConfig?: ExternalLocationConfig;\n }) {\n this._reader = opts.reader;\n this._writeFn = opts.writeFn;\n this._onLog = opts.onLog;\n this._header = opts.header;\n this._outputSchema = opts.outputSchema;\n this._releaseBusy = opts.releaseBusy;\n this._setDrainPromise = opts.setDrainPromise;\n this._externalConfig = opts.externalConfig;\n }\n\n /** The stream's one-time header row, or `null` if the method declares no header. */\n get header(): Record<string, any> | null {\n return this._header;\n }\n\n /**\n * Read output batches from the server until a data batch is found.\n * Dispatches log/error batches along the way.\n * Returns null when server closes output stream (EOS).\n */\n private async _readOutputBatch(): Promise<RecordBatch | null> {\n while (true) {\n const batch = await this._reader.readNextBatch();\n if (batch === null) return null; // Server closed output stream\n\n if (batch.numRows === 0) {\n // Check for external location pointer batch\n if (isExternalLocationBatch(batch as any)) {\n return (await resolveExternalLocation(batch as any, this._externalConfig)) as any;\n }\n // Check if it's a log/error batch. If so, dispatch and continue.\n // Otherwise it's a zero-row data batch — return it.\n if (dispatchLogOrError(batch as any, this._onLog)) {\n continue;\n }\n }\n\n return batch as any;\n }\n }\n\n /**\n * Ensure the server's output stream is opened for reading.\n * Must be called AFTER sending the first input batch, because\n * the server's output schema may not be flushed until it processes\n * the first input and writes the first output batch.\n */\n private async _ensureOutputStream(): Promise<void> {\n if (this._outputStreamOpened) return;\n this._outputStreamOpened = true;\n const schema = await this._reader.openNextStream();\n if (!schema) {\n throw new RpcError(\"ProtocolError\", \"Expected output stream but got EOF\", \"\");\n }\n }\n\n /**\n * Send an exchange request and return the data rows.\n */\n async exchange(input: Record<string, any>[]): Promise<Record<string, any>[]> {\n if (this._closed) {\n throw new RpcError(\"ProtocolError\", \"Stream session is closed\", \"\");\n }\n\n // Build input batch\n let inputSchema: Schema;\n let batch: RecordBatch;\n\n if (input.length === 0) {\n // Zero-row exchange: use cached input schema from a prior exchange,\n // then fall back to the output schema from describe. The cached\n // schema is preferred because input and output schemas may differ\n // (e.g. exchange_accumulate: input {value} → output {running_sum, exchange_count}).\n inputSchema = this._inputSchema ?? this._outputSchema;\n const children = inputSchema.fields.map((f) => {\n return makeData({ type: f.type, length: 0, nullCount: 0 });\n });\n const structType = new Struct(inputSchema.fields);\n const data = makeData({\n type: structType,\n length: 0,\n children,\n nullCount: 0,\n });\n batch = new RecordBatch(inputSchema, data);\n } else {\n // Infer schema from first row.\n // Always use nullable fields — the server validates input schemas\n // strictly and its schema typically uses nullable columns.\n const keys = Object.keys(input[0]);\n const fields = keys.map((key) => {\n let sample: any;\n for (const row of input) {\n if (row[key] != null) {\n sample = row[key];\n break;\n }\n }\n const arrowType = inferArrowType(sample);\n return new Field(key, arrowType, /* nullable */ true);\n });\n inputSchema = new Schema(fields);\n\n // Validate schema consistency: all exchanges on the same pipe session\n // share a single IPC stream, so the schema is locked to the first call.\n if (this._inputSchema) {\n const cached = this._inputSchema;\n if (\n cached.fields.length !== inputSchema.fields.length ||\n cached.fields.some((f, i) => f.name !== inputSchema.fields[i].name)\n ) {\n throw new RpcError(\n \"ProtocolError\",\n `Exchange input schema changed: expected [${cached.fields.map((f) => f.name).join(\", \")}] ` +\n `but got [${inputSchema.fields.map((f) => f.name).join(\", \")}]`,\n \"\",\n );\n }\n } else {\n this._inputSchema = inputSchema;\n }\n\n const children = inputSchema.fields.map((f) => {\n const values = input.map((row) => row[f.name]);\n return vectorFromArray(values, f.type).data[0];\n });\n const structType = new Struct(inputSchema.fields);\n const data = makeData({\n type: structType,\n length: input.length,\n children,\n nullCount: 0,\n });\n batch = new RecordBatch(inputSchema, data);\n }\n\n // Lazy-open input writer on first exchange\n if (!this._inputWriter) {\n this._inputWriter = new PipeIncrementalWriter(this._writeFn, inputSchema);\n }\n\n // Write one input batch FIRST, then open output stream.\n // The server may not flush the output schema until it processes the\n // first input batch and writes the first output batch.\n this._inputWriter.write(batch);\n await this._ensureOutputStream();\n\n // Read output batch(es) from server\n try {\n const outputBatch = await this._readOutputBatch();\n if (outputBatch === null) {\n return [];\n }\n return extractBatchRows(outputBatch);\n } catch (e) {\n // On error, clean up the pipe so it's ready for the next request\n await this._cleanup();\n throw e;\n }\n }\n\n /**\n * Clean up after an error: close input, drain output, release busy.\n */\n private async _cleanup(): Promise<void> {\n if (this._closed) return;\n this._closed = true;\n if (this._inputWriter) {\n this._inputWriter.close();\n this._inputWriter = null;\n }\n try {\n if (this._outputStreamOpened) {\n while ((await this._reader.readNextBatch()) !== null) {}\n }\n } catch {\n // Suppress errors during drain\n }\n this._releaseBusy();\n }\n\n /**\n * Iterate over producer stream batches (lockstep).\n */\n async *[Symbol.asyncIterator](): AsyncIterableIterator<Record<string, any>[]> {\n if (this._closed) return;\n\n try {\n // Open input writer with empty schema for tick batches\n const tickSchema = new Schema([]);\n this._inputWriter = new PipeIncrementalWriter(this._writeFn, tickSchema);\n\n // Build a zero-row tick batch\n const structType = new Struct(tickSchema.fields);\n const tickData = makeData({\n type: structType,\n length: 0,\n children: [],\n nullCount: 0,\n });\n const tickBatch = new RecordBatch(tickSchema, tickData);\n\n while (true) {\n // Send one tick FIRST, then open output stream on first iteration.\n // The server may not flush the output schema until it processes the\n // first tick and writes the first output batch.\n this._inputWriter.write(tickBatch);\n await this._ensureOutputStream();\n\n // Read output batch(es)\n const outputBatch = await this._readOutputBatch();\n if (outputBatch === null) {\n // Server finished — EOS on output stream\n break;\n }\n\n yield extractBatchRows(outputBatch);\n }\n } finally {\n // Close input stream if still open\n if (this._inputWriter) {\n this._inputWriter.close();\n this._inputWriter = null;\n }\n // Drain any remaining output batches\n try {\n if (this._outputStreamOpened) {\n while ((await this._reader.readNextBatch()) !== null) {}\n }\n } catch {\n // Suppress errors during drain\n }\n this._closed = true;\n this._releaseBusy();\n }\n }\n\n /**\n * End the stream: close the input side (or send an empty stream if nothing\n * was sent yet) and drain the server's remaining output in the background,\n * releasing the connection's busy lock once the drain completes.\n */\n close(): void {\n if (this._closed) return;\n this._closed = true;\n\n if (this._inputWriter) {\n // Close the input stream (EOS)\n this._inputWriter.close();\n this._inputWriter = null;\n } else {\n // Never iterated/exchanged — send empty schema stream so server unblocks.\n // Server is blocked at reader.openNextStream() waiting for client's input.\n const emptySchema = new Schema([]);\n const ipc = serializeIpcStream(emptySchema, []);\n this._writeFn(ipc);\n }\n\n // Drain remaining output batches asynchronously. Register the drain\n // promise so that the next acquireBusy() waits for it to complete.\n const drainPromise = (async () => {\n try {\n if (!this._outputStreamOpened) {\n const schema = await this._reader.openNextStream();\n if (schema) {\n while ((await this._reader.readNextBatch()) !== null) {}\n }\n } else {\n while ((await this._reader.readNextBatch()) !== null) {}\n }\n } catch {\n // Suppress errors during drain\n } finally {\n this._releaseBusy();\n }\n })();\n this._setDrainPromise(drainPromise);\n }\n}\n\n// ---------------------------------------------------------------------------\n// pipeConnect — create an RpcClient over raw readable/writable streams\n// ---------------------------------------------------------------------------\n\n/**\n * Connect to a vgi-rpc server over a raw bidirectional pipe (a readable stream\n * of server output plus a writable for client input). The connection is\n * single-threaded: only one call or stream may be in flight at a time. The\n * `__describe__` handshake is sent before the reader is opened to avoid deadlock.\n */\nexport function pipeConnect(\n readable: ReadableStream<Uint8Array>,\n writable: PipeWritable,\n options?: PipeConnectOptions,\n): RpcClient {\n const onLog = options?.onLog;\n const externalConfig = options?.externalLocation;\n\n let reader: IpcStreamReader | null = null;\n let readerPromise: Promise<IpcStreamReader> | null = null;\n let methodCache: Map<string, MethodInfo> | null = null;\n let protocolName = \"\";\n let serverProtocolVersion = \"\";\n let _busy = false;\n let _drainPromise: Promise<void> | null = null;\n let closed = false;\n\n const writeFn: WriteFn = (bytes: Uint8Array) => {\n writable.write(bytes);\n writable.flush?.();\n };\n\n // The IpcStreamReader.create() blocks until the first IPC schema arrives\n // on the readable. To avoid deadlock, we must send our first request\n // (the __describe__ call) BEFORE opening the reader. After that, the\n // response bytes are in the pipe buffer and the reader can consume them.\n async function ensureReader(): Promise<IpcStreamReader> {\n if (reader) return reader;\n if (!readerPromise) {\n readerPromise = IpcStreamReader.create(readable);\n }\n reader = await readerPromise;\n return reader;\n }\n\n async function acquireBusy(): Promise<void> {\n // Wait for any pending drain from a previous close()\n if (_drainPromise) {\n await _drainPromise;\n _drainPromise = null;\n }\n if (_busy) {\n throw new Error(\n \"Pipe transport is busy — another call or stream is in progress. \" +\n \"Pipe connections are single-threaded; wait for the current operation to complete.\",\n );\n }\n _busy = true;\n }\n\n function releaseBusy(): void {\n _busy = false;\n }\n\n function setDrainPromise(p: Promise<void>): void {\n _drainPromise = p;\n }\n\n async function ensureMethodCache(): Promise<Map<string, MethodInfo>> {\n if (methodCache) return methodCache;\n\n await acquireBusy();\n try {\n // Send __describe__ request BEFORE opening the reader.\n // IpcStreamReader.create() blocks on reader.open() which reads the\n // first schema message. The server won't write anything until it\n // receives a request. Sending first avoids deadlock.\n const emptySchema = new Schema([]);\n const body = buildRequestIpc(emptySchema, {}, DESCRIBE_METHOD_NAME);\n writeFn(body);\n\n const r = await ensureReader();\n\n // Read response (first IPC stream = describe response schema + batches)\n // ensureReader() consumed the schema via open(). Use readStream()\n // which — on the first call (initialized=false) — returns the current\n // stream without calling reset().\n const response = await r.readStream();\n if (!response) {\n throw new Error(\"EOF reading __describe__ response\");\n }\n\n const desc = await parseDescribeResponse(response.batches as any, onLog);\n protocolName = desc.protocolName;\n serverProtocolVersion = desc.protocolVersion;\n methodCache = new Map(desc.methods.map((m) => [m.name, m]));\n return methodCache;\n } finally {\n releaseBusy();\n }\n }\n\n return {\n async call(method: string, params?: Record<string, any>): Promise<Record<string, any> | null> {\n const methods = await ensureMethodCache();\n await acquireBusy();\n try {\n const info = methods.get(method);\n if (!info) {\n throw new Error(`Unknown method: '${method}'`);\n }\n\n const r = await ensureReader();\n\n // Apply defaults\n const fullParams = { ...(info.defaults ?? {}), ...(params ?? {}) };\n\n // Send request\n const body = buildRequestIpc(info.paramsSchema, fullParams, method, { protocolVersion: serverProtocolVersion });\n writeFn(body);\n\n // Read response\n const response = await r.readStream();\n if (!response) {\n throw new Error(\"EOF reading response\");\n }\n\n // Process batches: dispatch logs, resolve external pointers, find result\n let resultBatch: RecordBatch | null = null;\n for (let batch of response.batches as any[]) {\n if (batch.numRows === 0) {\n if (isExternalLocationBatch(batch)) {\n batch = await resolveExternalLocation(batch, externalConfig);\n } else {\n dispatchLogOrError(batch, onLog);\n continue;\n }\n }\n resultBatch = batch;\n }\n\n if (!resultBatch) {\n return null;\n }\n\n const rows = extractBatchRows(resultBatch);\n if (rows.length === 0) return null;\n\n if (info.resultSchema.fields.length === 0) return null;\n\n return rows[0];\n } finally {\n releaseBusy();\n }\n },\n\n async stream(method: string, params?: Record<string, any>): Promise<StreamSession> {\n const methods = await ensureMethodCache();\n await acquireBusy();\n\n try {\n const info = methods.get(method);\n if (!info) {\n throw new Error(`Unknown method: '${method}'`);\n }\n\n const r = await ensureReader();\n\n // Apply defaults\n const fullParams = { ...(info.defaults ?? {}), ...(params ?? {}) };\n\n // Send init request (params as a complete IPC stream)\n const body = buildRequestIpc(info.paramsSchema, fullParams, method, { protocolVersion: serverProtocolVersion });\n writeFn(body);\n\n // Read header if method has headerSchema\n let header: Record<string, any> | null = null;\n if (info.headerSchema) {\n const headerStream = await r.readStream();\n if (headerStream) {\n for (const batch of headerStream.batches as any[]) {\n if (batch.numRows === 0) {\n dispatchLogOrError(batch, onLog);\n continue;\n }\n const rows = extractBatchRows(batch);\n if (rows.length > 0) {\n header = rows[0];\n }\n }\n }\n }\n\n const outputSchema = info.outputSchema ?? info.resultSchema;\n\n // Don't release busy here — PipeStreamSession owns the lock\n // and will release it when done\n return new PipeStreamSession({\n reader: r,\n writeFn,\n onLog,\n header,\n outputSchema,\n releaseBusy,\n setDrainPromise,\n externalConfig,\n });\n } catch (e) {\n // Init error (e.g., server raised exception during init).\n // Send empty input stream so server's drain unblocks, then\n // drain the server's output stream if needed.\n try {\n const r = await ensureReader();\n const emptySchema = new Schema([]);\n const ipc = serializeIpcStream(emptySchema, []);\n writeFn(ipc);\n // Drain server's output stream (error response + EOS)\n const outStream = await r.readStream();\n // outStream may be null or contain remaining batches — just consume\n void outStream;\n } catch {\n // Suppress errors during cleanup\n }\n releaseBusy();\n throw e;\n }\n },\n\n async describe(): Promise<ServiceDescription> {\n const methods = await ensureMethodCache();\n return {\n protocolName,\n protocolVersion: serverProtocolVersion,\n methods: [...methods.values()],\n };\n },\n\n close(): void {\n if (closed) return;\n closed = true;\n writable.end();\n },\n };\n}\n\n// ---------------------------------------------------------------------------\n// subprocessConnect — spawn a process and wrap with pipeConnect\n// ---------------------------------------------------------------------------\n\n/**\n * Spawn a server process (via `Bun.spawn`) and connect to it over its\n * stdin/stdout using {@link pipeConnect}. The returned client's\n * {@link RpcClient.close} also kills the subprocess.\n */\nexport function subprocessConnect(cmd: string[], options?: SubprocessConnectOptions): RpcClient {\n const proc = Bun.spawn(cmd, {\n stdin: \"pipe\",\n stdout: \"pipe\",\n stderr: options?.stderr ?? \"ignore\",\n cwd: options?.cwd,\n env: options?.env ? { ...process.env, ...options.env } : undefined,\n });\n\n const stdout = proc.stdout as ReadableStream<Uint8Array>;\n\n const writable: PipeWritable = {\n write(data: Uint8Array) {\n (proc.stdin as any).write(data);\n },\n flush() {\n (proc.stdin as any).flush();\n },\n end() {\n (proc.stdin as any).end();\n },\n };\n\n const client = pipeConnect(stdout, writable, {\n onLog: options?.onLog,\n externalLocation: options?.externalLocation,\n });\n\n // Wrap close to also kill the subprocess\n const originalClose = client.close;\n client.close = () => {\n originalClose.call(client);\n try {\n proc.kill();\n } catch {\n // Process may have already exited\n }\n };\n\n return client;\n}\n"
|
|
24
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n Field,\n makeData,\n RecordBatch,\n RecordBatchStreamWriter,\n Schema,\n Struct,\n vectorFromArray,\n} from \"@query-farm/apache-arrow\";\nimport { DESCRIBE_METHOD_NAME } from \"../constants.js\";\nimport { RpcError } from \"../errors.js\";\nimport { type ExternalLocationConfig, isExternalLocationBatch, resolveExternalLocation } from \"../external.js\";\nimport { serializeIpcStream } from \"../http/common.js\";\nimport { IpcStreamReader } from \"../wire/reader.js\";\nimport type { RpcClient } from \"./connect.js\";\nimport { type MethodInfo, parseDescribeResponse, type ServiceDescription } from \"./introspect.js\";\nimport { buildRequestIpc, dispatchLogOrError, extractBatchRows, inferArrowType } from \"./ipc.js\";\nimport type { LogMessage, PipeConnectOptions, StreamSession, SubprocessConnectOptions } from \"./types.js\";\n\n// ---------------------------------------------------------------------------\n// Writable abstraction\n// ---------------------------------------------------------------------------\n\ninterface PipeWritable {\n write(data: Uint8Array): void;\n flush?(): void;\n end(): void;\n}\n\ntype WriteFn = (bytes: Uint8Array) => void;\n\n// ---------------------------------------------------------------------------\n// PipeIncrementalWriter — batch-by-batch IPC writing for lockstep streaming\n// ---------------------------------------------------------------------------\n\nclass PipeIncrementalWriter {\n private writer: RecordBatchStreamWriter;\n private writeFn: WriteFn;\n private closed = false;\n\n constructor(writeFn: WriteFn, schema: Schema) {\n this.writeFn = writeFn;\n this.writer = new RecordBatchStreamWriter();\n this.writer.reset(undefined, schema);\n this.drain(); // flushes schema message\n }\n\n write(batch: RecordBatch): void {\n if (this.closed) throw new Error(\"PipeIncrementalWriter already closed\");\n (this.writer as any)._writeRecordBatch(batch);\n this.drain();\n }\n\n close(): void {\n if (this.closed) return;\n this.closed = true;\n // EOS marker: continuation (0xFFFFFFFF) + metadata length (0x00000000)\n const eos = new Uint8Array(new Int32Array([-1, 0]).buffer);\n this.writeFn(eos);\n }\n\n private drain(): void {\n const values = (this.writer as any)._sink._values as Uint8Array[];\n for (const chunk of values) {\n this.writeFn(chunk);\n }\n values.length = 0;\n }\n}\n\n// ---------------------------------------------------------------------------\n// PipeStreamSession — lockstep streaming over pipes\n// ---------------------------------------------------------------------------\n\n/**\n * {@link StreamSession} implementation for the pipe/subprocess transport.\n * Drives lockstep streaming over a single bidirectional pipe: each\n * {@link PipeStreamSession.exchange} or iteration step writes one input batch\n * and reads one output batch. Holds the connection's single-threaded busy lock\n * until closed.\n */\nexport class PipeStreamSession implements StreamSession {\n private _reader: IpcStreamReader;\n private _writeFn: WriteFn;\n private _onLog?: (msg: LogMessage) => void;\n private _header: Record<string, any> | null;\n private _inputWriter: PipeIncrementalWriter | null = null;\n private _inputSchema: Schema | null = null;\n private _outputStreamOpened = false;\n private _closed = false;\n private _outputSchema: Schema;\n private _releaseBusy: () => void;\n private _setDrainPromise: (p: Promise<void>) => void;\n private _externalConfig?: ExternalLocationConfig;\n\n constructor(opts: {\n reader: IpcStreamReader;\n writeFn: WriteFn;\n onLog?: (msg: LogMessage) => void;\n header: Record<string, any> | null;\n outputSchema: Schema;\n releaseBusy: () => void;\n setDrainPromise: (p: Promise<void>) => void;\n externalConfig?: ExternalLocationConfig;\n }) {\n this._reader = opts.reader;\n this._writeFn = opts.writeFn;\n this._onLog = opts.onLog;\n this._header = opts.header;\n this._outputSchema = opts.outputSchema;\n this._releaseBusy = opts.releaseBusy;\n this._setDrainPromise = opts.setDrainPromise;\n this._externalConfig = opts.externalConfig;\n }\n\n /** The stream's one-time header row, or `null` if the method declares no header. */\n get header(): Record<string, any> | null {\n return this._header;\n }\n\n /**\n * Read output batches from the server until a data batch is found.\n * Dispatches log/error batches along the way.\n * Returns null when server closes output stream (EOS).\n */\n private async _readOutputBatch(): Promise<RecordBatch | null> {\n while (true) {\n const batch = await this._reader.readNextBatch();\n if (batch === null) return null; // Server closed output stream\n\n if (batch.numRows === 0) {\n // Check for external location pointer batch\n if (isExternalLocationBatch(batch as any)) {\n return (await resolveExternalLocation(batch as any, this._externalConfig)) as any;\n }\n // Check if it's a log/error batch. If so, dispatch and continue.\n // Otherwise it's a zero-row data batch — return it.\n if (dispatchLogOrError(batch as any, this._onLog)) {\n continue;\n }\n }\n\n return batch as any;\n }\n }\n\n /**\n * Ensure the server's output stream is opened for reading.\n * Must be called AFTER sending the first input batch, because\n * the server's output schema may not be flushed until it processes\n * the first input and writes the first output batch.\n */\n private async _ensureOutputStream(): Promise<void> {\n if (this._outputStreamOpened) return;\n this._outputStreamOpened = true;\n const schema = await this._reader.openNextStream();\n if (!schema) {\n throw new RpcError(\"ProtocolError\", \"Expected output stream but got EOF\", \"\");\n }\n }\n\n /**\n * Send an exchange request and return the data rows.\n */\n async exchange(input: Record<string, any>[]): Promise<Record<string, any>[]> {\n if (this._closed) {\n throw new RpcError(\"ProtocolError\", \"Stream session is closed\", \"\");\n }\n\n // Build input batch\n let inputSchema: Schema;\n let batch: RecordBatch;\n\n if (input.length === 0) {\n // Zero-row exchange: use cached input schema from a prior exchange,\n // then fall back to the output schema from describe. The cached\n // schema is preferred because input and output schemas may differ\n // (e.g. exchange_accumulate: input {value} → output {running_sum, exchange_count}).\n inputSchema = this._inputSchema ?? this._outputSchema;\n const children = inputSchema.fields.map((f) => {\n return makeData({ type: f.type, length: 0, nullCount: 0 });\n });\n const structType = new Struct(inputSchema.fields);\n const data = makeData({\n type: structType,\n length: 0,\n children,\n nullCount: 0,\n });\n batch = new RecordBatch(inputSchema, data);\n } else {\n // Infer schema from first row.\n // Always use nullable fields — the server validates input schemas\n // strictly and its schema typically uses nullable columns.\n const keys = Object.keys(input[0]);\n const fields = keys.map((key) => {\n let sample: any;\n for (const row of input) {\n if (row[key] != null) {\n sample = row[key];\n break;\n }\n }\n const arrowType = inferArrowType(sample);\n return new Field(key, arrowType, /* nullable */ true);\n });\n inputSchema = new Schema(fields);\n\n // Validate schema consistency: all exchanges on the same pipe session\n // share a single IPC stream, so the schema is locked to the first call.\n if (this._inputSchema) {\n const cached = this._inputSchema;\n if (\n cached.fields.length !== inputSchema.fields.length ||\n cached.fields.some((f, i) => f.name !== inputSchema.fields[i].name)\n ) {\n throw new RpcError(\n \"ProtocolError\",\n `Exchange input schema changed: expected [${cached.fields.map((f) => f.name).join(\", \")}] ` +\n `but got [${inputSchema.fields.map((f) => f.name).join(\", \")}]`,\n \"\",\n );\n }\n } else {\n this._inputSchema = inputSchema;\n }\n\n const children = inputSchema.fields.map((f) => {\n const values = input.map((row) => row[f.name]);\n return vectorFromArray(values, f.type).data[0];\n });\n const structType = new Struct(inputSchema.fields);\n const data = makeData({\n type: structType,\n length: input.length,\n children,\n nullCount: 0,\n });\n batch = new RecordBatch(inputSchema, data);\n }\n\n // Lazy-open input writer on first exchange\n if (!this._inputWriter) {\n this._inputWriter = new PipeIncrementalWriter(this._writeFn, inputSchema);\n }\n\n // Write one input batch FIRST, then open output stream.\n // The server may not flush the output schema until it processes the\n // first input batch and writes the first output batch.\n this._inputWriter.write(batch);\n await this._ensureOutputStream();\n\n // Read output batch(es) from server\n try {\n const outputBatch = await this._readOutputBatch();\n if (outputBatch === null) {\n return [];\n }\n return extractBatchRows(outputBatch);\n } catch (e) {\n // On error, clean up the pipe so it's ready for the next request\n await this._cleanup();\n throw e;\n }\n }\n\n /**\n * Clean up after an error: close input, drain output, release busy.\n */\n private async _cleanup(): Promise<void> {\n if (this._closed) return;\n this._closed = true;\n if (this._inputWriter) {\n this._inputWriter.close();\n this._inputWriter = null;\n }\n try {\n if (this._outputStreamOpened) {\n while ((await this._reader.readNextBatch()) !== null) {}\n }\n } catch {\n // Suppress errors during drain\n }\n this._releaseBusy();\n }\n\n /**\n * Iterate over producer stream batches (lockstep).\n */\n async *[Symbol.asyncIterator](): AsyncIterableIterator<Record<string, any>[]> {\n if (this._closed) return;\n\n try {\n // Open input writer with empty schema for tick batches\n const tickSchema = new Schema([]);\n this._inputWriter = new PipeIncrementalWriter(this._writeFn, tickSchema);\n\n // Build a zero-row tick batch\n const structType = new Struct(tickSchema.fields);\n const tickData = makeData({\n type: structType,\n length: 0,\n children: [],\n nullCount: 0,\n });\n const tickBatch = new RecordBatch(tickSchema, tickData);\n\n while (true) {\n // Send one tick FIRST, then open output stream on first iteration.\n // The server may not flush the output schema until it processes the\n // first tick and writes the first output batch.\n this._inputWriter.write(tickBatch);\n await this._ensureOutputStream();\n\n // Read output batch(es)\n const outputBatch = await this._readOutputBatch();\n if (outputBatch === null) {\n // Server finished — EOS on output stream\n break;\n }\n\n yield extractBatchRows(outputBatch);\n }\n } finally {\n // Close input stream if still open\n if (this._inputWriter) {\n this._inputWriter.close();\n this._inputWriter = null;\n }\n // Drain any remaining output batches\n try {\n if (this._outputStreamOpened) {\n while ((await this._reader.readNextBatch()) !== null) {}\n }\n } catch {\n // Suppress errors during drain\n }\n this._closed = true;\n this._releaseBusy();\n }\n }\n\n /**\n * End the stream: close the input side (or send an empty stream if nothing\n * was sent yet) and drain the server's remaining output in the background,\n * releasing the connection's busy lock once the drain completes.\n */\n close(): void {\n if (this._closed) return;\n this._closed = true;\n\n if (this._inputWriter) {\n // Close the input stream (EOS)\n this._inputWriter.close();\n this._inputWriter = null;\n } else {\n // Never iterated/exchanged — send empty schema stream so server unblocks.\n // Server is blocked at reader.openNextStream() waiting for client's input.\n const emptySchema = new Schema([]);\n const ipc = serializeIpcStream(emptySchema, []);\n this._writeFn(ipc);\n }\n\n // Drain remaining output batches asynchronously. Register the drain\n // promise so that the next acquireBusy() waits for it to complete.\n const drainPromise = (async () => {\n try {\n if (!this._outputStreamOpened) {\n const schema = await this._reader.openNextStream();\n if (schema) {\n while ((await this._reader.readNextBatch()) !== null) {}\n }\n } else {\n while ((await this._reader.readNextBatch()) !== null) {}\n }\n } catch {\n // Suppress errors during drain\n } finally {\n this._releaseBusy();\n }\n })();\n this._setDrainPromise(drainPromise);\n }\n}\n\n// ---------------------------------------------------------------------------\n// pipeConnect — create an RpcClient over raw readable/writable streams\n// ---------------------------------------------------------------------------\n\n/**\n * Connect to a vgi-rpc server over a raw bidirectional pipe (a readable stream\n * of server output plus a writable for client input). The connection is\n * single-threaded: only one call or stream may be in flight at a time. The\n * `__describe__` handshake is sent before the reader is opened to avoid deadlock.\n */\nexport function pipeConnect(\n readable: ReadableStream<Uint8Array>,\n writable: PipeWritable,\n options?: PipeConnectOptions,\n): RpcClient {\n const onLog = options?.onLog;\n const externalConfig = options?.externalLocation;\n\n let reader: IpcStreamReader | null = null;\n let readerPromise: Promise<IpcStreamReader> | null = null;\n let methodCache: Map<string, MethodInfo> | null = null;\n let protocolName = \"\";\n let serverProtocolVersion = \"\";\n let _busy = false;\n let _drainPromise: Promise<void> | null = null;\n let closed = false;\n\n const writeFn: WriteFn = (bytes: Uint8Array) => {\n writable.write(bytes);\n writable.flush?.();\n };\n\n // The IpcStreamReader.create() blocks until the first IPC schema arrives\n // on the readable. To avoid deadlock, we must send our first request\n // (the __describe__ call) BEFORE opening the reader. After that, the\n // response bytes are in the pipe buffer and the reader can consume them.\n async function ensureReader(): Promise<IpcStreamReader> {\n if (reader) return reader;\n if (!readerPromise) {\n readerPromise = IpcStreamReader.create(readable);\n }\n reader = await readerPromise;\n return reader;\n }\n\n async function acquireBusy(): Promise<void> {\n // Wait for any pending drain from a previous close()\n if (_drainPromise) {\n await _drainPromise;\n _drainPromise = null;\n }\n if (_busy) {\n throw new Error(\n \"Pipe transport is busy — another call or stream is in progress. \" +\n \"Pipe connections are single-threaded; wait for the current operation to complete.\",\n );\n }\n _busy = true;\n }\n\n function releaseBusy(): void {\n _busy = false;\n }\n\n function setDrainPromise(p: Promise<void>): void {\n _drainPromise = p;\n }\n\n async function ensureMethodCache(): Promise<Map<string, MethodInfo>> {\n if (methodCache) return methodCache;\n\n await acquireBusy();\n try {\n // Send __describe__ request BEFORE opening the reader.\n // IpcStreamReader.create() blocks on reader.open() which reads the\n // first schema message. The server won't write anything until it\n // receives a request. Sending first avoids deadlock.\n const emptySchema = new Schema([]);\n const body = buildRequestIpc(emptySchema, {}, DESCRIBE_METHOD_NAME);\n writeFn(body);\n\n const r = await ensureReader();\n\n // Read response (first IPC stream = describe response schema + batches)\n // ensureReader() consumed the schema via open(). Use readStream()\n // which — on the first call (initialized=false) — returns the current\n // stream without calling reset().\n const response = await r.readStream();\n if (!response) {\n throw new Error(\"EOF reading __describe__ response\");\n }\n\n const desc = await parseDescribeResponse(response.batches as any, onLog);\n protocolName = desc.protocolName;\n serverProtocolVersion = desc.protocolVersion;\n methodCache = new Map(desc.methods.map((m) => [m.name, m]));\n return methodCache;\n } finally {\n releaseBusy();\n }\n }\n\n return {\n async call(method: string, params?: Record<string, any>): Promise<Record<string, any> | null> {\n const methods = await ensureMethodCache();\n await acquireBusy();\n try {\n const info = methods.get(method);\n if (!info) {\n throw new Error(`Unknown method: '${method}'`);\n }\n\n const r = await ensureReader();\n\n // Apply defaults\n const fullParams = { ...(info.defaults ?? {}), ...(params ?? {}) };\n\n // Send request\n const body = buildRequestIpc(info.paramsSchema, fullParams, method, { protocolVersion: serverProtocolVersion });\n writeFn(body);\n\n // Read response\n const response = await r.readStream();\n if (!response) {\n throw new Error(\"EOF reading response\");\n }\n\n // Process batches: dispatch logs, resolve external pointers, find result\n let resultBatch: RecordBatch | null = null;\n for (let batch of response.batches as any[]) {\n if (batch.numRows === 0) {\n if (isExternalLocationBatch(batch)) {\n batch = await resolveExternalLocation(batch, externalConfig);\n } else {\n dispatchLogOrError(batch, onLog);\n continue;\n }\n }\n resultBatch = batch;\n }\n\n if (!resultBatch) {\n return null;\n }\n\n const rows = extractBatchRows(resultBatch);\n if (rows.length === 0) return null;\n\n if (info.resultSchema.fields.length === 0) return null;\n\n return rows[0];\n } finally {\n releaseBusy();\n }\n },\n\n async stream(method: string, params?: Record<string, any>): Promise<StreamSession> {\n const methods = await ensureMethodCache();\n await acquireBusy();\n\n try {\n const info = methods.get(method);\n if (!info) {\n throw new Error(`Unknown method: '${method}'`);\n }\n\n const r = await ensureReader();\n\n // Apply defaults\n const fullParams = { ...(info.defaults ?? {}), ...(params ?? {}) };\n\n // Send init request (params as a complete IPC stream)\n const body = buildRequestIpc(info.paramsSchema, fullParams, method, { protocolVersion: serverProtocolVersion });\n writeFn(body);\n\n // Read header if method has headerSchema\n let header: Record<string, any> | null = null;\n if (info.headerSchema) {\n const headerStream = await r.readStream();\n if (headerStream) {\n for (const batch of headerStream.batches as any[]) {\n if (batch.numRows === 0) {\n dispatchLogOrError(batch, onLog);\n continue;\n }\n const rows = extractBatchRows(batch);\n if (rows.length > 0) {\n header = rows[0];\n }\n }\n }\n }\n\n const outputSchema = info.outputSchema ?? info.resultSchema;\n\n // Don't release busy here — PipeStreamSession owns the lock\n // and will release it when done\n return new PipeStreamSession({\n reader: r,\n writeFn,\n onLog,\n header,\n outputSchema,\n releaseBusy,\n setDrainPromise,\n externalConfig,\n });\n } catch (e) {\n // Init error (e.g., server raised exception during init).\n // Send empty input stream so server's drain unblocks, then\n // drain the server's output stream if needed.\n try {\n const r = await ensureReader();\n const emptySchema = new Schema([]);\n const ipc = serializeIpcStream(emptySchema, []);\n writeFn(ipc);\n // Drain server's output stream (error response + EOS)\n const outStream = await r.readStream();\n // outStream may be null or contain remaining batches — just consume\n void outStream;\n } catch {\n // Suppress errors during cleanup\n }\n releaseBusy();\n throw e;\n }\n },\n\n async describe(): Promise<ServiceDescription> {\n const methods = await ensureMethodCache();\n return {\n protocolName,\n protocolVersion: serverProtocolVersion,\n methods: [...methods.values()],\n };\n },\n\n close(): void {\n if (closed) return;\n closed = true;\n writable.end();\n },\n };\n}\n\n// ---------------------------------------------------------------------------\n// subprocessConnect — spawn a process and wrap with pipeConnect\n// ---------------------------------------------------------------------------\n\n/**\n * Spawn a server process (via `Bun.spawn`) and connect to it over its\n * stdin/stdout using {@link pipeConnect}. The returned client's\n * {@link RpcClient.close} also kills the subprocess.\n */\nexport function subprocessConnect(cmd: string[], options?: SubprocessConnectOptions): RpcClient {\n const proc = Bun.spawn(cmd, {\n stdin: \"pipe\",\n stdout: \"pipe\",\n stderr: options?.stderr ?? \"ignore\",\n cwd: options?.cwd,\n env: options?.env ? { ...process.env, ...options.env } : undefined,\n });\n\n const stdout = proc.stdout as ReadableStream<Uint8Array>;\n\n const writable: PipeWritable = {\n write(data: Uint8Array) {\n (proc.stdin as any).write(data);\n },\n flush() {\n (proc.stdin as any).flush();\n },\n end() {\n (proc.stdin as any).end();\n },\n };\n\n const client = pipeConnect(stdout, writable, {\n onLog: options?.onLog,\n externalLocation: options?.externalLocation,\n });\n\n // Wrap close to also kill the subprocess\n const originalClose = client.close;\n client.close = () => {\n originalClose.call(client);\n try {\n proc.kill();\n } catch {\n // Process may have already exited\n }\n };\n\n return client;\n}\n",
|
|
25
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { AuthContext } from \"../auth.js\";\n\n/** Async function that authenticates an incoming HTTP request. */\nexport type AuthenticateFn = (request: Request) => AuthContext | Promise<AuthContext>;\n\n/** RFC 9728 OAuth Protected Resource Metadata. */\nexport interface OAuthResourceMetadata {\n /** The protected resource's canonical URL. Doubles as the base for the\n * `/_oauth/callback` redirect URI. */\n resource: string;\n /** Authorization-server issuer URLs. The PKCE flow uses\n * `authorizationServers[0]` for OIDC discovery. */\n authorizationServers: string[];\n /** Scopes the resource advertises. When non-empty these become the PKCE\n * authorization request's space-joined `scope`, taking precedence over\n * {@link HttpHandlerOptions.oauthPkceScope}. */\n scopesSupported?: string[];\n /** Advertised bearer methods (e.g. `[\"header\"]`). */\n bearerMethodsSupported?: string[];\n /** JWS algorithms the resource accepts. */\n resourceSigningAlgValuesSupported?: string[];\n /** Human-readable resource name. */\n resourceName?: string;\n /** Documentation URL for the resource. */\n resourceDocumentation?: string;\n /** Policy URL for the resource. */\n resourcePolicyUri?: string;\n /** Terms-of-service URL for the resource. */\n resourceTosUri?: string;\n /** OAuth client_id that clients should use with the authorization server. */\n clientId?: string;\n /** OAuth client_secret that clients should use with the authorization server. */\n clientSecret?: string;\n /** OAuth client_id for device code flow. */\n deviceCodeClientId?: string;\n /** OAuth client_secret for device code flow. */\n deviceCodeClientSecret?: string;\n /** When true, clients should use the OIDC id_token as the Bearer token instead of access_token. */\n useIdTokenAsBearer?: boolean;\n}\n\n/** Convert OAuthResourceMetadata to RFC 9728 snake_case JSON object. */\nexport function oauthResourceMetadataToJson(metadata: OAuthResourceMetadata): Record<string, any> {\n const json: Record<string, any> = {\n resource: metadata.resource,\n authorization_servers: metadata.authorizationServers,\n };\n if (metadata.scopesSupported) json.scopes_supported = metadata.scopesSupported;\n if (metadata.bearerMethodsSupported) json.bearer_methods_supported = metadata.bearerMethodsSupported;\n if (metadata.resourceSigningAlgValuesSupported)\n json.resource_signing_alg_values_supported = metadata.resourceSigningAlgValuesSupported;\n if (metadata.resourceName) json.resource_name = metadata.resourceName;\n if (metadata.resourceDocumentation) json.resource_documentation = metadata.resourceDocumentation;\n if (metadata.resourcePolicyUri) json.resource_policy_uri = metadata.resourcePolicyUri;\n if (metadata.resourceTosUri) json.resource_tos_uri = metadata.resourceTosUri;\n if (metadata.clientId) {\n if (!/^[A-Za-z0-9\\-._~]+$/.test(metadata.clientId)) {\n throw new Error(`Invalid client_id: must contain only URL-safe characters [A-Za-z0-9\\\\-._~]`);\n }\n json.client_id = metadata.clientId;\n }\n if (metadata.clientSecret) {\n if (!/^[A-Za-z0-9\\-._~]+$/.test(metadata.clientSecret)) {\n throw new Error(`Invalid client_secret: must contain only URL-safe characters [A-Za-z0-9\\\\-._~]`);\n }\n json.client_secret = metadata.clientSecret;\n }\n if (metadata.deviceCodeClientId) {\n if (!/^[A-Za-z0-9\\-._~]+$/.test(metadata.deviceCodeClientId)) {\n throw new Error(`Invalid device_code_client_id: must contain only URL-safe characters [A-Za-z0-9\\\\-._~]`);\n }\n json.device_code_client_id = metadata.deviceCodeClientId;\n }\n if (metadata.deviceCodeClientSecret) {\n if (!/^[A-Za-z0-9\\-._~]+$/.test(metadata.deviceCodeClientSecret)) {\n throw new Error(`Invalid device_code_client_secret: must contain only URL-safe characters [A-Za-z0-9\\\\-._~]`);\n }\n json.device_code_client_secret = metadata.deviceCodeClientSecret;\n }\n if (metadata.useIdTokenAsBearer) {\n json.use_id_token_as_bearer = true;\n }\n return json;\n}\n\n/** Compute the well-known path for OAuth Protected Resource Metadata. */\nexport function wellKnownPath(prefix: string): string {\n return `/.well-known/oauth-protected-resource${prefix}`;\n}\n\n/** Build a WWW-Authenticate header value with optional resource_metadata URL, client_id, client_secret, device_code_client_id, device_code_client_secret, and use_id_token_as_bearer. */\nexport function buildWwwAuthenticateHeader(\n metadataUrl?: string,\n clientId?: string,\n clientSecret?: string,\n useIdTokenAsBearer?: boolean,\n deviceCodeClientId?: string,\n deviceCodeClientSecret?: string,\n): string {\n let header = \"Bearer\";\n if (metadataUrl) {\n header += ` resource_metadata=\"${metadataUrl}\"`;\n }\n if (clientId) {\n header += `, client_id=\"${clientId}\"`;\n }\n if (clientSecret) {\n header += `, client_secret=\"${clientSecret}\"`;\n }\n if (deviceCodeClientId) {\n header += `, device_code_client_id=\"${deviceCodeClientId}\"`;\n }\n if (deviceCodeClientSecret) {\n header += `, device_code_client_secret=\"${deviceCodeClientSecret}\"`;\n }\n if (useIdTokenAsBearer) {\n header += `, use_id_token_as_bearer=\"true\"`;\n }\n return header;\n}\n",
|
|
26
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n// Web Crypto helpers — universal across Node 18+, Bun, Cloudflare workerd,\n// Deno, and modern browsers. Used in place of node:crypto (`createHmac`,\n// `createHash`, `randomBytes`, `timingSafeEqual`) so the wire-protocol code\n// bundles cleanly for workerd without requiring `nodejs_compat`.\n//\n// All HMAC/digest operations are async because `crypto.subtle` is async-only.\n// Callers that previously had sync signatures should await the result.\n\n/** Cryptographically-strong random bytes. */\nexport function randomBytes(length: number): Uint8Array {\n const buf = new Uint8Array(length);\n crypto.getRandomValues(buf);\n return buf;\n}\n\n/**\n * Constant-time byte-array comparison. Returns false fast on length mismatch\n * (the length itself is not a secret), and otherwise XOR-accumulates without\n * an early return so the comparison takes the same wall time regardless of\n * which byte differs.\n */\nexport function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];\n return diff === 0;\n}\n\n/**\n * Cache imported `CryptoKey` per (raw key bytes, usage) so that repeated\n * sign/verify calls don't re-import. The key bytes are fingerprinted with a\n * stable string (base64 of the raw bytes); the WeakRef-friendly Map keeps the\n * cache bounded by typical key turnover (one or two signing keys per process).\n */\nconst _hmacKeyCache = new Map<string, Promise<CryptoKey>>();\n\nfunction _hmacKeyCacheKey(rawKey: Uint8Array, usage: \"sign\" | \"verify\"): string {\n // Cheap stable fingerprint — collisions only matter for the cache hit/miss,\n // not security. Use a string concat of byte values; for typical 32-byte\n // signing keys this is ~70 chars.\n let s = usage + \":\";\n for (let i = 0; i < rawKey.length; i++) s += rawKey[i].toString(16);\n return s;\n}\n\nasync function _importHmacKey(rawKey: Uint8Array, usage: \"sign\" | \"verify\"): Promise<CryptoKey> {\n const cacheKey = _hmacKeyCacheKey(rawKey, usage);\n let promise = _hmacKeyCache.get(cacheKey);\n if (!promise) {\n promise = crypto.subtle.importKey(\n \"raw\",\n // Copy into a fresh ArrayBuffer — importKey requires an ArrayBuffer or\n // ArrayBufferView; passing a SharedArrayBuffer view (or one whose\n // underlying buffer outlives this caller) can be rejected on some\n // runtimes. The copy is cheap (≤32 bytes typical).\n rawKey.slice().buffer as ArrayBuffer,\n { name: \"HMAC\", hash: \"SHA-256\" },\n false,\n [usage],\n );\n _hmacKeyCache.set(cacheKey, promise);\n }\n return promise;\n}\n\n/** HMAC-SHA256 over `data` with `key`. Returns a 32-byte tag. */\nexport async function hmacSha256(key: Uint8Array, data: Uint8Array): Promise<Uint8Array> {\n const cryptoKey = await _importHmacKey(key, \"sign\");\n const sig = await crypto.subtle.sign(\"HMAC\", cryptoKey, data as BufferSource);\n return new Uint8Array(sig);\n}\n\n/**\n * Verify an HMAC-SHA256 tag in constant time. Equivalent to\n * `constantTimeEqual(await hmacSha256(key, data), tag)`, but routes through\n * `crypto.subtle.verify` which is also constant-time on conforming runtimes.\n */\nexport async function hmacSha256Verify(key: Uint8Array, data: Uint8Array, tag: Uint8Array): Promise<boolean> {\n const cryptoKey = await _importHmacKey(key, \"verify\");\n return crypto.subtle.verify(\"HMAC\", cryptoKey, tag as BufferSource, data as BufferSource);\n}\n\n/** SHA-256 of `data` as raw bytes. */\nexport async function sha256(data: Uint8Array): Promise<Uint8Array> {\n const digest = await crypto.subtle.digest(\"SHA-256\", data as BufferSource);\n return new Uint8Array(digest);\n}\n\n/** SHA-256 of `data` as lower-case hex. */\nexport async function sha256Hex(data: Uint8Array): Promise<string> {\n const bytes = await sha256(data);\n let s = \"\";\n for (let i = 0; i < bytes.length; i++) s += bytes[i].toString(16).padStart(2, \"0\");\n return s;\n}\n",
|
|
27
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { AuthContext } from \"../auth.js\";\nimport { constantTimeEqual } from \"../util/web-crypto.js\";\nimport type { AuthenticateFn } from \"./auth.js\";\n\n/** Receives the raw bearer token string, returns an AuthContext on success. Must throw on failure. */\nexport type BearerValidateFn = (token: string) => AuthContext | Promise<AuthContext>;\n\n/**\n * Create a bearer-token authenticate callback.\n *\n * Extracts the `Authorization: Bearer <token>` header and delegates\n * validation to the user-supplied `validate` callback.\n */\nexport function bearerAuthenticate(options: { validate: BearerValidateFn }): AuthenticateFn {\n const { validate } = options;\n\n return async function authenticate(request: Request): Promise<AuthContext> {\n const authHeader = request.headers.get(\"Authorization\") ?? \"\";\n if (!authHeader.startsWith(\"Bearer \")) {\n throw new Error(\"Missing or invalid Authorization header\");\n }\n const token = authHeader.slice(7);\n return validate(token);\n };\n}\n\n/** Constant-time string comparison to prevent timing attacks on token lookup. */\nfunction safeEqual(a: string, b: string): boolean {\n const enc = new TextEncoder();\n return constantTimeEqual(enc.encode(a), enc.encode(b));\n}\n\n/**\n * Create a bearer-token authenticate callback from a static token map.\n *\n * Convenience wrapper around `bearerAuthenticate` that looks up the\n * token in a pre-built mapping using constant-time comparison.\n */\nexport function bearerAuthenticateStatic(options: {\n tokens: ReadonlyMap<string, AuthContext> | Record<string, AuthContext>;\n}): AuthenticateFn {\n const entries: [string, AuthContext][] =\n options.tokens instanceof Map ? [...options.tokens.entries()] : Object.entries(options.tokens);\n\n function validate(token: string): AuthContext {\n for (const [key, ctx] of entries) {\n if (safeEqual(token, key)) return ctx;\n }\n throw new Error(\"Unknown bearer token\");\n }\n\n return bearerAuthenticate({ validate });\n}\n\n/**\n * Check whether an error represents a credential rejection (should be\n * caught by the chain) vs a bug or authorization failure (should propagate).\n *\n * Mirrors Python's semantics where only `ValueError` is caught:\n * - Plain `Error` (constructor === Error) without `PermissionError` name → credential rejection\n * - `TypeError`, `RangeError`, etc. (Error subclasses) → bug, propagate\n * - `PermissionError` name → authorization failure, propagate\n * - Non-Error throws → propagate\n */\nfunction isCredentialError(err: unknown): err is Error {\n return err instanceof Error && err.constructor === Error && err.name !== \"PermissionError\";\n}\n\n/**\n * Chain multiple authenticate callbacks, trying each in order.\n *\n * Each authenticator is called in sequence. Plain `Error` (credential\n * rejection) causes the next authenticator to be tried. Error subclasses\n * (`TypeError`, `RangeError`, etc.), `PermissionError`-named errors, and\n * non-Error throws propagate immediately.\n *\n * @throws Error if no authenticators are provided.\n */\nexport function chainAuthenticate(...authenticators: AuthenticateFn[]): AuthenticateFn {\n if (authenticators.length === 0) {\n throw new Error(\"chainAuthenticate requires at least one authenticator\");\n }\n\n return async function authenticate(request: Request): Promise<AuthContext> {\n let lastError: Error | null = null;\n for (const authFn of authenticators) {\n try {\n return await authFn(request);\n } catch (err) {\n if (isCredentialError(err)) {\n lastError = err;\n continue;\n }\n throw err;\n }\n }\n const error = new Error(\"No authenticator accepted the request\");\n if (lastError) error.cause = lastError;\n throw error;\n };\n}\n",
|
|
28
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { serializeSchema as facadeSerializeSchema, type VgiSchema } from \"../arrow/index.js\";\n\n/**\n * Serialize a Schema to the Arrow IPC Schema message format.\n * This produces bytes compatible with Python's `pa.ipc.read_schema()`.\n * Equivalent to writing an empty-batch IPC stream — schema message + EOS marker.\n */\nexport function serializeSchema(schema: VgiSchema): Uint8Array {\n return facadeSerializeSchema(schema);\n}\n",
|
|
29
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n batchFromColumns,\n binary,\n bool,\n field,\n schema as makeSchema,\n utf8,\n type VgiBatch,\n withBatchMetadata,\n} from \"../arrow/index.js\";\nimport {\n DESCRIBE_VERSION,\n DESCRIBE_VERSION_KEY,\n PROTOCOL_HASH_KEY,\n PROTOCOL_NAME_KEY,\n PROTOCOL_VERSION_KEY,\n REQUEST_VERSION,\n REQUEST_VERSION_KEY,\n SERVER_ID_KEY,\n} from \"../constants.js\";\nimport type { MethodDefinition } from \"../types.js\";\nimport { serializeSchema } from \"../util/schema.js\";\nimport { sha256Hex } from \"../util/web-crypto.js\";\n\n/**\n * Slim DESCRIBE_VERSION 4 schema. Python-flavoured fields (doc,\n * param_types_json, param_defaults_json, param_docs_json) are not on the\n * wire — Arrow IPC schema bytes are the authoritative type information;\n * everything else is source-level metadata that callers should consult the\n * Protocol class for.\n */\nexport const DESCRIBE_SCHEMA = makeSchema([\n field(\"name\", utf8(), false),\n field(\"method_type\", utf8(), false),\n field(\"has_return\", bool(), false),\n field(\"params_schema_ipc\", binary(), false),\n field(\"result_schema_ipc\", binary(), false),\n field(\"has_header\", bool(), false),\n field(\"header_schema_ipc\", binary(), true),\n field(\"is_exchange\", bool(), true),\n]);\n\n/**\n * Compute the SHA-256 hex digest of the canonical describe payload. Mirrors\n * Python's vgi_rpc.introspect.compute_protocol_hash byte-for-byte, so two\n * implementations of the same Protocol that produce identical Arrow IPC\n * schema bytes for params/result/header will hash to the same value.\n */\nasync function computeProtocolHash(\n protocolName: string,\n rows: ReadonlyArray<{\n name: string;\n methodType: string;\n hasReturn: boolean;\n hasHeader: boolean;\n isExchange: boolean | null;\n paramsIpc: Uint8Array;\n resultIpc: Uint8Array;\n headerIpc: Uint8Array | null;\n }>,\n): Promise<string> {\n // Web Crypto's `subtle.digest` takes a single buffer, so we accumulate the\n // canonical byte stream into a single Uint8Array and hash once. The byte\n // sequence below must remain byte-for-byte identical to the Python\n // implementation in vgi_rpc.introspect.compute_protocol_hash.\n const enc = new TextEncoder();\n const parts: Uint8Array[] = [];\n const push = (v: string | Uint8Array) => parts.push(typeof v === \"string\" ? enc.encode(v) : v);\n\n push(\"vgi_rpc.describe.v\");\n push(DESCRIBE_VERSION);\n push(\"|\");\n push(REQUEST_VERSION);\n push(\"|\");\n push(protocolName);\n push(\"|\");\n for (const r of rows) {\n push(Uint8Array.of(0x1f));\n push(r.name);\n push(Uint8Array.of(0x1e));\n push(r.methodType);\n push(Uint8Array.of(0x1e));\n push(r.hasReturn ? \"1\" : \"0\");\n push(Uint8Array.of(0x1e));\n push(r.hasHeader ? \"1\" : \"0\");\n push(Uint8Array.of(0x1e));\n push(r.isExchange === null ? \"-\" : r.isExchange ? \"1\" : \"0\");\n push(Uint8Array.of(0x1e));\n push(r.paramsIpc);\n push(Uint8Array.of(0x1e));\n push(r.resultIpc);\n push(Uint8Array.of(0x1e));\n if (r.headerIpc) push(r.headerIpc);\n }\n\n let total = 0;\n for (const p of parts) total += p.length;\n const buf = new Uint8Array(total);\n let off = 0;\n for (const p of parts) {\n buf.set(p, off);\n off += p.length;\n }\n return sha256Hex(buf);\n}\n\n/**\n * Build the __describe__ response batch and metadata.\n */\nexport async function buildDescribeBatch(\n protocolName: string,\n methods: Map<string, MethodDefinition>,\n serverId: string,\n protocolVersion?: string,\n): Promise<{ batch: VgiBatch; metadata: Map<string, string> }> {\n // Sort methods by name for consistent ordering\n const sortedEntries = [...methods.entries()].sort(([a], [b]) => a.localeCompare(b));\n\n const names: (string | null)[] = [];\n const methodTypes: (string | null)[] = [];\n const hasReturns: boolean[] = [];\n const paramsSchemas: (Uint8Array | null)[] = [];\n const resultSchemas: (Uint8Array | null)[] = [];\n const hasHeaders: boolean[] = [];\n const headerSchemas: (Uint8Array | null)[] = [];\n const isExchanges: (boolean | null)[] = [];\n\n const hashRows: Array<{\n name: string;\n methodType: string;\n hasReturn: boolean;\n hasHeader: boolean;\n isExchange: boolean | null;\n paramsIpc: Uint8Array;\n resultIpc: Uint8Array;\n headerIpc: Uint8Array | null;\n }> = [];\n\n for (const [name, method] of sortedEntries) {\n names.push(name);\n methodTypes.push(method.type);\n\n const hasReturn = method.type === \"unary\" && method.resultSchema.fields.length > 0;\n hasReturns.push(hasReturn);\n\n const paramsIpc = serializeSchema(method.paramsSchema);\n const resultIpc = serializeSchema(method.resultSchema);\n paramsSchemas.push(paramsIpc);\n resultSchemas.push(resultIpc);\n\n const hasHeader = !!method.headerSchema;\n hasHeaders.push(hasHeader);\n const headerIpc = method.headerSchema ? serializeSchema(method.headerSchema) : null;\n headerSchemas.push(headerIpc);\n\n let isExchange: boolean | null;\n if (method.exchangeFn) isExchange = true;\n else if (method.producerFn) isExchange = false;\n else isExchange = null;\n isExchanges.push(isExchange);\n\n hashRows.push({\n name,\n methodType: method.type,\n hasReturn,\n hasHeader,\n isExchange,\n paramsIpc,\n resultIpc,\n headerIpc,\n });\n }\n\n const baseBatch = batchFromColumns(DESCRIBE_SCHEMA, {\n name: names,\n method_type: methodTypes,\n has_return: hasReturns,\n params_schema_ipc: paramsSchemas,\n result_schema_ipc: resultSchemas,\n has_header: hasHeaders,\n header_schema_ipc: headerSchemas,\n is_exchange: isExchanges,\n });\n\n const protocolHash = await computeProtocolHash(protocolName, hashRows);\n\n const metadata = new Map<string, string>();\n metadata.set(PROTOCOL_NAME_KEY, protocolName);\n metadata.set(REQUEST_VERSION_KEY, REQUEST_VERSION);\n metadata.set(DESCRIBE_VERSION_KEY, DESCRIBE_VERSION);\n metadata.set(PROTOCOL_HASH_KEY, protocolHash);\n metadata.set(SERVER_ID_KEY, serverId);\n if (protocolVersion) {\n metadata.set(PROTOCOL_VERSION_KEY, protocolVersion);\n }\n\n const batch = withBatchMetadata(baseBatch, metadata);\n return { batch, metadata };\n}\n",
|
|
30
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { batchFromColumns, isBatch, type VgiBatch, type VgiSchema } from \"./arrow/index.js\";\nimport { AuthContext } from \"./auth.js\";\nimport { buildLogBatch, coerceInt64 } from \"./wire/response.js\";\n\n/**\n * Whether an RPC method is request/response or streaming. Mirrors Python's\n * `MethodType` and is carried in the `__describe__` payload.\n */\nexport enum MethodType {\n /** Single request batch in, single result batch out. */\n UNARY = \"unary\",\n /** Streamed batches — either a producer or an exchange stream. */\n STREAM = \"stream\",\n}\n\n/**\n * Coarse identifier of the transport binding a {@link VgiRpcServer} or\n * HTTP handler. Workers (RPC implementations) read this via\n * {@link CallContext.kind} or the {@link ServeStartHook} lifecycle hook\n * to tailor startup behaviour (skip HTTP-only caching, enable\n * transport-specific metrics, etc.).\n *\n * Values are wire/log-friendly strings to match Python's `TransportKind`\n * StrEnum byte-for-byte across language boundaries.\n *\n * - `PIPE` — Stdio worker (the standalone {@link VgiRpcServer} loop).\n * - `HTTP` — Fetch-style HTTP handler (`createHttpHandler`).\n * - `UNIX` — AF_UNIX socket handler (the launcher path).\n */\nexport enum TransportKind {\n /** Stdio worker — the standalone {@link VgiRpcServer} loop. */\n PIPE = \"pipe\",\n /** Fetch-style HTTP handler (`createHttpHandler`). */\n HTTP = \"http\",\n /** AF_UNIX socket handler (the launcher path). */\n UNIX = \"unix\",\n}\n\n/**\n * Optional lifecycle hook fired once per process before the first\n * dispatched request.\n *\n * For the stdio server, fires inside `VgiRpcServer.run()` before the\n * first read. For HTTP, fires lazily on the first request handled\n * (fork-safe for pre-fork servers).\n *\n * If the hook raises, the server logs the exception and propagates it,\n * leaving the bind state unset so the next attempt re-fires the hook\n * rather than silently skipping it.\n */\nexport type ServeStartHook = (kind: TransportKind) => void | Promise<void>;\n\n/** Logging interface available to handlers. */\nexport interface LogContext {\n /** Emit a client-directed log message (sent as a zero-row log batch on the\n * wire). `level` is a severity label such as `\"info\"`, `\"warning\"`, or\n * `\"error\"`; `extra` carries optional structured string key/value pairs. */\n clientLog(level: string, message: string, extra?: Record<string, string>): void;\n}\n\n/**\n * Attributes for a Set-Cookie directive queued via {@link CallContext.setCookie}.\n * All fields are optional; omitted attributes are not serialized onto the header.\n */\nexport interface CookieAttrs {\n expires?: Date;\n maxAge?: number;\n domain?: string;\n path?: string;\n secure?: boolean;\n httpOnly?: boolean;\n sameSite?: \"Strict\" | \"Lax\" | \"None\";\n partitioned?: boolean;\n}\n\n/**\n * A queued cookie mutation for the HTTP response. Internal — callers\n * interact through {@link CallContext.setCookie} / {@link CallContext.deleteCookie}.\n */\nexport interface CookieSpec extends CookieAttrs {\n name: string;\n value: string;\n delete: boolean;\n}\n\n/** Per-request sticky-session sink. Internal — populated by the HTTP handler\n * when sticky sessions are enabled, read/mutated by {@link CallContext}'s\n * `openSession` / `closeSession` / `session` getters. */\nexport interface StickyContext {\n readonly acceptOpens: boolean;\n state: unknown | null;\n sessionId: string | null;\n mintToken: string | null;\n closed: boolean;\n action: \"none\" | \"resume\" | \"open\" | \"close\";\n _open(state: unknown, ttl: number | undefined): void;\n _close(): void;\n}\n\n/** Extended context with authentication info, available to handlers. */\nexport interface CallContext extends LogContext {\n /** Authenticated principal for this call; {@link AuthContext.anonymous} when\n * the request was not authenticated. */\n readonly auth: AuthContext;\n /** Coarse identifier of the bound transport, or `undefined` until the\n * server begins serving (the value is committed by the lifecycle hook\n * on the very first request). */\n readonly kind?: TransportKind;\n /**\n * Wire body bytes the framework will accept this iteration before\n * triggering a continuation token (producer streams) or strict-fail\n * with an EXCEPTION batch (unary / stream-exchange). Snapshot at\n * collector construction; not live. `undefined` when no cap is\n * configured or the transport doesn't expose one (stdio).\n */\n readonly remainingResponseBytes?: number;\n /**\n * External-channel bytes left this iteration. Always a hard cap —\n * externalised uploads have no escape valve like producer\n * continuation tokens. Undefined when no cap is configured or\n * externalisation is disabled.\n */\n readonly remainingExternalizedResponseBytes?: number;\n /** True iff the server has an externalisation backend wired up. */\n readonly externalizationEnabled?: boolean;\n /**\n * Incoming request cookies. Empty for non-HTTP transports.\n */\n readonly cookies: ReadonlyMap<string, string>;\n /**\n * Queue a Set-Cookie header on the HTTP response. Only valid inside a\n * unary RPC method served over HTTP; throws otherwise.\n */\n setCookie(name: string, value: string, attrs?: CookieAttrs): void;\n /**\n * Queue an unset-cookie directive on the HTTP response. Only valid\n * inside a unary RPC method served over HTTP; throws otherwise.\n */\n deleteCookie(name: string, opts?: { path?: string; domain?: string }): void;\n\n /**\n * Live sticky-session state object, or `null` when no session is bound to\n * this request. HTTP-only — other transports always return `null`.\n */\n readonly session: unknown | null;\n\n /**\n * Opaque 24-char-hex session ID, or `null` when no session is bound.\n * Survives {@link closeSession} so post-close access-log records still\n * carry the id.\n */\n readonly sessionId: string | null;\n\n /**\n * Register a sticky session holding *state* for subsequent requests on\n * this transport. HTTP-only — throws on other transports, on calls\n * without the `VGI-Session-Accept: true` opt-in header, or when a\n * session is already bound to this request.\n */\n openSession(state: unknown, ttl?: number): void;\n\n /** Invalidate the sticky session bound to this request. Idempotent. */\n closeSession(): void;\n}\n\nconst EMPTY_COOKIES: ReadonlyMap<string, string> = new Map();\n\nfunction cookieNotUnaryHttpError(): Error {\n return new Error(\"setCookie/deleteCookie is only supported inside unary RPC methods served over HTTP\");\n}\n\n/** Surface as `exception_type: \"RuntimeError\"` on the EXCEPTION batch — the\n * wire serializer reads `error.constructor.name`, so we need a real subclass\n * rather than just `err.name = \"RuntimeError\"`. Matches Python's pattern of\n * raising `RuntimeError` from the runtime API methods. */\nclass RuntimeError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"RuntimeError\";\n }\n}\n\nfunction runtimeError(message: string): Error {\n return new RuntimeError(message);\n}\n\n/** Handler for unary (request-response) RPC methods. */\nexport type UnaryHandler = (\n params: Record<string, any>,\n ctx: LogContext,\n) => Promise<Record<string, any>> | Record<string, any>;\n\n/** Initialization function for producer streams. Returns the initial state object. */\nexport type ProducerInit<S = any> = (params: Record<string, any>) => Promise<S> | S;\n/** Called repeatedly to produce output batches. Call `out.finish()` to end the stream. */\nexport type ProducerFn<S = any> = (state: S, out: OutputCollector) => Promise<void> | void;\n\n/** Initialization function for exchange streams. Returns the initial state object. */\nexport type ExchangeInit<S = any> = (params: Record<string, any>) => Promise<S> | S;\n/** Called once per input batch. Must emit exactly one output batch per call. */\nexport type ExchangeFn<S = any> = (state: S, input: VgiBatch, out: OutputCollector) => Promise<void> | void;\n\n/** Produces a header batch sent before the first output batch in a stream. */\nexport type HeaderInit = (params: Record<string, any>, state: any, ctx: LogContext) => Record<string, any>;\n\n/**\n * Optional handler invoked when the client signals cancellation by writing an\n * input batch carrying the ``vgi_rpc.cancel`` metadata key. The server runs\n * this hook once, before breaking out of the streaming loop, giving state\n * objects a chance to release resources. Errors are logged and swallowed.\n */\nexport type OnCancelFn<S = any> = (state: S) => Promise<void> | void;\n\n/**\n * In-memory definition of one registered RPC method, produced by the\n * {@link Protocol} builder and consumed by the dispatch layer. Which optional\n * fields are populated depends on the method {@link type}: `handler` for unary\n * methods, `producerInit`/`producerFn` for producer streams, and\n * `exchangeInit`/`exchangeFn` for exchange streams.\n */\nexport interface MethodDefinition {\n /** Method name as registered on the protocol. */\n name: string;\n /** Whether the method is unary or streaming. */\n type: MethodType;\n /** Schema of the request parameters batch. */\n paramsSchema: VgiSchema;\n /** Schema of the unary result batch (unused for streams). */\n resultSchema: VgiSchema;\n /** Schema of streamed output batches (producer and exchange streams). */\n outputSchema?: VgiSchema;\n /** Schema of streamed input batches (exchange streams only). */\n inputSchema?: VgiSchema;\n /** Implementation for unary methods. */\n handler?: UnaryHandler;\n /** Builds the initial state object for a producer stream. */\n producerInit?: ProducerInit;\n /** Produces output batches for a producer stream. */\n producerFn?: ProducerFn;\n /** Builds the initial state object for an exchange stream. */\n exchangeInit?: ExchangeInit;\n /** Handles each input batch of an exchange stream. */\n exchangeFn?: ExchangeFn;\n /** Schema of the optional per-stream header batch. */\n headerSchema?: VgiSchema;\n /** Builds the optional header batch emitted before the first output batch. */\n headerInit?: HeaderInit;\n /** Optional hook run when the client cancels a stream. */\n onCancel?: OnCancelFn;\n /** Human-readable method documentation, surfaced via introspection. */\n doc?: string;\n /** Default values applied to omitted request parameters. */\n defaults?: Record<string, any>;\n /** Human-readable parameter type names, surfaced via introspection. */\n paramTypes?: Record<string, string>;\n}\n\n/** Metadata passed to dispatch hooks before and after RPC method execution. */\nexport interface DispatchInfo {\n /** RPC method name. */\n method: string;\n /** \"unary\" or \"stream\". */\n methodType: string;\n /** Server identifier. */\n serverId: string;\n /** Client-supplied request identifier, or null. */\n requestId: string | null;\n /** Coarse transport identifier — `pipe` for stdio, `http` for fetch\n * handlers, `unix` for AF_UNIX. */\n kind?: TransportKind;\n /** Logical service / protocol name. */\n protocol?: string;\n /** SHA-256 hex of the canonical __describe__ payload (always required in access log). */\n protocolHash?: string;\n /** Operator-supplied protocol-contract version label (optional). */\n protocolVersion?: string;\n /** Authenticated principal, empty string when anonymous. */\n principal?: string;\n /** Authentication domain, empty string when anonymous. */\n authDomain?: string;\n /** True when the call was authenticated. */\n authenticated?: boolean;\n /** HTTP transport: remote IP:port. */\n remoteAddr?: string;\n /** Self-contained Arrow IPC stream of the request batch (unary + stream init only). */\n requestData?: Uint8Array;\n /** Stream lifecycle identifier (32-char lowercase hex); empty on unary. */\n streamId?: string;\n /** True when a stream was cancelled by the client. */\n cancelled?: boolean;\n /** Sticky session ID (24-char hex). Present only when the request was bound\n * to a sticky session or the method opened/closed one. */\n sessionId?: string;\n /** Sticky-session lifecycle action observed during dispatch — one of\n * `\"none\"` / `\"resume\"` / `\"open\"` / `\"close\"`. Omitted when sticky is\n * disabled or the request never touched the sticky middleware. */\n sessionAction?: \"none\" | \"resume\" | \"open\" | \"close\";\n}\n\n/** Per-call I/O counters, matching Python's CallStatistics. */\nexport interface CallStatistics {\n /** Number of input batches read from the client. */\n inputBatches: number;\n /** Number of output batches written to the client. */\n outputBatches: number;\n /** Total rows across all input batches. */\n inputRows: number;\n /** Total rows across all output batches. */\n outputRows: number;\n /** Total serialized bytes of all input batches. */\n inputBytes: number;\n /** Total serialized bytes of all output batches. */\n outputBytes: number;\n}\n\n/** Opaque token returned by onDispatchStart, passed back to onDispatchEnd. */\nexport type HookToken = unknown;\n\n/**\n * Observability hook called around RPC dispatch.\n * Implementations must be safe for concurrent use (HTTP transport is concurrent).\n */\nexport interface DispatchHook {\n /** Invoked before the method runs. The returned {@link HookToken} is opaque\n * to the framework and passed back to {@link onDispatchEnd}. */\n onDispatchStart(info: DispatchInfo): HookToken;\n /** Invoked after the method completes or throws. `stats` carries the per-call\n * I/O counters; `error` is set only when the dispatch failed. */\n onDispatchEnd(token: HookToken, info: DispatchInfo, stats: CallStatistics, error?: Error): void;\n}\n\nexport interface EmittedBatch {\n batch: VgiBatch;\n metadata?: Map<string, string>;\n}\n\n/**\n * Accumulates output batches during a produce/exchange call.\n * Enforces that exactly one data batch is emitted per call (plus any number of log batches).\n */\nexport class OutputCollector implements CallContext {\n private _batches: EmittedBatch[] = [];\n private _dataBatchIdx: number | null = null;\n private _finished = false;\n private _producerMode: boolean;\n private _outputSchema: VgiSchema;\n private _serverId: string;\n private _requestId: string | null;\n private _cookieSinkEnabled = false;\n private _responseCookies: CookieSpec[] = [];\n private _stickyContext: StickyContext | null = null;\n /** Authenticated principal for this call; {@link AuthContext.anonymous} when\n * the request was not authenticated. */\n readonly auth: AuthContext;\n readonly cookies: ReadonlyMap<string, string>;\n readonly kind?: TransportKind;\n readonly remainingResponseBytes?: number;\n readonly remainingExternalizedResponseBytes?: number;\n readonly externalizationEnabled?: boolean;\n\n constructor(\n outputSchema: VgiSchema,\n producerMode = true,\n serverId = \"\",\n requestId: string | null = null,\n authContext?: AuthContext,\n cookies?: ReadonlyMap<string, string>,\n kind?: TransportKind,\n /** Snapshot budget fields exposed to worker code via {@link CallContext}.\n * Optional — non-HTTP transports omit them and existing call sites\n * remain source-compatible. */\n budgets?: {\n remainingResponseBytes?: number;\n remainingExternalizedResponseBytes?: number;\n externalizationEnabled?: boolean;\n },\n ) {\n this._outputSchema = outputSchema;\n this._producerMode = producerMode;\n this._serverId = serverId;\n this._requestId = requestId;\n this.auth = authContext ?? AuthContext.anonymous();\n this.cookies = cookies ?? EMPTY_COOKIES;\n this.kind = kind;\n this.remainingResponseBytes = budgets?.remainingResponseBytes;\n this.remainingExternalizedResponseBytes = budgets?.remainingExternalizedResponseBytes;\n this.externalizationEnabled = budgets?.externalizationEnabled;\n }\n\n /**\n * Mark this collector as able to accept Set-Cookie directives. Called\n * by the unary HTTP dispatcher only; streaming and non-HTTP paths leave\n * the sink disabled so setCookie/deleteCookie throw.\n * @internal\n */\n enableCookieSink(): void {\n this._cookieSinkEnabled = true;\n }\n\n /**\n * Return and clear all queued cookie mutations.\n * @internal\n */\n drainResponseCookies(): CookieSpec[] {\n const cookies = this._responseCookies;\n this._responseCookies = [];\n return cookies;\n }\n\n setCookie(name: string, value: string, attrs?: CookieAttrs): void {\n if (!this._cookieSinkEnabled) throw cookieNotUnaryHttpError();\n this._responseCookies.push({\n name,\n value,\n delete: false,\n ...(attrs ?? {}),\n });\n }\n\n deleteCookie(name: string, opts?: { path?: string; domain?: string }): void {\n if (!this._cookieSinkEnabled) throw cookieNotUnaryHttpError();\n this._responseCookies.push({\n name,\n value: \"\",\n delete: true,\n path: opts?.path,\n domain: opts?.domain,\n });\n }\n\n /** Attach the sticky-session sink the HTTP handler built for this request.\n * @internal */\n attachStickyContext(ctx: StickyContext): void {\n this._stickyContext = ctx;\n }\n\n get session(): unknown | null {\n return this._stickyContext?.state ?? null;\n }\n\n get sessionId(): string | null {\n return this._stickyContext?.sessionId ?? null;\n }\n\n openSession(state: unknown, ttl?: number): void {\n const sink = this._stickyContext;\n if (!sink) {\n throw runtimeError(\"sticky sessions not available on this transport\");\n }\n if (!sink.acceptOpens) {\n throw runtimeError(\n \"client did not opt in to sticky sessions \" +\n \"(missing VGI-Session-Accept: true header — open the call inside \" +\n \"an HttpConnection.with_session_token() block)\",\n );\n }\n if (sink.state !== null) {\n throw runtimeError(\"a sticky session is already active for this request\");\n }\n sink._open(state, ttl);\n sink.action = \"open\";\n }\n\n closeSession(): void {\n const sink = this._stickyContext;\n if (!sink) {\n throw runtimeError(\"sticky sessions not available on this transport\");\n }\n sink._close();\n sink.action = \"close\";\n }\n\n /** Schema of the data batches this collector emits. */\n get outputSchema(): VgiSchema {\n return this._outputSchema;\n }\n\n /** True once {@link finish} has been called (producer streams only). */\n get finished(): boolean {\n return this._finished;\n }\n\n /** Batches emitted so far this call — the single data batch plus any log\n * batches, in emission order. Consumed by the dispatch layer. */\n get batches(): EmittedBatch[] {\n return this._batches;\n }\n\n /** Emit a pre-built batch as the data batch for this call. */\n emit(batch: VgiBatch, metadata?: Map<string, string>): void;\n /** Emit a data batch from column arrays keyed by field name. Int64 Number values are coerced to BigInt. */\n emit(columns: Record<string, any[]>): void;\n emit(batchOrColumns: VgiBatch | Record<string, any[]>, metadata?: Map<string, string>): void {\n let batch: VgiBatch;\n if (isBatch(batchOrColumns)) {\n batch = batchOrColumns;\n } else {\n const coerced = coerceInt64(this._outputSchema, batchOrColumns as Record<string, any[]>);\n // Build columns dict ensuring each field has an array (vectorFromArray-equivalent under the hood).\n const cols: Record<string, any[]> = {};\n for (const f of this._outputSchema.fields) {\n const v = coerced[f.name];\n cols[f.name] = Array.isArray(v) ? v : [v];\n }\n batch = batchFromColumns(this._outputSchema, cols);\n }\n if (this._dataBatchIdx !== null) {\n throw new Error(\"Only one data batch may be emitted per call\");\n }\n this._dataBatchIdx = this._batches.length;\n this._batches.push({ batch, metadata });\n }\n\n /** Single-row convenience. Wraps each value in `[value]` then calls `emit()`. */\n emitRow(values: Record<string, any>): void {\n const columns: Record<string, any[]> = {};\n for (const [key, value] of Object.entries(values)) {\n columns[key] = [value];\n }\n this.emit(columns);\n }\n\n /** Signal stream completion for producer streams. Throws if called on exchange streams. */\n finish(): void {\n if (!this._producerMode) {\n throw new Error(\n \"finish() is not allowed on exchange streams; \" + \"exchange streams must emit exactly one data batch per call\",\n );\n }\n this._finished = true;\n }\n\n /** Emit a zero-row client-directed log batch. */\n clientLog(level: string, message: string, extra?: Record<string, string>): void {\n const batch = buildLogBatch(this._outputSchema, level, message, extra, this._serverId, this._requestId);\n this._batches.push({ batch });\n }\n}\n",
|
|
31
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Cross-runtime gzip compression/decompression.\n *\n * The Python `vgi-rpc[http]` client now defaults to `Content-Encoding: gzip`\n * on every request, so every HTTP server in the framework must decode it.\n * We use the Web platform `DecompressionStream`/`CompressionStream` APIs,\n * which Bun, Node 18+, Deno, and Cloudflare workerd all expose.\n */\n\nasync function streamThrough(\n data: Uint8Array,\n transform: ReadableWritablePair<Uint8Array, BufferSource>,\n maxOutputSize?: number,\n): Promise<Uint8Array<ArrayBuffer>> {\n const ws = transform.writable.getWriter();\n const rs = transform.readable.getReader();\n // Copy into a freshly-allocated ArrayBuffer-backed view to satisfy TS lib\n // BufferSource narrowing (rules out SharedArrayBuffer-backed Uint8Array).\n const view = new Uint8Array(data.byteLength);\n view.set(data);\n const writePromise = (async () => {\n await ws.write(view as BufferSource);\n await ws.close();\n })();\n const chunks: Uint8Array[] = [];\n let total = 0;\n while (true) {\n const { value, done } = await rs.read();\n if (done) break;\n const chunk = value as Uint8Array;\n total += chunk.byteLength;\n if (maxOutputSize != null && total > maxOutputSize) {\n throw new Error(`gzip decompressed size (${total}) exceeds cap (${maxOutputSize})`);\n }\n chunks.push(chunk);\n }\n await writePromise;\n const out = new Uint8Array(total);\n let offset = 0;\n for (const c of chunks) {\n out.set(c, offset);\n offset += c.byteLength;\n }\n return out;\n}\n\n/**\n * Decompress gzip-encoded data, optionally bounded by `maxOutputSize`.\n *\n * The gzip footer's ISIZE field is mod 2^32 so it can't be trusted for a\n * pre-check — we bound output incrementally during streaming decode.\n */\nexport async function gzipDecompress(data: Uint8Array, maxOutputSize?: number): Promise<Uint8Array<ArrayBuffer>> {\n return streamThrough(data, new DecompressionStream(\"gzip\"), maxOutputSize);\n}\n\n/** Compress data with gzip. `level` is accepted for API parity with zstd but ignored — the Web API doesn't expose a level. */\nexport async function gzipCompress(data: Uint8Array, _level?: number): Promise<Uint8Array<ArrayBuffer>> {\n return streamThrough(data, new CompressionStream(\"gzip\"));\n}\n",
|
|
32
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n batchFromColumns,\n deserializeBatch,\n field,\n schema as makeSchema,\n timestampMicro,\n utf8,\n type VgiSchema,\n} from \"../arrow/index.js\";\nimport type { AuthContext } from \"../auth.js\";\nimport { DESCRIBE_METHOD_NAME, PROTOCOL_HASH_KEY, PROTOCOL_VERSION_KEY, RPC_ERROR_HEADER } from \"../constants.js\";\nimport { buildDescribeBatch } from \"../dispatch/describe.js\";\nimport { MethodNotImplementedError, ProtocolVersionError, parseProtocolVersion, SessionLostError } from \"../errors.js\";\nimport type { Protocol } from \"../protocol.js\";\nimport { type CallStatistics, type DispatchInfo, MethodType, type ServeStartHook, TransportKind } from \"../types.js\";\nimport { gzipCompress, gzipDecompress } from \"../util/gzip.js\";\nimport { randomBytes } from \"../util/web-crypto.js\";\nimport { isZstdCompressAvailable, zstdCompress, zstdDecompress } from \"../util/zstd.js\";\nimport { parseRequest } from \"../wire/request.js\";\nimport { buildErrorBatch } from \"../wire/response.js\";\nimport { buildWwwAuthenticateHeader, oauthResourceMetadataToJson, wellKnownPath } from \"./auth.js\";\nimport { chainAuthenticate } from \"./bearer.js\";\nimport {\n ARROW_CONTENT_TYPE,\n arrowResponse,\n ECHO_HEADER_PREFIX,\n HttpRpcError,\n readRequestFromBody as readRequestFromBodyImported,\n SESSION_ACCEPT_HEADER,\n SESSION_CLOSE_HEADER,\n SESSION_ENDPOINT,\n SESSION_HEADER,\n STICKY_DEFAULT_TTL_HEADER,\n STICKY_ECHO_HEADERS_HEADER,\n STICKY_ENABLED_HEADER,\n serializeIpcStream,\n} from \"./common.js\";\nimport {\n httpDispatchDescribe,\n httpDispatchStreamExchange,\n httpDispatchStreamInit,\n httpDispatchUnary,\n} from \"./dispatch.js\";\nimport {\n configureOAuthPkce,\n handleBrowserGetRedirect,\n handleEarlyReturnTo,\n handleOAuthCallback,\n handleOAuthLogout,\n handleOAuthTokenProxy,\n type OAuthPkceConfig,\n resolvePkceScope,\n} from \"./oauth-pkce.js\";\nimport { buildDescribePage, buildLandingPage, buildNotFoundPage } from \"./pages.js\";\nimport {\n makeDrainHandle,\n openSessionToken,\n SessionRegistry,\n type StickySink,\n sealSessionToken,\n sessionIdHex,\n sessionPrincipalKey,\n startSessionReaper,\n} from \"./sticky.js\";\nimport { computeAad } from \"./token.js\";\nimport { type HttpHandlerOptions, jsonStateSerializer } from \"./types.js\";\n\nconst EMPTY_SCHEMA: VgiSchema = makeSchema([]);\n\nconst EMPTY_COOKIES: ReadonlyMap<string, string> = new Map();\n\n/**\n * Parse the Cookie request header into a Map. Returns an empty map when\n * the header is absent.\n */\nfunction parseRequestCookies(request: Request): ReadonlyMap<string, string> {\n const header = request.headers.get(\"cookie\");\n if (!header) return EMPTY_COOKIES;\n const out = new Map<string, string>();\n for (const part of header.split(\";\")) {\n const pair = part.trim();\n if (!pair) continue;\n const eq = pair.indexOf(\"=\");\n if (eq < 0) continue;\n out.set(pair.slice(0, eq).trim(), pair.slice(eq + 1).trim());\n }\n return out;\n}\n\n/**\n * Create a fetch-compatible HTTP handler for a vgi-rpc Protocol.\n *\n * Compatible with Bun.serve(), Deno.serve(), Cloudflare Workers, and any\n * Web API runtime that uses the standard Request/Response types.\n *\n * @example\n * ```typescript\n * const handler = createHttpHandler(protocol);\n * Bun.serve({ port: 8080, fetch: handler });\n * ```\n */\nexport function createHttpHandler(\n protocol: Protocol,\n options?: HttpHandlerOptions,\n): (request: Request) => Response | Promise<Response> {\n const prefix = (options?.prefix ?? \"\").replace(/\\/+$/, \"\");\n const tokenKey = options?.tokenKey ?? randomBytes(32);\n const tokenTtl = options?.tokenTtl ?? 3600;\n const corsOrigins = options?.corsOrigins;\n const corsMaxAge = options?.corsMaxAge === undefined ? 7200 : options.corsMaxAge;\n const maxRequestBytes = options?.maxRequestBytes;\n // Bomb-cap on `Content-Encoding: zstd` decompression. Default to\n // 16x maxRequestBytes when the operator set one — generous for normal\n // Arrow IPC zstd ratios on legitimate payloads, tight enough that a\n // tiny compressed body cannot inflate to hundreds of MB. When\n // maxRequestBytes is unset the cap stays unbounded (operator-chosen,\n // explicit). Mirrors Python's make_wsgi_app default.\n const maxDecompressedRequestBytes =\n options?.maxDecompressedRequestBytes ??\n (options?.maxRequestBytes != null ? options.maxRequestBytes * 16 : undefined);\n // ``maxStreamResponseBytes`` was the producer-only soft cap. Keep it\n // distinct from ``maxResponseBytes`` (the new hard cap that also applies\n // to unary/exchange) — falling one through to the other would turn the\n // producer hack into an unintended hard cap on every response.\n const maxStreamResponseBytes = options?.maxStreamResponseBytes;\n const maxResponseBytes = options?.maxResponseBytes;\n const maxExternalizedResponseBytes = options?.maxExternalizedResponseBytes;\n const serverId = options?.serverId ?? crypto.randomUUID().replace(/-/g, \"\").slice(0, 12);\n\n let authenticate = options?.authenticate;\n const oauthMetadata = options?.oauthResourceMetadata;\n\n // PKCE setup: when both authenticate and oauthMetadata.clientId are present\n let pkceConfig: OAuthPkceConfig | null = null;\n if (authenticate && oauthMetadata?.clientId) {\n const resourceUrl = new URL(oauthMetadata.resource);\n const secureCookie = resourceUrl.protocol === \"https:\";\n const redirectUri = `${oauthMetadata.resource.replace(/\\/+$/, \"\")}${prefix}/_oauth/callback`;\n const issuer = oauthMetadata.authorizationServers[0];\n if (issuer) {\n const originalAuth = authenticate;\n pkceConfig = configureOAuthPkce(\n {\n signingKey: tokenKey,\n issuer,\n clientId: oauthMetadata.clientId,\n clientSecret: oauthMetadata.clientSecret,\n useIdToken: oauthMetadata.useIdTokenAsBearer,\n prefix,\n secureCookie,\n redirectUri,\n scope: resolvePkceScope(oauthMetadata.scopesSupported, options?.oauthPkceScope),\n allowedReturnOrigins: options?.allowedReturnOrigins,\n },\n originalAuth,\n );\n authenticate = chainAuthenticate(originalAuth, pkceConfig.cookieAuthenticate);\n }\n }\n\n const methods = protocol.getMethods();\n\n // Lazily compute the protocol hash once; it's the SHA-256 over the\n // canonical __describe__ payload and is derived from buildDescribeBatch's\n // metadata. Async because Web Crypto digests are async. Used to stamp\n // every dispatched access-log record with `protocol_hash`.\n let protocolHashPromise: Promise<string> | null = null;\n function getProtocolHash(): Promise<string> {\n if (!protocolHashPromise) {\n protocolHashPromise = buildDescribeBatch(\n protocol.name,\n methods,\n serverId,\n protocol.protocolVersion || undefined,\n ).then(({ metadata }) => metadata.get(PROTOCOL_HASH_KEY) ?? \"\");\n }\n return protocolHashPromise;\n }\n const protocolVersion = protocol.protocolVersion || options?.protocolVersion || \"\";\n\n // Dispatch-boundary protocol_version check, fires only when the Protocol\n // declares a `protocolVersion`. Mirrors Python's HTTP _app_unary /\n // _app_stream gate added after the dispatch-loop bypass was caught in\n // review. Throws ProtocolVersionError so the existing catch turns it into\n // a buffered error stream rather than a raw HTTP 500.\n function enforceProtocolVersion(reqBatchMeta: ReadonlyMap<string, string> | undefined): void {\n const parts = protocol.protocolVersionParts;\n if (parts === null) return;\n const serverVersion = protocol.protocolVersion;\n const clientVersion = reqBatchMeta?.get(PROTOCOL_VERSION_KEY);\n if (clientVersion === undefined) {\n throw new ProtocolVersionError(\n \"VGI client/worker protocol_version mismatch.\\n\" +\n \" Client: <not declared>\\n\" +\n ` Server: ${serverVersion}\\n` +\n \" Direction: the client did not send a vgi_rpc.protocol_version \" +\n \"metadata key. This is either a vgi-rpc framework bug or a \" +\n \"non-VGI client connecting to a VGI worker.\",\n );\n }\n let clientParts: readonly [number, number, number];\n try {\n clientParts = parseProtocolVersion(clientVersion);\n } catch {\n throw new ProtocolVersionError(\n \"VGI client/worker protocol_version mismatch.\\n\" +\n ` Client: ${clientVersion}\\n` +\n ` Server: ${serverVersion}\\n` +\n \" Direction: client sent a malformed protocol_version. \" +\n \"Expected canonical semver MAJOR.MINOR.PATCH.\",\n );\n }\n if (clientParts[0] === parts[0] && clientParts[1] === parts[1]) return;\n const clientOlder = clientParts[0] < parts[0] || (clientParts[0] === parts[0] && clientParts[1] < parts[1]);\n const direction = clientOlder\n ? `client is too old; upgrade the VGI extension/client to a version supporting protocol_version ${serverVersion}.`\n : `server is too old; upgrade the VGI worker to a version supporting protocol_version ${clientVersion}.`;\n throw new ProtocolVersionError(\n \"VGI client/worker protocol_version mismatch.\\n\" +\n ` Client: ${clientVersion}\\n` +\n ` Server: ${serverVersion}\\n` +\n ` Direction: ${direction}`,\n );\n }\n\n const compressionLevel = options?.compressionLevel;\n const stateSerializer = options?.stateSerializer ?? jsonStateSerializer;\n const dispatchHook = options?.dispatchHook;\n\n // Lazy on_serve_start firing — mirrors Python's middleware shape.\n // The bind is committed only after the hook returns successfully so a\n // transient failure on the first request leaves it un-fired and the\n // next request retries (matches Python 7b3999c). Multiple\n // simultaneous first-callers serialize on the in-flight promise.\n const onServeStart: ServeStartHook | null = options?.onServeStart ?? null;\n let serveStartFired = false;\n let serveStartInFlight: Promise<void> | null = null;\n // The transport kind reported to access-log + dispatch hooks. Default\n // to HTTP; the launcher path (createUnixHandler) overrides this in a\n // future commit.\n const transportKind: TransportKind =\n (options as { _transportKind?: TransportKind })?._transportKind ?? TransportKind.HTTP;\n async function notifyTransport(kind: TransportKind): Promise<void> {\n if (serveStartFired) return;\n if (serveStartInFlight) {\n await serveStartInFlight;\n return;\n }\n if (!onServeStart) {\n serveStartFired = true;\n return;\n }\n serveStartInFlight = (async () => {\n try {\n await onServeStart(kind);\n serveStartFired = true;\n } finally {\n serveStartInFlight = null;\n }\n })();\n await serveStartInFlight;\n }\n\n // HTML page configuration\n const enableLandingPage = options?.enableLandingPage ?? true;\n const enableDescribePage = options?.enableDescribePage ?? true;\n const enableNotFoundPage = options?.enableNotFoundPage ?? true;\n const displayName = options?.protocolName ?? protocol.name;\n const repoUrl = options?.repositoryUrl ?? null;\n\n // Pre-render HTML pages for zero per-request overhead\n let landingHtml = enableLandingPage\n ? buildLandingPage(displayName, serverId, enableDescribePage ? `${prefix}/describe` : null, repoUrl)\n : null;\n let describeHtml = enableDescribePage ? buildDescribePage(displayName, serverId, methods, repoUrl) : null;\n const notFoundHtml = enableNotFoundPage ? buildNotFoundPage(prefix, displayName) : null;\n\n // Inject user-info HTML snippet when PKCE is active\n if (pkceConfig) {\n const snippet = pkceConfig.userInfoHtml;\n if (landingHtml) {\n landingHtml = landingHtml.replace(\"</body>\", `${snippet}\\n</body>`);\n }\n if (describeHtml) {\n describeHtml = describeHtml.replace(\"</body>\", `${snippet}\\n</body>`);\n }\n }\n\n const externalLocation = options?.externalLocation;\n const uploadUrlProvider = options?.uploadUrlProvider;\n const maxUploadBytes = options?.maxUploadBytes;\n\n // Pre-built response schema for the synthetic __upload_url__ endpoint.\n const UPLOAD_URL_RESPONSE_SCHEMA = makeSchema([\n field(\"upload_url\", utf8(), false),\n field(\"download_url\", utf8(), false),\n field(\"expires_at\", timestampMicro(\"UTC\"), false),\n ]);\n const UPLOAD_URL_METHOD = \"__upload_url__\";\n const MAX_UPLOAD_URL_COUNT = 100;\n\n // -------- Sticky session machinery --------\n const stickyEnabled = options?.enableSticky === true;\n const stickyDefaultTtl = options?.stickyDefaultTtl ?? 300;\n // Frozen snapshot so per-response emission doesn't re-read a mutable\n // operator dict mid-request.\n const stickyEchoHeadersArr: Array<[string, string]> = stickyEnabled\n ? Object.entries(options?.stickyEchoHeaders ?? {})\n : [];\n const sessionRegistry = stickyEnabled ? new SessionRegistry(stickyDefaultTtl) : null;\n // Reaper interval is unref'd (won't block process exit) but is still a live\n // resource — `DrainHandle.shutdown()` clears it via this stop fn so callers\n // that drain explicitly (tests, worker-exit hooks) don't leak the interval.\n const stopReaper = sessionRegistry ? startSessionReaper(sessionRegistry) : null;\n if (options?._onStickyHandle && sessionRegistry) {\n options._onStickyHandle(makeDrainHandle(sessionRegistry, stopReaper ?? undefined));\n }\n\n // Encodings the server can produce on the response side. Mirrors\n // Python's `VGI-Supported-Encodings` header from `_codec.py`.\n // `compressionLevel` gates response compression overall; zstd is only\n // advertised when the runtime can actually encode it (Bun, Node ≥22.15,\n // Deno ≥2.6.9 — workerd lacks an encoder). gzip is always available via\n // Web `CompressionStream`.\n const supportedResponseEncodings: string[] = [];\n const zstdResponseAvailable = compressionLevel != null && isZstdCompressAvailable();\n if (zstdResponseAvailable) {\n supportedResponseEncodings.push(\"zstd\");\n }\n if (compressionLevel != null) {\n supportedResponseEncodings.push(\"gzip\");\n }\n\n /** Append capability headers (advertised on every response when configured). */\n function addCapabilityHeaders(headers: Headers, isOptions = false): void {\n if (supportedResponseEncodings.length) {\n headers.set(\"VGI-Supported-Encodings\", supportedResponseEncodings.join(\", \"));\n }\n if (maxRequestBytes != null) {\n headers.set(\"VGI-Max-Request-Bytes\", String(maxRequestBytes));\n }\n if (maxResponseBytes != null) {\n headers.set(\"VGI-Max-Response-Bytes\", String(maxResponseBytes));\n }\n if (maxExternalizedResponseBytes != null) {\n headers.set(\"VGI-Max-Externalized-Response-Bytes\", String(maxExternalizedResponseBytes));\n }\n // Always present so capability-aware clients can decide whether to\n // expect externalised payloads.\n headers.set(\"VGI-Externalization-Enabled\", externalLocation?.storage ? \"true\" : \"false\");\n if (uploadUrlProvider) {\n headers.set(\"VGI-Upload-URL-Support\", \"true\");\n if (maxUploadBytes != null) {\n headers.set(\"VGI-Max-Upload-Bytes\", String(maxUploadBytes));\n }\n }\n if (stickyEnabled) {\n headers.set(STICKY_ENABLED_HEADER, \"true\");\n headers.set(STICKY_DEFAULT_TTL_HEADER, String(Math.floor(stickyDefaultTtl)));\n if (stickyEchoHeadersArr.length > 0) {\n headers.set(STICKY_ECHO_HEADERS_HEADER, stickyEchoHeadersArr.map(([k]) => k).join(\", \"));\n }\n }\n if (isOptions && (maxRequestBytes != null || uploadUrlProvider || stickyEnabled)) {\n // Match Python: cache discovery results for 5 minutes.\n if (!headers.has(\"Cache-Control\")) {\n headers.set(\"Cache-Control\", \"public, max-age=300\");\n }\n }\n }\n\n // ctx is built per-request to include authContext; base fields set here\n const baseCtx = {\n tokenKey,\n tokenTtl,\n serverId,\n maxStreamResponseBytes,\n maxResponseBytes,\n maxExternalizedResponseBytes,\n stateSerializer,\n externalLocation,\n kind: transportKind,\n };\n\n function addCorsHeaders(headers: Headers, isOptions = false, requestedHeaders?: string | null): void {\n if (corsOrigins) {\n headers.set(\"Access-Control-Allow-Origin\", corsOrigins);\n headers.set(\"Access-Control-Allow-Methods\", \"POST, OPTIONS\");\n // Reflect the preflight's requested headers so clients may send custom\n // VGI request headers (e.g. x-vgi-accept-encoding, VGI-Session) without a\n // hard-coded allow-list. Mirrors the Python framework, whose preflight\n // echoes Access-Control-Request-Headers. Falls back to the common pair.\n headers.set(\n \"Access-Control-Allow-Headers\",\n requestedHeaders && requestedHeaders.length > 0 ? requestedHeaders : \"Content-Type, Authorization\",\n );\n headers.set(\n \"Access-Control-Expose-Headers\",\n `WWW-Authenticate, X-Request-ID, X-VGI-Content-Encoding, ${RPC_ERROR_HEADER}, VGI-Max-Response-Bytes, VGI-Max-Externalized-Response-Bytes, VGI-Externalization-Enabled`,\n );\n if (isOptions && corsMaxAge != null) {\n headers.set(\"Access-Control-Max-Age\", String(corsMaxAge));\n }\n }\n }\n\n async function compressIfAccepted(\n response: Response,\n clientAcceptsZstd: boolean,\n clientAcceptsGzip: boolean,\n ): Promise<Response> {\n if (compressionLevel == null) return response;\n // Honour client preference: zstd preferred over gzip when the runtime\n // can actually produce zstd. Fall through to gzip otherwise.\n const codec = clientAcceptsZstd && zstdResponseAvailable ? \"zstd\" : clientAcceptsGzip ? \"gzip\" : null;\n if (!codec) return response;\n const responseBody = new Uint8Array(await response.arrayBuffer());\n const compressed =\n codec === \"zstd\" ? await zstdCompress(responseBody, compressionLevel) : await gzipCompress(responseBody);\n const headers = new Headers(response.headers);\n headers.set(\"Content-Encoding\", codec);\n return new Response(compressed as unknown as BodyInit, {\n status: response.status,\n headers,\n });\n }\n\n function makeErrorResponse(error: Error, statusCode: number, schema: VgiSchema = EMPTY_SCHEMA): Response {\n const errBatch = buildErrorBatch(schema, error, serverId, null);\n const body = serializeIpcStream(schema, [errBatch]);\n const resp = arrowResponse(body, statusCode);\n addCorsHeaders(resp.headers);\n return resp;\n }\n\n const enableHealthEndpoint = options?.enableHealthEndpoint ?? true;\n const healthPath = `${prefix}/health`;\n const healthBody = enableHealthEndpoint\n ? JSON.stringify({ status: \"ok\", server_id: serverId, protocol: displayName })\n : null;\n\n return async function handler(request: Request): Promise<Response> {\n const url = new URL(request.url);\n const path = url.pathname;\n\n // OAuth token-exchange proxy — exempt from auth (it's the mechanism by\n // which a client *gets* an auth token). Handled before the global OPTIONS\n // catch-all so the proxy can apply its own Origin-allowlist CORS.\n if (\n pkceConfig &&\n path === `${prefix}/_oauth/token` &&\n (request.method === \"POST\" || request.method === \"OPTIONS\")\n ) {\n return handleOAuthTokenProxy(request, pkceConfig);\n }\n\n // Health endpoint — exempt from authentication so orchestrators / load\n // balancers can probe even when every RPC endpoint requires auth.\n if (healthBody !== null && request.method === \"GET\" && path === healthPath) {\n const headers = new Headers({ \"Content-Type\": \"application/json\" });\n addCorsHeaders(headers);\n addCapabilityHeaders(headers);\n return new Response(healthBody, { status: 200, headers });\n }\n\n // Well-known endpoint: RFC 9728 OAuth Protected Resource Metadata\n if (oauthMetadata && path === wellKnownPath(prefix)) {\n if (request.method !== \"GET\") {\n return new Response(\"Method Not Allowed\", { status: 405 });\n }\n const metaJson = oauthResourceMetadataToJson(oauthMetadata);\n // When PKCE + a server-side client_secret are configured, advertise the\n // token-proxy URL so SPA PKCE clients can complete token exchanges\n // without holding the secret themselves.\n if (pkceConfig && oauthMetadata.clientSecret) {\n const resourceUrl = new URL(oauthMetadata.resource);\n metaJson.token_endpoint = `${resourceUrl.protocol}//${resourceUrl.host}${prefix}/_oauth/token`;\n }\n const body = JSON.stringify(metaJson);\n const headers = new Headers({\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": \"public, max-age=60\",\n });\n addCorsHeaders(headers);\n return new Response(body, { status: 200, headers });\n }\n\n // CORS preflight + capability discovery\n if (request.method === \"OPTIONS\") {\n const headers = new Headers();\n addCorsHeaders(headers, true, request.headers.get(\"Access-Control-Request-Headers\"));\n addCapabilityHeaders(headers, true);\n // Always answer OPTIONS so capability discovery via OPTIONS /health (or\n // any other path) works even when CORS isn't enabled. Falls back to\n // 405 only if no capability/CORS configuration exists.\n if (\n corsOrigins ||\n maxRequestBytes != null ||\n maxResponseBytes != null ||\n maxExternalizedResponseBytes != null ||\n uploadUrlProvider ||\n stickyEnabled ||\n path === `${prefix}/__capabilities__`\n ) {\n return new Response(null, { status: 204, headers });\n }\n return new Response(null, { status: 405 });\n }\n\n // HTML pages for GET requests\n if (request.method === \"GET\") {\n // OAuth callback and logout routes (exempt from auth)\n if (pkceConfig) {\n if (path === `${prefix}/_oauth/callback`) {\n return handleOAuthCallback(request, pkceConfig);\n }\n if (path === `${prefix}/_oauth/logout`) {\n return handleOAuthLogout(request, pkceConfig);\n }\n\n // Early return-to redirect for already-authenticated users\n const earlyRedirect = handleEarlyReturnTo(request, pkceConfig);\n if (earlyRedirect) return earlyRedirect;\n }\n\n // If authenticate is configured, try to authenticate GET requests for pages\n // On auth failure with PKCE, redirect browsers to OAuth instead of 401\n if (authenticate && pkceConfig) {\n try {\n await authenticate(request);\n } catch {\n // Auth failed — redirect browser GETs to OAuth authorization\n const redirect = await handleBrowserGetRedirect(request, pkceConfig);\n if (redirect) return redirect;\n // Not a browser or OIDC discovery failed — fall through to normal page serving\n }\n }\n\n // Landing page: GET {prefix}/ or GET {prefix}\n if (landingHtml && (path === prefix || path === `${prefix}/`)) {\n const headers = new Headers({ \"Content-Type\": \"text/html; charset=utf-8\" });\n addCorsHeaders(headers);\n return new Response(landingHtml, { status: 200, headers });\n }\n\n // Describe page: GET {prefix}/describe\n if (describeHtml && path === `${prefix}/describe`) {\n const headers = new Headers({ \"Content-Type\": \"text/html; charset=utf-8\" });\n addCorsHeaders(headers);\n return new Response(describeHtml, { status: 200, headers });\n }\n\n // 404 page for any other GET\n if (notFoundHtml) {\n const headers = new Headers({ \"Content-Type\": \"text/html; charset=utf-8\" });\n addCorsHeaders(headers);\n return new Response(notFoundHtml, { status: 404, headers });\n }\n\n return new Response(\"Not Found\", { status: 404 });\n }\n\n // DELETE {prefix}/__session__ — idempotent sticky-session teardown.\n // Mirrors Python's `_SessionResource.on_delete`: missing token /\n // malformed / wrong server_id / wrong principal / registry miss all\n // return 200 (so the endpoint cannot be used to probe for live\n // sessions); a successful close returns 204 + VGI-Session-Close: true.\n if (request.method === \"DELETE\" && stickyEnabled && sessionRegistry && path === `${prefix}/${SESSION_ENDPOINT}`) {\n const headers = new Headers();\n addCorsHeaders(headers);\n addCapabilityHeaders(headers);\n const tokenHeader = (request.headers.get(SESSION_HEADER) ?? \"\").trim();\n if (!tokenHeader) {\n return new Response(null, { status: 200, headers });\n }\n // Optional auth — re-uses the same authenticate path so principal\n // binding is consistent with the dispatch flow. AAD uses only the\n // authenticated principal (matching `computeAad` in `token.ts`);\n // the registry's principalKey compounds domain+principal as\n // defense-in-depth.\n let principalKey = sessionPrincipalKey(false, null, null);\n let aadPrincipal: string | null = null;\n if (authenticate) {\n try {\n const auth = await authenticate(request);\n if (auth?.authenticated) {\n aadPrincipal = auth.principal ?? \"\";\n principalKey = sessionPrincipalKey(true, auth.domain, auth.principal);\n }\n } catch {\n // Anonymous principal — stale / forged tokens already won't\n // decrypt under a real principal's AAD, so the auth failure\n // here is harmless; treat as anonymous and let the next steps\n // 200 out idempotently.\n }\n }\n const aad = computeAad(aadPrincipal);\n let opened: { serverId: string; sessionId: Uint8Array };\n try {\n opened = openSessionToken(tokenHeader, tokenKey, aad);\n } catch {\n return new Response(null, { status: 200, headers });\n }\n if (opened.serverId !== serverId) {\n return new Response(null, { status: 200, headers });\n }\n const entry = sessionRegistry.get(opened.sessionId, principalKey);\n if (!entry) {\n return new Response(null, { status: 200, headers });\n }\n const release = await entry.lock.acquire();\n try {\n sessionRegistry.close(opened.sessionId);\n } finally {\n release();\n }\n headers.set(SESSION_CLOSE_HEADER, \"true\");\n return new Response(null, { status: 204, headers });\n }\n\n if (request.method !== \"POST\") {\n return new Response(\"Method Not Allowed\", { status: 405 });\n }\n\n // Build per-request dispatch context\n const ctx = { ...baseCtx, cookies: parseRequestCookies(request) } as typeof baseCtx & {\n authContext?: AuthContext;\n cookies: ReadonlyMap<string, string>;\n stickyContext?: StickySink;\n };\n\n // Authentication — run before content-type validation so unauthenticated\n // requests get 401 regardless of body shape.\n if (authenticate) {\n try {\n ctx.authContext = await authenticate(request);\n } catch (error: any) {\n const headers = new Headers({ \"Content-Type\": \"text/plain\" });\n addCorsHeaders(headers);\n if (oauthMetadata) {\n const metadataUrl = new URL(request.url);\n metadataUrl.pathname = wellKnownPath(prefix);\n metadataUrl.search = \"\";\n headers.set(\n \"WWW-Authenticate\",\n buildWwwAuthenticateHeader(\n metadataUrl.toString(),\n oauthMetadata.clientId,\n oauthMetadata.clientSecret,\n oauthMetadata.useIdTokenAsBearer,\n oauthMetadata.deviceCodeClientId,\n oauthMetadata.deviceCodeClientSecret,\n ),\n );\n }\n return new Response(error.message || \"Unauthorized\", { status: 401, headers });\n }\n }\n\n // Hoisted ahead of sticky resolution so the SessionLost path's\n // `compressIfAccepted` call can see them.\n const acceptEncodingEarly = (request.headers.get(\"Accept-Encoding\") ?? \"\").toLowerCase();\n const clientAcceptsZstdEarly = acceptEncodingEarly.includes(\"zstd\");\n const clientAcceptsGzipEarly = acceptEncodingEarly.includes(\"gzip\");\n\n // -------- Sticky session resolution --------\n // Mirrors `_StickyMiddleware.process_request` in Python: read\n // VGI-Session-Accept + VGI-Session, decrypt the token (AAD-bound to\n // the request's principal), look up the registry entry, and acquire\n // the per-session lock so concurrent calls on the same session\n // serialize. On any failure we surface a typed SessionLostError as\n // a 500 + EXCEPTION-batch response (the same wire shape a\n // dispatch-time throw would produce).\n let stickyLockRelease: (() => void) | null = null;\n let stickySink: StickySink | null = null;\n if (stickyEnabled && sessionRegistry) {\n const auth = ctx.authContext;\n const aadPrincipal = auth?.authenticated ? (auth.principal ?? \"\") : null;\n const principalKey = sessionPrincipalKey(!!auth?.authenticated, auth?.domain, auth?.principal);\n const aad = computeAad(aadPrincipal);\n const acceptOpens = (request.headers.get(SESSION_ACCEPT_HEADER) ?? \"\").trim().toLowerCase() === \"true\";\n const sessionHeader = (request.headers.get(SESSION_HEADER) ?? \"\").trim();\n\n let resumeState: unknown | null = null;\n let resumeSessionId: string | null = null;\n\n if (sessionHeader) {\n let opened: { serverId: string; sessionId: Uint8Array };\n try {\n opened = openSessionToken(sessionHeader, tokenKey, aad);\n if (opened.serverId !== serverId) {\n throw new SessionLostError(\"session token was issued by a different worker (server_id mismatch)\");\n }\n } catch (err) {\n // Wrong-AAD / wrong-key / malformed → SessionLostError.\n const e = err instanceof Error ? err : new Error(String(err));\n const r = makeErrorResponse(e, 500);\n addCapabilityHeaders(r.headers);\n return compressIfAccepted(r, clientAcceptsZstdEarly, clientAcceptsGzipEarly);\n }\n const entry = sessionRegistry.get(opened.sessionId, principalKey);\n if (!entry) {\n const r = makeErrorResponse(new SessionLostError(\"session not found, expired, or principal mismatch\"), 500);\n addCapabilityHeaders(r.headers);\n return compressIfAccepted(r, clientAcceptsZstdEarly, clientAcceptsGzipEarly);\n }\n stickyLockRelease = await entry.lock.acquire();\n resumeState = entry.state;\n resumeSessionId = sessionIdHex(opened.sessionId);\n }\n\n // Build the sink. Captures `principalKey` and `aad` so `_open`\n // can register a new entry and mint a token bound to the same\n // principal as the request.\n const sink: StickySink = {\n acceptOpens,\n state: resumeState,\n sessionId: resumeSessionId,\n mintToken: null,\n closed: false,\n action: sessionHeader ? \"resume\" : \"none\",\n _open(state: unknown, ttl?: number) {\n const { sessionId, expiresAt } = sessionRegistry!.open(state, ttl, principalKey);\n sink.sessionId = sessionIdHex(sessionId);\n sink.state = state;\n sink.mintToken = sealSessionToken(serverId, sessionId, expiresAt, tokenKey, aad);\n },\n _close() {\n if (sink.closed) return;\n const sid = sink.sessionId;\n if (!sid) return;\n // Decode hex back to bytes for registry lookup.\n const bytes = new Uint8Array(sid.length / 2);\n for (let i = 0; i < bytes.length; i++) bytes[i] = parseInt(sid.slice(i * 2, i * 2 + 2), 16);\n // Release the lock before close so the resource isn't held\n // while close() runs.\n if (stickyLockRelease) {\n stickyLockRelease();\n stickyLockRelease = null;\n }\n sessionRegistry!.close(bytes);\n sink.state = null;\n sink.closed = true;\n },\n };\n stickySink = sink;\n ctx.stickyContext = sink;\n }\n\n // Validate Content-Type\n const contentType = request.headers.get(\"Content-Type\");\n if (!contentType || !contentType.includes(ARROW_CONTENT_TYPE)) {\n if (stickyLockRelease) stickyLockRelease();\n return new Response(`Unsupported Media Type: expected ${ARROW_CONTENT_TYPE}`, { status: 415 });\n }\n\n // Check request body size (exempt the upload-URL and health endpoints —\n // their payloads are intrinsically tiny, and __upload_url__ exists\n // precisely to escape this limit).\n const exemptFromMaxBytes =\n path === healthPath || path === `${prefix}/${UPLOAD_URL_METHOD}/init` || path === `${prefix}/__capabilities__`;\n if (maxRequestBytes != null && !exemptFromMaxBytes) {\n const contentLength = request.headers.get(\"Content-Length\");\n if (contentLength && parseInt(contentLength, 10) > maxRequestBytes) {\n return new Response(\"Request body too large\", { status: 413 });\n }\n }\n\n const clientAcceptsZstd = clientAcceptsZstdEarly;\n const clientAcceptsGzip = clientAcceptsGzipEarly;\n\n // Read body, decompressing if needed\n let body = new Uint8Array(await request.arrayBuffer());\n if (maxRequestBytes != null && !exemptFromMaxBytes && body.byteLength > maxRequestBytes) {\n return new Response(\"Request body too large\", { status: 413 });\n }\n const contentEncoding = (request.headers.get(\"Content-Encoding\") ?? \"\").trim().toLowerCase();\n if (contentEncoding === \"zstd\" || contentEncoding === \"gzip\") {\n try {\n body =\n contentEncoding === \"zstd\"\n ? await zstdDecompress(body, maxDecompressedRequestBytes)\n : await gzipDecompress(body, maxDecompressedRequestBytes);\n } catch (error: any) {\n // Decompression-bomb refusal surfaces as 413 (the wire-cap\n // sibling of maxRequestBytes); other decode errors are 400.\n const message = error?.message ?? `${contentEncoding} decompression failed`;\n const status = message.includes(\"exceed\") || message.includes(\"cap\") ? 413 : 400;\n const headers = new Headers({ \"Content-Type\": \"text/plain\" });\n addCorsHeaders(headers);\n addCapabilityHeaders(headers);\n return new Response(message, { status, headers });\n }\n } else if (contentEncoding) {\n const headers = new Headers({ \"Content-Type\": \"text/plain\" });\n addCorsHeaders(headers);\n addCapabilityHeaders(headers);\n return new Response(`Unsupported Content-Encoding: ${contentEncoding}`, { status: 415, headers });\n }\n\n // Route: {prefix}/__upload_url__/init — vend pre-signed upload URL pairs\n if (path === `${prefix}/${UPLOAD_URL_METHOD}/init`) {\n if (!uploadUrlProvider) {\n return new Response(\"Not Found\", { status: 404 });\n }\n try {\n const { schema: reqSchema, batch: reqBatch } = await readRequestFromBodyImported(body);\n const parsed = parseRequest(reqSchema, reqBatch);\n if (parsed.methodName !== UPLOAD_URL_METHOD) {\n throw new HttpRpcError(\n `Method name in request '${parsed.methodName}' does not match URL '${UPLOAD_URL_METHOD}'`,\n 400,\n );\n }\n const rawCount = parsed.params.count;\n let count = typeof rawCount === \"bigint\" ? Number(rawCount) : Number(rawCount ?? 1);\n if (!Number.isFinite(count) || count < 1) count = 1;\n if (count > MAX_UPLOAD_URL_COUNT) count = MAX_UPLOAD_URL_COUNT;\n\n const urls: { uploadUrl: string; downloadUrl: string; expiresAt: Date }[] = [];\n for (let i = 0; i < count; i++) {\n urls.push(await uploadUrlProvider.generateUploadUrl());\n }\n\n // Timestamp(MICROSECOND) — arrow-js's `setTimestampMicrosecond`\n // visitor internally does `BigInt(value * 1000)`, so we have to\n // pass a Number of milliseconds. Passing a BigInt of microseconds\n // would trip \"Invalid mix of BigInt and other type in\n // multiplication\". The Date.getTime() ms value fits in Number\n // safely for the next ~285k years.\n const expiresAt = urls.map((u) => u.expiresAt.getTime());\n const resultBatch = batchFromColumns(UPLOAD_URL_RESPONSE_SCHEMA, {\n upload_url: urls.map((u) => u.uploadUrl),\n download_url: urls.map((u) => u.downloadUrl),\n expires_at: expiresAt,\n });\n const responseBody = serializeIpcStream(UPLOAD_URL_RESPONSE_SCHEMA, [resultBatch]);\n const response = arrowResponse(responseBody);\n addCorsHeaders(response.headers);\n addCapabilityHeaders(response.headers);\n return compressIfAccepted(response, clientAcceptsZstd, clientAcceptsGzip);\n } catch (error: any) {\n if (error instanceof HttpRpcError) {\n const r = makeErrorResponse(error, error.statusCode, UPLOAD_URL_RESPONSE_SCHEMA);\n addCapabilityHeaders(r.headers);\n return compressIfAccepted(r, clientAcceptsZstd, clientAcceptsGzip);\n }\n const r = makeErrorResponse(error, 500, UPLOAD_URL_RESPONSE_SCHEMA);\n addCapabilityHeaders(r.headers);\n return compressIfAccepted(r, clientAcceptsZstd, clientAcceptsGzip);\n }\n }\n\n // Route: {prefix}/__describe__\n if (path === `${prefix}/${DESCRIBE_METHOD_NAME}`) {\n try {\n const response = await httpDispatchDescribe(\n protocol.name,\n methods,\n serverId,\n protocol.protocolVersion || undefined,\n );\n addCorsHeaders(response.headers);\n return compressIfAccepted(response, clientAcceptsZstd, clientAcceptsGzip);\n } catch (error: any) {\n return compressIfAccepted(makeErrorResponse(error, 500), clientAcceptsZstd, clientAcceptsGzip);\n }\n }\n\n // Parse method name and sub-path from URL\n if (!path.startsWith(`${prefix}/`)) {\n return new Response(\"Not Found\", { status: 404 });\n }\n\n const subPath = path.slice(prefix.length + 1);\n let methodName: string;\n let action: \"call\" | \"init\" | \"exchange\";\n\n if (subPath.endsWith(\"/init\")) {\n methodName = subPath.slice(0, -5);\n action = \"init\";\n } else if (subPath.endsWith(\"/exchange\")) {\n methodName = subPath.slice(0, -9);\n action = \"exchange\";\n } else {\n methodName = subPath;\n action = \"call\";\n }\n\n // Look up method\n const method = methods.get(methodName);\n if (!method) {\n const available = [...methods.keys()].sort();\n const err = new MethodNotImplementedError(\n `Unknown method: '${methodName}'. Available methods: [${available.join(\", \")}]`,\n );\n return compressIfAccepted(makeErrorResponse(err, 404), clientAcceptsZstd, clientAcceptsGzip);\n }\n\n // Application-protocol-version gate (HTTP dispatch path). Fires only\n // when the Protocol declared a `protocolVersion`, on unary calls and\n // stream init. `/exchange` continuations skip the gate — the Python\n // client (and parity TS client) only emits `vgi_rpc.protocol_version`\n // on the dispatch-entry request, not on follow-up exchange batches.\n // `__describe__` is exempt — diagnostic path for mismatched clients to\n // discover the server's version. Mirrors Python's _app_unary /\n // _app_stream gate.\n if (protocol.protocolVersionParts !== null && methodName !== DESCRIBE_METHOD_NAME && action !== \"exchange\") {\n try {\n // Peek at request batch metadata without consuming the body — the\n // dispatch helpers re-deserialize. Cost is one extra deserialize\n // per protocol-versioned dispatch; acceptable for a typed gate.\n let reqMeta: ReadonlyMap<string, string> | undefined;\n try {\n const peeked = deserializeBatch(body);\n reqMeta = peeked.metadata ?? undefined;\n } catch {\n // Malformed body — fall through to the dispatch helper, which\n // will surface the parse error properly.\n }\n enforceProtocolVersion(reqMeta);\n } catch (exc) {\n const errSchema = method.type === MethodType.UNARY ? method.resultSchema : EMPTY_SCHEMA;\n const errBatch = buildErrorBatch(errSchema, exc as Error, serverId, null);\n const errBody = serializeIpcStream(errSchema, [errBatch]);\n const response = arrowResponse(errBody, 400);\n addCorsHeaders(response.headers);\n addCapabilityHeaders(response.headers);\n return compressIfAccepted(response, clientAcceptsZstd, clientAcceptsGzip);\n }\n }\n\n // Fire on_serve_start lazily (idempotent on success). A failure here\n // propagates as a 500 to the client, leaves the bind un-fired, and\n // the next request retries.\n await notifyTransport(transportKind);\n\n const methodType = method.type === MethodType.UNARY ? \"unary\" : \"stream\";\n const protocolHash = await getProtocolHash();\n const auth = ctx.authContext;\n const info: DispatchInfo = {\n method: methodName,\n methodType,\n serverId,\n requestId: null,\n protocol: protocol.name,\n protocolHash,\n protocolVersion,\n kind: transportKind,\n principal: auth?.principal ?? \"\",\n authDomain: auth?.domain ?? \"\",\n authenticated: auth?.authenticated ?? false,\n // Self-contained Arrow IPC stream of the request batch — the body\n // we already buffered. Best-effort: the access-log can still emit\n // even if we couldn't capture it.\n requestData: action === \"call\" ? body : undefined,\n };\n const stats: CallStatistics = {\n inputBatches: 0,\n outputBatches: 0,\n inputRows: 0,\n outputRows: 0,\n inputBytes: 0,\n outputBytes: 0,\n };\n\n const hookToken = dispatchHook?.onDispatchStart(info);\n let dispatchError: Error | undefined;\n\n try {\n let response: Response;\n\n if (action === \"call\") {\n if (method.type !== MethodType.UNARY) {\n throw new HttpRpcError(`Method '${methodName}' is a stream method. Use /init and /exchange endpoints.`, 400);\n }\n response = await httpDispatchUnary(method, body, ctx);\n } else if (action === \"init\") {\n if (method.type !== MethodType.STREAM) {\n throw new HttpRpcError(\n `Method '${methodName}' is a unary method. Use POST ${prefix}/${methodName} instead.`,\n 400,\n );\n }\n response = await httpDispatchStreamInit(method, body, ctx);\n } else {\n if (method.type !== MethodType.STREAM) {\n throw new HttpRpcError(\n `Method '${methodName}' is a unary method. Use POST ${prefix}/${methodName} instead.`,\n 400,\n );\n }\n response = await httpDispatchStreamExchange(method, body, ctx);\n }\n\n // Check if the dispatch function caught an error internally\n const internalError = (response as any).__dispatchError;\n if (internalError) {\n dispatchError = internalError instanceof Error ? internalError : new Error(String(internalError));\n }\n addCorsHeaders(response.headers);\n addCapabilityHeaders(response.headers);\n applyStickyResponseHeaders(response.headers, stickySink);\n return compressIfAccepted(response, clientAcceptsZstd, clientAcceptsGzip);\n } catch (error: any) {\n dispatchError = error instanceof Error ? error : new Error(String(error));\n if (error instanceof HttpRpcError) {\n const r = makeErrorResponse(error, error.statusCode);\n addCapabilityHeaders(r.headers);\n applyStickyResponseHeaders(r.headers, stickySink);\n return compressIfAccepted(r, clientAcceptsZstd, clientAcceptsGzip);\n }\n const r = makeErrorResponse(error, 500);\n addCapabilityHeaders(r.headers);\n applyStickyResponseHeaders(r.headers, stickySink);\n return compressIfAccepted(r, clientAcceptsZstd, clientAcceptsGzip);\n } finally {\n // Surface sticky lifecycle on the access log.\n if (stickySink) {\n if (stickySink.sessionId) info.sessionId = stickySink.sessionId;\n info.sessionAction = stickySink.action;\n }\n dispatchHook?.onDispatchEnd(hookToken, info, stats, dispatchError);\n // Release the per-session lock if dispatch held it and the handler\n // didn't already release it via close_session.\n if (stickyLockRelease) {\n try {\n stickyLockRelease();\n } catch {\n // ignore — mutex release is best-effort\n }\n stickyLockRelease = null;\n }\n }\n };\n\n /** Emit sticky-session response headers based on the sink's per-request state. */\n function applyStickyResponseHeaders(headers: Headers, sink: StickySink | null): void {\n if (!sink) return;\n if (sink.mintToken !== null) {\n headers.set(SESSION_HEADER, sink.mintToken);\n // Echo headers — emitted only on the session-opening response. The\n // client captures `VGI-Echo-<name>` and replays `<name>` for the\n // remainder of the session view.\n for (const [name, value] of stickyEchoHeadersArr) {\n headers.set(`${ECHO_HEADER_PREFIX}${name}`, value);\n }\n }\n if (sink.closed) {\n headers.set(SESSION_CLOSE_HEADER, \"true\");\n }\n }\n}\n",
|
|
33
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n isDate,\n isDecimal,\n isDictionary,\n isDuration,\n isFixedSizeBinary,\n isLargeBinary,\n isLargeUtf8,\n isTime,\n isTimestamp,\n type VgiDataType,\n} from \"../arrow/index.js\";\n\n/**\n * Arrow types whose `.get(0)` / `vectorFromArray` round-trips are unreliable\n * in arrow-js. For these we extract and re-emit the underlying `Data` object\n * directly (passthrough), like we already do for Map_.\n *\n * Covers Date/Time/Timestamp/Duration/Decimal/LargeUtf8/LargeBinary/\n * FixedSizeBinary/Dictionary.\n */\nexport function isOpaquePassthroughType(type: VgiDataType): boolean {\n return (\n isDate(type) ||\n isTime(type) ||\n isTimestamp(type) ||\n isDuration(type) ||\n isDecimal(type) ||\n isLargeUtf8(type) ||\n isLargeBinary(type) ||\n isFixedSizeBinary(type) ||\n isDictionary(type)\n );\n}\n",
|
|
34
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { backend, isMap, type VgiBatch, type VgiSchema } from \"../arrow/index.js\";\nimport { REQUEST_ID_KEY, REQUEST_VERSION, REQUEST_VERSION_KEY, RPC_METHOD_KEY } from \"../constants.js\";\nimport { RpcError, VersionError } from \"../errors.js\";\nimport { isOpaquePassthroughType } from \"./opaque.js\";\n\nexport interface ParsedRequest {\n methodName: string;\n requestVersion: string;\n requestId: string | null;\n schema: VgiSchema;\n params: Record<string, any>;\n rawMetadata: Map<string, string>;\n}\n\n/**\n * Parse a request from a RecordBatch with metadata.\n * Extracts method name, version, and params from the batch.\n */\nexport function parseRequest(schema: VgiSchema, batch: VgiBatch): ParsedRequest {\n const metadata: Map<string, string> = batch.metadata ?? new Map();\n\n const methodName = metadata.get(RPC_METHOD_KEY);\n if (methodName === undefined) {\n throw new RpcError(\n \"ProtocolError\",\n \"Missing 'vgi_rpc.method' in request batch custom_metadata. \" +\n \"Each request batch must carry a 'vgi_rpc.method' key in its Arrow IPC custom_metadata \" +\n \"with the method name as a UTF-8 string.\",\n \"\",\n );\n }\n\n const version = metadata.get(REQUEST_VERSION_KEY);\n if (version === undefined) {\n throw new VersionError(\n \"Missing 'vgi_rpc.request_version' in request batch custom_metadata. \" +\n `Set the 'vgi_rpc.request_version' custom_metadata value to '${REQUEST_VERSION}'.`,\n );\n }\n if (version !== REQUEST_VERSION) {\n throw new VersionError(\n `Unsupported request version '${version}', expected '${REQUEST_VERSION}'. ` +\n `Set the 'vgi_rpc.request_version' custom_metadata value to '${REQUEST_VERSION}'.`,\n );\n }\n\n const requestId = metadata.get(REQUEST_ID_KEY) ?? null;\n\n // Extract params from single-row batch\n const params: Record<string, any> = {};\n if (schema.fields.length > 0 && batch.numRows !== 1) {\n throw new RpcError(\n \"ProtocolError\",\n `Expected 1 row in request batch, got ${batch.numRows}. ` +\n \"Each parameter is a column (not a row). The batch should have exactly 1 row.\",\n \"\",\n );\n }\n\n // Map_ + Date/Time/Timestamp/Duration/Decimal/LargeUtf8/LargeBinary/\n // FixedSizeBinary/Dictionary all need passthrough on arrow-js because\n // its `.get(0)` round-trip is unreliable for those types. On flechette\n // those same types extract cleanly via `col.get(0)`, and `col.data[0]`\n // is a Batch (not a Data) so the arrow-js passthrough trick doesn't\n // apply. The backend advertises whether passthrough is needed.\n const useOpaquePassthrough = backend.opaquePassthrough;\n for (let i = 0; i < schema.fields.length; i++) {\n const field = schema.fields[i];\n if (useOpaquePassthrough && (isMap(field.type) || isOpaquePassthroughType(field.type))) {\n const col = batch.getChildAt(i)!;\n params[field.name] = (col as any).data?.[0] ?? col.get(0);\n continue;\n }\n let value = batch.getChildAt(i)?.get(0);\n // Normalize arrow-js DecimalBigNum wrappers to primitive BigInt.\n //\n // TODO: remove once the stdio transport reads through a facade-aware\n // reader. The stdio reader is arrow-js-coupled (the facade exposes no\n // streaming reader), so under the flechette facade we still receive\n // arrow-js batches; an opaque Decimal column then yields a\n // `DecimalBigNum` (a Uint32Array subclass whose `.toString()` is the\n // numeric value). Downstream construction goes through the flechette\n // facade and expects a primitive — without this the encoder treats the\n // BigNum as a Number and loses precision.\n //\n // Detect structurally via `instanceof Uint32Array` rather than by\n // constructor name (which minifies away): DecimalBigNum is the only\n // opaque type whose `.get(0)` returns a Uint32Array, so this also\n // excludes binary `Uint8Array` values from being mis-parsed as BigInt.\n if (value instanceof Uint32Array && isOpaquePassthroughType(field.type)) {\n // BigInt(decimalBigNum) triggers arrow-js's\n // Symbol.toPrimitive('number') path which throws for values\n // outside the safe-integer range. Go through `.toString()`\n // instead — it handles arbitrary precision.\n try {\n value = BigInt((value as unknown as { toString(): string }).toString());\n } catch {\n // leave as-is on unexpected shape\n }\n }\n // Convert BigInt to Number when safe — but NOT for types whose\n // BigInt-encoded value is type-scaled (Decimal: unscaled integer;\n // Date32: ms-since-epoch; Timestamp/Time/Duration: native-unit\n // ticks). Re-encoding a Number where a BigInt is expected would\n // make the builder apply a `*scale` multiplication (Decimal) or\n // `* 10^unit` (Time/Timestamp), corrupting the value.\n if (typeof value === \"bigint\" && !isOpaquePassthroughType(field.type)) {\n if (value >= BigInt(Number.MIN_SAFE_INTEGER) && value <= BigInt(Number.MAX_SAFE_INTEGER)) {\n value = Number(value);\n }\n }\n params[field.name] = value;\n }\n\n return {\n methodName,\n requestVersion: version,\n requestId,\n schema,\n params,\n rawMetadata: metadata,\n };\n}\n\n/**\n * Fill in `defaults` for any params that arrived as null/undefined.\n * The slim DESCRIBE_VERSION 4 wire format no longer carries defaults to the\n * client, so default substitution must happen server-side: the client sends\n * a null in any column it didn't supply, and dispatch swaps in the registered\n * default before invoking the handler.\n */\nexport function applyDefaults(\n params: Record<string, any>,\n defaults: Record<string, any> | undefined,\n): Record<string, any> {\n if (!defaults) return params;\n for (const key of Object.keys(defaults)) {\n if (params[key] == null) {\n params[key] = defaults[key];\n }\n }\n return params;\n}\n",
|
|
35
|
+
"/**\n * Utilities for hex, bytes, CSPRNG.\n * @module\n */\n/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */\n/**\n * Checks if something is Uint8Array. Be careful: nodejs Buffer will return true.\n * @param a - Value to inspect.\n * @returns `true` when the value is a Uint8Array view, including Node's `Buffer`.\n * @example\n * Guards a value before treating it as raw key material.\n *\n * ```ts\n * isBytes(new Uint8Array());\n * ```\n */\nexport function isBytes(a) {\n // Plain `instanceof Uint8Array` is too strict for some Buffer / proxy /\n // cross-realm cases. The fallback still requires a real ArrayBuffer view\n // so plain JSON-deserialized `{ constructor: ... }`\n // spoofing is rejected, and `BYTES_PER_ELEMENT === 1` keeps the fallback on byte-oriented views.\n return (a instanceof Uint8Array ||\n (ArrayBuffer.isView(a) &&\n a.constructor.name === 'Uint8Array' &&\n 'BYTES_PER_ELEMENT' in a &&\n a.BYTES_PER_ELEMENT === 1));\n}\n/**\n * Asserts something is boolean.\n * @param b - Value to validate.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Validates a boolean option before branching on it.\n *\n * ```ts\n * abool(true);\n * ```\n */\nexport function abool(b) {\n if (typeof b !== 'boolean')\n throw new TypeError(`boolean expected, not ${b}`);\n}\n/**\n * Asserts something is a non-negative safe integer.\n * @param n - Value to validate.\n * @throws On wrong argument types. {@link TypeError}\n * @throws On wrong argument ranges or values. {@link RangeError}\n * @example\n * Validates a non-negative length or counter.\n *\n * ```ts\n * anumber(1);\n * ```\n */\nexport function anumber(n) {\n if (typeof n !== 'number')\n throw new TypeError('number expected, got ' + typeof n);\n if (!Number.isSafeInteger(n) || n < 0)\n throw new RangeError('positive integer expected, got ' + n);\n}\n/**\n * Asserts something is Uint8Array.\n * @param value - Value to validate.\n * @param length - Expected byte length.\n * @param title - Optional label used in error messages.\n * @returns The validated byte array.\n * On Node, `Buffer` is accepted too because it is a Uint8Array view.\n * @throws On wrong argument types. {@link TypeError}\n * @throws On wrong argument lengths. {@link RangeError}\n * @example\n * Validates a fixed-length nonce or key buffer.\n *\n * ```ts\n * abytes(new Uint8Array([1, 2]), 2);\n * ```\n */\nexport function abytes(value, length, title = '') {\n const bytes = isBytes(value);\n const len = value?.length;\n const needsLen = length !== undefined;\n if (!bytes || (needsLen && len !== length)) {\n const prefix = title && `\"${title}\" `;\n const ofLen = needsLen ? ` of length ${length}` : '';\n const got = bytes ? `length=${len}` : `type=${typeof value}`;\n const message = prefix + 'expected Uint8Array' + ofLen + ', got ' + got;\n if (!bytes)\n throw new TypeError(message);\n throw new RangeError(message);\n }\n return value;\n}\n/**\n * Asserts a hash- or MAC-like instance has not been destroyed or finished.\n * @param instance - Stateful instance to validate.\n * @param checkFinished - Whether to reject finished instances.\n * When `false`, only `destroyed` is checked.\n * @throws If the hash instance has already been destroyed or finalized. {@link Error}\n * @example\n * Guards against calling `update()` or `digest()` on a finished hash.\n *\n * ```ts\n * aexists({ destroyed: false, finished: false });\n * ```\n */\nexport function aexists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error('Hash instance has been destroyed');\n if (checkFinished && instance.finished)\n throw new Error('Hash#digest() has already been called');\n}\n/**\n * Asserts output is a properly-sized byte array.\n * @param out - Output buffer to validate.\n * @param instance - Hash-like instance providing `outputLen`.\n * This is the relaxed `digestInto()`-style contract: output must be at least `outputLen`,\n * unlike one-shot cipher helpers elsewhere in the repo that often require exact lengths.\n * @throws On wrong argument types. {@link TypeError}\n * @param onlyAligned - Whether `out` must be 4-byte aligned for zero-allocation word views.\n * @throws On wrong output buffer lengths. {@link RangeError}\n * @throws On wrong output buffer alignment. {@link Error}\n * @example\n * Verifies that a caller-provided output buffer is large enough.\n *\n * ```ts\n * aoutput(new Uint8Array(16), { outputLen: 16 });\n * ```\n */\nexport function aoutput(out, instance, onlyAligned = false) {\n abytes(out, undefined, 'output');\n const min = instance.outputLen;\n if (out.length < min) {\n throw new RangeError('digestInto() expects output buffer of length at least ' + min);\n }\n if (onlyAligned && !isAligned32(out))\n throw new Error('invalid output, must be aligned');\n}\n/**\n * Casts a typed-array view to Uint8Array.\n * @param arr - Typed-array view to reinterpret.\n * @returns Uint8Array view over the same bytes.\n * @example\n * Views 32-bit words as raw bytes without copying.\n *\n * ```ts\n * u8(new Uint32Array([1]));\n * ```\n */\nexport function u8(arr) {\n return new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\n}\n/**\n * Casts a typed-array view to Uint32Array.\n * @param arr - Typed-array view to reinterpret.\n * @returns Uint32Array view over the same bytes. Callers are expected to provide a\n * 4-byte-aligned offset; trailing `1..3` bytes are silently dropped.\n * @example\n * Views a byte buffer as 32-bit words for block processing.\n *\n * ```ts\n * u32(new Uint8Array(4));\n * ```\n */\nexport function u32(arr) {\n return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n}\n/**\n * Zeroizes typed arrays in place.\n * Warning: JS provides no guarantees.\n * @param arrays - Arrays to wipe.\n * @example\n * Wipes a temporary key buffer after use.\n *\n * ```ts\n * const bytes = new Uint8Array([1]);\n * clean(bytes);\n * ```\n */\nexport function clean(...arrays) {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n/**\n * Creates a DataView for byte-level manipulation.\n * @param arr - Typed-array view to wrap.\n * @returns DataView over the same bytes.\n * @example\n * Creates an endian-aware view for length encoding.\n *\n * ```ts\n * createView(new Uint8Array(4));\n * ```\n */\nexport function createView(arr) {\n return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n}\n/**\n * Whether the current platform is little-endian.\n * Most are; some IBM systems are not.\n */\nexport const isLE = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44)();\n/**\n * Reverses byte order of one 32-bit word.\n * @param word - Unsigned 32-bit word to swap.\n * @returns The same word with bytes reversed.\n * @example\n * Swaps a big-endian word into little-endian byte order.\n *\n * ```ts\n * byteSwap(0x11223344);\n * ```\n */\nexport const byteSwap = (word) => ((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff);\n/**\n * Normalizes one 32-bit word to the little-endian representation expected by cipher cores.\n * @param n - Unsigned 32-bit word to normalize.\n * @returns Little-endian normalized word on big-endian hosts, else the input word unchanged.\n * @example\n * Normalizes a host-endian word before passing it into an ARX/AES core.\n *\n * ```ts\n * swap8IfBE(0x11223344);\n * ```\n */\nexport const swap8IfBE = isLE\n ? (n) => n\n : (n) => byteSwap(n) >>> 0;\n/**\n * Byte-swaps every word of a Uint32Array in place.\n * @param arr - Uint32Array whose words should be swapped.\n * @returns The same array after in-place byte swapping.\n * @example\n * Swaps every 32-bit word in a word-view buffer.\n *\n * ```ts\n * byteSwap32(new Uint32Array([0x11223344]));\n * ```\n */\nexport const byteSwap32 = (arr) => {\n for (let i = 0; i < arr.length; i++)\n arr[i] = byteSwap(arr[i]);\n return arr;\n};\n/**\n * Normalizes a Uint32Array view to the little-endian representation expected by cipher cores.\n * @param u - Word view to normalize in place.\n * @returns Little-endian normalized word view.\n * @example\n * Normalizes a word-view buffer before block processing.\n *\n * ```ts\n * swap32IfBE(new Uint32Array([0x11223344]));\n * ```\n */\nexport const swap32IfBE = isLE\n ? (u) => u\n : byteSwap32;\n// Built-in hex conversion:\n// {@link https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex | caniuse entry}\nconst hasHexBuiltin = /* @__PURE__ */ (() => \n// @ts-ignore\ntypeof Uint8Array.from([]).toHex === 'function' && typeof Uint8Array.fromHex === 'function')();\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));\n/**\n * Convert byte array to hex string. Uses built-in function, when available.\n * @param bytes - Bytes to encode.\n * @returns Lowercase hexadecimal string.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Formats ciphertext bytes for logs or test vectors.\n *\n * ```ts\n * bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])); // 'cafe0123'\n * ```\n */\nexport function bytesToHex(bytes) {\n abytes(bytes);\n // @ts-ignore\n if (hasHexBuiltin)\n return bytes.toHex();\n // pre-caching improves the speed 6x\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += hexes[bytes[i]];\n }\n return hex;\n}\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };\nfunction asciiToBase16(ch) {\n if (ch >= asciis._0 && ch <= asciis._9)\n return ch - asciis._0; // '2' => 50-48\n if (ch >= asciis.A && ch <= asciis.F)\n return ch - (asciis.A - 10); // 'B' => 66-(65-10)\n if (ch >= asciis.a && ch <= asciis.f)\n return ch - (asciis.a - 10); // 'b' => 98-(97-10)\n return;\n}\n/**\n * Convert hex string to byte array. Uses built-in function, when available.\n * @param hex - Hexadecimal string to decode.\n * @returns Decoded bytes.\n * @throws On wrong argument types. {@link TypeError}\n * @throws On malformed hexadecimal input. {@link RangeError}\n * @example\n * Parses a hex test vector into bytes.\n *\n * ```ts\n * hexToBytes('cafe0123'); // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n * ```\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== 'string')\n throw new TypeError('hex string expected, got ' + typeof hex);\n if (hasHexBuiltin) {\n try {\n return Uint8Array.fromHex(hex);\n }\n catch (error) {\n if (error instanceof SyntaxError)\n throw new RangeError(error.message);\n throw error;\n }\n }\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2)\n throw new RangeError('hex string expected, got unpadded hex of length ' + hl);\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new RangeError('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n }\n array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163\n }\n return array;\n}\n// Used in micro\n/**\n * Converts a big-endian hex string into bigint.\n * @param hex - Hexadecimal string without `0x`.\n * @returns Parsed bigint value. The empty string is treated as `0n`.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Parses a big-endian field element or counter from hex.\n *\n * ```ts\n * hexToNumber('ff');\n * ```\n */\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new TypeError('hex string expected, got ' + typeof hex);\n return BigInt(hex === '' ? '0' : '0x' + hex); // Big Endian\n}\n// Used in ff1\n// BE: Big Endian, LE: Little Endian\n/**\n * Converts big-endian bytes into bigint.\n * @param bytes - Big-endian bytes.\n * @returns Parsed bigint value. Empty input is treated as `0n`.\n * @throws On invalid byte input passed to the internal hex conversion. {@link TypeError}\n * @example\n * Reads a big-endian integer from serialized bytes.\n *\n * ```ts\n * bytesToNumberBE(new Uint8Array([1, 0]));\n * ```\n */\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex(bytes));\n}\n// Used in micro, ff1\n/**\n * Converts a number into big-endian bytes of fixed length.\n * @param n - Number to encode.\n * @param len - Output length in bytes.\n * @returns Big-endian bytes padded to `len`.\n * Validation is indirect through `hexToBytes(...)`, so negative values, `len = 0`,\n * and values that do not fit surface through the downstream hex parser instead of a\n * dedicated range guard here.\n * @throws On wrong argument types. {@link TypeError}\n * @throws If the requested output length cannot represent the encoded value. {@link RangeError}\n * @example\n * Encodes a counter as fixed-width big-endian bytes.\n *\n * ```ts\n * numberToBytesBE(1, 2);\n * ```\n */\nexport function numberToBytesBE(n, len) {\n // Reject coercible non-numeric inputs before string/hex conversion changes behavior.\n if (typeof n === 'number')\n anumber(n);\n else if (typeof n !== 'bigint')\n throw new TypeError(`number or bigint expected, got ${typeof n}`);\n anumber(len);\n return hexToBytes(n.toString(16).padStart(len * 2, '0'));\n}\n/**\n * Converts string to bytes using UTF8 encoding.\n * @param str - String to encode.\n * @returns UTF-8 bytes in a detached fresh Uint8Array copy.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Encodes application text before encryption or MACing.\n *\n * ```ts\n * utf8ToBytes('abc'); // new Uint8Array([97, 98, 99])\n * ```\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== 'string')\n throw new TypeError('string expected');\n return new Uint8Array(new TextEncoder().encode(str)); // {@link https://bugzil.la/1681809 | Firefox bug 1681809}\n}\n/**\n * Converts bytes to string using UTF8 encoding.\n * @param bytes - UTF-8 bytes.\n * @returns Decoded string. Input validation is delegated to `TextDecoder`, and malformed\n * UTF-8 is replacement-decoded instead of rejected.\n * @example\n * Decodes UTF-8 plaintext back into a string.\n *\n * ```ts\n * bytesToUtf8(new Uint8Array([97, 98, 99])); // 'abc'\n * ```\n */\nexport function bytesToUtf8(bytes) {\n return new TextDecoder().decode(bytes);\n}\n/**\n * Checks if two U8A use same underlying buffer and overlaps.\n * This is invalid and can corrupt data.\n * @param a - First byte view.\n * @param b - Second byte view.\n * @returns `true` when the views overlap in memory.\n * @example\n * Detects whether two slices alias the same backing buffer.\n *\n * ```ts\n * overlapBytes(new Uint8Array(4), new Uint8Array(4));\n * ```\n */\nexport function overlapBytes(a, b) {\n // Zero-length views cannot overwrite anything, even if their offset sits inside another range.\n if (!a.byteLength || !b.byteLength)\n return false;\n return (a.buffer === b.buffer && // best we can do, may fail with an obscure Proxy\n a.byteOffset < b.byteOffset + b.byteLength && // a starts before b end\n b.byteOffset < a.byteOffset + a.byteLength // b starts before a end\n );\n}\n/**\n * If input and output overlap and input starts before output, we will overwrite end of input before\n * we start processing it, so this is not supported for most ciphers\n * (except chacha/salsa, which were designed for this)\n * @param input - Input bytes.\n * @param output - Output bytes.\n * @throws If the output view would overwrite unread input bytes. {@link Error}\n * @example\n * Rejects an in-place layout that would overwrite unread input bytes.\n *\n * ```ts\n * complexOverlapBytes(new Uint8Array(4), new Uint8Array(4));\n * ```\n */\nexport function complexOverlapBytes(input, output) {\n // This is very cursed. It works somehow, but I'm completely unsure,\n // reasoning about overlapping aligned windows is very hard.\n if (overlapBytes(input, output) && input.byteOffset < output.byteOffset)\n throw new Error('complex overlap of input and output is not supported');\n}\n/**\n * Copies several Uint8Arrays into one.\n * @param arrays - Byte arrays to concatenate.\n * @returns Combined byte array.\n * @throws On wrong argument types inside the byte-array list. {@link TypeError}\n * @example\n * Builds a `nonce || ciphertext` style buffer.\n *\n * ```ts\n * concatBytes(new Uint8Array([1]), new Uint8Array([2]));\n * ```\n */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\n/**\n * Merges user options into defaults.\n * @param defaults - Default option values.\n * @param opts - User-provided overrides.\n * @returns Combined options object.\n * The merge mutates `defaults` in place and returns the same object.\n * @throws If options are missing or not an object. {@link Error}\n * @example\n * Applies user overrides to the default cipher options.\n *\n * ```ts\n * checkOpts({ rounds: 20 }, { rounds: 8 });\n * ```\n */\nexport function checkOpts(defaults, opts) {\n if (opts == null || typeof opts !== 'object')\n throw new Error('options must be defined');\n const merged = Object.assign(defaults, opts);\n return merged;\n}\n/**\n * Compares two byte arrays in kinda constant time once lengths already match.\n * @param a - First byte array.\n * @param b - Second byte array.\n * @returns `true` when the arrays contain the same bytes. Different lengths still return early.\n * @example\n * Compares an expected authentication tag with the received one.\n *\n * ```ts\n * equalBytes(new Uint8Array([1]), new Uint8Array([1]));\n * ```\n */\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n/**\n * Wraps a keyed MAC constructor into a one-shot helper with `.create()`.\n * @param keyLen - Valid probe-key length used to read static metadata once.\n * The probe key is only used for `outputLen` / `blockLen`, so callers with several valid key sizes\n * can pass any representative size as long as those values stay fixed.\n * @param macCons - Keyed MAC constructor or factory.\n * @param fromMsg - Optional adapter that derives extra constructor args from the one-shot message.\n * @returns Callable MAC helper with `.create()`.\n */\nexport function wrapMacConstructor(keyLen, macCons, fromMsg) {\n const mac = macCons;\n const getArgs = (fromMsg || (() => []));\n const macC = (msg, key) => mac(key, ...getArgs(msg))\n .update(msg)\n .digest();\n const tmp = mac(new Uint8Array(keyLen), ...getArgs(new Uint8Array(0)));\n macC.outputLen = tmp.outputLen;\n macC.blockLen = tmp.blockLen;\n macC.create = (key, ...args) => mac(key, ...args);\n return macC;\n}\n/**\n * Wraps a cipher: validates args, ensures encrypt() can only be called once.\n * Used internally by the exported cipher constructors.\n * Output-buffer support is inferred from the wrapped `encrypt` / `decrypt`\n * arity (`fn.length === 2`), and tag-bearing constructors are expected to use\n * `args[1]` for optional AAD.\n * @__NO_SIDE_EFFECTS__\n * @param params - Static cipher metadata. See {@link CipherParams}.\n * @param constructor - Cipher constructor.\n * @returns Wrapped constructor with validation.\n */\nexport const wrapCipher = (params, constructor) => {\n function wrappedCipher(key, ...args) {\n // Validate key\n abytes(key, undefined, 'key');\n // Validate nonce if nonceLength is present\n if (params.nonceLength !== undefined) {\n const nonce = args[0];\n abytes(nonce, params.varSizeNonce ? undefined : params.nonceLength, 'nonce');\n }\n // Validate AAD if tagLength present\n const tagl = params.tagLength;\n if (tagl && args[1] !== undefined)\n abytes(args[1], undefined, 'AAD');\n const cipher = constructor(key, ...args);\n const checkOutput = (fnLength, output) => {\n if (output !== undefined) {\n if (fnLength !== 2)\n throw new Error('cipher output not supported');\n abytes(output, undefined, 'output');\n }\n };\n // Create wrapped cipher with validation and single-use encryption\n let called = false;\n const wrCipher = {\n encrypt(data, output) {\n if (called)\n throw new Error('cannot encrypt() twice with same key + nonce');\n called = true;\n abytes(data);\n checkOutput(cipher.encrypt.length, output);\n return cipher.encrypt(data, output);\n },\n decrypt(data, output) {\n abytes(data);\n if (tagl && data.length < tagl)\n throw new Error('\"ciphertext\" expected length bigger than tagLength=' + tagl);\n checkOutput(cipher.decrypt.length, output);\n return cipher.decrypt(data, output);\n },\n };\n return wrCipher;\n }\n Object.assign(wrappedCipher, params);\n return wrappedCipher;\n};\n/**\n * By default, returns u8a of length.\n * When out is available, it checks it for validity and uses it.\n * @param expectedLength - Required output length.\n * @param out - Optional destination buffer.\n * @param onlyAligned - Whether `out` must be 4-byte aligned.\n * @returns Output buffer ready for writing.\n * @throws On wrong argument types. {@link TypeError}\n * @throws If the provided output buffer has the wrong size or alignment. {@link Error}\n * @example\n * Reuses a caller-provided output buffer when lengths match.\n *\n * ```ts\n * getOutput(16, new Uint8Array(16));\n * ```\n */\nexport function getOutput(expectedLength, out, onlyAligned = true) {\n if (out === undefined)\n return new Uint8Array(expectedLength);\n // Keep Buffer/cross-realm Uint8Array support here instead of trusting a shape-compatible object.\n abytes(out, undefined, 'output');\n if (out.length !== expectedLength)\n throw new Error('\"output\" expected Uint8Array of length ' + expectedLength + ', got: ' + out.length);\n if (onlyAligned && !isAligned32(out))\n throw new Error('invalid output, must be aligned');\n return out;\n}\n/**\n * Encodes data and AAD bit lengths into a 16-byte buffer.\n * @param dataLength - Data length in bits.\n * @param aadLength - AAD length in bits.\n * The serialized block is still `aadLength || dataLength`, matching GCM/Poly1305\n * conventions even though the helper parameter order is `(dataLength, aadLength)`.\n * @param isLE - Whether to encode lengths as little-endian.\n * @returns 16-byte length block.\n * @throws On wrong argument types passed to the endian validator. {@link TypeError}\n * @throws On wrong argument ranges or values. {@link RangeError}\n * @example\n * Builds the length block appended by GCM and Poly1305.\n *\n * ```ts\n * u64Lengths(16, 8, true);\n * ```\n */\nexport function u64Lengths(dataLength, aadLength, isLE) {\n // Reject coercible non-number lengths like '10' and true before BigInt(...) accepts them.\n anumber(dataLength);\n anumber(aadLength);\n abool(isLE);\n const num = new Uint8Array(16);\n const view = createView(num);\n view.setBigUint64(0, BigInt(aadLength), isLE);\n view.setBigUint64(8, BigInt(dataLength), isLE);\n return num;\n}\n/**\n * Checks whether a byte array is aligned to a 4-byte offset.\n * @param bytes - Byte array to inspect.\n * @returns `true` when the view is 4-byte aligned.\n * @example\n * Checks whether a buffer can be safely viewed as Uint32Array.\n *\n * ```ts\n * isAligned32(new Uint8Array(4));\n * ```\n */\nexport function isAligned32(bytes) {\n return bytes.byteOffset % 4 === 0;\n}\n/**\n * Copies bytes into a new Uint8Array.\n * @param bytes - Bytes to copy.\n * @returns Copied byte array.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Copies input into an aligned Uint8Array before block processing.\n *\n * ```ts\n * copyBytes(new Uint8Array([1, 2]));\n * ```\n */\nexport function copyBytes(bytes) {\n // `Uint8Array.from(...)` would also accept arrays / other typed arrays. Keep this helper strict\n // because callers use it at byte-validation boundaries before mutating the detached copy.\n return Uint8Array.from(abytes(bytes));\n}\n/**\n * Cryptographically secure PRNG.\n * Uses internal OS-level `crypto.getRandomValues`.\n * @param bytesLength - Number of bytes to produce.\n * Validation is delegated to `Uint8Array(bytesLength)` and `getRandomValues`, so\n * non-integers, negative lengths, and oversize requests surface backend/runtime errors.\n * @returns Random byte array.\n * @throws On wrong argument types. {@link TypeError}\n * @throws On wrong argument ranges or values. {@link RangeError}\n * @throws If the runtime does not expose `crypto.getRandomValues`. {@link Error}\n * @example\n * Generates a fresh nonce or key.\n *\n * ```ts\n * randomBytes(16);\n * ```\n */\nexport function randomBytes(bytesLength = 32) {\n // Validate upfront so fractional / coercible lengths do not silently\n // truncate through Uint8Array().\n anumber(bytesLength);\n const cr = typeof globalThis === 'object' ? globalThis.crypto : null;\n if (typeof cr?.getRandomValues !== 'function')\n throw new Error('crypto.getRandomValues must be defined');\n return cr.getRandomValues(new Uint8Array(bytesLength));\n}\n/**\n * Uses CSPRNG for nonce, nonce injected in ciphertext.\n * For `encrypt`, a `nonceBytes`-length buffer is fetched from CSPRNG and\n * prepended to encrypted ciphertext. For `decrypt`, first `nonceBytes` of ciphertext\n * are treated as nonce. The wrapper always allocates a fresh `nonce || ciphertext`\n * buffer on encrypt and intentionally does not support caller-provided destination buffers.\n * Too-short decrypt inputs are split into short/empty nonce views and then delegated\n * to the wrapped cipher instead of being rejected here first.\n *\n * NOTE: Under the same key, using random nonces (e.g. `managedNonce`) with AES-GCM and ChaCha\n * should be limited to `2**23` (8M) messages to get a collision chance of\n * `2**-50`. Stretching to `2**32` (4B) messages would raise that chance to\n * `2**-33`, still negligible but creeping up.\n * @param fn - Cipher constructor that expects a nonce.\n * @param randomBytes_ - Random-byte source used for nonce generation.\n * @returns Cipher constructor that prepends the nonce to ciphertext.\n * @throws On wrong argument types. {@link TypeError}\n * @throws On invalid nonce lengths observed at wrapper construction or use. {@link RangeError}\n * @example\n * Prepends a fresh random nonce to every ciphertext.\n *\n * ```ts\n * import { gcm } from '@noble/ciphers/aes.js';\n * import { managedNonce, randomBytes } from '@noble/ciphers/utils.js';\n * const wrapped = managedNonce(gcm);\n * const key = randomBytes(16);\n * const ciphertext = wrapped(key).encrypt(new Uint8Array([1, 2, 3]));\n * wrapped(key).decrypt(ciphertext);\n * ```\n */\nexport function managedNonce(fn, randomBytes_ = randomBytes) {\n const { nonceLength } = fn;\n anumber(nonceLength);\n const addNonce = (nonce, ciphertext, plaintext) => {\n const out = concatBytes(nonce, ciphertext);\n // Wrapped ciphers may alias caller plaintext on encrypt(); never zero\n // caller-owned buffers here.\n if (!overlapBytes(plaintext, ciphertext))\n ciphertext.fill(0);\n return out;\n };\n // NOTE: we cannot support DST here, it would be mistake:\n // - we don't know how much dst length cipher requires\n // - nonce may unalign dst and break everything\n // - we create new u8a anyway (concatBytes)\n // - previously we passed all args to cipher, but that was mistake!\n const res = ((key, ...args) => ({\n encrypt(plaintext) {\n abytes(plaintext);\n const nonce = randomBytes_(nonceLength);\n const encrypted = fn(key, nonce, ...args).encrypt(plaintext);\n // @ts-ignore\n if (encrypted instanceof Promise)\n return encrypted.then((ct) => addNonce(nonce, ct, plaintext));\n return addNonce(nonce, encrypted, plaintext);\n },\n decrypt(ciphertext) {\n abytes(ciphertext);\n const nonce = ciphertext.subarray(0, nonceLength);\n const decrypted = ciphertext.subarray(nonceLength);\n return fn(key, nonce, ...args).decrypt(decrypted);\n },\n }));\n // Auto-nonce wrappers still preserve the wrapped payload geometry.\n if ('blockSize' in fn)\n res.blockSize = fn.blockSize;\n if ('tagLength' in fn)\n res.tagLength = fn.tagLength;\n return res;\n}\n//# sourceMappingURL=utils.js.map",
|
|
36
|
+
"/**\n * Basic utils for ARX (add-rotate-xor) salsa and chacha ciphers.\n\nRFC8439 requires multi-step cipher stream, where\nauthKey starts with counter: 0, actual msg with counter: 1.\n\nFor this, we need a way to re-use nonce / counter:\n\n const counter = new Uint8Array(4);\n chacha(..., counter, ...); // counter is now 1\n chacha(..., counter, ...); // counter is now 2\n\nThis is complicated:\n\n- 32-bit counters are enough, no need for 64-bit: max ArrayBuffer size in JS is 4GB\n- Original papers don't allow mutating counters\n- Counter overflow is undefined [^1]\n- Idea A: allow providing (nonce | counter) instead of just nonce, re-use it\n- Caveat: Cannot be re-used through all cases:\n- * chacha has (counter | nonce)\n- * xchacha has (nonce16 | counter | nonce16)\n- Idea B: separate nonce / counter and provide separate API for counter re-use\n- Caveat: there are different counter sizes depending on an algorithm.\n- salsa & chacha also differ in structures of key & sigma:\n salsa20: s[0] | k(4) | s[1] | nonce(2) | cnt(2) | s[2] | k(4) | s[3]\n chacha: s(4) | k(8) | cnt(1) | nonce(3)\n chacha20orig: s(4) | k(8) | cnt(2) | nonce(2)\n- Idea C: helper method such as `setSalsaState(key, nonce, sigma, data)`\n- Caveat: we can't re-use counter array\n\nxchacha uses the subkey and remaining 8 byte nonce with ChaCha20 as normal\n(prefixed by 4 NUL bytes, since RFC8439 specifies a 12-byte nonce).\nCounter overflow is undefined; see {@link https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU/ | the CFRG thread}.\nCurrent noble policy is strict non-wrap for the shared 32-bit counter path:\nexported ARX ciphers reject initial `0xffffffff` and stop before any implicit\nwrap back to zero.\nSee {@link https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha#appendix-A.2 | the XChaCha appendix} for the extended-nonce construction.\n\n * @module\n */\nimport { abool, abytes, anumber, checkOpts, clean, copyBytes, getOutput, isAligned32, isLE, randomBytes, swap32IfBE, u32, } from \"./utils.js\";\n// Replaces `TextEncoder` for ASCII literals, which is enough for sigma constants.\n// Non-ASCII input would not match UTF-8 `TextEncoder` output.\nconst encodeStr = (str) => Uint8Array.from(str.split(''), (c) => c.charCodeAt(0));\n// Raw `createCipher(...)` exports consume these native-endian `u32(...)` views directly.\n// Public `wrapCipher(...)` APIs reject non-little-endian platforms before reaching this path.\n// RFC 8439 §2.3 / RFC 7539 §2.3 only define the 256-bit-key constants; this 16-byte sigma is\n// kept for legacy allowShortKeys Salsa/ChaCha variants.\nconst sigma16_32 = /* @__PURE__ */ (() => swap32IfBE(u32(encodeStr('expand 16-byte k'))))();\n// RFC 8439 §2.3 / RFC 7539 §2.3 define words 0-3 as\n// `0x61707865 0x3320646e 0x79622d32 0x6b206574`, i.e. `expand 32-byte k`.\nconst sigma32_32 = /* @__PURE__ */ (() => swap32IfBE(u32(encodeStr('expand 32-byte k'))))();\n/**\n * Rotates a 32-bit word left.\n * @param a - Input word.\n * @param b - Rotation count in bits.\n * @returns Rotated 32-bit word.\n * @example\n * Moves the top byte of `0x12345678` into the low byte position.\n * ```ts\n * rotl(0x12345678, 8);\n * ```\n */\nexport function rotl(a, b) {\n return (a << b) | (a >>> (32 - b));\n}\n// Salsa and Chacha block length is always 512-bit\nconst BLOCK_LEN = 64;\n// RFC 8439 §2.2 / RFC 7539 §2.2: the ChaCha state has 16 32-bit words.\nconst BLOCK_LEN32 = 16;\n// Counter policy for the shared public `counter` argument:\n// - RFC/IETF ChaCha20 uses a 32-bit counter.\n// - OpenSSL/Node `chacha20` instead treat the full 16-byte IV as a 128-bit\n// counter state and carry into the next word.\n// - Raw `chacha20orig`, `salsa20`, `xsalsa20`, and `xchacha20` use 64-bit counters in libsodium\n// and libtomcrypt, while some libs (for example libtomcrypt's RFC/IETF path) reject the max\n// boundary instead of carrying.\n// - AEAD wrappers diverge too: libsodium `xchacha20poly1305` uses the IETF payload counter from\n// block 1, while `secretstream_xchacha20poly1305` is a different protocol with rekey/reset.\n// Noble intentionally throws instead of silently picking one wrap model for users. In the default\n// path, even a 32-bit boundary would take 2^32 blocks * 64 bytes = 256 GiB, which is practically\n// unreachable for normal JS callers; advanced users who pass `counter` explicitly can implement\n// whatever wider carry / wrap policy they need on top.\nconst MAX_COUNTER = /* @__PURE__ */ (() => 2 ** 32 - 1)();\nconst U32_EMPTY = /* @__PURE__ */ Uint32Array.of();\nfunction runCipher(core, sigma, key, nonce, data, output, counter, rounds) {\n const len = data.length;\n const block = new Uint8Array(BLOCK_LEN);\n const b32 = u32(block);\n // Make sure that buffers aligned to 4 bytes\n const isAligned = isLE && isAligned32(data) && isAligned32(output);\n const d32 = isAligned ? u32(data) : U32_EMPTY;\n const o32 = isAligned ? u32(output) : U32_EMPTY;\n // RFC 8439 §2.4.1 / RFC 7539 §2.4.1 allow XORing one keystream block at a time and\n // truncating the final partial block instead of materializing the whole keystream.\n if (!isLE) {\n for (let pos = 0; pos < len; counter++) {\n core(sigma, key, nonce, b32, counter, rounds);\n // RFC 8439 §2.4 / RFC 7539 §2.4 serialize keystream words in little-endian order.\n swap32IfBE(b32);\n if (counter >= MAX_COUNTER)\n throw new Error('arx: counter overflow');\n const take = Math.min(BLOCK_LEN, len - pos);\n for (let j = 0, posj; j < take; j++) {\n posj = pos + j;\n output[posj] = data[posj] ^ block[j];\n }\n pos += take;\n }\n return;\n }\n for (let pos = 0; pos < len; counter++) {\n core(sigma, key, nonce, b32, counter, rounds);\n // See MAX_COUNTER policy note above: never silently wrap the shared public counter.\n if (counter >= MAX_COUNTER)\n throw new Error('arx: counter overflow');\n const take = Math.min(BLOCK_LEN, len - pos);\n // aligned to 4 bytes\n if (isAligned && take === BLOCK_LEN) {\n const pos32 = pos / 4;\n if (pos % 4 !== 0)\n throw new Error('arx: invalid block position');\n for (let j = 0, posj; j < BLOCK_LEN32; j++) {\n posj = pos32 + j;\n o32[posj] = d32[posj] ^ b32[j];\n }\n pos += BLOCK_LEN;\n continue;\n }\n for (let j = 0, posj; j < take; j++) {\n posj = pos + j;\n output[posj] = data[posj] ^ block[j];\n }\n pos += take;\n }\n}\n/**\n * Creates an ARX stream cipher from a 32-bit core permutation.\n * Used internally to build the exported Salsa and ChaCha stream ciphers.\n * @param core - Core function that fills one keystream block.\n * @param opts - Cipher layout and nonce-extension options. See {@link CipherOpts}.\n * @returns Stream cipher function over byte arrays.\n * @throws If the core callback, key size, counter, or output sizing is invalid. {@link Error}\n */\nexport function createCipher(core, opts) {\n const { allowShortKeys, extendNonceFn, counterLength, counterRight, rounds } = checkOpts({ allowShortKeys: false, counterLength: 8, counterRight: false, rounds: 20 }, opts);\n if (typeof core !== 'function')\n throw new Error('core must be a function');\n anumber(counterLength);\n anumber(rounds);\n abool(counterRight);\n abool(allowShortKeys);\n return (key, nonce, data, output, counter = 0) => {\n abytes(key, undefined, 'key');\n abytes(nonce, undefined, 'nonce');\n abytes(data, undefined, 'data');\n const len = data.length;\n // Raw XorStream APIs return ciphertext/plaintext bytes directly, so caller-provided outputs\n // must match the logical result length exactly instead of returning an oversized workspace.\n output = getOutput(len, output, false);\n anumber(counter);\n // See MAX_COUNTER policy note above: reject advanced explicit-counter requests before any wrap.\n if (counter < 0 || counter >= MAX_COUNTER)\n throw new Error('arx: counter overflow');\n const toClean = [];\n // Key & sigma\n // key=16 -> sigma16, k=key|key\n // key=32 -> sigma32, k=key\n let l = key.length;\n let k;\n let sigma;\n if (l === 32) {\n // Copy caller keys too: big-endian normalization, extended-nonce subkey derivation, and\n // final clean(...) all mutate or wipe the temporary buffer in place.\n toClean.push((k = copyBytes(key)));\n sigma = sigma32_32;\n }\n else if (l === 16 && allowShortKeys) {\n k = new Uint8Array(32);\n k.set(key);\n k.set(key, 16);\n sigma = sigma16_32;\n toClean.push(k);\n }\n else {\n abytes(key, 32, 'arx key');\n throw new Error('invalid key size');\n // throw new Error(`\"arx key\" expected Uint8Array of length 32, got length=${l}`);\n }\n // Nonce\n // salsa20: 8 (8-byte counter)\n // chacha20orig: 8 (8-byte counter)\n // chacha20: 12 (4-byte counter)\n // xsalsa20: 24 (16 -> hsalsa, 8 -> old nonce)\n // xchacha20: 24 (16 -> hchacha, 8 -> old nonce)\n // Copy before taking u32(...) views on misaligned inputs, and on big-endian so later\n // swap32IfBE(...) never mutates caller nonce bytes in place.\n if (!isLE || !isAligned32(nonce))\n toClean.push((nonce = copyBytes(nonce)));\n let k32 = u32(k);\n // hsalsa & hchacha: handle extended nonce\n if (extendNonceFn) {\n if (nonce.length !== 24)\n throw new Error(`arx: extended nonce must be 24 bytes`);\n const n16 = nonce.subarray(0, 16);\n if (isLE)\n extendNonceFn(sigma, k32, u32(n16), k32);\n else {\n const sigmaRaw = swap32IfBE(Uint32Array.from(sigma));\n extendNonceFn(sigmaRaw, k32, u32(n16), k32);\n clean(sigmaRaw);\n swap32IfBE(k32);\n }\n nonce = nonce.subarray(16);\n }\n else if (!isLE)\n swap32IfBE(k32);\n // Handle nonce counter\n const nonceNcLen = 16 - counterLength;\n if (nonceNcLen !== nonce.length)\n throw new Error(`arx: nonce must be ${nonceNcLen} or 16 bytes`);\n // Normalize 64-bit-nonce layouts to the 12-byte core input: ChaCha/XChaCha prefix 4 zero\n // counter bytes, while Salsa/XSalsa append them after the nonce words.\n if (nonceNcLen !== 12) {\n const nc = new Uint8Array(12);\n nc.set(nonce, counterRight ? 0 : 12 - nonce.length);\n nonce = nc;\n toClean.push(nonce);\n }\n const n32 = swap32IfBE(u32(nonce));\n // Ensure temporary key/nonce copies are wiped even if the remaining\n // runtime guard in runCipher(...) throws on counter overflow.\n try {\n runCipher(core, sigma, k32, n32, data, output, counter, rounds);\n return output;\n }\n finally {\n clean(...toClean);\n }\n };\n}\n/** Internal class which wraps chacha20 or chacha8 to create CSPRNG. */\nexport class _XorStreamPRG {\n blockLen;\n keyLen;\n nonceLen;\n state;\n buf;\n key;\n nonce;\n pos;\n ctr;\n cipher;\n constructor(cipher, blockLen, keyLen, nonceLen, seed) {\n this.cipher = cipher;\n this.blockLen = blockLen;\n this.keyLen = keyLen;\n this.nonceLen = nonceLen;\n this.state = new Uint8Array(this.keyLen + this.nonceLen);\n this.reseed(seed);\n this.ctr = 0;\n this.pos = this.blockLen;\n this.buf = new Uint8Array(this.blockLen);\n // Keep a single key||nonce backing buffer so reseed/addEntropy/clean update the live cipher\n // inputs in place through these subarray views.\n this.key = this.state.subarray(0, this.keyLen);\n this.nonce = this.state.subarray(this.keyLen);\n }\n reseed(seed) {\n abytes(seed);\n if (!seed || seed.length === 0)\n throw new Error('entropy required');\n // Mix variable-length entropy cyclically across the whole key||nonce state, then restart the\n // keystream so buffered leftovers from the previous state are never reused.\n for (let i = 0; i < seed.length; i++)\n this.state[i % this.state.length] ^= seed[i];\n this.ctr = 0;\n this.pos = this.blockLen;\n }\n addEntropy(seed) {\n // Reject empty entropy before re-keying, otherwise a throwing call would still advance state.\n abytes(seed);\n if (seed.length === 0)\n throw new Error('entropy required');\n // Re-key from the current stream first, then mix external entropy into the fresh key||nonce\n // state through reseed() so stale buffered bytes are discarded.\n this.state.set(this.randomBytes(this.state.length));\n this.reseed(seed);\n }\n randomBytes(len) {\n anumber(len);\n if (len === 0)\n return new Uint8Array(0);\n const avail = this.pos < this.blockLen ? this.blockLen - this.pos : 0;\n const blocks = Math.ceil(Math.max(0, len - avail) / this.blockLen);\n // Preflight overflow so failed reads don't partially consume keystream\n // and leave the PRG repeating blocks.\n if (blocks > 0 && this.ctr > MAX_COUNTER - blocks)\n throw new Error('arx: counter overflow');\n const out = new Uint8Array(len);\n let outPos = 0;\n // `out` starts zero-filled, and `buf.fill(0)` below does the same for leftovers: XOR-stream\n // ciphers then emit raw keystream bytes directly into those buffers.\n // Serve buffered leftovers first so split reads stay identical to one larger read.\n if (this.pos < this.blockLen) {\n const take = Math.min(len, this.blockLen - this.pos);\n out.set(this.buf.subarray(this.pos, this.pos + take), 0);\n this.pos += take;\n outPos += take;\n if (outPos === len)\n return out; // fast path\n }\n // Full blocks directly to out\n const full = Math.floor((len - outPos) / this.blockLen);\n if (full > 0) {\n const blockBytes = full * this.blockLen;\n const b = out.subarray(outPos, outPos + blockBytes);\n this.cipher(this.key, this.nonce, b, b, this.ctr);\n this.ctr += full;\n outPos += blockBytes;\n }\n // Save leftovers\n const left = len - outPos;\n if (left > 0) {\n this.buf.fill(0);\n // NOTE: cipher will handle overflow\n this.cipher(this.key, this.nonce, this.buf, this.buf, this.ctr++);\n out.set(this.buf.subarray(0, left), outPos);\n this.pos = left;\n }\n return out;\n }\n // Clone seeds the new instance from this stream, so the source PRG advances too.\n clone() {\n return new _XorStreamPRG(this.cipher, this.blockLen, this.keyLen, this.nonceLen, this.randomBytes(this.state.length));\n }\n // Zeroes the current state and leftover buffer, but does not make the instance unusable:\n // Later reads first drain zeros from the cleared buffer and then continue\n // from zero key||nonce state.\n clean() {\n this.pos = 0;\n this.ctr = 0;\n this.buf.fill(0);\n this.state.fill(0);\n }\n}\n/**\n * Creates a PRG constructor from a stream cipher.\n * @param cipher - Stream cipher used to fill output blocks.\n * @param blockLen - Keystream block length in bytes.\n * @param keyLen - Internal key length in bytes.\n * @param nonceLen - Internal nonce length in bytes.\n * @returns PRG factory for seeded concrete `_XorStreamPRG` instances.\n * @example\n * Builds a PRG from XChaCha20 and reads bytes from a randomly seeded instance.\n * ```ts\n * import { xchacha20 } from '@noble/ciphers/chacha.js';\n * import { createPRG } from '@noble/ciphers/_arx.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const seed = randomBytes(32);\n * const init = createPRG(xchacha20, 64, 32, 24);\n * const prg = init(seed);\n * prg.randomBytes(8);\n * ```\n */\nexport const createPRG = (cipher, blockLen, keyLen, nonceLen) => {\n return ((seed = randomBytes(32)) => new _XorStreamPRG(cipher, blockLen, keyLen, nonceLen, seed));\n};\n//# sourceMappingURL=_arx.js.map",
|
|
37
|
+
"/**\n * Poly1305 ({@link https://cr.yp.to/mac/poly1305-20050329.pdf | PDF},\n * {@link https://en.wikipedia.org/wiki/Poly1305 | wiki})\n * is a fast and parallel secret-key message-authentication code suitable for\n * a wide variety of applications. It was standardized in\n * {@link https://www.rfc-editor.org/rfc/rfc8439 | RFC 8439} and is now used in TLS 1.3.\n *\n * Polynomial MACs are not perfect for every situation:\n * they lack Random Key Robustness: the MAC can be forged, and can't be used in PAKE schemes.\n * See {@link https://keymaterial.net/2020/09/07/invisible-salamanders-in-aes-gcm-siv/ | the invisible salamanders attack writeup}.\n * To combat invisible salamanders, `hash(key)` can be included in ciphertext,\n * however, this would violate ciphertext indistinguishability:\n * an attacker would know which key was used - so `HKDF(key, i)`\n * could be used instead.\n *\n * Check out the {@link https://cr.yp.to/mac.html | original website}.\n * Based on public-domain {@link https://github.com/floodyberry/poly1305-donna | poly1305-donna}.\n * @module\n */\n// prettier-ignore\nimport { abytes, aexists, aoutput, bytesToHex, clean, concatBytes, copyBytes, hexToNumber, numberToBytesBE, wrapMacConstructor } from \"./utils.js\";\n// Little-endian 2-byte load used by the Poly1305 limb decomposition.\nfunction u8to16(a, i) {\n return (a[i++] & 0xff) | ((a[i++] & 0xff) << 8);\n}\nfunction bytesToNumberLE(bytes) {\n return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));\n}\n/** Small version of `poly1305` without loop unrolling. Unused, provided for auditability. */\nfunction poly1305_small(msg, key) {\n abytes(msg);\n abytes(key, 32, 'key');\n const POW_2_130_5 = BigInt(2) ** BigInt(130) - BigInt(5); // 2^130-5\n const POW_2_128_1 = BigInt(2) ** BigInt(128) - BigInt(1); // 2^128-1\n const CLAMP_R = BigInt('0x0ffffffc0ffffffc0ffffffc0fffffff');\n const r = bytesToNumberLE(key.subarray(0, 16)) & CLAMP_R;\n const s = bytesToNumberLE(key.subarray(16));\n // Process by 16 byte chunks\n let acc = BigInt(0);\n for (let i = 0; i < msg.length; i += 16) {\n const m = msg.subarray(i, i + 16);\n // RFC 8439 §2.5.1 / RFC 7539 §2.5.1 append [0x01] to each chunk before multiplying by r.\n const n = bytesToNumberLE(m) | (BigInt(1) << BigInt(8 * m.length));\n acc = ((acc + n) * r) % POW_2_130_5;\n }\n const res = (acc + s) & POW_2_128_1;\n // RFC 8439 §2.5 / RFC 7539 §2.5 serialize the low 128 bits in little-endian order.\n return numberToBytesBE(res, 16).reverse(); // LE\n}\n// Can be used to replace `computeTag` in chacha.ts. Unused, provided for auditability.\n// @ts-expect-error\nfunction poly1305_computeTag_small(authKey, \n// AEAD trailer must already be the 16-byte length block:\n// 8-byte little-endian AAD length || 8-byte little-endian ciphertext length.\nlengths, ciphertext, AAD) {\n // RFC 8439 §2.8.1 / RFC 7539 §2.8.1 MAC input is\n // AAD || pad16(AAD) || ciphertext || pad16(ciphertext) || lengths.\n const res = [];\n const updatePadded2 = (msg) => {\n res.push(msg);\n const leftover = msg.length % 16;\n // RFC 8439 §2.8.1 / RFC 7539 §2.8.1: pad16(x) is empty for aligned\n // inputs, else 16-(len%16) zero bytes.\n if (leftover)\n res.push(new Uint8Array(16).slice(leftover));\n };\n if (AAD)\n updatePadded2(AAD);\n updatePadded2(ciphertext);\n res.push(lengths);\n return poly1305_small(concatBytes(...res), authKey);\n}\n/**\n * Incremental Poly1305 MAC state.\n * Prefer `poly1305()` for one-shot use.\n * @param key - 32-byte Poly1305 one-time key.\n * @example\n * Feeds one chunk into an incremental Poly1305 state with a fresh one-time key.\n *\n * ```ts\n * import { Poly1305 } from '@noble/ciphers/_poly1305.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const key = randomBytes(32);\n * const mac = new Poly1305(key);\n * mac.update(new Uint8Array([1, 2, 3]));\n * mac.digest();\n * ```\n */\nexport class Poly1305 {\n blockLen = 16;\n outputLen = 16;\n buffer = new Uint8Array(16);\n r = new Uint16Array(10); // Allocating 1 array with .subarray() here is slower than 3\n h = new Uint16Array(10);\n pad = new Uint16Array(8);\n pos = 0;\n finished = false;\n destroyed = false;\n // Can be speed-up using BigUint64Array, at the cost of complexity\n constructor(key) {\n key = copyBytes(abytes(key, 32, 'key'));\n const t0 = u8to16(key, 0);\n const t1 = u8to16(key, 2);\n const t2 = u8to16(key, 4);\n const t3 = u8to16(key, 6);\n const t4 = u8to16(key, 8);\n const t5 = u8to16(key, 10);\n const t6 = u8to16(key, 12);\n const t7 = u8to16(key, 14);\n // RFC 8439 §2.5.1 / RFC 7539 §2.5.1 clamp r before multiplication.\n // These masks unpack that clamped value into 13-bit limbs, while pad\n // keeps the raw s half for finalize().\n // {@link https://github.com/floodyberry/poly1305-donna/blob/e6ad6e091d30d7f4ec2d4f978be1fcfcbce72781/poly1305-donna-16.h#L47 | poly1305-donna reference}\n this.r[0] = t0 & 0x1fff;\n this.r[1] = ((t0 >>> 13) | (t1 << 3)) & 0x1fff;\n this.r[2] = ((t1 >>> 10) | (t2 << 6)) & 0x1f03;\n this.r[3] = ((t2 >>> 7) | (t3 << 9)) & 0x1fff;\n this.r[4] = ((t3 >>> 4) | (t4 << 12)) & 0x00ff;\n this.r[5] = (t4 >>> 1) & 0x1ffe;\n this.r[6] = ((t4 >>> 14) | (t5 << 2)) & 0x1fff;\n this.r[7] = ((t5 >>> 11) | (t6 << 5)) & 0x1f81;\n this.r[8] = ((t6 >>> 8) | (t7 << 8)) & 0x1fff;\n this.r[9] = (t7 >>> 5) & 0x007f;\n for (let i = 0; i < 8; i++)\n this.pad[i] = u8to16(key, 16 + 2 * i);\n }\n process(data, offset, isLast = false) {\n // RFC 8439 §2.5 / §2.5.1 and RFC 7539 §2.5 / §2.5.1 add an extra high\n // bit to every full 16-byte block. The final partial block gets its\n // explicit `1` byte during digestInto(), so `hibit` stays zero there.\n const hibit = isLast ? 0 : 1 << 11;\n const { h, r } = this;\n const r0 = r[0];\n const r1 = r[1];\n const r2 = r[2];\n const r3 = r[3];\n const r4 = r[4];\n const r5 = r[5];\n const r6 = r[6];\n const r7 = r[7];\n const r8 = r[8];\n const r9 = r[9];\n const t0 = u8to16(data, offset + 0);\n const t1 = u8to16(data, offset + 2);\n const t2 = u8to16(data, offset + 4);\n const t3 = u8to16(data, offset + 6);\n const t4 = u8to16(data, offset + 8);\n const t5 = u8to16(data, offset + 10);\n const t6 = u8to16(data, offset + 12);\n const t7 = u8to16(data, offset + 14);\n let h0 = h[0] + (t0 & 0x1fff);\n let h1 = h[1] + (((t0 >>> 13) | (t1 << 3)) & 0x1fff);\n let h2 = h[2] + (((t1 >>> 10) | (t2 << 6)) & 0x1fff);\n let h3 = h[3] + (((t2 >>> 7) | (t3 << 9)) & 0x1fff);\n let h4 = h[4] + (((t3 >>> 4) | (t4 << 12)) & 0x1fff);\n let h5 = h[5] + ((t4 >>> 1) & 0x1fff);\n let h6 = h[6] + (((t4 >>> 14) | (t5 << 2)) & 0x1fff);\n let h7 = h[7] + (((t5 >>> 11) | (t6 << 5)) & 0x1fff);\n let h8 = h[8] + (((t6 >>> 8) | (t7 << 8)) & 0x1fff);\n let h9 = h[9] + ((t7 >>> 5) | hibit);\n let c = 0;\n let d0 = c + h0 * r0 + h1 * (5 * r9) + h2 * (5 * r8) + h3 * (5 * r7) + h4 * (5 * r6);\n c = d0 >>> 13;\n d0 &= 0x1fff;\n d0 += h5 * (5 * r5) + h6 * (5 * r4) + h7 * (5 * r3) + h8 * (5 * r2) + h9 * (5 * r1);\n c += d0 >>> 13;\n d0 &= 0x1fff;\n let d1 = c + h0 * r1 + h1 * r0 + h2 * (5 * r9) + h3 * (5 * r8) + h4 * (5 * r7);\n c = d1 >>> 13;\n d1 &= 0x1fff;\n d1 += h5 * (5 * r6) + h6 * (5 * r5) + h7 * (5 * r4) + h8 * (5 * r3) + h9 * (5 * r2);\n c += d1 >>> 13;\n d1 &= 0x1fff;\n let d2 = c + h0 * r2 + h1 * r1 + h2 * r0 + h3 * (5 * r9) + h4 * (5 * r8);\n c = d2 >>> 13;\n d2 &= 0x1fff;\n d2 += h5 * (5 * r7) + h6 * (5 * r6) + h7 * (5 * r5) + h8 * (5 * r4) + h9 * (5 * r3);\n c += d2 >>> 13;\n d2 &= 0x1fff;\n let d3 = c + h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * (5 * r9);\n c = d3 >>> 13;\n d3 &= 0x1fff;\n d3 += h5 * (5 * r8) + h6 * (5 * r7) + h7 * (5 * r6) + h8 * (5 * r5) + h9 * (5 * r4);\n c += d3 >>> 13;\n d3 &= 0x1fff;\n let d4 = c + h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0;\n c = d4 >>> 13;\n d4 &= 0x1fff;\n d4 += h5 * (5 * r9) + h6 * (5 * r8) + h7 * (5 * r7) + h8 * (5 * r6) + h9 * (5 * r5);\n c += d4 >>> 13;\n d4 &= 0x1fff;\n let d5 = c + h0 * r5 + h1 * r4 + h2 * r3 + h3 * r2 + h4 * r1;\n c = d5 >>> 13;\n d5 &= 0x1fff;\n d5 += h5 * r0 + h6 * (5 * r9) + h7 * (5 * r8) + h8 * (5 * r7) + h9 * (5 * r6);\n c += d5 >>> 13;\n d5 &= 0x1fff;\n let d6 = c + h0 * r6 + h1 * r5 + h2 * r4 + h3 * r3 + h4 * r2;\n c = d6 >>> 13;\n d6 &= 0x1fff;\n d6 += h5 * r1 + h6 * r0 + h7 * (5 * r9) + h8 * (5 * r8) + h9 * (5 * r7);\n c += d6 >>> 13;\n d6 &= 0x1fff;\n let d7 = c + h0 * r7 + h1 * r6 + h2 * r5 + h3 * r4 + h4 * r3;\n c = d7 >>> 13;\n d7 &= 0x1fff;\n d7 += h5 * r2 + h6 * r1 + h7 * r0 + h8 * (5 * r9) + h9 * (5 * r8);\n c += d7 >>> 13;\n d7 &= 0x1fff;\n let d8 = c + h0 * r8 + h1 * r7 + h2 * r6 + h3 * r5 + h4 * r4;\n c = d8 >>> 13;\n d8 &= 0x1fff;\n d8 += h5 * r3 + h6 * r2 + h7 * r1 + h8 * r0 + h9 * (5 * r9);\n c += d8 >>> 13;\n d8 &= 0x1fff;\n let d9 = c + h0 * r9 + h1 * r8 + h2 * r7 + h3 * r6 + h4 * r5;\n c = d9 >>> 13;\n d9 &= 0x1fff;\n d9 += h5 * r4 + h6 * r3 + h7 * r2 + h8 * r1 + h9 * r0;\n c += d9 >>> 13;\n d9 &= 0x1fff;\n c = ((c << 2) + c) | 0;\n c = (c + d0) | 0;\n d0 = c & 0x1fff;\n c = c >>> 13;\n d1 += c;\n h[0] = d0;\n h[1] = d1;\n h[2] = d2;\n h[3] = d3;\n h[4] = d4;\n h[5] = d5;\n h[6] = d6;\n h[7] = d7;\n h[8] = d8;\n h[9] = d9;\n }\n finalize() {\n const { h, pad } = this;\n const g = new Uint16Array(10);\n let c = h[1] >>> 13;\n h[1] &= 0x1fff;\n for (let i = 2; i < 10; i++) {\n h[i] += c;\n c = h[i] >>> 13;\n h[i] &= 0x1fff;\n }\n h[0] += c * 5;\n c = h[0] >>> 13;\n h[0] &= 0x1fff;\n h[1] += c;\n c = h[1] >>> 13;\n h[1] &= 0x1fff;\n h[2] += c;\n // RFC 8439 §2.5 / RFC 7539 §2.5 reduce modulo 2^130-5 before repacking\n // to 16-bit words and adding the raw s half.\n g[0] = h[0] + 5;\n c = g[0] >>> 13;\n g[0] &= 0x1fff;\n for (let i = 1; i < 10; i++) {\n g[i] = h[i] + c;\n c = g[i] >>> 13;\n g[i] &= 0x1fff;\n }\n g[9] -= 1 << 13;\n let mask = (c ^ 1) - 1;\n for (let i = 0; i < 10; i++)\n g[i] &= mask;\n mask = ~mask;\n for (let i = 0; i < 10; i++)\n h[i] = (h[i] & mask) | g[i];\n h[0] = (h[0] | (h[1] << 13)) & 0xffff;\n h[1] = ((h[1] >>> 3) | (h[2] << 10)) & 0xffff;\n h[2] = ((h[2] >>> 6) | (h[3] << 7)) & 0xffff;\n h[3] = ((h[3] >>> 9) | (h[4] << 4)) & 0xffff;\n h[4] = ((h[4] >>> 12) | (h[5] << 1) | (h[6] << 14)) & 0xffff;\n h[5] = ((h[6] >>> 2) | (h[7] << 11)) & 0xffff;\n h[6] = ((h[7] >>> 5) | (h[8] << 8)) & 0xffff;\n h[7] = ((h[8] >>> 8) | (h[9] << 5)) & 0xffff;\n let f = h[0] + pad[0];\n h[0] = f & 0xffff;\n for (let i = 1; i < 8; i++) {\n f = (((h[i] + pad[i]) | 0) + (f >>> 16)) | 0;\n h[i] = f & 0xffff;\n }\n clean(g);\n }\n update(data) {\n aexists(this);\n abytes(data);\n data = copyBytes(data);\n const { buffer, blockLen } = this;\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n // Fast path: we have at least one block in input\n if (take === blockLen) {\n for (; blockLen <= len - pos; pos += blockLen)\n this.process(data, pos);\n continue;\n }\n buffer.set(data.subarray(pos, pos + take), this.pos);\n this.pos += take;\n pos += take;\n if (this.pos === blockLen) {\n this.process(buffer, 0, false);\n this.pos = 0;\n }\n }\n return this;\n }\n destroy() {\n // `aexists(this)` guards update/digest paths, so destroy must mark the instance unusable too.\n this.destroyed = true;\n clean(this.h, this.r, this.buffer, this.pad);\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n const { buffer, h } = this;\n let { pos } = this;\n if (pos) {\n // RFC 8439 §2.5 / RFC 7539 §2.5: the final short block appends a\n // single `0x01` byte and zero-fills the remaining bytes before the\n // last multiplication step.\n buffer[pos++] = 1;\n for (; pos < 16; pos++)\n buffer[pos] = 0;\n this.process(buffer, 0, true);\n }\n this.finalize();\n let opos = 0;\n for (let i = 0; i < 8; i++) {\n out[opos++] = h[i] >>> 0;\n out[opos++] = h[i] >>> 8;\n }\n }\n digest() {\n const { buffer, outputLen } = this;\n this.digestInto(buffer);\n // Copy out before destroy() zeroes the internal buffer.\n const res = buffer.slice(0, outputLen);\n this.destroy();\n return res;\n }\n}\n/**\n * Poly1305 MAC from RFC 8439.\n * @param msg - Message bytes to authenticate.\n * @param key - 32-byte Poly1305 one-time key.\n * @returns 16-byte authentication tag.\n * @example\n * Authenticates one message with a one-shot Poly1305 call and a fresh key.\n *\n * ```ts\n * import { poly1305 } from '@noble/ciphers/_poly1305.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const key = randomBytes(32);\n * poly1305(new Uint8Array(), key);\n * ```\n */\nexport const poly1305 = /* @__PURE__ */ wrapMacConstructor(32, (key) => new Poly1305(key));\n//# sourceMappingURL=_poly1305.js.map",
|
|
38
|
+
"/**\n * ChaCha stream cipher, released\n * in 2008. Developed after Salsa20, ChaCha aims to increase diffusion per round.\n * It was standardized in\n * {@link https://www.rfc-editor.org/rfc/rfc8439 | RFC 8439} and\n * is now used in TLS 1.3.\n *\n * {@link https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha | XChaCha20}\n * extended-nonce variant is also provided. Similar to XSalsa, it's safe to use with\n * randomly-generated nonces.\n *\n * Check out\n * {@link http://cr.yp.to/chacha/chacha-20080128.pdf | PDF},\n * {@link https://en.wikipedia.org/wiki/Salsa20 | wiki}, and\n * {@link https://cr.yp.to/chacha.html | website}.\n *\n * @module\n */\nimport { createCipher, createPRG, rotl } from \"./_arx.js\";\nimport { poly1305 } from \"./_poly1305.js\";\nimport { abytes, clean, equalBytes, getOutput, swap8IfBE, swap32IfBE, u64Lengths, wrapCipher, } from \"./utils.js\";\n/**\n * ChaCha core function. It is implemented twice:\n * 1. Simple loop (chachaCore_small, hchacha_small)\n * 2. Unrolled loop (chachaCore, hchacha) - 4x faster, but larger & harder to read\n * The specific implementation is selected in `createCipher` below.\n */\n/** RFC 8439 §2.1 quarter round on words a, b, c, d. */\n// prettier-ignore\nfunction chachaQR(x, a, b, c, d) {\n x[a] = (x[a] + x[b]) | 0;\n x[d] = rotl(x[d] ^ x[a], 16);\n x[c] = (x[c] + x[d]) | 0;\n x[b] = rotl(x[b] ^ x[c], 12);\n x[a] = (x[a] + x[b]) | 0;\n x[d] = rotl(x[d] ^ x[a], 8);\n x[c] = (x[c] + x[d]) | 0;\n x[b] = rotl(x[b] ^ x[c], 7);\n}\n/** Repeated ChaCha double rounds; callers are expected to pass an even round count. */\nfunction chachaRound(x, rounds = 20) {\n for (let r = 0; r < rounds; r += 2) {\n // RFC 8439 §2.3 / §2.3.1 inner_block: four column rounds, then four diagonal rounds.\n chachaQR(x, 0, 4, 8, 12);\n chachaQR(x, 1, 5, 9, 13);\n chachaQR(x, 2, 6, 10, 14);\n chachaQR(x, 3, 7, 11, 15);\n chachaQR(x, 0, 5, 10, 15);\n chachaQR(x, 1, 6, 11, 12);\n chachaQR(x, 2, 7, 8, 13);\n chachaQR(x, 3, 4, 9, 14);\n }\n}\n// Shared scratch for the auditability-only helper below; only the test-only\n// __TESTS.chachaCore_small hook reaches it, so production exports stay reentrant.\nconst ctmp = /* @__PURE__ */ new Uint32Array(16);\n/** Small version of chacha without loop unrolling. Unused, provided for auditability. */\n// prettier-ignore\nfunction chacha(s, k, i, out, isHChacha = true, rounds = 20) {\n // `i` is either `[counter, nonce0, nonce1, nonce2]` for the ChaCha block\n // function or the full 128-bit nonce prefix for the HChaCha subkey path.\n // Create initial array using common pattern\n const y = Uint32Array.from([\n s[0], s[1], s[2], s[3], // \"expa\" \"nd 3\" \"2-by\" \"te k\"\n k[0], k[1], k[2], k[3], // Key Key Key Key\n k[4], k[5], k[6], k[7], // Key Key Key Key\n i[0], i[1], i[2], i[3], // Counter Counter Nonce Nonce\n ]);\n const x = ctmp;\n x.set(y);\n chachaRound(x, rounds);\n // HChaCha writes words 0..3 and 12..15 after the rounds; the ChaCha\n // block path adds the original state word-by-word.\n if (isHChacha) {\n const xindexes = [0, 1, 2, 3, 12, 13, 14, 15];\n for (let i = 0; i < 8; i++)\n out[i] = x[xindexes[i]];\n }\n else {\n for (let i = 0; i < 16; i++)\n out[i] = (y[i] + x[i]) | 0;\n }\n}\n/** Identical to `chachaCore`. Reached only through the test-only `__TESTS` export. */\n// @ts-ignore\nconst chachaCore_small = (s, k, n, out, cnt, rounds) => \n// Keep the reference wrapper on the same [counter, nonce0, nonce1, nonce2] layout as chacha().\nchacha(s, k, Uint32Array.from([cnt, n[0], n[1], n[2]]), out, false, rounds);\n/** Identical to `hchacha`. Unused. */\n// @ts-ignore\nconst hchacha_small = chacha;\n/** RFC 8439 §2.3 block core for `state = constants | key | counter | nonce`. */\n// prettier-ignore\nfunction chachaCore(s, k, n, out, cnt, rounds = 20) {\n let y00 = s[0], y01 = s[1], y02 = s[2], y03 = s[3], // \"expa\" \"nd 3\" \"2-by\" \"te k\"\n y04 = k[0], y05 = k[1], y06 = k[2], y07 = k[3], // Key Key Key Key\n y08 = k[4], y09 = k[5], y10 = k[6], y11 = k[7], // Key Key Key Key\n y12 = cnt, y13 = n[0], y14 = n[1], y15 = n[2]; // Counter Nonce Nonce Nonce\n // Save state to temporary variables\n let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;\n for (let r = 0; r < rounds; r += 2) {\n x00 = (x00 + x04) | 0;\n x12 = rotl(x12 ^ x00, 16);\n x08 = (x08 + x12) | 0;\n x04 = rotl(x04 ^ x08, 12);\n x00 = (x00 + x04) | 0;\n x12 = rotl(x12 ^ x00, 8);\n x08 = (x08 + x12) | 0;\n x04 = rotl(x04 ^ x08, 7);\n x01 = (x01 + x05) | 0;\n x13 = rotl(x13 ^ x01, 16);\n x09 = (x09 + x13) | 0;\n x05 = rotl(x05 ^ x09, 12);\n x01 = (x01 + x05) | 0;\n x13 = rotl(x13 ^ x01, 8);\n x09 = (x09 + x13) | 0;\n x05 = rotl(x05 ^ x09, 7);\n x02 = (x02 + x06) | 0;\n x14 = rotl(x14 ^ x02, 16);\n x10 = (x10 + x14) | 0;\n x06 = rotl(x06 ^ x10, 12);\n x02 = (x02 + x06) | 0;\n x14 = rotl(x14 ^ x02, 8);\n x10 = (x10 + x14) | 0;\n x06 = rotl(x06 ^ x10, 7);\n x03 = (x03 + x07) | 0;\n x15 = rotl(x15 ^ x03, 16);\n x11 = (x11 + x15) | 0;\n x07 = rotl(x07 ^ x11, 12);\n x03 = (x03 + x07) | 0;\n x15 = rotl(x15 ^ x03, 8);\n x11 = (x11 + x15) | 0;\n x07 = rotl(x07 ^ x11, 7);\n x00 = (x00 + x05) | 0;\n x15 = rotl(x15 ^ x00, 16);\n x10 = (x10 + x15) | 0;\n x05 = rotl(x05 ^ x10, 12);\n x00 = (x00 + x05) | 0;\n x15 = rotl(x15 ^ x00, 8);\n x10 = (x10 + x15) | 0;\n x05 = rotl(x05 ^ x10, 7);\n x01 = (x01 + x06) | 0;\n x12 = rotl(x12 ^ x01, 16);\n x11 = (x11 + x12) | 0;\n x06 = rotl(x06 ^ x11, 12);\n x01 = (x01 + x06) | 0;\n x12 = rotl(x12 ^ x01, 8);\n x11 = (x11 + x12) | 0;\n x06 = rotl(x06 ^ x11, 7);\n x02 = (x02 + x07) | 0;\n x13 = rotl(x13 ^ x02, 16);\n x08 = (x08 + x13) | 0;\n x07 = rotl(x07 ^ x08, 12);\n x02 = (x02 + x07) | 0;\n x13 = rotl(x13 ^ x02, 8);\n x08 = (x08 + x13) | 0;\n x07 = rotl(x07 ^ x08, 7);\n x03 = (x03 + x04) | 0;\n x14 = rotl(x14 ^ x03, 16);\n x09 = (x09 + x14) | 0;\n x04 = rotl(x04 ^ x09, 12);\n x03 = (x03 + x04) | 0;\n x14 = rotl(x14 ^ x03, 8);\n x09 = (x09 + x14) | 0;\n x04 = rotl(x04 ^ x09, 7);\n }\n // RFC 8439 §2.3 / §2.3.1: add the original state words back in state order.\n let oi = 0;\n out[oi++] = (y00 + x00) | 0;\n out[oi++] = (y01 + x01) | 0;\n out[oi++] = (y02 + x02) | 0;\n out[oi++] = (y03 + x03) | 0;\n out[oi++] = (y04 + x04) | 0;\n out[oi++] = (y05 + x05) | 0;\n out[oi++] = (y06 + x06) | 0;\n out[oi++] = (y07 + x07) | 0;\n out[oi++] = (y08 + x08) | 0;\n out[oi++] = (y09 + x09) | 0;\n out[oi++] = (y10 + x10) | 0;\n out[oi++] = (y11 + x11) | 0;\n out[oi++] = (y12 + x12) | 0;\n out[oi++] = (y13 + x13) | 0;\n out[oi++] = (y14 + x14) | 0;\n out[oi++] = (y15 + x15) | 0;\n}\n/**\n * hchacha hashes key and nonce into key' and nonce' for xchacha20.\n * Algorithmically identical to `hchacha_small`, but this exported path\n * normalizes word order on big-endian hosts.\n * Need to find a way to merge it with `chachaCore` without 25% performance hit.\n * @param s - Sigma constants as 32-bit words.\n * @param k - Key words.\n * @param i - Nonce-prefix words.\n * @param out - Output buffer for the derived subkey.\n * @example\n * Derives the XChaCha subkey from sigma, key, and nonce-prefix words.\n *\n * ```ts\n * const sigma = new Uint32Array(4);\n * const key = new Uint32Array(8);\n * const nonce = new Uint32Array(4);\n * const out = new Uint32Array(8);\n * hchacha(sigma, key, nonce, out);\n * ```\n */\n// prettier-ignore\nexport function hchacha(s, k, i, out) {\n let x00 = swap8IfBE(s[0]), x01 = swap8IfBE(s[1]), x02 = swap8IfBE(s[2]), x03 = swap8IfBE(s[3]), x04 = swap8IfBE(k[0]), x05 = swap8IfBE(k[1]), x06 = swap8IfBE(k[2]), x07 = swap8IfBE(k[3]), x08 = swap8IfBE(k[4]), x09 = swap8IfBE(k[5]), x10 = swap8IfBE(k[6]), x11 = swap8IfBE(k[7]), x12 = swap8IfBE(i[0]), x13 = swap8IfBE(i[1]), x14 = swap8IfBE(i[2]), x15 = swap8IfBE(i[3]);\n for (let r = 0; r < 20; r += 2) {\n x00 = (x00 + x04) | 0;\n x12 = rotl(x12 ^ x00, 16);\n x08 = (x08 + x12) | 0;\n x04 = rotl(x04 ^ x08, 12);\n x00 = (x00 + x04) | 0;\n x12 = rotl(x12 ^ x00, 8);\n x08 = (x08 + x12) | 0;\n x04 = rotl(x04 ^ x08, 7);\n x01 = (x01 + x05) | 0;\n x13 = rotl(x13 ^ x01, 16);\n x09 = (x09 + x13) | 0;\n x05 = rotl(x05 ^ x09, 12);\n x01 = (x01 + x05) | 0;\n x13 = rotl(x13 ^ x01, 8);\n x09 = (x09 + x13) | 0;\n x05 = rotl(x05 ^ x09, 7);\n x02 = (x02 + x06) | 0;\n x14 = rotl(x14 ^ x02, 16);\n x10 = (x10 + x14) | 0;\n x06 = rotl(x06 ^ x10, 12);\n x02 = (x02 + x06) | 0;\n x14 = rotl(x14 ^ x02, 8);\n x10 = (x10 + x14) | 0;\n x06 = rotl(x06 ^ x10, 7);\n x03 = (x03 + x07) | 0;\n x15 = rotl(x15 ^ x03, 16);\n x11 = (x11 + x15) | 0;\n x07 = rotl(x07 ^ x11, 12);\n x03 = (x03 + x07) | 0;\n x15 = rotl(x15 ^ x03, 8);\n x11 = (x11 + x15) | 0;\n x07 = rotl(x07 ^ x11, 7);\n x00 = (x00 + x05) | 0;\n x15 = rotl(x15 ^ x00, 16);\n x10 = (x10 + x15) | 0;\n x05 = rotl(x05 ^ x10, 12);\n x00 = (x00 + x05) | 0;\n x15 = rotl(x15 ^ x00, 8);\n x10 = (x10 + x15) | 0;\n x05 = rotl(x05 ^ x10, 7);\n x01 = (x01 + x06) | 0;\n x12 = rotl(x12 ^ x01, 16);\n x11 = (x11 + x12) | 0;\n x06 = rotl(x06 ^ x11, 12);\n x01 = (x01 + x06) | 0;\n x12 = rotl(x12 ^ x01, 8);\n x11 = (x11 + x12) | 0;\n x06 = rotl(x06 ^ x11, 7);\n x02 = (x02 + x07) | 0;\n x13 = rotl(x13 ^ x02, 16);\n x08 = (x08 + x13) | 0;\n x07 = rotl(x07 ^ x08, 12);\n x02 = (x02 + x07) | 0;\n x13 = rotl(x13 ^ x02, 8);\n x08 = (x08 + x13) | 0;\n x07 = rotl(x07 ^ x08, 7);\n x03 = (x03 + x04) | 0;\n x14 = rotl(x14 ^ x03, 16);\n x09 = (x09 + x14) | 0;\n x04 = rotl(x04 ^ x09, 12);\n x03 = (x03 + x04) | 0;\n x14 = rotl(x14 ^ x03, 8);\n x09 = (x09 + x14) | 0;\n x04 = rotl(x04 ^ x09, 7);\n }\n // HChaCha derives the subkey from state words 0..3 and 12..15 after 20 rounds.\n let oi = 0;\n out[oi++] = x00;\n out[oi++] = x01;\n out[oi++] = x02;\n out[oi++] = x03;\n out[oi++] = x12;\n out[oi++] = x13;\n out[oi++] = x14;\n out[oi++] = x15;\n swap32IfBE(out);\n}\n/**\n * Original, non-RFC chacha20 from DJB. 8-byte nonce, 8-byte counter.\n * The nonce/counter layout still reserves 8 counter bytes internally, but the shared public\n * `counter` argument follows noble's strict non-wrapping 32-bit policy. See `src/_arx.ts`\n * near `MAX_COUNTER` for the full counter-policy rationale.\n * @param key - 16-byte or 32-byte key.\n * @param nonce - 8-byte nonce.\n * @param data - Input bytes to xor with the keystream.\n * @param output - Optional destination buffer.\n * @param counter - Initial block counter.\n * @returns Encrypted or decrypted bytes.\n * @example\n * Encrypts bytes with the original 8-byte-nonce ChaCha variant and a fresh key/nonce.\n *\n * ```ts\n * import { chacha20orig } from '@noble/ciphers/chacha.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const key = randomBytes(32);\n * const nonce = randomBytes(8);\n * chacha20orig(key, nonce, new Uint8Array(4));\n * ```\n */\nexport const chacha20orig = /* @__PURE__ */ createCipher(chachaCore, {\n counterRight: false,\n counterLength: 8,\n allowShortKeys: true,\n});\n/**\n * ChaCha stream cipher. Conforms to RFC 8439 (IETF, TLS). 12-byte nonce, 4-byte counter.\n * With smaller nonce, it's not safe to make it random (CSPRNG), due to collision chance.\n * @param key - 32-byte key.\n * @param nonce - 12-byte nonce.\n * @param data - Input bytes to xor with the keystream.\n * @param output - Optional destination buffer.\n * @param counter - Initial block counter.\n * @returns Encrypted or decrypted bytes.\n * @example\n * Encrypts bytes with the RFC 8439 ChaCha20 stream cipher and a fresh key/nonce.\n *\n * ```ts\n * import { chacha20 } from '@noble/ciphers/chacha.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const key = randomBytes(32);\n * const nonce = randomBytes(12);\n * chacha20(key, nonce, new Uint8Array(4));\n * ```\n */\nexport const chacha20 = /* @__PURE__ */ createCipher(chachaCore, {\n counterRight: false,\n counterLength: 4,\n allowShortKeys: false,\n});\n/**\n * XChaCha eXtended-nonce ChaCha. With 24-byte nonce, it's safe to make it random (CSPRNG).\n * See {@link https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha | the IRTF draft}.\n * The nonce/counter layout still reserves 8 counter bytes internally, but the shared public\n * `counter` argument follows noble's strict non-wrapping 32-bit policy. See `src/_arx.ts`\n * near `MAX_COUNTER` for the full counter-policy rationale.\n * @param key - 32-byte key.\n * @param nonce - 24-byte extended nonce.\n * @param data - Input bytes to xor with the keystream.\n * @param output - Optional destination buffer.\n * @param counter - Initial block counter.\n * @returns Encrypted or decrypted bytes.\n * @example\n * Encrypts bytes with XChaCha20 using a fresh key and random 24-byte nonce.\n *\n * ```ts\n * import { xchacha20 } from '@noble/ciphers/chacha.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const key = randomBytes(32);\n * const nonce = randomBytes(24);\n * xchacha20(key, nonce, new Uint8Array(4));\n * ```\n */\nexport const xchacha20 = /* @__PURE__ */ createCipher(chachaCore, {\n counterRight: false,\n counterLength: 8,\n extendNonceFn: hchacha,\n allowShortKeys: false,\n});\n/**\n * Reduced 8-round chacha, described in original paper.\n * @param key - 32-byte key.\n * @param nonce - 12-byte nonce.\n * @param data - Input bytes to xor with the keystream.\n * @param output - Optional destination buffer.\n * @param counter - Initial block counter.\n * @returns Encrypted or decrypted bytes.\n * @example\n * Uses the reduced 8-round variant for non-critical workloads with a fresh key/nonce.\n *\n * ```ts\n * import { chacha8 } from '@noble/ciphers/chacha.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const key = randomBytes(32);\n * const nonce = randomBytes(12);\n * chacha8(key, nonce, new Uint8Array(4));\n * ```\n */\nexport const chacha8 = /* @__PURE__ */ createCipher(chachaCore, {\n counterRight: false,\n counterLength: 4,\n rounds: 8,\n});\n/**\n * Reduced 12-round chacha, described in original paper.\n * @param key - 32-byte key.\n * @param nonce - 12-byte nonce.\n * @param data - Input bytes to xor with the keystream.\n * @param output - Optional destination buffer.\n * @param counter - Initial block counter.\n * @returns Encrypted or decrypted bytes.\n * @example\n * Uses the reduced 12-round variant for non-critical workloads with a fresh key/nonce.\n *\n * ```ts\n * import { chacha12 } from '@noble/ciphers/chacha.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const key = randomBytes(32);\n * const nonce = randomBytes(12);\n * chacha12(key, nonce, new Uint8Array(4));\n * ```\n */\nexport const chacha12 = /* @__PURE__ */ createCipher(chachaCore, {\n counterRight: false,\n counterLength: 4,\n rounds: 12,\n});\n// Test-only hooks for keeping the simple/reference core aligned with the unrolled production core.\nexport const __TESTS = /* @__PURE__ */ Object.freeze({ chachaCore_small, chachaCore });\n// RFC 8439 §2.8.1 pad16(x): shared zero block for AAD/ciphertext padding.\nconst ZEROS16 = /* @__PURE__ */ new Uint8Array(16);\n// RFC 8439 §2.8 / §2.8.1: aligned inputs add nothing, otherwise append 16-(len%16) zero bytes.\nconst updatePadded = (h, msg) => {\n h.update(msg);\n const leftover = msg.length % 16;\n if (leftover)\n h.update(ZEROS16.subarray(leftover));\n};\n// RFC 8439 §2.6.1 poly1305_key_gen returns `block[0..31]`, so AEAD key\n// generation only needs 32 zero bytes.\nconst ZEROS32 = /* @__PURE__ */ new Uint8Array(32);\nfunction computeTag(fn, key, nonce, ciphertext, AAD) {\n if (AAD !== undefined)\n abytes(AAD, undefined, 'AAD');\n // RFC 8439 §2.6 / §2.8: derive the Poly1305 one-time key from counter 0,\n // then MAC AAD || pad16(AAD) || ciphertext || pad16(ciphertext) || len(AAD) || len(ciphertext).\n const authKey = fn(key, nonce, ZEROS32);\n const lengths = u64Lengths(ciphertext.length, AAD ? AAD.length : 0, true);\n // Methods below can be replaced with\n // return poly1305_computeTag_small(authKey, lengths, ciphertext, AAD)\n const h = poly1305.create(authKey);\n if (AAD)\n updatePadded(h, AAD);\n updatePadded(h, ciphertext);\n h.update(lengths);\n const res = h.digest();\n clean(authKey, lengths);\n return res;\n}\n/**\n * AEAD algorithm from RFC 8439.\n * Salsa20 and chacha (RFC 8439) use poly1305 differently.\n * We could have composed them, but it's hard because of authKey:\n * In salsa20, authKey changes position in salsa stream.\n * In chacha, authKey can't be computed inside computeTag, it modifies the counter.\n */\nexport const _poly1305_aead = (xorStream) => (key, nonce, AAD) => {\n // This borrows caller key/nonce/AAD buffers by reference; mutating them after construction\n // changes future encrypt/decrypt results.\n const tagLength = 16;\n return {\n encrypt(plaintext, output) {\n const plength = plaintext.length;\n output = getOutput(plength + tagLength, output, false);\n output.set(plaintext);\n const oPlain = output.subarray(0, -tagLength);\n // RFC 8439 §2.8: payload encryption starts at counter 1 because counter 0 produced the OTK.\n xorStream(key, nonce, oPlain, oPlain, 1);\n const tag = computeTag(xorStream, key, nonce, oPlain, AAD);\n output.set(tag, plength); // append tag\n clean(tag);\n return output;\n },\n decrypt(ciphertext, output) {\n output = getOutput(ciphertext.length - tagLength, output, false);\n const data = ciphertext.subarray(0, -tagLength);\n const passedTag = ciphertext.subarray(-tagLength);\n const tag = computeTag(xorStream, key, nonce, data, AAD);\n // RFC 8439 §2.8 / §4: authenticate ciphertext before decrypting it, and compare tags with\n // the constant-time equalBytes() helper rather than decrypting speculative plaintext first.\n if (!equalBytes(passedTag, tag)) {\n clean(tag);\n throw new Error('invalid tag');\n }\n output.set(ciphertext.subarray(0, -tagLength));\n // Actual decryption\n xorStream(key, nonce, output, output, 1); // start stream with i=1\n clean(tag);\n return output;\n },\n };\n};\n/**\n * ChaCha20-Poly1305 from RFC 8439.\n *\n * Unsafe to use random nonces under the same key, due to collision chance.\n * Prefer XChaCha instead.\n * @param key - 32-byte key.\n * @param nonce - 12-byte nonce.\n * @param AAD - Additional authenticated data.\n * @returns AEAD cipher instance.\n * @example\n * Encrypts and authenticates plaintext with a fresh key and nonce.\n *\n * ```ts\n * import { chacha20poly1305 } from '@noble/ciphers/chacha.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const key = randomBytes(32);\n * const nonce = randomBytes(12);\n * const cipher = chacha20poly1305(key, nonce);\n * cipher.encrypt(new Uint8Array([1, 2, 3]));\n * ```\n */\nexport const chacha20poly1305 = /* @__PURE__ */ wrapCipher({ blockSize: 64, nonceLength: 12, tagLength: 16 }, \n/* @__PURE__ */ _poly1305_aead(chacha20));\n/**\n * XChaCha20-Poly1305 extended-nonce chacha.\n *\n * Can be safely used with random nonces (CSPRNG).\n * See {@link https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha | the IRTF draft}.\n * @param key - 32-byte key.\n * @param nonce - 24-byte nonce.\n * @param AAD - Additional authenticated data.\n * @returns AEAD cipher instance.\n * @example\n * Encrypts and authenticates plaintext with a fresh key and random 24-byte nonce.\n *\n * ```ts\n * import { xchacha20poly1305 } from '@noble/ciphers/chacha.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const key = randomBytes(32);\n * const nonce = randomBytes(24);\n * const cipher = xchacha20poly1305(key, nonce);\n * cipher.encrypt(new Uint8Array([1, 2, 3]));\n * ```\n */\nexport const xchacha20poly1305 = /* @__PURE__ */ wrapCipher({ blockSize: 64, nonceLength: 24, tagLength: 16 }, \n/* @__PURE__ */ _poly1305_aead(xchacha20));\n/**\n * Chacha20 CSPRNG (cryptographically secure pseudorandom number generator).\n * It's best to limit usage to non-production, non-critical cases: for example, test-only.\n * Compatible with libtomcrypt. It does not have a specification, so unclear how secure it is.\n * @param seed - Optional seed bytes mixed into the internal `key || nonce` state. When omitted,\n * only 32 random bytes are mixed into the 40-byte state.\n * @returns Seeded concrete `_XorStreamPRG` instance, including `clone()`.\n * @example\n * Seeds the test-only ChaCha20 DRBG from fresh entropy.\n *\n * ```ts\n * import { rngChacha20 } from '@noble/ciphers/chacha.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const seed = randomBytes(32);\n * const prg = rngChacha20(seed);\n * prg.randomBytes(8);\n * ```\n */\nexport const rngChacha20 = /* @__PURE__ */ createPRG(chacha20orig, 64, 32, 8);\n/**\n * Chacha20/8 CSPRNG (cryptographically secure pseudorandom number generator).\n * It's best to limit usage to non-production, non-critical cases: for example, test-only.\n * Faster than `rngChacha20`.\n * @param seed - Optional seed bytes mixed into the internal `key || nonce` state. When omitted,\n * only 32 random bytes are mixed into the 44-byte state.\n * @returns Seeded concrete `_XorStreamPRG` instance, including `clone()`.\n * @example\n * Seeds the faster test-only ChaCha8 DRBG from fresh entropy.\n *\n * ```ts\n * import { rngChacha8 } from '@noble/ciphers/chacha.js';\n * import { randomBytes } from '@noble/ciphers/utils.js';\n * const seed = randomBytes(32);\n * const prg = rngChacha8(seed);\n * prg.randomBytes(8);\n * ```\n */\nexport const rngChacha8 = /* @__PURE__ */ createPRG(chacha8, 64, 32, 12);\n//# sourceMappingURL=chacha.js.map",
|
|
39
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Generic AEAD seal/open primitives shared by stream-state and sticky-session\n * tokens. Mirrors Python's `vgi_rpc.crypto` module: a tiny envelope around\n * XChaCha20-Poly1305 with a leading version byte so future format bumps stay\n * self-describing.\n *\n * Wire format (returned by {@link sealBytes}, accepted by {@link openBytes}):\n *\n * ```\n * [1B version (1..255)]\n * [24B nonce (XChaCha20-Poly1305, random per envelope)]\n * [.. ciphertext + 16B Poly1305 tag]\n * ```\n *\n * The plaintext frame is fully up to the caller — only the version + nonce +\n * tag overhead is fixed. AAD (`aad`) is bound at the crypto layer so an\n * envelope sealed for one identity fails decryption when presented by another.\n */\n\nimport { xchacha20poly1305 } from \"@noble/ciphers/chacha.js\";\nimport { randomBytes } from \"./util/web-crypto.js\";\n\nconst NONCE_LEN = 24;\nconst TAG_LEN = 16;\nconst VERSION_LEN = 1;\nconst MIN_ENVELOPE_LEN = VERSION_LEN + NONCE_LEN + TAG_LEN;\n\n/** Thrown by {@link openBytes} for any envelope it cannot open — malformed,\n * tampered, wrong key, wrong AAD, wrong version, truncated, all surface the\n * same way so callers cannot distinguish failure modes via error content. */\nexport class SealError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"SealError\";\n }\n}\n\n/** Normalise a key to 32 bytes by SHA-256 hashing when it isn't already 32B.\n * Mirrors Python's `normalize_key` so any callers can pass operator-provided\n * keys of arbitrary length without a separate stretching step. */\nexport async function normalizeKey(key: Uint8Array): Promise<Uint8Array> {\n if (key.length === 32) return key;\n const digest = await crypto.subtle.digest(\"SHA-256\", key as BufferSource);\n return new Uint8Array(digest);\n}\n\nexport interface SealOptions {\n /** Associated data bound at the crypto layer — typically a principal or\n * request-scoped identifier. Must match between seal and open. */\n aad: Uint8Array;\n /** Envelope version byte. Defaults to 1; carry through to {@link openBytes}. */\n version?: number;\n}\n\n/** Seal `plaintext` under `key` with AEAD, returning the wire envelope. */\nexport function sealBytes(plaintext: Uint8Array, key: Uint8Array, opts: SealOptions): Uint8Array {\n if (key.length !== 32) {\n throw new Error(\"AEAD key must be 32 bytes — call normalizeKey() first\");\n }\n const version = opts.version ?? 1;\n if (version < 1 || version > 255) {\n throw new Error(`AEAD envelope version must fit in one byte; got ${version}`);\n }\n const nonce = randomBytes(NONCE_LEN);\n const ciphertext = xchacha20poly1305(key, nonce, opts.aad as Uint8Array).encrypt(plaintext);\n const wire = new Uint8Array(VERSION_LEN + NONCE_LEN + ciphertext.length);\n wire[0] = version;\n wire.set(nonce, VERSION_LEN);\n wire.set(ciphertext, VERSION_LEN + NONCE_LEN);\n return wire;\n}\n\n/** Open and verify an envelope produced by {@link sealBytes}. */\nexport function openBytes(envelope: Uint8Array, key: Uint8Array, opts: SealOptions): Uint8Array {\n if (key.length !== 32) {\n throw new Error(\"AEAD key must be 32 bytes — call normalizeKey() first\");\n }\n if (envelope.length < MIN_ENVELOPE_LEN) {\n throw new SealError(\"envelope truncated\");\n }\n const expectedVersion = opts.version ?? 1;\n if (envelope[0] !== expectedVersion) {\n throw new SealError(`unsupported envelope version: ${envelope[0]}`);\n }\n const nonce = envelope.subarray(VERSION_LEN, VERSION_LEN + NONCE_LEN);\n const ciphertext = envelope.subarray(VERSION_LEN + NONCE_LEN);\n try {\n return xchacha20poly1305(key, nonce, opts.aad as Uint8Array).decrypt(ciphertext);\n } catch {\n throw new SealError(\"envelope verification failed\");\n }\n}\n",
|
|
40
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { openBytes, SealError, sealBytes } from \"../crypto.js\";\n\nconst _UTF8 = new TextEncoder();\n\nconst TOKEN_VERSION = 4;\n\nconst AAD_PREFIX = _UTF8.encode(\"vgi_rpc.state.v4\\0\");\n\n/**\n * Build the AEAD associated data that binds a state token to its issuing\n * principal. Anonymous and authenticated tokens produce distinct AAD\n * strings, so an anonymous token cannot be opened by a named identity\n * (and vice versa).\n */\nexport function computeAad(principal: string | null | undefined): Uint8Array {\n if (!principal) {\n const tail = _UTF8.encode(\"\\0anonymous\");\n return concatBytes(AAD_PREFIX, tail);\n }\n const pBytes = _UTF8.encode(principal);\n const tail = new Uint8Array(1 + pBytes.length);\n tail[0] = 0x01;\n tail.set(pBytes, 1);\n return concatBytes(AAD_PREFIX, tail);\n}\n\n// Base64 helpers — `btoa`/`atob` exist on Node 16+, Bun, and workerd; we work\n// in chunks to stay below the per-call argument limit (Latin-1 only, so we\n// move byte-by-byte through `String.fromCharCode`).\n\nexport function bytesToBase64(bytes: Uint8Array): string {\n let s = \"\";\n for (let i = 0; i < bytes.length; i += 0x8000) {\n s += String.fromCharCode(...bytes.subarray(i, i + 0x8000));\n }\n return btoa(s);\n}\n\nexport function base64ToBytes(b64: string): Uint8Array {\n const bin = atob(b64);\n const out = new Uint8Array(bin.length);\n for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);\n return out;\n}\n\n// Little-endian writers/readers — Buffer was the previous abstraction; we now\n// touch DataView for portability across Node, Bun, and workerd.\n\nfunction writeU32LE(view: DataView, offset: number, value: number): void {\n view.setUint32(offset, value, /* littleEndian */ true);\n}\n\nfunction writeU64LE(view: DataView, offset: number, value: bigint): void {\n view.setBigUint64(offset, value, /* littleEndian */ true);\n}\n\nfunction readU32LE(view: DataView, offset: number): number {\n return view.getUint32(offset, /* littleEndian */ true);\n}\n\nfunction readU64LE(view: DataView, offset: number): bigint {\n return view.getBigUint64(offset, /* littleEndian */ true);\n}\n\nfunction concatBytes(...parts: Uint8Array[]): Uint8Array {\n let total = 0;\n for (const p of parts) total += p.length;\n const out = new Uint8Array(total);\n let offset = 0;\n for (const p of parts) {\n out.set(p, offset);\n offset += p.length;\n }\n return out;\n}\n\n/**\n * Seal a state token with XChaCha20-Poly1305 AEAD (v4 wire format).\n *\n * Layout (base64-encoded):\n *\n * ```\n * [1B version=4]\n * [24B XChaCha20-Poly1305 nonce (random)]\n * [.. ciphertext + 16B Poly1305 tag]\n * plaintext:\n * [8B created_at uint64 LE]\n * [4B state_len uint32 LE] [state_len bytes]\n * [4B schema_len uint32 LE] [schema_len bytes]\n * [4B input_schema_len LE] [input_schema_len bytes]\n * ```\n *\n * `created_at` lives inside the ciphertext so TTL enforcement runs after\n * authenticity. The version byte is informational (a self-describing\n * format marker); a tampered version byte still fails decryption because\n * we use the matching algorithm for that version. `principal` is bound\n * via AEAD associated data so a token minted for one identity fails\n * decryption when presented by another.\n */\nexport function packStateToken(\n stateBytes: Uint8Array,\n schemaBytes: Uint8Array,\n inputSchemaBytes: Uint8Array,\n tokenKey: Uint8Array,\n principal: string | null | undefined,\n createdAt?: number,\n): string {\n if (tokenKey.length !== 32) {\n throw new Error(\"XChaCha20-Poly1305 token key must be 32 bytes\");\n }\n const now = createdAt ?? Math.floor(Date.now() / 1000);\n\n const plaintextLen = 8 + 4 + stateBytes.length + 4 + schemaBytes.length + 4 + inputSchemaBytes.length;\n const plaintext = new Uint8Array(plaintextLen);\n const view = new DataView(plaintext.buffer);\n let offset = 0;\n\n writeU64LE(view, offset, BigInt(now));\n offset += 8;\n\n writeU32LE(view, offset, stateBytes.length);\n offset += 4;\n plaintext.set(stateBytes, offset);\n offset += stateBytes.length;\n\n writeU32LE(view, offset, schemaBytes.length);\n offset += 4;\n plaintext.set(schemaBytes, offset);\n offset += schemaBytes.length;\n\n writeU32LE(view, offset, inputSchemaBytes.length);\n offset += 4;\n plaintext.set(inputSchemaBytes, offset);\n\n const wire = sealBytes(plaintext, tokenKey, { aad: computeAad(principal), version: TOKEN_VERSION });\n return bytesToBase64(wire);\n}\n\n/** Decrypted payload of a state token, as returned by {@link unpackStateToken}. */\nexport interface UnpackedToken {\n /** Serialized stream-state bytes carried by the token. */\n stateBytes: Uint8Array;\n /** Serialized output-schema IPC bytes. */\n schemaBytes: Uint8Array;\n /** Serialized input-schema IPC bytes (exchange streams). */\n inputSchemaBytes: Uint8Array;\n /** Unix epoch seconds at which the token was minted (used for TTL checks). */\n createdAt: number;\n}\n\n/**\n * Open and verify a state token. Decryption (which checks the Poly1305\n * tag) authenticates the payload; any tampering, wrong key, or AAD\n * mismatch (e.g. cross-principal replay) surfaces as a uniform\n * \"signature verification failed\" error so callers cannot distinguish\n * failure modes via timing or message content.\n *\n * Throws on tampered, expired, malformed, or unknown-version tokens.\n */\nexport function unpackStateToken(\n tokenBase64: string,\n tokenKey: Uint8Array,\n tokenTtl: number,\n principal: string | null | undefined,\n): UnpackedToken {\n let raw: Uint8Array;\n try {\n raw = base64ToBytes(tokenBase64);\n } catch {\n throw new Error(\"Malformed state token\");\n }\n // Pre-check the envelope version separately so callers can distinguish\n // \"wrong format\" from \"tampered\". Mirrors the pre-refactor error shape.\n if (raw.length >= 1 && raw[0] !== TOKEN_VERSION) {\n throw new Error(`Unsupported state token version: ${raw[0]}`);\n }\n let plaintext: Uint8Array;\n try {\n plaintext = openBytes(raw, tokenKey, { aad: computeAad(principal), version: TOKEN_VERSION });\n } catch (err) {\n if (err instanceof SealError) {\n throw new Error(\"State token signature verification failed\");\n }\n throw err;\n }\n if (plaintext.length < 8) {\n throw new Error(\"State token truncated\");\n }\n\n // Copy each bytes section into a freshly-allocated Uint8Array with\n // byteOffset=0. arrow-js's schema deserializer wraps the result as Int32Array\n // and throws 'RangeError: Byte offset is not aligned' if the slice happens\n // to start at a non-4-aligned offset. Copying normalizes the alignment.\n const view = new DataView(plaintext.buffer, plaintext.byteOffset, plaintext.byteLength);\n let offset = 0;\n const copyAligned = (start: number, len: number) => {\n const out = new Uint8Array(len);\n out.set(plaintext.subarray(start, start + len));\n return out;\n };\n\n const createdAt = Number(readU64LE(view, offset));\n offset += 8;\n\n if (tokenTtl > 0) {\n const now = Math.floor(Date.now() / 1000);\n if (now - createdAt > tokenTtl) {\n throw new Error(\"State token expired\");\n }\n }\n\n const stateLen = readU32LE(view, offset);\n offset += 4;\n if (offset + stateLen > plaintext.length) {\n throw new Error(\"State token truncated (state)\");\n }\n const stateBytes = copyAligned(offset, stateLen);\n offset += stateLen;\n\n const schemaLen = readU32LE(view, offset);\n offset += 4;\n if (offset + schemaLen > plaintext.length) {\n throw new Error(\"State token truncated (schema)\");\n }\n const schemaBytes = copyAligned(offset, schemaLen);\n offset += schemaLen;\n\n const inputSchemaLen = readU32LE(view, offset);\n offset += 4;\n if (offset + inputSchemaLen > plaintext.length) {\n throw new Error(\"State token truncated (input schema)\");\n }\n const inputSchemaBytes = copyAligned(offset, inputSchemaLen);\n\n return { stateBytes, schemaBytes, inputSchemaBytes, createdAt };\n}\n",
|
|
41
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n conformBatchToSchema,\n deserializeBatch,\n deserializeSchema as facadeDeserializeSchema,\n schema as makeSchema,\n serializeBatch,\n type VgiBatch,\n type VgiSchema,\n withBatchMetadata,\n} from \"../arrow/index.js\";\nimport type { AuthContext } from \"../auth.js\";\nimport { CANCEL_KEY, STATE_KEY } from \"../constants.js\";\nimport { buildDescribeBatch, DESCRIBE_SCHEMA } from \"../dispatch/describe.js\";\nimport {\n type ExternalLocationConfig,\n isExternalLocationBatch,\n maybeExternalizeBatch,\n resolveExternalLocation,\n} from \"../external.js\";\nimport type { MethodDefinition } from \"../types.js\";\nimport { OutputCollector, TransportKind } from \"../types.js\";\nimport { serializeSchema } from \"../util/schema.js\";\nimport { applyDefaults, parseRequest } from \"../wire/request.js\";\nimport { buildEmptyBatch, buildErrorBatch, buildResultBatch } from \"../wire/response.js\";\nimport { appendCookieHeaders, arrowResponse, HttpRpcError, readRequestFromBody, serializeIpcStream } from \"./common.js\";\nimport { packStateToken, unpackStateToken } from \"./token.js\";\nimport type { StateSerializer } from \"./types.js\";\n\nasync function deserializeSchema(bytes: Uint8Array): Promise<VgiSchema> {\n return facadeDeserializeSchema(bytes);\n}\n\nconst EMPTY_SCHEMA = makeSchema([]);\n\nexport interface DispatchContext {\n tokenKey: Uint8Array;\n tokenTtl: number;\n serverId: string;\n /** Producer-only soft wire-cap (deprecated alias for the producer-loop\n * byte budget). Unary/exchange ignore this. */\n maxStreamResponseBytes?: number;\n /** Soft wire-cap for producer streams; hard wire-cap for unary/exchange.\n * Externalised payloads do not count toward this. */\n maxResponseBytes?: number;\n /** Hard cap on bytes uploaded to external storage during one HTTP response. */\n maxExternalizedResponseBytes?: number;\n stateSerializer: StateSerializer;\n authContext?: AuthContext;\n externalLocation?: ExternalLocationConfig;\n /** Incoming HTTP request cookies. Empty/absent on non-HTTP paths. */\n cookies?: ReadonlyMap<string, string>;\n /** Transport identifier surfaced to handlers via CallContext.kind.\n * Defaults to HTTP when unset (the only caller that overrides it is\n * the AF_UNIX launcher path). */\n kind?: TransportKind;\n /** Per-request sticky-session sink. Installed by the handler when sticky\n * is enabled and the dispatcher attaches it to the OutputCollector so\n * `ctx.session` / `ctx.openSession` / `ctx.closeSession` work. */\n stickyContext?: import(\"../types.js\").StickyContext;\n}\n\n/** Predict the external upload size if maybeExternalizeBatch ran on this batch\n * right now. Returns 0 when externalisation would not fire. Mirrors the\n * threshold logic so a pre-flight check matches the real upload size. */\nfunction predictExternalizeBytes(batch: VgiBatch, config: ExternalLocationConfig | undefined): number {\n if (!config?.storage) return 0;\n if (batch.numRows === 0) return 0;\n // arrow-js exposes `.data.byteLength` for an O(1) batch-bytes estimate;\n // flechette doesn't surface this, but maybeExternalizeBatch will measure\n // exact size on the actual upload path. Best-effort prediction here.\n const size = (batch as any).data?.byteLength ?? 0;\n const threshold = config.externalizeThresholdBytes ?? 1_048_576;\n if (size < threshold) return 0;\n return size;\n}\n\n/** Build an Arrow IPC stream containing only an EXCEPTION batch, wrapped in a\n * 500 response so common.ts/arrowResponse rewrites it to 200 + X-VGI-RPC-Error.\n * Used for cap-overshoot strict-fail. */\nfunction makeCapErrorResponse(schema: VgiSchema, error: Error, ctx: DispatchContext): Response {\n const errBatch = buildErrorBatch(schema, error, ctx.serverId, null);\n const response = arrowResponse(serializeIpcStream(schema, [errBatch]), 500);\n (response as any).__dispatchError = error;\n return response;\n}\n\n/** Dispatch a __describe__ request. */\nexport async function httpDispatchDescribe(\n protocolName: string,\n methods: Map<string, MethodDefinition>,\n serverId: string,\n protocolVersion?: string,\n): Promise<Response> {\n const { batch } = await buildDescribeBatch(protocolName, methods, serverId, protocolVersion);\n const body = serializeIpcStream(DESCRIBE_SCHEMA, [batch]);\n return arrowResponse(body);\n}\n\n/** Dispatch a unary HTTP request. */\nexport async function httpDispatchUnary(\n method: MethodDefinition,\n body: Uint8Array,\n ctx: DispatchContext,\n): Promise<Response> {\n const schema = method.resultSchema;\n const { schema: reqSchema, batch: reqBatchRaw } = await readRequestFromBody(body);\n\n // If the client externalized the request payload, fetch the inner batch\n // and re-attach the outer dispatch metadata (method, version, request id)\n // before parsing parameters. Mirrors the Python _read_request stage-1\n // behaviour in vgi_rpc/rpc/_wire.py.\n let reqBatch = reqBatchRaw;\n let effectiveSchema = reqSchema;\n if (ctx.externalLocation && isExternalLocationBatch(reqBatchRaw)) {\n const resolved = await resolveExternalLocation(reqBatchRaw, ctx.externalLocation);\n const mergedMeta = new Map<string, string>(resolved.metadata ?? []);\n for (const [k, v] of reqBatchRaw.metadata ?? []) {\n // Outer dispatch metadata wins for vgi_rpc.* keys (the inner batch\n // shouldn't carry them but if it does, the outer is authoritative).\n mergedMeta.set(k, v);\n }\n reqBatch = withBatchMetadata(resolved, mergedMeta);\n effectiveSchema = resolved.schema;\n }\n\n const parsed = parseRequest(effectiveSchema, reqBatch);\n\n if (parsed.methodName !== method.name) {\n throw new HttpRpcError(`Method name in request '${parsed.methodName}' does not match URL '${method.name}'`, 400);\n }\n\n applyDefaults(parsed.params, method.defaults);\n\n const externalizationEnabled = !!ctx.externalLocation?.storage;\n const out = new OutputCollector(\n schema,\n true,\n ctx.serverId,\n parsed.requestId,\n ctx.authContext,\n ctx.cookies,\n ctx.kind ?? TransportKind.HTTP,\n {\n // Unary is one-shot: the entire wire and external budgets are\n // available for this single emit.\n remainingResponseBytes: ctx.maxResponseBytes,\n remainingExternalizedResponseBytes: externalizationEnabled ? ctx.maxExternalizedResponseBytes : undefined,\n externalizationEnabled,\n },\n );\n out.enableCookieSink();\n if (ctx.stickyContext) out.attachStickyContext(ctx.stickyContext);\n\n try {\n const result = await method.handler!(parsed.params, out);\n let resultBatch = buildResultBatch(schema, result, ctx.serverId, parsed.requestId);\n if (ctx.externalLocation) {\n // Pre-flight max_externalized_response_bytes BEFORE incurring the\n // upload — operator's intent is \"don't emit data beyond this per\n // call,\" not \"emit and then complain.\" Mirror the Python check.\n const predicted = predictExternalizeBytes(resultBatch, ctx.externalLocation);\n if (ctx.maxExternalizedResponseBytes != null && predicted > ctx.maxExternalizedResponseBytes) {\n const overshoot = new Error(\n `Externalised payload exceeds max_externalized_response_bytes (${predicted} > ${ctx.maxExternalizedResponseBytes}) for method '${method.name}'`,\n );\n overshoot.name = \"RuntimeError\";\n const response = makeCapErrorResponse(schema, overshoot, ctx);\n appendCookieHeaders(response.headers, out.drainResponseCookies());\n return response;\n }\n resultBatch = await maybeExternalizeBatch(resultBatch, ctx.externalLocation);\n }\n const batches = [...out.batches.map((b) => b.batch), resultBatch];\n const body = serializeIpcStream(schema, batches);\n // Hard wire-cap enforcement — overshoot replaces the response with a\n // fresh EXCEPTION-only stream.\n if (ctx.maxResponseBytes != null && body.byteLength > ctx.maxResponseBytes) {\n const overshoot = new Error(\n `HTTP body exceeds max_response_bytes (${body.byteLength} > ${ctx.maxResponseBytes}) for method '${method.name}'`,\n );\n overshoot.name = \"RuntimeError\";\n const response = makeCapErrorResponse(schema, overshoot, ctx);\n appendCookieHeaders(response.headers, out.drainResponseCookies());\n return response;\n }\n const response = arrowResponse(body);\n appendCookieHeaders(response.headers, out.drainResponseCookies());\n return response;\n } catch (error: any) {\n const errBatch = buildErrorBatch(schema, error, ctx.serverId, parsed.requestId);\n const response = arrowResponse(serializeIpcStream(schema, [errBatch]), 500);\n // Apply any cookies queued before the exception — matches Python's\n // \"cookies-on-error\" behavior.\n appendCookieHeaders(response.headers, out.drainResponseCookies());\n // Attach the error so the dispatch hook can see it\n (response as any).__dispatchError = error;\n return response;\n }\n}\n\n/** Dispatch a stream init HTTP request (producer or exchange). */\nexport async function httpDispatchStreamInit(\n method: MethodDefinition,\n body: Uint8Array,\n ctx: DispatchContext,\n): Promise<Response> {\n const isProducer = !!method.producerFn;\n const outputSchema = method.outputSchema!;\n const inputSchema = method.inputSchema ?? EMPTY_SCHEMA;\n\n const { schema: reqSchema, batch: reqBatch } = await readRequestFromBody(body);\n const parsed = parseRequest(reqSchema, reqBatch);\n\n if (parsed.methodName !== method.name) {\n throw new HttpRpcError(`Method name in request '${parsed.methodName}' does not match URL '${method.name}'`, 400);\n }\n\n applyDefaults(parsed.params, method.defaults);\n\n // Init state\n let state: any;\n try {\n if (isProducer) {\n state = await method.producerInit!(parsed.params);\n } else {\n state = await method.exchangeInit!(parsed.params);\n }\n } catch (error: any) {\n const errSchema = method.headerSchema ?? EMPTY_SCHEMA;\n const errBatch = buildErrorBatch(errSchema, error, ctx.serverId, parsed.requestId);\n const response = arrowResponse(serializeIpcStream(errSchema, [errBatch]), 500);\n (response as any).__dispatchError = error;\n return response;\n }\n\n // Support dynamic output schemas (same as pipe transport)\n const resolvedOutputSchema = state?.__outputSchema ?? outputSchema;\n // Mirror the output-schema override for inputs: VGI's `init` registers\n // exchange with a dummy `_tick` inputSchema and binds the real per-call\n // input shape via state.__inputSchema. Without this, the dummy schema\n // gets baked into the state token and conformBatchToSchema rejects the\n // first real input batch on the next exchange round.\n const resolvedInputSchema = state?.__inputSchema ?? inputSchema;\n const effectiveProducer = state?.__isProducer ?? isProducer;\n\n // Build header IPC stream if method has a header schema\n let headerBytes: Uint8Array | null = null;\n if (method.headerSchema && method.headerInit) {\n try {\n const headerOut = new OutputCollector(\n method.headerSchema,\n true,\n ctx.serverId,\n parsed.requestId,\n ctx.authContext,\n ctx.cookies,\n ctx.kind ?? TransportKind.HTTP,\n );\n const headerValues = method.headerInit(parsed.params, state, headerOut);\n const headerBatch = buildResultBatch(method.headerSchema, headerValues, ctx.serverId, parsed.requestId);\n const headerBatches = [...headerOut.batches.map((b) => b.batch), headerBatch];\n headerBytes = serializeIpcStream(method.headerSchema, headerBatches);\n } catch (error: any) {\n const errBatch = buildErrorBatch(method.headerSchema, error, ctx.serverId, parsed.requestId);\n const response = arrowResponse(serializeIpcStream(method.headerSchema, [errBatch]), 500);\n (response as any).__dispatchError = error;\n return response;\n }\n }\n\n if (effectiveProducer) {\n // Producer method — produce data inline in the init response.\n // For exchange-registered methods acting as producers (__isProducer),\n // produceStreamResponse falls back to exchangeFn with tick batches.\n return produceStreamResponse(\n method,\n state,\n resolvedOutputSchema,\n resolvedInputSchema,\n ctx,\n parsed.requestId,\n headerBytes,\n );\n } else {\n // Exchange: serialize state into signed token, return zero-row batch with token\n const stateBytes = ctx.stateSerializer.serialize(state);\n const schemaBytes = serializeSchema(resolvedOutputSchema);\n const inputSchemaBytes = serializeSchema(resolvedInputSchema);\n const token = packStateToken(stateBytes, schemaBytes, inputSchemaBytes, ctx.tokenKey, ctx.authContext?.principal);\n\n const tokenMeta = new Map<string, string>();\n tokenMeta.set(STATE_KEY, token);\n const tokenBatch = buildEmptyBatch(resolvedOutputSchema, tokenMeta);\n const tokenStreamBytes = serializeIpcStream(resolvedOutputSchema, [tokenBatch]);\n\n let responseBody: Uint8Array;\n if (headerBytes) {\n responseBody = concatBytes(headerBytes, tokenStreamBytes);\n } else {\n responseBody = tokenStreamBytes;\n }\n\n return arrowResponse(responseBody);\n }\n}\n\n/** Dispatch a stream exchange HTTP request (producer continuation or exchange round). */\nexport async function httpDispatchStreamExchange(\n method: MethodDefinition,\n body: Uint8Array,\n ctx: DispatchContext,\n): Promise<Response> {\n const isProducer = !!method.producerFn;\n\n const { batch: reqBatch } = await readRequestFromBody(body);\n\n // Get state token from batch metadata\n const tokenBase64 = reqBatch.metadata?.get(STATE_KEY);\n if (!tokenBase64) {\n throw new HttpRpcError(\"Missing state token in exchange request\", 400);\n }\n\n // Cancel signal — observed alongside the state token. Must be checked\n // before conformBatchToSchema so that zero-row empty-schema cancel batches\n // don't fail the cast.\n const cancelled = reqBatch.metadata?.get(CANCEL_KEY) != null;\n\n // Bind verification to the caller's identity — a token sealed for\n // principal A will fail AEAD decryption when replayed by principal B\n // (or by an anonymous caller, and vice versa).\n let unpacked: import(\"./token.js\").UnpackedToken;\n try {\n unpacked = unpackStateToken(tokenBase64, ctx.tokenKey, ctx.tokenTtl, ctx.authContext?.principal);\n } catch (error: any) {\n throw new HttpRpcError(`Invalid state token: ${error.message}`, 400);\n }\n\n let state: any;\n try {\n state = ctx.stateSerializer.deserialize(unpacked.stateBytes);\n } catch (error: any) {\n console.error(`[httpDispatchStreamExchange] state deserialize error:`, error.message);\n throw new HttpRpcError(`State deserialization failed: ${error.message}`, 500);\n }\n\n // Recover schemas from the token (the state itself may not contain\n // Schema objects after JSON round-trip — always prefer the token).\n let outputSchema: VgiSchema;\n if (unpacked.schemaBytes.length > 0) {\n outputSchema = await deserializeSchema(unpacked.schemaBytes);\n } else {\n outputSchema = state?.__outputSchema ?? method.outputSchema!;\n }\n let inputSchema: VgiSchema;\n if (unpacked.inputSchemaBytes.length > 0) {\n inputSchema = await deserializeSchema(unpacked.inputSchemaBytes);\n } else {\n // state.__inputSchema mirrors the __outputSchema pattern — set by\n // dynamic-input exchange methods (e.g. VGI's init, which binds to a\n // user-supplied input shape per invocation). Matches the fix already\n // applied in src/dispatch/stream.ts for the subprocess path.\n inputSchema = state?.__inputSchema ?? method.inputSchema ?? EMPTY_SCHEMA;\n }\n const effectiveProducer = state?.__isProducer ?? isProducer;\n if (process.env.VGI_DISPATCH_DEBUG)\n console.error(\n `[httpDispatchStreamExchange] method=${method.name} effectiveProducer=${effectiveProducer} stateKeys=${Object.keys(state || {})}`,\n );\n\n if (cancelled) {\n // Client asked for cancellation. Invoke the optional hook once and\n // return an empty IPC stream (no continuation token) so the client\n // knows the stream has ended.\n if (method.onCancel) {\n try {\n await method.onCancel(state);\n } catch (err) {\n console.debug?.(`onCancel hook failed: ${err instanceof Error ? err.message : err}`);\n }\n }\n return arrowResponse(serializeIpcStream(outputSchema, []));\n }\n\n if (effectiveProducer) {\n // Producer continuation — produce more data inline.\n // For exchange-registered methods, falls back to exchangeFn with tick batches.\n return produceStreamResponse(method, state, outputSchema, inputSchema, ctx, null, null);\n } else {\n // Exchange path — also handles exchange-registered methods acting as\n // producers (__isProducer=true). Use producer mode on the OutputCollector\n // when effectiveProducer so finish() is allowed.\n const externalizationEnabled = !!ctx.externalLocation?.storage;\n const out = new OutputCollector(\n outputSchema,\n effectiveProducer,\n ctx.serverId,\n null,\n ctx.authContext,\n ctx.cookies,\n ctx.kind ?? TransportKind.HTTP,\n {\n // Exchange is lockstep: one process() call, one output batch,\n // one HTTP response. The whole budget belongs to this emit.\n remainingResponseBytes: ctx.maxResponseBytes,\n remainingExternalizedResponseBytes: externalizationEnabled ? ctx.maxExternalizedResponseBytes : undefined,\n externalizationEnabled,\n },\n );\n if (ctx.stickyContext) out.attachStickyContext(ctx.stickyContext);\n\n // Cast compatible input types (e.g., decimal→double, int32→int64).\n // Gated on effectiveProducer (not isProducer) so methods that flip to\n // producer mode via state.__isProducer skip the conform entirely — the\n // tick batches they receive have a dummy shape that shouldn't be\n // checked against the declared input schema. Any conformance failure\n // falls through with the original batch; the handler owns input-shape\n // validation if it cares. Mirrors dispatch/stream.ts.\n let conformedBatch = reqBatch;\n if (!effectiveProducer && inputSchema !== EMPTY_SCHEMA && reqBatch.schema !== inputSchema) {\n try {\n conformedBatch = conformBatchToSchema(reqBatch, inputSchema);\n } catch (e) {\n // Field name/count mismatch is a hard contract violation — surface it\n // as an error rather than letting handlers see a wrong-shape batch\n // (mirrors the subprocess dispatch in src/dispatch/stream.ts).\n if (e instanceof TypeError) throw e;\n console.debug?.(`Schema conformance skipped: ${e instanceof Error ? e.message : e}`);\n }\n }\n\n try {\n if (method.exchangeFn) {\n await method.exchangeFn(state, conformedBatch, out);\n } else {\n await method.producerFn!(state, out);\n }\n } catch (error: any) {\n if (process.env.VGI_DISPATCH_DEBUG)\n console.error(\n `[httpDispatchStreamExchange] exchange handler error:`,\n error.message,\n error.stack?.split(\"\\n\").slice(0, 5).join(\"\\n\"),\n );\n const errBatch = buildErrorBatch(outputSchema, error, ctx.serverId, null);\n const response = arrowResponse(serializeIpcStream(outputSchema, [errBatch]), 500);\n (response as any).__dispatchError = error;\n return response;\n }\n\n // Collect emitted batches\n const batches: VgiBatch[] = [];\n\n if (out.finished) {\n // Stream is done — return data WITHOUT state token.\n // The absence of a token tells the client there's no more data.\n for (const emitted of out.batches) {\n // Preserve per-emit metadata (vgi_batch_index,\n // vgi_partition_values#b64) as the RecordBatch custom_metadata.\n if (emitted.metadata && emitted.metadata.size > 0) {\n const md = new Map<string, string>(emitted.batch.metadata ?? []);\n for (const [k, v] of emitted.metadata) md.set(k, v);\n batches.push(withBatchMetadata(emitted.batch, md));\n } else {\n batches.push(emitted.batch);\n }\n }\n } else {\n // More data may follow — repack state into token for next exchange.\n const stateBytes = ctx.stateSerializer.serialize(state);\n const schemaBytes = serializeSchema(outputSchema);\n const inputSchemaBytes = serializeSchema(inputSchema);\n const token = packStateToken(stateBytes, schemaBytes, inputSchemaBytes, ctx.tokenKey, ctx.authContext?.principal);\n\n for (const emitted of out.batches) {\n const batch = emitted.batch;\n if (batch.numRows > 0) {\n const mergedMeta = new Map<string, string>(batch.metadata ?? []);\n // Fold in per-emit metadata (vgi_batch_index, vgi_partition_values#b64).\n if (emitted.metadata) for (const [k, v] of emitted.metadata) mergedMeta.set(k, v);\n mergedMeta.set(STATE_KEY, token);\n batches.push(withBatchMetadata(batch, mergedMeta));\n } else {\n batches.push(batch);\n }\n }\n\n // Safety net: if no batch carries a state token (e.g. all rows were\n // filtered out by pushdown filters), emit an empty batch with the\n // token so the client knows to continue exchanging.\n if (!batches.some((b) => b.metadata?.get(STATE_KEY))) {\n const tokenMeta = new Map<string, string>();\n tokenMeta.set(STATE_KEY, token);\n batches.push(buildEmptyBatch(outputSchema, tokenMeta));\n }\n }\n\n const body = serializeIpcStream(outputSchema, batches);\n // Hard wire-cap enforcement for stream-exchange — overshoot replaces\n // the response with an EXCEPTION-only stream so the client surfaces RpcError.\n if (ctx.maxResponseBytes != null && body.byteLength > ctx.maxResponseBytes) {\n const overshoot = new Error(\n `HTTP body exceeds max_response_bytes (${body.byteLength} > ${ctx.maxResponseBytes}) for method '${method.name}'`,\n );\n overshoot.name = \"RuntimeError\";\n return makeCapErrorResponse(outputSchema, overshoot, ctx);\n }\n return arrowResponse(body);\n }\n}\n\n/** Run the producer loop and build the response. */\nasync function produceStreamResponse(\n method: MethodDefinition,\n state: any,\n outputSchema: VgiSchema,\n inputSchema: VgiSchema,\n ctx: DispatchContext,\n requestId: string | null,\n headerBytes: Uint8Array | null,\n): Promise<Response> {\n const allBatches: VgiBatch[] = [];\n // Producer wire cap: prefer the legacy stream-only soft cap when set\n // (lets old callers keep the \"one batch per response\" hack alive),\n // else fall through to maxResponseBytes (which is hard for unary/\n // exchange but soft for producer — continuation tokens cover overshoot).\n const maxBytes = ctx.maxStreamResponseBytes ?? ctx.maxResponseBytes;\n const maxExternalBytes = ctx.maxExternalizedResponseBytes;\n const externalizationEnabled = !!ctx.externalLocation?.storage;\n let estimatedBytes = 0;\n /** Cumulative external-channel bytes across iterations. External cap is\n * *hard* — externalised uploads have no continuation-token escape valve. */\n let cumulativeExternalBytes = 0;\n let producerError: Error | undefined;\n /** Set when the external cap is breached; the loop replaces the partial\n * stream with an EXCEPTION batch and breaks. */\n let externalOvershoot: Error | undefined;\n\n while (true) {\n // Snapshot per-iteration budgets so the worker can size its emit.\n const remainingWire = maxBytes != null ? Math.max(0, maxBytes - estimatedBytes) : undefined;\n const remainingExternal =\n externalizationEnabled && maxExternalBytes != null\n ? Math.max(0, maxExternalBytes - cumulativeExternalBytes)\n : undefined;\n\n const out = new OutputCollector(\n outputSchema,\n true,\n ctx.serverId,\n requestId,\n ctx.authContext,\n ctx.cookies,\n ctx.kind ?? TransportKind.HTTP,\n {\n remainingResponseBytes: remainingWire,\n remainingExternalizedResponseBytes: remainingExternal,\n externalizationEnabled,\n },\n );\n if (ctx.stickyContext) out.attachStickyContext(ctx.stickyContext);\n\n try {\n if (method.producerFn) {\n await method.producerFn(state, out);\n } else {\n // Exchange-registered method acting as producer (e.g. VGI's \"init\"\n // method which is registered as exchange but may produce based on\n // the __isProducer state flag). Call exchangeFn with an empty tick\n // batch, matching how the subprocess transport dispatches these.\n const tickBatch = buildEmptyBatch(inputSchema);\n await method.exchangeFn!(state, tickBatch, out);\n }\n } catch (error: any) {\n if (process.env.VGI_DISPATCH_DEBUG)\n console.error(`[produceStreamResponse] error:`, error.message, error.stack?.split(\"\\n\").slice(0, 3).join(\"\\n\"));\n allBatches.push(buildErrorBatch(outputSchema, error, ctx.serverId, requestId));\n producerError = error instanceof Error ? error : new Error(String(error));\n break;\n }\n\n for (const emitted of out.batches) {\n let batch = emitted.batch;\n // Externalize before charging wire bytes — externalised payloads\n // ride on the side channel and only the small pointer batch ends\n // up on the wire. Pre-flight check + cumulative accounting mirror\n // Python's _run_http_producer_turn so a worker exfiltrating big\n // batches via tiny pointer outputs still hits the external cap.\n if (externalizationEnabled && ctx.externalLocation) {\n const predicted = predictExternalizeBytes(batch, ctx.externalLocation);\n if (predicted > 0 && maxExternalBytes != null && cumulativeExternalBytes + predicted > maxExternalBytes) {\n externalOvershoot = new Error(\n `Externalised payload exceeds max_externalized_response_bytes (${cumulativeExternalBytes + predicted} > ${maxExternalBytes}) for method '${method.name}'`,\n );\n externalOvershoot.name = \"RuntimeError\";\n break;\n }\n if (predicted > 0) {\n batch = await maybeExternalizeBatch(batch, ctx.externalLocation);\n cumulativeExternalBytes += predicted;\n }\n }\n // Preserve per-emit metadata (vgi_batch_index, vgi_partition_values#b64)\n // as the RecordBatch custom_metadata so the C++ extension reads it.\n if (emitted.metadata && emitted.metadata.size > 0) {\n const md = new Map<string, string>(batch.metadata ?? []);\n for (const [k, v] of emitted.metadata) md.set(k, v);\n batch = withBatchMetadata(batch, md);\n }\n allBatches.push(batch);\n if (maxBytes != null) {\n // arrow-js exposes O(1) byteLength via batch.data; flechette has no\n // equivalent. Best-effort estimate via serializeBatch in the latter.\n let sz = (batch as any).data?.byteLength ?? 0;\n if (sz === 0) {\n // Either a zero-row externalisation pointer batch or a flechette\n // batch that doesn't expose `data.byteLength`. The pointer case\n // is real \"work done\" — the worker's emit became an upload, and\n // we still need to advance the wire-cap loop so it eventually\n // breaks. Use a serialized-size estimate; for pointer batches\n // this captures the metadata-bearing zero-row body, for plain\n // batches it's the actual wire size.\n try {\n sz = serializeBatch(batch).byteLength;\n } catch {\n sz = 0;\n }\n // Producer cancellation contract: the loop MUST make progress\n // every iteration so an externalized infinite producer (e.g.,\n // `cancellable_producer` with externalize-threshold=1) eventually\n // mints a continuation token and lets the client cancel. Charge\n // at least 1 byte when neither byteLength nor serialization\n // gives us a real measurement.\n if (sz === 0) sz = 1;\n }\n estimatedBytes += sz;\n }\n }\n\n if (externalOvershoot) {\n // Replace the partial stream with a fresh one carrying only the\n // EXCEPTION batch — clients see RpcError before any data, matching\n // the unary/exchange strict-fail contract.\n allBatches.length = 0;\n allBatches.push(buildErrorBatch(outputSchema, externalOvershoot, ctx.serverId, requestId));\n producerError = externalOvershoot;\n break;\n }\n\n if (out.finished) {\n break;\n }\n\n // Check byte budget — if exceeded, emit continuation token\n if (maxBytes != null && estimatedBytes >= maxBytes) {\n const stateBytes = ctx.stateSerializer.serialize(state);\n const schemaBytes = serializeSchema(outputSchema);\n const inputSchemaBytes = serializeSchema(inputSchema);\n const token = packStateToken(stateBytes, schemaBytes, inputSchemaBytes, ctx.tokenKey, ctx.authContext?.principal);\n const tokenMeta = new Map<string, string>();\n tokenMeta.set(STATE_KEY, token);\n allBatches.push(buildEmptyBatch(outputSchema, tokenMeta));\n break;\n }\n }\n\n const dataBytes = serializeIpcStream(outputSchema, allBatches);\n let responseBody: Uint8Array;\n if (headerBytes) {\n responseBody = concatBytes(headerBytes, dataBytes);\n } else {\n responseBody = dataBytes;\n }\n // External-cap overshoot is a strict-fail: emit 500 so arrowResponse\n // translates to 200 + X-VGI-RPC-Error. In-handler producer errors\n // stay 200-with-EXCEPTION-batch (the existing contract — clients see\n // RpcError on body decode but proxies don't get the header signal).\n // Mirrors c5c7091 for the cap-overshoot path only.\n const status = externalOvershoot ? 500 : 200;\n const response = arrowResponse(responseBody, status);\n if (producerError) {\n (response as any).__dispatchError = producerError;\n }\n return response;\n}\n\nfunction concatBytes(...arrays: Uint8Array[]): Uint8Array {\n const totalLen = arrays.reduce((sum, a) => sum + a.length, 0);\n const result = new Uint8Array(totalLen);\n let offset = 0;\n for (const arr of arrays) {\n result.set(arr, offset);\n offset += arr.length;\n }\n return result;\n}\n",
|
|
42
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Pre-rendered HTML pages for the vgi-rpc HTTP server.\n * Matches the styling of the Python and Go implementations.\n */\n\nimport type { MethodDefinition } from \"../types.js\";\n\nexport const LOGO_URL = \"https://vgi-rpc-python.query.farm/assets/logo-hero.png\";\n\nexport const FONTS = `<link rel=\"preconnect\" href=\"https://fonts.googleapis.com\">\n<link rel=\"preconnect\" href=\"https://fonts.gstatic.com\" crossorigin>\n<link href=\"https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&family=JetBrains+Mono:wght@400;600&display=swap\" rel=\"stylesheet\">`;\n\nexport const ERROR_PAGE_STYLE = `<style>\nbody { font-family: 'Inter', system-ui, -apple-system, sans-serif; max-width: 600px;\n margin: 0 auto; padding: 60px 20px 0; color: #2c2c1e; text-align: center;\n background: #faf8f0; }\n.logo { margin-bottom: 24px; }\n.logo img { width: 120px; height: 120px; border-radius: 50%;\n box-shadow: 0 4px 24px rgba(0,0,0,0.12); }\nh1 { color: #2d5016; margin-bottom: 8px; font-weight: 700; }\ncode { font-family: 'JetBrains Mono', monospace; background: #f0ece0;\n padding: 2px 6px; border-radius: 3px; font-size: 0.9em; color: #2c2c1e; }\na { color: #2d5016; text-decoration: none; }\na:hover { color: #4a7c23; }\np { line-height: 1.7; color: #6b6b5a; }\n.detail { margin-top: 12px; padding: 12px 16px; background: #f0ece0;\n border-radius: 6px; font-size: 0.9em; color: #6b6b5a; }\nfooter { margin-top: 48px; padding: 20px 0; border-top: 1px solid #f0ece0;\n color: #6b6b5a; font-size: 0.85em; line-height: 1.8; }\nfooter a { color: #2d5016; font-weight: 600; }\nfooter a:hover { color: #4a7c23; }\n</style>`;\n\nfunction escapeHtml(s: string): string {\n return s.replace(/&/g, \"&\").replace(/</g, \"<\").replace(/>/g, \">\").replace(/\"/g, \""\");\n}\n\nfunction arrowTypeToString(type: import(\"../arrow/index.js\").VgiDataType): string {\n const id = type.typeId;\n // Match the human-friendly type names used by the Python reference implementation\n if (id === 5) return \"str\"; // Utf8\n if (id === 4) return \"bytes\"; // Binary\n if (id === 2) return \"int\"; // Int32/Int64\n if (id === 3) return \"float\"; // Float32/Float64\n if (id === 6) return \"bool\"; // Bool\n if (id === 12) return \"list\"; // List\n if (id === 17) return \"map\"; // Map\n if (id === 24) return \"enum\"; // Dictionary\n return type.toString();\n}\n\n// ---------------------------------------------------------------------------\n// Landing page\n// ---------------------------------------------------------------------------\n\nexport function buildLandingPage(\n protocolName: string,\n serverId: string,\n describePath: string | null,\n repoUrl: string | null,\n): string {\n const links: string[] = [];\n if (describePath) {\n links.push(`<a class=\"primary\" href=\"${escapeHtml(describePath)}\">View service API</a>`);\n }\n if (repoUrl) {\n links.push(`<a href=\"${escapeHtml(repoUrl)}\">Source repository</a>`);\n }\n links.push(`<a href=\"https://vgi-rpc.query.farm\">Learn more about <code>vgi-rpc</code></a>`);\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n<title>${escapeHtml(protocolName)} \\u2014 vgi-rpc</title>\n${FONTS}\n<style>\nbody { font-family: 'Inter', system-ui, -apple-system, sans-serif; max-width: 600px;\n margin: 0 auto; padding: 60px 20px 0; color: #2c2c1e; text-align: center;\n background: #faf8f0; }\n.logo { margin-bottom: 24px; }\n.logo img { width: 140px; height: 140px; border-radius: 50%;\n box-shadow: 0 4px 24px rgba(0,0,0,0.12); }\nh1 { color: #2d5016; margin-bottom: 8px; font-weight: 700; }\ncode { font-family: 'JetBrains Mono', monospace; background: #f0ece0;\n padding: 2px 6px; border-radius: 3px; font-size: 0.9em; color: #2c2c1e; }\na { color: #2d5016; text-decoration: none; }\na:hover { color: #4a7c23; }\np { line-height: 1.7; color: #6b6b5a; }\n.meta { font-size: 0.9em; color: #6b6b5a; }\n.links { margin-top: 28px; display: flex; flex-wrap: wrap; justify-content: center; gap: 8px; }\n.links a { display: inline-block; padding: 8px 18px; border-radius: 6px;\n border: 1px solid #4a7c23; color: #2d5016; font-weight: 600;\n font-size: 0.9em; transition: all 0.2s ease; }\n.links a:hover { background: #4a7c23; color: #fff; }\n.links a.primary { background: #2d5016; color: #fff; border-color: #2d5016; }\n.links a.primary:hover { background: #4a7c23; border-color: #4a7c23; }\nfooter { margin-top: 48px; padding: 20px 0; border-top: 1px solid #f0ece0;\n color: #6b6b5a; font-size: 0.85em; }\nfooter a { color: #2d5016; font-weight: 600; }\nfooter a:hover { color: #4a7c23; }\n</style>\n</head>\n<body>\n<div class=\"logo\">\n <img src=\"${LOGO_URL}\" alt=\"vgi-rpc logo\">\n</div>\n<h1>${escapeHtml(protocolName)}</h1>\n<p class=\"meta\">Powered by <code>vgi-rpc</code> (TypeScript) · server <code>${escapeHtml(serverId)}</code></p>\n<p>This is a <code>vgi-rpc</code> service endpoint.</p>\n<div class=\"links\">\n${links.join(\"\\n\")}\n</div>\n<footer>\n © 2026 🚜 <a href=\"https://query.farm\">Query.Farm LLC</a>\n</footer>\n</body>\n</html>`;\n}\n\n// ---------------------------------------------------------------------------\n// 404 page\n// ---------------------------------------------------------------------------\n\nexport function buildNotFoundPage(prefix: string, protocolName: string): string {\n const nameFragment = protocolName ? ` (<strong>${escapeHtml(protocolName)}</strong>)` : \"\";\n const prefixDisplay = prefix || \"/\";\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n<title>404 \\u2014 vgi-rpc</title>\n${FONTS}\n${ERROR_PAGE_STYLE}\n</head>\n<body>\n<div class=\"logo\">\n <img src=\"${LOGO_URL}\" alt=\"vgi-rpc logo\">\n</div>\n<h1>404 \\u2014 Not Found</h1>\n<p>This is a <code>vgi-rpc</code> service endpoint${nameFragment}.</p>\n<p>RPC methods are available under <code>${escapeHtml(prefixDisplay)}/<method></code>.</p>\n<footer>\n Powered by <a href=\"https://vgi-rpc.query.farm\"><code>vgi-rpc</code></a>\n</footer>\n</body>\n</html>`;\n}\n\n// ---------------------------------------------------------------------------\n// Describe / API reference page\n// ---------------------------------------------------------------------------\n\nfunction buildMethodCard(method: MethodDefinition): string {\n const name = escapeHtml(method.name);\n const isUnary = method.type === \"unary\";\n const hasHeader = !!method.headerSchema;\n\n // Badges — match Python reference (unary/stream/header only)\n const badges: string[] = [];\n badges.push(\n isUnary ? `<span class=\"badge badge-unary\">unary</span>` : `<span class=\"badge badge-stream\">stream</span>`,\n );\n if (hasHeader) badges.push(`<span class=\"badge badge-header\">header</span>`);\n\n // Parameters table\n let paramsHtml = \"\";\n const paramsSchema = method.paramsSchema;\n if (paramsSchema.fields.length > 0) {\n const rows = paramsSchema.fields.map((f) => {\n const paramName = escapeHtml(f.name);\n const paramType = escapeHtml(arrowTypeToString(f.type));\n const defaultVal =\n method.defaults && f.name in method.defaults ? escapeHtml(JSON.stringify(method.defaults[f.name])) : \"—\";\n return `<tr><td><code>${paramName}</code></td><td><code>${paramType}</code></td><td>${defaultVal}</td><td>—</td></tr>`;\n });\n paramsHtml = `<div class=\"section-label\">Parameters</div>\n<table><tr><th>Name</th><th>Type</th><th>Default</th><th>Description</th></tr>\n${rows.join(\"\\n\")}\n</table>`;\n } else {\n paramsHtml = `<p class=\"no-params\">No parameters</p>`;\n }\n\n // Returns table (unary only)\n let returnsHtml = \"\";\n if (isUnary && method.resultSchema.fields.length > 0) {\n const rows = method.resultSchema.fields.map((f) => {\n return `<tr><td><code>${escapeHtml(f.name)}</code></td><td><code>${escapeHtml(arrowTypeToString(f.type))}</code></td></tr>`;\n });\n returnsHtml = `<div class=\"section-label\">Returns</div>\n<table><tr><th>Name</th><th>Type</th></tr>\n${rows.join(\"\\n\")}\n</table>`;\n }\n\n // Header table (streams with headers)\n let headerHtml = \"\";\n if (hasHeader && method.headerSchema && method.headerSchema.fields.length > 0) {\n const rows = method.headerSchema.fields.map((f) => {\n return `<tr><td><code>${escapeHtml(f.name)}</code></td><td><code>${escapeHtml(arrowTypeToString(f.type))}</code></td></tr>`;\n });\n headerHtml = `<div class=\"section-label\">Stream Header</div>\n<table><tr><th>Name</th><th>Type</th></tr>\n${rows.join(\"\\n\")}\n</table>`;\n }\n\n // Docstring\n const docHtml = method.doc ? `<p class=\"docstring\">${escapeHtml(method.doc)}</p>` : \"\";\n\n return `<div class=\"card\">\n<div class=\"card-header\">\n<span class=\"method-name\">${name}</span>\n${badges.join(\"\\n\")}\n</div>\n${docHtml}\n${paramsHtml}\n${returnsHtml}\n${headerHtml}\n</div>`;\n}\n\nexport function buildDescribePage(\n protocolName: string,\n serverId: string,\n methods: Map<string, MethodDefinition>,\n repoUrl: string | null,\n): string {\n const sortedMethods = [...methods.entries()]\n .filter(([name]) => name !== \"__describe__\")\n .sort(([a], [b]) => a.localeCompare(b));\n\n const cards = sortedMethods.map(([, method]) => buildMethodCard(method)).join(\"\\n\");\n\n const repoLink = repoUrl ? ` · <a href=\"${escapeHtml(repoUrl)}\">Source</a>` : \"\";\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n<title>${escapeHtml(protocolName)} API Reference \\u2014 vgi-rpc</title>\n${FONTS}\n<style>\nbody { font-family: 'Inter', system-ui, -apple-system, sans-serif; max-width: 900px;\n margin: 0 auto; padding: 40px 20px 0; color: #2c2c1e; background: #faf8f0; }\n.header { text-align: center; margin-bottom: 40px; }\n.header .logo img { width: 80px; height: 80px; border-radius: 50%;\n box-shadow: 0 3px 16px rgba(0,0,0,0.10); }\n.header h1 { margin-bottom: 4px; color: #2d5016; font-weight: 700; }\n.header .subtitle { color: #6b6b5a; font-size: 1.1em; margin-top: 0; }\n.header .meta { color: #6b6b5a; font-size: 0.9em; }\n.header .meta a { color: #2d5016; font-weight: 600; }\n.header .meta a:hover { color: #4a7c23; }\ncode { font-family: 'JetBrains Mono', monospace; background: #f0ece0;\n padding: 2px 6px; border-radius: 3px; font-size: 0.85em; color: #2c2c1e; }\na { color: #2d5016; text-decoration: none; }\na:hover { color: #4a7c23; }\n.card { border: 1px solid #f0ece0; border-radius: 8px; padding: 20px;\n margin-bottom: 16px; background: #fff; }\n.card:hover { border-color: #c8a43a; }\n.card-header { display: flex; align-items: center; gap: 10px; margin-bottom: 12px; }\n.method-name { font-family: 'JetBrains Mono', monospace; font-size: 1.1em; font-weight: 600;\n color: #2d5016; }\n.badge { display: inline-block; padding: 2px 8px; border-radius: 4px;\n font-size: 0.75em; font-weight: 600; text-transform: uppercase;\n letter-spacing: 0.03em; }\n.badge-unary { background: #e8f5e0; color: #2d5016; }\n.badge-stream { background: #e0ecf5; color: #1a4a6b; }\n.badge-exchange { background: #f5e6f0; color: #6b234a; }\n.badge-producer { background: #e0f0f5; color: #1a5a6b; }\n.badge-header { background: #f5eee0; color: #6b4423; }\n.docstring { color: #6b6b5a; font-size: 0.9em; margin-top: 0; }\ntable { width: 100%; border-collapse: collapse; font-size: 0.9em; }\nth { text-align: left; padding: 8px 10px; background: #f0ece0; color: #2c2c1e;\n font-weight: 600; border-bottom: 2px solid #e0dcd0; }\ntd { padding: 8px 10px; border-bottom: 1px solid #f0ece0; }\ntd code { font-size: 0.85em; }\n.no-params { color: #6b6b5a; font-style: italic; font-size: 0.9em; }\n.section-label { font-size: 0.8em; font-weight: 600; text-transform: uppercase;\n letter-spacing: 0.05em; color: #6b6b5a; margin-top: 14px;\n margin-bottom: 6px; }\nfooter { text-align: center; margin-top: 48px; padding: 20px 0;\n border-top: 1px solid #f0ece0; color: #6b6b5a; font-size: 0.85em; }\nfooter a { color: #2d5016; font-weight: 600; }\nfooter a:hover { color: #4a7c23; }\n</style>\n</head>\n<body>\n<div class=\"header\">\n <div class=\"logo\">\n <img src=\"${LOGO_URL}\" alt=\"vgi-rpc logo\">\n </div>\n <h1>${escapeHtml(protocolName)}</h1>\n <p class=\"subtitle\">API Reference</p>\n <p class=\"meta\">Powered by <code>vgi-rpc</code> (TypeScript) · server <code>${escapeHtml(serverId)}</code>${repoLink}</p>\n</div>\n${cards}\n<footer>\n <a href=\"https://vgi-rpc.query.farm\">Learn more about <code>vgi-rpc</code></a>\n ·\n © 2026 🚜 <a href=\"https://query.farm\">Query.Farm LLC</a>\n</footer>\n</body>\n</html>`;\n}\n",
|
|
43
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Server-side OAuth PKCE authorization code flow for vgi-rpc HTTP browse pages.\n *\n * When both `authenticate` and `oauthResourceMetadata` (with a `clientId`)\n * are configured, this module enables browser-based authentication:\n *\n * 1. A browser GET that would return 401 is instead redirected to the\n * authorization server's login page (with PKCE code challenge).\n * 2. After the user authenticates, the authorization server redirects back\n * to `{prefix}/_oauth/callback` with an authorization code.\n * 3. The callback exchanges the code for a token, stores it in a JS-readable\n * cookie, and redirects back to the original page.\n */\n\nimport type { AuthContext } from \"../auth.js\";\nimport type { AuthenticateFn } from \"./auth.js\";\nimport { ERROR_PAGE_STYLE, FONTS, LOGO_URL } from \"./pages.js\";\n\n// Indirect-string require keeps node:crypto out of the static bundle for\n// workerd. OAuth PKCE is opt-in (configureOAuthPkce); callers on workerd\n// should not enable it.\nconst _NODE_CRYPTO_MOD = \"node:crypto\";\nfunction _crypto(): {\n createHash: any;\n createHmac: any;\n randomBytes: (n: number) => any;\n timingSafeEqual: (a: any, b: any) => boolean;\n} {\n const req: any = (import.meta as any).require ?? (globalThis as any).require ?? null;\n if (!req) {\n throw new Error(\"OAuth PKCE requires Node.js or Bun (node:crypto).\");\n }\n return req(_NODE_CRYPTO_MOD);\n}\nconst createHash = (algo: string) => _crypto().createHash(algo);\nconst createHmac = (algo: string, key: any) => _crypto().createHmac(algo, key);\nconst randomBytes = (n: number) => _crypto().randomBytes(n);\nconst timingSafeEqual = (a: any, b: any) => _crypto().timingSafeEqual(a, b);\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst SESSION_COOKIE_NAME = \"_vgi_oauth_session\";\nconst AUTH_COOKIE_NAME = \"_vgi_auth\";\nconst SESSION_COOKIE_VERSION = 4;\nconst SESSION_MAX_AGE = 600; // 10 minutes\nconst AUTH_COOKIE_DEFAULT_MAX_AGE = 3600; // 1 hour fallback\nconst MAX_ORIGINAL_URL_LEN = 2048;\nconst HMAC_LEN = 32;\n\n/** Default origins allowed for _vgi_return_to redirects. */\nconst DEFAULT_ALLOWED_RETURN_ORIGINS: ReadonlySet<string> = new Set([\"https://cupola.query-farm.services\"]);\n\n// ---------------------------------------------------------------------------\n// PKCE helpers (RFC 7636)\n// ---------------------------------------------------------------------------\n\n/** Generate a 43-character URL-safe random code verifier (RFC 7636 S4.1). */\nexport function generateCodeVerifier(): string {\n // Match Python secrets.token_urlsafe(32) — 32 random bytes → base64url (no padding) = 43 chars\n return randomBytes(32).toString(\"base64url\");\n}\n\n/** Compute S256 code challenge from a code verifier (RFC 7636 S4.2). */\nexport function generateCodeChallenge(verifier: string): string {\n const digest = createHash(\"sha256\").update(verifier, \"ascii\").digest();\n return digest.toString(\"base64url\");\n}\n\n/** Generate a random state nonce for CSRF protection. */\nexport function generateStateNonce(): string {\n return randomBytes(24).toString(\"base64url\");\n}\n\n// ---------------------------------------------------------------------------\n// Derived HMAC key\n// ---------------------------------------------------------------------------\n\n/** Derive a separate HMAC key for OAuth session cookies. */\nexport function deriveSessionKey(signingKey: Uint8Array): Uint8Array {\n return createHmac(\"sha256\", signingKey).update(\"oauth-pkce-session\").digest();\n}\n\n// ---------------------------------------------------------------------------\n// Base64url encoding matching Python's base64.urlsafe_b64encode (WITH padding)\n// ---------------------------------------------------------------------------\n\n/** Encode bytes as base64url WITH `=` padding (matches Python `base64.urlsafe_b64encode`). */\nfunction b64urlEncode(buf: Buffer): string {\n return buf.toString(\"base64\").replace(/\\+/g, \"-\").replace(/\\//g, \"_\");\n}\n\n/** Decode base64url string (with or without padding) to Buffer. */\nfunction b64urlDecode(s: string): Buffer {\n // base64url → standard base64\n const standard = s.replace(/-/g, \"+\").replace(/_/g, \"/\");\n return Buffer.from(standard, \"base64\");\n}\n\n// ---------------------------------------------------------------------------\n// Signed session cookie (stores code_verifier + state + original URL)\n// ---------------------------------------------------------------------------\n\n/**\n * Pack PKCE session data into a signed, base64-encoded cookie value.\n *\n * Wire format v4:\n * [1B version=4] [8B created_at uint64 LE]\n * [2B cv_len uint16 LE] [cv_len bytes code_verifier]\n * [2B state_len uint16 LE] [state_len bytes state_nonce]\n * [2B url_len uint16 LE] [url_len bytes original_url]\n * [2B rt_len uint16 LE] [rt_len bytes return_to]\n * [32B HMAC-SHA256(session_key, all above)]\n */\nexport function packOAuthCookie(\n codeVerifier: string,\n stateNonce: string,\n originalUrl: string,\n sessionKey: Uint8Array,\n createdAt?: number,\n returnTo?: string,\n): string {\n const now = createdAt ?? Math.floor(Date.now() / 1000);\n const cvBytes = Buffer.from(codeVerifier, \"utf-8\");\n const stateBytes = Buffer.from(stateNonce, \"utf-8\");\n const urlBytes = Buffer.from(originalUrl, \"utf-8\");\n const rtBytes = Buffer.from(returnTo ?? \"\", \"utf-8\");\n\n const payloadLen = 1 + 8 + 2 + cvBytes.length + 2 + stateBytes.length + 2 + urlBytes.length + 2 + rtBytes.length;\n const payload = Buffer.alloc(payloadLen);\n let offset = 0;\n\n payload.writeUInt8(SESSION_COOKIE_VERSION, offset);\n offset += 1;\n\n payload.writeBigUInt64LE(BigInt(now), offset);\n offset += 8;\n\n payload.writeUInt16LE(cvBytes.length, offset);\n offset += 2;\n cvBytes.copy(payload, offset);\n offset += cvBytes.length;\n\n payload.writeUInt16LE(stateBytes.length, offset);\n offset += 2;\n stateBytes.copy(payload, offset);\n offset += stateBytes.length;\n\n payload.writeUInt16LE(urlBytes.length, offset);\n offset += 2;\n urlBytes.copy(payload, offset);\n offset += urlBytes.length;\n\n payload.writeUInt16LE(rtBytes.length, offset);\n offset += 2;\n rtBytes.copy(payload, offset);\n\n const mac = createHmac(\"sha256\", sessionKey).update(payload).digest();\n return b64urlEncode(Buffer.concat([payload, mac]));\n}\n\nexport interface UnpackedOAuthCookie {\n codeVerifier: string;\n stateNonce: string;\n originalUrl: string;\n returnTo: string;\n}\n\n/**\n * Unpack and verify a signed OAuth session cookie.\n *\n * @throws Error on tampered, expired, or malformed cookies.\n */\nexport function unpackOAuthCookie(\n cookieValue: string,\n sessionKey: Uint8Array,\n maxAge: number = SESSION_MAX_AGE,\n): UnpackedOAuthCookie {\n let raw: Buffer;\n try {\n raw = b64urlDecode(cookieValue);\n } catch {\n throw new Error(\"Malformed session cookie\");\n }\n\n // Minimum: version(1) + timestamp(8) + 4 x length(2) + HMAC(32) = 49\n if (raw.length < 49) {\n throw new Error(\"Session cookie too short\");\n }\n\n // Verify HMAC before inspecting payload\n const payload = raw.subarray(0, raw.length - HMAC_LEN);\n const receivedMac = raw.subarray(raw.length - HMAC_LEN);\n const expectedMac = createHmac(\"sha256\", sessionKey).update(payload).digest();\n if (!timingSafeEqual(receivedMac, expectedMac)) {\n throw new Error(\"Session cookie signature mismatch\");\n }\n\n // Parse payload\n const version = payload.readUInt8(0);\n if (version !== SESSION_COOKIE_VERSION) {\n throw new Error(`Unexpected session cookie version: ${version}`);\n }\n\n const createdAt = Number(payload.readBigUInt64LE(1));\n if (maxAge > 0) {\n const age = Math.floor(Date.now() / 1000) - createdAt;\n if (age < 0 || age > maxAge) {\n throw new Error(`Session cookie expired (age=${age}s, max=${maxAge}s)`);\n }\n }\n\n let pos = 9;\n const cvLen = payload.readUInt16LE(pos);\n pos += 2;\n const codeVerifier = payload.subarray(pos, pos + cvLen).toString(\"utf-8\");\n pos += cvLen;\n\n const stateLen = payload.readUInt16LE(pos);\n pos += 2;\n const stateNonce = payload.subarray(pos, pos + stateLen).toString(\"utf-8\");\n pos += stateLen;\n\n const urlLen = payload.readUInt16LE(pos);\n pos += 2;\n const originalUrl = payload.subarray(pos, pos + urlLen).toString(\"utf-8\");\n pos += urlLen;\n\n const rtLen = payload.readUInt16LE(pos);\n pos += 2;\n const returnTo = payload.subarray(pos, pos + rtLen).toString(\"utf-8\");\n\n return { codeVerifier, stateNonce, originalUrl, returnTo };\n}\n\n// ---------------------------------------------------------------------------\n// OIDC discovery cache\n// ---------------------------------------------------------------------------\n\nexport interface OidcEndpoints {\n authorizationEndpoint: string;\n tokenEndpoint: string;\n}\n\n/**\n * Create a lazy-cached OIDC discovery function.\n *\n * Caches the Promise; resets on rejection so a transient failure is retried.\n */\nexport function createOidcDiscovery(issuer: string): () => Promise<OidcEndpoints | null> {\n let cached: Promise<OidcEndpoints | null> | null = null;\n\n return function discover(): Promise<OidcEndpoints | null> {\n if (cached) return cached;\n const url = `${issuer.replace(/\\/+$/, \"\")}/.well-known/openid-configuration`;\n cached = fetch(url, { signal: AbortSignal.timeout(10000) })\n .then(async (resp) => {\n if (!resp.ok) throw new Error(`OIDC discovery HTTP ${resp.status}`);\n const data = await resp.json();\n return {\n authorizationEndpoint: data.authorization_endpoint as string,\n tokenEndpoint: data.token_endpoint as string,\n };\n })\n .catch(() => {\n cached = null; // reset on failure for retry\n return null;\n });\n return cached;\n };\n}\n\n// ---------------------------------------------------------------------------\n// Token exchange\n// ---------------------------------------------------------------------------\n\nexport interface TokenExchangeResult {\n token: string;\n maxAge: number;\n refreshToken: string | null;\n}\n\n/** Exchange an authorization code for a token via the token endpoint. */\nexport async function exchangeCodeForToken(\n tokenEndpoint: string,\n code: string,\n redirectUri: string,\n codeVerifier: string,\n clientId: string,\n clientSecret?: string,\n useIdToken?: boolean,\n): Promise<TokenExchangeResult> {\n const params = new URLSearchParams({\n grant_type: \"authorization_code\",\n code,\n redirect_uri: redirectUri,\n code_verifier: codeVerifier,\n client_id: clientId,\n });\n if (clientSecret) {\n params.set(\"client_secret\", clientSecret);\n }\n\n let body: any;\n try {\n const resp = await fetch(tokenEndpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: params.toString(),\n signal: AbortSignal.timeout(15000),\n });\n if (!resp.ok) {\n const text = await resp.text();\n throw new Error(`HTTP ${resp.status}: ${text}`);\n }\n body = await resp.json();\n } catch (err: any) {\n throw new Error(`Token exchange failed: ${err.message ?? err}`);\n }\n\n const refreshToken: string | null = body.refresh_token ?? null;\n\n if (useIdToken) {\n const token = body.id_token;\n if (!token) throw new Error(\"Token response missing id_token\");\n // Derive maxAge from the id_token's exp claim\n try {\n const parts = (token as string).split(\".\");\n if (parts.length >= 2) {\n const padding = 4 - (parts[1].length % 4);\n const payloadJson = Buffer.from(parts[1] + \"=\".repeat(padding % 4), \"base64\").toString(\"utf-8\");\n const claims = JSON.parse(payloadJson);\n if (claims.exp != null) {\n const maxAge = Math.max(Number(claims.exp) - Math.floor(Date.now() / 1000), 60);\n return { token, maxAge, refreshToken };\n }\n }\n } catch {\n // Fall through to default\n }\n return { token, maxAge: AUTH_COOKIE_DEFAULT_MAX_AGE, refreshToken };\n }\n\n const token = body.access_token;\n if (!token) throw new Error(\"Token response missing access_token\");\n const expiresIn = body.expires_in ?? AUTH_COOKIE_DEFAULT_MAX_AGE;\n return { token, maxAge: Number(expiresIn), refreshToken };\n}\n\n// ---------------------------------------------------------------------------\n// Original URL validation\n// ---------------------------------------------------------------------------\n\n/** Validate the original URL is relative and within the expected prefix. */\nexport function validateOriginalUrl(url: string, prefix: string): string {\n let u = url;\n if (u.length > MAX_ORIGINAL_URL_LEN) {\n u = u.slice(0, MAX_ORIGINAL_URL_LEN);\n }\n try {\n const parsed = new URL(u, \"http://dummy\");\n // If the URL has a different origin than dummy, it's absolute\n if (u.startsWith(\"http://\") || u.startsWith(\"https://\") || u.startsWith(\"//\")) {\n return prefix || \"/\";\n }\n // Check hostname is \"dummy\" (relative URL) — otherwise it's absolute\n if (parsed.hostname !== \"dummy\") {\n return prefix || \"/\";\n }\n } catch {\n return prefix || \"/\";\n }\n if (prefix && !u.startsWith(prefix)) {\n return prefix || \"/\";\n }\n return u;\n}\n\nfunction isLocalhost(hostname: string): boolean {\n return hostname === \"localhost\" || hostname === \"127.0.0.1\" || hostname === \"[::1]\";\n}\n\n/** Validate an external return-to URL against an origin allowlist. */\nexport function validateReturnTo(url: string, allowedOrigins?: ReadonlySet<string>): string {\n const origins = allowedOrigins ?? DEFAULT_ALLOWED_RETURN_ORIGINS;\n if (!url || url.length > 2048) return \"\";\n let parsed: URL;\n try {\n parsed = new URL(url);\n } catch {\n return \"\";\n }\n if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") return \"\";\n if (!parsed.hostname) return \"\";\n // localhost with any port is always allowed\n if (isLocalhost(parsed.hostname) && parsed.protocol === \"http:\") return url;\n // Check against allowlist (scheme + host, ignoring path)\n const origin = `${parsed.protocol}//${parsed.hostname}`;\n if (origins.has(origin)) return url;\n // Also try with explicit port\n if (parsed.port) {\n const originWithPort = `${parsed.protocol}//${parsed.hostname}:${parsed.port}`;\n if (origins.has(originWithPort)) return url;\n }\n return \"\";\n}\n\n// ---------------------------------------------------------------------------\n// Cookie helpers\n// ---------------------------------------------------------------------------\n\n/** Parse the Cookie header from a Request into a Map. */\nexport function parseCookies(request: Request): Map<string, string> {\n const header = request.headers.get(\"Cookie\");\n const map = new Map<string, string>();\n if (!header) return map;\n for (const pair of header.split(\";\")) {\n const eq = pair.indexOf(\"=\");\n if (eq < 0) continue;\n const name = pair.slice(0, eq).trim();\n const value = pair.slice(eq + 1).trim();\n map.set(name, value);\n }\n return map;\n}\n\ninterface SetCookieOptions {\n maxAge?: number;\n path?: string;\n secure?: boolean;\n httpOnly?: boolean;\n sameSite?: \"Strict\" | \"Lax\" | \"None\";\n}\n\n/** Build a Set-Cookie header string. */\nexport function buildSetCookieHeader(name: string, value: string, options: SetCookieOptions): string {\n let cookie = `${name}=${value}`;\n if (options.maxAge !== undefined) cookie += `; Max-Age=${options.maxAge}`;\n if (options.path) cookie += `; Path=${options.path}`;\n if (options.secure) cookie += \"; Secure\";\n if (options.httpOnly) cookie += \"; HttpOnly\";\n if (options.sameSite) cookie += `; SameSite=${options.sameSite}`;\n return cookie;\n}\n\n// ---------------------------------------------------------------------------\n// Error HTML page\n// ---------------------------------------------------------------------------\n\nfunction escapeHtml(s: string): string {\n return s.replace(/&/g, \"&\").replace(/</g, \"<\").replace(/>/g, \">\").replace(/\"/g, \""\");\n}\n\n/** Render a user-friendly OAuth error page. */\nexport function buildOAuthErrorPage(message: string, detail: string | null, retryUrl: string): string {\n const detailHtml = detail ? `<div class=\"detail\">${escapeHtml(detail)}</div>` : \"\";\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n<title>Authentication Error \\u2014 vgi-rpc</title>\n${FONTS}\n${ERROR_PAGE_STYLE}\n</head>\n<body>\n<div class=\"logo\">\n <img src=\"${LOGO_URL}\" alt=\"vgi-rpc logo\">\n</div>\n<h1>Authentication Error</h1>\n<p>${escapeHtml(message)}</p>\n${detailHtml}\n<p><a href=\"${escapeHtml(retryUrl)}\">Try again</a></p>\n<footer>\n Powered by <a href=\"https://vgi-rpc.query.farm\"><code>vgi-rpc</code></a>\n</footer>\n</body>\n</html>`;\n}\n\n// ---------------------------------------------------------------------------\n// User-info JS snippet for landing/describe pages\n// ---------------------------------------------------------------------------\n\nconst USER_INFO_STYLE = `#vgi-user-info {\n position: fixed; top: 12px; right: 16px; z-index: 1000;\n font-family: 'Inter', system-ui, sans-serif; font-size: 0.85em;\n display: flex; align-items: center; gap: 8px;\n background: #fff; border: 1px solid #e0ddd0; border-radius: 20px;\n padding: 4px 14px 4px 6px; box-shadow: 0 2px 8px rgba(0,0,0,0.06);\n}\n#vgi-user-info img {\n width: 26px; height: 26px; border-radius: 50%;\n}\n#vgi-user-info .email { color: #2c2c1e; font-weight: 500; }\n#vgi-user-info a {\n color: #6b6b5a; text-decoration: none; margin-left: 4px;\n font-size: 0.9em;\n}\n#vgi-user-info a:hover { color: #8b0000; }`;\n\nfunction buildUserInfoScript(cookieName: string, logoutUrl: string): string {\n return `(function() {\n var c = document.cookie.match('(^|;)\\\\\\\\s*${cookieName}=([^;]+)');\n if (!c) return;\n try {\n var parts = c[2].split('.');\n var payload = JSON.parse(atob(parts[1].replace(/-/g,'+').replace(/_/g,'/')));\n var el = document.getElementById('vgi-user-info');\n if (!el) return;\n var html = '';\n if (payload.picture) html += '<img src=\"' + payload.picture + '\" alt=\"\">';\n html += '<span class=\"email\">' + (payload.email || payload.sub || '') + '</span>';\n html += '<a href=\"${logoutUrl}\">Sign out</a>';\n el.innerHTML = html;\n } catch(e) {}\n})();`;\n}\n\n/** Return HTML snippet (style + div + script) for user info display. */\nexport function buildUserInfoHtml(prefix: string): string {\n const logoutUrl = `${prefix}/_oauth/logout`;\n return (\n `<style>${USER_INFO_STYLE}</style>\\n` +\n `<div id=\"vgi-user-info\"></div>\\n` +\n `<script>${buildUserInfoScript(AUTH_COOKIE_NAME, logoutUrl)}</script>`\n );\n}\n\n// ---------------------------------------------------------------------------\n// Cookie authenticate function\n// ---------------------------------------------------------------------------\n\n/**\n * Create an authenticate callback that reads a bearer token from a cookie.\n *\n * Extracts the token from the named cookie and delegates validation to the\n * `innerAuth` authenticator by creating a new Request with an Authorization header.\n */\nexport function cookieAuthenticate(innerAuth: AuthenticateFn, cookieName: string = AUTH_COOKIE_NAME): AuthenticateFn {\n return async function authenticate(request: Request): Promise<AuthContext> {\n const cookies = parseCookies(request);\n const token = cookies.get(cookieName);\n if (!token) {\n throw new Error(\"No auth cookie\");\n }\n // Create a new Request with the cookie token as an Authorization header\n const newHeaders = new Headers(request.headers);\n newHeaders.set(\"Authorization\", `Bearer ${token}`);\n const newRequest = new Request(request.url, {\n method: request.method,\n headers: newHeaders,\n });\n return innerAuth(newRequest);\n };\n}\n\n// ---------------------------------------------------------------------------\n// OAuth PKCE configuration\n// ---------------------------------------------------------------------------\n\n/** Configuration object produced by configureOAuthPkce. */\nexport interface OAuthPkceConfig {\n sessionKey: Uint8Array;\n oidcDiscovery: () => Promise<OidcEndpoints | null>;\n clientId: string;\n clientSecret: string | undefined;\n useIdToken: boolean;\n prefix: string;\n secureCookie: boolean;\n redirectUri: string;\n scope: string;\n allowedReturnOrigins: ReadonlySet<string>;\n cookieAuthenticate: AuthenticateFn;\n userInfoHtml: string;\n}\n\n/** Options for configureOAuthPkce. */\nexport interface OAuthPkceOptions {\n signingKey: Uint8Array;\n issuer: string;\n clientId: string;\n clientSecret?: string;\n useIdToken?: boolean;\n prefix: string;\n secureCookie: boolean;\n redirectUri: string;\n scope?: string;\n allowedReturnOrigins?: ReadonlySet<string>;\n}\n\n/**\n * Resolve the OAuth PKCE `scope` string from available sources.\n *\n * Precedence:\n * 1. `scopesSupported` from OAuth resource metadata (space-joined), when non-empty.\n * 2. Explicit `optionsScope` override (e.g. `HttpHandlerOptions.oauthPkceScope`).\n * 3. `undefined`, which lets `configureOAuthPkce` apply its built-in default of\n * `\"openid email\"`.\n *\n * Mirrors the Python reference behavior introduced in vgi-rpc v0.6.12: authorization\n * requests should use the scopes the server publishes in its protected resource\n * metadata, so clients ask for exactly what the resource advertises.\n */\nexport function resolvePkceScope(\n scopesSupported: readonly string[] | undefined,\n optionsScope: string | undefined,\n): string | undefined {\n if (scopesSupported && scopesSupported.length > 0) {\n return scopesSupported.join(\" \");\n }\n return optionsScope;\n}\n\n/** Factory function wiring all PKCE components. */\nexport function configureOAuthPkce(opts: OAuthPkceOptions, innerAuth: AuthenticateFn): OAuthPkceConfig {\n const sessionKey = deriveSessionKey(opts.signingKey);\n const oidcDiscovery = createOidcDiscovery(opts.issuer);\n return {\n sessionKey,\n oidcDiscovery,\n clientId: opts.clientId,\n clientSecret: opts.clientSecret,\n useIdToken: opts.useIdToken ?? false,\n prefix: opts.prefix,\n secureCookie: opts.secureCookie,\n redirectUri: opts.redirectUri,\n scope: opts.scope ?? \"openid email\",\n allowedReturnOrigins: opts.allowedReturnOrigins ?? DEFAULT_ALLOWED_RETURN_ORIGINS,\n cookieAuthenticate: cookieAuthenticate(innerAuth),\n userInfoHtml: buildUserInfoHtml(opts.prefix),\n };\n}\n\n// ---------------------------------------------------------------------------\n// OAuth token-exchange proxy\n// ---------------------------------------------------------------------------\n\nconst ALLOWED_TOKEN_GRANT_TYPES: ReadonlySet<string> = new Set([\"authorization_code\", \"refresh_token\"]);\n\nfunction isLocalhostHost(hostname: string): boolean {\n return hostname === \"localhost\" || hostname === \"127.0.0.1\" || hostname === \"[::1]\";\n}\n\n/** Set Access-Control-Allow-Origin when the request's Origin is in the allowlist (or is localhost). */\nfunction setProxyCors(headers: Headers, request: Request, config: OAuthPkceConfig): void {\n headers.append(\"Vary\", \"Origin\");\n const origin = request.headers.get(\"Origin\");\n if (!origin) return;\n let parsed: URL;\n try {\n parsed = new URL(origin);\n } catch {\n return;\n }\n if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") return;\n if (!parsed.hostname) return;\n if (isLocalhostHost(parsed.hostname) && parsed.protocol === \"http:\") {\n headers.set(\"Access-Control-Allow-Origin\", origin);\n return;\n }\n if (config.allowedReturnOrigins.has(origin)) {\n headers.set(\"Access-Control-Allow-Origin\", origin);\n }\n}\n\nfunction jsonErrorResponse(headers: Headers, status: number, error: string, description: string): Response {\n headers.set(\"Content-Type\", \"application/json\");\n return new Response(JSON.stringify({ error, error_description: description }), { status, headers });\n}\n\n/**\n * Handle POST/OPTIONS {prefix}/_oauth/token — the PKCE token-exchange proxy.\n *\n * SPA PKCE clients cannot safely hold a client_secret, but some IdPs\n * (notably Google) reject token-endpoint requests from \"Web application\"\n * clients without one. This handler accepts authorization_code/refresh_token\n * exchanges from a browser, injects the configured server-side\n * client_secret, and forwards the request to the IdP's real token_endpoint.\n * The IdP response is returned verbatim (status code + body).\n */\nexport async function handleOAuthTokenProxy(request: Request, config: OAuthPkceConfig): Promise<Response> {\n const headers = new Headers();\n setProxyCors(headers, request, config);\n\n if (request.method === \"OPTIONS\") {\n headers.set(\"Access-Control-Allow-Methods\", \"POST, OPTIONS\");\n headers.set(\"Access-Control-Allow-Headers\", \"Content-Type\");\n headers.set(\"Access-Control-Max-Age\", \"7200\");\n return new Response(null, { status: 204, headers });\n }\n\n if (request.method !== \"POST\") {\n return new Response(null, { status: 405, headers });\n }\n\n const ctype = (request.headers.get(\"Content-Type\") ?? \"\").split(\";\")[0].trim().toLowerCase();\n if (ctype !== \"application/x-www-form-urlencoded\") {\n return jsonErrorResponse(headers, 415, \"invalid_request\", \"Content-Type must be application/x-www-form-urlencoded\");\n }\n\n let raw: string;\n try {\n raw = await request.text();\n } catch {\n return jsonErrorResponse(headers, 400, \"invalid_request\", \"Could not read request body\");\n }\n\n let form: URLSearchParams;\n try {\n form = new URLSearchParams(raw);\n } catch {\n return jsonErrorResponse(headers, 400, \"invalid_request\", \"Could not parse form body\");\n }\n\n const grantType = form.get(\"grant_type\") ?? \"\";\n if (!ALLOWED_TOKEN_GRANT_TYPES.has(grantType)) {\n return jsonErrorResponse(\n headers,\n 400,\n \"unsupported_grant_type\",\n \"grant_type must be authorization_code or refresh_token\",\n );\n }\n\n const submittedClientId = form.get(\"client_id\");\n if (submittedClientId && submittedClientId !== config.clientId) {\n return jsonErrorResponse(headers, 400, \"invalid_client\", \"client_id does not match the configured client\");\n }\n\n const endpoints = await config.oidcDiscovery();\n if (!endpoints) {\n return jsonErrorResponse(headers, 502, \"server_error\", \"Authorization server discovery failed\");\n }\n\n const upstream = new URLSearchParams();\n upstream.set(\"grant_type\", grantType);\n upstream.set(\"client_id\", config.clientId);\n if (config.clientSecret) {\n upstream.set(\"client_secret\", config.clientSecret);\n }\n for (const key of [\"code\", \"code_verifier\", \"redirect_uri\", \"refresh_token\", \"scope\"]) {\n const value = form.get(key);\n if (value !== null && value !== \"\") {\n upstream.set(key, value);\n }\n }\n\n let upstreamResp: Response;\n try {\n upstreamResp = await fetch(endpoints.tokenEndpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: upstream.toString(),\n signal: AbortSignal.timeout(15000),\n });\n } catch (err: any) {\n return jsonErrorResponse(headers, 502, \"server_error\", `Upstream token endpoint failed: ${err?.message ?? err}`);\n }\n\n const body = new Uint8Array(await upstreamResp.arrayBuffer());\n const ct = upstreamResp.headers.get(\"content-type\") ?? \"application/json\";\n headers.set(\"Content-Type\", ct);\n return new Response(body, { status: upstreamResp.status, headers });\n}\n\n// ---------------------------------------------------------------------------\n// OAuth callback handler\n// ---------------------------------------------------------------------------\n\n/** Handle GET {prefix}/_oauth/callback — the redirect from the authorization server. */\nexport async function handleOAuthCallback(request: Request, config: OAuthPkceConfig): Promise<Response> {\n const url = new URL(request.url);\n const retryUrl = config.prefix || \"/\";\n\n function errorResponse(status: number, message: string, detail: string | null): Response {\n return new Response(buildOAuthErrorPage(message, detail, retryUrl), {\n status,\n headers: { \"Content-Type\": \"text/html; charset=utf-8\" },\n });\n }\n\n // Check for authorization server error\n const error = url.searchParams.get(\"error\");\n if (error) {\n const errorDesc = url.searchParams.get(\"error_description\") ?? error;\n return errorResponse(400, \"The authorization server returned an error.\", errorDesc);\n }\n\n // Extract code and state from query\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n if (!code || !state) {\n return errorResponse(400, \"Missing authorization code or state parameter.\", null);\n }\n\n // Read and validate session cookie\n const cookies = parseCookies(request);\n const sessionCookie = cookies.get(SESSION_COOKIE_NAME);\n if (!sessionCookie) {\n return errorResponse(400, \"Session cookie missing or expired. Please try again.\", null);\n }\n\n let unpacked: UnpackedOAuthCookie;\n try {\n unpacked = unpackOAuthCookie(sessionCookie, config.sessionKey);\n } catch {\n return errorResponse(400, \"Session expired or invalid. Please try again.\", null);\n }\n\n // CSRF: validate state matches (constant-time)\n const stateA = Buffer.from(state, \"utf-8\");\n const stateB = Buffer.from(unpacked.stateNonce, \"utf-8\");\n if (stateA.length !== stateB.length || !timingSafeEqual(stateA, stateB)) {\n return errorResponse(400, \"State mismatch \\u2014 possible CSRF. Please try again.\", null);\n }\n\n // Discover token endpoint\n const endpoints = await config.oidcDiscovery();\n if (!endpoints) {\n return errorResponse(502, \"Could not reach the authorization server.\", \"OIDC discovery failed.\");\n }\n\n // Exchange code for token\n let result: TokenExchangeResult;\n try {\n result = await exchangeCodeForToken(\n endpoints.tokenEndpoint,\n code,\n config.redirectUri,\n unpacked.codeVerifier,\n config.clientId,\n config.clientSecret,\n config.useIdToken,\n );\n } catch (err: any) {\n return errorResponse(502, \"Token exchange with the authorization server failed.\", String(err.message ?? err));\n }\n\n const clearSessionCookie = buildSetCookieHeader(SESSION_COOKIE_NAME, \"\", {\n maxAge: 0,\n path: `${config.prefix}/_oauth/`,\n secure: config.secureCookie,\n httpOnly: true,\n sameSite: \"Lax\",\n });\n\n // External frontend: redirect with token + OAuth metadata in URL fragment\n if (unpacked.returnTo) {\n const separator = unpacked.returnTo.includes(\"#\") ? \"&\" : \"#\";\n const fragmentParts = [`token=${result.token}`];\n if (result.refreshToken) {\n fragmentParts.push(`refresh_token=${encodeURIComponent(result.refreshToken)}`);\n }\n fragmentParts.push(`token_endpoint=${encodeURIComponent(endpoints.tokenEndpoint)}`);\n fragmentParts.push(`client_id=${encodeURIComponent(config.clientId)}`);\n if (config.clientSecret) {\n fragmentParts.push(`client_secret=${encodeURIComponent(config.clientSecret)}`);\n }\n if (config.useIdToken) {\n fragmentParts.push(\"use_id_token=true\");\n }\n const redirectUrl = `${unpacked.returnTo}${separator}${fragmentParts.join(\"&\")}`;\n\n return new Response(null, {\n status: 302,\n headers: {\n Location: redirectUrl,\n \"Cache-Control\": \"no-cache, no-store, must-revalidate\",\n \"Content-Type\": \"text/html; charset=utf-8\",\n \"Set-Cookie\": clearSessionCookie,\n },\n });\n }\n\n // Same-origin: redirect to original page with cookies\n const originalUrl = validateOriginalUrl(unpacked.originalUrl, config.prefix);\n const cookiePath = config.prefix || \"/\";\n\n const authCookie = buildSetCookieHeader(AUTH_COOKIE_NAME, result.token, {\n maxAge: result.maxAge,\n path: cookiePath,\n secure: config.secureCookie,\n httpOnly: false,\n sameSite: \"Lax\",\n });\n\n // Response with two Set-Cookie headers\n const headers = new Headers();\n headers.set(\"Location\", originalUrl);\n headers.set(\"Cache-Control\", \"no-cache, no-store, must-revalidate\");\n headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n headers.append(\"Set-Cookie\", authCookie);\n headers.append(\"Set-Cookie\", clearSessionCookie);\n\n return new Response(null, { status: 302, headers });\n}\n\n// ---------------------------------------------------------------------------\n// OAuth logout handler\n// ---------------------------------------------------------------------------\n\n/** Handle GET {prefix}/_oauth/logout — clear auth cookie and redirect. */\nexport function handleOAuthLogout(_request: Request, config: OAuthPkceConfig): Response {\n const cookiePath = config.prefix || \"/\";\n const clearAuthCookie = buildSetCookieHeader(AUTH_COOKIE_NAME, \"\", {\n maxAge: 0,\n path: cookiePath,\n secure: config.secureCookie,\n httpOnly: false,\n });\n return new Response(null, {\n status: 302,\n headers: {\n Location: config.prefix || \"/\",\n \"Set-Cookie\": clearAuthCookie,\n },\n });\n}\n\n// ---------------------------------------------------------------------------\n// Browser GET redirect (replaces 401 with OAuth redirect for browsers)\n// ---------------------------------------------------------------------------\n\n/** Redirect an unauthenticated browser GET to the OAuth authorization endpoint. Returns null if unable. */\nexport async function handleBrowserGetRedirect(request: Request, config: OAuthPkceConfig): Promise<Response | null> {\n // Only redirect browsers (Accept: text/html)\n const accept = request.headers.get(\"Accept\") ?? \"\";\n if (!accept.includes(\"text/html\")) return null;\n\n // Discover authorization endpoint\n const endpoints = await config.oidcDiscovery();\n if (!endpoints) return null;\n\n const url = new URL(request.url);\n\n // Generate PKCE parameters\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const stateNonce = generateStateNonce();\n\n // Capture original URL\n let originalUrl = url.pathname;\n if (url.search) {\n originalUrl = `${originalUrl}${url.search}`;\n }\n originalUrl = validateOriginalUrl(originalUrl, config.prefix);\n\n // Check for external frontend return URL\n const returnTo = validateReturnTo(url.searchParams.get(\"_vgi_return_to\") ?? \"\", config.allowedReturnOrigins);\n\n // Pack session cookie\n const cookieValue = packOAuthCookie(codeVerifier, stateNonce, originalUrl, config.sessionKey, undefined, returnTo);\n\n // Build authorization URL\n const authParams = new URLSearchParams({\n response_type: \"code\",\n client_id: config.clientId,\n redirect_uri: config.redirectUri,\n code_challenge: codeChallenge,\n code_challenge_method: \"S256\",\n state: stateNonce,\n scope: config.scope,\n });\n // When redirecting to an external frontend, request offline access\n if (returnTo) {\n authParams.set(\"access_type\", \"offline\");\n authParams.set(\"prompt\", \"consent\");\n }\n const authUrl = `${endpoints.authorizationEndpoint}?${authParams.toString()}`;\n\n const sessionCookie = buildSetCookieHeader(SESSION_COOKIE_NAME, cookieValue, {\n maxAge: SESSION_MAX_AGE,\n path: `${config.prefix}/_oauth/`,\n secure: config.secureCookie,\n httpOnly: true,\n sameSite: \"Lax\",\n });\n\n return new Response(null, {\n status: 302,\n headers: {\n Location: authUrl,\n \"Cache-Control\": \"no-cache, no-store, must-revalidate\",\n \"Content-Type\": \"text/html; charset=utf-8\",\n \"Set-Cookie\": sessionCookie,\n },\n });\n}\n\n// ---------------------------------------------------------------------------\n// Early return-to redirect (authenticated user with _vgi_return_to)\n// ---------------------------------------------------------------------------\n\n/** If user is already authenticated and has _vgi_return_to, redirect immediately. Returns null otherwise. */\nexport function handleEarlyReturnTo(request: Request, config: OAuthPkceConfig): Response | null {\n const url = new URL(request.url);\n const returnTo = validateReturnTo(url.searchParams.get(\"_vgi_return_to\") ?? \"\", config.allowedReturnOrigins);\n if (!returnTo) return null;\n\n // Check for existing auth token in cookie\n const cookies = parseCookies(request);\n const token = cookies.get(AUTH_COOKIE_NAME);\n if (!token) return null;\n\n // Don't redirect with an expired token — let the OAuth flow run again\n try {\n const parts = token.split(\".\");\n if (parts.length >= 2) {\n const payload = JSON.parse(Buffer.from(parts[1], \"base64url\").toString(\"utf-8\"));\n if (typeof payload.exp === \"number\" && payload.exp <= Math.floor(Date.now() / 1000)) {\n return null;\n }\n }\n } catch {\n /* not a JWT or can't decode — proceed with redirect */\n }\n\n // Already authenticated with a return_to — redirect back with the token\n const separator = returnTo.includes(\"#\") ? \"&\" : \"#\";\n const fragmentParams = [`token=${token}`];\n const redirectUrl = `${returnTo}${separator}${fragmentParams.join(\"&\")}`;\n\n return new Response(null, {\n status: 302,\n headers: {\n Location: redirectUrl,\n \"Cache-Control\": \"no-cache, no-store, must-revalidate\",\n },\n });\n}\n",
|
|
44
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Sticky-session machinery for the HTTP transport.\n *\n * Sticky sessions let an RPC method bind a state object (a DB cursor, a\n * loaded model, an open file handle) to the worker process that opened it,\n * keyed by a short-lived AEAD-sealed token. Subsequent requests carrying\n * the same `VGI-Session` header restore the object as `ctx.session`;\n * requests that miss (wrong worker, expired, evicted) surface as a typed\n * {@link SessionLostError}.\n *\n * HTTP-only and opt-in: the non-sticky wire path is byte-identical to the\n * pre-sticky framework.\n *\n * Mirrors Python's `vgi_rpc/http/server/_sticky.py`.\n */\n\nimport { openBytes, SealError, sealBytes } from \"../crypto.js\";\nimport { ServerDrainingError, SessionLostError } from \"../errors.js\";\nimport { randomBytes } from \"../util/web-crypto.js\";\n\nconst _UTF8 = new TextEncoder();\nconst _UTF8DEC = new TextDecoder(\"utf-8\", { fatal: false });\n\nconst TOKEN_VERSION = 1;\nconst SESSION_ID_LEN = 12; // bytes — matches Python's `_SESSION_ID_LEN`\n\n// Plaintext frame layout (little-endian):\n// [u64 created_at]\n// [u8 server_id_len]\n// [server_id_len bytes ASCII server_id]\n// [12B session_id]\n// [u64 expires_at]\nconst PREFIX_LEN = 8 + 1; // created_at + server_id_len\nconst SUFFIX_LEN = 8; // expires_at\n\n// ---------------------------------------------------------------------------\n// base64url helpers (no padding) — `VGI-Session` is header-safe\n// ---------------------------------------------------------------------------\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n let s = \"\";\n for (let i = 0; i < bytes.length; i += 0x8000) {\n s += String.fromCharCode(...bytes.subarray(i, i + 0x8000));\n }\n return btoa(s).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n\nfunction base64UrlDecode(s: string): Uint8Array {\n let b64 = s.replace(/-/g, \"+\").replace(/_/g, \"/\");\n // Re-pad to multiple of 4 for `atob`.\n const pad = b64.length % 4;\n if (pad === 2) b64 += \"==\";\n else if (pad === 3) b64 += \"=\";\n else if (pad === 1) throw new Error(\"invalid base64url length\");\n const bin = atob(b64);\n const out = new Uint8Array(bin.length);\n for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);\n return out;\n}\n\n// ---------------------------------------------------------------------------\n// Token sealing\n// ---------------------------------------------------------------------------\n\n/** Seal a sticky-session token. Returns the base64url-encoded value for the\n * `VGI-Session` header. */\nexport function sealSessionToken(\n serverId: string,\n sessionId: Uint8Array,\n expiresAt: number,\n tokenKey: Uint8Array,\n aad: Uint8Array,\n now?: number,\n): string {\n if (sessionId.length !== SESSION_ID_LEN) {\n throw new Error(`session_id must be ${SESSION_ID_LEN} bytes, got ${sessionId.length}`);\n }\n const serverIdBytes = _UTF8.encode(serverId);\n if (serverIdBytes.length > 255) {\n throw new Error(`server_id too long (${serverIdBytes.length} bytes); max 255`);\n }\n const plaintext = new Uint8Array(PREFIX_LEN + serverIdBytes.length + SESSION_ID_LEN + SUFFIX_LEN);\n const view = new DataView(plaintext.buffer);\n let offset = 0;\n view.setBigUint64(offset, BigInt(now ?? Math.floor(Date.now() / 1000)), true);\n offset += 8;\n plaintext[offset] = serverIdBytes.length;\n offset += 1;\n plaintext.set(serverIdBytes, offset);\n offset += serverIdBytes.length;\n plaintext.set(sessionId, offset);\n offset += SESSION_ID_LEN;\n view.setBigUint64(offset, BigInt(expiresAt), true);\n const sealed = sealBytes(plaintext, tokenKey, { aad, version: TOKEN_VERSION });\n return base64UrlEncode(sealed);\n}\n\nexport interface OpenedSessionToken {\n serverId: string;\n sessionId: Uint8Array;\n expiresAt: number;\n}\n\n/** Open a sticky-session token. Raises {@link SessionLostError} on any failure\n * — wrong AAD (cross-principal replay) is indistinguishable from garbage. */\nexport function openSessionToken(token: string, tokenKey: Uint8Array, aad: Uint8Array): OpenedSessionToken {\n let raw: Uint8Array;\n try {\n raw = base64UrlDecode(token);\n } catch {\n throw new SessionLostError(\"malformed session token\");\n }\n let plaintext: Uint8Array;\n try {\n plaintext = openBytes(raw, tokenKey, { aad, version: TOKEN_VERSION });\n } catch (err) {\n if (err instanceof SealError) {\n throw new SessionLostError(\"session token verification failed\");\n }\n throw err;\n }\n if (plaintext.length < PREFIX_LEN) {\n throw new SessionLostError(\"malformed session token\");\n }\n const view = new DataView(plaintext.buffer, plaintext.byteOffset, plaintext.byteLength);\n const serverIdLen = plaintext[8];\n const sidPos = PREFIX_LEN + serverIdLen;\n const endPos = sidPos + SESSION_ID_LEN + SUFFIX_LEN;\n if (plaintext.length !== endPos) {\n throw new SessionLostError(\"malformed session token\");\n }\n const serverId = _UTF8DEC.decode(plaintext.subarray(PREFIX_LEN, sidPos));\n // Copy session_id into a fresh buffer so callers can hold it without\n // pinning the larger plaintext buffer.\n const sessionId = new Uint8Array(SESSION_ID_LEN);\n sessionId.set(plaintext.subarray(sidPos, sidPos + SESSION_ID_LEN));\n const expiresAt = Number(view.getBigUint64(sidPos + SESSION_ID_LEN, true));\n return { serverId, sessionId, expiresAt };\n}\n\n// ---------------------------------------------------------------------------\n// Async mutex — serializes same-session calls\n// ---------------------------------------------------------------------------\n\n/** Minimal promise-based mutex. The HTTP handler awaits `acquire()` before\n * dispatching on a resumed session and calls the returned release in a\n * `finally` so concurrent calls on the same session run sequentially. */\nclass AsyncMutex {\n private locked = false;\n private waiters: Array<() => void> = [];\n\n async acquire(): Promise<() => void> {\n if (!this.locked) {\n this.locked = true;\n return () => this.release();\n }\n await new Promise<void>((resolve) => this.waiters.push(resolve));\n this.locked = true;\n return () => this.release();\n }\n\n private release(): void {\n const next = this.waiters.shift();\n if (next) {\n // Hand the lock straight to the next waiter (still `locked = true`).\n next();\n } else {\n this.locked = false;\n }\n }\n}\n\n// ---------------------------------------------------------------------------\n// Session registry\n// ---------------------------------------------------------------------------\n\n/** A live session in the per-worker registry. */\nexport interface SessionEntry {\n state: unknown;\n expiresAt: number; // seconds since epoch\n principalKey: string;\n lock: AsyncMutex;\n}\n\n/**\n * Derive the registry partition key for a request principal.\n *\n * Both the dispatch path and the `DELETE /__session__` teardown path MUST\n * compute this identically — otherwise a session opened on one path can't\n * be looked up on the other. The NUL separator (rather than a space)\n * keeps `{domain:\"a\", principal:\"b \"}` from colliding with\n * `{domain:\"a \", principal:\"b\"}`. Anonymous requests collapse to a\n * single sentinel.\n *\n * `domain` / `principal` are the authenticated identity fields, or\n * null/undefined for anonymous.\n */\nexport function sessionPrincipalKey(\n authenticated: boolean,\n domain: string | null | undefined,\n principal: string | null | undefined,\n): string {\n if (!authenticated) return \"\\u0000anonymous\";\n return `${domain ?? \"\"}\\u0000${principal ?? \"\"}`;\n}\n\n/** Hex-encode a session_id Uint8Array (24-char lowercase hex). */\nexport function sessionIdHex(sessionId: Uint8Array): string {\n let s = \"\";\n for (let i = 0; i < sessionId.length; i++) s += sessionId[i].toString(16).padStart(2, \"0\");\n return s;\n}\n\n/** Compare two byte arrays for equality. */\nfunction bytesEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n for (let i = 0; i < a.length; i++) if (a[i] !== b[i]) return false;\n return true;\n}\n\n/** Per-worker in-process map of live sticky sessions. */\nexport class SessionRegistry {\n // Use a Map keyed by hex id (Uint8Array isn't a valid Map key for equality).\n private entries = new Map<string, { id: Uint8Array; entry: SessionEntry }>();\n private _draining = false;\n\n constructor(public readonly defaultTtl: number) {}\n\n get draining(): boolean {\n return this._draining;\n }\n\n setDraining(value: boolean): void {\n this._draining = value;\n }\n\n /** Register a session. Throws {@link ServerDrainingError} when draining. */\n open(state: unknown, ttl: number | undefined, principalKey: string): { sessionId: Uint8Array; expiresAt: number } {\n if (this._draining) {\n throw new ServerDrainingError(\"server is draining — new sessions are rejected\");\n }\n const effective = ttl ?? this.defaultTtl;\n const expiresAt = Math.floor(Date.now() / 1000) + effective;\n const sessionId = randomBytes(SESSION_ID_LEN);\n const key = sessionIdHex(sessionId);\n this.entries.set(key, {\n id: sessionId,\n entry: { state, expiresAt, principalKey, lock: new AsyncMutex() },\n });\n return { sessionId, expiresAt };\n }\n\n /** Look up a session. Returns null on miss, expiry, or principal mismatch.\n * Expired entries are evicted in-line (and `state.close?.()` invoked). */\n get(sessionId: Uint8Array, principalKey: string): SessionEntry | null {\n const key = sessionIdHex(sessionId);\n const slot = this.entries.get(key);\n if (!slot) return null;\n if (!bytesEqual(slot.id, sessionId)) return null;\n const now = Math.floor(Date.now() / 1000);\n if (slot.entry.expiresAt < now) {\n this.entries.delete(key);\n closeStateSuppressed(slot.entry.state);\n return null;\n }\n if (slot.entry.principalKey !== principalKey) return null;\n return slot.entry;\n }\n\n /** Remove a session and invoke `state.close?.()`. Returns true on hit. */\n close(sessionId: Uint8Array): boolean {\n const key = sessionIdHex(sessionId);\n const slot = this.entries.get(key);\n if (!slot || !bytesEqual(slot.id, sessionId)) return false;\n this.entries.delete(key);\n closeStateSuppressed(slot.entry.state);\n return true;\n }\n\n /** Evict every entry past its TTL. Returns the eviction count. */\n drainExpired(now?: number): number {\n const cutoff = now ?? Math.floor(Date.now() / 1000);\n let count = 0;\n for (const [key, slot] of this.entries) {\n if (slot.entry.expiresAt < cutoff) {\n this.entries.delete(key);\n closeStateSuppressed(slot.entry.state);\n count++;\n }\n }\n return count;\n }\n\n /** Invoke `state.close?.()` on every live session and clear the registry. */\n shutdown(): void {\n const slots = Array.from(this.entries.values());\n this.entries.clear();\n for (const slot of slots) closeStateSuppressed(slot.entry.state);\n }\n\n get size(): number {\n return this.entries.size;\n }\n}\n\nfunction closeStateSuppressed(state: unknown): void {\n const closer = (state as { close?: unknown })?.close;\n if (typeof closer !== \"function\") return;\n try {\n (closer as () => unknown).call(state);\n } catch {\n // Suppress — eviction must not crash the reaper.\n }\n}\n\n// ---------------------------------------------------------------------------\n// Reaper\n// ---------------------------------------------------------------------------\n\n/** Start a periodic reaper that evicts expired sessions. Returns a stop fn.\n * Uses `setInterval().unref()` where available so the reaper does not keep\n * the process alive. */\nexport function startSessionReaper(registry: SessionRegistry, tickMs = 1000): () => void {\n const handle = setInterval(() => {\n try {\n registry.drainExpired();\n } catch {\n // never crash the reaper\n }\n }, tickMs);\n (handle as { unref?: () => void }).unref?.();\n return () => clearInterval(handle);\n}\n\n// ---------------------------------------------------------------------------\n// Per-request sticky sink — bridges CallContext to the handler\n// ---------------------------------------------------------------------------\n\n/** Per-request handle that the HTTP handler installs on the OutputCollector.\n * `CallContext.openSession` / `closeSession` / `session` read and mutate\n * this object; the handler then emits the resulting headers on the\n * response. */\nexport interface StickySink {\n /** True iff the request carried `VGI-Session-Accept: true`. */\n acceptOpens: boolean;\n /** Live session state (resumed or just-opened). Null until `openSession`\n * or a successful resume populates it. */\n state: unknown | null;\n /** Hex session_id for the access log. Populated on resume + open;\n * preserved across `closeSession` so close records still carry the id. */\n sessionId: string | null;\n /** Set by `openSession` so `process_response` emits `VGI-Session: <token>`. */\n mintToken: string | null;\n /** Set by `closeSession` so `process_response` emits `VGI-Session-Close: true`. */\n closed: boolean;\n /** Sticky-session lifecycle action observed during dispatch — one of\n * \"none\" / \"resume\" / \"open\" / \"close\". Surfaced on the access log. */\n action: \"none\" | \"resume\" | \"open\" | \"close\";\n /** Bound by the handler: registers `state` in the registry, mints the\n * AEAD-sealed token, and stamps `mintToken` + `sessionId`. */\n _open(state: unknown, ttl: number | undefined): void;\n /** Bound by the handler: removes the registry entry + invokes\n * `state.close?.()`. Idempotent. */\n _close(): void;\n}\n\n/** Build a `StickySink` for a request without sticky support — `_open` /\n * `_close` throw the same RuntimeError shape as Python's implementation so\n * call sites get a clear message. */\nexport function unavailableStickySink(): StickySink {\n return {\n acceptOpens: false,\n state: null,\n sessionId: null,\n mintToken: null,\n closed: false,\n action: \"none\",\n _open() {\n throw new Error(\"sticky sessions not available on this transport\");\n },\n _close() {\n throw new Error(\"sticky sessions not available on this transport\");\n },\n };\n}\n\n// ---------------------------------------------------------------------------\n// Drain handle — operator-facing API for graceful shutdown\n// ---------------------------------------------------------------------------\n\n/** Operator-facing handle returned by `createHttpHandler` (when sticky is\n * enabled) so SIGTERM hooks / worker-exit hooks can drain in-flight\n * sessions cleanly. Mirrors Python's `DrainHandle`. */\nexport interface DrainHandle {\n /** Flip the registry's drain flag — subsequent `ctx.openSession` raises\n * {@link ServerDrainingError}. Existing sessions continue. */\n drain(): void;\n /** Invoke `state.close?.()` on every live session and clear the registry. */\n shutdown(): void;\n /** Return whether `drain()` has been invoked. */\n isDraining(): boolean;\n /** Test-only / advanced: flip the drain flag back. Production deployments\n * only ever drain in one direction; conformance tests use this to clean\n * up the fixture between tests. */\n setDraining(value: boolean): void;\n}\n\n/** Build a {@link DrainHandle} for *registry*. `stopReaper`, when supplied,\n * is invoked by `shutdown()` so the periodic reaper interval is cleared and\n * the handle fully releases its resources. */\nexport function makeDrainHandle(registry: SessionRegistry, stopReaper?: () => void): DrainHandle {\n return {\n drain: () => registry.setDraining(true),\n shutdown: () => {\n stopReaper?.();\n registry.shutdown();\n },\n isDraining: () => registry.draining,\n setDraining: (v) => registry.setDraining(v),\n };\n}\n\n// AAD: sticky tokens reuse the existing `computeAad` from `./token.ts` so the\n// principal binding is identical for state and session tokens. The envelope\n// version byte (`TOKEN_VERSION = 1` here vs. `TOKEN_VERSION = 4` for state\n// tokens) keeps the two formats discriminated under the same key.\n",
|
|
45
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { ExternalLocationConfig, UploadUrlProvider } from \"../external.js\";\nimport type { DispatchHook, ServeStartHook } from \"../types.js\";\nimport type { AuthenticateFn, OAuthResourceMetadata } from \"./auth.js\";\n\n/** Configuration options for createHttpHandler(). */\nexport interface HttpHandlerOptions {\n /** URL path prefix for all endpoints. Default: \"\" (root). */\n prefix?: string;\n /** XChaCha20-Poly1305 master key (32 bytes) used to seal stream state\n * tokens. A random 32-byte key is generated if omitted (tokens won't\n * survive a restart or load-balance across workers). */\n tokenKey?: Uint8Array;\n /** State token time-to-live in seconds. Default: 3600 (1 hour). 0 disables TTL checks. */\n tokenTtl?: number;\n /** CORS allowed origins. If set, CORS headers are added to all responses. */\n corsOrigins?: string;\n /** Access-Control-Max-Age value in seconds for preflight OPTIONS responses. Default: 7200 (2 hours). null omits the header. */\n corsMaxAge?: number | null;\n /** Maximum request body size in bytes. Advertised via VGI-Max-Request-Bytes header. */\n maxRequestBytes?: number;\n /** Cap on the post-decompression size of a `Content-Encoding: zstd`\n * request body, in bytes. Defends against zstd decompression bombs:\n * a tiny compressed frame can declare a huge decompressed size and\n * blow up the server before {@link maxRequestBytes} ever sees the\n * payload. When omitted, defaults to `maxRequestBytes * 16` if that\n * is set, otherwise unbounded. */\n maxDecompressedRequestBytes?: number;\n /** Maximum bytes before a producer stream emits a continuation token.\n *\n * @deprecated Use {@link maxResponseBytes} instead. The cap now governs all\n * HTTP method responses (unary, exchange, producer), not just producer streams.\n */\n maxStreamResponseBytes?: number;\n /** HTTP body cap. Hard for unary and stream-exchange (overshoot surfaces\n * as 200 + X-VGI-RPC-Error EXCEPTION batch). Soft for producer streams\n * (overshoot mints a continuation token). Externalised payloads do not\n * count toward this — they leave only tiny pointer batches on the wire.\n * Advertised via VGI-Max-Response-Bytes. Undefined = unbounded. */\n maxResponseBytes?: number;\n /** Cap on bytes uploaded to external storage during one HTTP response.\n * Always hard — externalised uploads have no escape valve. Advertised via\n * VGI-Max-Externalized-Response-Bytes. Undefined = unbounded. */\n maxExternalizedResponseBytes?: number;\n /** Server ID included in response metadata. Random if omitted. */\n serverId?: string;\n /** Custom state serializer for stream state objects. Default: JSON with BigInt support. */\n stateSerializer?: StateSerializer;\n /** zstd compression level for responses (1-22). If set, responses are\n * compressed when the client sends Accept-Encoding: zstd. */\n compressionLevel?: number;\n /** Optional authentication callback. Called for each request before dispatch. */\n authenticate?: AuthenticateFn;\n /** Optional RFC 9728 OAuth Protected Resource Metadata. Served at well-known endpoint. */\n oauthResourceMetadata?: OAuthResourceMetadata;\n /** Optional dispatch hook for observability (tracing, metrics). */\n dispatchHook?: DispatchHook;\n /** Optional lifecycle hook fired once on the first dispatched request.\n * Mirrors Python's on_serve_start; lazy-firing keeps it fork-safe for\n * pre-fork servers. */\n onServeStart?: ServeStartHook;\n /** Enable HTML landing page at GET {prefix}/. Default: true. */\n enableLandingPage?: boolean;\n /** Enable HTML describe/API reference page at GET {prefix}/describe. Default: true. */\n enableDescribePage?: boolean;\n /** Enable HTML 404 page for unmatched GET routes. Default: true. */\n enableNotFoundPage?: boolean;\n /** Enable JSON health endpoint at GET {prefix}/health. Default: true. */\n enableHealthEndpoint?: boolean;\n /** Protocol name shown in HTML pages. Defaults to the Protocol's name. */\n protocolName?: string;\n /** Operator-supplied protocol-contract version label, surfaced on every\n * access-log record so dashboards and alerts can key off contract\n * changes. Mirrors the Python `RpcServer(..., protocol_version=...)`\n * argument. */\n protocolVersion?: string;\n /** URL to service's source repository, shown in landing/describe pages. */\n repositoryUrl?: string;\n /** External storage config for externalizing large response batches. */\n externalLocation?: ExternalLocationConfig;\n /** Provider for vending pre-signed upload URLs to clients via {prefix}/__upload_url__/init. */\n uploadUrlProvider?: UploadUrlProvider;\n /** Optional advertised maximum upload size, surfaced via VGI-Max-Upload-Bytes. */\n maxUploadBytes?: number;\n /** OAuth scope for PKCE authorization requests. Default: \"openid email\". */\n oauthPkceScope?: string;\n /** Allowed return-to origins for external frontend redirects. Default: Set([\"https://cupola.query-farm.services\"]). */\n allowedReturnOrigins?: ReadonlySet<string>;\n\n /** Enable opt-in sticky sessions on this HTTP handler. When enabled the\n * server advertises `VGI-Sticky-Enabled: true` (capability discovery),\n * honours `VGI-Session` / `VGI-Session-Accept` headers, and exposes a\n * `DELETE {prefix}/__session__` teardown endpoint. Default: false. */\n enableSticky?: boolean;\n /** Default session TTL in seconds when `ctx.openSession` is called without\n * an explicit `ttl` override. Default: 300. */\n stickyDefaultTtl?: number;\n /** Headers the server emits as `VGI-Echo-<name>: <value>` on the\n * session-opening response. A conformant client captures them and replays\n * them on every subsequent request in the session — used for\n * client-driven routing (e.g. `fly-force-instance-id` on Fly.io). */\n stickyEchoHeaders?: Record<string, string>;\n /** Internal — invoked once at handler creation with a {@link DrainHandle}\n * when sticky is enabled. Conformance fixtures use this to wire up the\n * test-only `/__test_drain__` admin endpoint without the library\n * exposing the registry directly. Production code should hold the\n * handle returned by a future `createHttpHandlerWithDrainHandle` helper. */\n _onStickyHandle?: (handle: import(\"./sticky.js\").DrainHandle) => void;\n}\n\n/** Serializer for stream state objects stored in state tokens. */\nexport interface StateSerializer {\n /** Encode a stream-state object into the bytes sealed inside a state token. */\n serialize(state: any): Uint8Array;\n /** Decode the bytes recovered from a state token back into a state object. */\n deserialize(bytes: Uint8Array): any;\n}\n\n/** Default state serializer using JSON (with BigInt support). */\nexport const jsonStateSerializer: StateSerializer = {\n serialize(state: any): Uint8Array {\n return new TextEncoder().encode(\n JSON.stringify(state, (_key, value) => (typeof value === \"bigint\" ? `__bigint__:${value}` : value)),\n );\n },\n deserialize(bytes: Uint8Array): any {\n return JSON.parse(new TextDecoder().decode(bytes), (_key, value) =>\n typeof value === \"string\" && value.startsWith(\"__bigint__:\") ? BigInt(value.slice(11)) : value,\n );\n },\n};\n",
|
|
46
|
+
"let USER_AGENT;\nif (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {\n const NAME = 'oauth4webapi';\n const VERSION = 'v3.8.6';\n USER_AGENT = `${NAME}/${VERSION}`;\n}\nfunction looseInstanceOf(input, expected) {\n if (input == null) {\n return false;\n }\n try {\n return (input instanceof expected ||\n Object.getPrototypeOf(input)[Symbol.toStringTag] === expected.prototype[Symbol.toStringTag]);\n }\n catch {\n return false;\n }\n}\nconst ERR_INVALID_ARG_VALUE = 'ERR_INVALID_ARG_VALUE';\nconst ERR_INVALID_ARG_TYPE = 'ERR_INVALID_ARG_TYPE';\nfunction CodedTypeError(message, code, cause) {\n const err = new TypeError(message, { cause });\n Object.assign(err, { code });\n return err;\n}\nexport const allowInsecureRequests = Symbol();\nexport const clockSkew = Symbol();\nexport const clockTolerance = Symbol();\nexport const customFetch = Symbol();\nexport const modifyAssertion = Symbol();\nexport const jweDecrypt = Symbol();\nexport const jwksCache = Symbol();\nconst encoder = new TextEncoder();\nconst decoder = new TextDecoder();\nfunction buf(input) {\n if (typeof input === 'string') {\n return encoder.encode(input);\n }\n return decoder.decode(input);\n}\nlet encodeBase64Url;\nif (Uint8Array.prototype.toBase64) {\n encodeBase64Url = (input) => {\n if (input instanceof ArrayBuffer) {\n input = new Uint8Array(input);\n }\n return input.toBase64({ alphabet: 'base64url', omitPadding: true });\n };\n}\nelse {\n const CHUNK_SIZE = 0x8000;\n encodeBase64Url = (input) => {\n if (input instanceof ArrayBuffer) {\n input = new Uint8Array(input);\n }\n const arr = [];\n for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {\n arr.push(String.fromCharCode.apply(null, input.subarray(i, i + CHUNK_SIZE)));\n }\n return btoa(arr.join('')).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n };\n}\nlet decodeBase64Url;\nif (Uint8Array.fromBase64) {\n decodeBase64Url = (input) => {\n try {\n return Uint8Array.fromBase64(input, { alphabet: 'base64url' });\n }\n catch (cause) {\n throw CodedTypeError('The input to be decoded is not correctly encoded.', ERR_INVALID_ARG_VALUE, cause);\n }\n };\n}\nelse {\n decodeBase64Url = (input) => {\n try {\n const binary = atob(input.replace(/-/g, '+').replace(/_/g, '/').replace(/\\s/g, ''));\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n }\n catch (cause) {\n throw CodedTypeError('The input to be decoded is not correctly encoded.', ERR_INVALID_ARG_VALUE, cause);\n }\n };\n}\nfunction b64u(input) {\n if (typeof input === 'string') {\n return decodeBase64Url(input);\n }\n return encodeBase64Url(input);\n}\nexport class UnsupportedOperationError extends Error {\n code;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = UNSUPPORTED_OPERATION;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class OperationProcessingError extends Error {\n code;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n if (options?.code) {\n this.code = options?.code;\n }\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nfunction OPE(message, code, cause) {\n return new OperationProcessingError(message, { code, cause });\n}\nasync function calculateJwkThumbprint(jwk) {\n let components;\n switch (jwk.kty) {\n case 'EC':\n components = {\n crv: jwk.crv,\n kty: jwk.kty,\n x: jwk.x,\n y: jwk.y,\n };\n break;\n case 'OKP':\n components = {\n crv: jwk.crv,\n kty: jwk.kty,\n x: jwk.x,\n };\n break;\n case 'AKP':\n components = {\n alg: jwk.alg,\n kty: jwk.kty,\n pub: jwk.pub,\n };\n break;\n case 'RSA':\n components = {\n e: jwk.e,\n kty: jwk.kty,\n n: jwk.n,\n };\n break;\n default:\n throw new UnsupportedOperationError('unsupported JWK key type', { cause: jwk });\n }\n return b64u(await crypto.subtle.digest('SHA-256', buf(JSON.stringify(components))));\n}\nfunction assertCryptoKey(key, it) {\n if (!(key instanceof CryptoKey)) {\n throw CodedTypeError(`${it} must be a CryptoKey`, ERR_INVALID_ARG_TYPE);\n }\n}\nfunction assertPrivateKey(key, it) {\n assertCryptoKey(key, it);\n if (key.type !== 'private') {\n throw CodedTypeError(`${it} must be a private CryptoKey`, ERR_INVALID_ARG_VALUE);\n }\n}\nfunction assertPublicKey(key, it) {\n assertCryptoKey(key, it);\n if (key.type !== 'public') {\n throw CodedTypeError(`${it} must be a public CryptoKey`, ERR_INVALID_ARG_VALUE);\n }\n}\nfunction normalizeTyp(value) {\n return value.toLowerCase().replace(/^application\\//, '');\n}\nfunction isJsonObject(input) {\n if (input === null || typeof input !== 'object' || Array.isArray(input)) {\n return false;\n }\n return true;\n}\nfunction prepareHeaders(input) {\n if (looseInstanceOf(input, Headers)) {\n input = Object.fromEntries(input.entries());\n }\n const headers = new Headers(input ?? {});\n if (USER_AGENT && !headers.has('user-agent')) {\n headers.set('user-agent', USER_AGENT);\n }\n if (headers.has('authorization')) {\n throw CodedTypeError('\"options.headers\" must not include the \"authorization\" header name', ERR_INVALID_ARG_VALUE);\n }\n return headers;\n}\nfunction signal(url, value) {\n if (value !== undefined) {\n if (typeof value === 'function') {\n value = value(url.href);\n }\n if (!(value instanceof AbortSignal)) {\n throw CodedTypeError('\"options.signal\" must return or be an instance of AbortSignal', ERR_INVALID_ARG_TYPE);\n }\n return value;\n }\n return undefined;\n}\nfunction replaceDoubleSlash(pathname) {\n if (pathname.includes('//')) {\n return pathname.replace('//', '/');\n }\n return pathname;\n}\nfunction prependWellKnown(url, wellKnown, allowTerminatingSlash = false) {\n if (url.pathname === '/') {\n url.pathname = wellKnown;\n }\n else {\n url.pathname = replaceDoubleSlash(`${wellKnown}/${allowTerminatingSlash ? url.pathname : url.pathname.replace(/(\\/)$/, '')}`);\n }\n return url;\n}\nfunction appendWellKnown(url, wellKnown) {\n url.pathname = replaceDoubleSlash(`${url.pathname}/${wellKnown}`);\n return url;\n}\nasync function performDiscovery(input, urlName, transform, options) {\n if (!(input instanceof URL)) {\n throw CodedTypeError(`\"${urlName}\" must be an instance of URL`, ERR_INVALID_ARG_TYPE);\n }\n checkProtocol(input, options?.[allowInsecureRequests] !== true);\n const url = transform(new URL(input.href));\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n return (options?.[customFetch] || fetch)(url.href, {\n body: undefined,\n headers: Object.fromEntries(headers.entries()),\n method: 'GET',\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n}\nexport async function discoveryRequest(issuerIdentifier, options) {\n return performDiscovery(issuerIdentifier, 'issuerIdentifier', (url) => {\n switch (options?.algorithm) {\n case undefined:\n case 'oidc':\n appendWellKnown(url, '.well-known/openid-configuration');\n break;\n case 'oauth2':\n prependWellKnown(url, '.well-known/oauth-authorization-server');\n break;\n default:\n throw CodedTypeError('\"options.algorithm\" must be \"oidc\" (default), or \"oauth2\"', ERR_INVALID_ARG_VALUE);\n }\n return url;\n }, options);\n}\nfunction assertNumber(input, allow0, it, code, cause) {\n try {\n if (typeof input !== 'number' || !Number.isFinite(input)) {\n throw CodedTypeError(`${it} must be a number`, ERR_INVALID_ARG_TYPE, cause);\n }\n if (input > 0)\n return;\n if (allow0) {\n if (input !== 0) {\n throw CodedTypeError(`${it} must be a non-negative number`, ERR_INVALID_ARG_VALUE, cause);\n }\n return;\n }\n throw CodedTypeError(`${it} must be a positive number`, ERR_INVALID_ARG_VALUE, cause);\n }\n catch (err) {\n if (code) {\n throw OPE(err.message, code, cause);\n }\n throw err;\n }\n}\nfunction assertString(input, it, code, cause) {\n try {\n if (typeof input !== 'string') {\n throw CodedTypeError(`${it} must be a string`, ERR_INVALID_ARG_TYPE, cause);\n }\n if (input.length === 0) {\n throw CodedTypeError(`${it} must not be empty`, ERR_INVALID_ARG_VALUE, cause);\n }\n }\n catch (err) {\n if (code) {\n throw OPE(err.message, code, cause);\n }\n throw err;\n }\n}\nexport async function processDiscoveryResponse(expectedIssuerIdentifier, response) {\n const expected = expectedIssuerIdentifier;\n if (!(expected instanceof URL) && expected !== _nodiscoverycheck) {\n throw CodedTypeError('\"expectedIssuerIdentifier\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform Authorization Server Metadata response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.issuer, '\"response\" body \"issuer\" property', INVALID_RESPONSE, { body: json });\n if (expected !== _nodiscoverycheck && new URL(json.issuer).href !== expected.href) {\n throw OPE('\"response\" body \"issuer\" property does not match the expected value', JSON_ATTRIBUTE_COMPARISON, { expected: expected.href, body: json, attribute: 'issuer' });\n }\n return json;\n}\nfunction assertApplicationJson(response) {\n assertContentType(response, 'application/json');\n}\nfunction notJson(response, ...types) {\n let msg = '\"response\" content-type must be ';\n if (types.length > 2) {\n const last = types.pop();\n msg += `${types.join(', ')}, or ${last}`;\n }\n else if (types.length === 2) {\n msg += `${types[0]} or ${types[1]}`;\n }\n else {\n msg += types[0];\n }\n return OPE(msg, RESPONSE_IS_NOT_JSON, response);\n}\nfunction assertContentTypes(response, ...types) {\n if (!types.includes(getContentType(response))) {\n throw notJson(response, ...types);\n }\n}\nfunction assertContentType(response, contentType) {\n if (getContentType(response) !== contentType) {\n throw notJson(response, contentType);\n }\n}\nfunction randomBytes() {\n return b64u(crypto.getRandomValues(new Uint8Array(32)));\n}\nexport function generateRandomCodeVerifier() {\n return randomBytes();\n}\nexport function generateRandomState() {\n return randomBytes();\n}\nexport function generateRandomNonce() {\n return randomBytes();\n}\nexport async function calculatePKCECodeChallenge(codeVerifier) {\n assertString(codeVerifier, 'codeVerifier');\n return b64u(await crypto.subtle.digest('SHA-256', buf(codeVerifier)));\n}\nfunction getKeyAndKid(input) {\n if (input instanceof CryptoKey) {\n return { key: input };\n }\n if (!(input?.key instanceof CryptoKey)) {\n return {};\n }\n if (input.kid !== undefined) {\n assertString(input.kid, '\"kid\"');\n }\n return {\n key: input.key,\n kid: input.kid,\n };\n}\nfunction psAlg(key) {\n switch (key.algorithm.hash.name) {\n case 'SHA-256':\n return 'PS256';\n case 'SHA-384':\n return 'PS384';\n case 'SHA-512':\n return 'PS512';\n default:\n throw new UnsupportedOperationError('unsupported RsaHashedKeyAlgorithm hash name', {\n cause: key,\n });\n }\n}\nfunction rsAlg(key) {\n switch (key.algorithm.hash.name) {\n case 'SHA-256':\n return 'RS256';\n case 'SHA-384':\n return 'RS384';\n case 'SHA-512':\n return 'RS512';\n default:\n throw new UnsupportedOperationError('unsupported RsaHashedKeyAlgorithm hash name', {\n cause: key,\n });\n }\n}\nfunction esAlg(key) {\n switch (key.algorithm.namedCurve) {\n case 'P-256':\n return 'ES256';\n case 'P-384':\n return 'ES384';\n case 'P-521':\n return 'ES512';\n default:\n throw new UnsupportedOperationError('unsupported EcKeyAlgorithm namedCurve', { cause: key });\n }\n}\nfunction keyToJws(key) {\n switch (key.algorithm.name) {\n case 'RSA-PSS':\n return psAlg(key);\n case 'RSASSA-PKCS1-v1_5':\n return rsAlg(key);\n case 'ECDSA':\n return esAlg(key);\n case 'Ed25519':\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n return key.algorithm.name;\n case 'EdDSA':\n return 'Ed25519';\n default:\n throw new UnsupportedOperationError('unsupported CryptoKey algorithm name', { cause: key });\n }\n}\nfunction getClockSkew(client) {\n const skew = client?.[clockSkew];\n return typeof skew === 'number' && Number.isFinite(skew) ? skew : 0;\n}\nfunction getClockTolerance(client) {\n const tolerance = client?.[clockTolerance];\n return typeof tolerance === 'number' && Number.isFinite(tolerance) && Math.sign(tolerance) !== -1\n ? tolerance\n : 30;\n}\nfunction epochTime() {\n return Math.floor(Date.now() / 1000);\n}\nfunction assertAs(as) {\n if (typeof as !== 'object' || as === null) {\n throw CodedTypeError('\"as\" must be an object', ERR_INVALID_ARG_TYPE);\n }\n assertString(as.issuer, '\"as.issuer\"');\n}\nfunction assertClient(client) {\n if (typeof client !== 'object' || client === null) {\n throw CodedTypeError('\"client\" must be an object', ERR_INVALID_ARG_TYPE);\n }\n assertString(client.client_id, '\"client.client_id\"');\n}\nfunction formUrlEncode(token) {\n return encodeURIComponent(token).replace(/(?:[-_.!~*'()]|%20)/g, (substring) => {\n switch (substring) {\n case '-':\n case '_':\n case '.':\n case '!':\n case '~':\n case '*':\n case \"'\":\n case '(':\n case ')':\n return `%${substring.charCodeAt(0).toString(16).toUpperCase()}`;\n case '%20':\n return '+';\n default:\n throw new Error();\n }\n });\n}\nexport function ClientSecretPost(clientSecret) {\n assertString(clientSecret, '\"clientSecret\"');\n return (_as, client, body, _headers) => {\n body.set('client_id', client.client_id);\n body.set('client_secret', clientSecret);\n };\n}\nexport function ClientSecretBasic(clientSecret) {\n assertString(clientSecret, '\"clientSecret\"');\n return (_as, client, _body, headers) => {\n const username = formUrlEncode(client.client_id);\n const password = formUrlEncode(clientSecret);\n const credentials = btoa(`${username}:${password}`);\n headers.set('authorization', `Basic ${credentials}`);\n };\n}\nfunction clientAssertionPayload(as, client) {\n const now = epochTime() + getClockSkew(client);\n return {\n jti: randomBytes(),\n aud: as.issuer,\n exp: now + 60,\n iat: now,\n nbf: now,\n iss: client.client_id,\n sub: client.client_id,\n };\n}\nexport function PrivateKeyJwt(clientPrivateKey, options) {\n const { key, kid } = getKeyAndKid(clientPrivateKey);\n assertPrivateKey(key, '\"clientPrivateKey.key\"');\n return async (as, client, body, _headers) => {\n const header = { alg: keyToJws(key), kid };\n const payload = clientAssertionPayload(as, client);\n options?.[modifyAssertion]?.(header, payload);\n body.set('client_id', client.client_id);\n body.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n body.set('client_assertion', await signJwt(header, payload, key));\n };\n}\nexport function ClientSecretJwt(clientSecret, options) {\n assertString(clientSecret, '\"clientSecret\"');\n const modify = options?.[modifyAssertion];\n let key;\n return async (as, client, body, _headers) => {\n key ||= await crypto.subtle.importKey('raw', buf(clientSecret), { hash: 'SHA-256', name: 'HMAC' }, false, ['sign']);\n const header = { alg: 'HS256' };\n const payload = clientAssertionPayload(as, client);\n modify?.(header, payload);\n const data = `${b64u(buf(JSON.stringify(header)))}.${b64u(buf(JSON.stringify(payload)))}`;\n const hmac = await crypto.subtle.sign(key.algorithm, key, buf(data));\n body.set('client_id', client.client_id);\n body.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n body.set('client_assertion', `${data}.${b64u(new Uint8Array(hmac))}`);\n };\n}\nexport function None() {\n return (_as, client, body, _headers) => {\n body.set('client_id', client.client_id);\n };\n}\nexport function TlsClientAuth() {\n return None();\n}\nasync function signJwt(header, payload, key) {\n if (!key.usages.includes('sign')) {\n throw CodedTypeError('CryptoKey instances used for signing assertions must include \"sign\" in their \"usages\"', ERR_INVALID_ARG_VALUE);\n }\n const input = `${b64u(buf(JSON.stringify(header)))}.${b64u(buf(JSON.stringify(payload)))}`;\n const signature = b64u(await crypto.subtle.sign(keyToSubtle(key), key, buf(input)));\n return `${input}.${signature}`;\n}\nexport async function issueRequestObject(as, client, parameters, privateKey, options) {\n assertAs(as);\n assertClient(client);\n parameters = new URLSearchParams(parameters);\n const { key, kid } = getKeyAndKid(privateKey);\n assertPrivateKey(key, '\"privateKey.key\"');\n parameters.set('client_id', client.client_id);\n const now = epochTime() + getClockSkew(client);\n const claims = {\n ...Object.fromEntries(parameters.entries()),\n jti: randomBytes(),\n aud: as.issuer,\n exp: now + 60,\n iat: now,\n nbf: now,\n iss: client.client_id,\n };\n let resource;\n if (parameters.has('resource') &&\n (resource = parameters.getAll('resource')) &&\n resource.length > 1) {\n claims.resource = resource;\n }\n {\n let value = parameters.get('max_age');\n if (value !== null) {\n claims.max_age = parseInt(value, 10);\n assertNumber(claims.max_age, true, '\"max_age\" parameter');\n }\n }\n {\n let value = parameters.get('claims');\n if (value !== null) {\n try {\n claims.claims = JSON.parse(value);\n }\n catch (cause) {\n throw OPE('failed to parse the \"claims\" parameter as JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(claims.claims)) {\n throw CodedTypeError('\"claims\" parameter must be a JSON with a top level object', ERR_INVALID_ARG_VALUE);\n }\n }\n }\n {\n let value = parameters.get('authorization_details');\n if (value !== null) {\n try {\n claims.authorization_details = JSON.parse(value);\n }\n catch (cause) {\n throw OPE('failed to parse the \"authorization_details\" parameter as JSON', PARSE_ERROR, cause);\n }\n if (!Array.isArray(claims.authorization_details)) {\n throw CodedTypeError('\"authorization_details\" parameter must be a JSON with a top level array', ERR_INVALID_ARG_VALUE);\n }\n }\n }\n const header = {\n alg: keyToJws(key),\n typ: 'oauth-authz-req+jwt',\n kid,\n };\n options?.[modifyAssertion]?.(header, claims);\n return signJwt(header, claims, key);\n}\nlet jwkCache;\nasync function getSetPublicJwkCache(key, alg) {\n const { kty, e, n, x, y, crv, pub } = await crypto.subtle.exportKey('jwk', key);\n const jwk = { kty, e, n, x, y, crv, pub };\n if (kty === 'AKP')\n jwk.alg = alg;\n jwkCache.set(key, jwk);\n return jwk;\n}\nasync function publicJwk(key, alg) {\n jwkCache ||= new WeakMap();\n return jwkCache.get(key) || getSetPublicJwkCache(key, alg);\n}\nconst URLParse = URL.parse\n ?\n (url, base) => URL.parse(url, base)\n : (url, base) => {\n try {\n return new URL(url, base);\n }\n catch {\n return null;\n }\n };\nexport function checkProtocol(url, enforceHttps) {\n if (enforceHttps && url.protocol !== 'https:') {\n throw OPE('only requests to HTTPS are allowed', HTTP_REQUEST_FORBIDDEN, url);\n }\n if (url.protocol !== 'https:' && url.protocol !== 'http:') {\n throw OPE('only HTTP and HTTPS requests are allowed', REQUEST_PROTOCOL_FORBIDDEN, url);\n }\n}\nfunction validateEndpoint(value, endpoint, useMtlsAlias, enforceHttps) {\n let url;\n if (typeof value !== 'string' || !(url = URLParse(value))) {\n throw OPE(`authorization server metadata does not contain a valid ${useMtlsAlias ? `\"as.mtls_endpoint_aliases.${endpoint}\"` : `\"as.${endpoint}\"`}`, value === undefined ? MISSING_SERVER_METADATA : INVALID_SERVER_METADATA, { attribute: useMtlsAlias ? `mtls_endpoint_aliases.${endpoint}` : endpoint });\n }\n checkProtocol(url, enforceHttps);\n return url;\n}\nexport function resolveEndpoint(as, endpoint, useMtlsAlias, enforceHttps) {\n if (useMtlsAlias && as.mtls_endpoint_aliases && endpoint in as.mtls_endpoint_aliases) {\n return validateEndpoint(as.mtls_endpoint_aliases[endpoint], endpoint, useMtlsAlias, enforceHttps);\n }\n return validateEndpoint(as[endpoint], endpoint, useMtlsAlias, enforceHttps);\n}\nexport async function pushedAuthorizationRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'pushed_authorization_request_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(parameters);\n body.set('client_id', client.client_id);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n if (options?.DPoP !== undefined) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, 'POST');\n }\n const response = await authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nclass DPoPHandler {\n #header;\n #privateKey;\n #publicKey;\n #clockSkew;\n #modifyAssertion;\n #map;\n #jkt;\n constructor(client, keyPair, options) {\n assertPrivateKey(keyPair?.privateKey, '\"DPoP.privateKey\"');\n assertPublicKey(keyPair?.publicKey, '\"DPoP.publicKey\"');\n if (!keyPair.publicKey.extractable) {\n throw CodedTypeError('\"DPoP.publicKey.extractable\" must be true', ERR_INVALID_ARG_VALUE);\n }\n this.#modifyAssertion = options?.[modifyAssertion];\n this.#clockSkew = getClockSkew(client);\n this.#privateKey = keyPair.privateKey;\n this.#publicKey = keyPair.publicKey;\n branded.add(this);\n }\n #get(key) {\n this.#map ||= new Map();\n let item = this.#map.get(key);\n if (item) {\n this.#map.delete(key);\n this.#map.set(key, item);\n }\n return item;\n }\n #set(key, val) {\n this.#map ||= new Map();\n this.#map.delete(key);\n if (this.#map.size === 100) {\n this.#map.delete(this.#map.keys().next().value);\n }\n this.#map.set(key, val);\n }\n async calculateThumbprint() {\n if (!this.#jkt) {\n const jwk = await crypto.subtle.exportKey('jwk', this.#publicKey);\n this.#jkt ||= await calculateJwkThumbprint(jwk);\n }\n return this.#jkt;\n }\n async addProof(url, headers, htm, accessToken) {\n const alg = keyToJws(this.#privateKey);\n this.#header ||= {\n alg,\n typ: 'dpop+jwt',\n jwk: await publicJwk(this.#publicKey, alg),\n };\n const nonce = this.#get(url.origin);\n const now = epochTime() + this.#clockSkew;\n const payload = {\n iat: now,\n jti: randomBytes(),\n htm,\n nonce,\n htu: `${url.origin}${url.pathname}`,\n ath: accessToken\n ? b64u(await crypto.subtle.digest('SHA-256', buf(accessToken)))\n : undefined,\n };\n this.#modifyAssertion?.(this.#header, payload);\n headers.set('dpop', await signJwt(this.#header, payload, this.#privateKey));\n }\n cacheNonce(response, url) {\n try {\n const nonce = response.headers.get('dpop-nonce');\n if (nonce) {\n this.#set(url.origin, nonce);\n }\n }\n catch { }\n }\n}\nexport function isDPoPNonceError(err) {\n if (err instanceof WWWAuthenticateChallengeError) {\n const { 0: challenge, length } = err.cause;\n return (length === 1 && challenge.scheme === 'dpop' && challenge.parameters.error === 'use_dpop_nonce');\n }\n if (err instanceof ResponseBodyError) {\n return err.error === 'use_dpop_nonce';\n }\n return false;\n}\nexport function DPoP(client, keyPair, options) {\n return new DPoPHandler(client, keyPair, options);\n}\nexport class ResponseBodyError extends Error {\n cause;\n code;\n error;\n status;\n error_description;\n response;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = RESPONSE_BODY_ERROR;\n this.cause = options.cause;\n this.error = options.cause.error;\n this.status = options.response.status;\n this.error_description = options.cause.error_description;\n Object.defineProperty(this, 'response', { enumerable: false, value: options.response });\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class AuthorizationResponseError extends Error {\n cause;\n code;\n error;\n error_description;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = AUTHORIZATION_RESPONSE_ERROR;\n this.cause = options.cause;\n this.error = options.cause.get('error');\n this.error_description = options.cause.get('error_description') ?? undefined;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class WWWAuthenticateChallengeError extends Error {\n cause;\n code;\n response;\n status;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = WWW_AUTHENTICATE_CHALLENGE;\n this.cause = options.cause;\n this.status = options.response.status;\n this.response = options.response;\n Object.defineProperty(this, 'response', { enumerable: false });\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nconst tokenMatch = \"[a-zA-Z0-9!#$%&\\\\'\\\\*\\\\+\\\\-\\\\.\\\\^_`\\\\|~]+\";\nconst token68Match = '[a-zA-Z0-9\\\\-\\\\._\\\\~\\\\+\\\\/]+={0,2}';\nconst quotedMatch = '\"((?:[^\"\\\\\\\\]|\\\\\\\\[\\\\s\\\\S])*)\"';\nconst quotedParamMatcher = '(' + tokenMatch + ')\\\\s*=\\\\s*' + quotedMatch;\nconst paramMatcher = '(' + tokenMatch + ')\\\\s*=\\\\s*(' + tokenMatch + ')';\nconst schemeRE = new RegExp('^[,\\\\s]*(' + tokenMatch + ')');\nconst quotedParamRE = new RegExp('^[,\\\\s]*' + quotedParamMatcher + '[,\\\\s]*(.*)');\nconst unquotedParamRE = new RegExp('^[,\\\\s]*' + paramMatcher + '[,\\\\s]*(.*)');\nconst token68ParamRE = new RegExp('^(' + token68Match + ')(?:$|[,\\\\s])(.*)');\nfunction parseWwwAuthenticateChallenges(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n const header = response.headers.get('www-authenticate');\n if (header === null) {\n return undefined;\n }\n const challenges = [];\n let rest = header;\n while (rest) {\n let match = rest.match(schemeRE);\n const scheme = match?.['1'].toLowerCase();\n if (!scheme) {\n return undefined;\n }\n const afterScheme = rest.substring(match[0].length);\n if (afterScheme && !afterScheme.match(/^[\\s,]/)) {\n return undefined;\n }\n const spaceMatch = afterScheme.match(/^\\s+(.*)$/);\n const hasParameters = !!spaceMatch;\n rest = spaceMatch ? spaceMatch[1] : undefined;\n const parameters = {};\n let token68;\n if (hasParameters) {\n while (rest) {\n let key;\n let value;\n if ((match = rest.match(quotedParamRE))) {\n ;\n [, key, value, rest] = match;\n if (value.includes('\\\\')) {\n try {\n value = JSON.parse(`\"${value}\"`);\n }\n catch { }\n }\n parameters[key.toLowerCase()] = value;\n continue;\n }\n if ((match = rest.match(unquotedParamRE))) {\n ;\n [, key, value, rest] = match;\n parameters[key.toLowerCase()] = value;\n continue;\n }\n if ((match = rest.match(token68ParamRE))) {\n if (Object.keys(parameters).length) {\n break;\n }\n ;\n [, token68, rest] = match;\n break;\n }\n return undefined;\n }\n }\n else {\n rest = afterScheme || undefined;\n }\n const challenge = { scheme, parameters };\n if (token68) {\n challenge.token68 = token68;\n }\n challenges.push(challenge);\n }\n if (!challenges.length) {\n return undefined;\n }\n return challenges;\n}\nexport async function processPushedAuthorizationResponse(as, client, response) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 201, 'Pushed Authorization Request Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.request_uri, '\"response\" body \"request_uri\" property', INVALID_RESPONSE, {\n body: json,\n });\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n return json;\n}\nasync function parseOAuthResponseErrorBody(response) {\n if (response.status > 399 && response.status < 500) {\n assertReadableResponse(response);\n assertApplicationJson(response);\n try {\n const json = await response.clone().json();\n if (isJsonObject(json) && typeof json.error === 'string' && json.error.length) {\n return json;\n }\n }\n catch { }\n }\n return undefined;\n}\nasync function checkOAuthBodyError(response, expected, label) {\n if (response.status !== expected) {\n checkAuthenticationChallenges(response);\n let err;\n if ((err = await parseOAuthResponseErrorBody(response))) {\n await response.body?.cancel();\n throw new ResponseBodyError('server responded with an error in the response body', {\n cause: err,\n response,\n });\n }\n throw OPE(`\"response\" is not a conform ${label} response (unexpected HTTP status code)`, RESPONSE_IS_NOT_CONFORM, response);\n }\n}\nfunction assertDPoP(option) {\n if (!branded.has(option)) {\n throw CodedTypeError('\"options.DPoP\" is not a valid DPoPHandle', ERR_INVALID_ARG_VALUE);\n }\n}\nasync function resourceRequest(accessToken, method, url, headers, body, options) {\n assertString(accessToken, '\"accessToken\"');\n if (!(url instanceof URL)) {\n throw CodedTypeError('\"url\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n checkProtocol(url, options?.[allowInsecureRequests] !== true);\n headers = prepareHeaders(headers);\n if (options?.DPoP) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, method.toUpperCase(), accessToken);\n }\n headers.set('authorization', `${headers.has('dpop') ? 'DPoP' : 'Bearer'} ${accessToken}`);\n const response = await (options?.[customFetch] || fetch)(url.href, {\n duplex: looseInstanceOf(body, ReadableStream) ? 'half' : undefined,\n body,\n headers: Object.fromEntries(headers.entries()),\n method,\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nexport async function protectedResourceRequest(accessToken, method, url, headers, body, options) {\n const response = await resourceRequest(accessToken, method, url, headers, body, options);\n checkAuthenticationChallenges(response);\n return response;\n}\nexport async function userInfoRequest(as, client, accessToken, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'userinfo_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const headers = prepareHeaders(options?.headers);\n if (client.userinfo_signed_response_alg) {\n headers.set('accept', 'application/jwt');\n }\n else {\n headers.set('accept', 'application/json');\n headers.append('accept', 'application/jwt');\n }\n return resourceRequest(accessToken, 'GET', url, headers, null, {\n ...options,\n [clockSkew]: getClockSkew(client),\n });\n}\nlet jwksMap;\nfunction setJwksCache(as, jwks, uat, cache) {\n jwksMap ||= new WeakMap();\n jwksMap.set(as, {\n jwks,\n uat,\n get age() {\n return epochTime() - this.uat;\n },\n });\n if (cache) {\n Object.assign(cache, { jwks: structuredClone(jwks), uat });\n }\n}\nfunction isFreshJwksCache(input) {\n if (typeof input !== 'object' || input === null) {\n return false;\n }\n if (!('uat' in input) || typeof input.uat !== 'number' || epochTime() - input.uat >= 300) {\n return false;\n }\n if (!('jwks' in input) ||\n !isJsonObject(input.jwks) ||\n !Array.isArray(input.jwks.keys) ||\n !Array.prototype.every.call(input.jwks.keys, isJsonObject)) {\n return false;\n }\n return true;\n}\nfunction clearJwksCache(as, cache) {\n jwksMap?.delete(as);\n delete cache?.jwks;\n delete cache?.uat;\n}\nasync function getPublicSigKeyFromIssuerJwksUri(as, options, header) {\n const { alg, kid } = header;\n checkSupportedJwsAlg(header);\n if (!jwksMap?.has(as) && isFreshJwksCache(options?.[jwksCache])) {\n setJwksCache(as, options?.[jwksCache].jwks, options?.[jwksCache].uat);\n }\n let jwks;\n let age;\n if (jwksMap?.has(as)) {\n ;\n ({ jwks, age } = jwksMap.get(as));\n if (age >= 300) {\n clearJwksCache(as, options?.[jwksCache]);\n return getPublicSigKeyFromIssuerJwksUri(as, options, header);\n }\n }\n else {\n jwks = await jwksRequest(as, options).then(processJwksResponse);\n age = 0;\n setJwksCache(as, jwks, epochTime(), options?.[jwksCache]);\n }\n let kty;\n switch (alg.slice(0, 2)) {\n case 'RS':\n case 'PS':\n kty = 'RSA';\n break;\n case 'ES':\n kty = 'EC';\n break;\n case 'Ed':\n kty = 'OKP';\n break;\n case 'ML':\n kty = 'AKP';\n break;\n default:\n throw new UnsupportedOperationError('unsupported JWS algorithm', { cause: { alg } });\n }\n const candidates = jwks.keys.filter((jwk) => {\n if (jwk.kty !== kty) {\n return false;\n }\n if (kid !== undefined && kid !== jwk.kid) {\n return false;\n }\n if (jwk.alg !== undefined && alg !== jwk.alg) {\n return false;\n }\n if (jwk.use !== undefined && jwk.use !== 'sig') {\n return false;\n }\n if (jwk.key_ops?.includes('verify') === false) {\n return false;\n }\n switch (true) {\n case alg === 'ES256' && jwk.crv !== 'P-256':\n case alg === 'ES384' && jwk.crv !== 'P-384':\n case alg === 'ES512' && jwk.crv !== 'P-521':\n case alg === 'Ed25519' && jwk.crv !== 'Ed25519':\n case alg === 'EdDSA' && jwk.crv !== 'Ed25519':\n return false;\n }\n return true;\n });\n const { 0: jwk, length } = candidates;\n if (!length) {\n if (age >= 60) {\n clearJwksCache(as, options?.[jwksCache]);\n return getPublicSigKeyFromIssuerJwksUri(as, options, header);\n }\n throw OPE('error when selecting a JWT verification key, no applicable keys found', KEY_SELECTION, { header, candidates, jwks_uri: new URL(as.jwks_uri) });\n }\n if (length !== 1) {\n throw OPE('error when selecting a JWT verification key, multiple applicable keys found, a \"kid\" JWT Header Parameter is required', KEY_SELECTION, { header, candidates, jwks_uri: new URL(as.jwks_uri) });\n }\n return importJwk(alg, jwk);\n}\nexport const skipSubjectCheck = Symbol();\nexport function getContentType(input) {\n return input.headers.get('content-type')?.split(';')[0];\n}\nexport async function processUserInfoResponse(as, client, expectedSubject, response, options) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n checkAuthenticationChallenges(response);\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform UserInfo Endpoint response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n let json;\n if (getContentType(response) === 'application/jwt') {\n const { claims, jwt } = await validateJwt(await response.text(), checkSigningAlgorithm.bind(undefined, client.userinfo_signed_response_alg, as.userinfo_signing_alg_values_supported, undefined), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(validateOptionalAudience.bind(undefined, client.client_id))\n .then(validateOptionalIssuer.bind(undefined, as));\n jwtRefs.set(response, jwt);\n json = claims;\n }\n else {\n if (client.userinfo_signed_response_alg) {\n throw OPE('JWT UserInfo Response expected', JWT_USERINFO_EXPECTED, response);\n }\n json = await getResponseJsonBody(response);\n }\n assertString(json.sub, '\"response\" body \"sub\" property', INVALID_RESPONSE, { body: json });\n switch (expectedSubject) {\n case skipSubjectCheck:\n break;\n default:\n assertString(expectedSubject, '\"expectedSubject\"');\n if (json.sub !== expectedSubject) {\n throw OPE('unexpected \"response\" body \"sub\" property value', JSON_ATTRIBUTE_COMPARISON, {\n expected: expectedSubject,\n body: json,\n attribute: 'sub',\n });\n }\n }\n return json;\n}\nasync function authenticatedRequest(as, client, clientAuthentication, url, body, headers, options) {\n await clientAuthentication(as, client, body, headers);\n headers.set('content-type', 'application/x-www-form-urlencoded;charset=UTF-8');\n return (options?.[customFetch] || fetch)(url.href, {\n body,\n headers: Object.fromEntries(headers.entries()),\n method: 'POST',\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n}\nasync function tokenEndpointRequest(as, client, clientAuthentication, grantType, parameters, options) {\n const url = resolveEndpoint(as, 'token_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n parameters.set('grant_type', grantType);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n if (options?.DPoP !== undefined) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, 'POST');\n }\n const response = await authenticatedRequest(as, client, clientAuthentication, url, parameters, headers, options);\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nexport async function refreshTokenGrantRequest(as, client, clientAuthentication, refreshToken, options) {\n assertAs(as);\n assertClient(client);\n assertString(refreshToken, '\"refreshToken\"');\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('refresh_token', refreshToken);\n return tokenEndpointRequest(as, client, clientAuthentication, 'refresh_token', parameters, options);\n}\nconst idTokenClaims = new WeakMap();\nconst jwtRefs = new WeakMap();\nexport function getValidatedIdTokenClaims(ref) {\n if (!ref.id_token) {\n return undefined;\n }\n const claims = idTokenClaims.get(ref);\n if (!claims) {\n throw CodedTypeError('\"ref\" was already garbage collected or did not resolve from the proper sources', ERR_INVALID_ARG_VALUE);\n }\n return claims;\n}\nexport async function validateApplicationLevelSignature(as, ref, options) {\n assertAs(as);\n if (!jwtRefs.has(ref)) {\n throw CodedTypeError('\"ref\" does not contain a processed JWT Response to verify the signature of', ERR_INVALID_ARG_VALUE);\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = jwtRefs.get(ref).split('.');\n const header = JSON.parse(buf(b64u(protectedHeader)));\n if (header.alg.startsWith('HS')) {\n throw new UnsupportedOperationError('unsupported JWS algorithm', { cause: { alg: header.alg } });\n }\n let key;\n key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, b64u(encodedSignature));\n}\nasync function processGenericAccessTokenResponse(as, client, response, additionalRequiredIdTokenClaims, decryptFn, recognizedTokenTypes) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Token Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.access_token, '\"response\" body \"access_token\" property', INVALID_RESPONSE, {\n body: json,\n });\n assertString(json.token_type, '\"response\" body \"token_type\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.token_type = json.token_type.toLowerCase();\n if (json.expires_in !== undefined) {\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n }\n if (json.refresh_token !== undefined) {\n assertString(json.refresh_token, '\"response\" body \"refresh_token\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n if (json.scope !== undefined && typeof json.scope !== 'string') {\n throw OPE('\"response\" body \"scope\" property must be a string', INVALID_RESPONSE, { body: json });\n }\n if (json.id_token !== undefined) {\n assertString(json.id_token, '\"response\" body \"id_token\" property', INVALID_RESPONSE, {\n body: json,\n });\n const requiredClaims = ['aud', 'exp', 'iat', 'iss', 'sub'];\n if (client.require_auth_time === true) {\n requiredClaims.push('auth_time');\n }\n if (client.default_max_age !== undefined) {\n assertNumber(client.default_max_age, true, '\"client.default_max_age\"');\n requiredClaims.push('auth_time');\n }\n if (additionalRequiredIdTokenClaims?.length) {\n requiredClaims.push(...additionalRequiredIdTokenClaims);\n }\n const { claims, jwt } = await validateJwt(json.id_token, checkSigningAlgorithm.bind(undefined, client.id_token_signed_response_alg, as.id_token_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), decryptFn)\n .then(validatePresence.bind(undefined, requiredClaims))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n if (Array.isArray(claims.aud) && claims.aud.length !== 1) {\n if (claims.azp === undefined) {\n throw OPE('ID Token \"aud\" (audience) claim includes additional untrusted audiences', JWT_CLAIM_COMPARISON, { claims, claim: 'aud' });\n }\n if (claims.azp !== client.client_id) {\n throw OPE('unexpected ID Token \"azp\" (authorized party) claim value', JWT_CLAIM_COMPARISON, { expected: client.client_id, claims, claim: 'azp' });\n }\n }\n if (claims.auth_time !== undefined) {\n assertNumber(claims.auth_time, true, 'ID Token \"auth_time\" (authentication time)', INVALID_RESPONSE, { claims });\n }\n jwtRefs.set(response, jwt);\n idTokenClaims.set(json, claims);\n }\n if (recognizedTokenTypes?.[json.token_type] !== undefined) {\n recognizedTokenTypes[json.token_type](response, json);\n }\n else if (json.token_type !== 'dpop' && json.token_type !== 'bearer') {\n throw new UnsupportedOperationError('unsupported `token_type` value', { cause: { body: json } });\n }\n return json;\n}\nfunction checkAuthenticationChallenges(response) {\n let challenges;\n if ((challenges = parseWwwAuthenticateChallenges(response))) {\n throw new WWWAuthenticateChallengeError('server responded with a challenge in the WWW-Authenticate HTTP Header', { cause: challenges, response });\n }\n}\nexport async function processRefreshTokenResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nfunction validateOptionalAudience(expected, result) {\n if (result.claims.aud !== undefined) {\n return validateAudience(expected, result);\n }\n return result;\n}\nfunction validateAudience(expected, result) {\n if (Array.isArray(result.claims.aud)) {\n if (!result.claims.aud.includes(expected)) {\n throw OPE('unexpected JWT \"aud\" (audience) claim value', JWT_CLAIM_COMPARISON, {\n expected,\n claims: result.claims,\n claim: 'aud',\n });\n }\n }\n else if (result.claims.aud !== expected) {\n throw OPE('unexpected JWT \"aud\" (audience) claim value', JWT_CLAIM_COMPARISON, {\n expected,\n claims: result.claims,\n claim: 'aud',\n });\n }\n return result;\n}\nfunction validateOptionalIssuer(as, result) {\n if (result.claims.iss !== undefined) {\n return validateIssuer(as, result);\n }\n return result;\n}\nfunction validateIssuer(as, result) {\n const expected = as[_expectedIssuer]?.(result) ?? as.issuer;\n if (result.claims.iss !== expected) {\n throw OPE('unexpected JWT \"iss\" (issuer) claim value', JWT_CLAIM_COMPARISON, {\n expected,\n claims: result.claims,\n claim: 'iss',\n });\n }\n return result;\n}\nconst branded = new WeakSet();\nfunction brand(searchParams) {\n branded.add(searchParams);\n return searchParams;\n}\nexport const nopkce = Symbol();\nexport async function authorizationCodeGrantRequest(as, client, clientAuthentication, callbackParameters, redirectUri, codeVerifier, options) {\n assertAs(as);\n assertClient(client);\n if (!branded.has(callbackParameters)) {\n throw CodedTypeError('\"callbackParameters\" must be an instance of URLSearchParams obtained from \"validateAuthResponse()\", or \"validateJwtAuthResponse()', ERR_INVALID_ARG_VALUE);\n }\n assertString(redirectUri, '\"redirectUri\"');\n const code = getURLSearchParameter(callbackParameters, 'code');\n if (!code) {\n throw OPE('no authorization code in \"callbackParameters\"', INVALID_RESPONSE);\n }\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('redirect_uri', redirectUri);\n parameters.set('code', code);\n if (codeVerifier !== nopkce) {\n assertString(codeVerifier, '\"codeVerifier\"');\n parameters.set('code_verifier', codeVerifier);\n }\n return tokenEndpointRequest(as, client, clientAuthentication, 'authorization_code', parameters, options);\n}\nconst jwtClaimNames = {\n aud: 'audience',\n c_hash: 'code hash',\n client_id: 'client id',\n exp: 'expiration time',\n iat: 'issued at',\n iss: 'issuer',\n jti: 'jwt id',\n nonce: 'nonce',\n s_hash: 'state hash',\n sub: 'subject',\n ath: 'access token hash',\n htm: 'http method',\n htu: 'http uri',\n cnf: 'confirmation',\n auth_time: 'authentication time',\n};\nfunction validatePresence(required, result) {\n for (const claim of required) {\n if (result.claims[claim] === undefined) {\n throw OPE(`JWT \"${claim}\" (${jwtClaimNames[claim]}) claim missing`, INVALID_RESPONSE, {\n claims: result.claims,\n });\n }\n }\n return result;\n}\nexport const expectNoNonce = Symbol();\nexport const skipAuthTimeCheck = Symbol();\nexport async function processAuthorizationCodeResponse(as, client, response, options) {\n if (typeof options?.expectedNonce === 'string' ||\n typeof options?.maxAge === 'number' ||\n options?.requireIdToken) {\n return processAuthorizationCodeOpenIDResponse(as, client, response, options.expectedNonce, options.maxAge, options[jweDecrypt], options.recognizedTokenTypes);\n }\n return processAuthorizationCodeOAuth2Response(as, client, response, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nasync function processAuthorizationCodeOpenIDResponse(as, client, response, expectedNonce, maxAge, decryptFn, recognizedTokenTypes) {\n const additionalRequiredClaims = [];\n switch (expectedNonce) {\n case undefined:\n expectedNonce = expectNoNonce;\n break;\n case expectNoNonce:\n break;\n default:\n assertString(expectedNonce, '\"expectedNonce\" argument');\n additionalRequiredClaims.push('nonce');\n }\n maxAge ??= client.default_max_age;\n switch (maxAge) {\n case undefined:\n maxAge = skipAuthTimeCheck;\n break;\n case skipAuthTimeCheck:\n break;\n default:\n assertNumber(maxAge, true, '\"maxAge\" argument');\n additionalRequiredClaims.push('auth_time');\n }\n const result = await processGenericAccessTokenResponse(as, client, response, additionalRequiredClaims, decryptFn, recognizedTokenTypes);\n assertString(result.id_token, '\"response\" body \"id_token\" property', INVALID_RESPONSE, {\n body: result,\n });\n const claims = getValidatedIdTokenClaims(result);\n if (maxAge !== skipAuthTimeCheck) {\n const now = epochTime() + getClockSkew(client);\n const tolerance = getClockTolerance(client);\n if (claims.auth_time + maxAge < now - tolerance) {\n throw OPE('too much time has elapsed since the last End-User authentication', JWT_TIMESTAMP_CHECK, { claims, now, tolerance, claim: 'auth_time' });\n }\n }\n if (expectedNonce === expectNoNonce) {\n if (claims.nonce !== undefined) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: undefined,\n claims,\n claim: 'nonce',\n });\n }\n }\n else if (claims.nonce !== expectedNonce) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: expectedNonce,\n claims,\n claim: 'nonce',\n });\n }\n return result;\n}\nasync function processAuthorizationCodeOAuth2Response(as, client, response, decryptFn, recognizedTokenTypes) {\n const result = await processGenericAccessTokenResponse(as, client, response, undefined, decryptFn, recognizedTokenTypes);\n const claims = getValidatedIdTokenClaims(result);\n if (claims) {\n if (client.default_max_age !== undefined) {\n assertNumber(client.default_max_age, true, '\"client.default_max_age\"');\n const now = epochTime() + getClockSkew(client);\n const tolerance = getClockTolerance(client);\n if (claims.auth_time + client.default_max_age < now - tolerance) {\n throw OPE('too much time has elapsed since the last End-User authentication', JWT_TIMESTAMP_CHECK, { claims, now, tolerance, claim: 'auth_time' });\n }\n }\n if (claims.nonce !== undefined) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: undefined,\n claims,\n claim: 'nonce',\n });\n }\n }\n return result;\n}\nexport const WWW_AUTHENTICATE_CHALLENGE = 'OAUTH_WWW_AUTHENTICATE_CHALLENGE';\nexport const RESPONSE_BODY_ERROR = 'OAUTH_RESPONSE_BODY_ERROR';\nexport const UNSUPPORTED_OPERATION = 'OAUTH_UNSUPPORTED_OPERATION';\nexport const AUTHORIZATION_RESPONSE_ERROR = 'OAUTH_AUTHORIZATION_RESPONSE_ERROR';\nexport const JWT_USERINFO_EXPECTED = 'OAUTH_JWT_USERINFO_EXPECTED';\nexport const PARSE_ERROR = 'OAUTH_PARSE_ERROR';\nexport const INVALID_RESPONSE = 'OAUTH_INVALID_RESPONSE';\nexport const INVALID_REQUEST = 'OAUTH_INVALID_REQUEST';\nexport const RESPONSE_IS_NOT_JSON = 'OAUTH_RESPONSE_IS_NOT_JSON';\nexport const RESPONSE_IS_NOT_CONFORM = 'OAUTH_RESPONSE_IS_NOT_CONFORM';\nexport const HTTP_REQUEST_FORBIDDEN = 'OAUTH_HTTP_REQUEST_FORBIDDEN';\nexport const REQUEST_PROTOCOL_FORBIDDEN = 'OAUTH_REQUEST_PROTOCOL_FORBIDDEN';\nexport const JWT_TIMESTAMP_CHECK = 'OAUTH_JWT_TIMESTAMP_CHECK_FAILED';\nexport const JWT_CLAIM_COMPARISON = 'OAUTH_JWT_CLAIM_COMPARISON_FAILED';\nexport const JSON_ATTRIBUTE_COMPARISON = 'OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED';\nexport const KEY_SELECTION = 'OAUTH_KEY_SELECTION_FAILED';\nexport const MISSING_SERVER_METADATA = 'OAUTH_MISSING_SERVER_METADATA';\nexport const INVALID_SERVER_METADATA = 'OAUTH_INVALID_SERVER_METADATA';\nfunction checkJwtType(expected, result) {\n if (typeof result.header.typ !== 'string' || normalizeTyp(result.header.typ) !== expected) {\n throw OPE('unexpected JWT \"typ\" header parameter value', INVALID_RESPONSE, {\n header: result.header,\n });\n }\n return result;\n}\nexport async function clientCredentialsGrantRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n return tokenEndpointRequest(as, client, clientAuthentication, 'client_credentials', new URLSearchParams(parameters), options);\n}\nexport async function genericTokenEndpointRequest(as, client, clientAuthentication, grantType, parameters, options) {\n assertAs(as);\n assertClient(client);\n assertString(grantType, '\"grantType\"');\n return tokenEndpointRequest(as, client, clientAuthentication, grantType, new URLSearchParams(parameters), options);\n}\nexport async function processGenericTokenEndpointResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function processClientCredentialsResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function revocationRequest(as, client, clientAuthentication, token, options) {\n assertAs(as);\n assertClient(client);\n assertString(token, '\"token\"');\n const url = resolveEndpoint(as, 'revocation_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(options?.additionalParameters);\n body.set('token', token);\n const headers = prepareHeaders(options?.headers);\n headers.delete('accept');\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processRevocationResponse(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Revocation Endpoint');\n return undefined;\n}\nfunction assertReadableResponse(response) {\n if (response.bodyUsed) {\n throw CodedTypeError('\"response\" body has been used already', ERR_INVALID_ARG_VALUE);\n }\n}\nexport async function introspectionRequest(as, client, clientAuthentication, token, options) {\n assertAs(as);\n assertClient(client);\n assertString(token, '\"token\"');\n const url = resolveEndpoint(as, 'introspection_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(options?.additionalParameters);\n body.set('token', token);\n const headers = prepareHeaders(options?.headers);\n if (options?.requestJwtResponse ?? client.introspection_signed_response_alg) {\n headers.set('accept', 'application/token-introspection+jwt');\n }\n else {\n headers.set('accept', 'application/json');\n }\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processIntrospectionResponse(as, client, response, options) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Introspection Endpoint');\n let json;\n if (getContentType(response) === 'application/token-introspection+jwt') {\n assertReadableResponse(response);\n const { claims, jwt } = await validateJwt(await response.text(), checkSigningAlgorithm.bind(undefined, client.introspection_signed_response_alg, as.introspection_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(checkJwtType.bind(undefined, 'token-introspection+jwt'))\n .then(validatePresence.bind(undefined, ['aud', 'iat', 'iss']))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n jwtRefs.set(response, jwt);\n if (!isJsonObject(claims.token_introspection)) {\n throw OPE('JWT \"token_introspection\" claim must be a JSON object', INVALID_RESPONSE, {\n claims,\n });\n }\n json = claims.token_introspection;\n }\n else {\n assertReadableResponse(response);\n json = await getResponseJsonBody(response);\n }\n if (typeof json.active !== 'boolean') {\n throw OPE('\"response\" body \"active\" property must be a boolean', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nasync function jwksRequest(as, options) {\n assertAs(as);\n const url = resolveEndpoint(as, 'jwks_uri', false, options?.[allowInsecureRequests] !== true);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n headers.append('accept', 'application/jwk-set+json');\n return (options?.[customFetch] || fetch)(url.href, {\n body: undefined,\n headers: Object.fromEntries(headers.entries()),\n method: 'GET',\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n}\nasync function processJwksResponse(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform JSON Web Key Set response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response, (response) => assertContentTypes(response, 'application/json', 'application/jwk-set+json'));\n if (!Array.isArray(json.keys)) {\n throw OPE('\"response\" body \"keys\" property must be an array', INVALID_RESPONSE, { body: json });\n }\n if (!Array.prototype.every.call(json.keys, isJsonObject)) {\n throw OPE('\"response\" body \"keys\" property members must be JWK formatted objects', INVALID_RESPONSE, { body: json });\n }\n return json;\n}\nfunction supported(alg) {\n switch (alg) {\n case 'PS256':\n case 'ES256':\n case 'RS256':\n case 'PS384':\n case 'ES384':\n case 'RS384':\n case 'PS512':\n case 'ES512':\n case 'RS512':\n case 'Ed25519':\n case 'EdDSA':\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n return true;\n default:\n return false;\n }\n}\nfunction checkSupportedJwsAlg(header) {\n if (!supported(header.alg)) {\n throw new UnsupportedOperationError('unsupported JWS \"alg\" identifier', {\n cause: { alg: header.alg },\n });\n }\n}\nfunction checkRsaKeyAlgorithm(key) {\n const { algorithm } = key;\n if (typeof algorithm.modulusLength !== 'number' || algorithm.modulusLength < 2048) {\n throw new UnsupportedOperationError(`unsupported ${algorithm.name} modulusLength`, {\n cause: key,\n });\n }\n}\nfunction ecdsaHashName(key) {\n const { algorithm } = key;\n switch (algorithm.namedCurve) {\n case 'P-256':\n return 'SHA-256';\n case 'P-384':\n return 'SHA-384';\n case 'P-521':\n return 'SHA-512';\n default:\n throw new UnsupportedOperationError('unsupported ECDSA namedCurve', { cause: key });\n }\n}\nfunction keyToSubtle(key) {\n switch (key.algorithm.name) {\n case 'ECDSA':\n return {\n name: key.algorithm.name,\n hash: ecdsaHashName(key),\n };\n case 'RSA-PSS': {\n checkRsaKeyAlgorithm(key);\n switch (key.algorithm.hash.name) {\n case 'SHA-256':\n case 'SHA-384':\n case 'SHA-512':\n return {\n name: key.algorithm.name,\n saltLength: parseInt(key.algorithm.hash.name.slice(-3), 10) >> 3,\n };\n default:\n throw new UnsupportedOperationError('unsupported RSA-PSS hash name', { cause: key });\n }\n }\n case 'RSASSA-PKCS1-v1_5':\n checkRsaKeyAlgorithm(key);\n return key.algorithm.name;\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n case 'Ed25519':\n return key.algorithm.name;\n }\n throw new UnsupportedOperationError('unsupported CryptoKey algorithm name', { cause: key });\n}\nasync function validateJwsSignature(protectedHeader, payload, key, signature) {\n const data = buf(`${protectedHeader}.${payload}`);\n const algorithm = keyToSubtle(key);\n const verified = await crypto.subtle.verify(algorithm, key, signature, data);\n if (!verified) {\n throw OPE('JWT signature verification failed', INVALID_RESPONSE, {\n key,\n data,\n signature,\n algorithm,\n });\n }\n}\nasync function validateJwt(jws, checkAlg, clockSkew, clockTolerance, decryptJwt) {\n let { 0: protectedHeader, 1: payload, length } = jws.split('.');\n if (length === 5) {\n if (decryptJwt !== undefined) {\n jws = await decryptJwt(jws);\n ({ 0: protectedHeader, 1: payload, length } = jws.split('.'));\n }\n else {\n throw new UnsupportedOperationError('JWE decryption is not configured', { cause: jws });\n }\n }\n if (length !== 3) {\n throw OPE('Invalid JWT', INVALID_RESPONSE, jws);\n }\n let header;\n try {\n header = JSON.parse(buf(b64u(protectedHeader)));\n }\n catch (cause) {\n throw OPE('failed to parse JWT Header body as base64url encoded JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(header)) {\n throw OPE('JWT Header must be a top level object', INVALID_RESPONSE, jws);\n }\n checkAlg(header);\n if (header.crit !== undefined) {\n throw new UnsupportedOperationError('no JWT \"crit\" header parameter extensions are supported', {\n cause: { header },\n });\n }\n let claims;\n try {\n claims = JSON.parse(buf(b64u(payload)));\n }\n catch (cause) {\n throw OPE('failed to parse JWT Payload body as base64url encoded JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(claims)) {\n throw OPE('JWT Payload must be a top level object', INVALID_RESPONSE, jws);\n }\n const now = epochTime() + clockSkew;\n if (claims.exp !== undefined) {\n if (typeof claims.exp !== 'number') {\n throw OPE('unexpected JWT \"exp\" (expiration time) claim type', INVALID_RESPONSE, { claims });\n }\n if (claims.exp <= now - clockTolerance) {\n throw OPE('unexpected JWT \"exp\" (expiration time) claim value, expiration is past current timestamp', JWT_TIMESTAMP_CHECK, { claims, now, tolerance: clockTolerance, claim: 'exp' });\n }\n }\n if (claims.iat !== undefined) {\n if (typeof claims.iat !== 'number') {\n throw OPE('unexpected JWT \"iat\" (issued at) claim type', INVALID_RESPONSE, { claims });\n }\n }\n if (claims.iss !== undefined) {\n if (typeof claims.iss !== 'string') {\n throw OPE('unexpected JWT \"iss\" (issuer) claim type', INVALID_RESPONSE, { claims });\n }\n }\n if (claims.nbf !== undefined) {\n if (typeof claims.nbf !== 'number') {\n throw OPE('unexpected JWT \"nbf\" (not before) claim type', INVALID_RESPONSE, { claims });\n }\n if (claims.nbf > now + clockTolerance) {\n throw OPE('unexpected JWT \"nbf\" (not before) claim value', JWT_TIMESTAMP_CHECK, {\n claims,\n now,\n tolerance: clockTolerance,\n claim: 'nbf',\n });\n }\n }\n if (claims.aud !== undefined) {\n if (typeof claims.aud !== 'string' && !Array.isArray(claims.aud)) {\n throw OPE('unexpected JWT \"aud\" (audience) claim type', INVALID_RESPONSE, { claims });\n }\n }\n return { header, claims, jwt: jws };\n}\nexport async function validateJwtAuthResponse(as, client, parameters, expectedState, options) {\n assertAs(as);\n assertClient(client);\n if (parameters instanceof URL) {\n parameters = parameters.searchParams;\n }\n if (!(parameters instanceof URLSearchParams)) {\n throw CodedTypeError('\"parameters\" must be an instance of URLSearchParams, or URL', ERR_INVALID_ARG_TYPE);\n }\n const response = getURLSearchParameter(parameters, 'response');\n if (!response) {\n throw OPE('\"parameters\" does not contain a JARM response', INVALID_RESPONSE);\n }\n const { claims, header, jwt } = await validateJwt(response, checkSigningAlgorithm.bind(undefined, client.authorization_signed_response_alg, as.authorization_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(validatePresence.bind(undefined, ['aud', 'exp', 'iss']))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = jwt.split('.');\n const signature = b64u(encodedSignature);\n const key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, signature);\n const result = new URLSearchParams();\n for (const [key, value] of Object.entries(claims)) {\n if (typeof value === 'string' && key !== 'aud') {\n result.set(key, value);\n }\n }\n return validateAuthResponse(as, client, result, expectedState);\n}\nasync function idTokenHash(data, header, claimName) {\n let algorithm;\n switch (header.alg) {\n case 'RS256':\n case 'PS256':\n case 'ES256':\n algorithm = 'SHA-256';\n break;\n case 'RS384':\n case 'PS384':\n case 'ES384':\n algorithm = 'SHA-384';\n break;\n case 'RS512':\n case 'PS512':\n case 'ES512':\n case 'Ed25519':\n case 'EdDSA':\n algorithm = 'SHA-512';\n break;\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n algorithm = { name: 'cSHAKE256', length: 512, outputLength: 512 };\n break;\n default:\n throw new UnsupportedOperationError(`unsupported JWS algorithm for ${claimName} calculation`, { cause: { alg: header.alg } });\n }\n const digest = await crypto.subtle.digest(algorithm, buf(data));\n return b64u(digest.slice(0, digest.byteLength / 2));\n}\nasync function idTokenHashMatches(data, actual, header, claimName) {\n const expected = await idTokenHash(data, header, claimName);\n return actual === expected;\n}\nexport async function validateDetachedSignatureResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options) {\n return validateHybridResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options, true);\n}\nexport async function validateCodeIdTokenResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options) {\n return validateHybridResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options, false);\n}\nasync function consumeStream(request) {\n if (request.bodyUsed) {\n throw CodedTypeError('form_post Request instances must contain a readable body', ERR_INVALID_ARG_VALUE, { cause: request });\n }\n return request.text();\n}\nexport async function formPostResponse(request) {\n if (request.method !== 'POST') {\n throw CodedTypeError('form_post responses are expected to use the POST method', ERR_INVALID_ARG_VALUE, { cause: request });\n }\n if (getContentType(request) !== 'application/x-www-form-urlencoded') {\n throw CodedTypeError('form_post responses are expected to use the application/x-www-form-urlencoded content-type', ERR_INVALID_ARG_VALUE, { cause: request });\n }\n return consumeStream(request);\n}\nasync function validateHybridResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options, fapi) {\n assertAs(as);\n assertClient(client);\n if (parameters instanceof URL) {\n if (!parameters.hash.length) {\n throw CodedTypeError('\"parameters\" as an instance of URL must contain a hash (fragment) with the Authorization Response parameters', ERR_INVALID_ARG_VALUE);\n }\n parameters = new URLSearchParams(parameters.hash.slice(1));\n }\n else if (looseInstanceOf(parameters, Request)) {\n parameters = new URLSearchParams(await formPostResponse(parameters));\n }\n else if (parameters instanceof URLSearchParams) {\n parameters = new URLSearchParams(parameters);\n }\n else {\n throw CodedTypeError('\"parameters\" must be an instance of URLSearchParams, URL, or Response', ERR_INVALID_ARG_TYPE);\n }\n const id_token = getURLSearchParameter(parameters, 'id_token');\n parameters.delete('id_token');\n switch (expectedState) {\n case undefined:\n case expectNoState:\n break;\n default:\n assertString(expectedState, '\"expectedState\" argument');\n }\n const result = validateAuthResponse({\n ...as,\n authorization_response_iss_parameter_supported: false,\n }, client, parameters, expectedState);\n if (!id_token) {\n throw OPE('\"parameters\" does not contain an ID Token', INVALID_RESPONSE);\n }\n const code = getURLSearchParameter(parameters, 'code');\n if (!code) {\n throw OPE('\"parameters\" does not contain an Authorization Code', INVALID_RESPONSE);\n }\n const requiredClaims = [\n 'aud',\n 'exp',\n 'iat',\n 'iss',\n 'sub',\n 'nonce',\n 'c_hash',\n ];\n const state = parameters.get('state');\n if (fapi && (typeof expectedState === 'string' || state !== null)) {\n requiredClaims.push('s_hash');\n }\n if (maxAge !== undefined) {\n assertNumber(maxAge, true, '\"maxAge\" argument');\n }\n else if (client.default_max_age !== undefined) {\n assertNumber(client.default_max_age, true, '\"client.default_max_age\"');\n }\n maxAge ??= client.default_max_age ?? skipAuthTimeCheck;\n if (client.require_auth_time || maxAge !== skipAuthTimeCheck) {\n requiredClaims.push('auth_time');\n }\n const { claims, header, jwt } = await validateJwt(id_token, checkSigningAlgorithm.bind(undefined, client.id_token_signed_response_alg, as.id_token_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(validatePresence.bind(undefined, requiredClaims))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n const clockSkew = getClockSkew(client);\n const now = epochTime() + clockSkew;\n if (claims.iat < now - 3600) {\n throw OPE('unexpected JWT \"iat\" (issued at) claim value, it is too far in the past', JWT_TIMESTAMP_CHECK, { now, claims, claim: 'iat' });\n }\n assertString(claims.c_hash, 'ID Token \"c_hash\" (code hash) claim value', INVALID_RESPONSE, {\n claims,\n });\n if (claims.auth_time !== undefined) {\n assertNumber(claims.auth_time, true, 'ID Token \"auth_time\" (authentication time)', INVALID_RESPONSE, { claims });\n }\n if (maxAge !== skipAuthTimeCheck) {\n const now = epochTime() + getClockSkew(client);\n const tolerance = getClockTolerance(client);\n if (claims.auth_time + maxAge < now - tolerance) {\n throw OPE('too much time has elapsed since the last End-User authentication', JWT_TIMESTAMP_CHECK, { claims, now, tolerance, claim: 'auth_time' });\n }\n }\n assertString(expectedNonce, '\"expectedNonce\" argument');\n if (claims.nonce !== expectedNonce) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: expectedNonce,\n claims,\n claim: 'nonce',\n });\n }\n if (Array.isArray(claims.aud) && claims.aud.length !== 1) {\n if (claims.azp === undefined) {\n throw OPE('ID Token \"aud\" (audience) claim includes additional untrusted audiences', JWT_CLAIM_COMPARISON, { claims, claim: 'aud' });\n }\n if (claims.azp !== client.client_id) {\n throw OPE('unexpected ID Token \"azp\" (authorized party) claim value', JWT_CLAIM_COMPARISON, {\n expected: client.client_id,\n claims,\n claim: 'azp',\n });\n }\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = jwt.split('.');\n const signature = b64u(encodedSignature);\n const key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, signature);\n if ((await idTokenHashMatches(code, claims.c_hash, header, 'c_hash')) !== true) {\n throw OPE('invalid ID Token \"c_hash\" (code hash) claim value', JWT_CLAIM_COMPARISON, {\n code,\n alg: header.alg,\n claim: 'c_hash',\n claims,\n });\n }\n if ((fapi && state !== null) || claims.s_hash !== undefined) {\n assertString(claims.s_hash, 'ID Token \"s_hash\" (state hash) claim value', INVALID_RESPONSE, {\n claims,\n });\n assertString(state, '\"state\" response parameter', INVALID_RESPONSE, { parameters });\n if ((await idTokenHashMatches(state, claims.s_hash, header, 's_hash')) !== true) {\n throw OPE('invalid ID Token \"s_hash\" (state hash) claim value', JWT_CLAIM_COMPARISON, {\n state,\n alg: header.alg,\n claim: 's_hash',\n claims,\n });\n }\n }\n return result;\n}\nfunction checkSigningAlgorithm(client, issuer, fallback, header) {\n if (client !== undefined) {\n if (typeof client === 'string' ? header.alg !== client : !client.includes(header.alg)) {\n throw OPE('unexpected JWT \"alg\" header parameter', INVALID_RESPONSE, {\n header,\n expected: client,\n reason: 'client configuration',\n });\n }\n return;\n }\n if (Array.isArray(issuer)) {\n if (!issuer.includes(header.alg)) {\n throw OPE('unexpected JWT \"alg\" header parameter', INVALID_RESPONSE, {\n header,\n expected: issuer,\n reason: 'authorization server metadata',\n });\n }\n return;\n }\n if (fallback !== undefined) {\n if (typeof fallback === 'string'\n ? header.alg !== fallback\n : typeof fallback === 'function'\n ? !fallback(header.alg)\n : !fallback.includes(header.alg)) {\n throw OPE('unexpected JWT \"alg\" header parameter', INVALID_RESPONSE, {\n header,\n expected: fallback,\n reason: 'default value',\n });\n }\n return;\n }\n throw OPE('missing client or server configuration to verify used JWT \"alg\" header parameter', undefined, { client, issuer, fallback });\n}\nfunction getURLSearchParameter(parameters, name) {\n const { 0: value, length } = parameters.getAll(name);\n if (length > 1) {\n throw OPE(`\"${name}\" parameter must be provided only once`, INVALID_RESPONSE);\n }\n return value;\n}\nexport const skipStateCheck = Symbol();\nexport const expectNoState = Symbol();\nexport function validateAuthResponse(as, client, parameters, expectedState) {\n assertAs(as);\n assertClient(client);\n if (parameters instanceof URL) {\n parameters = parameters.searchParams;\n }\n if (!(parameters instanceof URLSearchParams)) {\n throw CodedTypeError('\"parameters\" must be an instance of URLSearchParams, or URL', ERR_INVALID_ARG_TYPE);\n }\n if (getURLSearchParameter(parameters, 'response')) {\n throw OPE('\"parameters\" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()', INVALID_RESPONSE, { parameters });\n }\n const iss = getURLSearchParameter(parameters, 'iss');\n const state = getURLSearchParameter(parameters, 'state');\n if (!iss && as.authorization_response_iss_parameter_supported) {\n throw OPE('response parameter \"iss\" (issuer) missing', INVALID_RESPONSE, { parameters });\n }\n if (iss && iss !== as.issuer) {\n throw OPE('unexpected \"iss\" (issuer) response parameter value', INVALID_RESPONSE, {\n expected: as.issuer,\n parameters,\n });\n }\n switch (expectedState) {\n case undefined:\n case expectNoState:\n if (state !== undefined) {\n throw OPE('unexpected \"state\" response parameter encountered', INVALID_RESPONSE, {\n expected: undefined,\n parameters,\n });\n }\n break;\n case skipStateCheck:\n break;\n default:\n assertString(expectedState, '\"expectedState\" argument');\n if (state !== expectedState) {\n throw OPE(state === undefined\n ? 'response parameter \"state\" missing'\n : 'unexpected \"state\" response parameter value', INVALID_RESPONSE, { expected: expectedState, parameters });\n }\n }\n const error = getURLSearchParameter(parameters, 'error');\n if (error) {\n throw new AuthorizationResponseError('authorization response from the server is an error', {\n cause: parameters,\n });\n }\n const id_token = getURLSearchParameter(parameters, 'id_token');\n const token = getURLSearchParameter(parameters, 'token');\n if (id_token !== undefined || token !== undefined) {\n throw new UnsupportedOperationError('implicit and hybrid flows are not supported');\n }\n return brand(new URLSearchParams(parameters));\n}\nfunction algToSubtle(alg) {\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };\n case 'ES256':\n case 'ES384':\n return { name: 'ECDSA', namedCurve: `P-${alg.slice(-3)}` };\n case 'ES512':\n return { name: 'ECDSA', namedCurve: 'P-521' };\n case 'EdDSA':\n return 'Ed25519';\n case 'Ed25519':\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n return alg;\n default:\n throw new UnsupportedOperationError('unsupported JWS algorithm', { cause: { alg } });\n }\n}\nasync function importJwk(alg, jwk) {\n const { ext, key_ops, use, ...key } = jwk;\n return crypto.subtle.importKey('jwk', key, algToSubtle(alg), true, ['verify']);\n}\nexport async function deviceAuthorizationRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'device_authorization_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(parameters);\n body.set('client_id', client.client_id);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processDeviceAuthorizationResponse(as, client, response) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Device Authorization Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.device_code, '\"response\" body \"device_code\" property', INVALID_RESPONSE, {\n body: json,\n });\n assertString(json.user_code, '\"response\" body \"user_code\" property', INVALID_RESPONSE, {\n body: json,\n });\n assertString(json.verification_uri, '\"response\" body \"verification_uri\" property', INVALID_RESPONSE, { body: json });\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n if (json.verification_uri_complete !== undefined) {\n assertString(json.verification_uri_complete, '\"response\" body \"verification_uri_complete\" property', INVALID_RESPONSE, { body: json });\n }\n if (json.interval !== undefined) {\n assertNumber(json.interval, false, '\"response\" body \"interval\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nexport async function deviceCodeGrantRequest(as, client, clientAuthentication, deviceCode, options) {\n assertAs(as);\n assertClient(client);\n assertString(deviceCode, '\"deviceCode\"');\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('device_code', deviceCode);\n return tokenEndpointRequest(as, client, clientAuthentication, 'urn:ietf:params:oauth:grant-type:device_code', parameters, options);\n}\nexport async function processDeviceCodeResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function generateKeyPair(alg, options) {\n assertString(alg, '\"alg\"');\n const algorithm = algToSubtle(alg);\n if (alg.startsWith('PS') || alg.startsWith('RS')) {\n Object.assign(algorithm, {\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n });\n }\n return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, [\n 'sign',\n 'verify',\n ]);\n}\nfunction normalizeHtu(htu) {\n const url = new URL(htu);\n url.search = '';\n url.hash = '';\n return url.href;\n}\nasync function validateDPoP(request, accessToken, accessTokenClaims, options) {\n const headerValue = request.headers.get('dpop');\n if (headerValue === null) {\n throw OPE('operation indicated DPoP use but the request has no DPoP HTTP Header', INVALID_REQUEST, { headers: request.headers });\n }\n if (request.headers.get('authorization')?.toLowerCase().startsWith('dpop ') === false) {\n throw OPE(`operation indicated DPoP use but the request's Authorization HTTP Header scheme is not DPoP`, INVALID_REQUEST, { headers: request.headers });\n }\n if (typeof accessTokenClaims.cnf?.jkt !== 'string') {\n throw OPE('operation indicated DPoP use but the JWT Access Token has no jkt confirmation claim', INVALID_REQUEST, { claims: accessTokenClaims });\n }\n const clockSkew = getClockSkew(options);\n const proof = await validateJwt(headerValue, checkSigningAlgorithm.bind(undefined, options?.signingAlgorithms, undefined, supported), clockSkew, getClockTolerance(options), undefined)\n .then(checkJwtType.bind(undefined, 'dpop+jwt'))\n .then(validatePresence.bind(undefined, ['iat', 'jti', 'ath', 'htm', 'htu']));\n const now = epochTime() + clockSkew;\n const diff = Math.abs(now - proof.claims.iat);\n if (diff > 300) {\n throw OPE('DPoP Proof iat is not recent enough', JWT_TIMESTAMP_CHECK, {\n now,\n claims: proof.claims,\n claim: 'iat',\n });\n }\n if (proof.claims.htm !== request.method) {\n throw OPE('DPoP Proof htm mismatch', JWT_CLAIM_COMPARISON, {\n expected: request.method,\n claims: proof.claims,\n claim: 'htm',\n });\n }\n if (typeof proof.claims.htu !== 'string' ||\n normalizeHtu(proof.claims.htu) !== normalizeHtu(request.url)) {\n throw OPE('DPoP Proof htu mismatch', JWT_CLAIM_COMPARISON, {\n expected: normalizeHtu(request.url),\n claims: proof.claims,\n claim: 'htu',\n });\n }\n {\n const expected = b64u(await crypto.subtle.digest('SHA-256', buf(accessToken)));\n if (proof.claims.ath !== expected) {\n throw OPE('DPoP Proof ath mismatch', JWT_CLAIM_COMPARISON, {\n expected,\n claims: proof.claims,\n claim: 'ath',\n });\n }\n }\n const { jwk, alg } = proof.header;\n if (!isJsonObject(jwk)) {\n throw OPE('DPoP Proof jwk header parameter must be a JSON object', INVALID_REQUEST, {\n header: proof.header,\n });\n }\n {\n const expected = await calculateJwkThumbprint(jwk);\n if (accessTokenClaims.cnf.jkt !== expected) {\n throw OPE('JWT Access Token confirmation mismatch', JWT_CLAIM_COMPARISON, {\n expected,\n claims: accessTokenClaims,\n claim: 'cnf.jkt',\n });\n }\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = headerValue.split('.');\n const signature = b64u(encodedSignature);\n const key = await importJwk(alg, jwk);\n if (key.type !== 'public') {\n throw OPE('DPoP Proof jwk header parameter must contain a public key', INVALID_REQUEST, {\n header: proof.header,\n });\n }\n await validateJwsSignature(protectedHeader, payload, key, signature);\n}\nexport async function validateJwtAccessToken(as, request, expectedAudience, options) {\n assertAs(as);\n if (!looseInstanceOf(request, Request)) {\n throw CodedTypeError('\"request\" must be an instance of Request', ERR_INVALID_ARG_TYPE);\n }\n assertString(expectedAudience, '\"expectedAudience\"');\n const authorization = request.headers.get('authorization');\n if (authorization === null) {\n throw OPE('\"request\" is missing an Authorization HTTP Header', INVALID_REQUEST, {\n headers: request.headers,\n });\n }\n let { 0: scheme, 1: accessToken, length } = authorization.split(' ');\n scheme = scheme.toLowerCase();\n switch (scheme) {\n case 'dpop':\n case 'bearer':\n break;\n default:\n throw new UnsupportedOperationError('unsupported Authorization HTTP Header scheme', {\n cause: { headers: request.headers },\n });\n }\n if (length !== 2) {\n throw OPE('invalid Authorization HTTP Header format', INVALID_REQUEST, {\n headers: request.headers,\n });\n }\n const requiredClaims = [\n 'iss',\n 'exp',\n 'aud',\n 'sub',\n 'iat',\n 'jti',\n 'client_id',\n ];\n if (options?.requireDPoP || scheme === 'dpop' || request.headers.has('dpop')) {\n requiredClaims.push('cnf');\n }\n const { claims, header } = await validateJwt(accessToken, checkSigningAlgorithm.bind(undefined, options?.signingAlgorithms, undefined, supported), getClockSkew(options), getClockTolerance(options), undefined)\n .then(checkJwtType.bind(undefined, 'at+jwt'))\n .then(validatePresence.bind(undefined, requiredClaims))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, expectedAudience))\n .catch(reassignRSCode);\n for (const claim of ['client_id', 'jti', 'sub']) {\n if (typeof claims[claim] !== 'string') {\n throw OPE(`unexpected JWT \"${claim}\" claim type`, INVALID_REQUEST, { claims });\n }\n }\n if ('cnf' in claims) {\n if (!isJsonObject(claims.cnf)) {\n throw OPE('unexpected JWT \"cnf\" (confirmation) claim value', INVALID_REQUEST, { claims });\n }\n const { 0: cnf, length } = Object.keys(claims.cnf);\n if (length) {\n if (length !== 1) {\n throw new UnsupportedOperationError('multiple confirmation claims are not supported', {\n cause: { claims },\n });\n }\n if (cnf !== 'jkt') {\n throw new UnsupportedOperationError('unsupported JWT Confirmation method', {\n cause: { claims },\n });\n }\n }\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = accessToken.split('.');\n const signature = b64u(encodedSignature);\n const key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, signature);\n if (options?.requireDPoP ||\n scheme === 'dpop' ||\n claims.cnf?.jkt !== undefined ||\n request.headers.has('dpop')) {\n await validateDPoP(request, accessToken, claims, options).catch(reassignRSCode);\n }\n return claims;\n}\nfunction reassignRSCode(err) {\n if (err instanceof OperationProcessingError && err?.code === INVALID_REQUEST) {\n err.code = INVALID_RESPONSE;\n }\n throw err;\n}\nexport async function backchannelAuthenticationRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'backchannel_authentication_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(parameters);\n body.set('client_id', client.client_id);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processBackchannelAuthenticationResponse(as, client, response) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Backchannel Authentication Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.auth_req_id, '\"response\" body \"auth_req_id\" property', INVALID_RESPONSE, {\n body: json,\n });\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n if (json.interval !== undefined) {\n assertNumber(json.interval, false, '\"response\" body \"interval\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nexport async function backchannelAuthenticationGrantRequest(as, client, clientAuthentication, authReqId, options) {\n assertAs(as);\n assertClient(client);\n assertString(authReqId, '\"authReqId\"');\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('auth_req_id', authReqId);\n return tokenEndpointRequest(as, client, clientAuthentication, 'urn:openid:params:grant-type:ciba', parameters, options);\n}\nexport async function processBackchannelAuthenticationGrantResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function dynamicClientRegistrationRequest(as, metadata, options) {\n assertAs(as);\n const url = resolveEndpoint(as, 'registration_endpoint', metadata.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n headers.set('content-type', 'application/json');\n const method = 'POST';\n if (options?.DPoP) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, method, options.initialAccessToken);\n }\n if (options?.initialAccessToken) {\n headers.set('authorization', `${headers.has('dpop') ? 'DPoP' : 'Bearer'} ${options.initialAccessToken}`);\n }\n const response = await (options?.[customFetch] || fetch)(url.href, {\n body: JSON.stringify(metadata),\n headers: Object.fromEntries(headers.entries()),\n method,\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nexport async function processDynamicClientRegistrationResponse(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 201, 'Dynamic Client Registration Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.client_id, '\"response\" body \"client_id\" property', INVALID_RESPONSE, {\n body: json,\n });\n if (json.client_secret !== undefined) {\n assertString(json.client_secret, '\"response\" body \"client_secret\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n if (json.client_secret) {\n assertNumber(json.client_secret_expires_at, true, '\"response\" body \"client_secret_expires_at\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nexport async function resourceDiscoveryRequest(resourceIdentifier, options) {\n return performDiscovery(resourceIdentifier, 'resourceIdentifier', (url) => {\n prependWellKnown(url, '.well-known/oauth-protected-resource', true);\n return url;\n }, options);\n}\nexport async function processResourceDiscoveryResponse(expectedResourceIdentifier, response) {\n const expected = expectedResourceIdentifier;\n if (!(expected instanceof URL) && expected !== _nodiscoverycheck) {\n throw CodedTypeError('\"expectedResourceIdentifier\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform Resource Server Metadata response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.resource, '\"response\" body \"resource\" property', INVALID_RESPONSE, {\n body: json,\n });\n if (expected !== _nodiscoverycheck && new URL(json.resource).href !== expected.href) {\n throw OPE('\"response\" body \"resource\" property does not match the expected value', JSON_ATTRIBUTE_COMPARISON, { expected: expected.href, body: json, attribute: 'resource' });\n }\n return json;\n}\nasync function getResponseJsonBody(response, check = assertApplicationJson) {\n let json;\n try {\n json = await response.json();\n }\n catch (cause) {\n check(response);\n throw OPE('failed to parse \"response\" body as JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(json)) {\n throw OPE('\"response\" body must be a top level object', INVALID_RESPONSE, { body: json });\n }\n return json;\n}\nexport const _nopkce = nopkce;\nexport const _nodiscoverycheck = Symbol();\nexport const _expectedIssuer = Symbol();\n//# sourceMappingURL=index.js.map",
|
|
47
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport * as oauth from \"oauth4webapi\";\nimport { AuthContext } from \"../auth.js\";\nimport type { AuthenticateFn } from \"./auth.js\";\n\n/** Options for {@link jwtAuthenticate}, configuring JWT Bearer-token validation. */\nexport interface JwtAuthenticateOptions {\n /** The expected `iss` claim (also used to discover AS metadata). */\n issuer: string;\n /** The expected `aud` claim. If an array, tries each audience in order. */\n audience: string | string[];\n /** Explicit JWKS URI. If omitted, discovered from issuer metadata. */\n jwksUri?: string;\n /** JWT claim to use as the principal. Default: \"sub\". */\n principalClaim?: string;\n /** AuthContext domain. Default: \"jwt\". */\n domain?: string;\n}\n\n/**\n * Create an AuthenticateFn that validates JWT Bearer tokens using oauth4webapi.\n *\n * On first call, discovers the Authorization Server metadata from the issuer\n * to obtain the JWKS URI (unless `jwksUri` is provided directly).\n */\nexport function jwtAuthenticate(options: JwtAuthenticateOptions): AuthenticateFn {\n const principalClaim = options.principalClaim ?? \"sub\";\n const domain = options.domain ?? \"jwt\";\n const audience = options.audience;\n\n let asPromise: Promise<oauth.AuthorizationServer> | null = null;\n\n async function getAuthorizationServer(): Promise<oauth.AuthorizationServer> {\n if (options.jwksUri) {\n return {\n issuer: options.issuer as `https://${string}`,\n jwks_uri: options.jwksUri,\n };\n }\n const issuerUrl = new URL(options.issuer);\n const response = await oauth.discoveryRequest(issuerUrl);\n return oauth.processDiscoveryResponse(issuerUrl, response);\n }\n\n return async function authenticate(request: Request): Promise<AuthContext> {\n if (!asPromise) {\n asPromise = getAuthorizationServer();\n }\n\n let as: oauth.AuthorizationServer;\n try {\n as = await asPromise;\n } catch (error) {\n // Reset so next request retries discovery\n asPromise = null;\n throw error;\n }\n\n // validateJwtAccessToken throws on failure, returns claims on success\n // oauth4webapi only accepts a single string, so iterate if multiple audiences\n const audiences = Array.isArray(audience) ? audience : [audience];\n let claims: oauth.JWTAccessTokenClaims | undefined;\n let lastError: unknown;\n for (const aud of audiences) {\n try {\n claims = await oauth.validateJwtAccessToken(as, request, aud);\n break;\n } catch (error) {\n lastError = error;\n }\n }\n if (!claims) {\n throw lastError;\n }\n const principal = (claims[principalClaim] as string | undefined) ?? null;\n\n return new AuthContext(domain, true, principal, claims as unknown as Record<string, any>);\n };\n}\n",
|
|
48
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { AuthContext } from \"../auth.js\";\nimport type { AuthenticateFn } from \"./auth.js\";\n\n// Indirect-string require so esbuild doesn't pull node:crypto into the bundle.\n// X509Certificate and createHash are used only by the PEM-based mTLS factories;\n// callers on workerd should not configure mTLS.\nconst _NODE_CRYPTO_MOD = \"node:crypto\";\ntype X509Certificate = any;\nfunction _loadNodeCrypto(): { X509Certificate: any; createHash: any } {\n const req: any = (import.meta as any).require ?? (globalThis as any).require ?? null;\n if (!req) {\n throw new Error(\"mTLS PEM-based authentication requires Node.js or Bun (node:crypto).\");\n }\n const nc = req(_NODE_CRYPTO_MOD);\n return { X509Certificate: nc.X509Certificate, createHash: nc.createHash };\n}\n\n// ---------------------------------------------------------------------------\n// XFCC types and parser (no crypto needed)\n// ---------------------------------------------------------------------------\n\n/** A single element from an `x-forwarded-client-cert` header. */\nexport interface XfccElement {\n /** Hex SHA-256 digest of the client certificate (`Hash` key). */\n hash: string | null;\n /** URL-decoded PEM of the client certificate (`Cert` key), if the proxy\n * forwarded it. */\n cert: string | null;\n /** Certificate Subject DN (`Subject` key). */\n subject: string | null;\n /** URL-decoded URI-type Subject Alternative Name (`URI` key). */\n uri: string | null;\n /** DNS-type Subject Alternative Names (`DNS` keys); may repeat in the header. */\n dns: readonly string[];\n /** URL-decoded URI of the proxy that presented the cert (`By` key). */\n by: string | null;\n}\n\n/** Receives a parsed XFCC element, returns an AuthContext on success. Must throw on failure. */\nexport type XfccValidateFn = (element: XfccElement) => AuthContext | Promise<AuthContext>;\n\n/** Receives a parsed X509Certificate, returns an AuthContext on success. Must throw on failure. */\nexport type CertValidateFn = (cert: X509Certificate) => AuthContext | Promise<AuthContext>;\n\nfunction splitRespectingQuotes(text: string, delimiter: string): string[] {\n const parts: string[] = [];\n let current: string[] = [];\n let inQuotes = false;\n let i = 0;\n while (i < text.length) {\n const ch = text[i];\n if (ch === '\"') {\n inQuotes = !inQuotes;\n current.push(ch);\n } else if (ch === \"\\\\\" && inQuotes && i + 1 < text.length) {\n current.push(ch);\n current.push(text[i + 1]);\n i++;\n } else if (ch === delimiter && !inQuotes) {\n parts.push(current.join(\"\"));\n current = [];\n } else {\n current.push(ch);\n }\n i++;\n }\n parts.push(current.join(\"\"));\n return parts;\n}\n\nfunction unescapeQuoted(text: string): string {\n return text.replace(/\\\\(.)/g, \"$1\");\n}\n\n/** Extract the CN value from an RFC 4514 or similar DN string. */\nfunction extractCn(subject: string): string {\n for (const part of subject.split(/(?<!\\\\),/)) {\n const trimmed = part.trim();\n if (trimmed.toUpperCase().startsWith(\"CN=\")) {\n return trimmed.slice(3);\n }\n }\n return \"\";\n}\n\n/**\n * Parse an `x-forwarded-client-cert` header value.\n *\n * Handles comma-separated elements (respecting quoted values),\n * semicolon-separated key=value pairs within each element, and\n * URL-encoded Cert/URI/By fields.\n */\nexport function parseXfcc(headerValue: string): XfccElement[] {\n const elements: XfccElement[] = [];\n for (const rawElement of splitRespectingQuotes(headerValue, \",\")) {\n const trimmed = rawElement.trim();\n if (!trimmed) continue;\n const pairs = splitRespectingQuotes(trimmed, \";\");\n const fields: Record<string, string | string[]> = {};\n for (const pair of pairs) {\n const p = pair.trim();\n if (!p) continue;\n const eqIdx = p.indexOf(\"=\");\n if (eqIdx < 0) continue;\n const key = p.slice(0, eqIdx).trim().toLowerCase();\n let value = p.slice(eqIdx + 1).trim();\n if (value.length >= 2 && value[0] === '\"' && value[value.length - 1] === '\"') {\n value = unescapeQuoted(value.slice(1, -1));\n }\n if (key === \"cert\" || key === \"uri\" || key === \"by\") {\n value = decodeURIComponent(value);\n }\n if (key === \"dns\") {\n const existing = fields.dns;\n if (Array.isArray(existing)) {\n existing.push(value);\n } else {\n fields.dns = [value];\n }\n } else {\n fields[key] = value;\n }\n }\n const dns = Array.isArray(fields.dns) ? fields.dns : [];\n elements.push({\n hash: typeof fields.hash === \"string\" ? fields.hash : null,\n cert: typeof fields.cert === \"string\" ? fields.cert : null,\n subject: typeof fields.subject === \"string\" ? fields.subject : null,\n uri: typeof fields.uri === \"string\" ? fields.uri : null,\n dns,\n by: typeof fields.by === \"string\" ? fields.by : null,\n });\n }\n return elements;\n}\n\n/**\n * Create an authenticate callback from Envoy `x-forwarded-client-cert`.\n *\n * Parses the `x-forwarded-client-cert` header and extracts client identity.\n * Does not require any crypto dependencies.\n *\n * **Warning:** The reverse proxy MUST strip client-supplied\n * `x-forwarded-client-cert` headers before forwarding.\n */\nexport function mtlsAuthenticateXfcc(options?: {\n validate?: XfccValidateFn;\n domain?: string;\n selectElement?: \"first\" | \"last\";\n}): AuthenticateFn {\n const validate = options?.validate;\n const domain = options?.domain ?? \"mtls\";\n const selectElement = options?.selectElement ?? \"first\";\n\n return async function authenticate(request: Request): Promise<AuthContext> {\n const headerValue = request.headers.get(\"x-forwarded-client-cert\");\n if (!headerValue) {\n throw new Error(\"Missing x-forwarded-client-cert header\");\n }\n const elements = parseXfcc(headerValue);\n if (elements.length === 0) {\n throw new Error(\"Empty x-forwarded-client-cert header\");\n }\n const element = selectElement === \"first\" ? elements[0] : elements[elements.length - 1];\n if (validate) {\n return validate(element);\n }\n const principal = element.subject ? extractCn(element.subject) : \"\";\n const claims: Record<string, any> = {};\n if (element.hash) claims.hash = element.hash;\n if (element.subject) claims.subject = element.subject;\n if (element.uri) claims.uri = element.uri;\n if (element.dns.length > 0) claims.dns = [...element.dns];\n if (element.by) claims.by = element.by;\n return new AuthContext(domain, true, principal, claims);\n };\n}\n\n// ---------------------------------------------------------------------------\n// PEM-based factories (uses node:crypto X509Certificate)\n// ---------------------------------------------------------------------------\n\nfunction parseCertFromHeader(request: Request, header: string): X509Certificate {\n const raw = request.headers.get(header);\n if (!raw) {\n throw new Error(`Missing ${header} header`);\n }\n const pemStr = decodeURIComponent(raw);\n if (!pemStr.startsWith(\"-----BEGIN CERTIFICATE-----\")) {\n throw new Error(\"Header value is not a PEM certificate\");\n }\n const { X509Certificate } = _loadNodeCrypto();\n try {\n return new X509Certificate(pemStr);\n } catch (exc) {\n throw new Error(`Failed to parse PEM certificate: ${exc}`);\n }\n}\n\nfunction checkCertExpiry(cert: X509Certificate): void {\n const now = new Date();\n const notBefore = new Date(cert.validFrom);\n const notAfter = new Date(cert.validTo);\n if (now < notBefore) {\n throw new Error(\"Certificate is not yet valid\");\n }\n if (now > notAfter) {\n throw new Error(\"Certificate has expired\");\n }\n}\n\n/**\n * Create an mTLS authenticate callback with custom certificate validation.\n *\n * Generic factory that parses the client certificate from a proxy header\n * and delegates identity extraction to a user-supplied `validate` callback.\n *\n * **Warning:** The reverse proxy MUST strip client-supplied certificate\n * headers before forwarding.\n */\nexport function mtlsAuthenticate(options: {\n validate: CertValidateFn;\n header?: string;\n checkExpiry?: boolean;\n}): AuthenticateFn {\n const { validate, header = \"X-SSL-Client-Cert\", checkExpiry = false } = options;\n\n return async function authenticate(request: Request): Promise<AuthContext> {\n const cert = parseCertFromHeader(request, header);\n if (checkExpiry) {\n checkCertExpiry(cert);\n }\n return validate(cert);\n };\n}\n\nconst SUPPORTED_ALGORITHMS = new Set([\"sha256\", \"sha1\", \"sha384\", \"sha512\"]);\n\n/**\n * Create an mTLS authenticate callback using certificate fingerprint lookup.\n *\n * Computes the certificate fingerprint and looks it up in the provided\n * mapping. Fingerprints must be lowercase hex without colons.\n */\nexport function mtlsAuthenticateFingerprint(options: {\n fingerprints: ReadonlyMap<string, AuthContext> | Record<string, AuthContext>;\n header?: string;\n algorithm?: string;\n domain?: string;\n checkExpiry?: boolean;\n}): AuthenticateFn {\n const { fingerprints, header, algorithm = \"sha256\", checkExpiry } = options;\n if (!SUPPORTED_ALGORITHMS.has(algorithm)) {\n throw new Error(`Unsupported hash algorithm: ${algorithm}`);\n }\n const entries: ReadonlyMap<string, AuthContext> =\n fingerprints instanceof Map ? fingerprints : new Map(Object.entries(fingerprints));\n\n function validate(cert: X509Certificate): AuthContext {\n const { createHash } = _loadNodeCrypto();\n const fp = createHash(algorithm).update(cert.raw).digest(\"hex\");\n const ctx = entries.get(fp);\n if (!ctx) {\n throw new Error(`Unknown certificate fingerprint: ${fp}`);\n }\n return ctx;\n }\n\n return mtlsAuthenticate({ validate, header, checkExpiry });\n}\n\n/**\n * Create an mTLS authenticate callback using certificate subject CN.\n *\n * Extracts the Subject Common Name as `principal` and populates\n * `claims` with the full DN, serial number (hex), and `not_valid_after`.\n */\nexport function mtlsAuthenticateSubject(options?: {\n header?: string;\n domain?: string;\n allowedSubjects?: ReadonlySet<string> | null;\n checkExpiry?: boolean;\n}): AuthenticateFn {\n const { header, domain = \"mtls\", allowedSubjects = null, checkExpiry } = options ?? {};\n\n function validate(cert: X509Certificate): AuthContext {\n // Node's cert.subject is \\n-separated \"KEY=value\" lines\n const subjectParts: string[] = cert.subject\n .split(\"\\n\")\n .map((s: string) => s.trim())\n .filter(Boolean);\n const subjectDn = subjectParts.join(\", \");\n\n let cn = \"\";\n for (const part of subjectParts) {\n if (part.toUpperCase().startsWith(\"CN=\")) {\n cn = part.slice(3);\n break;\n }\n }\n\n if (allowedSubjects !== null && !allowedSubjects.has(cn)) {\n throw new Error(`Subject CN '${cn}' not in allowed subjects`);\n }\n\n const serialHex = BigInt(`0x${cert.serialNumber}`).toString(16);\n const notValidAfter = new Date(cert.validTo).toISOString();\n\n return new AuthContext(domain, true, cn, {\n subject_dn: subjectDn,\n serial: serialHex,\n not_valid_after: notValidAfter,\n });\n }\n\n return mtlsAuthenticate({ validate, header, checkExpiry });\n}\n",
|
|
49
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Hash a worker tuple (argv + cwd + filtered env) into a deterministic\n * 16-hex-character identifier.\n *\n * Cross-language contract — must match Python's `vgi_rpc.launcher.compute_hash`\n * byte-for-byte so the same worker tuple resolves to the same socket path\n * regardless of which language's launcher discovered it first. The\n * canonical form is:\n *\n * ```python\n * canonical = {\n * \"cmd\": list(worker_argv),\n * \"cwd\": cwd if cwd is not None else os.getcwd(),\n * \"env\": {k: v for k, v in sorted(os.environ.items()) if k.startswith(\"VGI_RPC_\")},\n * }\n * payload = json.dumps(canonical, sort_keys=True, separators=(\",\", \":\")).encode(\"utf-8\")\n * sha256(payload).hexdigest()[:16]\n * ```\n *\n * `scripts/regenerate_launcher_parity_vectors.py` in vgi-rpc-python emits a\n * golden vector table; the parity test in `test/launcher.hash.test.ts`\n * asserts byte equality against it.\n */\n\nconst HASH_LEN = 16;\n\n/** Recursively stringify with sorted object keys and `,`/`:` separators —\n * the JS equivalent of `json.dumps(..., sort_keys=True, separators=(\",\",\":\"))`.\n * We can't reuse `JSON.stringify` because the V8 implementation preserves\n * insertion order rather than sorting. */\nfunction canonicalJson(value: unknown): string {\n if (value === null) return \"null\";\n if (typeof value === \"boolean\") return value ? \"true\" : \"false\";\n if (typeof value === \"number\") {\n // Python json emits integers without a trailing `.0` and floats with the\n // shortest round-trippable form. JS `JSON.stringify` matches this for\n // both integer-valued and finite floats; `Infinity`/`NaN` would diverge\n // (Python raises) but they shouldn't occur in launcher payloads.\n return JSON.stringify(value);\n }\n if (typeof value === \"string\") return JSON.stringify(value);\n if (Array.isArray(value)) {\n return `[${value.map(canonicalJson).join(\",\")}]`;\n }\n if (typeof value === \"object\") {\n const keys = Object.keys(value as Record<string, unknown>).sort();\n const parts = keys.map((k) => `${JSON.stringify(k)}:${canonicalJson((value as Record<string, unknown>)[k])}`);\n return `{${parts.join(\",\")}}`;\n }\n throw new TypeError(`canonicalJson: unsupported type ${typeof value}`);\n}\n\nasync function sha256Hex(data: Uint8Array): Promise<string> {\n // Web Crypto digest accepts BufferSource; copy into a fresh ArrayBuffer\n // to dodge SharedArrayBuffer constraints in some runtimes.\n const buf = new ArrayBuffer(data.byteLength);\n new Uint8Array(buf).set(data);\n const digest = await crypto.subtle.digest(\"SHA-256\", buf);\n return Array.from(new Uint8Array(digest))\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\");\n}\n\n/**\n * Compute the 16-hex-char tuple hash for a worker.\n *\n * @param workerArgv The worker command and its arguments.\n * @param cwd Working directory; defaults to `process.cwd()`.\n * @param env Process environment; defaults to `process.env`. Only\n * keys starting with `VGI_RPC_` participate in the hash —\n * workers that differ only in unrelated env (PATH,\n * HOME, …) intentionally share a worker.\n */\nexport async function computeHash(\n workerArgv: readonly string[],\n cwd?: string,\n env?: Record<string, string | undefined>,\n): Promise<string> {\n const cwdValue = cwd !== undefined ? cwd : process.cwd();\n const sourceEnv = env ?? (process.env as Record<string, string | undefined>);\n\n const filteredEnv: Record<string, string> = {};\n for (const key of Object.keys(sourceEnv)) {\n if (key.startsWith(\"VGI_RPC_\")) {\n const v = sourceEnv[key];\n if (v !== undefined) filteredEnv[key] = v;\n }\n }\n\n const canonical = {\n cmd: [...workerArgv],\n cwd: cwdValue,\n env: filteredEnv,\n };\n const payload = new TextEncoder().encode(canonicalJson(canonical));\n const hex = await sha256Hex(payload);\n return hex.slice(0, HASH_LEN);\n}\n\n/** Exposed for parity-test fixtures that need to inspect the canonical form. */\nexport const _internal = { canonicalJson };\n",
|
|
50
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Generic Unix-socket worker launcher — TypeScript port of\n * `vgi_rpc.launcher.launch`.\n *\n * Coordinates spawn-or-reuse of long-running worker processes that serve\n * RPC over `AF_UNIX` sockets. Designed for clients that want a warm\n * worker without managing its lifecycle themselves.\n *\n * Architecture (cross-language identical to the Python implementation):\n *\n * - The launcher derives a deterministic socket path from a hash of the\n * worker command tuple (cmd + args + cwd + `VGI_RPC_*` env), so the\n * same worker is reused across unrelated callers.\n * - Concurrent first-callers serialise on a per-hash lockfile.\n * - Each spawned worker self-terminates after `idleTimeout` seconds with\n * zero connected clients (the worker side enforces this — see the\n * `serveUnix` runner in the same module for TS workers, or\n * `vgi_rpc.rpc.serve_unix` for Python).\n *\n * Worker contract — across language ports:\n *\n * - Accept `--unix PATH` and `--idle-timeout SEC` on the command line.\n * - Emit exactly one line `UNIX:<absolute-path>\\n` on **stdout** (flushed)\n * once bind+listen succeed. Write nothing further to stdout afterward.\n * - Tolerate (or suppress) stdout noise *before* the bind line — the\n * launcher skips non-`UNIX:` prefix lines for resilience.\n */\n\nimport { type ChildProcessWithoutNullStreams, spawn } from \"node:child_process\";\nimport { createWriteStream, unlinkSync } from \"node:fs\";\n\nimport { computeHash } from \"./hash.js\";\nimport { acquireLock, tryAcquireLock } from \"./lock.js\";\nimport { defaultStateDir, gcStateDir, probeSocket, socketPaths, writeMeta } from \"./state.js\";\n\n/** Maximum number of stale entries the opportunistic in-launch GC scans. */\nconst DEFAULT_GC_LIMIT = 16;\n\n/** Inputs to {@link launch}. */\nexport interface LaunchConfig {\n /** The worker command and its arguments. Must be non-empty. */\n workerArgv: readonly string[];\n /** Explicit socket path; when omitted, derived from the hash of the tuple. */\n socketPath?: string;\n /** Worker self-shutdown after this many seconds idle. Forwarded as\n * `--idle-timeout SEC`. Default: 300. */\n idleTimeout?: number;\n /** Maximum seconds to block waiting for the per-hash file lock. Default: 30. */\n connectTimeout?: number;\n /** Maximum seconds to wait for the worker to print `UNIX:<path>`. Default: 60. */\n workerStartupTimeout?: number;\n /** If set, worker stderr is appended to this file; otherwise discarded. */\n workerStderr?: string;\n /** Override the default state directory. */\n stateDir?: string;\n}\n\n/**\n * Ensure a worker is running and return its socket path.\n *\n * Either the existing worker for this hash is reused (probe succeeds) or\n * a fresh one is spawned under flock. Throws on any failure to bring up\n * a worker.\n */\nexport async function launch(config: LaunchConfig): Promise<string> {\n if (!config.workerArgv || config.workerArgv.length === 0) {\n throw new Error(\"workerArgv must be non-empty\");\n }\n const stateDir = config.stateDir ?? defaultStateDir();\n const idleTimeout = config.idleTimeout ?? 300;\n const connectTimeoutMs = (config.connectTimeout ?? 30) * 1000;\n const startupTimeoutMs = (config.workerStartupTimeout ?? 60) * 1000;\n\n let lockPath: string;\n let sockPath: string;\n let metaPath: string | null;\n let hashId: string | null;\n\n if (config.socketPath !== undefined) {\n const { resolve } = await import(\"node:path\");\n sockPath = resolve(config.socketPath);\n // Explicit paths get a sibling lock, no .meta, skipped by status/gc.\n lockPath = `${sockPath}.lock`;\n metaPath = null;\n hashId = null;\n } else {\n hashId = await computeHash(config.workerArgv);\n const paths = socketPaths(stateDir, hashId);\n lockPath = paths.lockPath;\n sockPath = paths.sockPath;\n metaPath = paths.metaPath;\n }\n\n const handle = await acquireLock(lockPath, connectTimeoutMs);\n try {\n // Probe — maybe a worker is already serving for this hash.\n if (await probeSocket(sockPath)) {\n return sockPath;\n }\n // Stale socket cleanup.\n try {\n unlinkSync(sockPath);\n } catch {\n // ENOENT is normal; anything else is broadened away (matches Python's\n // OSError suppression for Windows ERROR_SHARING_VIOLATION).\n }\n if (metaPath !== null) {\n writeMeta(metaPath, config.workerArgv, process.cwd(), sockPath);\n }\n await spawnWorker(config.workerArgv, sockPath, idleTimeout, config.workerStderr ?? null, startupTimeoutMs);\n return sockPath;\n } finally {\n handle.release();\n // Opportunistic GC after release — bounded so it can't dominate runtime.\n if (hashId !== null) {\n try {\n await gcStateDir(\n stateDir,\n async (p) => {\n const h = tryAcquireLock(p);\n return h ? () => h.release() : null;\n },\n { limit: DEFAULT_GC_LIMIT, excludeHash: hashId },\n );\n } catch {\n // GC is best-effort.\n }\n }\n }\n}\n\n/** Spawn the worker, wait for `UNIX:<path>` on stdout, return when ready. */\nasync function spawnWorker(\n workerArgv: readonly string[],\n sockPath: string,\n idleTimeout: number,\n workerStderr: string | null,\n startupTimeoutMs: number,\n): Promise<void> {\n const fullArgv = [...workerArgv, \"--unix\", sockPath, \"--idle-timeout\", String(idleTimeout)];\n const [cmd, ...rest] = fullArgv;\n\n const stderrTarget = workerStderr === null ? \"ignore\" : \"pipe\";\n\n const proc = spawn(cmd, rest, {\n stdio: [\"ignore\", \"pipe\", stderrTarget],\n detached: false,\n }) as ChildProcessWithoutNullStreams;\n\n if (workerStderr !== null && proc.stderr) {\n // Append mode so multiple worker generations share one log file.\n const sink = createWriteStream(workerStderr, { flags: \"a\" });\n proc.stderr.pipe(sink);\n }\n\n const expectedPrefix = `UNIX:${sockPath}`;\n\n // Read line-by-line from stdout until we see the bind announcement.\n const reader = lineReader(proc.stdout);\n const deadline = Date.now() + startupTimeoutMs;\n\n while (Date.now() < deadline) {\n // Race the next stdout line against the worker's exit and the deadline.\n const remaining = deadline - Date.now();\n const result = await Promise.race([\n reader.next().then((r) => ({ kind: \"line\" as const, value: r })),\n onceExit(proc).then((rc) => ({ kind: \"exit\" as const, rc })),\n delay(remaining).then(() => ({ kind: \"timeout\" as const })),\n ]);\n\n if (result.kind === \"exit\") {\n throw new Error(`worker exited before readiness (rc=${result.rc})`);\n }\n if (result.kind === \"timeout\") {\n proc.kill(\"SIGTERM\");\n throw new Error(`worker did not emit UNIX:<path> within ${startupTimeoutMs}ms`);\n }\n if (result.value.done) {\n // stdout closed without the announcement.\n const rc = await onceExit(proc);\n throw new Error(`worker exited before readiness (rc=${rc})`);\n }\n const line = result.value.value;\n if (line.startsWith(\"UNIX:\")) {\n if (line !== expectedPrefix) {\n proc.kill(\"SIGTERM\");\n throw new Error(\n `worker bound to unexpected path: ${JSON.stringify(line)} (expected ${JSON.stringify(expectedPrefix)})`,\n );\n }\n // Drain remaining stdout so a buffer-full doesn't deadlock the worker.\n reader.drainAndDiscard();\n return;\n }\n // Non-matching prefix — third-party noise; log at debug and keep reading.\n process.env.VGI_RPC_LAUNCHER_DEBUG &&\n process.stderr.write(`launcher: skipping pre-bind stdout line: ${JSON.stringify(line)}\\n`);\n }\n proc.kill(\"SIGTERM\");\n throw new Error(`worker did not emit UNIX:<path> within ${startupTimeoutMs}ms`);\n}\n\n// ---------------------------------------------------------------------------\n// Internal helpers\n// ---------------------------------------------------------------------------\n\ninterface LineReader {\n next(): Promise<{ done: boolean; value: string }>;\n drainAndDiscard(): void;\n}\n\n/** Newline-delimited line reader over a Node Readable stream. */\nfunction lineReader(stream: NodeJS.ReadableStream): LineReader {\n let buffer = \"\";\n let ended = false;\n const queued: string[] = [];\n const waiters: Array<(line: { done: boolean; value: string }) => void> = [];\n let discardMode = false;\n\n const flushWaiter = () => {\n if (waiters.length === 0) return;\n if (queued.length > 0) {\n const w = waiters.shift();\n w?.({ done: false, value: queued.shift() ?? \"\" });\n } else if (ended) {\n const w = waiters.shift();\n w?.({ done: true, value: \"\" });\n }\n };\n\n stream.setEncoding?.(\"utf8\");\n stream.on(\"data\", (chunk) => {\n if (discardMode) return;\n buffer += String(chunk);\n for (;;) {\n const nl = buffer.indexOf(\"\\n\");\n if (nl < 0) break;\n const line = buffer.slice(0, nl).replace(/\\r$/, \"\");\n buffer = buffer.slice(nl + 1);\n queued.push(line);\n }\n flushWaiter();\n });\n stream.on(\"end\", () => {\n ended = true;\n if (buffer.length > 0) {\n queued.push(buffer.replace(/\\r$/, \"\"));\n buffer = \"\";\n }\n flushWaiter();\n });\n stream.on(\"error\", () => {\n ended = true;\n flushWaiter();\n });\n\n return {\n next() {\n return new Promise((resolve) => {\n waiters.push(resolve);\n flushWaiter();\n });\n },\n drainAndDiscard() {\n discardMode = true;\n // Drop any queued lines and let the stream flow into the void.\n queued.length = 0;\n stream.resume?.();\n },\n };\n}\n\nfunction onceExit(proc: ChildProcessWithoutNullStreams): Promise<number | null> {\n return new Promise((resolve) => {\n proc.once(\"exit\", (code) => resolve(code));\n });\n}\n\nfunction delay(ms: number): Promise<void> {\n return new Promise((r) => setTimeout(r, Math.max(0, ms)));\n}\n",
|
|
51
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Cross-process file lock with PID-stamp fallback.\n *\n * Python's launcher uses `filelock` (POSIX `flock(2)` / Windows\n * `LockFileEx`), which auto-releases on process death. Node has no\n * equivalent in its standard library, so we approximate it with a\n * persistent PID-stamp protocol:\n *\n * - File exists, empty content → unlocked (slot marker)\n * - File exists, content `<PID>`, PID alive → held by that PID\n * - File exists, content `<PID>`, PID dead → stale, treat as unlocked\n * - File doesn't exist → unlocked (slot never used)\n *\n * The lockfile **persists** after release (we truncate to zero bytes\n * rather than unlinking) so cross-language scanners — `statusRows` /\n * `gcStateDir` here and Python's `gc_state_dir` — can use lockfile\n * presence as a \"this hash slot has been used at some point\" marker\n * even when no launcher is currently coordinating.\n *\n * The acquire path has a small race window: between reading the stamp\n * and writing ours, another process can interleave. Mitigations:\n *\n * 1. After writing our PID we re-read and verify; on mismatch we\n * retry up to a small bound, then back off.\n * 2. The launcher's bind() step is itself a kernel mutex — two\n * workers racing past the lock will see exactly one bind()\n * succeed; the other fails fast with EADDRINUSE and the second\n * launcher's spawnWorker() surfaces the error.\n *\n * That's looser than `flock`-based mutual exclusion but adequate for\n * the launcher's use case: the protected critical section is short\n * (probe + spawn).\n */\n\nimport { closeSync, constants as FS, openSync, readSync, statSync, writeSync } from \"node:fs\";\n\n/** Result of a successful lock acquisition. */\nexport interface FileLockHandle {\n /** Path to the lockfile (informational). */\n readonly path: string;\n /** Release the lock — truncates the file to zero bytes; the file\n * itself persists as a slot marker. Idempotent. */\n release(): void;\n}\n\nconst POLL_MS = 50;\n/** Max retries for the post-write verify step. */\nconst VERIFY_RETRIES = 5;\n\nfunction pidAlive(pid: number): boolean {\n if (!Number.isInteger(pid) || pid <= 0) return false;\n try {\n process.kill(pid, 0);\n return true;\n } catch (err) {\n return (err as { code?: string })?.code === \"EPERM\";\n }\n}\n\nfunction readPid(path: string): number {\n try {\n const fd = openSync(path, FS.O_RDONLY);\n try {\n const buf = Buffer.alloc(64);\n const n = readSync(fd, buf, 0, buf.length, 0);\n const text = buf.subarray(0, n).toString(\"utf8\").trim();\n if (text === \"\") return 0;\n const parsed = Number(text);\n return Number.isInteger(parsed) ? parsed : 0;\n } finally {\n closeSync(fd);\n }\n } catch {\n return 0;\n }\n}\n\nfunction tryStampPid(path: string): boolean {\n // Open r/w, creating if missing. Truncate to zero, write our PID.\n // The natural race here is mitigated by the post-write verify in the\n // caller.\n const fd = openSync(path, FS.O_RDWR | FS.O_CREAT, 0o600);\n try {\n // Truncate via ftruncateSync — Node's fs has it but only on the fd.\n // Use a fresh write at offset 0 with the full string and re-stat to\n // confirm the file is our PID's worth of bytes.\n const stamp = Buffer.from(String(process.pid), \"utf8\");\n // Truncate by reopening with O_TRUNC would re-create; instead use ftruncateSync.\n // Node 18+ has `fs.ftruncateSync`.\n const { ftruncateSync } = require(\"node:fs\");\n ftruncateSync(fd, 0);\n let written = 0;\n while (written < stamp.length) {\n const n = writeSync(fd, stamp, written, stamp.length - written, 0 + written);\n if (n <= 0) throw new Error(`writeSync returned ${n}`);\n written += n;\n }\n // Sanity stat — confirm the file is our stamp's size (lossy check\n // for the basic interleave race).\n const st = statSync(path);\n if (st.size !== stamp.length) return false;\n return true;\n } finally {\n closeSync(fd);\n }\n}\n\nfunction clearStamp(path: string): void {\n try {\n const fd = openSync(path, FS.O_RDWR);\n try {\n const { ftruncateSync } = require(\"node:fs\");\n ftruncateSync(fd, 0);\n } finally {\n closeSync(fd);\n }\n } catch {\n // already gone\n }\n}\n\n/**\n * Try to acquire the lock once, non-blocking.\n *\n * Returns a release callback on success, or `null` when the lock is\n * held by another live process. Stale stamps (PID not alive) are\n * cleared and the call retries.\n */\nexport function tryAcquireLock(lockPath: string): FileLockHandle | null {\n for (let attempt = 0; attempt < VERIFY_RETRIES; attempt++) {\n const existingPid = readPid(lockPath);\n if (existingPid > 0 && pidAlive(existingPid)) {\n // Held by a live process (possibly even ourselves on a different\n // call site — match Python's filelock semantics: not reentrant).\n return null;\n }\n // Stale, empty, or missing — try to claim the slot.\n if (!tryStampPid(lockPath)) continue;\n const verifyPid = readPid(lockPath);\n if (verifyPid !== process.pid) {\n // Lost the race to a peer that wrote after our truncate.\n continue;\n }\n let released = false;\n return {\n path: lockPath,\n release() {\n if (released) return;\n released = true;\n clearStamp(lockPath);\n },\n };\n }\n return null;\n}\n\n/** Async version that polls until the lock is acquired or the timeout fires. */\nexport async function acquireLock(lockPath: string, timeoutMs: number): Promise<FileLockHandle> {\n const deadline = Date.now() + Math.max(0, timeoutMs);\n for (;;) {\n const handle = tryAcquireLock(lockPath);\n if (handle) return handle;\n if (Date.now() >= deadline) {\n throw new Error(`failed to acquire ${lockPath} within ${timeoutMs}ms`);\n }\n await new Promise((r) => setTimeout(r, POLL_MS));\n }\n}\n",
|
|
52
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * State directory + lock/sock/meta path layout for the AF_UNIX worker\n * launcher. Mirrors `vgi_rpc.launcher` so cross-language tooling\n * resolves to identical filesystem locations.\n */\n\nimport { existsSync, mkdirSync, readFileSync, statSync, unlinkSync, writeFileSync } from \"node:fs\";\nimport { tmpdir } from \"node:os\";\nimport * as path from \"node:path\";\n\nimport { computeHash } from \"./hash.js\";\n\n/** Filesystem layout for one worker tuple: `<state_dir>/<hash>.{lock,sock,meta}`. */\nexport interface SocketPaths {\n /** Advisory lockfile path (`<hash>.lock`) guarding launch + liveness. */\n lockPath: string;\n /** AF_UNIX socket path (`<hash>.sock`) the worker binds. */\n sockPath: string;\n /** Launch-metadata JSON path (`<hash>.meta`) read by `--status`. */\n metaPath: string;\n}\n\n/** Derive the lock/sock/meta path triple for a worker `hashId` under `stateDir`. */\nexport function socketPaths(stateDir: string, hashId: string): SocketPaths {\n return {\n lockPath: path.join(stateDir, `${hashId}.lock`),\n sockPath: path.join(stateDir, `${hashId}.sock`),\n metaPath: path.join(stateDir, `${hashId}.meta`),\n };\n}\n\n/**\n * Resolve the per-user state directory used for lockfiles + sockets.\n *\n * - Linux: `$XDG_RUNTIME_DIR/vgi-rpc/` when set (systemd-managed,\n * auto-cleaned on logout); otherwise `$TMPDIR/vgi-rpc-$UID/`.\n * - macOS / BSD: `$TMPDIR/vgi-rpc-$UID/`.\n * - Windows: `$TMP/vgi-rpc/`.\n *\n * The directory is created mode 0700 if missing. On POSIX, we refuse to\n * operate on a directory not owned by the current user — defends against\n * a hijacked `/tmp/vgi-rpc-$UID` left by an attacker.\n */\nexport function defaultStateDir(): string {\n let base: string;\n if (process.platform === \"win32\") {\n base = path.join(tmpdir(), \"vgi-rpc\");\n } else {\n const xdg = process.env.XDG_RUNTIME_DIR;\n if (xdg) {\n base = path.join(xdg, \"vgi-rpc\");\n } else {\n const uid = typeof process.geteuid === \"function\" ? process.geteuid() : 0;\n base = path.join(tmpdir(), `vgi-rpc-${uid}`);\n }\n }\n mkdirSync(base, { recursive: true, mode: 0o700 });\n if (process.platform !== \"win32\" && typeof process.geteuid === \"function\") {\n // Tighten mode every call (cheap + idempotent) and refuse a hijacked dir.\n try {\n // chmodSync is in node:fs; using statSync is enough to read the owner.\n const st = statSync(base);\n if (st.uid !== process.geteuid()) {\n throw new Error(`state directory ${base} is not owned by current user`);\n }\n } catch (err) {\n if ((err as { code?: string })?.code === \"ENOENT\") {\n // Race with the mkdirSync above — leave it to the next caller.\n } else {\n throw err;\n }\n }\n }\n return base;\n}\n\n// ---------------------------------------------------------------------------\n// Meta file\n// ---------------------------------------------------------------------------\n\n/** Best-effort write of human-readable launch metadata. Used by `--status`. */\nexport function writeMeta(metaPath: string, workerArgv: readonly string[], cwd: string, sockPath: string): void {\n const payload = {\n cmd: [...workerArgv],\n cwd,\n socket: sockPath,\n started_at: Date.now() / 1000,\n launcher_pid: process.pid,\n };\n try {\n writeFileSync(metaPath, JSON.stringify(payload, null, 2), { encoding: \"utf8\", mode: 0o600 });\n } catch {\n // observability is best-effort\n }\n}\n\n// ---------------------------------------------------------------------------\n// Status / GC\n// ---------------------------------------------------------------------------\n\n/** One row of `--status` output describing a launched worker tuple. */\nexport interface StatusRow {\n /** Canonical hash identifying the worker tuple (the `<hash>` filename stem). */\n hashId: string;\n /** Worker argv recorded at launch, or `[]` when the meta file is missing. */\n cmd: string[];\n /** Working directory recorded at launch, or `\"\"` when unknown. */\n cwd: string;\n /** AF_UNIX socket path the worker binds. */\n socket: string;\n /** Unix epoch seconds the worker was launched, or `null` when unknown. */\n startedAt: number | null;\n /** Whether a probe connection to {@link StatusRow.socket} currently succeeds. */\n alive: boolean;\n}\n\n/** Outcome of a {@link gcStateDir} sweep. */\nexport interface GcResult {\n /** Hash IDs of stale entries that were removed. */\n cleaned: string[];\n /** Hash IDs whose lockfile is currently held (a launch is in flight or the\n * worker is alive). */\n skippedInUse: string[];\n}\n\n/** Probe whether anyone is currently accepting on `sockPath`. */\nexport async function probeSocket(sockPath: string, timeoutMs = 2000): Promise<boolean> {\n if (!existsSync(sockPath)) return false;\n // Lazy require so workerd / browser bundles that never call probeSocket\n // don't trip on `node:net`.\n const net = await import(\"node:net\");\n return new Promise<boolean>((resolve) => {\n const sock = net.createConnection({ path: sockPath });\n const timer = setTimeout(() => {\n sock.destroy();\n resolve(false);\n }, timeoutMs);\n sock.once(\"connect\", () => {\n clearTimeout(timer);\n sock.end();\n resolve(true);\n });\n sock.once(\"error\", () => {\n clearTimeout(timer);\n resolve(false);\n });\n });\n}\n\nfunction tryReadMeta(metaPath: string): { cmd: string[]; cwd: string; startedAt: number | null } {\n try {\n const raw = readFileSync(metaPath, \"utf8\");\n const meta = JSON.parse(raw);\n return {\n cmd: Array.isArray(meta.cmd) ? meta.cmd.map(String) : [],\n cwd: typeof meta.cwd === \"string\" ? meta.cwd : \"\",\n startedAt: typeof meta.started_at === \"number\" ? meta.started_at : null,\n };\n } catch {\n return { cmd: [], cwd: \"\", startedAt: null };\n }\n}\n\n/** List one row per `<hash>.lock` in `stateDir`. Read-only; takes no locks. */\nexport async function statusRows(stateDir: string): Promise<StatusRow[]> {\n const { readdirSync } = await import(\"node:fs\");\n const rows: StatusRow[] = [];\n let entries: string[];\n try {\n entries = readdirSync(stateDir);\n } catch {\n return rows;\n }\n for (const name of entries.sort()) {\n if (!name.endsWith(\".lock\")) continue;\n const hashId = name.slice(0, -5);\n const { sockPath, metaPath } = socketPaths(stateDir, hashId);\n const meta = tryReadMeta(metaPath);\n rows.push({\n hashId,\n cmd: meta.cmd,\n cwd: meta.cwd,\n socket: sockPath,\n startedAt: meta.startedAt,\n alive: await probeSocket(sockPath),\n });\n }\n return rows;\n}\n\n/**\n * Remove `<hash>.lock`/`.sock`/`.meta` triples whose worker is no longer\n * accepting connections.\n *\n * @param tryAcquire Function provided by the lock module so we don't pull\n * the lock implementation into a circular import. Returns a release\n * callback when the lock can be acquired non-blocking, or `null` when\n * it's already held (the worker is alive or another launch is in flight).\n */\nexport async function gcStateDir(\n stateDir: string,\n tryAcquire: (lockPath: string) => Promise<(() => void) | null>,\n options?: { limit?: number; excludeHash?: string },\n): Promise<GcResult> {\n const { readdirSync } = await import(\"node:fs\");\n const cleaned: string[] = [];\n const skipped: string[] = [];\n const limit = options?.limit ?? null;\n const excludeHash = options?.excludeHash ?? null;\n\n let entries: string[];\n try {\n entries = readdirSync(stateDir);\n } catch {\n return { cleaned, skippedInUse: skipped };\n }\n\n let seen = 0;\n for (const name of entries.sort()) {\n if (!name.endsWith(\".lock\")) continue;\n if (limit !== null && seen >= limit) break;\n seen += 1;\n const hashId = name.slice(0, -5);\n if (excludeHash !== null && hashId === excludeHash) continue;\n\n const { lockPath, sockPath, metaPath } = socketPaths(stateDir, hashId);\n const release = await tryAcquire(lockPath);\n if (release === null) {\n skipped.push(hashId);\n continue;\n }\n try {\n if (await probeSocket(sockPath)) {\n // Worker is alive but didn't hold its own lock — odd, but leave it.\n continue;\n }\n for (const p of [sockPath, metaPath, lockPath]) {\n try {\n unlinkSync(p);\n } catch {\n // best-effort\n }\n }\n cleaned.push(hashId);\n } finally {\n release();\n }\n }\n return { cleaned, skippedInUse: skipped };\n}\n\n/** Re-export for callers that want canonical hashing without going through the\n * launch entry point. */\nexport { computeHash };\n",
|
|
53
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * AF_UNIX worker runner for vgi-rpc TypeScript.\n *\n * Bind a deterministic Unix-domain socket, accept connections one at a\n * time (sequential listen, matching Python's `serve_unix`), and dispatch\n * each via the existing {@link VgiRpcServer.serveOne} loop. Implements\n * the cross-language launcher contract:\n *\n * - Accept `--unix PATH` and `--idle-timeout SEC` (parsed by callers).\n * - Emit `UNIX:<absolute-path>\\n` to stdout once bind+listen succeed.\n * - Self-terminate after `idleTimeout` seconds with zero connected\n * clients; the timer starts ticking only after a `startupGrace`\n * window so a slow first caller doesn't see the server vanish.\n */\n\nimport { existsSync, unlinkSync } from \"node:fs\";\nimport { createServer, type Server, type Socket } from \"node:net\";\nimport * as path from \"node:path\";\nimport { schema as makeSchema, serializeBatch } from \"../arrow/index.js\";\nimport { DESCRIBE_METHOD_NAME } from \"../constants.js\";\nimport { buildDescribeBatch } from \"../dispatch/describe.js\";\nimport { dispatchStream } from \"../dispatch/stream.js\";\nimport { dispatchUnary } from \"../dispatch/unary.js\";\nimport { RpcError, VersionError } from \"../errors.js\";\nimport type { ExternalLocationConfig } from \"../external.js\";\nimport type { Protocol } from \"../protocol.js\";\nimport {\n type CallStatistics,\n type DispatchHook,\n type DispatchInfo,\n MethodType,\n type ServeStartHook,\n TransportKind,\n} from \"../types.js\";\nimport { IpcStreamReader } from \"../wire/reader.js\";\nimport { applyDefaults, parseRequest } from \"../wire/request.js\";\nimport { buildErrorBatch } from \"../wire/response.js\";\nimport { IpcStreamWriter } from \"../wire/writer.js\";\n\nconst EMPTY_SCHEMA = makeSchema([]);\n\n/** Configuration for {@link serveUnix}. */\nexport interface ServeUnixOptions {\n /** Absolute path to the Unix socket file the worker should bind. */\n unixPath: string;\n /** Self-terminate after this many seconds with zero connected clients.\n * Default: 300. `0` disables the timer (server runs until killed). */\n idleTimeout?: number;\n /** Grace period after `listen()` succeeds before the idle timer starts\n * ticking. Default: 5 — gives the first launcher caller a chance to\n * connect after the `UNIX:<path>` announcement. */\n startupGraceSeconds?: number;\n /** Optional logical-service / protocol-contract version label. */\n protocolVersion?: string;\n /** Custom server identifier. */\n serverId?: string;\n /** Enable __describe__ method. Default: true. */\n enableDescribe?: boolean;\n /** Optional dispatch hook for observability. */\n dispatchHook?: DispatchHook;\n /** Optional external-storage config for large-batch externalisation. */\n externalLocation?: ExternalLocationConfig;\n /** Lifecycle hook fired once before the first dispatched request. */\n onServeStart?: ServeStartHook;\n /** Maximum sequential listen backlog. Mirrors Python's `serve_unix`\n * (`backlog=16`). Default: 16. */\n backlog?: number;\n /** Called *after* `listen()` returns successfully but *before*\n * `UNIX:<path>` is printed. The launcher uses this hook to write the\n * announcement only after we're sure the bind took. */\n onBound?: (sockPath: string) => void;\n /** Override the stream used for the `UNIX:<path>` line. Defaults to\n * `process.stdout`. */\n announcementSink?: NodeJS.WritableStream;\n}\n\n/** Handle returned by {@link serveUnix} for callers that want to stop the server. */\nexport interface ServeUnixHandle {\n /** Absolute path of the bound AF_UNIX socket the server is listening on. */\n readonly socketPath: string;\n /** Shut down the listener and unlink the socket file. */\n stop(): Promise<void>;\n /** Promise that resolves when the server has stopped (idle timeout, stop(),\n * or a fatal error). Mirrors Python's blocking `serve()` return. */\n readonly done: Promise<void>;\n}\n\n/**\n * Bind an AF_UNIX socket and serve `protocol` over per-connection IPC streams.\n *\n * Sequential listen — one client at a time, just like Python's `serve_unix`.\n * Each connection gets its own dispatch loop and shares the protocol.\n */\nexport async function serveUnix(protocol: Protocol, options: ServeUnixOptions): Promise<ServeUnixHandle> {\n const sockPath = path.resolve(options.unixPath);\n const idleTimeoutS = options.idleTimeout ?? 300;\n const startupGraceS = options.startupGraceSeconds ?? 5;\n const protocolVersion = options.protocolVersion ?? \"\";\n const serverId = options.serverId ?? crypto.randomUUID().replace(/-/g, \"\").slice(0, 12);\n const enableDescribe = options.enableDescribe ?? true;\n const dispatchHook = options.dispatchHook ?? null;\n const externalConfig = options.externalLocation;\n const onServeStart = options.onServeStart ?? null;\n const backlog = options.backlog ?? 16;\n const announcementSink = options.announcementSink ?? process.stdout;\n\n // Defensive probe-then-bind: an existing live worker on this path means a\n // peer launcher already won the race. Refuse to bind so we don't take\n // its connections. (A stale path with no listener was unlinked by the\n // launcher before spawning us, but a leftover from a co-launcher right\n // now is possible.)\n if (existsSync(sockPath)) {\n try {\n // Best-effort cleanup; bind below will surface any real conflict.\n unlinkSync(sockPath);\n } catch {\n // ignore — let listen() fail with EADDRINUSE.\n }\n }\n\n // Cache for __describe__ — Web-Crypto digest is async, so memoise.\n let describePromise: Promise<{ batch: import(\"../arrow/index.js\").VgiBatch; protocolHash: string }> | null = null;\n function describeInfo(): Promise<{ batch: import(\"../arrow/index.js\").VgiBatch; protocolHash: string }> {\n if (!describePromise) {\n describePromise = buildDescribeBatch(protocol.name, protocol.getMethods(), serverId).then(\n ({ batch, metadata }) => ({\n batch,\n protocolHash: metadata.get(\"vgi_rpc.protocol_hash\") ?? \"\",\n }),\n );\n }\n return describePromise;\n }\n\n // Lifecycle: only commit `serveStartFired` after the hook returns successfully.\n let serveStartFired = false;\n async function notifyTransport(): Promise<void> {\n if (serveStartFired) return;\n if (onServeStart) {\n await onServeStart(TransportKind.UNIX);\n }\n serveStartFired = true;\n }\n\n const server: Server = createServer({ allowHalfOpen: false });\n\n let activeConnections = 0;\n let idleTimer: ReturnType<typeof setTimeout> | null = null;\n let resolveDone: () => void = () => {};\n let rejectDone: (err: unknown) => void = () => {};\n const done = new Promise<void>((resolve, reject) => {\n resolveDone = resolve;\n rejectDone = reject;\n });\n let stopped = false;\n\n function armIdleTimer(): void {\n if (idleTimeoutS <= 0) return;\n if (idleTimer) clearTimeout(idleTimer);\n idleTimer = setTimeout(() => {\n if (activeConnections === 0 && !stopped) {\n void shutdown();\n }\n }, idleTimeoutS * 1000);\n }\n\n function disarmIdleTimer(): void {\n if (idleTimer) {\n clearTimeout(idleTimer);\n idleTimer = null;\n }\n }\n\n async function shutdown(): Promise<void> {\n if (stopped) return;\n stopped = true;\n disarmIdleTimer();\n await new Promise<void>((resolve) => {\n server.close(() => resolve());\n });\n try {\n unlinkSync(sockPath);\n } catch {\n // already gone\n }\n resolveDone();\n }\n\n server.on(\"connection\", (socket) => {\n activeConnections += 1;\n disarmIdleTimer();\n handleConnection(socket)\n .catch((err) => {\n // Per-connection errors must not take down the server — log to stderr\n // and let the next connection proceed.\n process.stderr.write(`vgi-rpc/unix: connection failed: ${(err as Error)?.message ?? err}\\n`);\n })\n .finally(() => {\n activeConnections -= 1;\n socket.destroy();\n if (activeConnections === 0 && !stopped) {\n armIdleTimer();\n }\n });\n });\n\n server.on(\"error\", (err) => {\n if (stopped) return;\n rejectDone(err);\n });\n\n async function handleConnection(socket: Socket): Promise<void> {\n // The reader takes any Node Readable; sockets are duplex Readables.\n const reader = await IpcStreamReader.create(socket);\n // Build the writer over the Socket itself, not its raw fd. AF_UNIX\n // sockets in Node are non-blocking; a fd-based writer would do\n // `fs.writeSync` and busy-wait on EAGAIN whenever the ~8 KB kernel send\n // buffer fills (trivial for any Arrow batch of meaningful size). That\n // synchronous wait freezes the shared event loop and starves every\n // *other* connection's handler — observed as 30 s `catalog_attach`\n // timeouts from co-running unittest processes. Going through\n // `socket.write` + `'drain'` lets the JS thread yield while the kernel\n // drains the buffer.\n const writer = new IpcStreamWriter(socket);\n\n try {\n // Fire on_serve_start lazily — first request retries on hook failure.\n await notifyTransport();\n\n while (true) {\n try {\n await serveOnce(reader, writer);\n } catch (e: unknown) {\n const err = e as { code?: string; message?: string };\n // EOF/closed client → end this connection cleanly.\n if (\n err?.message?.includes(\"closed\") ||\n err?.message?.includes(\"Expected Schema Message\") ||\n err?.message?.includes(\"null or length 0\") ||\n err?.message?.includes(\"EOF\") ||\n err?.code === \"EPIPE\" ||\n err?.code === \"ERR_STREAM_PREMATURE_CLOSE\" ||\n err?.code === \"ERR_STREAM_DESTROYED\"\n ) {\n return;\n }\n throw e;\n }\n }\n } finally {\n try {\n await reader.cancel();\n } catch {\n // already closed\n }\n }\n }\n\n async function serveOnce(reader: IpcStreamReader, writer: IpcStreamWriter): Promise<void> {\n const stream = await reader.readStream();\n if (!stream) {\n throw new Error(\"EOF\");\n }\n const { schema, batches } = stream;\n if (batches.length === 0) {\n const err = new RpcError(\"ProtocolError\", \"Request stream contains no batches\", \"\");\n const errBatch = buildErrorBatch(EMPTY_SCHEMA, err, serverId, null);\n await writer.writeStream(EMPTY_SCHEMA, [errBatch]);\n return;\n }\n const batch = batches[0];\n let methodName: string;\n let params: Record<string, unknown>;\n let requestId: string | null;\n try {\n const parsed = parseRequest(schema, batch);\n methodName = parsed.methodName;\n params = parsed.params;\n requestId = parsed.requestId;\n } catch (e: unknown) {\n const errBatch = buildErrorBatch(EMPTY_SCHEMA, e as Error, serverId, null);\n await writer.writeStream(EMPTY_SCHEMA, [errBatch]);\n if (e instanceof VersionError || e instanceof RpcError) return;\n throw e;\n }\n\n if (methodName === DESCRIBE_METHOD_NAME && enableDescribe) {\n const { batch: descBatch } = await describeInfo();\n await writer.writeStream(descBatch.schema, [descBatch]);\n return;\n }\n\n const methods = protocol.getMethods();\n const method = methods.get(methodName);\n if (!method) {\n const available = [...methods.keys()].sort();\n const err = new Error(`Unknown method: '${methodName}'. Available methods: [${available.join(\", \")}]`);\n const errBatch = buildErrorBatch(EMPTY_SCHEMA, err, serverId, requestId);\n await writer.writeStream(EMPTY_SCHEMA, [errBatch]);\n return;\n }\n\n const methodType = method.type === MethodType.UNARY ? \"unary\" : \"stream\";\n let requestData: Uint8Array | undefined;\n try {\n requestData = serializeBatch(batch);\n } catch {\n // best-effort\n }\n const { protocolHash } = await describeInfo();\n const info: DispatchInfo = {\n method: methodName,\n methodType,\n serverId,\n requestId,\n protocol: protocol.name,\n protocolHash,\n protocolVersion,\n kind: TransportKind.UNIX,\n principal: \"\",\n authDomain: \"\",\n authenticated: false,\n remoteAddr: \"\",\n requestData,\n };\n const stats: CallStatistics = {\n inputBatches: 0,\n outputBatches: 0,\n inputRows: 0,\n outputRows: 0,\n inputBytes: 0,\n outputBytes: 0,\n };\n\n const token = dispatchHook?.onDispatchStart(info);\n let dispatchError: Error | undefined;\n applyDefaults(params, method.defaults);\n try {\n if (method.type === MethodType.UNARY) {\n await dispatchUnary(method, params, writer, serverId, requestId, externalConfig, TransportKind.UNIX);\n } else {\n await dispatchStream(method, params, writer, reader, serverId, requestId, externalConfig, TransportKind.UNIX);\n }\n } catch (e) {\n dispatchError = e instanceof Error ? e : new Error(String(e));\n throw e;\n } finally {\n dispatchHook?.onDispatchEnd(token, info, stats, dispatchError);\n }\n }\n\n // bind + listen\n await new Promise<void>((resolve, reject) => {\n server.listen({ path: sockPath, backlog }, () => resolve());\n server.once(\"error\", (err) => reject(err));\n });\n\n // Set a tight mode on the bound socket so peers from other UIDs can't\n // even initiate a connection.\n try {\n const { chmodSync } = await import(\"node:fs\");\n chmodSync(sockPath, 0o600);\n } catch {\n // best-effort — operator-managed dirs may already be 0700\n }\n\n options.onBound?.(sockPath);\n // Cross-language launcher contract: announce on stdout.\n announcementSink.write(`UNIX:${sockPath}\\n`);\n\n // Start the idle timer with a startup grace window.\n if (idleTimeoutS > 0) {\n setTimeout(() => {\n if (activeConnections === 0 && !stopped) armIdleTimer();\n }, startupGraceS * 1000).unref?.();\n }\n\n return {\n socketPath: sockPath,\n stop: shutdown,\n done,\n };\n}\n",
|
|
54
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { conformBatchToSchema, schema as makeSchema, withBatchMetadata } from \"../arrow/index.js\";\nimport { CANCEL_KEY } from \"../constants.js\";\nimport { type ExternalLocationConfig, maybeExternalizeBatch } from \"../external.js\";\nimport type { MethodDefinition, TransportKind } from \"../types.js\";\nimport { OutputCollector } from \"../types.js\";\nimport type { IpcStreamReader } from \"../wire/reader.js\";\nimport { buildErrorBatch, buildResultBatch } from \"../wire/response.js\";\nimport type { IpcStreamWriter } from \"../wire/writer.js\";\n\nconst EMPTY_SCHEMA = makeSchema([]);\n\n/**\n * Dispatch a stream RPC call (producer or exchange).\n *\n * Producer streams (empty input schema):\n * - Client sends tick batches (empty schema, 0 rows)\n * - Server reads each tick, calls produce(state, out)\n * - Server writes output batch(es) for each tick\n * - When produce() calls out.finish(), server closes output stream\n *\n * Exchange streams (real input schema):\n * - Client sends data batches\n * - Server reads each batch, calls exchange(state, input, out)\n * - Server writes output batch(es) for each input\n * - Stream ends when client closes input (EOS)\n */\nexport async function dispatchStream(\n method: MethodDefinition,\n params: Record<string, any>,\n writer: IpcStreamWriter,\n reader: IpcStreamReader,\n serverId: string,\n requestId: string | null,\n externalConfig?: ExternalLocationConfig,\n kind?: TransportKind,\n): Promise<void> {\n const isProducer = !!method.producerFn;\n\n let state: any;\n try {\n if (isProducer) {\n state = await method.producerInit!(params);\n } else {\n state = await method.exchangeInit!(params);\n }\n } catch (error: any) {\n const errSchema = method.headerSchema ?? EMPTY_SCHEMA;\n const errBatch = buildErrorBatch(errSchema, error, serverId, requestId);\n await writer.writeStream(errSchema, [errBatch]);\n // Still need to consume the input stream from the client\n const inputSchema = await reader.openNextStream();\n if (inputSchema) {\n while ((await reader.readNextBatch()) !== null) {\n // drain\n }\n }\n return;\n }\n\n // Support dynamic output schemas: init may return state with __outputSchema\n // to override the method's registered output schema (needed for methods\n // like VGI's \"init\" that produce different schemas per invocation).\n const outputSchema = state?.__outputSchema ?? method.outputSchema!;\n\n // Effective producer mode: check state override (VGI \"init\" is registered as\n // exchange but may act as producer depending on the function type).\n const effectiveProducer = state?.__isProducer ?? isProducer;\n\n // Write header IPC stream if method has a header schema\n if (method.headerSchema && method.headerInit) {\n try {\n const headerOut = new OutputCollector(method.headerSchema, true, serverId, requestId, undefined, undefined, kind);\n const headerValues = method.headerInit(params, state, headerOut);\n const headerBatch = buildResultBatch(method.headerSchema, headerValues, serverId, requestId);\n const headerBatches = [...headerOut.batches.map((b) => b.batch), headerBatch];\n await writer.writeStream(method.headerSchema, headerBatches);\n } catch (error: any) {\n const errBatch = buildErrorBatch(method.headerSchema, error, serverId, requestId);\n await writer.writeStream(method.headerSchema, [errBatch]);\n // Drain input stream so client doesn't hang\n const inputSchema = await reader.openNextStream();\n if (inputSchema) {\n while ((await reader.readNextBatch()) !== null) {}\n }\n return;\n }\n }\n\n // Open the input IPC stream (ticks or data from client)\n const inputSchema = await reader.openNextStream();\n if (!inputSchema) {\n const errBatch = buildErrorBatch(outputSchema, new Error(\"Expected input stream but got EOF\"), serverId, requestId);\n await writer.writeStream(outputSchema, [errBatch]);\n return;\n }\n\n // Use a single continuous IPC stream for all output (matching Python vgi-rpc).\n // DuckDB exchanges are ping-pong: one input batch → one output batch on the\n // same stream. We use IncrementalStream which writes bytes synchronously.\n const stream = writer.openStream(outputSchema);\n\n // Expected input schema for casting compatible types (e.g., decimal→double).\n // State.__inputSchema overrides the method-registration schema per call,\n // mirroring the __outputSchema pattern. Used by dynamic-input exchange\n // methods (e.g., VGI's init, which binds to a user-supplied input shape).\n const expectedInputSchema = state?.__inputSchema ?? method.inputSchema;\n\n try {\n while (true) {\n let inputBatch = await reader.readNextBatch();\n if (!inputBatch) break;\n\n // Client cancellation: if the input batch carries vgi_rpc.cancel metadata,\n // end the stream cleanly without calling the producer/exchange handler.\n // The onCancel hook (if registered) runs once so state objects can\n // release resources.\n if (inputBatch.metadata?.get(CANCEL_KEY)) {\n if (method.onCancel) {\n try {\n await method.onCancel(state);\n } catch (err) {\n console.debug?.(`onCancel hook failed: ${err instanceof Error ? err.message : err}`);\n }\n }\n break;\n }\n\n // Cast compatible input types when schema doesn't match exactly.\n // Gated on effectiveProducer (not isProducer) so methods that flip to\n // producer mode via state.__isProducer skip the conform entirely — the\n // tick batches they receive have a dummy shape that shouldn't be checked.\n // Any conformance failure falls through with the original batch; the\n // exchange handler owns input-shape validation if it cares.\n if (expectedInputSchema && !effectiveProducer && inputBatch.schema !== expectedInputSchema) {\n try {\n inputBatch = conformBatchToSchema(inputBatch, expectedInputSchema);\n } catch (e) {\n // Field name/count mismatch (TypeError) is a hard contract violation —\n // propagate as an RpcError so callers see a structured failure instead\n // of a downstream hang or silent garbage. Other conform failures (e.g.\n // type-cast issues for dynamic-input handlers) fall through with the\n // original batch — handlers that bind their input shape per-call\n // should set state.__inputSchema so the conform doesn't run at all.\n if (e instanceof TypeError) throw e;\n console.debug?.(`Schema conformance skipped: ${e instanceof Error ? e.message : e}`);\n }\n }\n\n const out = new OutputCollector(outputSchema, effectiveProducer, serverId, requestId, undefined, undefined, kind);\n\n if (isProducer) {\n await method.producerFn!(state, out);\n } else {\n await method.exchangeFn!(state, inputBatch, out);\n }\n\n for (const emitted of out.batches) {\n let batch = emitted.batch;\n if (externalConfig) {\n batch = await maybeExternalizeBatch(batch, externalConfig);\n }\n // Attach per-emit metadata (e.g. vgi_batch_index,\n // vgi_partition_values#b64) as the RecordBatch message's\n // custom_metadata so the C++ extension can read it off the wire.\n if (emitted.metadata && emitted.metadata.size > 0) {\n batch = withBatchMetadata(batch, emitted.metadata);\n }\n await stream.write(batch);\n }\n\n if (out.finished) {\n break;\n }\n }\n } catch (error: any) {\n await stream.write(buildErrorBatch(outputSchema, error, serverId, requestId));\n }\n\n await stream.close();\n\n // Drain remaining input so transport stays synchronized for next request.\n // Matches Python's _drain_stream() called after every streaming method.\n // Needed when the loop exits early (out.finished, error) while client\n // is still sending batches.\n try {\n while ((await reader.readNextBatch()) !== null) {}\n } catch {\n // Suppress errors during drain (broken pipe, etc.)\n }\n}\n",
|
|
55
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { type ExternalLocationConfig, maybeExternalizeBatch } from \"../external.js\";\nimport type { MethodDefinition, TransportKind } from \"../types.js\";\nimport { OutputCollector } from \"../types.js\";\nimport { buildErrorBatch, buildResultBatch } from \"../wire/response.js\";\nimport type { IpcStreamWriter } from \"../wire/writer.js\";\n\n/**\n * Dispatch a unary RPC call.\n * Calls the handler with parsed params, writes result or error batch.\n * Supports client-directed logging via ctx.clientLog().\n */\nexport async function dispatchUnary(\n method: MethodDefinition,\n params: Record<string, any>,\n writer: IpcStreamWriter,\n serverId: string,\n requestId: string | null,\n externalConfig?: ExternalLocationConfig,\n kind?: TransportKind,\n): Promise<void> {\n const schema = method.resultSchema;\n const out = new OutputCollector(schema, true, serverId, requestId, undefined, undefined, kind);\n\n try {\n const result = await method.handler!(params, out);\n let resultBatch = buildResultBatch(schema, result, serverId, requestId);\n if (externalConfig) {\n resultBatch = await maybeExternalizeBatch(resultBatch, externalConfig);\n }\n // Collect log batches (from clientLog) + result batch\n const batches = [...out.batches.map((b) => b.batch), resultBatch];\n await writer.writeStream(schema, batches);\n } catch (error: any) {\n const batch = buildErrorBatch(schema, error, serverId, requestId);\n await writer.writeStream(schema, [batch]);\n }\n}\n",
|
|
56
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { Socket } from \"node:net\";\nimport type { IncrementalEncoder, VgiBatch, VgiSchema } from \"../arrow/index.js\";\nimport { createIncrementalEncoder, serializeBatches } from \"../arrow/index.js\";\n\nconst STDOUT_FD = 1;\n\n// Resolve node:fs via indirect-string require so esbuild/wrangler don't\n// statically pull node:fs into the bundle. Workers (Cloudflare workerd) never\n// instantiate IpcStreamWriter (no stdio transport on workers), so the\n// runtime-time require(\"node:fs\") is unreachable in those builds.\n//\n// `globalThis.require` is undefined in both Bun ESM and Node ESM, so we try\n// `import.meta.require` (Bun) first, then fall back to globalThis.require\n// (Node CJS). Node ESM consumers must polyfill require if they need the\n// subprocess transport.\nconst _NODE_FS_MOD = \"node:fs\";\nlet _writeSync: ((fd: number, data: Uint8Array, offset?: number, len?: number) => number) | null = null;\nfunction _loadWriteSync(): (fd: number, data: Uint8Array, offset?: number, len?: number) => number {\n if (_writeSync) return _writeSync;\n const req: any = (import.meta as any).require ?? (globalThis as any).require ?? null;\n if (!req) {\n throw new Error(\n \"IpcStreamWriter requires Bun or Node.js CJS for sync node:fs.writeSync. \" +\n \"Subprocess transport is not available in this runtime.\",\n );\n }\n const fs = req(_NODE_FS_MOD);\n _writeSync = fs.writeSync.bind(fs);\n return _writeSync!;\n}\n\n/**\n * Write all bytes to a file descriptor, looping on partial writes.\n *\n * Stdio path only. The fd here is a pipe (typically stdout) inherited from\n * the launcher in subprocess transport. Pipes set up by fork/exec are\n * blocking by default, so writeSync blocks the kernel (not the event loop in\n * a bad way) until the parent reader drains — that is the *desired* lockstep\n * with the client. The AF_UNIX path does not come through here; sockets are\n * non-blocking and EAGAIN-spinning them would freeze the event loop and\n * starve every other connection. See `socketWriteAll` below.\n */\nfunction writeAll(fd: number, data: Uint8Array): void {\n const writeSync = _loadWriteSync();\n let offset = 0;\n while (offset < data.length) {\n try {\n const written = writeSync(fd, data, offset, data.length - offset);\n if (written <= 0) throw new Error(`writeSync returned ${written}`);\n offset += written;\n } catch (e: any) {\n if (e.code === \"EAGAIN\") {\n // A non-blocking pipe — unexpected for stdio, but handle defensively.\n // Yielding is not possible from a synchronous function; busy-wait\n // briefly. AF_UNIX sockets must NOT use this path.\n Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, 1);\n continue;\n }\n throw e;\n }\n }\n}\n\n/**\n * Asynchronously write all bytes to a Node net.Socket, honouring backpressure.\n *\n * `socket.write(buf)` queues `buf` into libuv's per-socket outbound buffer\n * and returns false when that buffer has grown past `highWaterMark`. We then\n * `await` the `'drain'` event so the JS thread yields — other connections\n * can be dispatched while the kernel drains the send buffer in the\n * background. Without this yield, a slow consumer on connection A would\n * freeze every other connection's handler on the shared event loop.\n *\n * Resolves cleanly on socket close/error so the caller's try/finally can\n * unwind without dangling listeners.\n */\nasync function socketWriteAll(socket: Socket, data: Uint8Array): Promise<void> {\n if (socket.destroyed || socket.writableEnded) {\n throw new Error(\"socketWriteAll: socket is already closed\");\n }\n const ok = socket.write(data);\n if (ok) return;\n await new Promise<void>((resolve, reject) => {\n const cleanup = () => {\n socket.off(\"drain\", onDrain);\n socket.off(\"error\", onError);\n socket.off(\"close\", onClose);\n };\n const onDrain = () => {\n cleanup();\n resolve();\n };\n const onError = (err: Error) => {\n cleanup();\n reject(err);\n };\n const onClose = () => {\n // Peer hung up before drain. Resolve so the caller's try/finally\n // runs; the next read on this connection will surface EOF.\n cleanup();\n resolve();\n };\n socket.once(\"drain\", onDrain);\n socket.once(\"error\", onError);\n socket.once(\"close\", onClose);\n });\n}\n\ntype WriterTarget = { kind: \"fd\"; fd: number } | { kind: \"socket\"; socket: Socket };\n\n/**\n * Writes sequential IPC streams to either an fd (stdio subprocess transport)\n * or a Node Socket (AF_UNIX transport). Each call to writeStream() writes a\n * complete IPC stream: schema + batches + EOS.\n *\n * All public methods are async. The fd path resolves immediately after a\n * synchronous writeSync; the socket path awaits real `'drain'` events on\n * backpressure so the event loop stays responsive to other connections.\n */\nexport class IpcStreamWriter {\n private readonly target: WriterTarget;\n\n /**\n * Construct from a file descriptor (stdio transport) or a Node net.Socket\n * (AF_UNIX transport). The default targets stdout for legacy stdio servers\n * that didn't pass an fd.\n */\n constructor(fdOrSocket: number | Socket = STDOUT_FD) {\n if (typeof fdOrSocket === \"number\") {\n this.target = { kind: \"fd\", fd: fdOrSocket };\n } else {\n this.target = { kind: \"socket\", socket: fdOrSocket };\n }\n }\n\n /**\n * Write a complete IPC stream with the given schema and batches.\n * Creates schema message, writes all batches (with their metadata), writes EOS.\n */\n async writeStream(schema: VgiSchema, batches: VgiBatch[]): Promise<void> {\n // Delegate to the Arrow facade so the bytes-on-the-wire match the\n // active backend (arrow-js by default, flechette under the `workerd`/\n // `worker`/`browser` package.json conditions). The incremental stream\n // below still uses arrow-js directly — flechette has no equivalent\n // streaming-writer surface and only the stdio server uses the\n // incremental path.\n const bytes = serializeBatches(schema, batches);\n if (this.target.kind === \"fd\") {\n writeAll(this.target.fd, bytes);\n } else {\n await socketWriteAll(this.target.socket, bytes);\n }\n }\n\n /**\n * Open an incremental IPC stream for writing batches one at a time.\n */\n openStream(schema: VgiSchema): IncrementalStream {\n return new IncrementalStream(this.target, schema);\n }\n}\n\n/**\n * An open IPC stream that supports incremental batch writes.\n *\n * Drives a backend {@link IncrementalEncoder} and flushes its bytes through\n * the same target (fd or socket) as the parent IpcStreamWriter. The write()\n * and close() methods are async so the socket path can yield on backpressure\n * — critical under AF_UNIX where the kernel send buffer (~8 KB on macOS)\n * fills quickly and any synchronous busy-wait would starve every other\n * connection sharing this event loop.\n *\n * The encoder is obtained from the Arrow facade, so this file no longer\n * imports arrow-js directly — keeping arrow-js out of the flechette\n * (workerd/browser) bundle. The flechette encoder throws on construction;\n * the stdio exchange protocol is lockstep (the client reads each response\n * batch before sending the next input) which needs an incremental writer\n * flechette doesn't provide. workerd/browser deployments use HTTP (no\n * stdio), so the flechette path is never reached there; `flechette-pipe`\n * conformance is xfailed for streams.\n */\nexport class IncrementalStream {\n private readonly encoder: IncrementalEncoder;\n private readonly target: WriterTarget;\n private closed = false;\n // Chains async writes so concurrent callers can't interleave bytes on the\n // wire. Each operation appends to this promise; awaiting it preserves\n // FIFO order even when the caller doesn't await between writes.\n private writeChain: Promise<void> = Promise.resolve();\n\n constructor(target: WriterTarget, schema: VgiSchema) {\n this.target = target;\n this.encoder = createIncrementalEncoder(schema);\n // Schema bytes — synchronous on the fd path, queued on the socket path.\n // Callers don't await openStream(), so we serialize via writeChain.\n this.enqueue(this.encoder.start());\n }\n\n /** Write a single batch. Resolves once the bytes are queued/flushed. */\n async write(batch: VgiBatch): Promise<void> {\n if (this.closed) throw new Error(\"Stream already closed\");\n return this.enqueue(this.encoder.writeBatch(batch));\n }\n\n /** Close the stream (writes EOS marker). */\n async close(): Promise<void> {\n if (this.closed) return;\n this.closed = true;\n return this.enqueue(this.encoder.finish());\n }\n\n private enqueue(bytes: Uint8Array): Promise<void> {\n const next = this.writeChain.then(() => {\n if (this.target.kind === \"fd\") {\n writeAll(this.target.fd, bytes);\n return;\n }\n return socketWriteAll(this.target.socket, bytes);\n });\n // Swallow rejections on the chain so a single failure doesn't poison\n // every subsequent enqueue with an unhandled rejection. The returned\n // `next` still propagates the error to the caller that triggered it.\n this.writeChain = next.catch(() => undefined);\n return next;\n }\n}\n",
|
|
57
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n binary,\n bool as boolType,\n float32 as float32Type,\n float64 as float64Type,\n int8 as int8Type,\n int16 as int16Type,\n int32 as int32Type,\n int64 as int64Type,\n isBinary,\n isBool,\n isFloat,\n isInt,\n isUtf8,\n field as makeField,\n schema as makeSchema,\n uint8 as uint8Type,\n uint16 as uint16Type,\n uint32 as uint32Type,\n uint64 as uint64Type,\n utf8,\n type VgiDataType,\n type VgiField,\n type VgiSchema,\n} from \"./arrow/index.js\";\n\n// ---------------------------------------------------------------------------\n// Convenient DataType singletons — re-export so users avoid arrow imports\n// ---------------------------------------------------------------------------\n\n/** Apache Arrow Utf8 type. Use as schema shorthand: `{ name: str }` */\nexport const str = utf8();\n/** Apache Arrow Binary type. Use as schema shorthand: `{ data: bytes }` */\nexport const bytes = binary();\n/** Apache Arrow Int64 type. Use as schema shorthand: `{ count: int }` */\nexport const int = int64Type();\n/** Apache Arrow Int32 type. Use as schema shorthand: `{ count: int32 }` */\nexport const int32 = int32Type();\n/** Apache Arrow Int16 type. Use as schema shorthand: `{ count: int16 }` */\nexport const int16 = int16Type();\n/** Apache Arrow Int8 type. Use as schema shorthand: `{ count: int8 }` */\nexport const int8 = int8Type();\n/** Apache Arrow Uint8 type. Use as schema shorthand: `{ count: uint8 }` */\nexport const uint8 = uint8Type();\n/** Apache Arrow Uint16 type. Use as schema shorthand: `{ count: uint16 }` */\nexport const uint16 = uint16Type();\n/** Apache Arrow Uint32 type. Use as schema shorthand: `{ count: uint32 }` */\nexport const uint32 = uint32Type();\n/** Apache Arrow Uint64 type. Use as schema shorthand: `{ count: uint64 }` */\nexport const uint64 = uint64Type();\n/** Apache Arrow Float64 type. Use as schema shorthand: `{ value: float }` */\nexport const float = float64Type();\n/** Apache Arrow Float32 type. Use as schema shorthand: `{ value: float32 }` */\nexport const float32 = float32Type();\n/** Apache Arrow Bool type. Use as schema shorthand: `{ flag: bool }` */\nexport const bool = boolType();\n\n// ---------------------------------------------------------------------------\n// SchemaLike — shorthand for declaring schemas\n// ---------------------------------------------------------------------------\n\n/**\n * Structural minimum that any backend's Schema must satisfy. arrow-js's\n * `Schema`, vgi-typescript's `VgiSchema`, and flechette's `Schema` all match\n * this shape. Used so vgi-rpc consumers don't have to know which Arrow\n * library is on the other side of the wire.\n *\n * Kept exported for backwards compatibility — equivalent to `VgiSchema`.\n */\nexport interface SchemaShape {\n readonly fields: ReadonlyArray<{\n readonly name: string;\n readonly type: { readonly typeId: number };\n readonly nullable?: boolean;\n readonly metadata?: Map<string, string>;\n }>;\n readonly metadata?: Map<string, string> | null;\n}\n\n/**\n * A schema specification that accepts:\n * - A real `VgiSchema` (passed through)\n * - Anything structurally `SchemaShape`\n * - A record mapping field names to `VgiDataType` instances or `VgiField` instances\n * - An empty `{}` for an empty schema\n */\nexport type SchemaLike = VgiSchema | SchemaShape | Record<string, VgiDataType | VgiField>;\n\nfunction isField(x: unknown): x is VgiField {\n return (\n x != null &&\n typeof (x as any).name === \"string\" &&\n (x as any).type != null &&\n typeof (x as any).nullable === \"boolean\"\n );\n}\n\nfunction isDataType(x: unknown): x is VgiDataType {\n return x != null && typeof (x as any).typeId === \"number\";\n}\n\n/**\n * Convert a SchemaLike spec into a real `VgiSchema`.\n */\nexport function toSchema(spec: SchemaLike): VgiSchema {\n // VgiSchema / SchemaShape branch: anything with a `fields` array.\n const maybeFields = (spec as { fields?: unknown }).fields;\n if (Array.isArray(maybeFields)) {\n const out: VgiField[] = [];\n for (const f of maybeFields as ReadonlyArray<any>) {\n if (isField(f)) {\n out.push(f);\n } else {\n out.push(makeField(f.name, f.type, f.nullable ?? true, f.metadata));\n }\n }\n return makeSchema(out);\n }\n\n const fields: VgiField[] = [];\n for (const [name, value] of Object.entries(spec)) {\n if (isField(value)) {\n fields.push(value);\n } else if (isDataType(value)) {\n fields.push(makeField(name, value, false));\n } else {\n throw new TypeError(`Invalid schema value for \"${name}\": expected DataType or Field, got ${typeof value}`);\n }\n }\n return makeSchema(fields);\n}\n\n// ---------------------------------------------------------------------------\n// inferParamTypes — derive paramTypes from a schema spec\n// ---------------------------------------------------------------------------\n\n/**\n * Derive a `paramTypes` record from a SchemaLike spec.\n * Maps common Arrow scalar types to Python-style type strings.\n * Returns `undefined` if any field has a complex type (List, Map_, Dictionary, etc.).\n */\nexport function inferParamTypes(spec: SchemaLike): Record<string, string> | undefined {\n const sch = toSchema(spec);\n if (sch.fields.length === 0) return undefined;\n\n const result: Record<string, string> = {};\n for (const f of sch.fields) {\n let mapped: string | undefined;\n if (isUtf8(f.type)) mapped = \"str\";\n else if (isBinary(f.type)) mapped = \"bytes\";\n else if (isBool(f.type)) mapped = \"bool\";\n else if (isFloat(f.type)) mapped = \"float\";\n else if (isInt(f.type)) mapped = \"int\";\n if (!mapped) return undefined;\n result[f.name] = mapped;\n }\n return result;\n}\n",
|
|
58
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { schema as makeSchema } from \"./arrow/index.js\";\nimport { parseProtocolVersion } from \"./errors.js\";\nimport { inferParamTypes, type SchemaLike, toSchema } from \"./schema.js\";\nimport {\n type ExchangeFn,\n type ExchangeInit,\n type HeaderInit,\n type MethodDefinition,\n MethodType,\n type OnCancelFn,\n type ProducerFn,\n type ProducerInit,\n type UnaryHandler,\n} from \"./types.js\";\n\nconst EMPTY_SCHEMA = makeSchema([]);\n\n/**\n * Fluent builder for defining RPC methods.\n * Register unary, producer, and exchange methods, then pass to `VgiRpcServer`.\n */\nexport class Protocol {\n /** Service / protocol name, exposed to clients via introspection. */\n readonly name: string;\n /**\n * Application protocol surface version. When non-empty, the server enforces\n * exact major+minor match (patch ignored) against every request's\n * `vgi_rpc.protocol_version` metadata; clients bound to this Protocol emit\n * the value on every request. Format: canonical semver MAJOR.MINOR.PATCH.\n * Mirrors Python's `Protocol.protocol_version` ClassVar.\n */\n readonly protocolVersion: string;\n /** Parsed semver tuple; null when `protocolVersion` is unset. */\n readonly protocolVersionParts: readonly [number, number, number] | null;\n private _methods: Map<string, MethodDefinition> = new Map();\n\n constructor(name: string, options?: { protocolVersion?: string }) {\n this.name = name;\n const raw = options?.protocolVersion;\n if (raw === undefined || raw === \"\") {\n this.protocolVersion = \"\";\n this.protocolVersionParts = null;\n } else {\n this.protocolVersion = raw;\n this.protocolVersionParts = parseProtocolVersion(raw);\n }\n }\n\n /**\n * Register a unary (request-response) method.\n * @param name - Method name exposed to clients\n * @param config.params - Parameter schema (SchemaLike)\n * @param config.result - Result schema (SchemaLike)\n * @param config.handler - Async function receiving params and returning result values\n * @param config.doc - Optional documentation string\n * @param config.defaults - Optional default parameter values\n * @param config.paramTypes - Optional parameter type hints (inferred from params if omitted)\n */\n unary(\n name: string,\n config: {\n params: SchemaLike;\n result: SchemaLike;\n handler: UnaryHandler;\n doc?: string;\n defaults?: Record<string, any>;\n paramTypes?: Record<string, string>;\n },\n ): this {\n const params = toSchema(config.params);\n this._methods.set(name, {\n name,\n type: MethodType.UNARY,\n paramsSchema: params,\n resultSchema: toSchema(config.result),\n handler: config.handler,\n doc: config.doc,\n defaults: config.defaults,\n paramTypes: config.paramTypes ?? inferParamTypes(params),\n });\n return this;\n }\n\n /**\n * Register a producer (server-streaming) method.\n * The generic `S` is inferred from the `init` return type and threaded to `produce`.\n */\n producer<S>(\n name: string,\n config: {\n params: SchemaLike;\n outputSchema: SchemaLike;\n init: ProducerInit<S>;\n produce: ProducerFn<S>;\n onCancel?: OnCancelFn<S>;\n headerSchema?: SchemaLike;\n headerInit?: HeaderInit;\n doc?: string;\n defaults?: Record<string, any>;\n paramTypes?: Record<string, string>;\n },\n ): this {\n const params = toSchema(config.params);\n this._methods.set(name, {\n name,\n type: MethodType.STREAM,\n paramsSchema: params,\n resultSchema: EMPTY_SCHEMA,\n outputSchema: toSchema(config.outputSchema),\n inputSchema: EMPTY_SCHEMA,\n producerInit: config.init as ProducerInit,\n producerFn: config.produce as ProducerFn,\n onCancel: config.onCancel as OnCancelFn | undefined,\n headerSchema: config.headerSchema ? toSchema(config.headerSchema) : undefined,\n headerInit: config.headerInit,\n doc: config.doc,\n defaults: config.defaults,\n paramTypes: config.paramTypes ?? inferParamTypes(params),\n });\n return this;\n }\n\n /**\n * Register an exchange (bidirectional-streaming) method.\n * The generic `S` is inferred from the `init` return type and threaded to `exchange`.\n */\n exchange<S>(\n name: string,\n config: {\n params: SchemaLike;\n inputSchema: SchemaLike;\n outputSchema: SchemaLike;\n init: ExchangeInit<S>;\n exchange: ExchangeFn<S>;\n onCancel?: OnCancelFn<S>;\n headerSchema?: SchemaLike;\n headerInit?: HeaderInit;\n doc?: string;\n defaults?: Record<string, any>;\n paramTypes?: Record<string, string>;\n },\n ): this {\n const params = toSchema(config.params);\n this._methods.set(name, {\n name,\n type: MethodType.STREAM,\n paramsSchema: params,\n resultSchema: EMPTY_SCHEMA,\n inputSchema: toSchema(config.inputSchema),\n outputSchema: toSchema(config.outputSchema),\n exchangeInit: config.init as ExchangeInit,\n exchangeFn: config.exchange as ExchangeFn,\n onCancel: config.onCancel as OnCancelFn | undefined,\n headerSchema: config.headerSchema ? toSchema(config.headerSchema) : undefined,\n headerInit: config.headerInit,\n doc: config.doc,\n defaults: config.defaults,\n paramTypes: config.paramTypes ?? inferParamTypes(params),\n });\n return this;\n }\n\n /** Snapshot of the registered methods, keyed by method name. Returns a copy,\n * so mutating it does not affect the protocol. */\n getMethods(): Map<string, MethodDefinition> {\n return new Map(this._methods);\n }\n}\n",
|
|
59
|
+
"// © Copyright 2025-2026, Query.Farm LLC - https://query.farm\n// SPDX-License-Identifier: Apache-2.0\n\nimport { schema as makeSchema, serializeBatch } from \"./arrow/index.js\";\nimport { DESCRIBE_METHOD_NAME, PROTOCOL_VERSION_KEY } from \"./constants.js\";\nimport { buildDescribeBatch } from \"./dispatch/describe.js\";\nimport { dispatchStream } from \"./dispatch/stream.js\";\nimport { dispatchUnary } from \"./dispatch/unary.js\";\nimport {\n MethodNotImplementedError,\n ProtocolVersionError,\n parseProtocolVersion,\n RpcError,\n VersionError,\n} from \"./errors.js\";\nimport type { ExternalLocationConfig } from \"./external.js\";\nimport type { Protocol } from \"./protocol.js\";\nimport {\n type CallStatistics,\n type DispatchHook,\n type DispatchInfo,\n MethodType,\n type ServeStartHook,\n TransportKind,\n} from \"./types.js\";\nimport { IpcStreamReader } from \"./wire/reader.js\";\nimport { applyDefaults, parseRequest } from \"./wire/request.js\";\nimport { buildErrorBatch } from \"./wire/response.js\";\nimport { IpcStreamWriter } from \"./wire/writer.js\";\n\nconst EMPTY_SCHEMA = makeSchema([]);\n\nfunction randomStreamId(): string {\n const bytes = new Uint8Array(16);\n crypto.getRandomValues(bytes);\n let out = \"\";\n for (let i = 0; i < bytes.length; i++) {\n out += bytes[i].toString(16).padStart(2, \"0\");\n }\n return out;\n}\n\n/**\n * RPC server that reads Arrow IPC requests from stdin and writes responses to stdout.\n * Supports unary and streaming (producer/exchange) methods.\n */\nexport class VgiRpcServer {\n private protocol: Protocol;\n private enableDescribe: boolean;\n private serverId: string;\n // Lazily initialized — `buildDescribeBatch` is async because the protocol\n // hash is computed via `crypto.subtle.digest` (Web Crypto). The dispatch\n // path awaits the cached promise on first use.\n private _describePromise: Promise<{\n batch: import(\"./arrow/index.js\").VgiBatch;\n protocolHash: string;\n }> | null = null;\n private protocolVersion: string;\n private dispatchHook: DispatchHook | null = null;\n private externalConfig: ExternalLocationConfig | undefined;\n private onServeStart: ServeStartHook | null = null;\n /** True once the on_serve_start hook has fired successfully. The bind\n * state is committed only after the hook returns, so a transient\n * failure on first request leaves it `false` and the next request\n * re-fires rather than silently skipping. Mirrors Python 7b3999c. */\n private serveStartFired = false;\n\n constructor(\n protocol: Protocol,\n options?: {\n enableDescribe?: boolean;\n serverId?: string;\n dispatchHook?: DispatchHook;\n externalLocation?: ExternalLocationConfig;\n protocolVersion?: string;\n /** Lifecycle hook fired once before the first dispatched request. */\n onServeStart?: ServeStartHook;\n },\n ) {\n this.protocol = protocol;\n this.enableDescribe = options?.enableDescribe ?? true;\n this.serverId = options?.serverId ?? crypto.randomUUID().replace(/-/g, \"\").slice(0, 12);\n this.dispatchHook = options?.dispatchHook ?? null;\n this.externalConfig = options?.externalLocation;\n this.protocolVersion = options?.protocolVersion ?? \"\";\n this.onServeStart = options?.onServeStart ?? null;\n }\n\n /** Fire the on_serve_start hook once for this transport. Idempotent\n * on success — re-throws on failure without committing the bind. */\n private async notifyTransport(kind: TransportKind): Promise<void> {\n if (this.serveStartFired) return;\n if (this.onServeStart) {\n await this.onServeStart(kind);\n }\n this.serveStartFired = true;\n }\n\n /** Build (or retrieve cached) describe batch + protocol hash. */\n private async describeInfo(): Promise<{\n batch: import(\"./arrow/index.js\").VgiBatch;\n protocolHash: string;\n }> {\n if (!this._describePromise) {\n this._describePromise = buildDescribeBatch(\n this.protocol.name,\n this.protocol.getMethods(),\n this.serverId,\n this.protocol.protocolVersion || undefined,\n ).then(({ batch, metadata }) => ({\n batch,\n protocolHash: metadata.get(\"vgi_rpc.protocol_hash\") ?? \"\",\n }));\n }\n return this._describePromise;\n }\n\n /** Validate a client's declared protocol_version against the Protocol's\n * declared version. Caller invokes only when\n * `protocol.protocolVersionParts` is non-null. Mirrors Python's\n * `RpcServer._check_protocol_version`: exact major+minor match, patch\n * ignored; directional error message names which side is older. */\n private checkProtocolVersion(clientVersion: string | undefined): void {\n const serverParts = this.protocol.protocolVersionParts!;\n const serverVersion = this.protocol.protocolVersion;\n if (clientVersion === undefined) {\n throw new ProtocolVersionError(\n \"VGI client/worker protocol_version mismatch.\\n\" +\n \" Client: <not declared>\\n\" +\n ` Server: ${serverVersion}\\n` +\n \" Direction: the client did not send a vgi_rpc.protocol_version \" +\n \"metadata key. This is either a vgi-rpc framework bug or a \" +\n \"non-VGI client connecting to a VGI worker.\",\n );\n }\n let clientParts: readonly [number, number, number];\n try {\n clientParts = parseProtocolVersion(clientVersion);\n } catch {\n throw new ProtocolVersionError(\n \"VGI client/worker protocol_version mismatch.\\n\" +\n ` Client: ${clientVersion}\\n` +\n ` Server: ${serverVersion}\\n` +\n \" Direction: client sent a malformed protocol_version. \" +\n \"Expected canonical semver MAJOR.MINOR.PATCH.\",\n );\n }\n if (clientParts[0] === serverParts[0] && clientParts[1] === serverParts[1]) {\n return;\n }\n const clientOlder =\n clientParts[0] < serverParts[0] || (clientParts[0] === serverParts[0] && clientParts[1] < serverParts[1]);\n const direction = clientOlder\n ? `client is too old; upgrade the VGI extension/client to a version supporting protocol_version ${serverVersion}.`\n : `server is too old; upgrade the VGI worker to a version supporting protocol_version ${clientVersion}.`;\n throw new ProtocolVersionError(\n \"VGI client/worker protocol_version mismatch.\\n\" +\n ` Client: ${clientVersion}\\n` +\n ` Server: ${serverVersion}\\n` +\n ` Direction: ${direction}`,\n );\n }\n\n /** Start the server loop. Reads requests until stdin closes. */\n async run(): Promise<void> {\n const stdin = process.stdin as unknown as ReadableStream<Uint8Array>;\n\n // Warn if running interactively\n if (process.stdin.isTTY || process.stdout.isTTY) {\n process.stderr.write(\n \"WARNING: This process communicates via Arrow IPC on stdin/stdout \" +\n \"and is not intended to be run interactively.\\n\" +\n \"It should be launched as a subprocess by an RPC client \" +\n \"(e.g. vgi_rpc.connect()).\\n\",\n );\n }\n\n const reader = await IpcStreamReader.create(stdin);\n const writer = new IpcStreamWriter();\n\n try {\n while (true) {\n // Fire on_serve_start lazily so the hook can do work that\n // depends on the transport binding (matches Python which fires\n // it inside serve()). Inside the loop so a failure on the very\n // first request can be retried.\n await this.notifyTransport(TransportKind.PIPE);\n await this.serveOne(reader, writer);\n }\n } catch (e: any) {\n // EOF or broken pipe → clean exit\n if (\n e.message?.includes(\"closed\") ||\n e.message?.includes(\"Expected Schema Message\") ||\n e.message?.includes(\"null or length 0\") ||\n e.code === \"EPIPE\" ||\n e.code === \"ERR_STREAM_PREMATURE_CLOSE\" ||\n e.code === \"ERR_STREAM_DESTROYED\" ||\n (e instanceof Error && e.message.includes(\"EOF\"))\n ) {\n return;\n }\n // ArrowInvalid or unexpected error\n throw e;\n } finally {\n await reader.cancel();\n }\n }\n\n private async serveOne(reader: IpcStreamReader, writer: IpcStreamWriter): Promise<void> {\n const stream = await reader.readStream();\n if (!stream) {\n throw new Error(\"EOF\");\n }\n\n const { schema, batches } = stream;\n if (batches.length === 0) {\n const err = new RpcError(\"ProtocolError\", \"Request stream contains no batches\", \"\");\n const errBatch = buildErrorBatch(EMPTY_SCHEMA, err, this.serverId, null);\n await writer.writeStream(EMPTY_SCHEMA, [errBatch]);\n return;\n }\n\n const batch = batches[0];\n let methodName: string;\n let params: Record<string, any>;\n let requestId: string | null;\n\n try {\n const parsed = parseRequest(schema, batch);\n methodName = parsed.methodName;\n params = parsed.params;\n requestId = parsed.requestId;\n } catch (e: any) {\n // Write error response for protocol/version errors\n const errBatch = buildErrorBatch(EMPTY_SCHEMA, e, this.serverId, null);\n await writer.writeStream(EMPTY_SCHEMA, [errBatch]);\n if (e instanceof VersionError || e instanceof RpcError) {\n return; // Continue serving\n }\n throw e;\n }\n\n // Handle __describe__ — lazy-build on first request.\n if (methodName === DESCRIBE_METHOD_NAME && this.enableDescribe) {\n const { batch } = await this.describeInfo();\n await writer.writeStream(batch.schema, [batch]);\n return;\n }\n\n // Look up method\n const methods = this.protocol.getMethods();\n const method = methods.get(methodName);\n if (!method) {\n const available = [...methods.keys()].sort();\n const err = new MethodNotImplementedError(\n `Unknown method: '${methodName}'. Available methods: [${available.join(\", \")}]`,\n );\n const errBatch = buildErrorBatch(EMPTY_SCHEMA, err, this.serverId, requestId);\n await writer.writeStream(EMPTY_SCHEMA, [errBatch]);\n return;\n }\n\n // Application-protocol-version gate. Fires only when the Protocol\n // declared a `protocolVersion`. `__describe__` is exempt — it is the\n // diagnostic path a mismatched client uses to introspect the server's\n // version. Mirrors Python's serve_one dispatch-boundary check.\n if (this.protocol.protocolVersionParts !== null) {\n try {\n const md = batch.metadata;\n this.checkProtocolVersion(md?.get(PROTOCOL_VERSION_KEY));\n } catch (exc) {\n const errSchema = method.type === MethodType.UNARY ? method.resultSchema : EMPTY_SCHEMA;\n const errBatch = buildErrorBatch(errSchema, exc as Error, this.serverId, requestId);\n await writer.writeStream(errSchema, [errBatch]);\n return;\n }\n }\n\n // Dispatch based on method type, with optional hook\n const methodType = method.type === MethodType.UNARY ? \"unary\" : \"stream\";\n\n // Capture self-contained IPC bytes of the request batch for the access log.\n let requestData: Uint8Array | undefined;\n try {\n requestData = serializeBatch(batch as any);\n } catch {\n // best-effort; observability must not fail dispatch\n }\n\n let streamId: string | undefined;\n if (methodType === \"stream\") {\n streamId = randomStreamId();\n }\n\n const { protocolHash } = await this.describeInfo();\n const info: DispatchInfo = {\n method: methodName,\n methodType,\n serverId: this.serverId,\n requestId,\n protocol: this.protocol.name,\n protocolHash,\n protocolVersion: this.protocolVersion,\n kind: TransportKind.PIPE,\n principal: \"\",\n authDomain: \"\",\n authenticated: false,\n remoteAddr: \"\",\n requestData,\n streamId,\n };\n const stats: CallStatistics = {\n inputBatches: 0,\n outputBatches: 0,\n inputRows: 0,\n outputRows: 0,\n inputBytes: 0,\n outputBytes: 0,\n };\n\n const token = this.dispatchHook?.onDispatchStart(info);\n let dispatchError: Error | undefined;\n\n applyDefaults(params, method.defaults);\n\n try {\n if (method.type === MethodType.UNARY) {\n await dispatchUnary(method, params, writer, this.serverId, requestId, this.externalConfig, TransportKind.PIPE);\n } else {\n await dispatchStream(\n method,\n params,\n writer,\n reader,\n this.serverId,\n requestId,\n this.externalConfig,\n TransportKind.PIPE,\n );\n }\n } catch (e) {\n dispatchError = e instanceof Error ? e : new Error(String(e));\n throw e;\n } finally {\n this.dispatchHook?.onDispatchEnd(token, info, stats, dispatchError);\n }\n }\n}\n"
|
|
22
60
|
],
|
|
23
|
-
"mappings": ";;;;;;;;;;;;;;;;;;;AAomBO,SAAS,UAAU,CAAC,KAAK,KAAK;AAAA,EACjC,IAAI,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC;AAAA,EACtB,IAAI,KAAK,GAAG,KAAK;AAAA,EACjB,MAAO,IAAI,UAAS;AAAA,IAChB,IAAI,KAAK,KAAK,KAAK,MAAM,GAAG;AAAA,IAC5B,IAAI,OAAO,MAAM,UAAU;AAAA,MACvB,IAAI,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,IAAI,GAAG,EAAE,UAAU,GAAG,GAAG;AAAA,UACrB,KAAK,KAAK,MAAM,GAAG,CAAC;AAAA,UACpB,MAAM,GAAG;AAAA,QACb;AAAA,MACJ,EACK;AAAA,QACD,KAAK,KAAK,GAAG;AAAA,QACb,GAAG,IAAI;AAAA;AAAA,MAEX,MAAO,CAAC,GAAG,KAAI;AAAA,QACX,IAAI,MAAM,IAAI,KAAK,IAAI,GAAG;AAAA,QAC1B,IAAI,CAAC;AAAA,UACD,IAAI,CAAC;AAAA,QACT,IAAI;AAAA,UACA,GAAG,IAAI,GAAG;AAAA,QACT;AAAA,UACD,KAAK,KAAK,GAAG;AAAA,UACb,MAAM,IAAI;AAAA,UACV,IAAI,GAAG,GAAG,GAAG,IAAI,MAAM;AAAA,UACvB,GAAG,EAAE,IAAI,KAAK,GAAG,EAAE,SAAS,IAAI,MAAM;AAAA;AAAA,MAE9C;AAAA,MACA,KAAK,GAAG,IAAK,GAAG,IAAI;AAAA,IACxB,EAEI;AAAA,WAAK;AAAA,IACT,MAAM,IAAI,SAAS,EAAE;AAAA,EACzB;AAAA,EACA,OAAO,IAAI,MAAM,EAAE;AAAA;AAAA,IAtoBnB,IAAkB,IAAiB,KAAmB,KAAqC,KAC3F,MAAM,QAAS,CAAC,GAAG,GAAG,GAAG;AAAA,EACzB,IAAI,GAAG,UAAU;AAAA,IACb,OAAO,GAAG,UAAU,MAAM,KAAK,GAAG,GAAG,CAAC;AAAA,EAC1C,IAAI,KAAK,QAAQ,IAAI;AAAA,IACjB,IAAI;AAAA,EACR,IAAI,KAAK,QAAQ,IAAI,EAAE;AAAA,IACnB,IAAI,EAAE;AAAA,EACV,IAAI,IAAI,IAAI,GAAG,IAAI,CAAC;AAAA,EACpB,EAAE,IAAI,EAAE,SAAS,GAAG,CAAC,CAAC;AAAA,EACtB,OAAO;AAAA,GAEP,OAAO,QAAS,CAAC,GAAG,GAAG,GAAG,GAAG;AAAA,EAC7B,IAAI,GAAG,UAAU;AAAA,IACb,OAAO,GAAG,UAAU,KAAK,KAAK,GAAG,GAAG,GAAG,CAAC;AAAA,EAC5C,IAAI,KAAK,QAAQ,IAAI;AAAA,IACjB,IAAI;AAAA,EACR,IAAI,KAAK,QAAQ,IAAI,EAAE;AAAA,IACnB,IAAI,EAAE;AAAA,EACV,MAAO,IAAI,GAAG,EAAE;AAAA,IACZ,EAAE,KAAK;AAAA,EACX,OAAO;AAAA,GAEP,MAAM,QAAS,CAAC,GAAG,GAAG,GAAG,GAAG;AAAA,EAC5B,IAAI,GAAG,UAAU;AAAA,IACb,OAAO,GAAG,UAAU,WAAW,KAAK,GAAG,GAAG,GAAG,CAAC;AAAA,EAClD,IAAI,KAAK,QAAQ,IAAI;AAAA,IACjB,IAAI;AAAA,EACR,IAAI,KAAK,QAAQ,IAAI,EAAE;AAAA,IACnB,IAAI,EAAE;AAAA,EACV,OAAO,IAAI,GAAG;AAAA,IACV,EAAE,OAAO,EAAE;AAAA,EACf;AAAA,GAcA,IAQA,MAAM,QAAS,CAAC,KAAK,KAAK,IAAI;AAAA,EAC9B,IAAI,IAAI,IAAI,MAAM,OAAO,GAAG,IAAI;AAAA,EAChC,EAAE,OAAO;AAAA,EACT,IAAI,MAAM;AAAA,IACN,MAAM,kBAAkB,GAAG,GAAG;AAAA,EAClC,IAAI,CAAC;AAAA,IACD,MAAM;AAAA,EACV,OAAO;AAAA,GAEP,KAAK,QAAS,CAAC,GAAG,GAAG,GAAG;AAAA,EACxB,IAAI,IAAI,GAAG,IAAI;AAAA,EACf,MAAO,IAAI,GAAG,EAAE;AAAA,IACZ,KAAK,EAAE,SAAS,KAAK;AAAA,EACzB,OAAO;AAAA,GAEP,KAAK,QAAS,CAAC,GAAG,GAAG;AAAA,EAAE,QAAQ,EAAE,KAAM,EAAE,IAAI,MAAM,IAAM,EAAE,IAAI,MAAM,KAAO,EAAE,IAAI,MAAM,QAAS;AAAA,GAEjG,OAAO,QAAS,CAAC,KAAK,GAAG;AAAA,EACzB,IAAI,KAAK,IAAI,KAAM,IAAI,MAAM,IAAM,IAAI,MAAM;AAAA,EAC7C,IAAI,MAAM,WAAY,IAAI,MAAM,KAAK;AAAA,IAEjC,IAAI,MAAM,IAAI;AAAA,IAEd,IAAI,KAAM,OAAO,IAAK,GAAG,KAAM,OAAO,IAAK,GAAG,KAAK,MAAM,GAAG,MAAM,OAAO;AAAA,IACzE,IAAI,MAAM;AAAA,MACN,IAAI,CAAC;AAAA,IAET,IAAI,KAAK,IAAI;AAAA,IAEb,IAAI,KAAK,MAAM,IAAI,IAAI;AAAA,IAEvB,IAAI,KAAK,GAAG,KAAK,IAAI,EAAE;AAAA,IACvB,MAAM;AAAA,IAEN,IAAI,MAAM,MAAO,KAAK,MAAO;AAAA,IAE7B,IAAI,MAAM,GAAG,KAAK,IAAI,GAAG,KAAM,OAAO,KAAM;AAAA,IAE5C,IAAI,KAAK;AAAA,IACT,IAAI,CAAC,IAAI;AAAA,MAEL,IAAI,KAAK,KAAM,MAAM,IAAI,MAAM;AAAA,MAC/B,KAAK,MAAM,MAAM,MAAM,IAAI,KAAK;AAAA,IACpC;AAAA,IACA,IAAI,KAAK;AAAA,MACL,IAAI,CAAC;AAAA,IACT,IAAI,MAAM,IAAI,IAAI,KAAK,IAAK,OAAO,KAAM,IAAI,IAAI,MAAM,EAAE;AAAA,IACzD,IAAI,KAAK,GAAG,IAAI,KAAK,GAAG,IAAI,KAAK;AAAA,IACjC,OAAO;AAAA,MACH,GAAG,KAAK;AAAA,MACR,GAAG;AAAA,MACH,GAAG;AAAA,MACH,GAAG;AAAA,MACH,GAAI,KAAK,KAAK,IAAK,IAAI,IAAI,SAAS,EAAE;AAAA,MACtC,GAAG;AAAA,MACH,GAAG,IAAI,IAAI,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC3B,GAAG;AAAA,MACH,GAAG;AAAA,MACH,GAAG,KAAK,IAAI,QAAQ,EAAE;AAAA,IAC1B;AAAA,EACJ,EACK,UAAM,MAAM,IAAM,IAAI,MAAM,OAAQ,UAAW;AAAA,IAEhD,OAAO,GAAG,KAAK,CAAC,IAAI;AAAA,EACxB;AAAA,EACA,IAAI,CAAC;AAAA,GAGL,MAAM,QAAS,CAAC,KAAK;AAAA,EACrB,IAAI,OAAO;AAAA,EACX,MAAQ,KAAK,QAAS,KAAK,EAAE;AAAA;AAAA,EAE7B,OAAO,OAAO;AAAA,GAGd,OAAO,QAAS,CAAC,KAAK,IAAI,KAAK;AAAA,EAE/B,IAAI,QAAQ,MAAM,KAAK;AAAA,EAEvB,IAAI,MAAM,IAAI,MAAM,MAAM;AAAA,EAC1B,IAAI,KAAK;AAAA,IACL,IAAI,CAAC;AAAA,EAET,IAAI,KAAK,KAAK;AAAA,EAEd,IAAI,QAAQ,IAAI,MAAM,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK;AAAA,EAEhD,IAAI,MAAM,IAAI,GAAG,OAAO,MAAM,EAAE;AAAA,EAChC,IAAI,OAAO,IAAI,IAAI,KAAK,GAAG,GAAG;AAAA,EAE9B,IAAI,SAAS,IAAI,IAAI,KAAK,GAAG,GAAG;AAAA,EAChC,IAAI,SAAS,IAAI,IAAI,KAAK,KAAK,EAAE;AAAA,EACjC,IAAI,MAAM,OAAO,MAAM;AAAA,EACvB,IAAI,OAAO,IAAI,GAAG,KAAK,KAAK,EAAE;AAAA,EAC9B,IAAI,QAAQ,IAAI,GAAG,KAAK,MAAM,EAAE;AAAA,EAChC,OAAO,MAAM,OAAO,QAAQ,GAAG;AAAA,IAC3B,IAAI,OAAO,IAAI,QAAQ,CAAC;AAAA,IACxB,IAAI,MAAM,QAAQ;AAAA,IAElB,IAAI,OAAO,KAAM,OAAO,KAAM;AAAA,IAC9B,IAAI,OAAQ,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,QAAS,OAAO,KAAM;AAAA,IAEpF,IAAI,UAAU,KAAK,QAAQ;AAAA,IAE3B,IAAI,MAAM,MAAM,QAAQ;AAAA,IAExB,IAAI,OAAO,MAAM;AAAA,IACjB,IAAI,OAAO;AAAA,MACP,QAAQ,MAAM,MAAM;AAAA,IACnB;AAAA,MACD,QAAQ,OAAO;AAAA,MACf,IAAI,MAAM;AAAA,QACN,OAAO;AAAA;AAAA,IAEf,KAAK,EAAE,OAAO,EAAE;AAAA,IAChB,IAAI,OAAO,IAAI;AAAA,MACX,SAAS;AAAA,MACT,KAAK,EAAE,MAAM;AAAA,IACjB,EAEI;AAAA,eAAS;AAAA,IACb,IAAI,CAAC,KAAK;AAAA,MACN,GAAG;AAAA,QAEC,IAAI,MAAM,QAAQ;AAAA,QAClB,MAAO,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,KAAM;AAAA,QACxD,QAAQ;AAAA,QACR,OAAO;AAAA,MACX,SAAS,MAAM;AAAA,IACnB;AAAA,EACJ;AAAA,EACA,IAAI,MAAM,OAAO;AAAA,IACb,IAAI,CAAC;AAAA,EACT,IAAI,SAAS;AAAA,EAEb,IAAI,SAAS,MAAM,MAAM,MAAM,KAAK;AAAA,EAEpC,IAAI,QAAQ,KAAK;AAAA,EACjB,SAAS,IAAI,EAAG,KAAK,KAAK,EAAE,GAAG;AAAA,IAC3B,IAAI,KAAK,KAAK;AAAA,IACd,IAAI,KAAK,GAAG;AAAA,MACR,OAAO,KAAK,CAAC;AAAA,MACb;AAAA,IACJ;AAAA,IAEA,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,MACrB,KAAK,UAAU;AAAA,MACf,GAAG;AAAA,QACC,SAAU,SAAS,QAAS;AAAA,MAChC,SAAS,UAAU;AAAA,IACvB;AAAA,EACJ;AAAA,EAEA,IAAI;AAAA,IACA,IAAI,CAAC;AAAA,EACT,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IAErB,IAAI,KAAK,OAAO,KAAK;AAAA,IAErB,IAAI,KAAK,MAAM,KAAK,KAAK,IAAI,EAAE;AAAA,IAC/B,OAAO,MAAM,MAAM,MAAM;AAAA,EAC7B;AAAA,EACA,OAAO,CAAE,OAAO,KAAM,GAAG;AAAA,IACjB,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,EACP,CAAC;AAAA,GAGL,MAAM,QAAS,CAAC,KAAK,IAAI;AAAA,EAEzB,IAAI,IAAI,GAAG,KAAK;AAAA,EAEhB,IAAI,MAAM,IAAI,GAAG,GAAG,GAAG,KAAK,IAAI;AAAA,EAEhC,IAAI,KAAK,IAAI,SAAS,GAAG,GAAG;AAAA,EAE5B,IAAI,KAAK,IAAI,SAAS,KAAK,GAAG;AAAA,EAE9B,IAAI,KAAK,IAAI,IAAI,IAAI,QAAQ,GAAG;AAAA,EAEhC,IAAI,KAAK,KAAK;AAAA,IAEV,IAAI,KAAK,KAAK,KAAK,KAAK,GAAG,CAAC,GAAG,MAAM,GAAG,IAAI,MAAM,GAAG;AAAA,IACrD,MAAM;AAAA,IACN,IAAI,OAAO,OAAO;AAAA,IAElB,IAAI,KAAK,IAAI;AAAA,IACb,IAAI,CAAC;AAAA,MACD,IAAI,CAAC;AAAA,IAET,IAAI,MAAM,GAAG,MAAM,GAAG,OAAO,IAAI,GAAG,OAAO;AAAA,IAG3C,IAAI,QAAQ,EAAE,MAAM,KAAK,IAAI,IAAI,EAAE;AAAA,IACnC,UAAS;AAAA,MACL,QAAQ;AAAA,MACR,IAAI,OAAO;AAAA,QACP;AAAA,MACJ,IAAI,MAAM,QAAQ;AAAA,MAClB,QAAS,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,MACzE,GAAG,EAAE,MAAM,IAAI,EAAE;AAAA,MACjB,QAAQ;AAAA,MACR,IAAI,OAAO;AAAA,QACP;AAAA,MACJ,MAAM,QAAQ;AAAA,MACd,QAAS,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,MACzE,GAAG,EAAE,MAAM,IAAI,EAAE;AAAA,MACjB,OAAO,IAAI,EAAE;AAAA,MACb,MAAM,IAAI,EAAE;AAAA,MACZ,OAAO,IAAI,EAAE;AAAA,MACb,MAAM,IAAI,EAAE;AAAA,IAChB;AAAA,IACA,IAAI,EAAE,KAAK;AAAA,MACP,IAAI,CAAC;AAAA,EACb,EACK;AAAA,IACD,KAAK,KAAK;AAAA,IACV,MAAO,IAAI,IAAI,KAAK,GAAG;AAAA,MACnB,IAAI,OAAO,IAAI,EAAE;AAAA,MACjB,GAAG,KAAK,QAAQ;AAAA,MAChB,GAAG,IAAI,KAAK,OAAO;AAAA,IACvB;AAAA,IACA,EAAE;AAAA;AAAA,EAGN,IAAI,MAAM;AAAA,EACV,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IACrB,IAAI,KAAK,GAAG;AAAA,IAEZ,IAAI,KAAK;AAAA,MACL,IAAI,CAAC;AAAA,IACT,OAAO,MAAO,KAAM,KAAK;AAAA,EAC7B;AAAA,EAEA,IAAI,KAAK,IAAI,GAAG,IAAI;AAAA,EAEpB,IAAI,KAAK,KAAK;AAAA,EAEd,IAAI,MAAM,KAAK;AAAA,EAEf,IAAI,MAAO,MAAM;AAAA,IACb,IAAI,CAAC;AAAA,EACT,GAAG,QAAQ,IAAI,GAAG,IAAI;AAAA,EACtB,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IACrB,IAAI,KAAK,GAAG;AAAA,IACZ,EAAE,GAAG,GAAG,KAAK,MAAO,KAAK,IAAI;AAAA,EACjC;AAAA,EAEA,IAAI,OAAO,IAAI,GAAG,MAAM,CAAC;AAAA,EAEzB,IAAI,OAAO,KAAK,SAAS,GAAG,EAAE,GAAG,KAAK,KAAK,SAAS,EAAE;AAAA,EACtD,GAAG,MAAM;AAAA,EACT,KAAK,IAAI,GAAI,IAAI,GAAG,EAAE,GAAG;AAAA,IACrB,IAAI,KAAK,GAAG;AAAA,IACZ,KAAK,IAAI,GAAG,IAAI,GAAG,IAAI,KAAK,KAAK,GAAG,MAAM,KAAM,KAAK,EAAG;AAAA,EAC5D;AAAA,EACA,IAAI,GAAG,MAAM;AAAA,IACT,IAAI,CAAC;AAAA,EACT,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IACrB,IAAI,OAAO,GAAG;AAAA,IACd,IAAI,MAAM;AAAA,MACN,IAAI,OAAO,GAAG;AAAA,MACd,KAAK,MAAM,GAAG,MAAM,GAAG,QAAQ,QAAQ,KAAM,KAAK,KAAM;AAAA,IAC5D;AAAA,EACJ;AAAA,EACA,OAAO,CAAC,IAAI;AAAA,IACJ,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,EACP,CAAC;AAAA,GAKL,MAIA,MAIA,MAIA,OAAO,QAAS,CAAC,GAAG,GAAG;AAAA,EACvB,IAAI,MAAM,EAAE,QAAQ,KAAK,IAAI,IAAI,GAAG;AAAA,EACpC,SAAS,IAAI,EAAG,IAAI,KAAK,EAAE,GAAG;AAAA,IAC1B,GAAG,KAAK;AAAA,IACR,KAAK,KAAK,EAAE;AAAA,EAChB;AAAA,EACA,OAAO;AAAA,GAGP,KAIA,MAEA,KAIA,MAEA,MAAM,QAAS,CAAC,KAAK,KAAK,IAAI;AAAA,EAC9B,IAAI,MAAM,IAAI,QAAQ,KAAK,IAAI,QAAQ,KAAK,IAAI,MAAM,IAAI,OAAO,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC,GAAG;AAAA,EAC1F,IAAI,CAAC;AAAA,IACD,IAAI,CAAC;AAAA,EACT,IAAI,KAAK,GAAG,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,IAAI,IAAI,EAAE,IAAI,KAAK,IAAI;AAAA,EAClE,MAAO,MAAM,MAAM,IAAI,MAAK;AAAA,IACxB,IAAI,MAAM,OAAO;AAAA,IACjB,IAAI,OAAO,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,QAAS,MAAM;AAAA,IAC5E,MAAO,MAAM,MAAO,OAAO;AAAA,IAC3B,IAAI,EAAE,KAAK,GAAG,EAAE;AAAA,IAChB,OAAQ,MAAM,GAAG,EAAE;AAAA,EACvB;AAAA,EACA,IAAI,OAAO,MAAM,IAAI,KAAK;AAAA,IACtB,IAAI,CAAC;AAAA,GAIT,OAAO,QAAS,CAAC,KAAK,KAAK,IAAI;AAAA,EAC/B,IAAI,KAAK;AAAA,EACT,IAAI,KAAK,IAAI,QAAQ,MAAO,KAAK,KAAM,GAAG,MAAM,OAAO,GAAG,MAAM,MAAM;AAAA,EACtE,IAAI,IAAI,SAAS,IAAI,MAAM,IAAI,KAAM,IAAI,MAAM,CAAE,GAAG,IAAI,SAAS,GAAG,GAAG,GAAG,EAAE;AAAA,EAC5E,IAAI,IAAI,SAAS,IAAI,MAAM,IAAI,KAAM,IAAI,MAAM,CAAE,GAAG,IAAI,SAAS,KAAK,GAAG,GAAG,EAAE;AAAA,EAC9E,IAAI,IAAI,SAAS,IAAI,MAAM,IAAI,KAAM,IAAI,MAAM,CAAE,GAAG,IAAI,SAAS,KAAK,GAAG,GAAG,EAAE;AAAA,EAC9E,IAAI,IAAI,SAAS,EAAE,GAAG,IAAI,SAAS,GAAG,GAAG,EAAE;AAAA,GAG3C,MAAM,QAAS,CAAC,KAAK,IAAI,KAAK;AAAA,EAC9B,IAAI;AAAA,EACJ,IAAI,KAAK,GAAG;AAAA,EAEZ,IAAI,KAAK,IAAI,KAAK,QAAS,MAAM,IAAK;AAAA,EACtC,GAAG,IAAI,KAAK;AAAA,EACZ,IAAI,KAAM,MAAM,IAAM,IAAI,KAAK,MAAM,IAAM,IAAI,KAAK,MAAM;AAAA,EAE1D,IAAI,OAAO,MAAM,KAAK;AAAA,EACtB,IAAI,SAAS,GAAG;AAAA,IACZ,IAAI,MAAM,IAAI;AAAA,MACV;AAAA,IACJ,GAAG,IAAI,KAAK;AAAA,IACZ,IAAI,KAAK;AAAA,MACL,KAAK,KAAK,IAAI,KAAK,GAAG,GAAG,GAAG,KAAK,EAAE;AAAA,MACnC,OAAO;AAAA,IACX;AAAA,IACA,OAAO,KAAK,IAAI,GAAG,EAAE,GAAG,IAAI,GAAG;AAAA,EACnC;AAAA,EACA,IAAI,MAAM,IAAI;AAAA,IACV;AAAA,EACJ,IAAI,SAAS,GAAG;AAAA,IACZ,GAAG,IAAI;AAAA,IACP,IAAI,KAAK;AAAA,MACL,IAAI,IAAI,IAAI,SAAS,IAAI,GAAG,GAAG,GAAG,CAAC;AAAA,MACnC,GAAG,KAAK;AAAA,MACR,OAAO;AAAA,IACX;AAAA,IACA,OAAO,IAAI,KAAK,IAAI,GAAG;AAAA,EAC3B;AAAA,EACA,IAAI,SAAS,GAAG;AAAA,IAEZ,IAAI,KAAK,IAAI,KAAK,MAAM,KAAK,GAAG,KAAM,MAAM,IAAK;AAAA,IAEjD,IAAI,MAAM,MAAM,GAAG,MAAM,GAAG,KAAK;AAAA,IACjC,IAAI,MAAM,GAAG;AAAA,MACT,IAAI,KAAK;AAAA,QACL,OAAQ,IAAI,EAAE,OAAO,KAAO,KAAK,KAAO,IAAI,EAAE,OAAO;AAAA,MAErD;AAAA,cAAM,MAAM;AAAA,IACpB,EACK;AAAA,MACD,KAAK;AAAA,MACL,IAAI,KAAK;AAAA,QACL,QAAS,IAAI,EAAE,MAAM,OAAO,GAAI,MAAO,IAAI,OAAO,IAAM,IAAI,EAAE,OAAO;AAAA,MACpE,SAAI,MAAM;AAAA,QACX,OAAQ,IAAI,EAAE,OAAO,KAAO,IAAI,EAAE,MAAM,MAAM,IAAK,MAAO,IAAI,OAAO,IAAM,IAAI,EAAE,OAAO;AAAA,MAExF;AAAA,eAAQ,IAAI,EAAE,OAAO,KAAO,IAAI,EAAE,MAAM,OAAO,IAAK,MAAO,IAAI,OAAO,IAAM,IAAI,EAAE,OAAO,IAAM,IAAI,EAAE,OAAO;AAAA;AAAA,IAEpH,EAAE;AAAA,IAEF,IAAI,MAAM,MAAM,IAAI,SAAS,GAAG,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,GAAG,CAAC;AAAA,IAE7D,IAAI,MAAM,IAAI,SAAS;AAAA,IACvB,IAAI,OAAO;AAAA,MACP,IAAI,IAAI,IAAI,SAAS,IAAI,MAAM,GAAG,GAAG,GAAG;AAAA,IACvC,SAAI,OAAO;AAAA,MACZ,KAAK,KAAK,IAAI,OAAO,GAAG;AAAA,IACvB;AAAA,MAED,IAAI,KAAK,GAAG;AAAA,MACZ,IAAI,OAAO,GAAG;AAAA,QACV,IAAI,MAAM,IAAI,KAAK,EAAE;AAAA,QAErB,OAAO,MAAM,KAAK,IAAI;AAAA,QACtB,GAAG,IAAI,KAAK,IAAI;AAAA,MACpB,EACK,SAAI,CAAC;AAAA,QACN,IAAI,CAAC;AAAA,OACR,KAAK,OAAO,KAAK,IAAI,SAAS,IAAI,MAAM,GAAG,GAAG,IAAI,SAAS,GAAG,GAAG,EAAE;AAAA;AAAA,IAGxE,IAAI,KAAK,IAAI;AAAA,IACb,IAAI,IAAI;AAAA,MACJ,IAAI,MAAM;AAAA,QACN,MAAM,IAAI,QAAS,IAAI,SAAS,KAAM;AAAA,MACrC,SAAI,KAAK;AAAA,QACV,KAAO,KAAK,OAAQ,IAAK,IAAI;AAAA,MAEjC,IAAI,MAAM,IAAI;AAAA,MACd,IAAI,MAAM;AAAA,QACN,IAAI,CAAC;AAAA,MACT,IAAI,MAAM,CAAC,MAAM,MAAM,IAAI;AAAA,MAC3B,SAAS,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,QACzB,IAAI,KAAM,QAAS,KAAK,KAAK,IAAM;AAAA,QACnC,IAAI,MAAM,GAAG;AAAA,UAET,IAAI,OAAO,IAAI,GAAG,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC;AAAA,UACnC,IAAI,KAAK;AAAA,YACL,GAAG,KAAK,SAAS,GAAG,CAAC;AAAA,YACrB,GAAG,KAAK,SAAS,GAAG,CAAC;AAAA,YACrB,GAAG,IAAI,IAAI,KAAK,QAAQ,GAAG,CAAC;AAAA,YAC5B,GAAG;AAAA,UACP;AAAA,QACJ,EACK,SAAI,MAAM,GAAG;AAAA,UAEd,KAAK,KAAK,KAAK,IAAI,KAAK,IAAI,EAAE,GAAG,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG;AAAA,QAC7D,EACK,SAAI,MAAM,GAAG;AAAA,UACd,IAAI,CAAC,GAAG;AAAA,YACJ,IAAI,CAAC;AAAA,UACT,IAAI,KAAK,GAAG,EAAE;AAAA,QAClB;AAAA,MACJ;AAAA,MACA,IAAI,KAAK,GAAG,IAAI,KAAK,MAAM,GAAG,IAAI,MAAM,GAAG,IAAI,MAAM,GAAG;AAAA,MACxD,IAAI,KAAK,IAAI,MAAM;AAAA,MACnB,IAAI,CAAC;AAAA,QACD,IAAI,CAAC;AAAA,MACT,IAAI,QAAQ,OAAO,KAAK,IAAI,IAAI,EAAE,IAAI,IAAI,GAAG,MAAM,QAAQ,GAAG,OAAO;AAAA,MACrE,IAAI,OAAQ,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,IAAI,KAAK;AAAA,MAC7E,OAAO,QAAQ,IAAI,MAAM;AAAA,MACzB,IAAI,OAAQ,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,IAAI,KAAK;AAAA,MAC7E,OAAO,QAAQ,IAAI,MAAM;AAAA,MACzB,IAAI,OAAQ,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,IAAI,KAAK;AAAA,MAC7E,KAAK,EAAE,GAAI,EAAE,MAAK;AAAA,QACd,IAAI,MAAM,IAAI,EAAE;AAAA,QAChB,IAAI,OAAO,IAAI,EAAE;AAAA,QACjB,IAAI,MAAM,IAAI,EAAE;AAAA,QAChB,IAAI,OAAO,IAAI,EAAE;AAAA,QACjB,IAAI,MAAM,IAAI,EAAE;AAAA,QAChB,IAAI,OAAO,IAAI,EAAE;AAAA,QACjB,OAAO,QAAQ,QAAQ;AAAA,QACvB,IAAI,MAAM,KAAK;AAAA,QACf,IAAI,MAAM,QAAS,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,KAAO,IAAI,MAAM,MAAM,SAAU,OAAO,KAAO,MAAM;AAAA,QAC1H,OAAO,QAAQ,IAAI,SAAS;AAAA,QAC5B,IAAI,KAAK,KAAK,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,QAAS,OAAO,MAAQ,KAAK,IAAI,QAAQ;AAAA,QACnH,OAAO,QAAQ,IAAI,SAAS;AAAA,QAC5B,IAAI,KAAK,KAAK,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,QAAS,OAAO,MAAQ,KAAK,IAAI,QAAQ;AAAA,QACnH,OAAO,QAAQ,SAAS;AAAA,QACxB,MAAM,IAAI,EAAE,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,QACtF,OAAO,QAAQ,SAAS;AAAA,QACxB,MAAM,IAAI,EAAE,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,QACtF,OAAO,QAAQ,SAAS;AAAA,QACxB,MAAM,IAAI,EAAE,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,QACtF,IAAI,MAAM,GAAG;AAAA,UACT,GAAG,EAAE,KAAK,GAAG,EAAE;AAAA,UACf,GAAG,EAAE,KAAK,GAAG,EAAE;AAAA,UACf,GAAG,EAAE,KAAK,OAAO;AAAA,QACrB,EACK;AAAA,UACD,IAAI,MAAM,OAAO,MAAM;AAAA,UACvB,IAAI,KAAK;AAAA,YACL,MAAM,OAAO,IAAI,GAAG,EAAE,KAAK,IAAI,GAAG,EAAE;AAAA,YACpC,IAAI,MAAM;AAAA,cACN,GAAG,EAAE,KAAK,GAAG,EAAE;AAAA,YACnB,GAAG,EAAE,KAAK,GAAG,EAAE;AAAA,YACf,GAAG,EAAE,KAAK;AAAA,UACd,EAEI;AAAA,kBAAM,GAAG,EAAE;AAAA;AAAA,QAEnB,SAAS,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,UACzB,IAAI,OAAO,KAAK,IAAI,MAAM;AAAA,QAC9B;AAAA,QACA,QAAQ,IAAI,OAAO;AAAA,QACnB,IAAI,OAAO,OAAO;AAAA,QAClB,IAAI,OAAO,GAAG;AAAA,UACV,IAAI,MAAM,CAAC;AAAA,UACX,IAAI,KAAK,GAAG,IAAI;AAAA,UAChB,IAAI,MAAM;AAAA,YACN,MAAM;AAAA,UACV,SAAS,IAAI,EAAG,IAAI,KAAK,EAAE,GAAG;AAAA,YAC1B,IAAI,OAAO,KAAK,GAAG,EAAE,KAAK;AAAA,UAC9B;AAAA,UACA,QAAQ,KAAK,MAAM,KAAK,OAAO;AAAA,QACnC;AAAA,QACA,SAAS,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,UACzB,IAAI,OAAO,KAAK,IAAI,OAAO;AAAA,QAC/B;AAAA,QACA,QAAQ;AAAA,MACZ;AAAA,MACA,IAAI,QAAQ,KAAK;AAAA,QACb,OAAO,MAAM,IAAI,QAAQ;AAAA,UACrB,IAAI,UAAU,IAAI;AAAA,QACtB;AAAA,MACJ,EAEI;AAAA,eAAO,IAAI;AAAA,MACf,IAAI;AAAA,QACA,GAAG,KAAK;AAAA,MAER;AAAA,cAAM,IAAI,KAAK,GAAG,IAAI;AAAA,IAC9B,EACK,SAAI,KAAK;AAAA,MACV,GAAG,KAAK;AAAA,MACR,IAAI,KAAK;AAAA,QACL,SAAS,IAAI,EAAG,IAAI,KAAK,EAAE,GAAG;AAAA,UAC1B,IAAI,KAAK,IAAI,MAAM;AAAA,QACvB;AAAA,MACJ;AAAA,IACJ,EACK,SAAI;AAAA,MACL,MAAM,IAAI,KAAK,GAAG;AAAA,IACtB,GAAG,IAAI;AAAA,IACP,OAAO;AAAA,EACX;AAAA,EACA,IAAI,CAAC;AAAA,GAGL,MAAM,QAAS,CAAC,MAAM,IAAI;AAAA,EAC1B,IAAI,KAAK,UAAU;AAAA,IACf,OAAO,KAAK;AAAA,EAChB,IAAI,MAAM,IAAI,GAAG,EAAE;AAAA,EACnB,SAAS,IAAI,GAAG,IAAI,EAAG,IAAI,KAAK,QAAQ,EAAE,GAAG;AAAA,IACzC,IAAI,MAAM,KAAK;AAAA,IACf,IAAI,IAAI,KAAK,CAAC;AAAA,IACd,KAAK,IAAI;AAAA,EACb;AAAA,EACA,OAAO;AAAA;AAAA;AAAA,EAvlBP,KAAK;AAAA,EAAa,KAAK;AAAA,EAAY,MAAM;AAAA,EAAa,MAAM;AAAA,EAA+B,MAAM;AAAA,EA8CjG,KAAK;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AAAA,EAqRI,OAAqB,qBAAmB,IAAI,GAAG;AAAA,IAC/C;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAK;AAAA,IAAK;AAAA,IAAI;AAAA,IAAK;AAAA,EACnF,CAAC,GAAG,GAAG,CAAC,EAAE;AAAA,EAEN,OAAqB,qBAAmB,IAAI,GAAG;AAAA,IAC/C;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAG;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAG;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,EAC9G,CAAC,GAAG,GAAG,CAAC,EAAE;AAAA,EAEN,OAAsB,qBAAmB,IAAI,GAAG;AAAA,IAChD;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,EACtD,CAAC,GAAG,GAAG,CAAC,EAAE;AAAA,EAWN,sBAAqB,IAAI,oBAAmB,IAAI,IAAI;AAAA,IACpD;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAU;AAAA,IAAU;AAAA,IAAW;AAAA,IAAW;AAAA,EAC1D,CAAC,GAAG,QAAQ,GAAG,EAAE;AAAA,EAEb,uBAAsB,KAAK,KAAK,CAAC;AAAA,EAEjC,sBAAqB,IAAI,oBAAmB,IAAI,IAAI;AAAA,IACpD;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAU;AAAA,IAAU;AAAA,IAAW;AAAA,IAAW;AAAA,IAAW;AAAA,EACjF,CAAC,GAAG,QAAQ,GAAG,EAAE;AAAA,EAEb,uBAAsB,KAAK,KAAK,CAAC;AAAA;;;;;;;;;ACtVrC,SAAS,eAAe,GAAe;AAAA,EACrC,MAAM,MAAY,YAAoB,WAAY,WAAmB,WAAW;AAAA,EAChF,IAAI,CAAC;AAAA,IAAK,OAAO;AAAA,EACjB,IAAI;AAAA,IACF,OAAO,IAAI,cAAc;AAAA,IACzB,MAAM;AAAA,IACN,OAAO;AAAA;AAAA;AAUJ,SAAS,uBAAuB,GAAY;AAAA,EACjD,IAAI;AAAA,IAAO,OAAO;AAAA,EAClB,MAAM,OAAO,gBAAgB;AAAA,EAC7B,OAAO,OAAO,MAAM,qBAAqB;AAAA;AAI3C,eAAsB,YAAY,CAAC,MAAkB,OAAiD;AAAA,EACpG,IAAI,OAAO;AAAA,IACT,OAAO,IAAI,WAAW,IAAI,iBAAiB,MAAM,EAAE,MAAM,CAAC,CAAC;AAAA,EAC7D;AAAA,EACA,MAAM,OAAO,gBAAgB;AAAA,EAC7B,MAAM,KAAK,MAAM;AAAA,EACjB,IAAI,OAAO,OAAO,YAAY;AAAA,IAC5B,MAAM,IAAI,MACR,wDACE,uDACA,iEACJ;AAAA,EACF;AAAA,EACA,OAAO,IAAI,WACT,GAAG,MAAM;AAAA,IACP,QAAQ;AAAA,OACL,KAAK,UAAU,0BAA0B;AAAA,IAC5C;AAAA,EACF,CAAC,CACH;AAAA;AAoBF,eAAsB,cAAc,CAAC,MAAkB,eAA0D;AAAA,EAC/G,IAAI,iBAAiB,MAAM;AAAA,IACzB,MAAM,WAAW,yBAAyB,IAAI;AAAA,IAC9C,IAAI,aAAa,QAAQ,WAAW,eAAe;AAAA,MACjD,MAAM,IAAI,MAAM,2BAA2B,+BAA+B,gBAAgB;AAAA,IAC5F;AAAA,EACF;AAAA,EAEA,IAAI;AAAA,EACJ,IAAI,OAAO;AAAA,IACT,MAAM,IAAI,WAAW,IAAI,mBAAmB,IAAI,CAAC;AAAA,EACnD,EAAO;AAAA,IACL,MAAM,OAAO,gBAAgB;AAAA,IAC7B,MAAM,KAAK,MAAM;AAAA,IACjB,IAAI,OAAO,OAAO,YAAY;AAAA,MAC5B,MAAM,IAAI,WAAW,GAAG,IAAI,CAAC;AAAA,IAC/B,EAAO;AAAA,MAYL,MAAM,UAAU,WAAgB,IAAI;AAAA,MACpC,MAAM,IAAI,WAAW,QAAQ,UAAU;AAAA,MACvC,IAAI,IAAI,OAAO;AAAA;AAAA;AAAA,EAInB,IAAI,iBAAiB,QAAQ,IAAI,aAAa,eAAe;AAAA,IAC3D,MAAM,IAAI,MAAM,2BAA2B,IAAI,4BAA4B,gBAAgB;AAAA,EAC7F;AAAA,EACA,OAAO;AAAA;AAcT,SAAS,wBAAwB,CAAC,MAAiC;AAAA,EACjE,IAAI,KAAK,SAAS;AAAA,IAAG,OAAO;AAAA,EAE5B,IAAI,KAAK,OAAO,MAAQ,KAAK,OAAO,OAAQ,KAAK,OAAO,MAAQ,KAAK,OAAO,KAAM;AAAA,IAChF,OAAO;AAAA,EACT;AAAA,EACA,MAAM,MAAM,KAAK;AAAA,EACjB,MAAM,eAAgB,OAAO,IAAK;AAAA,EAClC,MAAM,iBAAkB,OAAO,IAAK,OAAS;AAAA,EAC7C,MAAM,aAAa,MAAM;AAAA,EAEzB,MAAM,UAAU,iBAAiB,IAAK,gBAAgB,IAAI,IAAK,iBAAiB,IAAI,IAAI,iBAAiB,IAAI,IAAI;AAAA,EACjH,IAAI,YAAY;AAAA,IAAG,OAAO;AAAA,EAE1B,MAAM,iBAAiB,gBAAgB,IAAI;AAAA,EAC3C,MAAM,aAAa,eAAe,IAAI,IAAI,eAAe,IAAI,IAAI,eAAe,IAAI,IAAI;AAAA,EACxF,MAAM,YAAY,IAAI,iBAAiB;AAAA,EACvC,IAAI,KAAK,SAAS,YAAY;AAAA,IAAS,OAAO;AAAA,EAE9C,IAAI,MAAM;AAAA,EACV,SAAS,IAAI,EAAG,IAAI,SAAS,KAAK;AAAA,IAChC,OAAO,OAAO,KAAK,YAAY,EAAE,KAAK,OAAO,IAAI,CAAC;AAAA,EACpD;AAAA,EAEA,IAAI,YAAY;AAAA,IAAG,OAAO;AAAA,EAC1B,IAAI,MAAM,OAAO,OAAO,gBAAgB;AAAA,IAAG,OAAO,OAAO;AAAA,EACzD,OAAO,OAAO,GAAG;AAAA;AAAA,IA7Ib,iBAAiB,aACjB;AAAA;AAAA,EANN;AAAA,EAMM,QAAQ,OAAO,WAAW,QAAQ;AAAA;;ACdjC,IAAM,iBAAiB;AAEvB,IAAM,gBAAgB;AAEtB,IAAM,kBAAkB;AAExB,IAAM,gBAAgB;AAEtB,IAAM,sBAAsB;AAG5B,IAAM,kBAAkB;AAQxB,IAAM,oBAAoB;AAa1B,IAAM,uBAAuB;AAG7B,IAAM,uBAAuB;AAG7B,IAAM,YAAY;AAGlB,IAAM,eAAe;AACrB,IAAM,sBAAsB;;;AC5C5B,MAAM,iBAAiB,MAAM;AAAA,EAGhB;AAAA,EAEA;AAAA,EAEA;AAAA,EANlB,WAAW,CAEO,WAEA,cAEA,iBAChB;AAAA,IACA,MAAM,GAAG,cAAc,cAAc;AAAA,IANrB;AAAA,IAEA;AAAA,IAEA;AAAA,IAGhB,KAAK,OAAO;AAAA;AAEhB;;;ACdA;AAAA,YACE;AAAA,UACA;AAAA,UACA;AAAA,cAEA;AAAA,aACA;AAAA,aACA;AAAA,gBACA;AAAA,yBACA;AAAA,WACA;AAAA,qBACA;AAAA,aACA;AAAA,aACA;AAAA,UACA;AAAA,WACA;AAAA,WACA;AAAA,WACA;AAAA,iBACA;AAAA,eACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,iBACA;AAAA,YACA;AAAA,YACA;AAAA,qBACA;AAAA,eACA;AAAA,cACA;AAAA,UACA;AAAA,WACA;AAAA,YACA;AAAA,YACA;AAAA,YACA;AAAA,UACA;AAAA,cACA;AAAA,qBACA;AAAA;AAAA;AAAA;AAgGK,SAAS,iBAAiB,CAAC,OAA8B;AAAA,EAC9D,MAAM,SAAS,kBAAkB,KAAK,KAAK;AAAA,EAC3C,MAAM,UAAU,CAAC,GAAG,MAAM;AAAA,EAC1B,IAAI,QAAQ,SAAS;AAAA,IAAG,OAAO,QAAQ,GAAG;AAAA,EAC1C,IAAI,OAAO;AAAA,IAAQ,OAAO,OAAO;AAAA,EACjC,MAAM,IAAI,MAAM,iDAAiD;AAAA;AAiD5D,SAAS,gBAAgB,CAAC,OAA6B;AAAA,EAC5D,MAAM,SAAS,kBAAkB,KAAK,KAAK;AAAA,EAC3C,MAAM,UAAU,CAAC,GAAG,MAAM;AAAA,EAC1B,IAAI,QAAQ,WAAW,GAAG;AAAA,IACxB,MAAM,MAAM,OAAO,UAAU,IAAI,SAAS,CAAC,CAAC;AAAA,IAG5C,MAAM,aAAa,IAAI,SAAS,IAAI,MAAM;AAAA,IAC1C,MAAM,OAAO,WAAW,EAAE,MAAM,YAAY,QAAQ,GAAG,UAAU,CAAC,GAAG,WAAW,EAAE,CAAC;AAAA,IACnF,OAAO,IAAI,cAAc,KAAK,IAAI;AAAA,EACpC;AAAA,EACA,OAAO,QAAQ;AAAA;AAoEV,SAAS,sBAAsB,CAAC,GAAc,UAA0C;AAAA,EAC7F,MAAM,IAAI;AAAA,EACV,MAAM,WAAW,EAAE,OAAO,IAAI,CAAC,MAAM,uBAAuB,EAAE,IAAI,CAAC;AAAA,EACnE,MAAM,aAAa,IAAI,SAAS,EAAE,MAAM;AAAA,EACxC,MAAM,OAAO,WAAW,EAAE,MAAM,YAAY,QAAQ,GAAG,UAAU,WAAW,EAAE,CAAC;AAAA,EAC/E,OAAO,IAAI,cAAc,GAAG,MAAM,QAAQ;AAAA;AAK5C,SAAS,sBAAsB,CAAC,MAAuB;AAAA,EACrD,MAAM,IAAI,EAAE,UAAU,cAAc,MAAM,OAAO;AAAA,EACjD,IAAI,EAAE,SAAS,SAAS,IAAI,GAAG;AAAA,IAC7B,MAAM,WAAY,KAAa,SAAS,IAAI,CAAC,MAAW,uBAAuB,EAAE,IAAI,CAAC;AAAA,IACtF,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,UAAU,WAAW,EAAE,CAAQ;AAAA,EACtE;AAAA,EACA,IAAI,EAAE,SAAS,OAAO,IAAI,GAAG;AAAA,IAC3B,MAAM,YAAY,uBAAwB,KAAa,SAAS,GAAG,IAAI;AAAA,IACvE,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,OAAO,WAAW,WAAW,GAAG,cAAc,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAQ;AAAA,EACjH;AAAA,EACA,IAAI,EAAE,SAAS,gBAAgB,IAAI,GAAG;AAAA,IACpC,MAAM,YAAY,uBAAwB,KAAa,SAAS,GAAG,IAAI;AAAA,IACvE,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,OAAO,WAAW,WAAW,EAAE,CAAQ;AAAA,EAC9E;AAAA,EACA,IAAI,EAAE,SAAS,MAAM,IAAI,GAAG;AAAA,IAC1B,MAAM,YAAa,KAAa,SAAS,IAAI;AAAA,IAC7C,MAAM,YAAY,YACd,uBAAuB,SAAS,IAChC,WAAW,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC,GAAG,QAAQ,GAAG,UAAU,CAAC,GAAG,WAAW,EAAE,CAAC;AAAA,IAChF,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,OAAO,WAAW,WAAW,GAAG,cAAc,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAQ;AAAA,EACjH;AAAA,EACA,IAAI,EAAE,SAAS,QAAQ,IAAI,GAAG;AAAA,IAC5B,MAAM,WAAY,KAAa,SAAS,IAAI,CAAC,MAAW,uBAAuB,EAAE,IAAI,CAAC;AAAA,IACtF,IAAI,EAAE,SAAS,aAAa,IAAI,GAAG;AAAA,MACjC,OAAO,WAAW;AAAA,QAChB;AAAA,QACA,QAAQ;AAAA,QACR,SAAS,IAAI,UAAU,CAAC;AAAA,QACxB,cAAc,IAAI,WAAW,CAAC;AAAA,QAC9B;AAAA,QACA,WAAW;AAAA,MACb,CAAQ;AAAA,IACV;AAAA,IACA,OAAO,WAAW;AAAA,MAChB;AAAA,MACA,QAAQ;AAAA,MACR,SAAS,IAAI,UAAU,CAAC;AAAA,MACxB;AAAA,MACA,WAAW;AAAA,IACb,CAAQ;AAAA,EACV;AAAA,EACA,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;AAAA;AAK9C,SAAS,0BAA0B,CACxC,GACA,QACA,UACU;AAAA,EACV,MAAM,IAAI;AAAA,EACV,MAAM,IAAI,EAAE,UAAU,cAAc,MAAM,OAAO;AAAA,EACjD,MAAM,WAAW,EAAE,OAAO,IAAI,CAAC,MAAM;AAAA,IACnC,MAAM,MAAM,OAAO,EAAE;AAAA,IACrB,IAAI,eAAe,EAAE;AAAA,MAAM,OAAO;AAAA,IAClC,OAAO,kBAAkB,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,KAAK;AAAA,GAC9C;AAAA,EACD,MAAM,aAAa,IAAI,SAAS,EAAE,MAAM;AAAA,EACxC,MAAM,OAAO,WAAW,EAAE,MAAM,YAAY,QAAQ,GAAG,UAAU,WAAW,EAAE,CAAC;AAAA,EAC/E,OAAO,IAAI,cAAc,GAAG,MAAM,QAAQ;AAAA;AAuBrC,SAAS,gBAAgB,CAAC,QAAmB,SAAiC;AAAA,EACnF,MAAM,SAAS,IAAI;AAAA,EACnB,OAAO,MAAM,WAAW,MAA6B;AAAA,EACrD,WAAW,SAAS,SAAS;AAAA,IAC1B,OAAe,kBAAkB,KAAiC;AAAA,EACrE;AAAA,EACA,OAAO,MAAM;AAAA,EACb,OAAO,OAAO,aAAa,IAAI;AAAA;AAYjC,IAAM,kBAA8B,CAAC,KAAK,QAAQ;AAAA,EAChD,IAAI,IAAI,WAAW,IAAI;AAAA,IAAQ,OAAO;AAAA,EACtC,IAAI,IAAI,gBAAgB,IAAI;AAAA,IAAa,OAAO;AAAA,EAChD,OAAO;AAAA;AAGT,IAAM,aAAa,CAAC,MAA2B,EAAE,WAAW,OAAO,OAAO,EAAE,WAAW,OAAO;AAEvF,SAAS,oBAAoB,CAAC,OAAiB,QAA6B;AAAA,EACjF,MAAM,IAAI;AAAA,EACV,IAAI,EAAE,YAAY;AAAA,IAAG,OAAO;AAAA,EAC5B,MAAM,IAAI;AAAA,EAEV,IAAI,EAAE,OAAO,OAAO,WAAW,EAAE,OAAO,QAAQ;AAAA,IAC9C,MAAM,IAAI,UAAU,kCAAkC,EAAE,OAAO,eAAe,EAAE,OAAO,OAAO,QAAQ;AAAA,EACxG;AAAA,EACA,SAAS,IAAI,EAAG,IAAI,EAAE,OAAO,QAAQ,KAAK;AAAA,IACxC,IAAI,EAAE,OAAO,OAAO,GAAG,SAAS,EAAE,OAAO,GAAG,MAAM;AAAA,MAChD,MAAM,IAAI,UACR,gCAAgC,gBAAgB,EAAE,OAAO,GAAG,eAAe,EAAE,OAAO,OAAO,GAAG,OAChG;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,EAAE,OAAO,IAAI,CAAC,GAAG,MAAM;AAAA,IACtC,MAAM,WAAW,EAAE,KAAK,SAAS;AAAA,IACjC,MAAM,UAAU,SAAS;AAAA,IACzB,MAAM,UAAU,EAAE;AAAA,IAElB,IAAI,CAAC,gBAAgB,SAAS,OAAO,GAAG;AAAA,MACtC,OAAO,SAAS,MAAM,OAAO;AAAA,IAC/B;AAAA,IACA,IAAI,WAAW,OAAO,KAAK,WAAW,OAAO,GAAG;AAAA,MAC9C,MAAM,MAAM,EAAE,WAAW,CAAC;AAAA,MAC1B,MAAM,SAAmB,CAAC;AAAA,MAC1B,SAAS,IAAI,EAAG,IAAI,EAAE,SAAS,KAAK;AAAA,QAClC,MAAM,IAAI,IAAI,IAAI,CAAC;AAAA,QACnB,OAAO,KAAK,OAAO,MAAM,WAAW,OAAO,CAAC,IAAK,CAAY;AAAA,MAC/D;AAAA,MACA,OAAO,kBAAkB,QAAQ,OAAO,EAAE,KAAK;AAAA,IACjD;AAAA,IACA,OAAO,SAAS,MAAM,OAAO;AAAA,GAC9B;AAAA,EAED,MAAM,aAAa,IAAI,SAAS,EAAE,MAAM;AAAA,EACxC,MAAM,OAAO,WAAW;AAAA,IACtB,MAAM;AAAA,IACN,QAAQ,EAAE;AAAA,IACV;AAAA,IACA,WAAW,EAAE,KAAK;AAAA,IAClB,YAAY,EAAE,KAAK;AAAA,EACrB,CAAC;AAAA,EACD,OAAO,IAAI,cAAc,GAAG,MAAM,EAAE,QAAQ;AAAA;;ACja9C;;;ACgIO,SAAS,eAAe,CAAC,SAAmB,UAA0C;AAAA,EAC3F,OAAO,uBAAuB,SAAQ,QAAQ;AAAA;;;ADtEzC,SAAS,kBAAkB,CAAC,KAAmB;AAAA,EACpD,MAAM,SAAS,IAAI,IAAI,GAAG;AAAA,EAC1B,IAAI,OAAO,aAAa,UAAU;AAAA,IAChC,MAAM,IAAI,MAAM,8CAA8C,OAAO,WAAW;AAAA,EAClF;AAAA;AAOF,eAAe,SAAS,CAAC,MAAmC;AAAA,EAE1D,MAAM,MAAM,IAAI,YAAY,KAAK,UAAU;AAAA,EAC3C,IAAI,WAAW,GAAG,EAAE,IAAI,IAAI;AAAA,EAC5B,MAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,GAAG;AAAA,EACtD,OAAO,MAAM,KAAK,IAAI,WAAW,IAAI,CAAC,EACnC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAAA;AAQL,SAAS,uBAAuB,CAAC,OAA0B;AAAA,EAChE,IAAI,MAAM,YAAY;AAAA,IAAG,OAAO;AAAA,EAChC,MAAM,OAAO,MAAM;AAAA,EACnB,IAAI,CAAC;AAAA,IAAM,OAAO;AAAA,EAClB,OAAO,KAAK,IAAI,YAAY,KAAK,CAAC,KAAK,IAAI,aAAa;AAAA;AAQnD,SAAS,yBAAyB,CAAC,SAAmB,KAAa,QAA2B;AAAA,EACnG,MAAM,WAAW,IAAI;AAAA,EACrB,SAAS,IAAI,cAAc,GAAG;AAAA,EAC9B,IAAI,QAAQ;AAAA,IACV,SAAS,IAAI,qBAAqB,MAAM;AAAA,EAC1C;AAAA,EACA,OAAO,gBAAgB,SAAQ,QAAQ;AAAA;AA8DzC,eAAsB,uBAAuB,CAC3C,OACA,QACmB;AAAA,EACnB,IAAI,CAAC;AAAA,IAAQ,OAAO;AAAA,EACpB,IAAI,CAAC,wBAAwB,KAAK;AAAA,IAAG,OAAO;AAAA,EAE5C,MAAM,MAAM,MAAM,UAAU,IAAI,YAAY;AAAA,EAC5C,IAAI,CAAC;AAAA,IAAK,OAAO;AAAA,EAGjB,MAAM,YAAY,OAAO,iBAAiB,OAAO,YAAa,OAAO,gBAAgB;AAAA,EACrF,IAAI,WAAW;AAAA,IACb,UAAU,GAAG;AAAA,EACf;AAAA,EAGA,MAAM,WAAW,MAAM,MAAM,GAAG;AAAA,EAChC,IAAI,CAAC,SAAS,IAAI;AAAA,IAChB,MAAM,IAAI,MAAM,mCAAmC,SAAS,UAAU,SAAS,oBAAoB,MAAM;AAAA,EAC3G;AAAA,EACA,IAAI,OAAO,IAAI,WAAW,MAAM,SAAS,YAAY,CAAC;AAAA,EAMtD,MAAM,kBAAkB,SAAS,QAAQ,IAAI,kBAAkB;AAAA,EAC/D,IAAI,oBAAoB,QAAQ;AAAA,IAC9B,MAAM,MAAM,KAAK,aAAa;AAAA,IAC9B,OAAO,IAAI,WAAW,MAAM,eAAe,MAAM,GAAG,CAAC;AAAA,EACvD;AAAA,EAGA,MAAM,iBAAiB,MAAM,UAAU,IAAI,mBAAmB;AAAA,EAC9D,IAAI,gBAAgB;AAAA,IAClB,MAAM,eAAe,MAAM,UAAU,IAAI;AAAA,IACzC,IAAI,iBAAiB,gBAAgB;AAAA,MACnC,MAAM,IAAI,MAAM,iCAAiC,iBAAiB,uBAAuB,cAAc;AAAA,IACzG;AAAA,EACF;AAAA,EAGA,MAAM,WAAW,iBAAiB,IAAI;AAAA,EACtC,IAAI,SAAS,YAAY,KAAK,SAAS,OAAO,OAAO,WAAW,GAAG;AAAA,IACjE,MAAM,IAAI,MAAM,mDAAmD,KAAK;AAAA,EAC1E;AAAA,EACA,OAAO;AAAA;;;AEpNF,IAAM,qBAAqB;AAqE3B,SAAS,kBAAkB,CAAC,SAAmB,SAAiC;AAAA,EACrF,MAAM,YAAY,QAAQ,IAAI,CAAC,MAAM,qBAAqB,GAAG,OAAM,CAAC;AAAA,EACpE,OAAO,iBAAiB,SAAQ,SAAS;AAAA;;;AC3D3C,IAAM,2BAA2B;AACjC,IAAM,oBAAoB;AAC1B,IAAM,0BAA0B;AAEhC,SAAS,cAAc,CAAC,SAAkB,MAA6B;AAAA,EACrE,MAAM,MAAM,QAAQ,IAAI,IAAI,KAAK,QAAQ,IAAI,KAAK,YAAY,CAAC;AAAA,EAC/D,IAAI,OAAO;AAAA,IAAM,OAAO;AAAA,EACxB,MAAM,SAAS,OAAO,SAAS,KAAK,EAAE;AAAA,EACtC,OAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAAA;AAGrC,SAAS,4BAA4B,CAAC,SAA0C;AAAA,EACrF,MAAM,YAAY,QAAQ,IAAI,iBAAiB,KAAK,QAAQ,IAAI,kBAAkB,YAAY,CAAC;AAAA,EAC/F,MAAM,mBAAmB,cAAc;AAAA,EAEvC,IAAI,iBAAgC;AAAA,EACpC,MAAM,KAAK,QAAQ,IAAI,eAAe,KAAK,QAAQ,IAAI,eAAe;AAAA,EACtE,IAAI,IAAI;AAAA,IACN,WAAW,SAAS,GAAG,MAAM,GAAG,GAAG;AAAA,MACjC,MAAM,IAAI,MAAM,KAAK,EAAE,YAAY;AAAA,MACnC,IAAI,EAAE,WAAW,UAAU,GAAG;AAAA,QAC5B,MAAM,UAAU,OAAO,WAAW,EAAE,MAAM,WAAW,MAAM,CAAC;AAAA,QAC5D,IAAI,OAAO,SAAS,OAAO,GAAG;AAAA,UAC5B,iBAAiB,KAAK,IAAI,IAAI,UAAU;AAAA,QAC1C;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO;AAAA,IACL,iBAAiB,eAAe,SAAS,wBAAwB;AAAA,IACjE;AAAA,IACA,gBAAgB,eAAe,SAAS,uBAAuB;AAAA,IAC/D;AAAA,EACF;AAAA;AAkBK,SAAS,yBAAyB,CAAC,UAAkD;AAAA,EAC1F,IAAI,CAAC;AAAA,IAAU,OAAO;AAAA,EACtB,IAAI,SAAS,kBAAkB;AAAA,IAAM,OAAO;AAAA,EAC5C,OAAO,KAAK,IAAI,IAAI,SAAS;AAAA;;;AC/E/B,mBAAS;;;ACAT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,uBAOE;AAAA;AAAA;;;ACPF,8BAA2B;AAAA;AAapB,MAAM,gBAAgB;AAAA,EACnB;AAAA,EACA,cAAc;AAAA,EAEd,cAAc;AAAA,EAEd,WAAW,CAAC,QAA2B;AAAA,IAC7C,KAAK,SAAS;AAAA;AAAA,cAGH,OAAM,CAAC,OAAqF;AAAA,IACvG,MAAM,SAAS,MAAM,mBAAkB,KAAK,KAAY;AAAA,IACxD,MAAM,OAAO,KAAK,EAAE,aAAa,MAAM,CAAC;AAAA,IACxC,IAAI,OAAO,QAAQ;AAAA,MACjB,MAAM,IAAI,MAAM,8CAA8C;AAAA,IAChE;AAAA,IACA,OAAO,IAAI,gBAAgB,MAAM;AAAA;AAAA,OAO7B,WAAU,GAAkC;AAAA,IAChD,IAAI,KAAK,aAAa;AAAA,MAEpB,MAAM,KAAK,OAAO,MAAM,EAAE,KAAK;AAAA,MAC/B,IAAI,KAAK,OAAO,QAAQ;AAAA,QACtB,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,KAAK,cAAc;AAAA,IAEnB,MAAM,UAAS,KAAK,OAAO;AAAA,IAC3B,IAAI,CAAC,SAAQ;AAAA,MACX,OAAO;AAAA,IACT;AAAA,IAEA,MAAM,UAAyB,CAAC;AAAA,IAChC,OAAO,MAAM;AAAA,MACX,MAAM,SAAS,MAAM,KAAK,OAAO,KAAK;AAAA,MACtC,IAAI,OAAO;AAAA,QAAM;AAAA,MAEjB,IAAI,OAAO,MAAM,YAAY,SAAS;AAAA,QAAwC;AAAA,MAC9E,QAAQ,KAAK,OAAO,KAAK;AAAA,IAC3B;AAAA,IAEA,OAAO,EAAE,iBAAQ,QAAQ;AAAA;AAAA,OAQrB,eAAc,GAA8B;AAAA,IAChD,IAAI,KAAK,aAAa;AAAA,MACpB,MAAM,KAAK,OAAO,MAAM,EAAE,KAAK;AAAA,MAC/B,IAAI,KAAK,OAAO,QAAQ;AAAA,QACtB,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,KAAK,cAAc;AAAA,IACnB,KAAK,cAAc;AAAA,IACnB,OAAO,KAAK,OAAO,UAAU;AAAA;AAAA,OAWzB,cAAa,GAA6B;AAAA,IAC9C,IAAI,KAAK;AAAA,MAAa,OAAO;AAAA,IAC7B,MAAM,SAAS,MAAM,KAAK,OAAO,KAAK;AAAA,IACtC,IAAI,OAAO,MAAM;AAAA,MACf,KAAK,cAAc;AAAA,MACnB,OAAO;AAAA,IACT;AAAA,IAIA,IAAI,OAAO,MAAM,YAAY,SAAS,wCAAwC;AAAA,MAC5E,KAAK,cAAc;AAAA,MACnB,OAAO;AAAA,IACT;AAAA,IACA,OAAO,OAAO;AAAA;AAAA,OAGV,OAAM,GAAkB;AAAA,IAC5B,MAAM,KAAK,OAAO,OAAO;AAAA;AAE7B;;;ADjFO,SAAS,cAAc,CAAC,OAAsB;AAAA,EACnD,IAAI,OAAO,UAAU;AAAA,IAAU,OAAO,IAAI;AAAA,EAC1C,IAAI,OAAO,UAAU;AAAA,IAAW,OAAO,IAAI;AAAA,EAC3C,IAAI,OAAO,UAAU;AAAA,IAAU,OAAO,IAAI;AAAA,EAC1C,IAAI,OAAO,UAAU;AAAA,IAAU,OAAO,IAAI;AAAA,EAC1C,IAAI,iBAAiB;AAAA,IAAY,OAAO,IAAI;AAAA,EAC5C,OAAO,IAAI;AAAA;AAOb,SAAS,cAAc,CAAC,MAAgB,OAAiB;AAAA,EACvD,IAAI,SAAS;AAAA,IAAM,OAAO;AAAA,EAG1B,IAAI,SAAS,MAAM,IAAI,KAAM,KAAa,aAAa,IAAI;AAAA,IACzD,IAAI,OAAO,UAAU;AAAA,MAAU,OAAO,OAAO,KAAK;AAAA,IAClD,OAAO;AAAA,EACT;AAAA,EAGA,IAAI,SAAS,MAAM,IAAI,GAAG;AAAA,IACxB,IAAI,iBAAiB,KAAK;AAAA,MACxB,MAAM,eAAgB,KAAa,SAAS;AAAA,MAC5C,MAAM,YAAY,aAAa,KAAK,SAAS,GAAG;AAAA,MAChD,MAAM,UAAU,IAAI;AAAA,MACpB,YAAY,GAAG,MAAM,OAAO;AAAA,QAC1B,QAAQ,IAAI,GAAG,eAAe,WAAW,CAAC,CAAC;AAAA,MAC7C;AAAA,MACA,OAAO;AAAA,IACT;AAAA,IACA,OAAO;AAAA,EACT;AAAA,EAGA,IAAI,SAAS,OAAO,IAAI,GAAG;AAAA,IACzB,IAAI,MAAM,QAAQ,KAAK,GAAG;AAAA,MACxB,MAAM,WAAY,KAAa,SAAS,GAAG;AAAA,MAC3C,OAAO,MAAM,IAAI,CAAC,MAAW,eAAe,UAAU,CAAC,CAAC;AAAA,IAC1D;AAAA,IACA,OAAO;AAAA,EACT;AAAA,EAEA,OAAO;AAAA;AAUF,SAAS,eAAe,CAC7B,SACA,QACA,QACA,SACY;AAAA,EACZ,MAAM,WAAW,IAAI;AAAA,EACrB,SAAS,IAAI,gBAAgB,MAAM;AAAA,EACnC,SAAS,IAAI,qBAAqB,eAAe;AAAA,EACjD,IAAI,SAAS,iBAAiB;AAAA,IAC5B,SAAS,IAAI,sBAAsB,QAAQ,eAAe;AAAA,EAC5D;AAAA,EAaA,IAAI,QAAO,OAAO,WAAW,GAAG;AAAA,IAC9B,MAAM,SAAQ,uBAAuB,SAAQ,QAAQ;AAAA,IACrD,OAAO,mBAAmB,SAAQ,CAAC,MAAK,CAAC;AAAA,EAC3C;AAAA,EAEA,MAAM,UAA+B,CAAC;AAAA,EACtC,WAAW,KAAK,QAAO,QAAQ;AAAA,IAC7B,MAAM,MAAM,OAAO,EAAE;AAAA,IAIrB,QAAQ,EAAE,QAAQ,QAAQ,YAAY,OAAO,eAAe,EAAE,MAAM,GAAG;AAAA,EACzE;AAAA,EACA,MAAM,QAAQ,2BAA2B,SAAQ,SAAS,QAAQ;AAAA,EAClE,OAAO,mBAAmB,SAAQ,CAAC,KAAK,CAAC;AAAA;AAM3C,eAAsB,mBAAmB,CAAC,MAAuE;AAAA,EAC/G,MAAM,SAAS,MAAM,mBAAkB,KAAK,IAAI;AAAA,EAChD,MAAM,OAAO,KAAK;AAAA,EAClB,MAAM,UAAS,OAAO;AAAA,EACtB,IAAI,CAAC,SAAQ;AAAA,IACX,MAAM,IAAI,SAAS,iBAAiB,+BAA+B,EAAE;AAAA,EACvE;AAAA,EACA,MAAM,UAAU,OAAO,QAAQ;AAAA,EAC/B,OAAO,EAAE,iBAAQ,QAAQ;AAAA;AASpB,SAAS,kBAAkB,CAAC,OAAoB,OAA4C;AAAA,EACjG,MAAM,OAAO,MAAM;AAAA,EACnB,IAAI,CAAC;AAAA,IAAM,OAAO;AAAA,EAElB,MAAM,QAAQ,KAAK,IAAI,aAAa;AAAA,EACpC,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,MAAM,UAAU,KAAK,IAAI,eAAe,KAAK;AAAA,EAE7C,IAAI,UAAU,aAAa;AAAA,IACzB,MAAM,WAAW,KAAK,IAAI,aAAa;AAAA,IACvC,IAAI,YAAY;AAAA,IAChB,IAAI,eAAe;AAAA,IACnB,IAAI,YAAY;AAAA,IAChB,IAAI,UAAU;AAAA,MACZ,IAAI;AAAA,QACF,MAAM,QAAQ,KAAK,MAAM,QAAQ;AAAA,QACjC,YAAY,MAAM,kBAAkB;AAAA,QACpC,eAAe,MAAM,qBAAqB;AAAA,QAC1C,YAAY,MAAM,aAAa;AAAA,QAC/B,MAAM;AAAA,IACV;AAAA,IACA,MAAM,IAAI,SAAS,WAAW,cAAc,SAAS;AAAA,EACvD;AAAA,EAEA,IAAI,OAAO;AAAA,IACT,MAAM,WAAW,KAAK,IAAI,aAAa;AAAA,IACvC,IAAI;AAAA,IACJ,IAAI,UAAU;AAAA,MACZ,IAAI;AAAA,QACF,QAAQ,KAAK,MAAM,QAAQ;AAAA,QAC3B,MAAM;AAAA,IACV;AAAA,IACA,MAAM,EAAE,OAAO,SAAS,MAAM,CAAC;AAAA,EACjC;AAAA,EAEA,OAAO;AAAA;AAOF,SAAS,gBAAgB,CAAC,OAA2C;AAAA,EAC1E,MAAM,OAA8B,CAAC;AAAA,EACrC,SAAS,IAAI,EAAG,IAAI,MAAM,SAAS,KAAK;AAAA,IACtC,MAAM,MAA2B,CAAC;AAAA,IAClC,SAAS,IAAI,EAAG,IAAI,MAAM,OAAO,OAAO,QAAQ,KAAK;AAAA,MACnD,MAAM,SAAQ,MAAM,OAAO,OAAO;AAAA,MAClC,IAAI,QAAQ,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,MACtC,IAAI,OAAO,UAAU,UAAU;AAAA,QAC7B,IAAI,SAAS,OAAO,OAAO,gBAAgB,KAAK,SAAS,OAAO,OAAO,gBAAgB,GAAG;AAAA,UACxF,QAAQ,OAAO,KAAK;AAAA,QACtB;AAAA,MACF;AAAA,MACA,IAAI,OAAM,QAAQ;AAAA,IACpB;AAAA,IACA,KAAK,KAAK,GAAG;AAAA,EACf;AAAA,EACA,OAAO;AAAA;AAOT,eAAsB,qBAAqB,CAAC,MAA4C;AAAA,EACtF,MAAM,SAAS,IAAI,eAA2B;AAAA,IAC5C,KAAK,CAAC,YAAY;AAAA,MAChB,WAAW,QAAQ,IAAI;AAAA,MACvB,WAAW,MAAM;AAAA;AAAA,EAErB,CAAC;AAAA,EACD,OAAO,gBAAgB,OAAO,MAAM;AAAA;;;AD9JtC,SAAS,kBAAiB,CAAC,OAA2B;AAAA,EACpD,OAAO,kBAAsB,KAAK;AAAA;AAOpC,eAAsB,qBAAqB,CACzC,SACA,OAC6B;AAAA,EAE7B,IAAI,YAAY;AAAA,EAChB,WAAW,SAAS,SAAS;AAAA,IAC3B,IAAI,MAAM,YAAY,GAAG;AAAA,MACvB,mBAAmB,OAAO,KAAK;AAAA,MAC/B;AAAA,IACF;AAAA,IACA,YAAY;AAAA,EACd;AAAA,EAEA,IAAI,CAAC,WAAW;AAAA,IACd,MAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AAAA,EAGA,MAAM,OAAO,UAAU;AAAA,EACvB,MAAM,eAAe,MAAM,IAAI,iBAAiB,KAAK;AAAA,EACrD,MAAM,kBAAkB,MAAM,IAAI,oBAAoB,KAAK;AAAA,EAK3D,MAAM,UAAwB,CAAC;AAAA,EAC/B,SAAS,IAAI,EAAG,IAAI,UAAU,SAAS,KAAK;AAAA,IAC1C,MAAM,OAAO,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IAC3C,MAAM,aAAa,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IACjD,MAAM,aAAa,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IACjD,MAAM,YAAY,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IAChD,MAAM,YAAY,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IAChD,MAAM,YAAY,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IAChD,MAAM,YAAY,UAAU,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,IAGhD,MAAM,eAAe,MAAM,mBAAkB,SAAS;AAAA,IACtD,MAAM,eAAe,MAAM,mBAAkB,SAAS;AAAA,IAEtD,MAAM,OAAmB;AAAA,MACvB;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,IACF;AAAA,IAGA,IAAI,eAAe,UAAU;AAAA,MAC3B,KAAK,eAAe;AAAA,IACtB;AAAA,IAEA,IAAI,aAAa,WAAW;AAAA,MAC1B,KAAK,eAAe,MAAM,mBAAkB,SAAS;AAAA,IACvD;AAAA,IAEA,QAAQ,KAAK,IAAI;AAAA,EACnB;AAAA,EAEA,OAAO,EAAE,cAAc,iBAAiB,QAAQ;AAAA;AAMlD,eAAsB,cAAc,CAClC,SACA,SAO6B;AAAA,EAC7B,MAAM,SAAS,SAAS,UAAU;AAAA,EAClC,MAAM,cAAc,IAAI,YAAY,CAAC,CAAC;AAAA,EACtC,MAAM,OAAO,gBAAgB,aAAa,CAAC,GAAG,oBAAoB;AAAA,EAElE,MAAM,UAAkC,EAAE,gBAAgB,mBAAmB;AAAA,EAC7E,IAAI,SAAS,eAAe;AAAA,IAC1B,QAAQ,gBAAgB,QAAQ;AAAA,EAClC;AAAA,EAEA,MAAM,QAAQ,SAAS;AAAA,EACvB,MAAM,aAAa,SAAS;AAAA,EAC5B,MAAM,eAAe,SAAS;AAAA,EAC9B,IAAI,WAAuB;AAAA,EAC3B,IAAI,SAAS,QAAQ,YAAY;AAAA,IAC/B,QAAQ,sBAAsB;AAAA,IAC9B,WAAW,MAAM,WAAW,MAAM,KAAK;AAAA,EACzC;AAAA,EACA,IAAI,SAAS,QAAQ,cAAc;AAAA,IACjC,QAAQ,qBAAqB;AAAA,EAC/B;AAAA,EAEA,MAAM,WAAW,MAAM,MAAM,GAAG,UAAU,UAAU,wBAAwB;AAAA,IAC1E,QAAQ;AAAA,IACR;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AAAA,EACD,IAAI,SAAS,WAAW,KAAK;AAAA,IAC3B,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,EACzE;AAAA,EAEA,IAAI,eAAe,IAAI,WAAW,MAAM,SAAS,YAAY,CAAC;AAAA,EAC9D,IAAI,SAAS,QAAQ,IAAI,kBAAkB,MAAM,UAAU,cAAc;AAAA,IACvE,eAAe,IAAI,WAAW,MAAM,aAAa,YAAY,CAAC;AAAA,EAChE;AAAA,EACA,QAAQ,YAAY,MAAM,oBAAoB,YAAY;AAAA,EAE1D,OAAO,sBAAsB,OAAO;AAAA;;;AGjLtC;AAwBO,MAAM,kBAA2C;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,WAAW,CAAC,MAiBT;AAAA,IACD,KAAK,WAAW,KAAK;AAAA,IACrB,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,cAAc,KAAK;AAAA,IACxB,KAAK,gBAAgB,KAAK;AAAA,IAC1B,KAAK,eAAe,KAAK;AAAA,IACzB,KAAK,SAAS,KAAK;AAAA,IACnB,KAAK,kBAAkB,KAAK;AAAA,IAC5B,KAAK,YAAY,KAAK;AAAA,IACtB,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,oBAAoB,KAAK;AAAA,IAC9B,KAAK,cAAc,KAAK;AAAA,IACxB,KAAK,gBAAgB,KAAK;AAAA,IAC1B,KAAK,iBAAiB,KAAK;AAAA,IAC3B,KAAK,kBAAkB,KAAK;AAAA,IAC5B,KAAK,UAAU,KAAK;AAAA;AAAA,OAGR,MAAK,CAAC,KAAa,MAAqC;AAAA,IACpE,IAAI,KAAK;AAAA,MAAS,OAAO,KAAK,QAAQ,KAAK,IAAI;AAAA,IAC/C,OAAO,MAAM,KAAK;AAAA,MAChB,QAAQ;AAAA,MACR,SAAS,KAAK,cAAc;AAAA,MAC5B,MAAO,MAAM,KAAK,aAAa,IAAI;AAAA,IACrC,CAAC;AAAA;AAAA,MAIC,MAAM,GAA+B;AAAA,IACvC,OAAO,KAAK;AAAA;AAAA,EAGN,aAAa,GAA2B;AAAA,IAC9C,MAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AAAA,IACA,IAAI,KAAK,qBAAqB,QAAQ,KAAK,aAAa;AAAA,MACtD,QAAQ,sBAAsB;AAAA,IAChC;AAAA,IACA,IAAI,KAAK,qBAAqB,QAAQ,KAAK,eAAe;AAAA,MACxD,QAAQ,qBAAqB;AAAA,IAC/B;AAAA,IACA,IAAI,KAAK,gBAAgB;AAAA,MACvB,QAAQ,gBAAgB,KAAK;AAAA,IAC/B;AAAA,IACA,OAAO;AAAA;AAAA,OAGK,aAAY,CAAC,SAA0C;AAAA,IACnE,IAAI,KAAK,qBAAqB,QAAQ,KAAK,aAAa;AAAA,MACtD,OAAO,MAAM,KAAK,YAAY,SAAS,KAAK,iBAAiB;AAAA,IAC/D;AAAA,IACA,OAAO;AAAA;AAAA,OAGK,cAAa,CAAC,MAAkD;AAAA,IAC5E,IAAI,OAAO,IAAI,WAAW,MAAM,KAAK,YAAY,CAAC;AAAA,IAClD,IAAI,KAAK,QAAQ,IAAI,kBAAkB,MAAM,UAAU,KAAK,eAAe;AAAA,MACzE,OAAO,IAAI,WAAW,MAAM,KAAK,cAAc,IAAI,CAAC;AAAA,IACtD;AAAA,IACA,OAAO;AAAA;AAAA,OAMH,SAAQ,CAAC,OAA8D;AAAA,IAC3E,IAAI,KAAK,gBAAgB,MAAM;AAAA,MAC7B,MAAM,IAAI,SAAS,iBAAiB,kDAAuD,EAAE;AAAA,IAC/F;AAAA,IAMA,IAAI,MAAM,WAAW,GAAG;AAAA,MAItB,MAAM,aAAa,KAAK,gBAAgB,KAAK;AAAA,MAC7C,MAAM,aAAa,KAAK,iBAAiB,UAAU;AAAA,MACnD,MAAM,YAAW,IAAI;AAAA,MACrB,UAAS,IAAI,WAAW,KAAK,WAAW;AAAA,MACxC,MAAM,gBAAgB,IAAI,YAAY,YAAY,WAAW,MAAM,SAAQ;AAAA,MAC3E,OAAO,KAAK,YAAY,YAAY,CAAC,aAAa,CAAC;AAAA,IACrD;AAAA,IAGA,MAAM,OAAO,OAAO,KAAK,MAAM,EAAE;AAAA,IACjC,MAAM,SAAS,KAAK,IAAI,CAAC,QAAQ;AAAA,MAE/B,IAAI;AAAA,MACJ,WAAW,OAAO,OAAO;AAAA,QACvB,IAAI,IAAI,QAAQ,MAAM;AAAA,UACpB,SAAS,IAAI;AAAA,UACb;AAAA,QACF;AAAA,MACF;AAAA,MACA,MAAM,YAAY,eAAe,MAAM;AAAA,MACvC,MAAM,WAAW,MAAM,KAAK,CAAC,QAAQ,IAAI,QAAQ,IAAI;AAAA,MACrD,OAAO,IAAI,MAAM,KAAK,WAAW,QAAQ;AAAA,KAC1C;AAAA,IAED,MAAM,cAAc,IAAI,OAAO,MAAM;AAAA,IACrC,MAAM,WAAW,YAAY,OAAO,IAAI,CAAC,MAAM;AAAA,MAC7C,MAAM,SAAS,MAAM,IAAI,CAAC,QAAQ,IAAI,EAAE,KAAK;AAAA,MAC7C,OAAO,gBAAgB,QAAQ,EAAE,IAAI,EAAE,KAAK;AAAA,KAC7C;AAAA,IAED,MAAM,aAAa,IAAI,OAAO,YAAY,MAAM;AAAA,IAChD,MAAM,OAAO,SAAS;AAAA,MACpB,MAAM;AAAA,MACN,QAAQ,MAAM;AAAA,MACd;AAAA,MACA,WAAW;AAAA,IACb,CAAC;AAAA,IAED,MAAM,WAAW,IAAI;AAAA,IACrB,SAAS,IAAI,WAAW,KAAK,WAAW;AAAA,IACxC,MAAM,QAAQ,IAAI,YAAY,aAAa,MAAM,QAAQ;AAAA,IAEzD,OAAO,KAAK,YAAY,aAAa,CAAC,KAAK,CAAC;AAAA;AAAA,OAGhC,YAAW,CAAC,SAAgB,SAAwD;AAAA,IAChG,MAAM,OAAO,mBAAmB,SAAQ,OAAO;AAAA,IAC/C,MAAM,OAAO,MAAM,KAAK,MAAM,GAAG,KAAK,WAAW,KAAK,WAAW,KAAK,oBAAoB,IAAI;AAAA,IAC9F,IAAI,KAAK,WAAW,KAAK;AAAA,MACvB,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,IACzE;AAAA,IAEA,MAAM,eAAe,MAAM,KAAK,cAAc,IAAI;AAAA,IAClD,QAAQ,SAAS,oBAAoB,MAAM,oBAAoB,YAAY;AAAA,IAE3E,IAAI,aAAoC,CAAC;AAAA,IACzC,WAAW,SAAS,iBAAiB;AAAA,MACnC,IAAI,MAAM,YAAY,GAAG;AAAA,QAEvB,mBAAmB,OAAO,KAAK,MAAM;AAAA,QAErC,MAAM,SAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,QAC3C,IAAI,QAAO;AAAA,UACT,KAAK,cAAc;AAAA,QACrB;AAAA,QACA;AAAA,MACF;AAAA,MAGA,MAAM,QAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,MAC3C,IAAI,OAAO;AAAA,QACT,KAAK,cAAc;AAAA,MACrB;AAAA,MAEA,aAAa,iBAAiB,KAAK;AAAA,IACrC;AAAA,IAEA,OAAO;AAAA;AAAA,EAGD,gBAAgB,CAAC,SAA6B;AAAA,IACpD,MAAM,WAAW,QAAO,OAAO,IAAI,CAAC,MAAM;AAAA,MACxC,OAAO,SAAS,EAAE,MAAM,EAAE,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;AAAA,KAC1D;AAAA,IACD,MAAM,aAAa,IAAI,OAAO,QAAO,MAAM;AAAA,IAC3C,MAAM,OAAO,SAAS;AAAA,MACpB,MAAM;AAAA,MACN,QAAQ;AAAA,MACR;AAAA,MACA,WAAW;AAAA,IACb,CAAC;AAAA,IACD,OAAO,IAAI,YAAY,SAAQ,IAAI;AAAA;AAAA,UAM7B,OAAO,cAAc,GAAiD;AAAA,IAE5E,SAAS,SAAS,KAAK,iBAAiB;AAAA,MACtC,IAAI,MAAM,YAAY,GAAG;AAAA,QACvB,IAAI,wBAAwB,KAAK,GAAG;AAAA,UAClC,QAAS,MAAM,wBAAwB,OAAc,KAAK,eAAe;AAAA,QAC3E,EAAO;AAAA,UACL,mBAAmB,OAAO,KAAK,MAAM;AAAA,UACrC;AAAA;AAAA,MAEJ;AAAA,MACA,MAAM,iBAAiB,KAAK;AAAA,IAC9B;AAAA,IACA,KAAK,kBAAkB,CAAC;AAAA,IAExB,IAAI,KAAK;AAAA,MAAW;AAAA,IACpB,IAAI,KAAK,gBAAgB;AAAA,MAAM;AAAA,IAG/B,OAAO,MAAM;AAAA,MACX,MAAM,aAAa,KAAK;AAAA,MACxB,IAAI,eAAe;AAAA,QAAM;AAAA,MACzB,MAAM,eAAe,MAAM,KAAK,kBAAkB,UAAU;AAAA,MAC5D,QAAQ,YAAY,MAAM,oBAAoB,YAAY;AAAA,MAE1D,IAAI,kBAAkB;AAAA,MACtB,SAAS,SAAS,SAAS;AAAA,QACzB,IAAI,MAAM,YAAY,GAAG;AAAA,UAEvB,MAAM,QAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,UAC3C,IAAI,OAAO;AAAA,YACT,KAAK,cAAc;AAAA,YACnB,kBAAkB;AAAA,YAClB;AAAA,UACF;AAAA,UAEA,IAAI,wBAAwB,KAAK,GAAG;AAAA,YAClC,QAAS,MAAM,wBAAwB,OAAc,KAAK,eAAe;AAAA,UAC3E,EAAO;AAAA,YAEL,mBAAmB,OAAO,KAAK,MAAM;AAAA,YACrC;AAAA;AAAA,QAEJ;AAAA,QAEA,MAAM,iBAAiB,KAAK;AAAA,MAC9B;AAAA,MAEA,IAAI,CAAC;AAAA,QAAiB;AAAA,IACxB;AAAA;AAAA,OAGY,kBAAiB,CAAC,OAAoC;AAAA,IAClE,MAAM,cAAc,IAAI,OAAO,CAAC,CAAC;AAAA,IACjC,MAAM,WAAW,IAAI;AAAA,IACrB,SAAS,IAAI,WAAW,KAAK;AAAA,IAE7B,MAAM,aAAa,IAAI,OAAO,YAAY,MAAM;AAAA,IAChD,MAAM,OAAO,SAAS;AAAA,MACpB,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,UAAU,CAAC;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAAA,IACD,MAAM,QAAQ,IAAI,YAAY,aAAa,MAAM,QAAQ;AAAA,IACzD,MAAM,OAAO,mBAAmB,aAAa,CAAC,KAAK,CAAC;AAAA,IAEpD,MAAM,OAAO,MAAM,KAAK,MAAM,GAAG,KAAK,WAAW,KAAK,WAAW,KAAK,oBAAoB,IAAI;AAAA,IAC9F,IAAI,KAAK,WAAW,KAAK;AAAA,MACvB,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,IACzE;AAAA,IAEA,OAAO,KAAK,cAAc,IAAI;AAAA;AAAA,EAIhC,KAAK,GAAS;AAGhB;;;AC9SA,kBAAS,iBAAO,6BAAO,8BAAmB;AAO1C,IAAM,oBAAoB;AAC1B,IAAM,2BAA2B,IAAI,QAAO,CAAC,IAAI,OAAM,SAAS,IAAI,QAAS,KAAK,CAAC,CAAC;AAapF,eAAsB,iBAAiB,CACrC,SACA,QACA,OACA,eAC0B;AAAA,EAC1B,MAAM,OAAO,gBAAgB,0BAA0B,EAAE,OAAO,OAAO,KAAK,EAAE,GAAG,iBAAiB;AAAA,EAClG,MAAM,UAAkC,EAAE,gBAAgB,mBAAmB;AAAA,EAC7E,IAAI;AAAA,IAAe,QAAQ,gBAAgB;AAAA,EAE3C,MAAM,OAAO,MAAM,MAAM,GAAG,UAAU,UAAU,0BAA0B;AAAA,IACxE,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,EACF,CAAC;AAAA,EACD,IAAI,KAAK,WAAW,KAAK;AAAA,IACvB,MAAM,IAAI,SAAS,gBAAgB,uCAAuC,EAAE;AAAA,EAC9E;AAAA,EACA,IAAI,KAAK,WAAW,KAAK;AAAA,IACvB,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,EACzE;AAAA,EACA,IAAI,CAAC,KAAK,IAAI;AAAA,IACZ,MAAM,IAAI,SAAS,aAAa,oCAAoC,KAAK,UAAU,EAAE;AAAA,EACvF;AAAA,EAEA,MAAM,WAAW,IAAI,WAAW,MAAM,KAAK,YAAY,CAAC;AAAA,EACxD,MAAM,SAAS,MAAM,mBAAkB,KAAK,QAAQ;AAAA,EACpD,MAAM,OAAO,KAAK;AAAA,EAElB,MAAM,QAAyB,CAAC;AAAA,EAChC,WAAW,SAAS,OAAO,QAAQ,GAAG;AAAA,IACpC,IAAI,MAAM,YAAY;AAAA,MAAG;AAAA,IACzB,SAAS,IAAI,EAAG,IAAI,MAAM,SAAS,KAAK;AAAA,MACtC,MAAM,YAAY,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,MAC5C,MAAM,cAAc,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,MAC9C,MAAM,aAAa,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,MAE7C,IAAI;AAAA,MACJ,IAAI,sBAAsB,MAAM;AAAA,QAC9B,YAAY;AAAA,MACd,EAAO,SAAI,OAAO,eAAe,UAAU;AAAA,QACzC,YAAY,IAAI,KAAK,OAAO,aAAa,KAAK,CAAC;AAAA,MACjD,EAAO,SAAI,OAAO,eAAe,UAAU;AAAA,QACzC,YAAY,IAAI,KAAK,UAAU;AAAA,MACjC,EAAO;AAAA,QACL,YAAY,IAAI;AAAA;AAAA,MAElB,MAAM,KAAK,EAAE,WAAW,aAAa,UAAU,CAAC;AAAA,IAClD;AAAA,EACF;AAAA,EAEA,IAAI,MAAM,WAAW,GAAG;AAAA,IACtB,MAAM,IAAI,SAAS,iBAAiB,kCAAkC,EAAE;AAAA,EAC1E;AAAA,EACA,OAAO;AAAA;AAaT,eAAe,uBAAuB,CAAC,cAA0B,aAA0C;AAAA,EACzG,MAAM,SAAS,MAAM,mBAAkB,KAAK,YAAY;AAAA,EACxD,MAAM,OAAO,KAAK;AAAA,EAClB,MAAM,UAAS,OAAO;AAAA,EACtB,IAAI,CAAC,SAAQ;AAAA,IACX,MAAM,IAAI,SAAS,iBAAiB,uCAAuC,EAAE;AAAA,EAC/E;AAAA,EACA,MAAM,UAAU,OAAO,QAAQ;AAAA,EAC/B,IAAI,QAAQ,WAAW,GAAG;AAAA,IACxB,MAAM,IAAI,SAAS,iBAAiB,wCAAwC,EAAE;AAAA,EAChF;AAAA,EACA,MAAM,WAAW,QAAQ;AAAA,EACzB,MAAM,eAAe,SAAS,YAAY,IAAI;AAAA,EAE9C,MAAM,UAAU,0BAA0B,SAAQ,WAAW;AAAA,EAC7D,MAAM,SAAS,IAAI,IAAoB,QAAQ,YAAY,IAAI,GAAK;AAAA,EAEpE,MAAM,SAAS,aAAa,IAAI,cAAc;AAAA,EAC9C,MAAM,UAAU,aAAa,IAAI,mBAAmB,KAAK;AAAA,EACzD,IAAI;AAAA,IAAQ,OAAO,IAAI,gBAAgB,MAAM;AAAA,EAC7C,OAAO,IAAI,qBAAqB,OAAO;AAAA,EAEvC,YAAY,GAAG,MAAM,cAAc;AAAA,IACjC,IAAI,CAAC,OAAO,IAAI,CAAC;AAAA,MAAG,OAAO,IAAI,GAAG,CAAC;AAAA,EACrC;AAAA,EAGA,QAAQ,8BAAgB,MAAa;AAAA,EACrC,MAAM,kBAAkB,IAAI,aAAY,SAAgB,QAAgB,MAAM,MAAM;AAAA,EACpF,OAAO,mBAAmB,SAAQ,CAAC,eAAe,CAAC;AAAA;AAgBrD,eAAsB,sBAAsB,CAAC,MAAkB,MAA+C;AAAA,EAC5G,MAAM,QAAQ,MAAM,kBAAkB,KAAK,SAAS,KAAK,QAAQ,GAAG,KAAK,aAAa;AAAA,EACtF,MAAM,OAAO,MAAM;AAAA,EAEnB,IAAI,KAAK,cAAc;AAAA,IACrB,KAAK,aAAa,KAAK,SAAS;AAAA,IAChC,KAAK,aAAa,KAAK,WAAW;AAAA,EACpC;AAAA,EAEA,MAAM,UAAU,MAAM,MAAM,KAAK,WAAW;AAAA,IAC1C,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C;AAAA,EACF,CAAC;AAAA,EACD,IAAI,CAAC,QAAQ,IAAI;AAAA,IACf,MAAM,IAAI,SAAS,wBAAwB,kCAAkC,QAAQ,UAAU,EAAE;AAAA,EACnG;AAAA,EAEA,OAAO,wBAAwB,MAAM,KAAK,WAAW;AAAA;;;AC1HhD,SAAS,WAAW,CAAC,SAAiB,SAAyC;AAAA,EACpF,MAAM,UAAU,SAAS,UAAU,IAAI,QAAQ,QAAQ,EAAE;AAAA,EACzD,MAAM,QAAQ,SAAS;AAAA,EACvB,MAAM,mBAAmB,SAAS;AAAA,EAClC,MAAM,gBAAgB,SAAS;AAAA,EAC/B,MAAM,iBAAiB,SAAS;AAAA,EAEhC,IAAI,cAA8C;AAAA,EAKlD,IAAI,wBAAwB;AAAA,EAC5B,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI,oBAAoB;AAAA,EACxB,IAAI,eAA8C;AAAA,EAElD,SAAS,8BAA8B,CAAC,MAAsB;AAAA,IAC5D,MAAM,OAAO,6BAA6B,KAAK,OAAO;AAAA,IAGtD,IAAI,KAAK,mBAAmB,QAAQ,KAAK,kBAAkB;AAAA,MACzD,eAAe;AAAA,IACjB;AAAA;AAAA,EAGF,eAAe,gBAAgB,CAAC,MAAuC;AAAA,IACrE,MAAM,OAAO,0BAA0B,YAAY,IAAI,eAAe;AAAA,IACtE,IAAI,CAAC;AAAA,MAAM,OAAO;AAAA,IAClB,IAAI,CAAC,KAAK;AAAA,MAAkB,OAAO;AAAA,IACnC,IAAI,KAAK,mBAAmB,QAAQ,KAAK,cAAc,KAAK;AAAA,MAAiB,OAAO;AAAA,IACpF,OAAO,uBAAuB,MAAM;AAAA,MAClC;AAAA,MACA;AAAA,MACA;AAAA,MACA,cAAc,gBAAgB,gBAAgB;AAAA,IAChD,CAAC;AAAA;AAAA,EAQH,eAAe,uBAAuB,CAAC,KAAa,MAAqC;AAAA,IACvF,MAAM,WAAW,MAAM,iBAAiB,IAAI;AAAA,IAC5C,IAAI,OAAO,MAAM,MAAM,KAAK;AAAA,MAC1B,QAAQ;AAAA,MACR,SAAS,aAAa;AAAA,MACtB,MAAO,MAAM,YAAY,QAAQ;AAAA,IACnC,CAAC;AAAA,IACD,+BAA+B,IAAI;AAAA,IAEnC,IAAI,KAAK,WAAW,OAAO,cAAc,oBAAoB,KAAK,aAAa,GAAG;AAAA,MAEhF,MAAM,eAAe,MAAM,uBAAuB,MAAM;AAAA,QACtD;AAAA,QACA;AAAA,QACA;AAAA,QACA,cAAc,gBAAgB,gBAAgB;AAAA,MAChD,CAAC;AAAA,MACD,OAAO,MAAM,MAAM,KAAK;AAAA,QACtB,QAAQ;AAAA,QACR,SAAS,aAAa;AAAA,QACtB,MAAO,MAAM,YAAY,YAAY;AAAA,MACvC,CAAC;AAAA,MACD,+BAA+B,IAAI;AAAA,IACrC;AAAA,IAEA,OAAO;AAAA;AAAA,EAGT,eAAe,iBAAiB,GAAkB;AAAA,IAChD,IAAI,qBAAqB,oBAAoB;AAAA,MAAM;AAAA,IACnD,IAAI;AAAA,MACF,MAAM,MAAM;AAAA,MACZ,aAAa,IAAI;AAAA,MACjB,eAAe,IAAI;AAAA,MACnB,MAAM;AAAA,IAGR,oBAAoB;AAAA;AAAA,EAGtB,SAAS,YAAY,GAA2B;AAAA,IAC9C,MAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AAAA,IACA,IAAI,oBAAoB,QAAQ,YAAY;AAAA,MAC1C,QAAQ,sBAAsB;AAAA,IAChC;AAAA,IACA,IAAI,oBAAoB,QAAQ,cAAc;AAAA,MAC5C,QAAQ,qBAAqB;AAAA,IAC/B;AAAA,IACA,IAAI,eAAe;AAAA,MACjB,QAAQ,gBAAgB;AAAA,IAC1B;AAAA,IACA,OAAO;AAAA;AAAA,EAGT,eAAe,WAAW,CAAC,SAA0C;AAAA,IACnE,IAAI,oBAAoB,QAAQ,YAAY;AAAA,MAC1C,OAAO,MAAM,WAAW,SAAS,gBAAgB;AAAA,IACnD;AAAA,IACA,OAAO;AAAA;AAAA,EAGT,SAAS,SAAS,CAAC,MAAsB;AAAA,IACvC,IAAI,KAAK,WAAW,KAAK;AAAA,MACvB,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,IACzE;AAAA;AAAA,EAGF,eAAe,YAAY,CAAC,MAAkD;AAAA,IAC5E,IAAI,OAAO,IAAI,WAAW,MAAM,KAAK,YAAY,CAAC;AAAA,IAClD,IAAI,KAAK,QAAQ,IAAI,kBAAkB,MAAM,UAAU,cAAc;AAAA,MACnE,OAAO,IAAI,WAAW,MAAM,aAAa,IAAI,CAAC;AAAA,IAChD;AAAA,IACA,OAAO;AAAA;AAAA,EAGT,eAAe,iBAAiB,GAAqC;AAAA,IACnE,IAAI;AAAA,MAAa,OAAO;AAAA,IACxB,MAAM,kBAAkB;AAAA,IACxB,MAAM,OAAO,MAAM,eAAe,SAAS;AAAA,MACzC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,IACD,cAAc,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAAA,IAC1D,wBAAwB,KAAK;AAAA,IAC7B,OAAO;AAAA;AAAA,EAGT,OAAO;AAAA,SACC,KAAI,CAAC,QAAgB,QAAmE;AAAA,MAC5F,MAAM,kBAAkB;AAAA,MACxB,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,MAAM,OAAO,QAAQ,IAAI,MAAM;AAAA,MAC/B,IAAI,CAAC,MAAM;AAAA,QACT,MAAM,IAAI,MAAM,oBAAoB,SAAS;AAAA,MAC/C;AAAA,MAGA,MAAM,aAAa,KAAM,KAAK,YAAY,CAAC,MAAQ,UAAU,CAAC,EAAG;AAAA,MAEjE,MAAM,OAAO,gBAAgB,KAAK,cAAc,YAAY,QAAQ,EAAE,iBAAiB,sBAAsB,CAAC;AAAA,MAC9G,MAAM,OAAO,MAAM,wBAAwB,GAAG,UAAU,UAAU,UAAU,IAAI;AAAA,MAChF,UAAU,IAAI;AAAA,MAEd,MAAM,eAAe,MAAM,aAAa,IAAI;AAAA,MAC5C,QAAQ,YAAY,MAAM,oBAAoB,YAAY;AAAA,MAG1D,IAAI,cAAkC;AAAA,MACtC,SAAS,SAAS,SAAS;AAAA,QACzB,IAAI,MAAM,YAAY,GAAG;AAAA,UAEvB,IAAI,wBAAwB,KAAY,GAAG;AAAA,YACzC,QAAS,MAAM,wBAAwB,OAAc,cAAc;AAAA,UACrE,EAAO;AAAA,YACL,mBAAmB,OAAO,KAAK;AAAA,YAC/B;AAAA;AAAA,QAEJ;AAAA,QACA,cAAc;AAAA,MAChB;AAAA,MAEA,IAAI,CAAC,aAAa;AAAA,QAEhB,OAAO;AAAA,MACT;AAAA,MAGA,MAAM,OAAO,iBAAiB,WAAW;AAAA,MACzC,IAAI,KAAK,WAAW;AAAA,QAAG,OAAO;AAAA,MAE9B,MAAM,SAAS,KAAK;AAAA,MAEpB,IAAI,KAAK,aAAa,OAAO,WAAW;AAAA,QAAG,OAAO;AAAA,MAGlD,OAAO;AAAA;AAAA,SAGH,OAAM,CAAC,QAAgB,QAA0D;AAAA,MACrF,MAAM,kBAAkB;AAAA,MACxB,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,MAAM,OAAO,QAAQ,IAAI,MAAM;AAAA,MAC/B,IAAI,CAAC,MAAM;AAAA,QACT,MAAM,IAAI,MAAM,oBAAoB,SAAS;AAAA,MAC/C;AAAA,MAGA,MAAM,aAAa,KAAM,KAAK,YAAY,CAAC,MAAQ,UAAU,CAAC,EAAG;AAAA,MAEjE,MAAM,OAAO,gBAAgB,KAAK,cAAc,YAAY,QAAQ,EAAE,iBAAiB,sBAAsB,CAAC;AAAA,MAC9G,MAAM,OAAO,MAAM,wBAAwB,GAAG,UAAU,UAAU,eAAe,IAAI;AAAA,MACrF,UAAU,IAAI;AAAA,MAEd,MAAM,eAAe,MAAM,aAAa,IAAI;AAAA,MAG5C,IAAI,SAAqC;AAAA,MACzC,IAAI,aAA4B;AAAA,MAChC,MAAM,iBAAgC,CAAC;AAAA,MACvC,IAAI,WAAW;AAAA,MACf,IAAI,eAA8B;AAAA,MAElC,IAAI,KAAK,cAAc;AAAA,QAIrB,MAAM,SAAS,MAAM,sBAAsB,YAAY;AAAA,QAGvD,MAAM,eAAe,MAAM,OAAO,WAAW;AAAA,QAC7C,IAAI,cAAc;AAAA,UAChB,WAAW,SAAS,aAAa,SAAkB;AAAA,YACjD,IAAI,MAAM,YAAY,GAAG;AAAA,cACvB,mBAAmB,OAAO,KAAK;AAAA,cAC/B;AAAA,YACF;AAAA,YACA,MAAM,OAAO,iBAAiB,KAAK;AAAA,YACnC,IAAI,KAAK,SAAS,GAAG;AAAA,cACnB,SAAS,KAAK;AAAA,YAChB;AAAA,UACF;AAAA,QACF;AAAA,QAGA,MAAM,aAAa,MAAM,OAAO,WAAW;AAAA,QAC3C,IAAI,YAAY;AAAA,UACd,eAAe,WAAW;AAAA,QAC5B;AAAA,QACA,MAAM,qBAAoC,CAAC;AAAA,QAC3C,IAAI,YAAY;AAAA,UACd,WAAW,SAAS,WAAW,SAAkB;AAAA,YAC/C,IAAI,MAAM,YAAY,GAAG;AAAA,cAEvB,MAAM,QAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,cAC3C,IAAI,OAAO;AAAA,gBACT,aAAa;AAAA,gBACb;AAAA,cACF;AAAA,cACA,MAAM,QAAQ,MAAM,UAAU,IAAI,aAAa;AAAA,cAC/C,IAAI,UAAU,aAAa;AAAA,gBACzB,mBAAmB,KAAK,KAAK;AAAA,gBAC7B;AAAA,cACF;AAAA,cACA,mBAAmB,OAAO,KAAK;AAAA,cAC/B;AAAA,YACF;AAAA,YACA,eAAe,KAAK,KAAK;AAAA,UAC3B;AAAA,QACF;AAAA,QAEA,IAAI,mBAAmB,SAAS,GAAG;AAAA,UACjC,IAAI,eAAe,SAAS,KAAK,eAAe,MAAM;AAAA,YACpD,eAAe,KAAK,GAAG,kBAAkB;AAAA,UAC3C,EAAO;AAAA,YACL,WAAW,SAAS,oBAAoB;AAAA,cACtC,mBAAmB,OAAO,KAAK;AAAA,YACjC;AAAA;AAAA,QAEJ;AAAA,QAEA,IAAI,CAAC,cAAc,CAAC,YAAY;AAAA,UAC9B,WAAW;AAAA,QACb;AAAA,MACF,EAAO;AAAA,QAEL,QAAQ,QAAQ,gBAAgB,YAAY,MAAM,oBAAoB,YAAY;AAAA,QAClF,eAAe;AAAA,QAKf,MAAM,eAA8B,CAAC;AAAA,QAErC,WAAW,SAAS,SAAS;AAAA,UAC3B,IAAI,MAAM,YAAY,GAAG;AAAA,YAEvB,MAAM,QAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,YAC3C,IAAI,OAAO;AAAA,cACT,aAAa;AAAA,cACb;AAAA,YACF;AAAA,YAEA,MAAM,QAAQ,MAAM,UAAU,IAAI,aAAa;AAAA,YAC/C,IAAI,UAAU,aAAa;AAAA,cACzB,aAAa,KAAK,KAAK;AAAA,cACvB;AAAA,YACF;AAAA,YACA,mBAAmB,OAAO,KAAK;AAAA,YAC/B;AAAA,UACF;AAAA,UACA,eAAe,KAAK,KAAK;AAAA,QAC3B;AAAA,QAIA,IAAI,aAAa,SAAS,GAAG;AAAA,UAC3B,IAAI,eAAe,SAAS,KAAK,eAAe,MAAM;AAAA,YACpD,eAAe,KAAK,GAAG,YAAY;AAAA,UACrC,EAAO;AAAA,YAEL,WAAW,SAAS,cAAc;AAAA,cAChC,mBAAmB,OAAO,KAAK;AAAA,YACjC;AAAA;AAAA,QAEJ;AAAA;AAAA,MAGF,IAAI,eAAe,WAAW,KAAK,eAAe,MAAM;AAAA,QACtD,WAAW;AAAA,MACb;AAAA,MAKA,MAAM,gBACH,gBAAgB,aAAa,OAAO,SAAS,IAAI,eAAe,UAChE,eAAe,SAAS,IAAI,eAAe,GAAG,SAAS,SACxD,KAAK,gBACL,KAAK;AAAA,MAEP,OAAO,IAAI,kBAAkB;AAAA,QAC3B;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,QAAQ;AAAA,MACV,CAAC;AAAA;AAAA,SAGG,SAAQ,GAAgC;AAAA,MAC5C,MAAM,kBAAkB;AAAA,MACxB,OAAO,eAAe,SAAS;AAAA,QAC7B;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA;AAAA,IAGH,KAAK,GAAS;AAAA,EAGhB;AAAA;;ACtXF,SAAS,iBAAiB,CAAC,MAA0D;AAAA,EACnF,MAAM,SAAwC;AAAA,IAC5C,UAAU,KAAK;AAAA,IACf,sBAAsB,KAAK;AAAA,EAC7B;AAAA,EACA,IAAI,KAAK;AAAA,IAAkB,OAAO,kBAAkB,KAAK;AAAA,EACzD,IAAI,KAAK;AAAA,IAA0B,OAAO,yBAAyB,KAAK;AAAA,EACxE,IAAI,KAAK;AAAA,IACP,OAAO,oCAAoC,KAAK;AAAA,EAClD,IAAI,KAAK;AAAA,IAAe,OAAO,eAAe,KAAK;AAAA,EACnD,IAAI,KAAK;AAAA,IAAwB,OAAO,wBAAwB,KAAK;AAAA,EACrE,IAAI,KAAK;AAAA,IAAqB,OAAO,oBAAoB,KAAK;AAAA,EAC9D,IAAI,KAAK;AAAA,IAAkB,OAAO,iBAAiB,KAAK;AAAA,EACxD,IAAI,KAAK;AAAA,IAAW,OAAO,WAAW,KAAK;AAAA,EAC3C,IAAI,KAAK;AAAA,IAAe,OAAO,eAAe,KAAK;AAAA,EACnD,IAAI,KAAK;AAAA,IAAwB,OAAO,qBAAqB,KAAK;AAAA,EAClE,IAAI,KAAK;AAAA,IAAuB,OAAO,qBAAqB,KAAK;AAAA,EACjE,IAAI,KAAK;AAAA,IAA2B,OAAO,yBAAyB,KAAK;AAAA,EACzE,OAAO;AAAA;AAOT,eAAsB,iBAAiB,CACrC,SACA,QAC+C;AAAA,EAC/C,MAAM,mBAAmB,UAAU,IAAI,QAAQ,QAAQ,EAAE;AAAA,EACzD,MAAM,cAAc,GAAG,QAAQ,QAAQ,QAAQ,EAAE,yCAAyC;AAAA,EAE1F,IAAI;AAAA,IACF,OAAO,MAAM,mBAAmB,WAAW;AAAA,IAC3C,MAAM;AAAA,IACN,OAAO;AAAA;AAAA;AAOX,eAAsB,kBAAkB,CAAC,aAA6D;AAAA,EACpG,MAAM,WAAW,MAAM,MAAM,WAAW;AAAA,EACxC,IAAI,CAAC,SAAS,IAAI;AAAA,IAChB,MAAM,IAAI,MAAM,uCAAuC,gBAAgB,SAAS,QAAQ;AAAA,EAC1F;AAAA,EACA,MAAM,OAAO,MAAM,SAAS,KAAK;AAAA,EACjC,OAAO,kBAAkB,IAAI;AAAA;AAOxB,SAAS,wBAAwB,CAAC,iBAAwC;AAAA,EAE/E,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,gBAAgB,OAAO,MAAM,6BAA6B;AAAA,EAChE,IAAI,CAAC;AAAA,IAAe,OAAO;AAAA,EAE3B,OAAO,cAAc;AAAA;AAOhB,SAAS,aAAa,CAAC,iBAAwC;AAAA,EACpE,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,gBAAgB,OAAO,MAAM,qBAAqB;AAAA,EACxD,IAAI,CAAC;AAAA,IAAe,OAAO;AAAA,EAE3B,OAAO,cAAc;AAAA;AAOhB,SAAS,iBAAiB,CAAC,iBAAwC;AAAA,EACxE,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,QAAQ,OAAO,MAAM,yBAAyB;AAAA,EACpD,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,OAAO,MAAM;AAAA;AAOR,SAAS,uBAAuB,CAAC,iBAAkC;AAAA,EACxE,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,QAAQ,OAAO,MAAM,kCAAkC;AAAA,EAC7D,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,OAAO,MAAM,OAAO;AAAA;AAOf,SAAS,uBAAuB,CAAC,iBAAwC;AAAA,EAC9E,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,QAAQ,OAAO,MAAM,iCAAiC;AAAA,EAC5D,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,OAAO,MAAM;AAAA;AAOR,SAAS,2BAA2B,CAAC,iBAAwC;AAAA,EAClF,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,QAAQ,OAAO,MAAM,qCAAqC;AAAA,EAChE,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,OAAO,MAAM;AAAA;;AC3Kf;AAAA,WACE;AAAA,cACA;AAAA,iBACA;AAAA,6BACA;AAAA,YACA;AAAA,YACA;AAAA,qBACA;AAAA;AA4BF,MAAM,sBAAsB;AAAA,EAClB;AAAA,EACA;AAAA,EACA,SAAS;AAAA,EAEjB,WAAW,CAAC,SAAkB,SAAgB;AAAA,IAC5C,KAAK,UAAU;AAAA,IACf,KAAK,SAAS,IAAI;AAAA,IAClB,KAAK,OAAO,MAAM,WAAW,OAAM;AAAA,IACnC,KAAK,MAAM;AAAA;AAAA,EAGb,KAAK,CAAC,OAA0B;AAAA,IAC9B,IAAI,KAAK;AAAA,MAAQ,MAAM,IAAI,MAAM,sCAAsC;AAAA,IACtE,KAAK,OAAe,kBAAkB,KAAK;AAAA,IAC5C,KAAK,MAAM;AAAA;AAAA,EAGb,KAAK,GAAS;AAAA,IACZ,IAAI,KAAK;AAAA,MAAQ;AAAA,IACjB,KAAK,SAAS;AAAA,IAEd,MAAM,MAAM,IAAI,WAAW,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM;AAAA,IACzD,KAAK,QAAQ,GAAG;AAAA;AAAA,EAGV,KAAK,GAAS;AAAA,IACpB,MAAM,SAAU,KAAK,OAAe,MAAM;AAAA,IAC1C,WAAW,SAAS,QAAQ;AAAA,MAC1B,KAAK,QAAQ,KAAK;AAAA,IACpB;AAAA,IACA,OAAO,SAAS;AAAA;AAEpB;AAAA;AAaO,MAAM,kBAA2C;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAA6C;AAAA,EAC7C,eAA8B;AAAA,EAC9B,sBAAsB;AAAA,EACtB,UAAU;AAAA,EACV;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,WAAW,CAAC,MAST;AAAA,IACD,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,WAAW,KAAK;AAAA,IACrB,KAAK,SAAS,KAAK;AAAA,IACnB,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,gBAAgB,KAAK;AAAA,IAC1B,KAAK,eAAe,KAAK;AAAA,IACzB,KAAK,mBAAmB,KAAK;AAAA,IAC7B,KAAK,kBAAkB,KAAK;AAAA;AAAA,MAI1B,MAAM,GAA+B;AAAA,IACvC,OAAO,KAAK;AAAA;AAAA,OAQA,iBAAgB,GAAgC;AAAA,IAC5D,OAAO,MAAM;AAAA,MACX,MAAM,QAAQ,MAAM,KAAK,QAAQ,cAAc;AAAA,MAC/C,IAAI,UAAU;AAAA,QAAM,OAAO;AAAA,MAE3B,IAAI,MAAM,YAAY,GAAG;AAAA,QAEvB,IAAI,wBAAwB,KAAY,GAAG;AAAA,UACzC,OAAQ,MAAM,wBAAwB,OAAc,KAAK,eAAe;AAAA,QAC1E;AAAA,QAGA,IAAI,mBAAmB,OAAc,KAAK,MAAM,GAAG;AAAA,UACjD;AAAA,QACF;AAAA,MACF;AAAA,MAEA,OAAO;AAAA,IACT;AAAA;AAAA,OASY,oBAAmB,GAAkB;AAAA,IACjD,IAAI,KAAK;AAAA,MAAqB;AAAA,IAC9B,KAAK,sBAAsB;AAAA,IAC3B,MAAM,UAAS,MAAM,KAAK,QAAQ,eAAe;AAAA,IACjD,IAAI,CAAC,SAAQ;AAAA,MACX,MAAM,IAAI,SAAS,iBAAiB,sCAAsC,EAAE;AAAA,IAC9E;AAAA;AAAA,OAMI,SAAQ,CAAC,OAA8D;AAAA,IAC3E,IAAI,KAAK,SAAS;AAAA,MAChB,MAAM,IAAI,SAAS,iBAAiB,4BAA4B,EAAE;AAAA,IACpE;AAAA,IAGA,IAAI;AAAA,IACJ,IAAI;AAAA,IAEJ,IAAI,MAAM,WAAW,GAAG;AAAA,MAKtB,cAAc,KAAK,gBAAgB,KAAK;AAAA,MACxC,MAAM,WAAW,YAAY,OAAO,IAAI,CAAC,MAAM;AAAA,QAC7C,OAAO,UAAS,EAAE,MAAM,EAAE,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;AAAA,OAC1D;AAAA,MACD,MAAM,aAAa,IAAI,QAAO,YAAY,MAAM;AAAA,MAChD,MAAM,OAAO,UAAS;AAAA,QACpB,MAAM;AAAA,QACN,QAAQ;AAAA,QACR;AAAA,QACA,WAAW;AAAA,MACb,CAAC;AAAA,MACD,QAAQ,IAAI,aAAY,aAAa,IAAI;AAAA,IAC3C,EAAO;AAAA,MAIL,MAAM,OAAO,OAAO,KAAK,MAAM,EAAE;AAAA,MACjC,MAAM,SAAS,KAAK,IAAI,CAAC,QAAQ;AAAA,QAC/B,IAAI;AAAA,QACJ,WAAW,OAAO,OAAO;AAAA,UACvB,IAAI,IAAI,QAAQ,MAAM;AAAA,YACpB,SAAS,IAAI;AAAA,YACb;AAAA,UACF;AAAA,QACF;AAAA,QACA,MAAM,YAAY,eAAe,MAAM;AAAA,QACvC,OAAO,IAAI,OAAM,KAAK,WAA0B,IAAI;AAAA,OACrD;AAAA,MACD,cAAc,IAAI,QAAO,MAAM;AAAA,MAI/B,IAAI,KAAK,cAAc;AAAA,QACrB,MAAM,SAAS,KAAK;AAAA,QACpB,IACE,OAAO,OAAO,WAAW,YAAY,OAAO,UAC5C,OAAO,OAAO,KAAK,CAAC,GAAG,MAAM,EAAE,SAAS,YAAY,OAAO,GAAG,IAAI,GAClE;AAAA,UACA,MAAM,IAAI,SACR,iBACA,4CAA4C,OAAO,OAAO,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,IAAI,QACpF,YAAY,YAAY,OAAO,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,IAAI,MAC7D,EACF;AAAA,QACF;AAAA,MACF,EAAO;AAAA,QACL,KAAK,eAAe;AAAA;AAAA,MAGtB,MAAM,WAAW,YAAY,OAAO,IAAI,CAAC,MAAM;AAAA,QAC7C,MAAM,SAAS,MAAM,IAAI,CAAC,QAAQ,IAAI,EAAE,KAAK;AAAA,QAC7C,OAAO,iBAAgB,QAAQ,EAAE,IAAI,EAAE,KAAK;AAAA,OAC7C;AAAA,MACD,MAAM,aAAa,IAAI,QAAO,YAAY,MAAM;AAAA,MAChD,MAAM,OAAO,UAAS;AAAA,QACpB,MAAM;AAAA,QACN,QAAQ,MAAM;AAAA,QACd;AAAA,QACA,WAAW;AAAA,MACb,CAAC;AAAA,MACD,QAAQ,IAAI,aAAY,aAAa,IAAI;AAAA;AAAA,IAI3C,IAAI,CAAC,KAAK,cAAc;AAAA,MACtB,KAAK,eAAe,IAAI,sBAAsB,KAAK,UAAU,WAAW;AAAA,IAC1E;AAAA,IAKA,KAAK,aAAa,MAAM,KAAK;AAAA,IAC7B,MAAM,KAAK,oBAAoB;AAAA,IAG/B,IAAI;AAAA,MACF,MAAM,cAAc,MAAM,KAAK,iBAAiB;AAAA,MAChD,IAAI,gBAAgB,MAAM;AAAA,QACxB,OAAO,CAAC;AAAA,MACV;AAAA,MACA,OAAO,iBAAiB,WAAW;AAAA,MACnC,OAAO,GAAG;AAAA,MAEV,MAAM,KAAK,SAAS;AAAA,MACpB,MAAM;AAAA;AAAA;AAAA,OAOI,SAAQ,GAAkB;AAAA,IACtC,IAAI,KAAK;AAAA,MAAS;AAAA,IAClB,KAAK,UAAU;AAAA,IACf,IAAI,KAAK,cAAc;AAAA,MACrB,KAAK,aAAa,MAAM;AAAA,MACxB,KAAK,eAAe;AAAA,IACtB;AAAA,IACA,IAAI;AAAA,MACF,IAAI,KAAK,qBAAqB;AAAA,QAC5B,OAAQ,MAAM,KAAK,QAAQ,cAAc,MAAO,MAAM,CAAC;AAAA,MACzD;AAAA,MACA,MAAM;AAAA,IAGR,KAAK,aAAa;AAAA;AAAA,UAMZ,OAAO,cAAc,GAAiD;AAAA,IAC5E,IAAI,KAAK;AAAA,MAAS;AAAA,IAElB,IAAI;AAAA,MAEF,MAAM,aAAa,IAAI,QAAO,CAAC,CAAC;AAAA,MAChC,KAAK,eAAe,IAAI,sBAAsB,KAAK,UAAU,UAAU;AAAA,MAGvE,MAAM,aAAa,IAAI,QAAO,WAAW,MAAM;AAAA,MAC/C,MAAM,WAAW,UAAS;AAAA,QACxB,MAAM;AAAA,QACN,QAAQ;AAAA,QACR,UAAU,CAAC;AAAA,QACX,WAAW;AAAA,MACb,CAAC;AAAA,MACD,MAAM,YAAY,IAAI,aAAY,YAAY,QAAQ;AAAA,MAEtD,OAAO,MAAM;AAAA,QAIX,KAAK,aAAa,MAAM,SAAS;AAAA,QACjC,MAAM,KAAK,oBAAoB;AAAA,QAG/B,MAAM,cAAc,MAAM,KAAK,iBAAiB;AAAA,QAChD,IAAI,gBAAgB,MAAM;AAAA,UAExB;AAAA,QACF;AAAA,QAEA,MAAM,iBAAiB,WAAW;AAAA,MACpC;AAAA,cACA;AAAA,MAEA,IAAI,KAAK,cAAc;AAAA,QACrB,KAAK,aAAa,MAAM;AAAA,QACxB,KAAK,eAAe;AAAA,MACtB;AAAA,MAEA,IAAI;AAAA,QACF,IAAI,KAAK,qBAAqB;AAAA,UAC5B,OAAQ,MAAM,KAAK,QAAQ,cAAc,MAAO,MAAM,CAAC;AAAA,QACzD;AAAA,QACA,MAAM;AAAA,MAGR,KAAK,UAAU;AAAA,MACf,KAAK,aAAa;AAAA;AAAA;AAAA,EAStB,KAAK,GAAS;AAAA,IACZ,IAAI,KAAK;AAAA,MAAS;AAAA,IAClB,KAAK,UAAU;AAAA,IAEf,IAAI,KAAK,cAAc;AAAA,MAErB,KAAK,aAAa,MAAM;AAAA,MACxB,KAAK,eAAe;AAAA,IACtB,EAAO;AAAA,MAGL,MAAM,cAAc,IAAI,QAAO,CAAC,CAAC;AAAA,MACjC,MAAM,MAAM,mBAAmB,aAAa,CAAC,CAAC;AAAA,MAC9C,KAAK,SAAS,GAAG;AAAA;AAAA,IAKnB,MAAM,gBAAgB,YAAY;AAAA,MAChC,IAAI;AAAA,QACF,IAAI,CAAC,KAAK,qBAAqB;AAAA,UAC7B,MAAM,UAAS,MAAM,KAAK,QAAQ,eAAe;AAAA,UACjD,IAAI,SAAQ;AAAA,YACV,OAAQ,MAAM,KAAK,QAAQ,cAAc,MAAO,MAAM,CAAC;AAAA,UACzD;AAAA,QACF,EAAO;AAAA,UACL,OAAQ,MAAM,KAAK,QAAQ,cAAc,MAAO,MAAM,CAAC;AAAA;AAAA,QAEzD,MAAM,WAEN;AAAA,QACA,KAAK,aAAa;AAAA;AAAA,OAEnB;AAAA,IACH,KAAK,iBAAiB,YAAY;AAAA;AAEtC;AAYO,SAAS,WAAW,CACzB,UACA,UACA,SACW;AAAA,EACX,MAAM,QAAQ,SAAS;AAAA,EACvB,MAAM,iBAAiB,SAAS;AAAA,EAEhC,IAAI,SAAiC;AAAA,EACrC,IAAI,gBAAiD;AAAA,EACrD,IAAI,cAA8C;AAAA,EAClD,IAAI,eAAe;AAAA,EACnB,IAAI,wBAAwB;AAAA,EAC5B,IAAI,QAAQ;AAAA,EACZ,IAAI,gBAAsC;AAAA,EAC1C,IAAI,SAAS;AAAA,EAEb,MAAM,UAAmB,CAAC,UAAsB;AAAA,IAC9C,SAAS,MAAM,KAAK;AAAA,IACpB,SAAS,QAAQ;AAAA;AAAA,EAOnB,eAAe,YAAY,GAA6B;AAAA,IACtD,IAAI;AAAA,MAAQ,OAAO;AAAA,IACnB,IAAI,CAAC,eAAe;AAAA,MAClB,gBAAgB,gBAAgB,OAAO,QAAQ;AAAA,IACjD;AAAA,IACA,SAAS,MAAM;AAAA,IACf,OAAO;AAAA;AAAA,EAGT,eAAe,WAAW,GAAkB;AAAA,IAE1C,IAAI,eAAe;AAAA,MACjB,MAAM;AAAA,MACN,gBAAgB;AAAA,IAClB;AAAA,IACA,IAAI,OAAO;AAAA,MACT,MAAM,IAAI,MACR,qEACE,mFACJ;AAAA,IACF;AAAA,IACA,QAAQ;AAAA;AAAA,EAGV,SAAS,WAAW,GAAS;AAAA,IAC3B,QAAQ;AAAA;AAAA,EAGV,SAAS,eAAe,CAAC,GAAwB;AAAA,IAC/C,gBAAgB;AAAA;AAAA,EAGlB,eAAe,iBAAiB,GAAqC;AAAA,IACnE,IAAI;AAAA,MAAa,OAAO;AAAA,IAExB,MAAM,YAAY;AAAA,IAClB,IAAI;AAAA,MAKF,MAAM,cAAc,IAAI,QAAO,CAAC,CAAC;AAAA,MACjC,MAAM,OAAO,gBAAgB,aAAa,CAAC,GAAG,oBAAoB;AAAA,MAClE,QAAQ,IAAI;AAAA,MAEZ,MAAM,IAAI,MAAM,aAAa;AAAA,MAM7B,MAAM,WAAW,MAAM,EAAE,WAAW;AAAA,MACpC,IAAI,CAAC,UAAU;AAAA,QACb,MAAM,IAAI,MAAM,mCAAmC;AAAA,MACrD;AAAA,MAEA,MAAM,OAAO,MAAM,sBAAsB,SAAS,SAAgB,KAAK;AAAA,MACvE,eAAe,KAAK;AAAA,MACpB,wBAAwB,KAAK;AAAA,MAC7B,cAAc,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAAA,MAC1D,OAAO;AAAA,cACP;AAAA,MACA,YAAY;AAAA;AAAA;AAAA,EAIhB,OAAO;AAAA,SACC,KAAI,CAAC,QAAgB,QAAmE;AAAA,MAC5F,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,MAAM,YAAY;AAAA,MAClB,IAAI;AAAA,QACF,MAAM,OAAO,QAAQ,IAAI,MAAM;AAAA,QAC/B,IAAI,CAAC,MAAM;AAAA,UACT,MAAM,IAAI,MAAM,oBAAoB,SAAS;AAAA,QAC/C;AAAA,QAEA,MAAM,IAAI,MAAM,aAAa;AAAA,QAG7B,MAAM,aAAa,KAAM,KAAK,YAAY,CAAC,MAAQ,UAAU,CAAC,EAAG;AAAA,QAGjE,MAAM,OAAO,gBAAgB,KAAK,cAAc,YAAY,QAAQ,EAAE,iBAAiB,sBAAsB,CAAC;AAAA,QAC9G,QAAQ,IAAI;AAAA,QAGZ,MAAM,WAAW,MAAM,EAAE,WAAW;AAAA,QACpC,IAAI,CAAC,UAAU;AAAA,UACb,MAAM,IAAI,MAAM,sBAAsB;AAAA,QACxC;AAAA,QAGA,IAAI,cAAkC;AAAA,QACtC,SAAS,SAAS,SAAS,SAAkB;AAAA,UAC3C,IAAI,MAAM,YAAY,GAAG;AAAA,YACvB,IAAI,wBAAwB,KAAK,GAAG;AAAA,cAClC,QAAQ,MAAM,wBAAwB,OAAO,cAAc;AAAA,YAC7D,EAAO;AAAA,cACL,mBAAmB,OAAO,KAAK;AAAA,cAC/B;AAAA;AAAA,UAEJ;AAAA,UACA,cAAc;AAAA,QAChB;AAAA,QAEA,IAAI,CAAC,aAAa;AAAA,UAChB,OAAO;AAAA,QACT;AAAA,QAEA,MAAM,OAAO,iBAAiB,WAAW;AAAA,QACzC,IAAI,KAAK,WAAW;AAAA,UAAG,OAAO;AAAA,QAE9B,IAAI,KAAK,aAAa,OAAO,WAAW;AAAA,UAAG,OAAO;AAAA,QAElD,OAAO,KAAK;AAAA,gBACZ;AAAA,QACA,YAAY;AAAA;AAAA;AAAA,SAIV,OAAM,CAAC,QAAgB,QAAsD;AAAA,MACjF,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,MAAM,YAAY;AAAA,MAElB,IAAI;AAAA,QACF,MAAM,OAAO,QAAQ,IAAI,MAAM;AAAA,QAC/B,IAAI,CAAC,MAAM;AAAA,UACT,MAAM,IAAI,MAAM,oBAAoB,SAAS;AAAA,QAC/C;AAAA,QAEA,MAAM,IAAI,MAAM,aAAa;AAAA,QAG7B,MAAM,aAAa,KAAM,KAAK,YAAY,CAAC,MAAQ,UAAU,CAAC,EAAG;AAAA,QAGjE,MAAM,OAAO,gBAAgB,KAAK,cAAc,YAAY,QAAQ,EAAE,iBAAiB,sBAAsB,CAAC;AAAA,QAC9G,QAAQ,IAAI;AAAA,QAGZ,IAAI,SAAqC;AAAA,QACzC,IAAI,KAAK,cAAc;AAAA,UACrB,MAAM,eAAe,MAAM,EAAE,WAAW;AAAA,UACxC,IAAI,cAAc;AAAA,YAChB,WAAW,SAAS,aAAa,SAAkB;AAAA,cACjD,IAAI,MAAM,YAAY,GAAG;AAAA,gBACvB,mBAAmB,OAAO,KAAK;AAAA,gBAC/B;AAAA,cACF;AAAA,cACA,MAAM,OAAO,iBAAiB,KAAK;AAAA,cACnC,IAAI,KAAK,SAAS,GAAG;AAAA,gBACnB,SAAS,KAAK;AAAA,cAChB;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QAEA,MAAM,eAAe,KAAK,gBAAgB,KAAK;AAAA,QAI/C,OAAO,IAAI,kBAAkB;AAAA,UAC3B,QAAQ;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF,CAAC;AAAA,QACD,OAAO,GAAG;AAAA,QAIV,IAAI;AAAA,UACF,MAAM,IAAI,MAAM,aAAa;AAAA,UAC7B,MAAM,cAAc,IAAI,QAAO,CAAC,CAAC;AAAA,UACjC,MAAM,MAAM,mBAAmB,aAAa,CAAC,CAAC;AAAA,UAC9C,QAAQ,GAAG;AAAA,UAEX,MAAM,YAAY,MAAM,EAAE,WAAW;AAAA,UAGrC,MAAM;AAAA,QAGR,YAAY;AAAA,QACZ,MAAM;AAAA;AAAA;AAAA,SAIJ,SAAQ,GAAgC;AAAA,MAC5C,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,OAAO;AAAA,QACL;AAAA,QACA,iBAAiB;AAAA,QACjB,SAAS,CAAC,GAAG,QAAQ,OAAO,CAAC;AAAA,MAC/B;AAAA;AAAA,IAGF,KAAK,GAAS;AAAA,MACZ,IAAI;AAAA,QAAQ;AAAA,MACZ,SAAS;AAAA,MACT,SAAS,IAAI;AAAA;AAAA,EAEjB;AAAA;AAYK,SAAS,iBAAiB,CAAC,KAAe,SAA+C;AAAA,EAC9F,MAAM,OAAO,IAAI,MAAM,KAAK;AAAA,IAC1B,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ,SAAS,UAAU;AAAA,IAC3B,KAAK,SAAS;AAAA,IACd,KAAK,SAAS,MAAM,KAAK,QAAQ,QAAQ,QAAQ,IAAI,IAAI;AAAA,EAC3D,CAAC;AAAA,EAED,MAAM,SAAS,KAAK;AAAA,EAEpB,MAAM,WAAyB;AAAA,IAC7B,KAAK,CAAC,MAAkB;AAAA,MACrB,KAAK,MAAc,MAAM,IAAI;AAAA;AAAA,IAEhC,KAAK,GAAG;AAAA,MACL,KAAK,MAAc,MAAM;AAAA;AAAA,IAE5B,GAAG,GAAG;AAAA,MACH,KAAK,MAAc,IAAI;AAAA;AAAA,EAE5B;AAAA,EAEA,MAAM,SAAS,YAAY,QAAQ,UAAU;AAAA,IAC3C,OAAO,SAAS;AAAA,IAChB,kBAAkB,SAAS;AAAA,EAC7B,CAAC;AAAA,EAGD,MAAM,gBAAgB,OAAO;AAAA,EAC7B,OAAO,QAAQ,MAAM;AAAA,IACnB,cAAc,KAAK,MAAM;AAAA,IACzB,IAAI;AAAA,MACF,KAAK,KAAK;AAAA,MACV,MAAM;AAAA;AAAA,EAKV,OAAO;AAAA;",
|
|
24
|
-
"debugId": "
|
|
61
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAomBO,SAAS,UAAU,CAAC,KAAK,KAAK;AAAA,EACjC,IAAI,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC;AAAA,EACtB,IAAI,KAAK,GAAG,KAAK;AAAA,EACjB,MAAO,IAAI,UAAS;AAAA,IAChB,IAAI,KAAK,KAAK,KAAK,MAAM,GAAG;AAAA,IAC5B,IAAI,OAAO,MAAM,UAAU;AAAA,MACvB,IAAI,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,IAAI,GAAG,EAAE,UAAU,GAAG,GAAG;AAAA,UACrB,KAAK,KAAK,MAAM,GAAG,CAAC;AAAA,UACpB,MAAM,GAAG;AAAA,QACb;AAAA,MACJ,EACK;AAAA,QACD,KAAK,KAAK,GAAG;AAAA,QACb,GAAG,IAAI;AAAA;AAAA,MAEX,MAAO,CAAC,GAAG,KAAI;AAAA,QACX,IAAI,MAAM,IAAI,KAAK,IAAI,GAAG;AAAA,QAC1B,IAAI,CAAC;AAAA,UACD,IAAI,CAAC;AAAA,QACT,IAAI;AAAA,UACA,GAAG,IAAI,GAAG;AAAA,QACT;AAAA,UACD,KAAK,KAAK,GAAG;AAAA,UACb,MAAM,IAAI;AAAA,UACV,IAAI,GAAG,GAAG,GAAG,IAAI,MAAM;AAAA,UACvB,GAAG,EAAE,IAAI,KAAK,GAAG,EAAE,SAAS,IAAI,MAAM;AAAA;AAAA,MAE9C;AAAA,MACA,KAAK,GAAG,IAAK,GAAG,IAAI;AAAA,IACxB,EAEI;AAAA,WAAK;AAAA,IACT,MAAM,IAAI,SAAS,EAAE;AAAA,EACzB;AAAA,EACA,OAAO,IAAI,MAAM,EAAE;AAAA;AAAA,IAtoBnB,IAAkB,IAAiB,KAAmB,KAAqC,KAC3F,MAAM,QAAS,CAAC,GAAG,GAAG,GAAG;AAAA,EACzB,IAAI,GAAG,UAAU;AAAA,IACb,OAAO,GAAG,UAAU,MAAM,KAAK,GAAG,GAAG,CAAC;AAAA,EAC1C,IAAI,KAAK,QAAQ,IAAI;AAAA,IACjB,IAAI;AAAA,EACR,IAAI,KAAK,QAAQ,IAAI,EAAE;AAAA,IACnB,IAAI,EAAE;AAAA,EACV,IAAI,IAAI,IAAI,GAAG,IAAI,CAAC;AAAA,EACpB,EAAE,IAAI,EAAE,SAAS,GAAG,CAAC,CAAC;AAAA,EACtB,OAAO;AAAA,GAEP,OAAO,QAAS,CAAC,GAAG,GAAG,GAAG,GAAG;AAAA,EAC7B,IAAI,GAAG,UAAU;AAAA,IACb,OAAO,GAAG,UAAU,KAAK,KAAK,GAAG,GAAG,GAAG,CAAC;AAAA,EAC5C,IAAI,KAAK,QAAQ,IAAI;AAAA,IACjB,IAAI;AAAA,EACR,IAAI,KAAK,QAAQ,IAAI,EAAE;AAAA,IACnB,IAAI,EAAE;AAAA,EACV,MAAO,IAAI,GAAG,EAAE;AAAA,IACZ,EAAE,KAAK;AAAA,EACX,OAAO;AAAA,GAEP,MAAM,QAAS,CAAC,GAAG,GAAG,GAAG,GAAG;AAAA,EAC5B,IAAI,GAAG,UAAU;AAAA,IACb,OAAO,GAAG,UAAU,WAAW,KAAK,GAAG,GAAG,GAAG,CAAC;AAAA,EAClD,IAAI,KAAK,QAAQ,IAAI;AAAA,IACjB,IAAI;AAAA,EACR,IAAI,KAAK,QAAQ,IAAI,EAAE;AAAA,IACnB,IAAI,EAAE;AAAA,EACV,OAAO,IAAI,GAAG;AAAA,IACV,EAAE,OAAO,EAAE;AAAA,EACf;AAAA,GAcA,IAQA,MAAM,QAAS,CAAC,KAAK,KAAK,IAAI;AAAA,EAC9B,IAAI,IAAI,IAAI,MAAM,OAAO,GAAG,IAAI;AAAA,EAChC,EAAE,OAAO;AAAA,EACT,IAAI,MAAM;AAAA,IACN,MAAM,kBAAkB,GAAG,GAAG;AAAA,EAClC,IAAI,CAAC;AAAA,IACD,MAAM;AAAA,EACV,OAAO;AAAA,GAEP,KAAK,QAAS,CAAC,GAAG,GAAG,GAAG;AAAA,EACxB,IAAI,IAAI,GAAG,IAAI;AAAA,EACf,MAAO,IAAI,GAAG,EAAE;AAAA,IACZ,KAAK,EAAE,SAAS,KAAK;AAAA,EACzB,OAAO;AAAA,GAEP,KAAK,QAAS,CAAC,GAAG,GAAG;AAAA,EAAE,QAAQ,EAAE,KAAM,EAAE,IAAI,MAAM,IAAM,EAAE,IAAI,MAAM,KAAO,EAAE,IAAI,MAAM,QAAS;AAAA,GAEjG,OAAO,QAAS,CAAC,KAAK,GAAG;AAAA,EACzB,IAAI,KAAK,IAAI,KAAM,IAAI,MAAM,IAAM,IAAI,MAAM;AAAA,EAC7C,IAAI,MAAM,WAAY,IAAI,MAAM,KAAK;AAAA,IAEjC,IAAI,MAAM,IAAI;AAAA,IAEd,IAAI,KAAM,OAAO,IAAK,GAAG,KAAM,OAAO,IAAK,GAAG,KAAK,MAAM,GAAG,MAAM,OAAO;AAAA,IACzE,IAAI,MAAM;AAAA,MACN,IAAI,CAAC;AAAA,IAET,IAAI,KAAK,IAAI;AAAA,IAEb,IAAI,KAAK,MAAM,IAAI,IAAI;AAAA,IAEvB,IAAI,KAAK,GAAG,KAAK,IAAI,EAAE;AAAA,IACvB,MAAM;AAAA,IAEN,IAAI,MAAM,MAAO,KAAK,MAAO;AAAA,IAE7B,IAAI,MAAM,GAAG,KAAK,IAAI,GAAG,KAAM,OAAO,KAAM;AAAA,IAE5C,IAAI,KAAK;AAAA,IACT,IAAI,CAAC,IAAI;AAAA,MAEL,IAAI,KAAK,KAAM,MAAM,IAAI,MAAM;AAAA,MAC/B,KAAK,MAAM,MAAM,MAAM,IAAI,KAAK;AAAA,IACpC;AAAA,IACA,IAAI,KAAK;AAAA,MACL,IAAI,CAAC;AAAA,IACT,IAAI,MAAM,IAAI,IAAI,KAAK,IAAK,OAAO,KAAM,IAAI,IAAI,MAAM,EAAE;AAAA,IACzD,IAAI,KAAK,GAAG,IAAI,KAAK,GAAG,IAAI,KAAK;AAAA,IACjC,OAAO;AAAA,MACH,GAAG,KAAK;AAAA,MACR,GAAG;AAAA,MACH,GAAG;AAAA,MACH,GAAG;AAAA,MACH,GAAI,KAAK,KAAK,IAAK,IAAI,IAAI,SAAS,EAAE;AAAA,MACtC,GAAG;AAAA,MACH,GAAG,IAAI,IAAI,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC3B,GAAG;AAAA,MACH,GAAG;AAAA,MACH,GAAG,KAAK,IAAI,QAAQ,EAAE;AAAA,IAC1B;AAAA,EACJ,EACK,UAAM,MAAM,IAAM,IAAI,MAAM,OAAQ,UAAW;AAAA,IAEhD,OAAO,GAAG,KAAK,CAAC,IAAI;AAAA,EACxB;AAAA,EACA,IAAI,CAAC;AAAA,GAGL,MAAM,QAAS,CAAC,KAAK;AAAA,EACrB,IAAI,OAAO;AAAA,EACX,MAAQ,KAAK,QAAS,KAAK,EAAE;AAAA;AAAA,EAE7B,OAAO,OAAO;AAAA,GAGd,OAAO,QAAS,CAAC,KAAK,IAAI,KAAK;AAAA,EAE/B,IAAI,QAAQ,MAAM,KAAK;AAAA,EAEvB,IAAI,MAAM,IAAI,MAAM,MAAM;AAAA,EAC1B,IAAI,KAAK;AAAA,IACL,IAAI,CAAC;AAAA,EAET,IAAI,KAAK,KAAK;AAAA,EAEd,IAAI,QAAQ,IAAI,MAAM,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK;AAAA,EAEhD,IAAI,MAAM,IAAI,GAAG,OAAO,MAAM,EAAE;AAAA,EAChC,IAAI,OAAO,IAAI,IAAI,KAAK,GAAG,GAAG;AAAA,EAE9B,IAAI,SAAS,IAAI,IAAI,KAAK,GAAG,GAAG;AAAA,EAChC,IAAI,SAAS,IAAI,IAAI,KAAK,KAAK,EAAE;AAAA,EACjC,IAAI,MAAM,OAAO,MAAM;AAAA,EACvB,IAAI,OAAO,IAAI,GAAG,KAAK,KAAK,EAAE;AAAA,EAC9B,IAAI,QAAQ,IAAI,GAAG,KAAK,MAAM,EAAE;AAAA,EAChC,OAAO,MAAM,OAAO,QAAQ,GAAG;AAAA,IAC3B,IAAI,OAAO,IAAI,QAAQ,CAAC;AAAA,IACxB,IAAI,MAAM,QAAQ;AAAA,IAElB,IAAI,OAAO,KAAM,OAAO,KAAM;AAAA,IAC9B,IAAI,OAAQ,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,QAAS,OAAO,KAAM;AAAA,IAEpF,IAAI,UAAU,KAAK,QAAQ;AAAA,IAE3B,IAAI,MAAM,MAAM,QAAQ;AAAA,IAExB,IAAI,OAAO,MAAM;AAAA,IACjB,IAAI,OAAO;AAAA,MACP,QAAQ,MAAM,MAAM;AAAA,IACnB;AAAA,MACD,QAAQ,OAAO;AAAA,MACf,IAAI,MAAM;AAAA,QACN,OAAO;AAAA;AAAA,IAEf,KAAK,EAAE,OAAO,EAAE;AAAA,IAChB,IAAI,OAAO,IAAI;AAAA,MACX,SAAS;AAAA,MACT,KAAK,EAAE,MAAM;AAAA,IACjB,EAEI;AAAA,eAAS;AAAA,IACb,IAAI,CAAC,KAAK;AAAA,MACN,GAAG;AAAA,QAEC,IAAI,MAAM,QAAQ;AAAA,QAClB,MAAO,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,KAAM;AAAA,QACxD,QAAQ;AAAA,QACR,OAAO;AAAA,MACX,SAAS,MAAM;AAAA,IACnB;AAAA,EACJ;AAAA,EACA,IAAI,MAAM,OAAO;AAAA,IACb,IAAI,CAAC;AAAA,EACT,IAAI,SAAS;AAAA,EAEb,IAAI,SAAS,MAAM,MAAM,MAAM,KAAK;AAAA,EAEpC,IAAI,QAAQ,KAAK;AAAA,EACjB,SAAS,IAAI,EAAG,KAAK,KAAK,EAAE,GAAG;AAAA,IAC3B,IAAI,KAAK,KAAK;AAAA,IACd,IAAI,KAAK,GAAG;AAAA,MACR,OAAO,KAAK,CAAC;AAAA,MACb;AAAA,IACJ;AAAA,IAEA,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,MACrB,KAAK,UAAU;AAAA,MACf,GAAG;AAAA,QACC,SAAU,SAAS,QAAS;AAAA,MAChC,SAAS,UAAU;AAAA,IACvB;AAAA,EACJ;AAAA,EAEA,IAAI;AAAA,IACA,IAAI,CAAC;AAAA,EACT,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IAErB,IAAI,KAAK,OAAO,KAAK;AAAA,IAErB,IAAI,KAAK,MAAM,KAAK,KAAK,IAAI,EAAE;AAAA,IAC/B,OAAO,MAAM,MAAM,MAAM;AAAA,EAC7B;AAAA,EACA,OAAO,CAAE,OAAO,KAAM,GAAG;AAAA,IACjB,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,EACP,CAAC;AAAA,GAGL,MAAM,QAAS,CAAC,KAAK,IAAI;AAAA,EAEzB,IAAI,IAAI,GAAG,KAAK;AAAA,EAEhB,IAAI,MAAM,IAAI,GAAG,GAAG,GAAG,KAAK,IAAI;AAAA,EAEhC,IAAI,KAAK,IAAI,SAAS,GAAG,GAAG;AAAA,EAE5B,IAAI,KAAK,IAAI,SAAS,KAAK,GAAG;AAAA,EAE9B,IAAI,KAAK,IAAI,IAAI,IAAI,QAAQ,GAAG;AAAA,EAEhC,IAAI,KAAK,KAAK;AAAA,IAEV,IAAI,KAAK,KAAK,KAAK,KAAK,GAAG,CAAC,GAAG,MAAM,GAAG,IAAI,MAAM,GAAG;AAAA,IACrD,MAAM;AAAA,IACN,IAAI,OAAO,OAAO;AAAA,IAElB,IAAI,KAAK,IAAI;AAAA,IACb,IAAI,CAAC;AAAA,MACD,IAAI,CAAC;AAAA,IAET,IAAI,MAAM,GAAG,MAAM,GAAG,OAAO,IAAI,GAAG,OAAO;AAAA,IAG3C,IAAI,QAAQ,EAAE,MAAM,KAAK,IAAI,IAAI,EAAE;AAAA,IACnC,UAAS;AAAA,MACL,QAAQ;AAAA,MACR,IAAI,OAAO;AAAA,QACP;AAAA,MACJ,IAAI,MAAM,QAAQ;AAAA,MAClB,QAAS,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,MACzE,GAAG,EAAE,MAAM,IAAI,EAAE;AAAA,MACjB,QAAQ;AAAA,MACR,IAAI,OAAO;AAAA,QACP;AAAA,MACJ,MAAM,QAAQ;AAAA,MACd,QAAS,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,MACzE,GAAG,EAAE,MAAM,IAAI,EAAE;AAAA,MACjB,OAAO,IAAI,EAAE;AAAA,MACb,MAAM,IAAI,EAAE;AAAA,MACZ,OAAO,IAAI,EAAE;AAAA,MACb,MAAM,IAAI,EAAE;AAAA,IAChB;AAAA,IACA,IAAI,EAAE,KAAK;AAAA,MACP,IAAI,CAAC;AAAA,EACb,EACK;AAAA,IACD,KAAK,KAAK;AAAA,IACV,MAAO,IAAI,IAAI,KAAK,GAAG;AAAA,MACnB,IAAI,OAAO,IAAI,EAAE;AAAA,MACjB,GAAG,KAAK,QAAQ;AAAA,MAChB,GAAG,IAAI,KAAK,OAAO;AAAA,IACvB;AAAA,IACA,EAAE;AAAA;AAAA,EAGN,IAAI,MAAM;AAAA,EACV,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IACrB,IAAI,KAAK,GAAG;AAAA,IAEZ,IAAI,KAAK;AAAA,MACL,IAAI,CAAC;AAAA,IACT,OAAO,MAAO,KAAM,KAAK;AAAA,EAC7B;AAAA,EAEA,IAAI,KAAK,IAAI,GAAG,IAAI;AAAA,EAEpB,IAAI,KAAK,KAAK;AAAA,EAEd,IAAI,MAAM,KAAK;AAAA,EAEf,IAAI,MAAO,MAAM;AAAA,IACb,IAAI,CAAC;AAAA,EACT,GAAG,QAAQ,IAAI,GAAG,IAAI;AAAA,EACtB,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IACrB,IAAI,KAAK,GAAG;AAAA,IACZ,EAAE,GAAG,GAAG,KAAK,MAAO,KAAK,IAAI;AAAA,EACjC;AAAA,EAEA,IAAI,OAAO,IAAI,GAAG,MAAM,CAAC;AAAA,EAEzB,IAAI,OAAO,KAAK,SAAS,GAAG,EAAE,GAAG,KAAK,KAAK,SAAS,EAAE;AAAA,EACtD,GAAG,MAAM;AAAA,EACT,KAAK,IAAI,GAAI,IAAI,GAAG,EAAE,GAAG;AAAA,IACrB,IAAI,KAAK,GAAG;AAAA,IACZ,KAAK,IAAI,GAAG,IAAI,GAAG,IAAI,KAAK,KAAK,GAAG,MAAM,KAAM,KAAK,EAAG;AAAA,EAC5D;AAAA,EACA,IAAI,GAAG,MAAM;AAAA,IACT,IAAI,CAAC;AAAA,EACT,KAAK,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IACrB,IAAI,OAAO,GAAG;AAAA,IACd,IAAI,MAAM;AAAA,MACN,IAAI,OAAO,GAAG;AAAA,MACd,KAAK,MAAM,GAAG,MAAM,GAAG,QAAQ,QAAQ,KAAM,KAAK,KAAM;AAAA,IAC5D;AAAA,EACJ;AAAA,EACA,OAAO,CAAC,IAAI;AAAA,IACJ,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,EACP,CAAC;AAAA,GAKL,MAIA,MAIA,MAIA,OAAO,QAAS,CAAC,GAAG,GAAG;AAAA,EACvB,IAAI,MAAM,EAAE,QAAQ,KAAK,IAAI,IAAI,GAAG;AAAA,EACpC,SAAS,IAAI,EAAG,IAAI,KAAK,EAAE,GAAG;AAAA,IAC1B,GAAG,KAAK;AAAA,IACR,KAAK,KAAK,EAAE;AAAA,EAChB;AAAA,EACA,OAAO;AAAA,GAGP,KAIA,MAEA,KAIA,MAEA,MAAM,QAAS,CAAC,KAAK,KAAK,IAAI;AAAA,EAC9B,IAAI,MAAM,IAAI,QAAQ,KAAK,IAAI,QAAQ,KAAK,IAAI,MAAM,IAAI,OAAO,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC,GAAG;AAAA,EAC1F,IAAI,CAAC;AAAA,IACD,IAAI,CAAC;AAAA,EACT,IAAI,KAAK,GAAG,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,IAAI,IAAI,EAAE,IAAI,KAAK,IAAI;AAAA,EAClE,MAAO,MAAM,MAAM,IAAI,MAAK;AAAA,IACxB,IAAI,MAAM,OAAO;AAAA,IACjB,IAAI,OAAO,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,QAAS,MAAM;AAAA,IAC5E,MAAO,MAAM,MAAO,OAAO;AAAA,IAC3B,IAAI,EAAE,KAAK,GAAG,EAAE;AAAA,IAChB,OAAQ,MAAM,GAAG,EAAE;AAAA,EACvB;AAAA,EACA,IAAI,OAAO,MAAM,IAAI,KAAK;AAAA,IACtB,IAAI,CAAC;AAAA,GAIT,OAAO,QAAS,CAAC,KAAK,KAAK,IAAI;AAAA,EAC/B,IAAI,KAAK;AAAA,EACT,IAAI,KAAK,IAAI,QAAQ,MAAO,KAAK,KAAM,GAAG,MAAM,OAAO,GAAG,MAAM,MAAM;AAAA,EACtE,IAAI,IAAI,SAAS,IAAI,MAAM,IAAI,KAAM,IAAI,MAAM,CAAE,GAAG,IAAI,SAAS,GAAG,GAAG,GAAG,EAAE;AAAA,EAC5E,IAAI,IAAI,SAAS,IAAI,MAAM,IAAI,KAAM,IAAI,MAAM,CAAE,GAAG,IAAI,SAAS,KAAK,GAAG,GAAG,EAAE;AAAA,EAC9E,IAAI,IAAI,SAAS,IAAI,MAAM,IAAI,KAAM,IAAI,MAAM,CAAE,GAAG,IAAI,SAAS,KAAK,GAAG,GAAG,EAAE;AAAA,EAC9E,IAAI,IAAI,SAAS,EAAE,GAAG,IAAI,SAAS,GAAG,GAAG,EAAE;AAAA,GAG3C,MAAM,QAAS,CAAC,KAAK,IAAI,KAAK;AAAA,EAC9B,IAAI;AAAA,EACJ,IAAI,KAAK,GAAG;AAAA,EAEZ,IAAI,KAAK,IAAI,KAAK,QAAS,MAAM,IAAK;AAAA,EACtC,GAAG,IAAI,KAAK;AAAA,EACZ,IAAI,KAAM,MAAM,IAAM,IAAI,KAAK,MAAM,IAAM,IAAI,KAAK,MAAM;AAAA,EAE1D,IAAI,OAAO,MAAM,KAAK;AAAA,EACtB,IAAI,SAAS,GAAG;AAAA,IACZ,IAAI,MAAM,IAAI;AAAA,MACV;AAAA,IACJ,GAAG,IAAI,KAAK;AAAA,IACZ,IAAI,KAAK;AAAA,MACL,KAAK,KAAK,IAAI,KAAK,GAAG,GAAG,GAAG,KAAK,EAAE;AAAA,MACnC,OAAO;AAAA,IACX;AAAA,IACA,OAAO,KAAK,IAAI,GAAG,EAAE,GAAG,IAAI,GAAG;AAAA,EACnC;AAAA,EACA,IAAI,MAAM,IAAI;AAAA,IACV;AAAA,EACJ,IAAI,SAAS,GAAG;AAAA,IACZ,GAAG,IAAI;AAAA,IACP,IAAI,KAAK;AAAA,MACL,IAAI,IAAI,IAAI,SAAS,IAAI,GAAG,GAAG,GAAG,CAAC;AAAA,MACnC,GAAG,KAAK;AAAA,MACR,OAAO;AAAA,IACX;AAAA,IACA,OAAO,IAAI,KAAK,IAAI,GAAG;AAAA,EAC3B;AAAA,EACA,IAAI,SAAS,GAAG;AAAA,IAEZ,IAAI,KAAK,IAAI,KAAK,MAAM,KAAK,GAAG,KAAM,MAAM,IAAK;AAAA,IAEjD,IAAI,MAAM,MAAM,GAAG,MAAM,GAAG,KAAK;AAAA,IACjC,IAAI,MAAM,GAAG;AAAA,MACT,IAAI,KAAK;AAAA,QACL,OAAQ,IAAI,EAAE,OAAO,KAAO,KAAK,KAAO,IAAI,EAAE,OAAO;AAAA,MAErD;AAAA,cAAM,MAAM;AAAA,IACpB,EACK;AAAA,MACD,KAAK;AAAA,MACL,IAAI,KAAK;AAAA,QACL,QAAS,IAAI,EAAE,MAAM,OAAO,GAAI,MAAO,IAAI,OAAO,IAAM,IAAI,EAAE,OAAO;AAAA,MACpE,SAAI,MAAM;AAAA,QACX,OAAQ,IAAI,EAAE,OAAO,KAAO,IAAI,EAAE,MAAM,MAAM,IAAK,MAAO,IAAI,OAAO,IAAM,IAAI,EAAE,OAAO;AAAA,MAExF;AAAA,eAAQ,IAAI,EAAE,OAAO,KAAO,IAAI,EAAE,MAAM,OAAO,IAAK,MAAO,IAAI,OAAO,IAAM,IAAI,EAAE,OAAO,IAAM,IAAI,EAAE,OAAO;AAAA;AAAA,IAEpH,EAAE;AAAA,IAEF,IAAI,MAAM,MAAM,IAAI,SAAS,GAAG,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,GAAG,CAAC;AAAA,IAE7D,IAAI,MAAM,IAAI,SAAS;AAAA,IACvB,IAAI,OAAO;AAAA,MACP,IAAI,IAAI,IAAI,SAAS,IAAI,MAAM,GAAG,GAAG,GAAG;AAAA,IACvC,SAAI,OAAO;AAAA,MACZ,KAAK,KAAK,IAAI,OAAO,GAAG;AAAA,IACvB;AAAA,MAED,IAAI,KAAK,GAAG;AAAA,MACZ,IAAI,OAAO,GAAG;AAAA,QACV,IAAI,MAAM,IAAI,KAAK,EAAE;AAAA,QAErB,OAAO,MAAM,KAAK,IAAI;AAAA,QACtB,GAAG,IAAI,KAAK,IAAI;AAAA,MACpB,EACK,SAAI,CAAC;AAAA,QACN,IAAI,CAAC;AAAA,OACR,KAAK,OAAO,KAAK,IAAI,SAAS,IAAI,MAAM,GAAG,GAAG,IAAI,SAAS,GAAG,GAAG,EAAE;AAAA;AAAA,IAGxE,IAAI,KAAK,IAAI;AAAA,IACb,IAAI,IAAI;AAAA,MACJ,IAAI,MAAM;AAAA,QACN,MAAM,IAAI,QAAS,IAAI,SAAS,KAAM;AAAA,MACrC,SAAI,KAAK;AAAA,QACV,KAAO,KAAK,OAAQ,IAAK,IAAI;AAAA,MAEjC,IAAI,MAAM,IAAI;AAAA,MACd,IAAI,MAAM;AAAA,QACN,IAAI,CAAC;AAAA,MACT,IAAI,MAAM,CAAC,MAAM,MAAM,IAAI;AAAA,MAC3B,SAAS,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,QACzB,IAAI,KAAM,QAAS,KAAK,KAAK,IAAM;AAAA,QACnC,IAAI,MAAM,GAAG;AAAA,UAET,IAAI,OAAO,IAAI,GAAG,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC;AAAA,UACnC,IAAI,KAAK;AAAA,YACL,GAAG,KAAK,SAAS,GAAG,CAAC;AAAA,YACrB,GAAG,KAAK,SAAS,GAAG,CAAC;AAAA,YACrB,GAAG,IAAI,IAAI,KAAK,QAAQ,GAAG,CAAC;AAAA,YAC5B,GAAG;AAAA,UACP;AAAA,QACJ,EACK,SAAI,MAAM,GAAG;AAAA,UAEd,KAAK,KAAK,KAAK,IAAI,KAAK,IAAI,EAAE,GAAG,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG;AAAA,QAC7D,EACK,SAAI,MAAM,GAAG;AAAA,UACd,IAAI,CAAC,GAAG;AAAA,YACJ,IAAI,CAAC;AAAA,UACT,IAAI,KAAK,GAAG,EAAE;AAAA,QAClB;AAAA,MACJ;AAAA,MACA,IAAI,KAAK,GAAG,IAAI,KAAK,MAAM,GAAG,IAAI,MAAM,GAAG,IAAI,MAAM,GAAG;AAAA,MACxD,IAAI,KAAK,IAAI,MAAM;AAAA,MACnB,IAAI,CAAC;AAAA,QACD,IAAI,CAAC;AAAA,MACT,IAAI,QAAQ,OAAO,KAAK,IAAI,IAAI,EAAE,IAAI,IAAI,GAAG,MAAM,QAAQ,GAAG,OAAO;AAAA,MACrE,IAAI,OAAQ,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,IAAI,KAAK;AAAA,MAC7E,OAAO,QAAQ,IAAI,MAAM;AAAA,MACzB,IAAI,OAAQ,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,IAAI,KAAK;AAAA,MAC7E,OAAO,QAAQ,IAAI,MAAM;AAAA,MACzB,IAAI,OAAQ,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,IAAI,KAAK;AAAA,MAC7E,KAAK,EAAE,GAAI,EAAE,MAAK;AAAA,QACd,IAAI,MAAM,IAAI,EAAE;AAAA,QAChB,IAAI,OAAO,IAAI,EAAE;AAAA,QACjB,IAAI,MAAM,IAAI,EAAE;AAAA,QAChB,IAAI,OAAO,IAAI,EAAE;AAAA,QACjB,IAAI,MAAM,IAAI,EAAE;AAAA,QAChB,IAAI,OAAO,IAAI,EAAE;AAAA,QACjB,OAAO,QAAQ,QAAQ;AAAA,QACvB,IAAI,MAAM,KAAK;AAAA,QACf,IAAI,MAAM,QAAS,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,KAAO,IAAI,MAAM,MAAM,SAAU,OAAO,KAAO,MAAM;AAAA,QAC1H,OAAO,QAAQ,IAAI,SAAS;AAAA,QAC5B,IAAI,KAAK,KAAK,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,QAAS,OAAO,MAAQ,KAAK,IAAI,QAAQ;AAAA,QACnH,OAAO,QAAQ,IAAI,SAAS;AAAA,QAC5B,IAAI,KAAK,KAAK,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,IAAM,IAAI,MAAM,MAAM,QAAS,OAAO,MAAQ,KAAK,IAAI,QAAQ;AAAA,QACnH,OAAO,QAAQ,SAAS;AAAA,QACxB,MAAM,IAAI,EAAE,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,QACtF,OAAO,QAAQ,SAAS;AAAA,QACxB,MAAM,IAAI,EAAE,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,QACtF,OAAO,QAAQ,SAAS;AAAA,QACxB,MAAM,IAAI,EAAE,SAAU,IAAI,OAAQ,IAAI,MAAM,MAAM,OAAQ,OAAO,MAAQ,KAAK,QAAQ;AAAA,QACtF,IAAI,MAAM,GAAG;AAAA,UACT,GAAG,EAAE,KAAK,GAAG,EAAE;AAAA,UACf,GAAG,EAAE,KAAK,GAAG,EAAE;AAAA,UACf,GAAG,EAAE,KAAK,OAAO;AAAA,QACrB,EACK;AAAA,UACD,IAAI,MAAM,OAAO,MAAM;AAAA,UACvB,IAAI,KAAK;AAAA,YACL,MAAM,OAAO,IAAI,GAAG,EAAE,KAAK,IAAI,GAAG,EAAE;AAAA,YACpC,IAAI,MAAM;AAAA,cACN,GAAG,EAAE,KAAK,GAAG,EAAE;AAAA,YACnB,GAAG,EAAE,KAAK,GAAG,EAAE;AAAA,YACf,GAAG,EAAE,KAAK;AAAA,UACd,EAEI;AAAA,kBAAM,GAAG,EAAE;AAAA;AAAA,QAEnB,SAAS,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,UACzB,IAAI,OAAO,KAAK,IAAI,MAAM;AAAA,QAC9B;AAAA,QACA,QAAQ,IAAI,OAAO;AAAA,QACnB,IAAI,OAAO,OAAO;AAAA,QAClB,IAAI,OAAO,GAAG;AAAA,UACV,IAAI,MAAM,CAAC;AAAA,UACX,IAAI,KAAK,GAAG,IAAI;AAAA,UAChB,IAAI,MAAM;AAAA,YACN,MAAM;AAAA,UACV,SAAS,IAAI,EAAG,IAAI,KAAK,EAAE,GAAG;AAAA,YAC1B,IAAI,OAAO,KAAK,GAAG,EAAE,KAAK;AAAA,UAC9B;AAAA,UACA,QAAQ,KAAK,MAAM,KAAK,OAAO;AAAA,QACnC;AAAA,QACA,SAAS,IAAI,EAAG,IAAI,IAAI,EAAE,GAAG;AAAA,UACzB,IAAI,OAAO,KAAK,IAAI,OAAO;AAAA,QAC/B;AAAA,QACA,QAAQ;AAAA,MACZ;AAAA,MACA,IAAI,QAAQ,KAAK;AAAA,QACb,OAAO,MAAM,IAAI,QAAQ;AAAA,UACrB,IAAI,UAAU,IAAI;AAAA,QACtB;AAAA,MACJ,EAEI;AAAA,eAAO,IAAI;AAAA,MACf,IAAI;AAAA,QACA,GAAG,KAAK;AAAA,MAER;AAAA,cAAM,IAAI,KAAK,GAAG,IAAI;AAAA,IAC9B,EACK,SAAI,KAAK;AAAA,MACV,GAAG,KAAK;AAAA,MACR,IAAI,KAAK;AAAA,QACL,SAAS,IAAI,EAAG,IAAI,KAAK,EAAE,GAAG;AAAA,UAC1B,IAAI,KAAK,IAAI,MAAM;AAAA,QACvB;AAAA,MACJ;AAAA,IACJ,EACK,SAAI;AAAA,MACL,MAAM,IAAI,KAAK,GAAG;AAAA,IACtB,GAAG,IAAI;AAAA,IACP,OAAO;AAAA,EACX;AAAA,EACA,IAAI,CAAC;AAAA,GAGL,MAAM,QAAS,CAAC,MAAM,IAAI;AAAA,EAC1B,IAAI,KAAK,UAAU;AAAA,IACf,OAAO,KAAK;AAAA,EAChB,IAAI,MAAM,IAAI,GAAG,EAAE;AAAA,EACnB,SAAS,IAAI,GAAG,IAAI,EAAG,IAAI,KAAK,QAAQ,EAAE,GAAG;AAAA,IACzC,IAAI,MAAM,KAAK;AAAA,IACf,IAAI,IAAI,KAAK,CAAC;AAAA,IACd,KAAK,IAAI;AAAA,EACb;AAAA,EACA,OAAO;AAAA;AAAA;AAAA,EAvlBP,KAAK;AAAA,EAAa,KAAK;AAAA,EAAY,MAAM;AAAA,EAAa,MAAM;AAAA,EAA+B,MAAM;AAAA,EA8CjG,KAAK;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AAAA,EAqRI,OAAqB,qBAAmB,IAAI,GAAG;AAAA,IAC/C;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAK;AAAA,IAAK;AAAA,IAAI;AAAA,IAAK;AAAA,EACnF,CAAC,GAAG,GAAG,CAAC,EAAE;AAAA,EAEN,OAAqB,qBAAmB,IAAI,GAAG;AAAA,IAC/C;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAG;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAG;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,EAC9G,CAAC,GAAG,GAAG,CAAC,EAAE;AAAA,EAEN,OAAsB,qBAAmB,IAAI,GAAG;AAAA,IAChD;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAK;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,IAAI;AAAA,EACtD,CAAC,GAAG,GAAG,CAAC,EAAE;AAAA,EAWN,sBAAqB,IAAI,oBAAmB,IAAI,IAAI;AAAA,IACpD;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAU;AAAA,IAAU;AAAA,IAAW;AAAA,IAAW;AAAA,EAC1D,CAAC,GAAG,QAAQ,GAAG,EAAE;AAAA,EAEb,uBAAsB,KAAK,KAAK,CAAC;AAAA,EAEjC,sBAAqB,IAAI,oBAAmB,IAAI,IAAI;AAAA,IACpD;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAG;AAAA,IAAU;AAAA,IAAU;AAAA,IAAW;AAAA,IAAW;AAAA,IAAW;AAAA,EACjF,CAAC,GAAG,QAAQ,GAAG,EAAE;AAAA,EAEb,uBAAsB,KAAK,KAAK,CAAC;AAAA;;;;;;;;;ACtVrC,SAAS,eAAe,GAAe;AAAA,EACrC,MAAM,MAAY,YAAoB,WAAY,WAAmB,WAAW;AAAA,EAChF,IAAI,CAAC;AAAA,IAAK,OAAO;AAAA,EACjB,IAAI;AAAA,IACF,OAAO,IAAI,cAAc;AAAA,IACzB,MAAM;AAAA,IACN,OAAO;AAAA;AAAA;AAUJ,SAAS,uBAAuB,GAAY;AAAA,EACjD,IAAI;AAAA,IAAO,OAAO;AAAA,EAClB,MAAM,OAAO,gBAAgB;AAAA,EAC7B,OAAO,OAAO,MAAM,qBAAqB;AAAA;AAI3C,eAAsB,YAAY,CAAC,MAAkB,OAAiD;AAAA,EACpG,IAAI,OAAO;AAAA,IACT,OAAO,IAAI,WAAW,IAAI,iBAAiB,MAAM,EAAE,MAAM,CAAC,CAAC;AAAA,EAC7D;AAAA,EACA,MAAM,OAAO,gBAAgB;AAAA,EAC7B,MAAM,KAAK,MAAM;AAAA,EACjB,IAAI,OAAO,OAAO,YAAY;AAAA,IAC5B,MAAM,IAAI,MACR,wDACE,uDACA,iEACJ;AAAA,EACF;AAAA,EACA,OAAO,IAAI,WACT,GAAG,MAAM;AAAA,IACP,QAAQ;AAAA,OACL,KAAK,UAAU,0BAA0B;AAAA,IAC5C;AAAA,EACF,CAAC,CACH;AAAA;AAoBF,eAAsB,cAAc,CAAC,MAAkB,eAA0D;AAAA,EAC/G,IAAI,iBAAiB,MAAM;AAAA,IACzB,MAAM,WAAW,yBAAyB,IAAI;AAAA,IAC9C,IAAI,aAAa,QAAQ,WAAW,eAAe;AAAA,MACjD,MAAM,IAAI,MAAM,2BAA2B,+BAA+B,gBAAgB;AAAA,IAC5F;AAAA,EACF;AAAA,EAEA,IAAI;AAAA,EACJ,IAAI,OAAO;AAAA,IACT,MAAM,IAAI,WAAW,IAAI,mBAAmB,IAAI,CAAC;AAAA,EACnD,EAAO;AAAA,IACL,MAAM,OAAO,gBAAgB;AAAA,IAC7B,MAAM,KAAK,MAAM;AAAA,IACjB,IAAI,OAAO,OAAO,YAAY;AAAA,MAC5B,MAAM,IAAI,WAAW,GAAG,IAAI,CAAC;AAAA,IAC/B,EAAO;AAAA,MAYL,MAAM,UAAU,WAAgB,IAAI;AAAA,MACpC,MAAM,IAAI,WAAW,QAAQ,UAAU;AAAA,MACvC,IAAI,IAAI,OAAO;AAAA;AAAA;AAAA,EAInB,IAAI,iBAAiB,QAAQ,IAAI,aAAa,eAAe;AAAA,IAC3D,MAAM,IAAI,MAAM,2BAA2B,IAAI,4BAA4B,gBAAgB;AAAA,EAC7F;AAAA,EACA,OAAO;AAAA;AAcT,SAAS,wBAAwB,CAAC,MAAiC;AAAA,EACjE,IAAI,KAAK,SAAS;AAAA,IAAG,OAAO;AAAA,EAE5B,IAAI,KAAK,OAAO,MAAQ,KAAK,OAAO,OAAQ,KAAK,OAAO,MAAQ,KAAK,OAAO,KAAM;AAAA,IAChF,OAAO;AAAA,EACT;AAAA,EACA,MAAM,MAAM,KAAK;AAAA,EACjB,MAAM,eAAgB,OAAO,IAAK;AAAA,EAClC,MAAM,iBAAkB,OAAO,IAAK,OAAS;AAAA,EAC7C,MAAM,aAAa,MAAM;AAAA,EAEzB,MAAM,UAAU,iBAAiB,IAAK,gBAAgB,IAAI,IAAK,iBAAiB,IAAI,IAAI,iBAAiB,IAAI,IAAI;AAAA,EACjH,IAAI,YAAY;AAAA,IAAG,OAAO;AAAA,EAE1B,MAAM,iBAAiB,gBAAgB,IAAI;AAAA,EAC3C,MAAM,aAAa,eAAe,IAAI,IAAI,eAAe,IAAI,IAAI,eAAe,IAAI,IAAI;AAAA,EACxF,MAAM,YAAY,IAAI,iBAAiB;AAAA,EACvC,IAAI,KAAK,SAAS,YAAY;AAAA,IAAS,OAAO;AAAA,EAE9C,IAAI,MAAM;AAAA,EACV,SAAS,IAAI,EAAG,IAAI,SAAS,KAAK;AAAA,IAChC,OAAO,OAAO,KAAK,YAAY,EAAE,KAAK,OAAO,IAAI,CAAC;AAAA,EACpD;AAAA,EAEA,IAAI,YAAY;AAAA,IAAG,OAAO;AAAA,EAC1B,IAAI,MAAM,OAAO,OAAO,gBAAgB;AAAA,IAAG,OAAO,OAAO;AAAA,EACzD,OAAO,OAAO,GAAG;AAAA;AAAA,IA7Ib,iBAAiB,aACjB;AAAA;AAAA,EANN;AAAA,EAMM,QAAQ,OAAO,WAAW,QAAQ;AAAA;;;ACMxC,IAAM,eAAe;AACrB,SAAS,cAAc,GAA4E;AAAA,EACjG,MAAM,MAAY,YAAoB,WAAY,WAAmB,WAAW;AAAA,EAChF,IAAI,CAAC,KAAK;AAAA,IACR,MAAM,IAAI,MACR,6EACE,sEACJ;AAAA,EACF;AAAA,EACA,OAAO,IAAI,YAAY,EAAE;AAAA;AAAA;AAIpB,MAAM,OAAgC;AAAA,EAEd;AAAA,EADZ,aAAa,eAAe;AAAA,EAC7C,WAAW,CAAkB,IAAY;AAAA,IAAZ;AAAA;AAAA,EAE7B,KAAK,CAAC,MAAoB;AAAA,IACxB,MAAM,MAAM,IAAI,YAAY,EAAE,OAAO,IAAI;AAAA,IACzC,IAAI,SAAS;AAAA,IACb,OAAO,SAAS,IAAI,QAAQ;AAAA,MAC1B,MAAM,IAAI,KAAK,WAAW,KAAK,IAAI,KAAK,QAAQ,IAAI,SAAS,MAAM;AAAA,MACnE,IAAI,KAAK;AAAA,QAAG,MAAM,IAAI,MAAM,iCAAiC,GAAG;AAAA,MAChE,UAAU;AAAA,IACZ;AAAA;AAEJ;AAMA,SAAS,UAAU,GAAW;AAAA,EAC5B,MAAM,IAAI,IAAI;AAAA,EACd,MAAM,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AAAA,EAC1D,MAAM,MAAM,EAAE,YAAY,IAAI,GAAG,SAAS,EAAE,SAAS,GAAG,GAAG;AAAA,EAC3D,MAAM,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AAAA,EACpD,MAAM,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AAAA,EACrD,MAAM,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AAAA,EACvD,MAAM,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AAAA,EACvD,MAAM,KAAK,EAAE,mBAAmB,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG;AAAA,EAC5D,OAAO,GAAG,QAAQ,MAAM,MAAM,MAAM,MAAM,MAAM;AAAA;AAGlD,SAAS,MAAM,CAAC,OAA2B;AAAA,EACzC,OAAO,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAAA;AAI7C,SAAS,QAAQ,CAAC,GAAmB;AAAA,EACnC,OAAO,KAAK,MAAM,IAAI,GAAG,IAAI;AAAA;AAAA;AAqBxB,MAAM,cAAsC;AAAA,EAK9B;AAAA,EAJF;AAAA,EACA;AAAA,EAEjB,WAAW,CACQ,MACjB,UAAqC,CAAC,GACtC;AAAA,IAFiB;AAAA,IAKjB,IAAI,OAAO,YAAY,UAAU;AAAA,MAC/B,KAAK,gBAAgB;AAAA,MACrB,KAAK,QAAQ;AAAA,IACf,EAAO;AAAA,MACL,KAAK,gBAAgB,QAAQ,iBAAiB;AAAA,MAC9C,KAAK,QAAQ,QAAQ,SAAS;AAAA;AAAA;AAAA,EAKlC,eAAe,CAAC,OAAgC;AAAA,IAC9C,MAAM,QAAoB,EAAE,SAAS,QAAQ,OAAO,OAAO,EAAE;AAAA,IAC7D,OAAO;AAAA;AAAA,EAKT,aAAa,CAAC,OAAkB,MAAoB,OAAuB,OAAqB;AAAA,IAC9F,MAAM,IAAI;AAAA,IACV,MAAM,aAAa,IAAI,SAAS,OAAO,QAAQ,OAAO,OAAO,IAAI,EAAE,OAAO,IAAI,GAAS,IAAI;AAAA,IAE3F,MAAM,SAAS,QAAQ,UAAU;AAAA,IACjC,MAAM,UAAU,QAAU,MAAoC,QAAQ,MAAM,YAAY,OAAQ;AAAA,IAChG,MAAM,SAAS,OAAO,WAAW;AAAA,IAEjC,MAAM,WAAW,KAAK,YAAY;AAAA,IAClC,MAAM,MAA+B;AAAA,MACnC,WAAW,WAAW;AAAA,MACtB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,SAAS,GAAG,YAAY,KAAK,UAAU;AAAA,MACvC,WAAW,KAAK;AAAA,MAChB;AAAA,MACA,eAAe,KAAK,gBAAgB;AAAA,MACpC,QAAQ,KAAK;AAAA,MACb,aAAa,KAAK;AAAA,MAClB,WAAW,KAAK,aAAa;AAAA,MAC7B,aAAa,KAAK,cAAc;AAAA,MAChC,eAAe,KAAK,iBAAiB;AAAA,MACrC,aAAa,KAAK,cAAc;AAAA,MAChC,aAAa;AAAA,MACb;AAAA,MACA,YAAY;AAAA,IACd;AAAA,IAEA,IAAI;AAAA,MAAQ,IAAI,gBAAgB;AAAA,IAChC,IAAI,KAAK;AAAA,MAAe,IAAI,iBAAiB,KAAK;AAAA,IAClD,IAAI,KAAK;AAAA,MAAiB,IAAI,mBAAmB,KAAK;AAAA,IACtD,IAAI,KAAK;AAAA,MAAW,IAAI,aAAa,KAAK;AAAA,IAC1C,IAAI,KAAK,eAAe,KAAK,YAAY,SAAS,GAAG;AAAA,MAOnD,MAAM,UAAU,OAAO,KAAK,WAAW;AAAA,MACvC,IAAI,KAAK,UAAU,SAAS;AAAA,QAC1B,IAAI,eAAe;AAAA,MACrB,EAAO;AAAA,QACL,IAAI,yBAAyB,QAAQ;AAAA,QACrC,IAAI,YAAY;AAAA;AAAA,IAEpB;AAAA,IACA,IAAI,KAAK,eAAe,UAAU;AAAA,MAChC,IAAI,YAAY,KAAK,YAAY;AAAA,IACnC;AAAA,IACA,IAAI,KAAK;AAAA,MAAW,IAAI,YAAY;AAAA,IAEpC,IACE,MAAM,eACJ,MAAM,gBACN,MAAM,YACN,MAAM,aACN,MAAM,aACN,MAAM,gBACR,GACA;AAAA,MACA,IAAI,gBAAgB,MAAM;AAAA,MAC1B,IAAI,iBAAiB,MAAM;AAAA,MAC3B,IAAI,aAAa,MAAM;AAAA,MACvB,IAAI,cAAc,MAAM;AAAA,MACxB,IAAI,cAAc,MAAM;AAAA,MACxB,IAAI,eAAe,MAAM;AAAA,IAC3B;AAAA,IAEA,IAAI;AAAA,MACF,KAAK,KAAK,MAAM,GAAG,KAAK,UAAU,GAAG;AAAA,CAAK;AAAA,MAC1C,MAAM;AAAA;AAIZ;;ACnMO,MAAM,iBAAiB,MAAM;AAAA,EAGhB;AAAA,EAEA;AAAA,EAEA;AAAA,EANlB,WAAW,CAEO,WAEA,cAEA,iBAChB;AAAA,IACA,MAAM,GAAG,cAAc,cAAc;AAAA,IANrB;AAAA,IAEA;AAAA,IAEA;AAAA,IAGhB,KAAK,OAAO;AAAA;AAEhB;AAAA;AAGO,MAAM,qBAAqB,MAAM;AAAA,EACtC,WAAW,CAAC,SAAiB;AAAA,IAC3B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEhB;AAIO,IAAM,oCAAoC;AAE1C,IAAM,0BAA0B;AAEhC,IAAM,6BAA6B;AACnC,IAAM,uCAAuC;AAAA;AAO7C,MAAM,6BAA6B,aAAa;AAAA,SACrC,YAAY;AAAA,EACnB,YAAY;AAAA,EACrB,WAAW,CAAC,SAAiB;AAAA,IAC3B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEhB;AAEA,IAAM,eAAe;AAMd,SAAS,oBAAoB,CAAC,OAAyC;AAAA,EAC5E,MAAM,IAAI,aAAa,KAAK,KAAK;AAAA,EACjC,IAAI,CAAC,GAAG;AAAA,IACN,MAAM,IAAI,MACR,6BAA6B,uCAC3B,uEACA,qCACJ;AAAA,EACF;AAAA,EACA,OAAO,CAAC,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,EAAE,CAAC;AAAA;AAAA;AAU3C,MAAM,kCAAkC,MAAM;AAAA,SAEnC,YAAY;AAAA,EAEnB,YAAY;AAAA,EACrB,WAAW,CAAC,SAAiB;AAAA,IAC3B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEhB;AAAA;AAIO,MAAM,yBAAyB,MAAM;AAAA,SAE1B,YAAY;AAAA,EAEnB,YAAY;AAAA,EACrB,WAAW,CAAC,SAAiB;AAAA,IAC3B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEhB;AAAA;AAGO,MAAM,4BAA4B,MAAM;AAAA,SAE7B,YAAY;AAAA,EAEnB,YAAY;AAAA,EACrB,WAAW,CAAC,SAAiB;AAAA,IAC3B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEhB;;;ACtGO,MAAM,YAAY;AAAA,EAGd;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAET,WAAW,CAAC,QAAgB,eAAwB,WAA0B,SAA8B,CAAC,GAAG;AAAA,IAC9G,KAAK,SAAS;AAAA,IACd,KAAK,gBAAgB;AAAA,IACrB,KAAK,YAAY;AAAA,IACjB,KAAK,SAAS;AAAA;AAAA,SAIT,SAAS,GAAgB;AAAA,IAC9B,OAAO,IAAI,YAAY,IAAI,OAAO,IAAI;AAAA;AAAA,EAIxC,oBAAoB,GAAS;AAAA,IAC3B,IAAI,CAAC,KAAK,eAAe;AAAA,MACvB,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,IACzE;AAAA;AAEJ;;AC7BO,IAAM,iBAAiB;AAEvB,IAAM,gBAAgB;AAEtB,IAAM,kBAAkB;AAExB,IAAM,gBAAgB;AAEtB,IAAM,sBAAsB;AAG5B,IAAM,kBAAkB;AAGxB,IAAM,gBAAgB;AAEtB,IAAM,iBAAiB;AAGvB,IAAM,oBAAoB;AAE1B,IAAM,uBAAuB;AAC7B,IAAM,oBAAoB;AAE1B,IAAM,mBAAmB;AAQzB,IAAM,uBAAuB;AAG7B,IAAM,uBAAuB;AAG7B,IAAM,YAAY;AAClB,IAAM,aAAa;AAEnB,IAAM,eAAe;AACrB,IAAM,sBAAsB;AAG5B,IAAM,mBAAmB;AAKzB,IAAM,iBAAiB;;;ACtD9B;AAAA,YACE;AAAA,UACA;AAAA,UACA;AAAA,cAEA;AAAA,aACA;AAAA,aACA;AAAA,gBACA;AAAA,yBACA;AAAA,WACA;AAAA,qBACA;AAAA,aACA;AAAA,aACA;AAAA,UACA;AAAA,WACA;AAAA,WACA;AAAA,WACA;AAAA,iBACA;AAAA,eACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,iBACA;AAAA,YACA;AAAA,YACA;AAAA,qBACA;AAAA,eACA;AAAA,cACA;AAAA,UACA;AAAA,WACA;AAAA,YACA;AAAA,YACA;AAAA,YACA;AAAA,UACA;AAAA,cACA;AAAA,qBACA;AAAA;AAAA;AAAA;AAkBK,IAAM,UAA0B,EAAE,MAAM,YAAY,mBAAmB,KAAK;AAK5E,IAAM,OAAO,MAAmB,IAAI;AACpC,IAAM,OAAO,MAAmB,IAAI;AACpC,IAAM,QAAQ,MAAmB,IAAI;AACrC,IAAM,QAAQ,MAAmB,IAAI;AACrC,IAAM,QAAQ,MAAmB,IAAI;AACrC,IAAM,QAAQ,MAAmB,IAAI;AACrC,IAAM,SAAS,MAAmB,IAAI;AACtC,IAAM,SAAS,MAAmB,IAAI;AACtC,IAAM,SAAS,MAAmB,IAAI;AACtC,IAAM,UAAU,MAAmB,IAAI;AACvC,IAAM,UAAU,MAAmB,IAAI;AACvC,IAAM,OAAO,MAAmB,IAAI;AACpC,IAAM,SAAS,MAAmB,IAAI;AAGtC,IAAM,iBAAiB,CAAC,WAA0B,SACvD,IAAI,YAAY,WAAW,aAAa,QAAQ;AAwC3C,SAAS,KAAK,CAAC,MAAc,MAAmB,WAAW,MAAM,UAA0C;AAAA,EAChH,OAAO,IAAI,QAAQ,MAAM,MAAoB,UAAU,YAAY,IAAI,GAAK;AAAA;AAGvE,SAAS,MAAM,CAAC,QAA6B,UAA2C;AAAA,EAC7F,OAAO,IAAI,SAAS,QAAqB,YAAY,IAAI,GAAK;AAAA;AAKzD,SAAS,eAAe,CAAC,GAA0B;AAAA,EACxD,MAAM,SAAS,IAAI;AAAA,EACnB,OAAO,MAAM,WAAW,CAAwB;AAAA,EAChD,OAAO,MAAM;AAAA,EACb,OAAO,OAAO,aAAa,IAAI;AAAA;AAG1B,SAAS,iBAAiB,CAAC,OAA8B;AAAA,EAC9D,MAAM,SAAS,kBAAkB,KAAK,KAAK;AAAA,EAC3C,MAAM,UAAU,CAAC,GAAG,MAAM;AAAA,EAC1B,IAAI,QAAQ,SAAS;AAAA,IAAG,OAAO,QAAQ,GAAG;AAAA,EAC1C,IAAI,OAAO;AAAA,IAAQ,OAAO,OAAO;AAAA,EACjC,MAAM,IAAI,MAAM,iDAAiD;AAAA;AAG5D,SAAS,cAAc,CAAC,OAA6B;AAAA,EAC1D,MAAM,IAAI;AAAA,EACV,MAAM,SAAS,IAAI;AAAA,EACnB,OAAO,MAAM,WAAW,EAAE,MAAM;AAAA,EAC/B,OAAe,kBAAkB,CAAC;AAAA,EACnC,OAAO,MAAM;AAAA,EACb,OAAO,OAAO,aAAa,IAAI;AAAA;AAc1B,SAAS,wBAAwB,CAAC,GAAkC;AAAA,EACzE,MAAM,SAAS,IAAI;AAAA,EACnB,OAAO,MAAM,WAAW,CAAwB;AAAA,EAChD,MAAM,QAAQ,MAAkB;AAAA,IAC9B,MAAM,SAAU,OAAe,MAAM;AAAA,IACrC,MAAM,QAAQ,OAAO,OAAO,CAAC,GAAG,MAAM,IAAI,EAAE,QAAQ,CAAC;AAAA,IACrD,MAAM,MAAM,IAAI,WAAW,KAAK;AAAA,IAChC,IAAI,MAAM;AAAA,IACV,WAAW,KAAK,QAAQ;AAAA,MACtB,IAAI,IAAI,GAAG,GAAG;AAAA,MACd,OAAO,EAAE;AAAA,IACX;AAAA,IACA,OAAO,SAAS;AAAA,IAChB,OAAO;AAAA;AAAA,EAET,OAAO;AAAA,IACL,OAAO,MAAM,MAAM;AAAA,IACnB,UAAU,CAAC,OAA6B;AAAA,MACrC,OAAe,kBAAkB,KAAiC;AAAA,MACnE,OAAO,MAAM;AAAA;AAAA,IAGf,QAAQ,MAAM,IAAI,WAAW,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM;AAAA,EAC7D;AAAA;AAGK,SAAS,gBAAgB,CAAC,OAA6B;AAAA,EAC5D,MAAM,SAAS,kBAAkB,KAAK,KAAK;AAAA,EAC3C,MAAM,UAAU,CAAC,GAAG,MAAM;AAAA,EAC1B,IAAI,QAAQ,WAAW,GAAG;AAAA,IACxB,MAAM,MAAM,OAAO,UAAU,IAAI,SAAS,CAAC,CAAC;AAAA,IAG5C,MAAM,aAAa,IAAI,SAAS,IAAI,MAAM;AAAA,IAC1C,MAAM,OAAO,WAAW,EAAE,MAAM,YAAY,QAAQ,GAAG,UAAU,CAAC,GAAG,WAAW,EAAE,CAAC;AAAA,IACnF,OAAO,IAAI,cAAc,KAAK,IAAI;AAAA,EACpC;AAAA,EACA,OAAO,QAAQ;AAAA;AAyBV,SAAS,gBAAgB,CAAC,GAAc,SAA0C;AAAA,EACvF,MAAM,IAAI;AAAA,EACV,MAAM,UAAU,EAAE,OAAO,SAAS,IAAK,QAAQ,EAAE,OAAO,GAAG,OAAO,UAAU,IAAK;AAAA,EACjF,MAAM,WAAW,EAAE,OAAO,IAAI,CAAC,MAAM;AAAA,IACnC,MAAM,OAAO,QAAQ,EAAE;AAAA,IACvB,IAAI,CAAC;AAAA,MAAM,OAAO,WAAW,EAAE,MAAM,EAAE,MAAM,QAAQ,SAAS,WAAW,QAAQ,CAAC;AAAA,IAClF,OAAO,kBAAkB,MAAM,EAAE,IAAI,EAAE,KAAK;AAAA,GAC7C;AAAA,EACD,MAAM,aAAa,IAAI,SAAS,EAAE,MAAM;AAAA,EACxC,MAAM,OAAO,WAAW,EAAE,MAAM,YAAY,QAAQ,SAAS,UAAU,WAAW,EAAE,CAAC;AAAA,EACrF,OAAO,IAAI,cAAc,GAAG,IAAI;AAAA;AAiC3B,SAAS,sBAAsB,CAAC,GAAc,UAA0C;AAAA,EAC7F,MAAM,IAAI;AAAA,EACV,MAAM,WAAW,EAAE,OAAO,IAAI,CAAC,MAAM,uBAAuB,EAAE,IAAI,CAAC;AAAA,EACnE,MAAM,aAAa,IAAI,SAAS,EAAE,MAAM;AAAA,EACxC,MAAM,OAAO,WAAW,EAAE,MAAM,YAAY,QAAQ,GAAG,UAAU,WAAW,EAAE,CAAC;AAAA,EAC/E,OAAO,IAAI,cAAc,GAAG,MAAM,QAAQ;AAAA;AAK5C,SAAS,sBAAsB,CAAC,MAAuB;AAAA,EACrD,MAAM,IAAI,EAAE,UAAU,cAAc,MAAM,OAAO;AAAA,EACjD,IAAI,EAAE,SAAS,SAAS,IAAI,GAAG;AAAA,IAC7B,MAAM,WAAY,KAAa,SAAS,IAAI,CAAC,MAAW,uBAAuB,EAAE,IAAI,CAAC;AAAA,IACtF,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,UAAU,WAAW,EAAE,CAAQ;AAAA,EACtE;AAAA,EACA,IAAI,EAAE,SAAS,OAAO,IAAI,GAAG;AAAA,IAC3B,MAAM,YAAY,uBAAwB,KAAa,SAAS,GAAG,IAAI;AAAA,IACvE,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,OAAO,WAAW,WAAW,GAAG,cAAc,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAQ;AAAA,EACjH;AAAA,EACA,IAAI,EAAE,SAAS,gBAAgB,IAAI,GAAG;AAAA,IACpC,MAAM,YAAY,uBAAwB,KAAa,SAAS,GAAG,IAAI;AAAA,IACvE,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,OAAO,WAAW,WAAW,EAAE,CAAQ;AAAA,EAC9E;AAAA,EACA,IAAI,EAAE,SAAS,MAAM,IAAI,GAAG;AAAA,IAC1B,MAAM,YAAa,KAAa,SAAS,IAAI;AAAA,IAC7C,MAAM,YAAY,YACd,uBAAuB,SAAS,IAChC,WAAW,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC,GAAG,QAAQ,GAAG,UAAU,CAAC,GAAG,WAAW,EAAE,CAAC;AAAA,IAChF,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,OAAO,WAAW,WAAW,GAAG,cAAc,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAQ;AAAA,EACjH;AAAA,EACA,IAAI,EAAE,SAAS,QAAQ,IAAI,GAAG;AAAA,IAC5B,MAAM,WAAY,KAAa,SAAS,IAAI,CAAC,MAAW,uBAAuB,EAAE,IAAI,CAAC;AAAA,IACtF,IAAI,EAAE,SAAS,aAAa,IAAI,GAAG;AAAA,MACjC,OAAO,WAAW;AAAA,QAChB;AAAA,QACA,QAAQ;AAAA,QACR,SAAS,IAAI,UAAU,CAAC;AAAA,QACxB,cAAc,IAAI,WAAW,CAAC;AAAA,QAC9B;AAAA,QACA,WAAW;AAAA,MACb,CAAQ;AAAA,IACV;AAAA,IACA,OAAO,WAAW;AAAA,MAChB;AAAA,MACA,QAAQ;AAAA,MACR,SAAS,IAAI,UAAU,CAAC;AAAA,MACxB;AAAA,MACA,WAAW;AAAA,IACb,CAAQ;AAAA,EACV;AAAA,EACA,OAAO,WAAW,EAAE,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;AAAA;AAK9C,SAAS,0BAA0B,CACxC,GACA,QACA,UACU;AAAA,EACV,MAAM,IAAI;AAAA,EACV,MAAM,IAAI,EAAE,UAAU,cAAc,MAAM,OAAO;AAAA,EACjD,MAAM,WAAW,EAAE,OAAO,IAAI,CAAC,MAAM;AAAA,IACnC,MAAM,MAAM,OAAO,EAAE;AAAA,IACrB,IAAI,eAAe,EAAE;AAAA,MAAM,OAAO;AAAA,IAClC,OAAO,kBAAkB,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,KAAK;AAAA,GAC9C;AAAA,EACD,MAAM,aAAa,IAAI,SAAS,EAAE,MAAM;AAAA,EACxC,MAAM,OAAO,WAAW,EAAE,MAAM,YAAY,QAAQ,GAAG,UAAU,WAAW,EAAE,CAAC;AAAA,EAC/E,OAAO,IAAI,cAAc,GAAG,MAAM,QAAQ;AAAA;AAYrC,SAAS,iBAAiB,CAAC,OAAiB,UAAyC;AAAA,EAC1F,MAAM,IAAI;AAAA,EACV,OAAO,IAAI,cAAc,EAAE,QAAQ,EAAE,MAAM,QAAQ;AAAA;AAS9C,SAAS,gBAAgB,CAAC,SAAmB,SAAiC;AAAA,EACnF,MAAM,SAAS,IAAI;AAAA,EACnB,OAAO,MAAM,WAAW,OAA6B;AAAA,EACrD,WAAW,SAAS,SAAS;AAAA,IAC1B,OAAe,kBAAkB,KAAiC;AAAA,EACrE;AAAA,EACA,OAAO,MAAM;AAAA,EACb,OAAO,OAAO,aAAa,IAAI;AAAA;AAYjC,IAAM,kBAA8B,CAAC,KAAK,QAAQ;AAAA,EAChD,IAAI,IAAI,WAAW,IAAI;AAAA,IAAQ,OAAO;AAAA,EACtC,IAAI,IAAI,gBAAgB,IAAI;AAAA,IAAa,OAAO;AAAA,EAChD,OAAO;AAAA;AAGT,IAAM,aAAa,CAAC,MAA2B,EAAE,WAAW,OAAO,OAAO,EAAE,WAAW,OAAO;AAEvF,SAAS,oBAAoB,CAAC,OAAiB,SAA6B;AAAA,EACjF,MAAM,IAAI;AAAA,EACV,IAAI,EAAE,YAAY;AAAA,IAAG,OAAO;AAAA,EAC5B,MAAM,IAAI;AAAA,EAEV,IAAI,EAAE,OAAO,OAAO,WAAW,EAAE,OAAO,QAAQ;AAAA,IAC9C,MAAM,IAAI,UAAU,kCAAkC,EAAE,OAAO,eAAe,EAAE,OAAO,OAAO,QAAQ;AAAA,EACxG;AAAA,EACA,SAAS,IAAI,EAAG,IAAI,EAAE,OAAO,QAAQ,KAAK;AAAA,IACxC,IAAI,EAAE,OAAO,OAAO,GAAG,SAAS,EAAE,OAAO,GAAG,MAAM;AAAA,MAChD,MAAM,IAAI,UACR,gCAAgC,gBAAgB,EAAE,OAAO,GAAG,eAAe,EAAE,OAAO,OAAO,GAAG,OAChG;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,EAAE,OAAO,IAAI,CAAC,GAAG,MAAM;AAAA,IACtC,MAAM,WAAW,EAAE,KAAK,SAAS;AAAA,IACjC,MAAM,UAAU,SAAS;AAAA,IACzB,MAAM,UAAU,EAAE;AAAA,IAElB,IAAI,CAAC,gBAAgB,SAAS,OAAO,GAAG;AAAA,MACtC,OAAO,SAAS,MAAM,OAAO;AAAA,IAC/B;AAAA,IACA,IAAI,WAAW,OAAO,KAAK,WAAW,OAAO,GAAG;AAAA,MAC9C,MAAM,MAAM,EAAE,WAAW,CAAC;AAAA,MAC1B,MAAM,SAAmB,CAAC;AAAA,MAC1B,SAAS,IAAI,EAAG,IAAI,EAAE,SAAS,KAAK;AAAA,QAClC,MAAM,IAAI,IAAI,IAAI,CAAC;AAAA,QACnB,OAAO,KAAK,OAAO,MAAM,WAAW,OAAO,CAAC,IAAK,CAAY;AAAA,MAC/D;AAAA,MACA,OAAO,kBAAkB,QAAQ,OAAO,EAAE,KAAK;AAAA,IACjD;AAAA,IACA,OAAO,SAAS,MAAM,OAAO;AAAA,GAC9B;AAAA,EAED,MAAM,aAAa,IAAI,SAAS,EAAE,MAAM;AAAA,EACxC,MAAM,OAAO,WAAW;AAAA,IACtB,MAAM;AAAA,IACN,QAAQ,EAAE;AAAA,IACV;AAAA,IACA,WAAW,EAAE,KAAK;AAAA,IAClB,YAAY,EAAE,KAAK;AAAA,EACrB,CAAC;AAAA,EACD,OAAO,IAAI,cAAc,GAAG,MAAM,EAAE,QAAQ;AAAA;;AC1avC,IAAM,SAAS;AAAA,EACpB,MAAM;AAAA,EACN,KAAK;AAAA,EACL,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,MAAM;AAAA,EACN,MAAM;AAAA,EACN,SAAS;AAAA,EACT,MAAM;AAAA,EACN,MAAM;AAAA,EACN,WAAW;AAAA,EACX,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ;AAAA,EACR,OAAO;AAAA,EACP,iBAAiB;AAAA,EACjB,eAAe;AAAA,EACf,KAAK;AAAA,EACL,UAAU;AAAA,EACV,aAAa;AAAA,EACb,WAAW;AAAA,EACX,YAAY;AACd;AAGO,IAAM,QAAQ,CAAC,MAA4B,EAAE,WAAW,OAAO;AAC/D,IAAM,UAAU,CAAC,MAA4B,EAAE,WAAW,OAAO;AACjE,IAAM,WAAW,CAAC,MAA4B,EAAE,WAAW,OAAO,UAAU,EAAE,WAAW,OAAO;AAChG,IAAM,SAAS,CAAC,MAA4B,EAAE,WAAW,OAAO,QAAQ,EAAE,WAAW,OAAO;AAC5F,IAAM,cAAc,CAAC,MAA4B,EAAE,WAAW,OAAO;AACrE,IAAM,gBAAgB,CAAC,MAA4B,EAAE,WAAW,OAAO;AACvE,IAAM,SAAS,CAAC,MAA4B,EAAE,WAAW,OAAO;AAChE,IAAM,YAAY,CAAC,MAA4B,EAAE,WAAW,OAAO;AACnE,IAAM,SAAS,CAAC,MAA4B,EAAE,WAAW,OAAO;AAChE,IAAM,SAAS,CAAC,MAA4B,EAAE,WAAW,OAAO;AAChE,IAAM,cAAc,CAAC,MAA4B,EAAE,WAAW,OAAO;AACrE,IAAM,aAAa,CAAC,MAA4B,EAAE,WAAW,OAAO;AAGpE,IAAM,QAAQ,CAAC,MAA4B,EAAE,WAAW,OAAO;AAC/D,IAAM,oBAAoB,CAAC,MAA4B,EAAE,WAAW,OAAO;AAC3E,IAAM,eAAe,CAAC,MAA4B,EAAE,WAAW,OAAO;AAEtE,SAAS,OAAO,CAAC,GAAgD;AAAA,EACtE,OACE,KAAK,QACL,OAAQ,EAAU,YAAY,YAC7B,EAAU,UAAU,QACrB,MAAM,QAAS,EAAU,OAAO,MAAM;AAAA;;ACvC1C;;;ACSO,SAAS,WAAW,CAAC,SAAmB,QAAkD;AAAA,EAC/F,MAAM,SAA8B,KAAK,OAAO;AAAA,EAChD,WAAW,KAAK,QAAO,QAAQ;AAAA,IAC7B,MAAM,MAAM,OAAO,EAAE;AAAA,IACrB,IAAI,QAAQ;AAAA,MAAW;AAAA,IACvB,IAAI,CAAC,MAAM,EAAE,IAAI,KAAM,EAAE,KAAa,aAAa;AAAA,MAAI;AAAA,IAEvD,IAAI,MAAM,QAAQ,GAAG,GAAG;AAAA,MACtB,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,MAAY,OAAO,MAAM,WAAW,OAAO,CAAC,IAAI,CAAE;AAAA,IAC9E,EAAO,SAAI,OAAO,QAAQ,UAAU;AAAA,MAClC,OAAO,EAAE,QAAQ,OAAO,GAAG;AAAA,IAC7B;AAAA,EACF;AAAA,EACA,OAAO;AAAA;AAOF,SAAS,gBAAgB,CAC9B,SACA,QACA,UACA,WACU;AAAA,EACV,MAAM,WAAW,IAAI;AAAA,EACrB,SAAS,IAAI,eAAe,QAAQ;AAAA,EACpC,IAAI,cAAc,MAAM;AAAA,IACtB,SAAS,IAAI,gBAAgB,SAAS;AAAA,EACxC;AAAA,EAEA,IAAI,QAAO,OAAO,WAAW,GAAG;AAAA,IAC9B,OAAO,gBAAgB,SAAQ,QAAQ;AAAA,EACzC;AAAA,EAGA,WAAW,KAAK,QAAO,QAAQ;AAAA,IAC7B,IAAI,OAAO,EAAE,UAAU,aAAa,CAAC,EAAE,UAAU;AAAA,MAC/C,MAAM,MAAM,OAAO,KAAK,MAAM;AAAA,MAC9B,MAAM,IAAI,UAAU,0CAA0C,EAAE,qBAAqB,IAAI,KAAK,IAAI,IAAI;AAAA,IACxG;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,YAAY,SAAQ,MAAM;AAAA,EAC1C,OAAO,2BAA2B,SAAQ,SAAS,QAAQ;AAAA;AAMtD,SAAS,eAAe,CAAC,SAAmB,OAAc,UAAkB,WAAoC;AAAA,EACrH,MAAM,WAAW,IAAI;AAAA,EACrB,SAAS,IAAI,eAAe,WAAW;AAAA,EAIvC,MAAM,gBAAgB,OAAO,MAAM,SAAS,YAAY,MAAM,SAAS,UAAU,MAAM,OAAO,MAAM,YAAY;AAAA,EAChH,SAAS,IAAI,iBAAiB,GAAG,kBAAkB,MAAM,SAAS;AAAA,EAMlE,MAAM,YACH,MAAkC,aACjC,MAAM,YAAwC;AAAA,EAClD,IAAI,OAAO,cAAc,YAAY,UAAU,SAAS,GAAG;AAAA,IACzD,SAAS,IAAI,gBAAgB,SAAS;AAAA,EACxC;AAAA,EAEA,MAAM,QAA6B;AAAA,IACjC,gBAAgB;AAAA,IAChB,mBAAmB,MAAM;AAAA,IACzB,WAAW,MAAM,SAAS;AAAA,EAC5B;AAAA,EACA,IAAI,OAAO,cAAc,YAAY,UAAU,SAAS,GAAG;AAAA,IACzD,MAAM,aAAa;AAAA,EACrB;AAAA,EACA,SAAS,IAAI,eAAe,KAAK,UAAU,KAAK,CAAC;AAAA,EACjD,SAAS,IAAI,eAAe,QAAQ;AAAA,EACpC,IAAI,cAAc,MAAM;AAAA,IACtB,SAAS,IAAI,gBAAgB,SAAS;AAAA,EACxC;AAAA,EAEA,OAAO,gBAAgB,SAAQ,QAAQ;AAAA;AAMlC,SAAS,aAAa,CAC3B,SACA,OACA,SACA,OACA,UACA,WACU;AAAA,EACV,MAAM,WAAW,IAAI;AAAA,EACrB,SAAS,IAAI,eAAe,KAAK;AAAA,EACjC,SAAS,IAAI,iBAAiB,OAAO;AAAA,EACrC,IAAI,OAAO;AAAA,IACT,SAAS,IAAI,eAAe,KAAK,UAAU,KAAK,CAAC;AAAA,EACnD;AAAA,EACA,IAAI,YAAY,MAAM;AAAA,IACpB,SAAS,IAAI,eAAe,QAAQ;AAAA,EACtC;AAAA,EACA,IAAI,aAAa,MAAM;AAAA,IACrB,SAAS,IAAI,gBAAgB,SAAS;AAAA,EACxC;AAAA,EAEA,OAAO,gBAAgB,SAAQ,QAAQ;AAAA;AAOlC,SAAS,eAAe,CAAC,SAAmB,UAA0C;AAAA,EAC3F,OAAO,uBAAuB,SAAQ,QAAQ;AAAA;;;AD7EhD,IAAM,oBAAoB;AAOnB,SAAS,kBAAkB,CAAC,KAAmB;AAAA,EACpD,MAAM,SAAS,IAAI,IAAI,GAAG;AAAA,EAC1B,IAAI,OAAO,aAAa,UAAU;AAAA,IAChC,MAAM,IAAI,MAAM,8CAA8C,OAAO,WAAW;AAAA,EAClF;AAAA;AAOF,eAAe,SAAS,CAAC,MAAmC;AAAA,EAE1D,MAAM,MAAM,IAAI,YAAY,KAAK,UAAU;AAAA,EAC3C,IAAI,WAAW,GAAG,EAAE,IAAI,IAAI;AAAA,EAC5B,MAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,GAAG;AAAA,EACtD,OAAO,MAAM,KAAK,IAAI,WAAW,IAAI,CAAC,EACnC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAAA;AAQL,SAAS,uBAAuB,CAAC,OAA0B;AAAA,EAChE,IAAI,MAAM,YAAY;AAAA,IAAG,OAAO;AAAA,EAChC,MAAM,OAAO,MAAM;AAAA,EACnB,IAAI,CAAC;AAAA,IAAM,OAAO;AAAA,EAClB,OAAO,KAAK,IAAI,YAAY,KAAK,CAAC,KAAK,IAAI,aAAa;AAAA;AAQnD,SAAS,yBAAyB,CAAC,SAAmB,KAAa,QAA2B;AAAA,EACnG,MAAM,WAAW,IAAI;AAAA,EACrB,SAAS,IAAI,cAAc,GAAG;AAAA,EAC9B,IAAI,QAAQ;AAAA,IACV,SAAS,IAAI,qBAAqB,MAAM;AAAA,EAC1C;AAAA,EACA,OAAO,gBAAgB,SAAQ,QAAQ;AAAA;AAOzC,SAAS,mBAAmB,CAAC,OAA6B;AAAA,EACxD,OAAO,eAAe,KAAK;AAAA;AAG7B,SAAS,aAAa,CAAC,OAAyB;AAAA,EAE9C,OAAO,eAAe,KAAK,EAAE;AAAA;AAW/B,eAAsB,qBAAqB,CACzC,OACA,QACmB;AAAA,EACnB,IAAI,CAAC,QAAQ;AAAA,IAAS,OAAO;AAAA,EAC7B,IAAI,MAAM,YAAY;AAAA,IAAG,OAAO;AAAA,EAEhC,MAAM,YAAY,OAAO,6BAA6B;AAAA,EACtD,IAAI,cAAc,KAAK,IAAI;AAAA,IAAW,OAAO;AAAA,EAG7C,IAAI,UAAU,oBAAoB,KAAK;AAAA,EAGvC,MAAM,WAAW,MAAM,UAAU,OAAO;AAAA,EAGxC,IAAI,kBAAkB;AAAA,EACtB,IAAI,OAAO,aAAa,cAAc,QAAQ;AAAA,IAC5C,UAAW,MAAM,aAAa,SAAS,OAAO,YAAY,SAAS,CAAC;AAAA,IACpE,kBAAkB;AAAA,EACpB;AAAA,EAGA,MAAM,MAAM,MAAM,OAAO,QAAQ,OAAO,SAAS,eAAe;AAAA,EAGhE,OAAO,0BAA0B,MAAM,QAAQ,KAAK,QAAQ;AAAA;AAW9D,eAAsB,uBAAuB,CAC3C,OACA,QACmB;AAAA,EACnB,IAAI,CAAC;AAAA,IAAQ,OAAO;AAAA,EACpB,IAAI,CAAC,wBAAwB,KAAK;AAAA,IAAG,OAAO;AAAA,EAE5C,MAAM,MAAM,MAAM,UAAU,IAAI,YAAY;AAAA,EAC5C,IAAI,CAAC;AAAA,IAAK,OAAO;AAAA,EAGjB,MAAM,YAAY,OAAO,iBAAiB,OAAO,YAAa,OAAO,gBAAgB;AAAA,EACrF,IAAI,WAAW;AAAA,IACb,UAAU,GAAG;AAAA,EACf;AAAA,EAGA,MAAM,WAAW,MAAM,MAAM,GAAG;AAAA,EAChC,IAAI,CAAC,SAAS,IAAI;AAAA,IAChB,MAAM,IAAI,MAAM,mCAAmC,SAAS,UAAU,SAAS,oBAAoB,MAAM;AAAA,EAC3G;AAAA,EACA,IAAI,OAAO,IAAI,WAAW,MAAM,SAAS,YAAY,CAAC;AAAA,EAMtD,MAAM,kBAAkB,SAAS,QAAQ,IAAI,kBAAkB;AAAA,EAC/D,IAAI,oBAAoB,QAAQ;AAAA,IAC9B,MAAM,MAAM,KAAK,aAAa;AAAA,IAC9B,OAAO,IAAI,WAAW,MAAM,eAAe,MAAM,GAAG,CAAC;AAAA,EACvD;AAAA,EAGA,MAAM,iBAAiB,MAAM,UAAU,IAAI,mBAAmB;AAAA,EAC9D,IAAI,gBAAgB;AAAA,IAClB,MAAM,eAAe,MAAM,UAAU,IAAI;AAAA,IACzC,IAAI,iBAAiB,gBAAgB;AAAA,MACnC,MAAM,IAAI,MAAM,iCAAiC,iBAAiB,uBAAuB,cAAc;AAAA,IACzG;AAAA,EACF;AAAA,EAGA,MAAM,WAAW,iBAAiB,IAAI;AAAA,EACtC,IAAI,SAAS,YAAY,KAAK,SAAS,OAAO,OAAO,WAAW,GAAG;AAAA,IACjE,MAAM,IAAI,MAAM,mDAAmD,KAAK;AAAA,EAC1E;AAAA,EACA,OAAO;AAAA;;;AEpNF,IAAM,qBAAqB;AAK3B,IAAM,iBAAiB;AACvB,IAAM,wBAAwB;AAC9B,IAAM,uBAAuB;AAC7B,IAAM,wBAAwB;AAC9B,IAAM,4BAA4B;AAClC,IAAM,6BAA6B;AAMnC,IAAM,qBAAqB;AAK3B,IAAM,mBAAmB;AAGzB,SAAS,qBAAqB,CAAC,GAAuB;AAAA,EAC3D,MAAM,QAAkB,CAAC;AAAA,EACzB,IAAI,EAAE,QAAQ;AAAA,IACZ,MAAM,KAAK,GAAG,EAAE,OAAO;AAAA,IACvB,MAAM,KAAK,WAAW;AAAA,EACxB,EAAO;AAAA,IACL,MAAM,KAAK,GAAG,EAAE,QAAQ,EAAE,OAAO;AAAA,IACjC,IAAI,EAAE,WAAW;AAAA,MAAW,MAAM,KAAK,WAAW,EAAE,QAAQ;AAAA,IAC5D,IAAI,EAAE;AAAA,MAAS,MAAM,KAAK,WAAW,EAAE,QAAQ,YAAY,GAAG;AAAA;AAAA,EAEhE,IAAI,EAAE;AAAA,IAAM,MAAM,KAAK,QAAQ,EAAE,MAAM;AAAA,EACvC,IAAI,EAAE;AAAA,IAAQ,MAAM,KAAK,UAAU,EAAE,QAAQ;AAAA,EAC7C,IAAI,EAAE;AAAA,IAAQ,MAAM,KAAK,QAAQ;AAAA,EACjC,IAAI,EAAE;AAAA,IAAU,MAAM,KAAK,UAAU;AAAA,EACrC,IAAI,EAAE;AAAA,IAAU,MAAM,KAAK,YAAY,EAAE,UAAU;AAAA,EACnD,IAAI,EAAE;AAAA,IAAa,MAAM,KAAK,aAAa;AAAA,EAC3C,OAAO,MAAM,KAAK,IAAI;AAAA;AAIjB,SAAS,mBAAmB,CAAC,SAAkB,SAAsC;AAAA,EAC1F,WAAW,KAAK,SAAS;AAAA,IACvB,QAAQ,OAAO,cAAc,sBAAsB,CAAC,CAAC;AAAA,EACvD;AAAA;AAAA;AAGK,MAAM,qBAAqB,MAAM;AAAA,EAGpB;AAAA,EAFlB,WAAW,CACT,SACgB,YAChB;AAAA,IACA,MAAM,OAAO;AAAA,IAFG;AAAA,IAGhB,KAAK,OAAO;AAAA;AAEhB;AAWO,SAAS,kBAAkB,CAAC,SAAmB,SAAiC;AAAA,EACrF,MAAM,YAAY,QAAQ,IAAI,CAAC,MAAM,qBAAqB,GAAG,OAAM,CAAC;AAAA,EACpE,OAAO,iBAAiB,SAAQ,SAAS;AAAA;AAWpC,SAAS,aAAa,CAAC,MAAkB,SAAS,KAAK,cAAkC;AAAA,EAC9F,MAAM,UAAU,gBAAgB,IAAI;AAAA,EACpC,QAAQ,IAAI,gBAAgB,kBAAkB;AAAA,EAC9C,IAAI,WAAW,KAAK;AAAA,IAClB,QAAQ,IAAI,kBAAkB,MAAM;AAAA,IACpC,OAAO,IAAI,SAAS,MAA6B,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,EAC3E;AAAA,EACA,OAAO,IAAI,SAAS,MAA6B,EAAE,QAAQ,QAAQ,CAAC;AAAA;AAItE,eAAsB,mBAAmB,CAAC,MAAmE;AAAA,EAC3G,MAAM,QAAQ,iBAAiB,IAAI;AAAA,EAKnC,IAAI,MAAM,OAAO,OAAO,WAAW,KAAK,MAAM,YAAY,MAAM,MAAM,UAAU,QAAQ,OAAO,GAAG;AAAA,IAChG,MAAM,IAAI,aAAa,+BAA+B,GAAG;AAAA,EAC3D;AAAA,EACA,OAAO,EAAE,QAAQ,MAAM,QAAQ,MAAM;AAAA;;;AC1FvC,IAAM,2BAA2B;AACjC,IAAM,oBAAoB;AAC1B,IAAM,0BAA0B;AAEhC,SAAS,cAAc,CAAC,SAAkB,MAA6B;AAAA,EACrE,MAAM,MAAM,QAAQ,IAAI,IAAI,KAAK,QAAQ,IAAI,KAAK,YAAY,CAAC;AAAA,EAC/D,IAAI,OAAO;AAAA,IAAM,OAAO;AAAA,EACxB,MAAM,SAAS,OAAO,SAAS,KAAK,EAAE;AAAA,EACtC,OAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAAA;AAGrC,SAAS,4BAA4B,CAAC,SAA0C;AAAA,EACrF,MAAM,YAAY,QAAQ,IAAI,iBAAiB,KAAK,QAAQ,IAAI,kBAAkB,YAAY,CAAC;AAAA,EAC/F,MAAM,mBAAmB,cAAc;AAAA,EAEvC,IAAI,iBAAgC;AAAA,EACpC,MAAM,KAAK,QAAQ,IAAI,eAAe,KAAK,QAAQ,IAAI,eAAe;AAAA,EACtE,IAAI,IAAI;AAAA,IACN,WAAW,SAAS,GAAG,MAAM,GAAG,GAAG;AAAA,MACjC,MAAM,IAAI,MAAM,KAAK,EAAE,YAAY;AAAA,MACnC,IAAI,EAAE,WAAW,UAAU,GAAG;AAAA,QAC5B,MAAM,UAAU,OAAO,WAAW,EAAE,MAAM,WAAW,MAAM,CAAC;AAAA,QAC5D,IAAI,OAAO,SAAS,OAAO,GAAG;AAAA,UAC5B,iBAAiB,KAAK,IAAI,IAAI,UAAU;AAAA,QAC1C;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO;AAAA,IACL,iBAAiB,eAAe,SAAS,wBAAwB;AAAA,IACjE;AAAA,IACA,gBAAgB,eAAe,SAAS,uBAAuB;AAAA,IAC/D;AAAA,EACF;AAAA;AAkBK,SAAS,yBAAyB,CAAC,UAAkD;AAAA,EAC1F,IAAI,CAAC;AAAA,IAAU,OAAO;AAAA,EACtB,IAAI,SAAS,kBAAkB;AAAA,IAAM,OAAO;AAAA,EAC5C,OAAO,KAAK,IAAI,IAAI,SAAS;AAAA;;;AC/E/B,mBAAS;;;ACAT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,uBAOE;AAAA;AAAA;;;ACPF,8BAA2B;AAAA;AAapB,MAAM,gBAAgB;AAAA,EACnB;AAAA,EACA,cAAc;AAAA,EAEd,cAAc;AAAA,EAEd,WAAW,CAAC,QAA2B;AAAA,IAC7C,KAAK,SAAS;AAAA;AAAA,cAGH,OAAM,CAAC,OAAqF;AAAA,IACvG,MAAM,SAAS,MAAM,mBAAkB,KAAK,KAAY;AAAA,IACxD,MAAM,OAAO,KAAK,EAAE,aAAa,MAAM,CAAC;AAAA,IACxC,IAAI,OAAO,QAAQ;AAAA,MACjB,MAAM,IAAI,MAAM,8CAA8C;AAAA,IAChE;AAAA,IACA,OAAO,IAAI,gBAAgB,MAAM;AAAA;AAAA,OAO7B,WAAU,GAAkC;AAAA,IAChD,IAAI,KAAK,aAAa;AAAA,MAEpB,MAAM,KAAK,OAAO,MAAM,EAAE,KAAK;AAAA,MAC/B,IAAI,KAAK,OAAO,QAAQ;AAAA,QACtB,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,KAAK,cAAc;AAAA,IAEnB,MAAM,UAAS,KAAK,OAAO;AAAA,IAC3B,IAAI,CAAC,SAAQ;AAAA,MACX,OAAO;AAAA,IACT;AAAA,IAEA,MAAM,UAAyB,CAAC;AAAA,IAChC,OAAO,MAAM;AAAA,MACX,MAAM,SAAS,MAAM,KAAK,OAAO,KAAK;AAAA,MACtC,IAAI,OAAO;AAAA,QAAM;AAAA,MAEjB,IAAI,OAAO,MAAM,YAAY,SAAS;AAAA,QAAwC;AAAA,MAC9E,QAAQ,KAAK,OAAO,KAAK;AAAA,IAC3B;AAAA,IAEA,OAAO,EAAE,iBAAQ,QAAQ;AAAA;AAAA,OAQrB,eAAc,GAA8B;AAAA,IAChD,IAAI,KAAK,aAAa;AAAA,MACpB,MAAM,KAAK,OAAO,MAAM,EAAE,KAAK;AAAA,MAC/B,IAAI,KAAK,OAAO,QAAQ;AAAA,QACtB,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,KAAK,cAAc;AAAA,IACnB,KAAK,cAAc;AAAA,IACnB,OAAO,KAAK,OAAO,UAAU;AAAA;AAAA,OAWzB,cAAa,GAA6B;AAAA,IAC9C,IAAI,KAAK;AAAA,MAAa,OAAO;AAAA,IAC7B,MAAM,SAAS,MAAM,KAAK,OAAO,KAAK;AAAA,IACtC,IAAI,OAAO,MAAM;AAAA,MACf,KAAK,cAAc;AAAA,MACnB,OAAO;AAAA,IACT;AAAA,IAIA,IAAI,OAAO,MAAM,YAAY,SAAS,wCAAwC;AAAA,MAC5E,KAAK,cAAc;AAAA,MACnB,OAAO;AAAA,IACT;AAAA,IACA,OAAO,OAAO;AAAA;AAAA,OAGV,OAAM,GAAkB;AAAA,IAC5B,MAAM,KAAK,OAAO,OAAO;AAAA;AAE7B;;;ADjFO,SAAS,cAAc,CAAC,OAAsB;AAAA,EACnD,IAAI,OAAO,UAAU;AAAA,IAAU,OAAO,IAAI;AAAA,EAC1C,IAAI,OAAO,UAAU;AAAA,IAAW,OAAO,IAAI;AAAA,EAC3C,IAAI,OAAO,UAAU;AAAA,IAAU,OAAO,IAAI;AAAA,EAC1C,IAAI,OAAO,UAAU;AAAA,IAAU,OAAO,IAAI;AAAA,EAC1C,IAAI,iBAAiB;AAAA,IAAY,OAAO,IAAI;AAAA,EAC5C,OAAO,IAAI;AAAA;AAOb,SAAS,cAAc,CAAC,MAAgB,OAAiB;AAAA,EACvD,IAAI,SAAS;AAAA,IAAM,OAAO;AAAA,EAG1B,IAAI,SAAS,MAAM,IAAI,KAAM,KAAa,aAAa,IAAI;AAAA,IACzD,IAAI,OAAO,UAAU;AAAA,MAAU,OAAO,OAAO,KAAK;AAAA,IAClD,OAAO;AAAA,EACT;AAAA,EAGA,IAAI,SAAS,MAAM,IAAI,GAAG;AAAA,IACxB,IAAI,iBAAiB,KAAK;AAAA,MACxB,MAAM,eAAgB,KAAa,SAAS;AAAA,MAC5C,MAAM,YAAY,aAAa,KAAK,SAAS,GAAG;AAAA,MAChD,MAAM,UAAU,IAAI;AAAA,MACpB,YAAY,GAAG,MAAM,OAAO;AAAA,QAC1B,QAAQ,IAAI,GAAG,eAAe,WAAW,CAAC,CAAC;AAAA,MAC7C;AAAA,MACA,OAAO;AAAA,IACT;AAAA,IACA,OAAO;AAAA,EACT;AAAA,EAGA,IAAI,SAAS,OAAO,IAAI,GAAG;AAAA,IACzB,IAAI,MAAM,QAAQ,KAAK,GAAG;AAAA,MACxB,MAAM,WAAY,KAAa,SAAS,GAAG;AAAA,MAC3C,OAAO,MAAM,IAAI,CAAC,MAAW,eAAe,UAAU,CAAC,CAAC;AAAA,IAC1D;AAAA,IACA,OAAO;AAAA,EACT;AAAA,EAEA,OAAO;AAAA;AAUF,SAAS,eAAe,CAC7B,SACA,QACA,QACA,SACY;AAAA,EACZ,MAAM,WAAW,IAAI;AAAA,EACrB,SAAS,IAAI,gBAAgB,MAAM;AAAA,EACnC,SAAS,IAAI,qBAAqB,eAAe;AAAA,EACjD,IAAI,SAAS,iBAAiB;AAAA,IAC5B,SAAS,IAAI,sBAAsB,QAAQ,eAAe;AAAA,EAC5D;AAAA,EAaA,IAAI,QAAO,OAAO,WAAW,GAAG;AAAA,IAC9B,MAAM,SAAQ,uBAAuB,SAAQ,QAAQ;AAAA,IACrD,OAAO,mBAAmB,SAAQ,CAAC,MAAK,CAAC;AAAA,EAC3C;AAAA,EAEA,MAAM,UAA+B,CAAC;AAAA,EACtC,WAAW,KAAK,QAAO,QAAQ;AAAA,IAC7B,MAAM,MAAM,OAAO,EAAE;AAAA,IAIrB,QAAQ,EAAE,QAAQ,QAAQ,YAAY,OAAO,eAAe,EAAE,MAAM,GAAG;AAAA,EACzE;AAAA,EACA,MAAM,QAAQ,2BAA2B,SAAQ,SAAS,QAAQ;AAAA,EAClE,OAAO,mBAAmB,SAAQ,CAAC,KAAK,CAAC;AAAA;AAM3C,eAAsB,mBAAmB,CAAC,MAAuE;AAAA,EAC/G,MAAM,SAAS,MAAM,mBAAkB,KAAK,IAAI;AAAA,EAChD,MAAM,OAAO,KAAK;AAAA,EAClB,MAAM,UAAS,OAAO;AAAA,EACtB,IAAI,CAAC,SAAQ;AAAA,IACX,MAAM,IAAI,SAAS,iBAAiB,+BAA+B,EAAE;AAAA,EACvE;AAAA,EACA,MAAM,UAAU,OAAO,QAAQ;AAAA,EAC/B,OAAO,EAAE,iBAAQ,QAAQ;AAAA;AASpB,SAAS,kBAAkB,CAAC,OAAoB,OAA4C;AAAA,EACjG,MAAM,OAAO,MAAM;AAAA,EACnB,IAAI,CAAC;AAAA,IAAM,OAAO;AAAA,EAElB,MAAM,QAAQ,KAAK,IAAI,aAAa;AAAA,EACpC,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,MAAM,UAAU,KAAK,IAAI,eAAe,KAAK;AAAA,EAE7C,IAAI,UAAU,aAAa;AAAA,IACzB,MAAM,WAAW,KAAK,IAAI,aAAa;AAAA,IACvC,IAAI,YAAY;AAAA,IAChB,IAAI,eAAe;AAAA,IACnB,IAAI,YAAY;AAAA,IAChB,IAAI,UAAU;AAAA,MACZ,IAAI;AAAA,QACF,MAAM,QAAQ,KAAK,MAAM,QAAQ;AAAA,QACjC,YAAY,MAAM,kBAAkB;AAAA,QACpC,eAAe,MAAM,qBAAqB;AAAA,QAC1C,YAAY,MAAM,aAAa;AAAA,QAC/B,MAAM;AAAA,IACV;AAAA,IACA,MAAM,IAAI,SAAS,WAAW,cAAc,SAAS;AAAA,EACvD;AAAA,EAEA,IAAI,OAAO;AAAA,IACT,MAAM,WAAW,KAAK,IAAI,aAAa;AAAA,IACvC,IAAI;AAAA,IACJ,IAAI,UAAU;AAAA,MACZ,IAAI;AAAA,QACF,QAAQ,KAAK,MAAM,QAAQ;AAAA,QAC3B,MAAM;AAAA,IACV;AAAA,IACA,MAAM,EAAE,OAAO,SAAS,MAAM,CAAC;AAAA,EACjC;AAAA,EAEA,OAAO;AAAA;AAOF,SAAS,gBAAgB,CAAC,OAA2C;AAAA,EAC1E,MAAM,OAA8B,CAAC;AAAA,EACrC,SAAS,IAAI,EAAG,IAAI,MAAM,SAAS,KAAK;AAAA,IACtC,MAAM,MAA2B,CAAC;AAAA,IAClC,SAAS,IAAI,EAAG,IAAI,MAAM,OAAO,OAAO,QAAQ,KAAK;AAAA,MACnD,MAAM,SAAQ,MAAM,OAAO,OAAO;AAAA,MAClC,IAAI,QAAQ,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,MACtC,IAAI,OAAO,UAAU,UAAU;AAAA,QAC7B,IAAI,SAAS,OAAO,OAAO,gBAAgB,KAAK,SAAS,OAAO,OAAO,gBAAgB,GAAG;AAAA,UACxF,QAAQ,OAAO,KAAK;AAAA,QACtB;AAAA,MACF;AAAA,MACA,IAAI,OAAM,QAAQ;AAAA,IACpB;AAAA,IACA,KAAK,KAAK,GAAG;AAAA,EACf;AAAA,EACA,OAAO;AAAA;AAOT,eAAsB,qBAAqB,CAAC,MAA4C;AAAA,EACtF,MAAM,SAAS,IAAI,eAA2B;AAAA,IAC5C,KAAK,CAAC,YAAY;AAAA,MAChB,WAAW,QAAQ,IAAI;AAAA,MACvB,WAAW,MAAM;AAAA;AAAA,EAErB,CAAC;AAAA,EACD,OAAO,gBAAgB,OAAO,MAAM;AAAA;;;AD9JtC,SAAS,kBAAiB,CAAC,OAA2B;AAAA,EACpD,OAAO,kBAAsB,KAAK;AAAA;AAOpC,eAAsB,qBAAqB,CACzC,SACA,OAC6B;AAAA,EAE7B,IAAI,YAAY;AAAA,EAChB,WAAW,SAAS,SAAS;AAAA,IAC3B,IAAI,MAAM,YAAY,GAAG;AAAA,MACvB,mBAAmB,OAAO,KAAK;AAAA,MAC/B;AAAA,IACF;AAAA,IACA,YAAY;AAAA,EACd;AAAA,EAEA,IAAI,CAAC,WAAW;AAAA,IACd,MAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AAAA,EAGA,MAAM,OAAO,UAAU;AAAA,EACvB,MAAM,eAAe,MAAM,IAAI,iBAAiB,KAAK;AAAA,EACrD,MAAM,kBAAkB,MAAM,IAAI,oBAAoB,KAAK;AAAA,EAK3D,MAAM,UAAwB,CAAC;AAAA,EAC/B,SAAS,IAAI,EAAG,IAAI,UAAU,SAAS,KAAK;AAAA,IAC1C,MAAM,OAAO,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IAC3C,MAAM,aAAa,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IACjD,MAAM,aAAa,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IACjD,MAAM,YAAY,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IAChD,MAAM,YAAY,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IAChD,MAAM,YAAY,UAAU,WAAW,CAAC,EAAG,IAAI,CAAC;AAAA,IAChD,MAAM,YAAY,UAAU,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,IAGhD,MAAM,eAAe,MAAM,mBAAkB,SAAS;AAAA,IACtD,MAAM,eAAe,MAAM,mBAAkB,SAAS;AAAA,IAEtD,MAAM,OAAmB;AAAA,MACvB;AAAA,MACA,MAAM;AAAA,MACN;AAAA,MACA;AAAA,IACF;AAAA,IAGA,IAAI,eAAe,UAAU;AAAA,MAC3B,KAAK,eAAe;AAAA,IACtB;AAAA,IAEA,IAAI,aAAa,WAAW;AAAA,MAC1B,KAAK,eAAe,MAAM,mBAAkB,SAAS;AAAA,IACvD;AAAA,IAEA,QAAQ,KAAK,IAAI;AAAA,EACnB;AAAA,EAEA,OAAO,EAAE,cAAc,iBAAiB,QAAQ;AAAA;AAMlD,eAAsB,cAAc,CAClC,SACA,SAO6B;AAAA,EAC7B,MAAM,SAAS,SAAS,UAAU;AAAA,EAClC,MAAM,cAAc,IAAI,YAAY,CAAC,CAAC;AAAA,EACtC,MAAM,OAAO,gBAAgB,aAAa,CAAC,GAAG,oBAAoB;AAAA,EAElE,MAAM,UAAkC,EAAE,gBAAgB,mBAAmB;AAAA,EAC7E,IAAI,SAAS,eAAe;AAAA,IAC1B,QAAQ,gBAAgB,QAAQ;AAAA,EAClC;AAAA,EAEA,MAAM,QAAQ,SAAS;AAAA,EACvB,MAAM,aAAa,SAAS;AAAA,EAC5B,MAAM,eAAe,SAAS;AAAA,EAC9B,IAAI,WAAuB;AAAA,EAC3B,IAAI,SAAS,QAAQ,YAAY;AAAA,IAC/B,QAAQ,sBAAsB;AAAA,IAC9B,WAAW,MAAM,WAAW,MAAM,KAAK;AAAA,EACzC;AAAA,EACA,IAAI,SAAS,QAAQ,cAAc;AAAA,IACjC,QAAQ,qBAAqB;AAAA,EAC/B;AAAA,EAEA,MAAM,WAAW,MAAM,MAAM,GAAG,UAAU,UAAU,wBAAwB;AAAA,IAC1E,QAAQ;AAAA,IACR;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AAAA,EACD,IAAI,SAAS,WAAW,KAAK;AAAA,IAC3B,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,EACzE;AAAA,EAEA,IAAI,eAAe,IAAI,WAAW,MAAM,SAAS,YAAY,CAAC;AAAA,EAC9D,IAAI,SAAS,QAAQ,IAAI,kBAAkB,MAAM,UAAU,cAAc;AAAA,IACvE,eAAe,IAAI,WAAW,MAAM,aAAa,YAAY,CAAC;AAAA,EAChE;AAAA,EACA,QAAQ,YAAY,MAAM,oBAAoB,YAAY;AAAA,EAE1D,OAAO,sBAAsB,OAAO;AAAA;;;AGjLtC;AAwBO,MAAM,kBAA2C;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,WAAW,CAAC,MAiBT;AAAA,IACD,KAAK,WAAW,KAAK;AAAA,IACrB,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,cAAc,KAAK;AAAA,IACxB,KAAK,gBAAgB,KAAK;AAAA,IAC1B,KAAK,eAAe,KAAK;AAAA,IACzB,KAAK,SAAS,KAAK;AAAA,IACnB,KAAK,kBAAkB,KAAK;AAAA,IAC5B,KAAK,YAAY,KAAK;AAAA,IACtB,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,oBAAoB,KAAK;AAAA,IAC9B,KAAK,cAAc,KAAK;AAAA,IACxB,KAAK,gBAAgB,KAAK;AAAA,IAC1B,KAAK,iBAAiB,KAAK;AAAA,IAC3B,KAAK,kBAAkB,KAAK;AAAA,IAC5B,KAAK,UAAU,KAAK;AAAA;AAAA,OAGR,MAAK,CAAC,KAAa,MAAqC;AAAA,IACpE,IAAI,KAAK;AAAA,MAAS,OAAO,KAAK,QAAQ,KAAK,IAAI;AAAA,IAC/C,OAAO,MAAM,KAAK;AAAA,MAChB,QAAQ;AAAA,MACR,SAAS,KAAK,cAAc;AAAA,MAC5B,MAAO,MAAM,KAAK,aAAa,IAAI;AAAA,IACrC,CAAC;AAAA;AAAA,MAIC,MAAM,GAA+B;AAAA,IACvC,OAAO,KAAK;AAAA;AAAA,EAGN,aAAa,GAA2B;AAAA,IAC9C,MAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AAAA,IACA,IAAI,KAAK,qBAAqB,QAAQ,KAAK,aAAa;AAAA,MACtD,QAAQ,sBAAsB;AAAA,IAChC;AAAA,IACA,IAAI,KAAK,qBAAqB,QAAQ,KAAK,eAAe;AAAA,MACxD,QAAQ,qBAAqB;AAAA,IAC/B;AAAA,IACA,IAAI,KAAK,gBAAgB;AAAA,MACvB,QAAQ,gBAAgB,KAAK;AAAA,IAC/B;AAAA,IACA,OAAO;AAAA;AAAA,OAGK,aAAY,CAAC,SAA0C;AAAA,IACnE,IAAI,KAAK,qBAAqB,QAAQ,KAAK,aAAa;AAAA,MACtD,OAAO,MAAM,KAAK,YAAY,SAAS,KAAK,iBAAiB;AAAA,IAC/D;AAAA,IACA,OAAO;AAAA;AAAA,OAGK,cAAa,CAAC,MAAkD;AAAA,IAC5E,IAAI,OAAO,IAAI,WAAW,MAAM,KAAK,YAAY,CAAC;AAAA,IAClD,IAAI,KAAK,QAAQ,IAAI,kBAAkB,MAAM,UAAU,KAAK,eAAe;AAAA,MACzE,OAAO,IAAI,WAAW,MAAM,KAAK,cAAc,IAAI,CAAC;AAAA,IACtD;AAAA,IACA,OAAO;AAAA;AAAA,OAMH,SAAQ,CAAC,OAA8D;AAAA,IAC3E,IAAI,KAAK,gBAAgB,MAAM;AAAA,MAC7B,MAAM,IAAI,SAAS,iBAAiB,kDAAuD,EAAE;AAAA,IAC/F;AAAA,IAMA,IAAI,MAAM,WAAW,GAAG;AAAA,MAItB,MAAM,aAAa,KAAK,gBAAgB,KAAK;AAAA,MAC7C,MAAM,aAAa,KAAK,iBAAiB,UAAU;AAAA,MACnD,MAAM,YAAW,IAAI;AAAA,MACrB,UAAS,IAAI,WAAW,KAAK,WAAW;AAAA,MACxC,MAAM,gBAAgB,IAAI,YAAY,YAAY,WAAW,MAAM,SAAQ;AAAA,MAC3E,OAAO,KAAK,YAAY,YAAY,CAAC,aAAa,CAAC;AAAA,IACrD;AAAA,IAGA,MAAM,OAAO,OAAO,KAAK,MAAM,EAAE;AAAA,IACjC,MAAM,SAAS,KAAK,IAAI,CAAC,QAAQ;AAAA,MAE/B,IAAI;AAAA,MACJ,WAAW,OAAO,OAAO;AAAA,QACvB,IAAI,IAAI,QAAQ,MAAM;AAAA,UACpB,SAAS,IAAI;AAAA,UACb;AAAA,QACF;AAAA,MACF;AAAA,MACA,MAAM,YAAY,eAAe,MAAM;AAAA,MACvC,MAAM,WAAW,MAAM,KAAK,CAAC,QAAQ,IAAI,QAAQ,IAAI;AAAA,MACrD,OAAO,IAAI,MAAM,KAAK,WAAW,QAAQ;AAAA,KAC1C;AAAA,IAED,MAAM,cAAc,IAAI,OAAO,MAAM;AAAA,IACrC,MAAM,WAAW,YAAY,OAAO,IAAI,CAAC,MAAM;AAAA,MAC7C,MAAM,SAAS,MAAM,IAAI,CAAC,QAAQ,IAAI,EAAE,KAAK;AAAA,MAC7C,OAAO,gBAAgB,QAAQ,EAAE,IAAI,EAAE,KAAK;AAAA,KAC7C;AAAA,IAED,MAAM,aAAa,IAAI,OAAO,YAAY,MAAM;AAAA,IAChD,MAAM,OAAO,SAAS;AAAA,MACpB,MAAM;AAAA,MACN,QAAQ,MAAM;AAAA,MACd;AAAA,MACA,WAAW;AAAA,IACb,CAAC;AAAA,IAED,MAAM,WAAW,IAAI;AAAA,IACrB,SAAS,IAAI,WAAW,KAAK,WAAW;AAAA,IACxC,MAAM,QAAQ,IAAI,YAAY,aAAa,MAAM,QAAQ;AAAA,IAEzD,OAAO,KAAK,YAAY,aAAa,CAAC,KAAK,CAAC;AAAA;AAAA,OAGhC,YAAW,CAAC,SAAgB,SAAwD;AAAA,IAChG,MAAM,OAAO,mBAAmB,SAAQ,OAAO;AAAA,IAC/C,MAAM,OAAO,MAAM,KAAK,MAAM,GAAG,KAAK,WAAW,KAAK,WAAW,KAAK,oBAAoB,IAAI;AAAA,IAC9F,IAAI,KAAK,WAAW,KAAK;AAAA,MACvB,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,IACzE;AAAA,IAEA,MAAM,eAAe,MAAM,KAAK,cAAc,IAAI;AAAA,IAClD,QAAQ,SAAS,oBAAoB,MAAM,oBAAoB,YAAY;AAAA,IAE3E,IAAI,aAAoC,CAAC;AAAA,IACzC,WAAW,SAAS,iBAAiB;AAAA,MACnC,IAAI,MAAM,YAAY,GAAG;AAAA,QAEvB,mBAAmB,OAAO,KAAK,MAAM;AAAA,QAErC,MAAM,SAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,QAC3C,IAAI,QAAO;AAAA,UACT,KAAK,cAAc;AAAA,QACrB;AAAA,QACA;AAAA,MACF;AAAA,MAGA,MAAM,QAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,MAC3C,IAAI,OAAO;AAAA,QACT,KAAK,cAAc;AAAA,MACrB;AAAA,MAEA,aAAa,iBAAiB,KAAK;AAAA,IACrC;AAAA,IAEA,OAAO;AAAA;AAAA,EAGD,gBAAgB,CAAC,SAA6B;AAAA,IACpD,MAAM,WAAW,QAAO,OAAO,IAAI,CAAC,MAAM;AAAA,MACxC,OAAO,SAAS,EAAE,MAAM,EAAE,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;AAAA,KAC1D;AAAA,IACD,MAAM,aAAa,IAAI,OAAO,QAAO,MAAM;AAAA,IAC3C,MAAM,OAAO,SAAS;AAAA,MACpB,MAAM;AAAA,MACN,QAAQ;AAAA,MACR;AAAA,MACA,WAAW;AAAA,IACb,CAAC;AAAA,IACD,OAAO,IAAI,YAAY,SAAQ,IAAI;AAAA;AAAA,UAM7B,OAAO,cAAc,GAAiD;AAAA,IAE5E,SAAS,SAAS,KAAK,iBAAiB;AAAA,MACtC,IAAI,MAAM,YAAY,GAAG;AAAA,QACvB,IAAI,wBAAwB,KAAK,GAAG;AAAA,UAClC,QAAS,MAAM,wBAAwB,OAAc,KAAK,eAAe;AAAA,QAC3E,EAAO;AAAA,UACL,mBAAmB,OAAO,KAAK,MAAM;AAAA,UACrC;AAAA;AAAA,MAEJ;AAAA,MACA,MAAM,iBAAiB,KAAK;AAAA,IAC9B;AAAA,IACA,KAAK,kBAAkB,CAAC;AAAA,IAExB,IAAI,KAAK;AAAA,MAAW;AAAA,IACpB,IAAI,KAAK,gBAAgB;AAAA,MAAM;AAAA,IAG/B,OAAO,MAAM;AAAA,MACX,MAAM,aAAa,KAAK;AAAA,MACxB,IAAI,eAAe;AAAA,QAAM;AAAA,MACzB,MAAM,eAAe,MAAM,KAAK,kBAAkB,UAAU;AAAA,MAC5D,QAAQ,YAAY,MAAM,oBAAoB,YAAY;AAAA,MAE1D,IAAI,kBAAkB;AAAA,MACtB,SAAS,SAAS,SAAS;AAAA,QACzB,IAAI,MAAM,YAAY,GAAG;AAAA,UAEvB,MAAM,QAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,UAC3C,IAAI,OAAO;AAAA,YACT,KAAK,cAAc;AAAA,YACnB,kBAAkB;AAAA,YAClB;AAAA,UACF;AAAA,UAEA,IAAI,wBAAwB,KAAK,GAAG;AAAA,YAClC,QAAS,MAAM,wBAAwB,OAAc,KAAK,eAAe;AAAA,UAC3E,EAAO;AAAA,YAEL,mBAAmB,OAAO,KAAK,MAAM;AAAA,YACrC;AAAA;AAAA,QAEJ;AAAA,QAEA,MAAM,iBAAiB,KAAK;AAAA,MAC9B;AAAA,MAEA,IAAI,CAAC;AAAA,QAAiB;AAAA,IACxB;AAAA;AAAA,OAGY,kBAAiB,CAAC,OAAoC;AAAA,IAClE,MAAM,cAAc,IAAI,OAAO,CAAC,CAAC;AAAA,IACjC,MAAM,WAAW,IAAI;AAAA,IACrB,SAAS,IAAI,WAAW,KAAK;AAAA,IAE7B,MAAM,aAAa,IAAI,OAAO,YAAY,MAAM;AAAA,IAChD,MAAM,OAAO,SAAS;AAAA,MACpB,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,UAAU,CAAC;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAAA,IACD,MAAM,QAAQ,IAAI,YAAY,aAAa,MAAM,QAAQ;AAAA,IACzD,MAAM,OAAO,mBAAmB,aAAa,CAAC,KAAK,CAAC;AAAA,IAEpD,MAAM,OAAO,MAAM,KAAK,MAAM,GAAG,KAAK,WAAW,KAAK,WAAW,KAAK,oBAAoB,IAAI;AAAA,IAC9F,IAAI,KAAK,WAAW,KAAK;AAAA,MACvB,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,IACzE;AAAA,IAEA,OAAO,KAAK,cAAc,IAAI;AAAA;AAAA,EAIhC,KAAK,GAAS;AAGhB;;;AC9SA,kBAAS,iBAAO,6BAAO,8BAAmB;AAO1C,IAAM,oBAAoB;AAC1B,IAAM,2BAA2B,IAAI,QAAO,CAAC,IAAI,OAAM,SAAS,IAAI,QAAS,KAAK,CAAC,CAAC;AAapF,eAAsB,iBAAiB,CACrC,SACA,QACA,OACA,eAC0B;AAAA,EAC1B,MAAM,OAAO,gBAAgB,0BAA0B,EAAE,OAAO,OAAO,KAAK,EAAE,GAAG,iBAAiB;AAAA,EAClG,MAAM,UAAkC,EAAE,gBAAgB,mBAAmB;AAAA,EAC7E,IAAI;AAAA,IAAe,QAAQ,gBAAgB;AAAA,EAE3C,MAAM,OAAO,MAAM,MAAM,GAAG,UAAU,UAAU,0BAA0B;AAAA,IACxE,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,EACF,CAAC;AAAA,EACD,IAAI,KAAK,WAAW,KAAK;AAAA,IACvB,MAAM,IAAI,SAAS,gBAAgB,uCAAuC,EAAE;AAAA,EAC9E;AAAA,EACA,IAAI,KAAK,WAAW,KAAK;AAAA,IACvB,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,EACzE;AAAA,EACA,IAAI,CAAC,KAAK,IAAI;AAAA,IACZ,MAAM,IAAI,SAAS,aAAa,oCAAoC,KAAK,UAAU,EAAE;AAAA,EACvF;AAAA,EAEA,MAAM,WAAW,IAAI,WAAW,MAAM,KAAK,YAAY,CAAC;AAAA,EACxD,MAAM,SAAS,MAAM,mBAAkB,KAAK,QAAQ;AAAA,EACpD,MAAM,OAAO,KAAK;AAAA,EAElB,MAAM,QAAyB,CAAC;AAAA,EAChC,WAAW,SAAS,OAAO,QAAQ,GAAG;AAAA,IACpC,IAAI,MAAM,YAAY;AAAA,MAAG;AAAA,IACzB,SAAS,IAAI,EAAG,IAAI,MAAM,SAAS,KAAK;AAAA,MACtC,MAAM,YAAY,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,MAC5C,MAAM,cAAc,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,MAC9C,MAAM,aAAa,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,MAE7C,IAAI;AAAA,MACJ,IAAI,sBAAsB,MAAM;AAAA,QAC9B,YAAY;AAAA,MACd,EAAO,SAAI,OAAO,eAAe,UAAU;AAAA,QACzC,YAAY,IAAI,KAAK,OAAO,aAAa,KAAK,CAAC;AAAA,MACjD,EAAO,SAAI,OAAO,eAAe,UAAU;AAAA,QACzC,YAAY,IAAI,KAAK,UAAU;AAAA,MACjC,EAAO;AAAA,QACL,YAAY,IAAI;AAAA;AAAA,MAElB,MAAM,KAAK,EAAE,WAAW,aAAa,UAAU,CAAC;AAAA,IAClD;AAAA,EACF;AAAA,EAEA,IAAI,MAAM,WAAW,GAAG;AAAA,IACtB,MAAM,IAAI,SAAS,iBAAiB,kCAAkC,EAAE;AAAA,EAC1E;AAAA,EACA,OAAO;AAAA;AAaT,eAAe,uBAAuB,CAAC,cAA0B,aAA0C;AAAA,EACzG,MAAM,SAAS,MAAM,mBAAkB,KAAK,YAAY;AAAA,EACxD,MAAM,OAAO,KAAK;AAAA,EAClB,MAAM,UAAS,OAAO;AAAA,EACtB,IAAI,CAAC,SAAQ;AAAA,IACX,MAAM,IAAI,SAAS,iBAAiB,uCAAuC,EAAE;AAAA,EAC/E;AAAA,EACA,MAAM,UAAU,OAAO,QAAQ;AAAA,EAC/B,IAAI,QAAQ,WAAW,GAAG;AAAA,IACxB,MAAM,IAAI,SAAS,iBAAiB,wCAAwC,EAAE;AAAA,EAChF;AAAA,EACA,MAAM,WAAW,QAAQ;AAAA,EACzB,MAAM,eAAe,SAAS,YAAY,IAAI;AAAA,EAE9C,MAAM,UAAU,0BAA0B,SAAQ,WAAW;AAAA,EAC7D,MAAM,SAAS,IAAI,IAAoB,QAAQ,YAAY,IAAI,GAAK;AAAA,EAEpE,MAAM,SAAS,aAAa,IAAI,cAAc;AAAA,EAC9C,MAAM,UAAU,aAAa,IAAI,mBAAmB,KAAK;AAAA,EACzD,IAAI;AAAA,IAAQ,OAAO,IAAI,gBAAgB,MAAM;AAAA,EAC7C,OAAO,IAAI,qBAAqB,OAAO;AAAA,EAEvC,YAAY,GAAG,MAAM,cAAc;AAAA,IACjC,IAAI,CAAC,OAAO,IAAI,CAAC;AAAA,MAAG,OAAO,IAAI,GAAG,CAAC;AAAA,EACrC;AAAA,EAGA,QAAQ,8BAAgB,MAAa;AAAA,EACrC,MAAM,kBAAkB,IAAI,aAAY,SAAgB,QAAgB,MAAM,MAAM;AAAA,EACpF,OAAO,mBAAmB,SAAQ,CAAC,eAAe,CAAC;AAAA;AAgBrD,eAAsB,sBAAsB,CAAC,MAAkB,MAA+C;AAAA,EAC5G,MAAM,QAAQ,MAAM,kBAAkB,KAAK,SAAS,KAAK,QAAQ,GAAG,KAAK,aAAa;AAAA,EACtF,MAAM,OAAO,MAAM;AAAA,EAEnB,IAAI,KAAK,cAAc;AAAA,IACrB,KAAK,aAAa,KAAK,SAAS;AAAA,IAChC,KAAK,aAAa,KAAK,WAAW;AAAA,EACpC;AAAA,EAEA,MAAM,UAAU,MAAM,MAAM,KAAK,WAAW;AAAA,IAC1C,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C;AAAA,EACF,CAAC;AAAA,EACD,IAAI,CAAC,QAAQ,IAAI;AAAA,IACf,MAAM,IAAI,SAAS,wBAAwB,kCAAkC,QAAQ,UAAU,EAAE;AAAA,EACnG;AAAA,EAEA,OAAO,wBAAwB,MAAM,KAAK,WAAW;AAAA;;;AC1HhD,SAAS,WAAW,CAAC,SAAiB,SAAyC;AAAA,EACpF,MAAM,UAAU,SAAS,UAAU,IAAI,QAAQ,QAAQ,EAAE;AAAA,EACzD,MAAM,QAAQ,SAAS;AAAA,EACvB,MAAM,mBAAmB,SAAS;AAAA,EAClC,MAAM,gBAAgB,SAAS;AAAA,EAC/B,MAAM,iBAAiB,SAAS;AAAA,EAEhC,IAAI,cAA8C;AAAA,EAKlD,IAAI,wBAAwB;AAAA,EAC5B,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI,oBAAoB;AAAA,EACxB,IAAI,eAA8C;AAAA,EAElD,SAAS,8BAA8B,CAAC,MAAsB;AAAA,IAC5D,MAAM,OAAO,6BAA6B,KAAK,OAAO;AAAA,IAGtD,IAAI,KAAK,mBAAmB,QAAQ,KAAK,kBAAkB;AAAA,MACzD,eAAe;AAAA,IACjB;AAAA;AAAA,EAGF,eAAe,gBAAgB,CAAC,MAAuC;AAAA,IACrE,MAAM,OAAO,0BAA0B,YAAY,IAAI,eAAe;AAAA,IACtE,IAAI,CAAC;AAAA,MAAM,OAAO;AAAA,IAClB,IAAI,CAAC,KAAK;AAAA,MAAkB,OAAO;AAAA,IACnC,IAAI,KAAK,mBAAmB,QAAQ,KAAK,cAAc,KAAK;AAAA,MAAiB,OAAO;AAAA,IACpF,OAAO,uBAAuB,MAAM;AAAA,MAClC;AAAA,MACA;AAAA,MACA;AAAA,MACA,cAAc,gBAAgB,gBAAgB;AAAA,IAChD,CAAC;AAAA;AAAA,EAQH,eAAe,uBAAuB,CAAC,KAAa,MAAqC;AAAA,IACvF,MAAM,WAAW,MAAM,iBAAiB,IAAI;AAAA,IAC5C,IAAI,OAAO,MAAM,MAAM,KAAK;AAAA,MAC1B,QAAQ;AAAA,MACR,SAAS,aAAa;AAAA,MACtB,MAAO,MAAM,YAAY,QAAQ;AAAA,IACnC,CAAC;AAAA,IACD,+BAA+B,IAAI;AAAA,IAEnC,IAAI,KAAK,WAAW,OAAO,cAAc,oBAAoB,KAAK,aAAa,GAAG;AAAA,MAEhF,MAAM,eAAe,MAAM,uBAAuB,MAAM;AAAA,QACtD;AAAA,QACA;AAAA,QACA;AAAA,QACA,cAAc,gBAAgB,gBAAgB;AAAA,MAChD,CAAC;AAAA,MACD,OAAO,MAAM,MAAM,KAAK;AAAA,QACtB,QAAQ;AAAA,QACR,SAAS,aAAa;AAAA,QACtB,MAAO,MAAM,YAAY,YAAY;AAAA,MACvC,CAAC;AAAA,MACD,+BAA+B,IAAI;AAAA,IACrC;AAAA,IAEA,OAAO;AAAA;AAAA,EAGT,eAAe,iBAAiB,GAAkB;AAAA,IAChD,IAAI,qBAAqB,oBAAoB;AAAA,MAAM;AAAA,IACnD,IAAI;AAAA,MACF,MAAM,MAAM;AAAA,MACZ,aAAa,IAAI;AAAA,MACjB,eAAe,IAAI;AAAA,MACnB,MAAM;AAAA,IAGR,oBAAoB;AAAA;AAAA,EAGtB,SAAS,YAAY,GAA2B;AAAA,IAC9C,MAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AAAA,IACA,IAAI,oBAAoB,QAAQ,YAAY;AAAA,MAC1C,QAAQ,sBAAsB;AAAA,IAChC;AAAA,IACA,IAAI,oBAAoB,QAAQ,cAAc;AAAA,MAC5C,QAAQ,qBAAqB;AAAA,IAC/B;AAAA,IACA,IAAI,eAAe;AAAA,MACjB,QAAQ,gBAAgB;AAAA,IAC1B;AAAA,IACA,OAAO;AAAA;AAAA,EAGT,eAAe,WAAW,CAAC,SAA0C;AAAA,IACnE,IAAI,oBAAoB,QAAQ,YAAY;AAAA,MAC1C,OAAO,MAAM,WAAW,SAAS,gBAAgB;AAAA,IACnD;AAAA,IACA,OAAO;AAAA;AAAA,EAGT,SAAS,SAAS,CAAC,MAAsB;AAAA,IACvC,IAAI,KAAK,WAAW,KAAK;AAAA,MACvB,MAAM,IAAI,SAAS,uBAAuB,2BAA2B,EAAE;AAAA,IACzE;AAAA;AAAA,EAGF,eAAe,YAAY,CAAC,MAAkD;AAAA,IAC5E,IAAI,OAAO,IAAI,WAAW,MAAM,KAAK,YAAY,CAAC;AAAA,IAClD,IAAI,KAAK,QAAQ,IAAI,kBAAkB,MAAM,UAAU,cAAc;AAAA,MACnE,OAAO,IAAI,WAAW,MAAM,aAAa,IAAI,CAAC;AAAA,IAChD;AAAA,IACA,OAAO;AAAA;AAAA,EAGT,eAAe,iBAAiB,GAAqC;AAAA,IACnE,IAAI;AAAA,MAAa,OAAO;AAAA,IACxB,MAAM,kBAAkB;AAAA,IACxB,MAAM,OAAO,MAAM,eAAe,SAAS;AAAA,MACzC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,IACD,cAAc,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAAA,IAC1D,wBAAwB,KAAK;AAAA,IAC7B,OAAO;AAAA;AAAA,EAGT,OAAO;AAAA,SACC,KAAI,CAAC,QAAgB,QAAmE;AAAA,MAC5F,MAAM,kBAAkB;AAAA,MACxB,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,MAAM,OAAO,QAAQ,IAAI,MAAM;AAAA,MAC/B,IAAI,CAAC,MAAM;AAAA,QACT,MAAM,IAAI,MAAM,oBAAoB,SAAS;AAAA,MAC/C;AAAA,MAGA,MAAM,aAAa,KAAM,KAAK,YAAY,CAAC,MAAQ,UAAU,CAAC,EAAG;AAAA,MAEjE,MAAM,OAAO,gBAAgB,KAAK,cAAc,YAAY,QAAQ,EAAE,iBAAiB,sBAAsB,CAAC;AAAA,MAC9G,MAAM,OAAO,MAAM,wBAAwB,GAAG,UAAU,UAAU,UAAU,IAAI;AAAA,MAChF,UAAU,IAAI;AAAA,MAEd,MAAM,eAAe,MAAM,aAAa,IAAI;AAAA,MAC5C,QAAQ,YAAY,MAAM,oBAAoB,YAAY;AAAA,MAG1D,IAAI,cAAkC;AAAA,MACtC,SAAS,SAAS,SAAS;AAAA,QACzB,IAAI,MAAM,YAAY,GAAG;AAAA,UAEvB,IAAI,wBAAwB,KAAY,GAAG;AAAA,YACzC,QAAS,MAAM,wBAAwB,OAAc,cAAc;AAAA,UACrE,EAAO;AAAA,YACL,mBAAmB,OAAO,KAAK;AAAA,YAC/B;AAAA;AAAA,QAEJ;AAAA,QACA,cAAc;AAAA,MAChB;AAAA,MAEA,IAAI,CAAC,aAAa;AAAA,QAEhB,OAAO;AAAA,MACT;AAAA,MAGA,MAAM,OAAO,iBAAiB,WAAW;AAAA,MACzC,IAAI,KAAK,WAAW;AAAA,QAAG,OAAO;AAAA,MAE9B,MAAM,SAAS,KAAK;AAAA,MAEpB,IAAI,KAAK,aAAa,OAAO,WAAW;AAAA,QAAG,OAAO;AAAA,MAGlD,OAAO;AAAA;AAAA,SAGH,OAAM,CAAC,QAAgB,QAA0D;AAAA,MACrF,MAAM,kBAAkB;AAAA,MACxB,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,MAAM,OAAO,QAAQ,IAAI,MAAM;AAAA,MAC/B,IAAI,CAAC,MAAM;AAAA,QACT,MAAM,IAAI,MAAM,oBAAoB,SAAS;AAAA,MAC/C;AAAA,MAGA,MAAM,aAAa,KAAM,KAAK,YAAY,CAAC,MAAQ,UAAU,CAAC,EAAG;AAAA,MAEjE,MAAM,OAAO,gBAAgB,KAAK,cAAc,YAAY,QAAQ,EAAE,iBAAiB,sBAAsB,CAAC;AAAA,MAC9G,MAAM,OAAO,MAAM,wBAAwB,GAAG,UAAU,UAAU,eAAe,IAAI;AAAA,MACrF,UAAU,IAAI;AAAA,MAEd,MAAM,eAAe,MAAM,aAAa,IAAI;AAAA,MAG5C,IAAI,SAAqC;AAAA,MACzC,IAAI,aAA4B;AAAA,MAChC,MAAM,iBAAgC,CAAC;AAAA,MACvC,IAAI,WAAW;AAAA,MACf,IAAI,eAA8B;AAAA,MAElC,IAAI,KAAK,cAAc;AAAA,QAIrB,MAAM,SAAS,MAAM,sBAAsB,YAAY;AAAA,QAGvD,MAAM,eAAe,MAAM,OAAO,WAAW;AAAA,QAC7C,IAAI,cAAc;AAAA,UAChB,WAAW,SAAS,aAAa,SAAkB;AAAA,YACjD,IAAI,MAAM,YAAY,GAAG;AAAA,cACvB,mBAAmB,OAAO,KAAK;AAAA,cAC/B;AAAA,YACF;AAAA,YACA,MAAM,OAAO,iBAAiB,KAAK;AAAA,YACnC,IAAI,KAAK,SAAS,GAAG;AAAA,cACnB,SAAS,KAAK;AAAA,YAChB;AAAA,UACF;AAAA,QACF;AAAA,QAGA,MAAM,aAAa,MAAM,OAAO,WAAW;AAAA,QAC3C,IAAI,YAAY;AAAA,UACd,eAAe,WAAW;AAAA,QAC5B;AAAA,QACA,MAAM,qBAAoC,CAAC;AAAA,QAC3C,IAAI,YAAY;AAAA,UACd,WAAW,SAAS,WAAW,SAAkB;AAAA,YAC/C,IAAI,MAAM,YAAY,GAAG;AAAA,cAEvB,MAAM,QAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,cAC3C,IAAI,OAAO;AAAA,gBACT,aAAa;AAAA,gBACb;AAAA,cACF;AAAA,cACA,MAAM,QAAQ,MAAM,UAAU,IAAI,aAAa;AAAA,cAC/C,IAAI,UAAU,aAAa;AAAA,gBACzB,mBAAmB,KAAK,KAAK;AAAA,gBAC7B;AAAA,cACF;AAAA,cACA,mBAAmB,OAAO,KAAK;AAAA,cAC/B;AAAA,YACF;AAAA,YACA,eAAe,KAAK,KAAK;AAAA,UAC3B;AAAA,QACF;AAAA,QAEA,IAAI,mBAAmB,SAAS,GAAG;AAAA,UACjC,IAAI,eAAe,SAAS,KAAK,eAAe,MAAM;AAAA,YACpD,eAAe,KAAK,GAAG,kBAAkB;AAAA,UAC3C,EAAO;AAAA,YACL,WAAW,SAAS,oBAAoB;AAAA,cACtC,mBAAmB,OAAO,KAAK;AAAA,YACjC;AAAA;AAAA,QAEJ;AAAA,QAEA,IAAI,CAAC,cAAc,CAAC,YAAY;AAAA,UAC9B,WAAW;AAAA,QACb;AAAA,MACF,EAAO;AAAA,QAEL,QAAQ,QAAQ,gBAAgB,YAAY,MAAM,oBAAoB,YAAY;AAAA,QAClF,eAAe;AAAA,QAKf,MAAM,eAA8B,CAAC;AAAA,QAErC,WAAW,SAAS,SAAS;AAAA,UAC3B,IAAI,MAAM,YAAY,GAAG;AAAA,YAEvB,MAAM,QAAQ,MAAM,UAAU,IAAI,SAAS;AAAA,YAC3C,IAAI,OAAO;AAAA,cACT,aAAa;AAAA,cACb;AAAA,YACF;AAAA,YAEA,MAAM,QAAQ,MAAM,UAAU,IAAI,aAAa;AAAA,YAC/C,IAAI,UAAU,aAAa;AAAA,cACzB,aAAa,KAAK,KAAK;AAAA,cACvB;AAAA,YACF;AAAA,YACA,mBAAmB,OAAO,KAAK;AAAA,YAC/B;AAAA,UACF;AAAA,UACA,eAAe,KAAK,KAAK;AAAA,QAC3B;AAAA,QAIA,IAAI,aAAa,SAAS,GAAG;AAAA,UAC3B,IAAI,eAAe,SAAS,KAAK,eAAe,MAAM;AAAA,YACpD,eAAe,KAAK,GAAG,YAAY;AAAA,UACrC,EAAO;AAAA,YAEL,WAAW,SAAS,cAAc;AAAA,cAChC,mBAAmB,OAAO,KAAK;AAAA,YACjC;AAAA;AAAA,QAEJ;AAAA;AAAA,MAGF,IAAI,eAAe,WAAW,KAAK,eAAe,MAAM;AAAA,QACtD,WAAW;AAAA,MACb;AAAA,MAKA,MAAM,gBACH,gBAAgB,aAAa,OAAO,SAAS,IAAI,eAAe,UAChE,eAAe,SAAS,IAAI,eAAe,GAAG,SAAS,SACxD,KAAK,gBACL,KAAK;AAAA,MAEP,OAAO,IAAI,kBAAkB;AAAA,QAC3B;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,QAAQ;AAAA,MACV,CAAC;AAAA;AAAA,SAGG,SAAQ,GAAgC;AAAA,MAC5C,MAAM,kBAAkB;AAAA,MACxB,OAAO,eAAe,SAAS;AAAA,QAC7B;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA;AAAA,IAGH,KAAK,GAAS;AAAA,EAGhB;AAAA;;ACtXF,SAAS,iBAAiB,CAAC,MAA0D;AAAA,EACnF,MAAM,SAAwC;AAAA,IAC5C,UAAU,KAAK;AAAA,IACf,sBAAsB,KAAK;AAAA,EAC7B;AAAA,EACA,IAAI,KAAK;AAAA,IAAkB,OAAO,kBAAkB,KAAK;AAAA,EACzD,IAAI,KAAK;AAAA,IAA0B,OAAO,yBAAyB,KAAK;AAAA,EACxE,IAAI,KAAK;AAAA,IACP,OAAO,oCAAoC,KAAK;AAAA,EAClD,IAAI,KAAK;AAAA,IAAe,OAAO,eAAe,KAAK;AAAA,EACnD,IAAI,KAAK;AAAA,IAAwB,OAAO,wBAAwB,KAAK;AAAA,EACrE,IAAI,KAAK;AAAA,IAAqB,OAAO,oBAAoB,KAAK;AAAA,EAC9D,IAAI,KAAK;AAAA,IAAkB,OAAO,iBAAiB,KAAK;AAAA,EACxD,IAAI,KAAK;AAAA,IAAW,OAAO,WAAW,KAAK;AAAA,EAC3C,IAAI,KAAK;AAAA,IAAe,OAAO,eAAe,KAAK;AAAA,EACnD,IAAI,KAAK;AAAA,IAAwB,OAAO,qBAAqB,KAAK;AAAA,EAClE,IAAI,KAAK;AAAA,IAAuB,OAAO,qBAAqB,KAAK;AAAA,EACjE,IAAI,KAAK;AAAA,IAA2B,OAAO,yBAAyB,KAAK;AAAA,EACzE,OAAO;AAAA;AAOT,eAAsB,iBAAiB,CACrC,SACA,QAC+C;AAAA,EAC/C,MAAM,mBAAmB,UAAU,IAAI,QAAQ,QAAQ,EAAE;AAAA,EACzD,MAAM,cAAc,GAAG,QAAQ,QAAQ,QAAQ,EAAE,yCAAyC;AAAA,EAE1F,IAAI;AAAA,IACF,OAAO,MAAM,mBAAmB,WAAW;AAAA,IAC3C,MAAM;AAAA,IACN,OAAO;AAAA;AAAA;AAOX,eAAsB,kBAAkB,CAAC,aAA6D;AAAA,EACpG,MAAM,WAAW,MAAM,MAAM,WAAW;AAAA,EACxC,IAAI,CAAC,SAAS,IAAI;AAAA,IAChB,MAAM,IAAI,MAAM,uCAAuC,gBAAgB,SAAS,QAAQ;AAAA,EAC1F;AAAA,EACA,MAAM,OAAO,MAAM,SAAS,KAAK;AAAA,EACjC,OAAO,kBAAkB,IAAI;AAAA;AAOxB,SAAS,wBAAwB,CAAC,iBAAwC;AAAA,EAE/E,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,gBAAgB,OAAO,MAAM,6BAA6B;AAAA,EAChE,IAAI,CAAC;AAAA,IAAe,OAAO;AAAA,EAE3B,OAAO,cAAc;AAAA;AAOhB,SAAS,aAAa,CAAC,iBAAwC;AAAA,EACpE,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,gBAAgB,OAAO,MAAM,qBAAqB;AAAA,EACxD,IAAI,CAAC;AAAA,IAAe,OAAO;AAAA,EAE3B,OAAO,cAAc;AAAA;AAOhB,SAAS,iBAAiB,CAAC,iBAAwC;AAAA,EACxE,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,QAAQ,OAAO,MAAM,yBAAyB;AAAA,EACpD,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,OAAO,MAAM;AAAA;AAOR,SAAS,uBAAuB,CAAC,iBAAkC;AAAA,EACxE,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,QAAQ,OAAO,MAAM,kCAAkC;AAAA,EAC7D,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,OAAO,MAAM,OAAO;AAAA;AAOf,SAAS,uBAAuB,CAAC,iBAAwC;AAAA,EAC9E,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,QAAQ,OAAO,MAAM,iCAAiC;AAAA,EAC5D,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,OAAO,MAAM;AAAA;AAOR,SAAS,2BAA2B,CAAC,iBAAwC;AAAA,EAClF,MAAM,cAAc,gBAAgB,MAAM,iBAAiB;AAAA,EAC3D,IAAI,CAAC;AAAA,IAAa,OAAO;AAAA,EAEzB,MAAM,SAAS,YAAY;AAAA,EAC3B,MAAM,QAAQ,OAAO,MAAM,qCAAqC;AAAA,EAChE,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAEnB,OAAO,MAAM;AAAA;;AC3Kf;AAAA,WACE;AAAA,cACA;AAAA,iBACA;AAAA,6BACA;AAAA,YACA;AAAA,YACA;AAAA,qBACA;AAAA;AA4BF,MAAM,sBAAsB;AAAA,EAClB;AAAA,EACA;AAAA,EACA,SAAS;AAAA,EAEjB,WAAW,CAAC,SAAkB,SAAgB;AAAA,IAC5C,KAAK,UAAU;AAAA,IACf,KAAK,SAAS,IAAI;AAAA,IAClB,KAAK,OAAO,MAAM,WAAW,OAAM;AAAA,IACnC,KAAK,MAAM;AAAA;AAAA,EAGb,KAAK,CAAC,OAA0B;AAAA,IAC9B,IAAI,KAAK;AAAA,MAAQ,MAAM,IAAI,MAAM,sCAAsC;AAAA,IACtE,KAAK,OAAe,kBAAkB,KAAK;AAAA,IAC5C,KAAK,MAAM;AAAA;AAAA,EAGb,KAAK,GAAS;AAAA,IACZ,IAAI,KAAK;AAAA,MAAQ;AAAA,IACjB,KAAK,SAAS;AAAA,IAEd,MAAM,MAAM,IAAI,WAAW,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM;AAAA,IACzD,KAAK,QAAQ,GAAG;AAAA;AAAA,EAGV,KAAK,GAAS;AAAA,IACpB,MAAM,SAAU,KAAK,OAAe,MAAM;AAAA,IAC1C,WAAW,SAAS,QAAQ;AAAA,MAC1B,KAAK,QAAQ,KAAK;AAAA,IACpB;AAAA,IACA,OAAO,SAAS;AAAA;AAEpB;AAAA;AAaO,MAAM,kBAA2C;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAA6C;AAAA,EAC7C,eAA8B;AAAA,EAC9B,sBAAsB;AAAA,EACtB,UAAU;AAAA,EACV;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,WAAW,CAAC,MAST;AAAA,IACD,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,WAAW,KAAK;AAAA,IACrB,KAAK,SAAS,KAAK;AAAA,IACnB,KAAK,UAAU,KAAK;AAAA,IACpB,KAAK,gBAAgB,KAAK;AAAA,IAC1B,KAAK,eAAe,KAAK;AAAA,IACzB,KAAK,mBAAmB,KAAK;AAAA,IAC7B,KAAK,kBAAkB,KAAK;AAAA;AAAA,MAI1B,MAAM,GAA+B;AAAA,IACvC,OAAO,KAAK;AAAA;AAAA,OAQA,iBAAgB,GAAgC;AAAA,IAC5D,OAAO,MAAM;AAAA,MACX,MAAM,QAAQ,MAAM,KAAK,QAAQ,cAAc;AAAA,MAC/C,IAAI,UAAU;AAAA,QAAM,OAAO;AAAA,MAE3B,IAAI,MAAM,YAAY,GAAG;AAAA,QAEvB,IAAI,wBAAwB,KAAY,GAAG;AAAA,UACzC,OAAQ,MAAM,wBAAwB,OAAc,KAAK,eAAe;AAAA,QAC1E;AAAA,QAGA,IAAI,mBAAmB,OAAc,KAAK,MAAM,GAAG;AAAA,UACjD;AAAA,QACF;AAAA,MACF;AAAA,MAEA,OAAO;AAAA,IACT;AAAA;AAAA,OASY,oBAAmB,GAAkB;AAAA,IACjD,IAAI,KAAK;AAAA,MAAqB;AAAA,IAC9B,KAAK,sBAAsB;AAAA,IAC3B,MAAM,UAAS,MAAM,KAAK,QAAQ,eAAe;AAAA,IACjD,IAAI,CAAC,SAAQ;AAAA,MACX,MAAM,IAAI,SAAS,iBAAiB,sCAAsC,EAAE;AAAA,IAC9E;AAAA;AAAA,OAMI,SAAQ,CAAC,OAA8D;AAAA,IAC3E,IAAI,KAAK,SAAS;AAAA,MAChB,MAAM,IAAI,SAAS,iBAAiB,4BAA4B,EAAE;AAAA,IACpE;AAAA,IAGA,IAAI;AAAA,IACJ,IAAI;AAAA,IAEJ,IAAI,MAAM,WAAW,GAAG;AAAA,MAKtB,cAAc,KAAK,gBAAgB,KAAK;AAAA,MACxC,MAAM,WAAW,YAAY,OAAO,IAAI,CAAC,MAAM;AAAA,QAC7C,OAAO,UAAS,EAAE,MAAM,EAAE,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;AAAA,OAC1D;AAAA,MACD,MAAM,aAAa,IAAI,QAAO,YAAY,MAAM;AAAA,MAChD,MAAM,OAAO,UAAS;AAAA,QACpB,MAAM;AAAA,QACN,QAAQ;AAAA,QACR;AAAA,QACA,WAAW;AAAA,MACb,CAAC;AAAA,MACD,QAAQ,IAAI,aAAY,aAAa,IAAI;AAAA,IAC3C,EAAO;AAAA,MAIL,MAAM,OAAO,OAAO,KAAK,MAAM,EAAE;AAAA,MACjC,MAAM,SAAS,KAAK,IAAI,CAAC,QAAQ;AAAA,QAC/B,IAAI;AAAA,QACJ,WAAW,OAAO,OAAO;AAAA,UACvB,IAAI,IAAI,QAAQ,MAAM;AAAA,YACpB,SAAS,IAAI;AAAA,YACb;AAAA,UACF;AAAA,QACF;AAAA,QACA,MAAM,YAAY,eAAe,MAAM;AAAA,QACvC,OAAO,IAAI,OAAM,KAAK,WAA0B,IAAI;AAAA,OACrD;AAAA,MACD,cAAc,IAAI,QAAO,MAAM;AAAA,MAI/B,IAAI,KAAK,cAAc;AAAA,QACrB,MAAM,SAAS,KAAK;AAAA,QACpB,IACE,OAAO,OAAO,WAAW,YAAY,OAAO,UAC5C,OAAO,OAAO,KAAK,CAAC,GAAG,MAAM,EAAE,SAAS,YAAY,OAAO,GAAG,IAAI,GAClE;AAAA,UACA,MAAM,IAAI,SACR,iBACA,4CAA4C,OAAO,OAAO,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,IAAI,QACpF,YAAY,YAAY,OAAO,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,IAAI,MAC7D,EACF;AAAA,QACF;AAAA,MACF,EAAO;AAAA,QACL,KAAK,eAAe;AAAA;AAAA,MAGtB,MAAM,WAAW,YAAY,OAAO,IAAI,CAAC,MAAM;AAAA,QAC7C,MAAM,SAAS,MAAM,IAAI,CAAC,QAAQ,IAAI,EAAE,KAAK;AAAA,QAC7C,OAAO,iBAAgB,QAAQ,EAAE,IAAI,EAAE,KAAK;AAAA,OAC7C;AAAA,MACD,MAAM,aAAa,IAAI,QAAO,YAAY,MAAM;AAAA,MAChD,MAAM,OAAO,UAAS;AAAA,QACpB,MAAM;AAAA,QACN,QAAQ,MAAM;AAAA,QACd;AAAA,QACA,WAAW;AAAA,MACb,CAAC;AAAA,MACD,QAAQ,IAAI,aAAY,aAAa,IAAI;AAAA;AAAA,IAI3C,IAAI,CAAC,KAAK,cAAc;AAAA,MACtB,KAAK,eAAe,IAAI,sBAAsB,KAAK,UAAU,WAAW;AAAA,IAC1E;AAAA,IAKA,KAAK,aAAa,MAAM,KAAK;AAAA,IAC7B,MAAM,KAAK,oBAAoB;AAAA,IAG/B,IAAI;AAAA,MACF,MAAM,cAAc,MAAM,KAAK,iBAAiB;AAAA,MAChD,IAAI,gBAAgB,MAAM;AAAA,QACxB,OAAO,CAAC;AAAA,MACV;AAAA,MACA,OAAO,iBAAiB,WAAW;AAAA,MACnC,OAAO,GAAG;AAAA,MAEV,MAAM,KAAK,SAAS;AAAA,MACpB,MAAM;AAAA;AAAA;AAAA,OAOI,SAAQ,GAAkB;AAAA,IACtC,IAAI,KAAK;AAAA,MAAS;AAAA,IAClB,KAAK,UAAU;AAAA,IACf,IAAI,KAAK,cAAc;AAAA,MACrB,KAAK,aAAa,MAAM;AAAA,MACxB,KAAK,eAAe;AAAA,IACtB;AAAA,IACA,IAAI;AAAA,MACF,IAAI,KAAK,qBAAqB;AAAA,QAC5B,OAAQ,MAAM,KAAK,QAAQ,cAAc,MAAO,MAAM,CAAC;AAAA,MACzD;AAAA,MACA,MAAM;AAAA,IAGR,KAAK,aAAa;AAAA;AAAA,UAMZ,OAAO,cAAc,GAAiD;AAAA,IAC5E,IAAI,KAAK;AAAA,MAAS;AAAA,IAElB,IAAI;AAAA,MAEF,MAAM,aAAa,IAAI,QAAO,CAAC,CAAC;AAAA,MAChC,KAAK,eAAe,IAAI,sBAAsB,KAAK,UAAU,UAAU;AAAA,MAGvE,MAAM,aAAa,IAAI,QAAO,WAAW,MAAM;AAAA,MAC/C,MAAM,WAAW,UAAS;AAAA,QACxB,MAAM;AAAA,QACN,QAAQ;AAAA,QACR,UAAU,CAAC;AAAA,QACX,WAAW;AAAA,MACb,CAAC;AAAA,MACD,MAAM,YAAY,IAAI,aAAY,YAAY,QAAQ;AAAA,MAEtD,OAAO,MAAM;AAAA,QAIX,KAAK,aAAa,MAAM,SAAS;AAAA,QACjC,MAAM,KAAK,oBAAoB;AAAA,QAG/B,MAAM,cAAc,MAAM,KAAK,iBAAiB;AAAA,QAChD,IAAI,gBAAgB,MAAM;AAAA,UAExB;AAAA,QACF;AAAA,QAEA,MAAM,iBAAiB,WAAW;AAAA,MACpC;AAAA,cACA;AAAA,MAEA,IAAI,KAAK,cAAc;AAAA,QACrB,KAAK,aAAa,MAAM;AAAA,QACxB,KAAK,eAAe;AAAA,MACtB;AAAA,MAEA,IAAI;AAAA,QACF,IAAI,KAAK,qBAAqB;AAAA,UAC5B,OAAQ,MAAM,KAAK,QAAQ,cAAc,MAAO,MAAM,CAAC;AAAA,QACzD;AAAA,QACA,MAAM;AAAA,MAGR,KAAK,UAAU;AAAA,MACf,KAAK,aAAa;AAAA;AAAA;AAAA,EAStB,KAAK,GAAS;AAAA,IACZ,IAAI,KAAK;AAAA,MAAS;AAAA,IAClB,KAAK,UAAU;AAAA,IAEf,IAAI,KAAK,cAAc;AAAA,MAErB,KAAK,aAAa,MAAM;AAAA,MACxB,KAAK,eAAe;AAAA,IACtB,EAAO;AAAA,MAGL,MAAM,cAAc,IAAI,QAAO,CAAC,CAAC;AAAA,MACjC,MAAM,MAAM,mBAAmB,aAAa,CAAC,CAAC;AAAA,MAC9C,KAAK,SAAS,GAAG;AAAA;AAAA,IAKnB,MAAM,gBAAgB,YAAY;AAAA,MAChC,IAAI;AAAA,QACF,IAAI,CAAC,KAAK,qBAAqB;AAAA,UAC7B,MAAM,UAAS,MAAM,KAAK,QAAQ,eAAe;AAAA,UACjD,IAAI,SAAQ;AAAA,YACV,OAAQ,MAAM,KAAK,QAAQ,cAAc,MAAO,MAAM,CAAC;AAAA,UACzD;AAAA,QACF,EAAO;AAAA,UACL,OAAQ,MAAM,KAAK,QAAQ,cAAc,MAAO,MAAM,CAAC;AAAA;AAAA,QAEzD,MAAM,WAEN;AAAA,QACA,KAAK,aAAa;AAAA;AAAA,OAEnB;AAAA,IACH,KAAK,iBAAiB,YAAY;AAAA;AAEtC;AAYO,SAAS,WAAW,CACzB,UACA,UACA,SACW;AAAA,EACX,MAAM,QAAQ,SAAS;AAAA,EACvB,MAAM,iBAAiB,SAAS;AAAA,EAEhC,IAAI,SAAiC;AAAA,EACrC,IAAI,gBAAiD;AAAA,EACrD,IAAI,cAA8C;AAAA,EAClD,IAAI,eAAe;AAAA,EACnB,IAAI,wBAAwB;AAAA,EAC5B,IAAI,QAAQ;AAAA,EACZ,IAAI,gBAAsC;AAAA,EAC1C,IAAI,SAAS;AAAA,EAEb,MAAM,UAAmB,CAAC,UAAsB;AAAA,IAC9C,SAAS,MAAM,KAAK;AAAA,IACpB,SAAS,QAAQ;AAAA;AAAA,EAOnB,eAAe,YAAY,GAA6B;AAAA,IACtD,IAAI;AAAA,MAAQ,OAAO;AAAA,IACnB,IAAI,CAAC,eAAe;AAAA,MAClB,gBAAgB,gBAAgB,OAAO,QAAQ;AAAA,IACjD;AAAA,IACA,SAAS,MAAM;AAAA,IACf,OAAO;AAAA;AAAA,EAGT,eAAe,WAAW,GAAkB;AAAA,IAE1C,IAAI,eAAe;AAAA,MACjB,MAAM;AAAA,MACN,gBAAgB;AAAA,IAClB;AAAA,IACA,IAAI,OAAO;AAAA,MACT,MAAM,IAAI,MACR,qEACE,mFACJ;AAAA,IACF;AAAA,IACA,QAAQ;AAAA;AAAA,EAGV,SAAS,WAAW,GAAS;AAAA,IAC3B,QAAQ;AAAA;AAAA,EAGV,SAAS,eAAe,CAAC,GAAwB;AAAA,IAC/C,gBAAgB;AAAA;AAAA,EAGlB,eAAe,iBAAiB,GAAqC;AAAA,IACnE,IAAI;AAAA,MAAa,OAAO;AAAA,IAExB,MAAM,YAAY;AAAA,IAClB,IAAI;AAAA,MAKF,MAAM,cAAc,IAAI,QAAO,CAAC,CAAC;AAAA,MACjC,MAAM,OAAO,gBAAgB,aAAa,CAAC,GAAG,oBAAoB;AAAA,MAClE,QAAQ,IAAI;AAAA,MAEZ,MAAM,IAAI,MAAM,aAAa;AAAA,MAM7B,MAAM,WAAW,MAAM,EAAE,WAAW;AAAA,MACpC,IAAI,CAAC,UAAU;AAAA,QACb,MAAM,IAAI,MAAM,mCAAmC;AAAA,MACrD;AAAA,MAEA,MAAM,OAAO,MAAM,sBAAsB,SAAS,SAAgB,KAAK;AAAA,MACvE,eAAe,KAAK;AAAA,MACpB,wBAAwB,KAAK;AAAA,MAC7B,cAAc,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAAA,MAC1D,OAAO;AAAA,cACP;AAAA,MACA,YAAY;AAAA;AAAA;AAAA,EAIhB,OAAO;AAAA,SACC,KAAI,CAAC,QAAgB,QAAmE;AAAA,MAC5F,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,MAAM,YAAY;AAAA,MAClB,IAAI;AAAA,QACF,MAAM,OAAO,QAAQ,IAAI,MAAM;AAAA,QAC/B,IAAI,CAAC,MAAM;AAAA,UACT,MAAM,IAAI,MAAM,oBAAoB,SAAS;AAAA,QAC/C;AAAA,QAEA,MAAM,IAAI,MAAM,aAAa;AAAA,QAG7B,MAAM,aAAa,KAAM,KAAK,YAAY,CAAC,MAAQ,UAAU,CAAC,EAAG;AAAA,QAGjE,MAAM,OAAO,gBAAgB,KAAK,cAAc,YAAY,QAAQ,EAAE,iBAAiB,sBAAsB,CAAC;AAAA,QAC9G,QAAQ,IAAI;AAAA,QAGZ,MAAM,WAAW,MAAM,EAAE,WAAW;AAAA,QACpC,IAAI,CAAC,UAAU;AAAA,UACb,MAAM,IAAI,MAAM,sBAAsB;AAAA,QACxC;AAAA,QAGA,IAAI,cAAkC;AAAA,QACtC,SAAS,SAAS,SAAS,SAAkB;AAAA,UAC3C,IAAI,MAAM,YAAY,GAAG;AAAA,YACvB,IAAI,wBAAwB,KAAK,GAAG;AAAA,cAClC,QAAQ,MAAM,wBAAwB,OAAO,cAAc;AAAA,YAC7D,EAAO;AAAA,cACL,mBAAmB,OAAO,KAAK;AAAA,cAC/B;AAAA;AAAA,UAEJ;AAAA,UACA,cAAc;AAAA,QAChB;AAAA,QAEA,IAAI,CAAC,aAAa;AAAA,UAChB,OAAO;AAAA,QACT;AAAA,QAEA,MAAM,OAAO,iBAAiB,WAAW;AAAA,QACzC,IAAI,KAAK,WAAW;AAAA,UAAG,OAAO;AAAA,QAE9B,IAAI,KAAK,aAAa,OAAO,WAAW;AAAA,UAAG,OAAO;AAAA,QAElD,OAAO,KAAK;AAAA,gBACZ;AAAA,QACA,YAAY;AAAA;AAAA;AAAA,SAIV,OAAM,CAAC,QAAgB,QAAsD;AAAA,MACjF,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,MAAM,YAAY;AAAA,MAElB,IAAI;AAAA,QACF,MAAM,OAAO,QAAQ,IAAI,MAAM;AAAA,QAC/B,IAAI,CAAC,MAAM;AAAA,UACT,MAAM,IAAI,MAAM,oBAAoB,SAAS;AAAA,QAC/C;AAAA,QAEA,MAAM,IAAI,MAAM,aAAa;AAAA,QAG7B,MAAM,aAAa,KAAM,KAAK,YAAY,CAAC,MAAQ,UAAU,CAAC,EAAG;AAAA,QAGjE,MAAM,OAAO,gBAAgB,KAAK,cAAc,YAAY,QAAQ,EAAE,iBAAiB,sBAAsB,CAAC;AAAA,QAC9G,QAAQ,IAAI;AAAA,QAGZ,IAAI,SAAqC;AAAA,QACzC,IAAI,KAAK,cAAc;AAAA,UACrB,MAAM,eAAe,MAAM,EAAE,WAAW;AAAA,UACxC,IAAI,cAAc;AAAA,YAChB,WAAW,SAAS,aAAa,SAAkB;AAAA,cACjD,IAAI,MAAM,YAAY,GAAG;AAAA,gBACvB,mBAAmB,OAAO,KAAK;AAAA,gBAC/B;AAAA,cACF;AAAA,cACA,MAAM,OAAO,iBAAiB,KAAK;AAAA,cACnC,IAAI,KAAK,SAAS,GAAG;AAAA,gBACnB,SAAS,KAAK;AAAA,cAChB;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,QAEA,MAAM,eAAe,KAAK,gBAAgB,KAAK;AAAA,QAI/C,OAAO,IAAI,kBAAkB;AAAA,UAC3B,QAAQ;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF,CAAC;AAAA,QACD,OAAO,GAAG;AAAA,QAIV,IAAI;AAAA,UACF,MAAM,IAAI,MAAM,aAAa;AAAA,UAC7B,MAAM,cAAc,IAAI,QAAO,CAAC,CAAC;AAAA,UACjC,MAAM,MAAM,mBAAmB,aAAa,CAAC,CAAC;AAAA,UAC9C,QAAQ,GAAG;AAAA,UAEX,MAAM,YAAY,MAAM,EAAE,WAAW;AAAA,UAGrC,MAAM;AAAA,QAGR,YAAY;AAAA,QACZ,MAAM;AAAA;AAAA;AAAA,SAIJ,SAAQ,GAAgC;AAAA,MAC5C,MAAM,UAAU,MAAM,kBAAkB;AAAA,MACxC,OAAO;AAAA,QACL;AAAA,QACA,iBAAiB;AAAA,QACjB,SAAS,CAAC,GAAG,QAAQ,OAAO,CAAC;AAAA,MAC/B;AAAA;AAAA,IAGF,KAAK,GAAS;AAAA,MACZ,IAAI;AAAA,QAAQ;AAAA,MACZ,SAAS;AAAA,MACT,SAAS,IAAI;AAAA;AAAA,EAEjB;AAAA;AAYK,SAAS,iBAAiB,CAAC,KAAe,SAA+C;AAAA,EAC9F,MAAM,OAAO,IAAI,MAAM,KAAK;AAAA,IAC1B,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ,SAAS,UAAU;AAAA,IAC3B,KAAK,SAAS;AAAA,IACd,KAAK,SAAS,MAAM,KAAK,QAAQ,QAAQ,QAAQ,IAAI,IAAI;AAAA,EAC3D,CAAC;AAAA,EAED,MAAM,SAAS,KAAK;AAAA,EAEpB,MAAM,WAAyB;AAAA,IAC7B,KAAK,CAAC,MAAkB;AAAA,MACrB,KAAK,MAAc,MAAM,IAAI;AAAA;AAAA,IAEhC,KAAK,GAAG;AAAA,MACL,KAAK,MAAc,MAAM;AAAA;AAAA,IAE5B,GAAG,GAAG;AAAA,MACH,KAAK,MAAc,IAAI;AAAA;AAAA,EAE5B;AAAA,EAEA,MAAM,SAAS,YAAY,QAAQ,UAAU;AAAA,IAC3C,OAAO,SAAS;AAAA,IAChB,kBAAkB,SAAS;AAAA,EAC7B,CAAC;AAAA,EAGD,MAAM,gBAAgB,OAAO;AAAA,EAC7B,OAAO,QAAQ,MAAM;AAAA,IACnB,cAAc,KAAK,MAAM;AAAA,IACzB,IAAI;AAAA,MACF,KAAK,KAAK;AAAA,MACV,MAAM;AAAA;AAAA,EAKV,OAAO;AAAA;;AC5nBF,SAAS,2BAA2B,CAAC,UAAsD;AAAA,EAChG,MAAM,OAA4B;AAAA,IAChC,UAAU,SAAS;AAAA,IACnB,uBAAuB,SAAS;AAAA,EAClC;AAAA,EACA,IAAI,SAAS;AAAA,IAAiB,KAAK,mBAAmB,SAAS;AAAA,EAC/D,IAAI,SAAS;AAAA,IAAwB,KAAK,2BAA2B,SAAS;AAAA,EAC9E,IAAI,SAAS;AAAA,IACX,KAAK,wCAAwC,SAAS;AAAA,EACxD,IAAI,SAAS;AAAA,IAAc,KAAK,gBAAgB,SAAS;AAAA,EACzD,IAAI,SAAS;AAAA,IAAuB,KAAK,yBAAyB,SAAS;AAAA,EAC3E,IAAI,SAAS;AAAA,IAAmB,KAAK,sBAAsB,SAAS;AAAA,EACpE,IAAI,SAAS;AAAA,IAAgB,KAAK,mBAAmB,SAAS;AAAA,EAC9D,IAAI,SAAS,UAAU;AAAA,IACrB,IAAI,CAAC,sBAAsB,KAAK,SAAS,QAAQ,GAAG;AAAA,MAClD,MAAM,IAAI,MAAM,4EAA4E;AAAA,IAC9F;AAAA,IACA,KAAK,YAAY,SAAS;AAAA,EAC5B;AAAA,EACA,IAAI,SAAS,cAAc;AAAA,IACzB,IAAI,CAAC,sBAAsB,KAAK,SAAS,YAAY,GAAG;AAAA,MACtD,MAAM,IAAI,MAAM,gFAAgF;AAAA,IAClG;AAAA,IACA,KAAK,gBAAgB,SAAS;AAAA,EAChC;AAAA,EACA,IAAI,SAAS,oBAAoB;AAAA,IAC/B,IAAI,CAAC,sBAAsB,KAAK,SAAS,kBAAkB,GAAG;AAAA,MAC5D,MAAM,IAAI,MAAM,wFAAwF;AAAA,IAC1G;AAAA,IACA,KAAK,wBAAwB,SAAS;AAAA,EACxC;AAAA,EACA,IAAI,SAAS,wBAAwB;AAAA,IACnC,IAAI,CAAC,sBAAsB,KAAK,SAAS,sBAAsB,GAAG;AAAA,MAChE,MAAM,IAAI,MAAM,4FAA4F;AAAA,IAC9G;AAAA,IACA,KAAK,4BAA4B,SAAS;AAAA,EAC5C;AAAA,EACA,IAAI,SAAS,oBAAoB;AAAA,IAC/B,KAAK,yBAAyB;AAAA,EAChC;AAAA,EACA,OAAO;AAAA;AAIF,SAAS,aAAa,CAAC,QAAwB;AAAA,EACpD,OAAO,wCAAwC;AAAA;AAI1C,SAAS,0BAA0B,CACxC,aACA,UACA,cACA,oBACA,oBACA,wBACQ;AAAA,EACR,IAAI,SAAS;AAAA,EACb,IAAI,aAAa;AAAA,IACf,UAAU,uBAAuB;AAAA,EACnC;AAAA,EACA,IAAI,UAAU;AAAA,IACZ,UAAU,gBAAgB;AAAA,EAC5B;AAAA,EACA,IAAI,cAAc;AAAA,IAChB,UAAU,oBAAoB;AAAA,EAChC;AAAA,EACA,IAAI,oBAAoB;AAAA,IACtB,UAAU,4BAA4B;AAAA,EACxC;AAAA,EACA,IAAI,wBAAwB;AAAA,IAC1B,UAAU,gCAAgC;AAAA,EAC5C;AAAA,EACA,IAAI,oBAAoB;AAAA,IACtB,UAAU;AAAA,EACZ;AAAA,EACA,OAAO;AAAA;;AC7GF,SAAS,WAAW,CAAC,QAA4B;AAAA,EACtD,MAAM,MAAM,IAAI,WAAW,MAAM;AAAA,EACjC,OAAO,gBAAgB,GAAG;AAAA,EAC1B,OAAO;AAAA;AASF,SAAS,iBAAiB,CAAC,GAAe,GAAwB;AAAA,EACvE,IAAI,EAAE,WAAW,EAAE;AAAA,IAAQ,OAAO;AAAA,EAClC,IAAI,OAAO;AAAA,EACX,SAAS,IAAI,EAAG,IAAI,EAAE,QAAQ;AAAA,IAAK,QAAQ,EAAE,KAAK,EAAE;AAAA,EACpD,OAAO,SAAS;AAAA;AASlB,IAAM,gBAAgB,IAAI;AAiD1B,eAAsB,MAAM,CAAC,MAAuC;AAAA,EAClE,MAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW,IAAoB;AAAA,EACzE,OAAO,IAAI,WAAW,MAAM;AAAA;AAI9B,eAAsB,UAAS,CAAC,MAAmC;AAAA,EACjE,MAAM,QAAQ,MAAM,OAAO,IAAI;AAAA,EAC/B,IAAI,IAAI;AAAA,EACR,SAAS,IAAI,EAAG,IAAI,MAAM,QAAQ;AAAA,IAAK,KAAK,MAAM,GAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EACjF,OAAO;AAAA;;;AChFF,SAAS,kBAAkB,CAAC,SAAyD;AAAA,EAC1F,QAAQ,aAAa;AAAA,EAErB,OAAO,eAAe,YAAY,CAAC,SAAwC;AAAA,IACzE,MAAM,aAAa,QAAQ,QAAQ,IAAI,eAAe,KAAK;AAAA,IAC3D,IAAI,CAAC,WAAW,WAAW,SAAS,GAAG;AAAA,MACrC,MAAM,IAAI,MAAM,yCAAyC;AAAA,IAC3D;AAAA,IACA,MAAM,QAAQ,WAAW,MAAM,CAAC;AAAA,IAChC,OAAO,SAAS,KAAK;AAAA;AAAA;AAKzB,SAAS,SAAS,CAAC,GAAW,GAAoB;AAAA,EAChD,MAAM,MAAM,IAAI;AAAA,EAChB,OAAO,kBAAkB,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC;AAAA;AAShD,SAAS,wBAAwB,CAAC,SAEtB;AAAA,EACjB,MAAM,UACJ,QAAQ,kBAAkB,MAAM,CAAC,GAAG,QAAQ,OAAO,QAAQ,CAAC,IAAI,OAAO,QAAQ,QAAQ,MAAM;AAAA,EAE/F,SAAS,QAAQ,CAAC,OAA4B;AAAA,IAC5C,YAAY,KAAK,QAAQ,SAAS;AAAA,MAChC,IAAI,UAAU,OAAO,GAAG;AAAA,QAAG,OAAO;AAAA,IACpC;AAAA,IACA,MAAM,IAAI,MAAM,sBAAsB;AAAA;AAAA,EAGxC,OAAO,mBAAmB,EAAE,SAAS,CAAC;AAAA;AAaxC,SAAS,iBAAiB,CAAC,MAA4B;AAAA,EACrD,OAAO,gBAAe,SAAS,KAAI,gBAAgB,SAAS,KAAI,SAAS;AAAA;AAapE,SAAS,iBAAiB,IAAI,gBAAkD;AAAA,EACrF,IAAI,eAAe,WAAW,GAAG;AAAA,IAC/B,MAAM,IAAI,MAAM,uDAAuD;AAAA,EACzE;AAAA,EAEA,OAAO,eAAe,YAAY,CAAC,SAAwC;AAAA,IACzE,IAAI,YAA0B;AAAA,IAC9B,WAAW,UAAU,gBAAgB;AAAA,MACnC,IAAI;AAAA,QACF,OAAO,MAAM,OAAO,OAAO;AAAA,QAC3B,OAAO,MAAK;AAAA,QACZ,IAAI,kBAAkB,IAAG,GAAG;AAAA,UAC1B,YAAY;AAAA,UACZ;AAAA,QACF;AAAA,QACA,MAAM;AAAA;AAAA,IAEV;AAAA,IACA,MAAM,QAAQ,IAAI,MAAM,uCAAuC;AAAA,IAC/D,IAAI;AAAA,MAAW,MAAM,QAAQ;AAAA,IAC7B,MAAM;AAAA;AAAA;;AC3FH,SAAS,gBAAe,CAAC,SAA+B;AAAA,EAC7D,OAAO,gBAAsB,OAAM;AAAA;;;ACuB9B,IAAM,kBAAkB,OAAW;AAAA,EACxC,MAAM,QAAQ,KAAK,GAAG,KAAK;AAAA,EAC3B,MAAM,eAAe,KAAK,GAAG,KAAK;AAAA,EAClC,MAAM,cAAc,KAAK,GAAG,KAAK;AAAA,EACjC,MAAM,qBAAqB,OAAO,GAAG,KAAK;AAAA,EAC1C,MAAM,qBAAqB,OAAO,GAAG,KAAK;AAAA,EAC1C,MAAM,cAAc,KAAK,GAAG,KAAK;AAAA,EACjC,MAAM,qBAAqB,OAAO,GAAG,IAAI;AAAA,EACzC,MAAM,eAAe,KAAK,GAAG,IAAI;AACnC,CAAC;AAQD,eAAe,mBAAmB,CAChC,cACA,MAUiB;AAAA,EAKjB,MAAM,MAAM,IAAI;AAAA,EAChB,MAAM,QAAsB,CAAC;AAAA,EAC7B,MAAM,OAAO,CAAC,MAA2B,MAAM,KAAK,OAAO,MAAM,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;AAAA,EAE7F,KAAK,oBAAoB;AAAA,EACzB,KAAK,gBAAgB;AAAA,EACrB,KAAK,GAAG;AAAA,EACR,KAAK,eAAe;AAAA,EACpB,KAAK,GAAG;AAAA,EACR,KAAK,YAAY;AAAA,EACjB,KAAK,GAAG;AAAA,EACR,WAAW,KAAK,MAAM;AAAA,IACpB,KAAK,WAAW,GAAG,EAAI,CAAC;AAAA,IACxB,KAAK,EAAE,IAAI;AAAA,IACX,KAAK,WAAW,GAAG,EAAI,CAAC;AAAA,IACxB,KAAK,EAAE,UAAU;AAAA,IACjB,KAAK,WAAW,GAAG,EAAI,CAAC;AAAA,IACxB,KAAK,EAAE,YAAY,MAAM,GAAG;AAAA,IAC5B,KAAK,WAAW,GAAG,EAAI,CAAC;AAAA,IACxB,KAAK,EAAE,YAAY,MAAM,GAAG;AAAA,IAC5B,KAAK,WAAW,GAAG,EAAI,CAAC;AAAA,IACxB,KAAK,EAAE,eAAe,OAAO,MAAM,EAAE,aAAa,MAAM,GAAG;AAAA,IAC3D,KAAK,WAAW,GAAG,EAAI,CAAC;AAAA,IACxB,KAAK,EAAE,SAAS;AAAA,IAChB,KAAK,WAAW,GAAG,EAAI,CAAC;AAAA,IACxB,KAAK,EAAE,SAAS;AAAA,IAChB,KAAK,WAAW,GAAG,EAAI,CAAC;AAAA,IACxB,IAAI,EAAE;AAAA,MAAW,KAAK,EAAE,SAAS;AAAA,EACnC;AAAA,EAEA,IAAI,QAAQ;AAAA,EACZ,WAAW,KAAK;AAAA,IAAO,SAAS,EAAE;AAAA,EAClC,MAAM,MAAM,IAAI,WAAW,KAAK;AAAA,EAChC,IAAI,MAAM;AAAA,EACV,WAAW,KAAK,OAAO;AAAA,IACrB,IAAI,IAAI,GAAG,GAAG;AAAA,IACd,OAAO,EAAE;AAAA,EACX;AAAA,EACA,OAAO,WAAU,GAAG;AAAA;AAMtB,eAAsB,kBAAkB,CACtC,cACA,SACA,UACA,iBAC6D;AAAA,EAE7D,MAAM,gBAAgB,CAAC,GAAG,QAAQ,QAAQ,CAAC,EAAE,KAAK,EAAE,KAAK,OAAO,EAAE,cAAc,CAAC,CAAC;AAAA,EAElF,MAAM,QAA2B,CAAC;AAAA,EAClC,MAAM,cAAiC,CAAC;AAAA,EACxC,MAAM,aAAwB,CAAC;AAAA,EAC/B,MAAM,gBAAuC,CAAC;AAAA,EAC9C,MAAM,gBAAuC,CAAC;AAAA,EAC9C,MAAM,aAAwB,CAAC;AAAA,EAC/B,MAAM,gBAAuC,CAAC;AAAA,EAC9C,MAAM,cAAkC,CAAC;AAAA,EAEzC,MAAM,WASD,CAAC;AAAA,EAEN,YAAY,MAAM,WAAW,eAAe;AAAA,IAC1C,MAAM,KAAK,IAAI;AAAA,IACf,YAAY,KAAK,OAAO,IAAI;AAAA,IAE5B,MAAM,YAAY,OAAO,SAAS,WAAW,OAAO,aAAa,OAAO,SAAS;AAAA,IACjF,WAAW,KAAK,SAAS;AAAA,IAEzB,MAAM,YAAY,iBAAgB,OAAO,YAAY;AAAA,IACrD,MAAM,YAAY,iBAAgB,OAAO,YAAY;AAAA,IACrD,cAAc,KAAK,SAAS;AAAA,IAC5B,cAAc,KAAK,SAAS;AAAA,IAE5B,MAAM,YAAY,CAAC,CAAC,OAAO;AAAA,IAC3B,WAAW,KAAK,SAAS;AAAA,IACzB,MAAM,YAAY,OAAO,eAAe,iBAAgB,OAAO,YAAY,IAAI;AAAA,IAC/E,cAAc,KAAK,SAAS;AAAA,IAE5B,IAAI;AAAA,IACJ,IAAI,OAAO;AAAA,MAAY,aAAa;AAAA,IAC/B,SAAI,OAAO;AAAA,MAAY,aAAa;AAAA,IACpC;AAAA,mBAAa;AAAA,IAClB,YAAY,KAAK,UAAU;AAAA,IAE3B,SAAS,KAAK;AAAA,MACZ;AAAA,MACA,YAAY,OAAO;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,iBAAiB,iBAAiB;AAAA,IAClD,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,mBAAmB;AAAA,IACnB,mBAAmB;AAAA,IACnB,YAAY;AAAA,IACZ,mBAAmB;AAAA,IACnB,aAAa;AAAA,EACf,CAAC;AAAA,EAED,MAAM,eAAe,MAAM,oBAAoB,cAAc,QAAQ;AAAA,EAErE,MAAM,WAAW,IAAI;AAAA,EACrB,SAAS,IAAI,mBAAmB,YAAY;AAAA,EAC5C,SAAS,IAAI,qBAAqB,eAAe;AAAA,EACjD,SAAS,IAAI,sBAAsB,gBAAgB;AAAA,EACnD,SAAS,IAAI,mBAAmB,YAAY;AAAA,EAC5C,SAAS,IAAI,eAAe,QAAQ;AAAA,EACpC,IAAI,iBAAiB;AAAA,IACnB,SAAS,IAAI,sBAAsB,eAAe;AAAA,EACpD;AAAA,EAEA,MAAM,QAAQ,kBAAkB,WAAW,QAAQ;AAAA,EACnD,OAAO,EAAE,OAAO,SAAS;AAAA;;;AC7LpB,IAAK;AAAA,CAAL,CAAK,gBAAL;AAAA,EAEL,uBAAQ;AAAA,EAER,wBAAS;AAAA,GAJC;AAqBL,IAAK;AAAA,CAAL,CAAK,mBAAL;AAAA,EAEL,yBAAO;AAAA,EAEP,yBAAO;AAAA,EAEP,yBAAO;AAAA,GANG;AAwIZ,IAAM,gBAA6C,IAAI;AAEvD,SAAS,uBAAuB,GAAU;AAAA,EACxC,OAAO,IAAI,MAAM,oFAAoF;AAAA;AAAA;AAOvG,MAAM,qBAAqB,MAAM;AAAA,EAC/B,WAAW,CAAC,SAAiB;AAAA,IAC3B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEhB;AAEA,SAAS,YAAY,CAAC,SAAwB;AAAA,EAC5C,OAAO,IAAI,aAAa,OAAO;AAAA;AAAA;AA6J1B,MAAM,gBAAuC;AAAA,EAC1C,WAA2B,CAAC;AAAA,EAC5B,gBAA+B;AAAA,EAC/B,YAAY;AAAA,EACZ;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB;AAAA,EACrB,mBAAiC,CAAC;AAAA,EAClC,iBAAuC;AAAA,EAGtC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,WAAW,CACT,cACA,eAAe,MACf,WAAW,IACX,YAA2B,MAC3B,aACA,SACA,MAIA,SAKA;AAAA,IACA,KAAK,gBAAgB;AAAA,IACrB,KAAK,gBAAgB;AAAA,IACrB,KAAK,YAAY;AAAA,IACjB,KAAK,aAAa;AAAA,IAClB,KAAK,OAAO,eAAe,YAAY,UAAU;AAAA,IACjD,KAAK,UAAU,WAAW;AAAA,IAC1B,KAAK,OAAO;AAAA,IACZ,KAAK,yBAAyB,SAAS;AAAA,IACvC,KAAK,qCAAqC,SAAS;AAAA,IACnD,KAAK,yBAAyB,SAAS;AAAA;AAAA,EASzC,gBAAgB,GAAS;AAAA,IACvB,KAAK,qBAAqB;AAAA;AAAA,EAO5B,oBAAoB,GAAiB;AAAA,IACnC,MAAM,UAAU,KAAK;AAAA,IACrB,KAAK,mBAAmB,CAAC;AAAA,IACzB,OAAO;AAAA;AAAA,EAGT,SAAS,CAAC,MAAc,OAAe,OAA2B;AAAA,IAChE,IAAI,CAAC,KAAK;AAAA,MAAoB,MAAM,wBAAwB;AAAA,IAC5D,KAAK,iBAAiB,KAAK;AAAA,MACzB;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,SACJ,SAAS,CAAC;AAAA,IAChB,CAAC;AAAA;AAAA,EAGH,YAAY,CAAC,MAAc,MAAiD;AAAA,IAC1E,IAAI,CAAC,KAAK;AAAA,MAAoB,MAAM,wBAAwB;AAAA,IAC5D,KAAK,iBAAiB,KAAK;AAAA,MACzB;AAAA,MACA,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,MAAM,MAAM;AAAA,MACZ,QAAQ,MAAM;AAAA,IAChB,CAAC;AAAA;AAAA,EAKH,mBAAmB,CAAC,KAA0B;AAAA,IAC5C,KAAK,iBAAiB;AAAA;AAAA,MAGpB,OAAO,GAAmB;AAAA,IAC5B,OAAO,KAAK,gBAAgB,SAAS;AAAA;AAAA,MAGnC,SAAS,GAAkB;AAAA,IAC7B,OAAO,KAAK,gBAAgB,aAAa;AAAA;AAAA,EAG3C,WAAW,CAAC,OAAgB,KAAoB;AAAA,IAC9C,MAAM,OAAO,KAAK;AAAA,IAClB,IAAI,CAAC,MAAM;AAAA,MACT,MAAM,aAAa,iDAAiD;AAAA,IACtE;AAAA,IACA,IAAI,CAAC,KAAK,aAAa;AAAA,MACrB,MAAM,aACJ,8CACE,qEACA,+CACJ;AAAA,IACF;AAAA,IACA,IAAI,KAAK,UAAU,MAAM;AAAA,MACvB,MAAM,aAAa,qDAAqD;AAAA,IAC1E;AAAA,IACA,KAAK,MAAM,OAAO,GAAG;AAAA,IACrB,KAAK,SAAS;AAAA;AAAA,EAGhB,YAAY,GAAS;AAAA,IACnB,MAAM,OAAO,KAAK;AAAA,IAClB,IAAI,CAAC,MAAM;AAAA,MACT,MAAM,aAAa,iDAAiD;AAAA,IACtE;AAAA,IACA,KAAK,OAAO;AAAA,IACZ,KAAK,SAAS;AAAA;AAAA,MAIZ,YAAY,GAAc;AAAA,IAC5B,OAAO,KAAK;AAAA;AAAA,MAIV,QAAQ,GAAY;AAAA,IACtB,OAAO,KAAK;AAAA;AAAA,MAKV,OAAO,GAAmB;AAAA,IAC5B,OAAO,KAAK;AAAA;AAAA,EAOd,IAAI,CAAC,gBAAkD,UAAsC;AAAA,IAC3F,IAAI;AAAA,IACJ,IAAI,QAAQ,cAAc,GAAG;AAAA,MAC3B,QAAQ;AAAA,IACV,EAAO;AAAA,MACL,MAAM,UAAU,YAAY,KAAK,eAAe,cAAuC;AAAA,MAEvF,MAAM,OAA8B,CAAC;AAAA,MACrC,WAAW,KAAK,KAAK,cAAc,QAAQ;AAAA,QACzC,MAAM,IAAI,QAAQ,EAAE;AAAA,QACpB,KAAK,EAAE,QAAQ,MAAM,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC;AAAA,MAC1C;AAAA,MACA,QAAQ,iBAAiB,KAAK,eAAe,IAAI;AAAA;AAAA,IAEnD,IAAI,KAAK,kBAAkB,MAAM;AAAA,MAC/B,MAAM,IAAI,MAAM,6CAA6C;AAAA,IAC/D;AAAA,IACA,KAAK,gBAAgB,KAAK,SAAS;AAAA,IACnC,KAAK,SAAS,KAAK,EAAE,OAAO,SAAS,CAAC;AAAA;AAAA,EAIxC,OAAO,CAAC,QAAmC;AAAA,IACzC,MAAM,UAAiC,CAAC;AAAA,IACxC,YAAY,KAAK,UAAU,OAAO,QAAQ,MAAM,GAAG;AAAA,MACjD,QAAQ,OAAO,CAAC,KAAK;AAAA,IACvB;AAAA,IACA,KAAK,KAAK,OAAO;AAAA;AAAA,EAInB,MAAM,GAAS;AAAA,IACb,IAAI,CAAC,KAAK,eAAe;AAAA,MACvB,MAAM,IAAI,MACR,kDAAkD,4DACpD;AAAA,IACF;AAAA,IACA,KAAK,YAAY;AAAA;AAAA,EAInB,SAAS,CAAC,OAAe,SAAiB,OAAsC;AAAA,IAC9E,MAAM,QAAQ,cAAc,KAAK,eAAe,OAAO,SAAS,OAAO,KAAK,WAAW,KAAK,UAAU;AAAA,IACtG,KAAK,SAAS,KAAK,EAAE,MAAM,CAAC;AAAA;AAEhC;;;AChhBA,eAAe,aAAa,CAC1B,MACA,WACA,eACkC;AAAA,EAClC,MAAM,KAAK,UAAU,SAAS,UAAU;AAAA,EACxC,MAAM,KAAK,UAAU,SAAS,UAAU;AAAA,EAGxC,MAAM,OAAO,IAAI,WAAW,KAAK,UAAU;AAAA,EAC3C,KAAK,IAAI,IAAI;AAAA,EACb,MAAM,gBAAgB,YAAY;AAAA,IAChC,MAAM,GAAG,MAAM,IAAoB;AAAA,IACnC,MAAM,GAAG,MAAM;AAAA,KACd;AAAA,EACH,MAAM,SAAuB,CAAC;AAAA,EAC9B,IAAI,QAAQ;AAAA,EACZ,OAAO,MAAM;AAAA,IACX,QAAQ,OAAO,SAAS,MAAM,GAAG,KAAK;AAAA,IACtC,IAAI;AAAA,MAAM;AAAA,IACV,MAAM,QAAQ;AAAA,IACd,SAAS,MAAM;AAAA,IACf,IAAI,iBAAiB,QAAQ,QAAQ,eAAe;AAAA,MAClD,MAAM,IAAI,MAAM,2BAA2B,uBAAuB,gBAAgB;AAAA,IACpF;AAAA,IACA,OAAO,KAAK,KAAK;AAAA,EACnB;AAAA,EACA,MAAM;AAAA,EACN,MAAM,MAAM,IAAI,WAAW,KAAK;AAAA,EAChC,IAAI,SAAS;AAAA,EACb,WAAW,KAAK,QAAQ;AAAA,IACtB,IAAI,IAAI,GAAG,MAAM;AAAA,IACjB,UAAU,EAAE;AAAA,EACd;AAAA,EACA,OAAO;AAAA;AAST,eAAsB,cAAc,CAAC,MAAkB,eAA0D;AAAA,EAC/G,OAAO,cAAc,MAAM,IAAI,oBAAoB,MAAM,GAAG,aAAa;AAAA;AAI3E,eAAsB,YAAY,CAAC,MAAkB,QAAmD;AAAA,EACtG,OAAO,cAAc,MAAM,IAAI,kBAAkB,MAAM,CAAC;AAAA;;;ACzC1D;;;ACIO,SAAS,uBAAuB,CAAC,MAA4B;AAAA,EAClE,OACE,OAAO,IAAI,KACX,OAAO,IAAI,KACX,YAAY,IAAI,KAChB,WAAW,IAAI,KACf,UAAU,IAAI,KACd,YAAY,IAAI,KAChB,cAAc,IAAI,KAClB,kBAAkB,IAAI,KACtB,aAAa,IAAI;AAAA;;;ACbd,SAAS,YAAY,CAAC,SAAmB,OAAgC;AAAA,EAC9E,MAAM,WAAgC,MAAM,YAAY,IAAI;AAAA,EAE5D,MAAM,aAAa,SAAS,IAAI,cAAc;AAAA,EAC9C,IAAI,eAAe,WAAW;AAAA,IAC5B,MAAM,IAAI,SACR,iBACA,gEACE,2FACA,2CACF,EACF;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,SAAS,IAAI,mBAAmB;AAAA,EAChD,IAAI,YAAY,WAAW;AAAA,IACzB,MAAM,IAAI,aACR,yEACE,+DAA+D,mBACnE;AAAA,EACF;AAAA,EACA,IAAI,YAAY,iBAAiB;AAAA,IAC/B,MAAM,IAAI,aACR,gCAAgC,uBAAuB,uBACrD,+DAA+D,mBACnE;AAAA,EACF;AAAA,EAEA,MAAM,YAAY,SAAS,IAAI,cAAc,KAAK;AAAA,EAGlD,MAAM,SAA8B,CAAC;AAAA,EACrC,IAAI,QAAO,OAAO,SAAS,KAAK,MAAM,YAAY,GAAG;AAAA,IACnD,MAAM,IAAI,SACR,iBACA,wCAAwC,MAAM,cAC5C,gFACF,EACF;AAAA,EACF;AAAA,EAQA,MAAM,uBAAuB,QAAQ;AAAA,EACrC,SAAS,IAAI,EAAG,IAAI,QAAO,OAAO,QAAQ,KAAK;AAAA,IAC7C,MAAM,SAAQ,QAAO,OAAO;AAAA,IAC5B,IAAI,yBAAyB,MAAM,OAAM,IAAI,KAAK,wBAAwB,OAAM,IAAI,IAAI;AAAA,MACtF,MAAM,MAAM,MAAM,WAAW,CAAC;AAAA,MAC9B,OAAO,OAAM,QAAS,IAAY,OAAO,MAAM,IAAI,IAAI,CAAC;AAAA,MACxD;AAAA,IACF;AAAA,IACA,IAAI,QAAQ,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC;AAAA,IAgBtC,IAAI,iBAAiB,eAAe,wBAAwB,OAAM,IAAI,GAAG;AAAA,MAKvE,IAAI;AAAA,QACF,QAAQ,OAAQ,MAA4C,SAAS,CAAC;AAAA,QACtE,MAAM;AAAA,IAGV;AAAA,IAOA,IAAI,OAAO,UAAU,YAAY,CAAC,wBAAwB,OAAM,IAAI,GAAG;AAAA,MACrE,IAAI,SAAS,OAAO,OAAO,gBAAgB,KAAK,SAAS,OAAO,OAAO,gBAAgB,GAAG;AAAA,QACxF,QAAQ,OAAO,KAAK;AAAA,MACtB;AAAA,IACF;AAAA,IACA,OAAO,OAAM,QAAQ;AAAA,EACvB;AAAA,EAEA,OAAO;AAAA,IACL;AAAA,IACA,gBAAgB;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa;AAAA,EACf;AAAA;AAUK,SAAS,aAAa,CAC3B,QACA,UACqB;AAAA,EACrB,IAAI,CAAC;AAAA,IAAU,OAAO;AAAA,EACtB,WAAW,OAAO,OAAO,KAAK,QAAQ,GAAG;AAAA,IACvC,IAAI,OAAO,QAAQ,MAAM;AAAA,MACvB,OAAO,OAAO,SAAS;AAAA,IACzB;AAAA,EACF;AAAA,EACA,OAAO;AAAA;;;AChIT;AAAO,SAAS,OAAO,CAAC,GAAG;AAAA,EAKvB,OAAQ,aAAa,cAChB,YAAY,OAAO,CAAC,KACjB,EAAE,YAAY,SAAS,gBACvB,uBAAuB,KACvB,EAAE,sBAAsB;AAAA;AAa7B,SAAS,KAAK,CAAC,GAAG;AAAA,EACrB,IAAI,OAAO,MAAM;AAAA,IACb,MAAM,IAAI,UAAU,yBAAyB,GAAG;AAAA;AAcjD,SAAS,OAAO,CAAC,GAAG;AAAA,EACvB,IAAI,OAAO,MAAM;AAAA,IACb,MAAM,IAAI,UAAU,0BAA0B,OAAO,CAAC;AAAA,EAC1D,IAAI,CAAC,OAAO,cAAc,CAAC,KAAK,IAAI;AAAA,IAChC,MAAM,IAAI,WAAW,oCAAoC,CAAC;AAAA;AAkB3D,SAAS,MAAM,CAAC,OAAO,QAAQ,QAAQ,IAAI;AAAA,EAC9C,MAAM,QAAQ,QAAQ,KAAK;AAAA,EAC3B,MAAM,MAAM,OAAO;AAAA,EACnB,MAAM,WAAW,WAAW;AAAA,EAC5B,IAAI,CAAC,SAAU,YAAY,QAAQ,QAAS;AAAA,IACxC,MAAM,SAAS,SAAS,IAAI;AAAA,IAC5B,MAAM,QAAQ,WAAW,cAAc,WAAW;AAAA,IAClD,MAAM,MAAM,QAAQ,UAAU,QAAQ,QAAQ,OAAO;AAAA,IACrD,MAAM,UAAU,SAAS,wBAAwB,QAAQ,WAAW;AAAA,IACpE,IAAI,CAAC;AAAA,MACD,MAAM,IAAI,UAAU,OAAO;AAAA,IAC/B,MAAM,IAAI,WAAW,OAAO;AAAA,EAChC;AAAA,EACA,OAAO;AAAA;AAeJ,SAAS,OAAO,CAAC,UAAU,gBAAgB,MAAM;AAAA,EACpD,IAAI,SAAS;AAAA,IACT,MAAM,IAAI,MAAM,kCAAkC;AAAA,EACtD,IAAI,iBAAiB,SAAS;AAAA,IAC1B,MAAM,IAAI,MAAM,uCAAuC;AAAA;AAmBxD,SAAS,OAAO,CAAC,KAAK,UAAU,cAAc,OAAO;AAAA,EACxD,OAAO,KAAK,WAAW,QAAQ;AAAA,EAC/B,MAAM,MAAM,SAAS;AAAA,EACrB,IAAI,IAAI,SAAS,KAAK;AAAA,IAClB,MAAM,IAAI,WAAW,2DAA2D,GAAG;AAAA,EACvF;AAAA,EACA,IAAI,eAAe,CAAC,YAAY,GAAG;AAAA,IAC/B,MAAM,IAAI,MAAM,iCAAiC;AAAA;AA4BlD,SAAS,GAAG,CAAC,KAAK;AAAA,EACrB,OAAO,IAAI,YAAY,IAAI,QAAQ,IAAI,YAAY,KAAK,MAAM,IAAI,aAAa,CAAC,CAAC;AAAA;AAc9E,SAAS,KAAK,IAAI,QAAQ;AAAA,EAC7B,SAAS,IAAI,EAAG,IAAI,OAAO,QAAQ,KAAK;AAAA,IACpC,OAAO,GAAG,KAAK,CAAC;AAAA,EACpB;AAAA;AAaG,SAAS,UAAU,CAAC,KAAK;AAAA,EAC5B,OAAO,IAAI,SAAS,IAAI,QAAQ,IAAI,YAAY,IAAI,UAAU;AAAA;AAM3D,IAAM,wBAAwB,MAAM,IAAI,WAAW,IAAI,YAAY,CAAC,SAAU,CAAC,EAAE,MAAM,EAAE,OAAO,IAAM;AAYtG,IAAM,WAAW,CAAC,SAAW,QAAQ,KAAM,aAC5C,QAAQ,IAAK,WACb,SAAS,IAAK,QACd,SAAS,KAAM;AAYd,IAAM,YAAY,OACnB,CAAC,MAAM,IACP,CAAC,MAAM,SAAS,CAAC,MAAM;AAYtB,IAAM,aAAa,CAAC,QAAQ;AAAA,EAC/B,SAAS,IAAI,EAAG,IAAI,IAAI,QAAQ;AAAA,IAC5B,IAAI,KAAK,SAAS,IAAI,EAAE;AAAA,EAC5B,OAAO;AAAA;AAaJ,IAAM,aAAa,OACpB,CAAC,MAAM,IACP;AAsQC,SAAS,SAAS,CAAC,UAAU,MAAM;AAAA,EACtC,IAAI,QAAQ,QAAQ,OAAO,SAAS;AAAA,IAChC,MAAM,IAAI,MAAM,yBAAyB;AAAA,EAC7C,MAAM,SAAS,OAAO,OAAO,UAAU,IAAI;AAAA,EAC3C,OAAO;AAAA;AAcJ,SAAS,UAAU,CAAC,GAAG,GAAG;AAAA,EAC7B,IAAI,EAAE,WAAW,EAAE;AAAA,IACf,OAAO;AAAA,EACX,IAAI,OAAO;AAAA,EACX,SAAS,IAAI,EAAG,IAAI,EAAE,QAAQ;AAAA,IAC1B,QAAQ,EAAE,KAAK,EAAE;AAAA,EACrB,OAAO,SAAS;AAAA;AAWb,SAAS,kBAAkB,CAAC,QAAQ,SAAS,SAAS;AAAA,EACzD,MAAM,MAAM;AAAA,EACZ,MAAM,UAAW,YAAY,MAAM,CAAC;AAAA,EACpC,MAAM,OAAO,CAAC,KAAK,QAAQ,IAAI,KAAK,GAAG,QAAQ,GAAG,CAAC,EAC9C,OAAO,GAAG,EACV,OAAO;AAAA,EACZ,MAAM,MAAM,IAAI,IAAI,WAAW,MAAM,GAAG,GAAG,QAAQ,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,EACrE,KAAK,YAAY,IAAI;AAAA,EACrB,KAAK,WAAW,IAAI;AAAA,EACpB,KAAK,SAAS,CAAC,QAAQ,SAAS,IAAI,KAAK,GAAG,IAAI;AAAA,EAChD,OAAO;AAAA;AAaJ,IAAM,aAAa,CAAC,QAAQ,gBAAgB;AAAA,EAC/C,SAAS,aAAa,CAAC,QAAQ,MAAM;AAAA,IAEjC,OAAO,KAAK,WAAW,KAAK;AAAA,IAE5B,IAAI,OAAO,gBAAgB,WAAW;AAAA,MAClC,MAAM,QAAQ,KAAK;AAAA,MACnB,OAAO,OAAO,OAAO,eAAe,YAAY,OAAO,aAAa,OAAO;AAAA,IAC/E;AAAA,IAEA,MAAM,OAAO,OAAO;AAAA,IACpB,IAAI,QAAQ,KAAK,OAAO;AAAA,MACpB,OAAO,KAAK,IAAI,WAAW,KAAK;AAAA,IACpC,MAAM,SAAS,YAAY,KAAK,GAAG,IAAI;AAAA,IACvC,MAAM,cAAc,CAAC,UAAU,WAAW;AAAA,MACtC,IAAI,WAAW,WAAW;AAAA,QACtB,IAAI,aAAa;AAAA,UACb,MAAM,IAAI,MAAM,6BAA6B;AAAA,QACjD,OAAO,QAAQ,WAAW,QAAQ;AAAA,MACtC;AAAA;AAAA,IAGJ,IAAI,SAAS;AAAA,IACb,MAAM,WAAW;AAAA,MACb,OAAO,CAAC,MAAM,QAAQ;AAAA,QAClB,IAAI;AAAA,UACA,MAAM,IAAI,MAAM,8CAA8C;AAAA,QAClE,SAAS;AAAA,QACT,OAAO,IAAI;AAAA,QACX,YAAY,OAAO,QAAQ,QAAQ,MAAM;AAAA,QACzC,OAAO,OAAO,QAAQ,MAAM,MAAM;AAAA;AAAA,MAEtC,OAAO,CAAC,MAAM,QAAQ;AAAA,QAClB,OAAO,IAAI;AAAA,QACX,IAAI,QAAQ,KAAK,SAAS;AAAA,UACtB,MAAM,IAAI,MAAM,wDAAwD,IAAI;AAAA,QAChF,YAAY,OAAO,QAAQ,QAAQ,MAAM;AAAA,QACzC,OAAO,OAAO,QAAQ,MAAM,MAAM;AAAA;AAAA,IAE1C;AAAA,IACA,OAAO;AAAA;AAAA,EAEX,OAAO,OAAO,eAAe,MAAM;AAAA,EACnC,OAAO;AAAA;AAkBJ,SAAS,SAAS,CAAC,gBAAgB,KAAK,cAAc,MAAM;AAAA,EAC/D,IAAI,QAAQ;AAAA,IACR,OAAO,IAAI,WAAW,cAAc;AAAA,EAExC,OAAO,KAAK,WAAW,QAAQ;AAAA,EAC/B,IAAI,IAAI,WAAW;AAAA,IACf,MAAM,IAAI,MAAM,4CAA4C,iBAAiB,YAAY,IAAI,MAAM;AAAA,EACvG,IAAI,eAAe,CAAC,YAAY,GAAG;AAAA,IAC/B,MAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD,OAAO;AAAA;AAmBJ,SAAS,UAAU,CAAC,YAAY,WAAW,OAAM;AAAA,EAEpD,QAAQ,UAAU;AAAA,EAClB,QAAQ,SAAS;AAAA,EACjB,MAAM,KAAI;AAAA,EACV,MAAM,MAAM,IAAI,WAAW,EAAE;AAAA,EAC7B,MAAM,OAAO,WAAW,GAAG;AAAA,EAC3B,KAAK,aAAa,GAAG,OAAO,SAAS,GAAG,KAAI;AAAA,EAC5C,KAAK,aAAa,GAAG,OAAO,UAAU,GAAG,KAAI;AAAA,EAC7C,OAAO;AAAA;AAaJ,SAAS,WAAW,CAAC,OAAO;AAAA,EAC/B,OAAO,MAAM,aAAa,MAAM;AAAA;AAc7B,SAAS,SAAS,CAAC,OAAO;AAAA,EAG7B,OAAO,WAAW,KAAK,OAAO,KAAK,CAAC;AAAA;;;ACzpBxC,IAAM,YAAY,CAAC,QAAQ,WAAW,KAAK,IAAI,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAKhF,IAAM,8BAA8B,MAAM,WAAW,IAAI,UAAU,kBAAkB,CAAC,CAAC,GAAG;AAG1F,IAAM,8BAA8B,MAAM,WAAW,IAAI,UAAU,kBAAkB,CAAC,CAAC,GAAG;AAYnF,SAAS,IAAI,CAAC,GAAG,GAAG;AAAA,EACvB,OAAQ,KAAK,IAAM,MAAO,KAAK;AAAA;AAGnC,IAAM,YAAY;AAElB,IAAM,cAAc;AAcpB,IAAM,+BAA+B,MAAM,KAAK,KAAK,GAAG;AACxD,IAAM,4BAA4B,YAAY,GAAG;AACjD,SAAS,SAAS,CAAC,MAAM,OAAO,KAAK,OAAO,MAAM,QAAQ,SAAS,QAAQ;AAAA,EACvE,MAAM,MAAM,KAAK;AAAA,EACjB,MAAM,QAAQ,IAAI,WAAW,SAAS;AAAA,EACtC,MAAM,MAAM,IAAI,KAAK;AAAA,EAErB,MAAM,YAAY,QAAQ,YAAY,IAAI,KAAK,YAAY,MAAM;AAAA,EACjE,MAAM,MAAM,YAAY,IAAI,IAAI,IAAI;AAAA,EACpC,MAAM,MAAM,YAAY,IAAI,MAAM,IAAI;AAAA,EAGtC,IAAI,CAAC,MAAM;AAAA,IACP,SAAS,MAAM,EAAG,MAAM,KAAK,WAAW;AAAA,MACpC,KAAK,OAAO,KAAK,OAAO,KAAK,SAAS,MAAM;AAAA,MAE5C,WAAW,GAAG;AAAA,MACd,IAAI,WAAW;AAAA,QACX,MAAM,IAAI,MAAM,uBAAuB;AAAA,MAC3C,MAAM,OAAO,KAAK,IAAI,WAAW,MAAM,GAAG;AAAA,MAC1C,SAAS,IAAI,GAAG,KAAM,IAAI,MAAM,KAAK;AAAA,QACjC,OAAO,MAAM;AAAA,QACb,OAAO,QAAQ,KAAK,QAAQ,MAAM;AAAA,MACtC;AAAA,MACA,OAAO;AAAA,IACX;AAAA,IACA;AAAA,EACJ;AAAA,EACA,SAAS,MAAM,EAAG,MAAM,KAAK,WAAW;AAAA,IACpC,KAAK,OAAO,KAAK,OAAO,KAAK,SAAS,MAAM;AAAA,IAE5C,IAAI,WAAW;AAAA,MACX,MAAM,IAAI,MAAM,uBAAuB;AAAA,IAC3C,MAAM,OAAO,KAAK,IAAI,WAAW,MAAM,GAAG;AAAA,IAE1C,IAAI,aAAa,SAAS,WAAW;AAAA,MACjC,MAAM,QAAQ,MAAM;AAAA,MACpB,IAAI,MAAM,MAAM;AAAA,QACZ,MAAM,IAAI,MAAM,6BAA6B;AAAA,MACjD,SAAS,IAAI,GAAG,KAAM,IAAI,aAAa,KAAK;AAAA,QACxC,OAAO,QAAQ;AAAA,QACf,IAAI,QAAQ,IAAI,QAAQ,IAAI;AAAA,MAChC;AAAA,MACA,OAAO;AAAA,MACP;AAAA,IACJ;AAAA,IACA,SAAS,IAAI,GAAG,KAAM,IAAI,MAAM,KAAK;AAAA,MACjC,OAAO,MAAM;AAAA,MACb,OAAO,QAAQ,KAAK,QAAQ,MAAM;AAAA,IACtC;AAAA,IACA,OAAO;AAAA,EACX;AAAA;AAUG,SAAS,YAAY,CAAC,MAAM,MAAM;AAAA,EACrC,QAAQ,gBAAgB,eAAe,eAAe,cAAc,WAAW,UAAU,EAAE,gBAAgB,OAAO,eAAe,GAAG,cAAc,OAAO,QAAQ,GAAG,GAAG,IAAI;AAAA,EAC3K,IAAI,OAAO,SAAS;AAAA,IAChB,MAAM,IAAI,MAAM,yBAAyB;AAAA,EAC7C,QAAQ,aAAa;AAAA,EACrB,QAAQ,MAAM;AAAA,EACd,MAAM,YAAY;AAAA,EAClB,MAAM,cAAc;AAAA,EACpB,OAAO,CAAC,KAAK,OAAO,MAAM,QAAQ,UAAU,MAAM;AAAA,IAC9C,OAAO,KAAK,WAAW,KAAK;AAAA,IAC5B,OAAO,OAAO,WAAW,OAAO;AAAA,IAChC,OAAO,MAAM,WAAW,MAAM;AAAA,IAC9B,MAAM,MAAM,KAAK;AAAA,IAGjB,SAAS,UAAU,KAAK,QAAQ,KAAK;AAAA,IACrC,QAAQ,OAAO;AAAA,IAEf,IAAI,UAAU,KAAK,WAAW;AAAA,MAC1B,MAAM,IAAI,MAAM,uBAAuB;AAAA,IAC3C,MAAM,UAAU,CAAC;AAAA,IAIjB,IAAI,IAAI,IAAI;AAAA,IACZ,IAAI;AAAA,IACJ,IAAI;AAAA,IACJ,IAAI,MAAM,IAAI;AAAA,MAGV,QAAQ,KAAM,IAAI,UAAU,GAAG,CAAE;AAAA,MACjC,QAAQ;AAAA,IACZ,EACK,SAAI,MAAM,MAAM,gBAAgB;AAAA,MACjC,IAAI,IAAI,WAAW,EAAE;AAAA,MACrB,EAAE,IAAI,GAAG;AAAA,MACT,EAAE,IAAI,KAAK,EAAE;AAAA,MACb,QAAQ;AAAA,MACR,QAAQ,KAAK,CAAC;AAAA,IAClB,EACK;AAAA,MACD,OAAO,KAAK,IAAI,SAAS;AAAA,MACzB,MAAM,IAAI,MAAM,kBAAkB;AAAA;AAAA,IAWtC,IAAI,CAAC,QAAQ,CAAC,YAAY,KAAK;AAAA,MAC3B,QAAQ,KAAM,QAAQ,UAAU,KAAK,CAAE;AAAA,IAC3C,IAAI,MAAM,IAAI,CAAC;AAAA,IAEf,IAAI,eAAe;AAAA,MACf,IAAI,MAAM,WAAW;AAAA,QACjB,MAAM,IAAI,MAAM,sCAAsC;AAAA,MAC1D,MAAM,MAAM,MAAM,SAAS,GAAG,EAAE;AAAA,MAChC,IAAI;AAAA,QACA,cAAc,OAAO,KAAK,IAAI,GAAG,GAAG,GAAG;AAAA,MACtC;AAAA,QACD,MAAM,WAAW,WAAW,YAAY,KAAK,KAAK,CAAC;AAAA,QACnD,cAAc,UAAU,KAAK,IAAI,GAAG,GAAG,GAAG;AAAA,QAC1C,MAAM,QAAQ;AAAA,QACd,WAAW,GAAG;AAAA;AAAA,MAElB,QAAQ,MAAM,SAAS,EAAE;AAAA,IAC7B,EACK,SAAI,CAAC;AAAA,MACN,WAAW,GAAG;AAAA,IAElB,MAAM,aAAa,KAAK;AAAA,IACxB,IAAI,eAAe,MAAM;AAAA,MACrB,MAAM,IAAI,MAAM,sBAAsB,wBAAwB;AAAA,IAGlE,IAAI,eAAe,IAAI;AAAA,MACnB,MAAM,KAAK,IAAI,WAAW,EAAE;AAAA,MAC5B,GAAG,IAAI,OAAO,eAAe,IAAI,KAAK,MAAM,MAAM;AAAA,MAClD,QAAQ;AAAA,MACR,QAAQ,KAAK,KAAK;AAAA,IACtB;AAAA,IACA,MAAM,MAAM,WAAW,IAAI,KAAK,CAAC;AAAA,IAGjC,IAAI;AAAA,MACA,UAAU,MAAM,OAAO,KAAK,KAAK,MAAM,QAAQ,SAAS,MAAM;AAAA,MAC9D,OAAO;AAAA,cAEX;AAAA,MACI,MAAM,GAAG,OAAO;AAAA;AAAA;AAAA;;;ACvN5B,SAAS,MAAM,CAAC,GAAG,GAAG;AAAA,EAClB,OAAQ,EAAE,OAAO,OAAU,EAAE,OAAO,QAAS;AAAA;AAiE1C,MAAM,SAAS;AAAA,EAClB,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,SAAS,IAAI,WAAW,EAAE;AAAA,EAC1B,IAAI,IAAI,YAAY,EAAE;AAAA,EACtB,IAAI,IAAI,YAAY,EAAE;AAAA,EACtB,MAAM,IAAI,YAAY,CAAC;AAAA,EACvB,MAAM;AAAA,EACN,WAAW;AAAA,EACX,YAAY;AAAA,EAEZ,WAAW,CAAC,KAAK;AAAA,IACb,MAAM,UAAU,OAAO,KAAK,IAAI,KAAK,CAAC;AAAA,IACtC,MAAM,KAAK,OAAO,KAAK,CAAC;AAAA,IACxB,MAAM,KAAK,OAAO,KAAK,CAAC;AAAA,IACxB,MAAM,KAAK,OAAO,KAAK,CAAC;AAAA,IACxB,MAAM,KAAK,OAAO,KAAK,CAAC;AAAA,IACxB,MAAM,KAAK,OAAO,KAAK,CAAC;AAAA,IACxB,MAAM,KAAK,OAAO,KAAK,EAAE;AAAA,IACzB,MAAM,KAAK,OAAO,KAAK,EAAE;AAAA,IACzB,MAAM,KAAK,OAAO,KAAK,EAAE;AAAA,IAKzB,KAAK,EAAE,KAAK,KAAK;AAAA,IACjB,KAAK,EAAE,MAAO,OAAO,KAAO,MAAM,KAAM;AAAA,IACxC,KAAK,EAAE,MAAO,OAAO,KAAO,MAAM,KAAM;AAAA,IACxC,KAAK,EAAE,MAAO,OAAO,IAAM,MAAM,KAAM;AAAA,IACvC,KAAK,EAAE,MAAO,OAAO,IAAM,MAAM,MAAO;AAAA,IACxC,KAAK,EAAE,KAAM,OAAO,IAAK;AAAA,IACzB,KAAK,EAAE,MAAO,OAAO,KAAO,MAAM,KAAM;AAAA,IACxC,KAAK,EAAE,MAAO,OAAO,KAAO,MAAM,KAAM;AAAA,IACxC,KAAK,EAAE,MAAO,OAAO,IAAM,MAAM,KAAM;AAAA,IACvC,KAAK,EAAE,KAAM,OAAO,IAAK;AAAA,IACzB,SAAS,IAAI,EAAG,IAAI,GAAG;AAAA,MACnB,KAAK,IAAI,KAAK,OAAO,KAAK,KAAK,IAAI,CAAC;AAAA;AAAA,EAE5C,OAAO,CAAC,MAAM,QAAQ,SAAS,OAAO;AAAA,IAIlC,MAAM,QAAQ,SAAS,IAAI,KAAK;AAAA,IAChC,QAAQ,GAAG,MAAM;AAAA,IACjB,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,EAAE;AAAA,IACb,MAAM,KAAK,OAAO,MAAM,SAAS,CAAC;AAAA,IAClC,MAAM,KAAK,OAAO,MAAM,SAAS,CAAC;AAAA,IAClC,MAAM,KAAK,OAAO,MAAM,SAAS,CAAC;AAAA,IAClC,MAAM,KAAK,OAAO,MAAM,SAAS,CAAC;AAAA,IAClC,MAAM,KAAK,OAAO,MAAM,SAAS,CAAC;AAAA,IAClC,MAAM,KAAK,OAAO,MAAM,SAAS,EAAE;AAAA,IACnC,MAAM,KAAK,OAAO,MAAM,SAAS,EAAE;AAAA,IACnC,MAAM,KAAK,OAAO,MAAM,SAAS,EAAE;AAAA,IACnC,IAAI,KAAK,EAAE,MAAM,KAAK;AAAA,IACtB,IAAI,KAAK,EAAE,OAAQ,OAAO,KAAO,MAAM,KAAM;AAAA,IAC7C,IAAI,KAAK,EAAE,OAAQ,OAAO,KAAO,MAAM,KAAM;AAAA,IAC7C,IAAI,KAAK,EAAE,OAAQ,OAAO,IAAM,MAAM,KAAM;AAAA,IAC5C,IAAI,KAAK,EAAE,OAAQ,OAAO,IAAM,MAAM,MAAO;AAAA,IAC7C,IAAI,KAAK,EAAE,MAAO,OAAO,IAAK;AAAA,IAC9B,IAAI,KAAK,EAAE,OAAQ,OAAO,KAAO,MAAM,KAAM;AAAA,IAC7C,IAAI,KAAK,EAAE,OAAQ,OAAO,KAAO,MAAM,KAAM;AAAA,IAC7C,IAAI,KAAK,EAAE,OAAQ,OAAO,IAAM,MAAM,KAAM;AAAA,IAC5C,IAAI,KAAK,EAAE,MAAO,OAAO,IAAK;AAAA,IAC9B,IAAI,IAAI;AAAA,IACR,IAAI,KAAK,IAAI,KAAK,KAAK,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IACjF,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IAChF,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,IAAI,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IAC3E,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IAChF,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,IAAI,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IACrE,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IAChF,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,IAAI,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,MAAM,IAAI;AAAA,IAC/D,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IAChF,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,IAAI,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK;AAAA,IAC1D,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IAChF,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,IAAI,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK;AAAA,IAC1D,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,KAAK,KAAK,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IAC1E,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,IAAI,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK;AAAA,IAC1D,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,KAAK,KAAK,KAAK,KAAK,MAAM,IAAI,MAAM,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IACpE,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,IAAI,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK;AAAA,IAC1D,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,MAAM,IAAI,MAAM,MAAM,IAAI;AAAA,IAC9D,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,IAAI,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK;AAAA,IAC1D,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,MAAM,IAAI;AAAA,IACxD,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,IAAI,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK;AAAA,IAC1D,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK;AAAA,IACnD,KAAK,OAAO;AAAA,IACZ,MAAM;AAAA,IACN,KAAM,KAAK,KAAK,IAAK;AAAA,IACrB,IAAK,IAAI,KAAM;AAAA,IACf,KAAK,IAAI;AAAA,IACT,IAAI,MAAM;AAAA,IACV,MAAM;AAAA,IACN,EAAE,KAAK;AAAA,IACP,EAAE,KAAK;AAAA,IACP,EAAE,KAAK;AAAA,IACP,EAAE,KAAK;AAAA,IACP,EAAE,KAAK;AAAA,IACP,EAAE,KAAK;AAAA,IACP,EAAE,KAAK;AAAA,IACP,EAAE,KAAK;AAAA,IACP,EAAE,KAAK;AAAA,IACP,EAAE,KAAK;AAAA;AAAA,EAEX,QAAQ,GAAG;AAAA,IACP,QAAQ,GAAG,QAAQ;AAAA,IACnB,MAAM,IAAI,IAAI,YAAY,EAAE;AAAA,IAC5B,IAAI,IAAI,EAAE,OAAO;AAAA,IACjB,EAAE,MAAM;AAAA,IACR,SAAS,IAAI,EAAG,IAAI,IAAI,KAAK;AAAA,MACzB,EAAE,MAAM;AAAA,MACR,IAAI,EAAE,OAAO;AAAA,MACb,EAAE,MAAM;AAAA,IACZ;AAAA,IACA,EAAE,MAAM,IAAI;AAAA,IACZ,IAAI,EAAE,OAAO;AAAA,IACb,EAAE,MAAM;AAAA,IACR,EAAE,MAAM;AAAA,IACR,IAAI,EAAE,OAAO;AAAA,IACb,EAAE,MAAM;AAAA,IACR,EAAE,MAAM;AAAA,IAGR,EAAE,KAAK,EAAE,KAAK;AAAA,IACd,IAAI,EAAE,OAAO;AAAA,IACb,EAAE,MAAM;AAAA,IACR,SAAS,IAAI,EAAG,IAAI,IAAI,KAAK;AAAA,MACzB,EAAE,KAAK,EAAE,KAAK;AAAA,MACd,IAAI,EAAE,OAAO;AAAA,MACb,EAAE,MAAM;AAAA,IACZ;AAAA,IACA,EAAE,MAAM,KAAK;AAAA,IACb,IAAI,QAAQ,IAAI,KAAK;AAAA,IACrB,SAAS,IAAI,EAAG,IAAI,IAAI;AAAA,MACpB,EAAE,MAAM;AAAA,IACZ,OAAO,CAAC;AAAA,IACR,SAAS,IAAI,EAAG,IAAI,IAAI;AAAA,MACpB,EAAE,KAAM,EAAE,KAAK,OAAQ,EAAE;AAAA,IAC7B,EAAE,MAAM,EAAE,KAAM,EAAE,MAAM,MAAO;AAAA,IAC/B,EAAE,MAAO,EAAE,OAAO,IAAM,EAAE,MAAM,MAAO;AAAA,IACvC,EAAE,MAAO,EAAE,OAAO,IAAM,EAAE,MAAM,KAAM;AAAA,IACtC,EAAE,MAAO,EAAE,OAAO,IAAM,EAAE,MAAM,KAAM;AAAA,IACtC,EAAE,MAAO,EAAE,OAAO,KAAO,EAAE,MAAM,IAAM,EAAE,MAAM,MAAO;AAAA,IACtD,EAAE,MAAO,EAAE,OAAO,IAAM,EAAE,MAAM,MAAO;AAAA,IACvC,EAAE,MAAO,EAAE,OAAO,IAAM,EAAE,MAAM,KAAM;AAAA,IACtC,EAAE,MAAO,EAAE,OAAO,IAAM,EAAE,MAAM,KAAM;AAAA,IACtC,IAAI,IAAI,EAAE,KAAK,IAAI;AAAA,IACnB,EAAE,KAAK,IAAI;AAAA,IACX,SAAS,IAAI,EAAG,IAAI,GAAG,KAAK;AAAA,MACxB,KAAO,EAAE,KAAK,IAAI,KAAM,MAAM,MAAM,MAAO;AAAA,MAC3C,EAAE,KAAK,IAAI;AAAA,IACf;AAAA,IACA,MAAM,CAAC;AAAA;AAAA,EAEX,MAAM,CAAC,MAAM;AAAA,IACT,QAAQ,IAAI;AAAA,IACZ,OAAO,IAAI;AAAA,IACX,OAAO,UAAU,IAAI;AAAA,IACrB,QAAQ,QAAQ,aAAa;AAAA,IAC7B,MAAM,MAAM,KAAK;AAAA,IACjB,SAAS,MAAM,EAAG,MAAM,OAAM;AAAA,MAC1B,MAAM,OAAO,KAAK,IAAI,WAAW,KAAK,KAAK,MAAM,GAAG;AAAA,MAEpD,IAAI,SAAS,UAAU;AAAA,QACnB,MAAO,YAAY,MAAM,KAAK,OAAO;AAAA,UACjC,KAAK,QAAQ,MAAM,GAAG;AAAA,QAC1B;AAAA,MACJ;AAAA,MACA,OAAO,IAAI,KAAK,SAAS,KAAK,MAAM,IAAI,GAAG,KAAK,GAAG;AAAA,MACnD,KAAK,OAAO;AAAA,MACZ,OAAO;AAAA,MACP,IAAI,KAAK,QAAQ,UAAU;AAAA,QACvB,KAAK,QAAQ,QAAQ,GAAG,KAAK;AAAA,QAC7B,KAAK,MAAM;AAAA,MACf;AAAA,IACJ;AAAA,IACA,OAAO;AAAA;AAAA,EAEX,OAAO,GAAG;AAAA,IAEN,KAAK,YAAY;AAAA,IACjB,MAAM,KAAK,GAAG,KAAK,GAAG,KAAK,QAAQ,KAAK,GAAG;AAAA;AAAA,EAE/C,UAAU,CAAC,KAAK;AAAA,IACZ,QAAQ,IAAI;AAAA,IACZ,QAAQ,KAAK,IAAI;AAAA,IACjB,KAAK,WAAW;AAAA,IAChB,QAAQ,QAAQ,MAAM;AAAA,IACtB,MAAM,QAAQ;AAAA,IACd,IAAI,KAAK;AAAA,MAIL,OAAO,SAAS;AAAA,MAChB,MAAO,MAAM,IAAI;AAAA,QACb,OAAO,OAAO;AAAA,MAClB,KAAK,QAAQ,QAAQ,GAAG,IAAI;AAAA,IAChC;AAAA,IACA,KAAK,SAAS;AAAA,IACd,IAAI,OAAO;AAAA,IACX,SAAS,IAAI,EAAG,IAAI,GAAG,KAAK;AAAA,MACxB,IAAI,UAAU,EAAE,OAAO;AAAA,MACvB,IAAI,UAAU,EAAE,OAAO;AAAA,IAC3B;AAAA;AAAA,EAEJ,MAAM,GAAG;AAAA,IACL,QAAQ,QAAQ,cAAc;AAAA,IAC9B,KAAK,WAAW,MAAM;AAAA,IAEtB,MAAM,MAAM,OAAO,MAAM,GAAG,SAAS;AAAA,IACrC,KAAK,QAAQ;AAAA,IACb,OAAO;AAAA;AAEf;AAgBO,IAAM,2BAA2B,mBAAmB,IAAI,CAAC,QAAQ,IAAI,SAAS,GAAG,CAAC;;;AC7QzF,SAAS,UAAU,CAAC,GAAG,GAAG,GAAG,KAAK,KAAK,SAAS,IAAI;AAAA,EAChD,IAAI,MAAM,EAAE,IAAI,MAAM,EAAE,IAAI,MAAM,EAAE,IAAI,MAAM,EAAE,IAChD,MAAM,EAAE,IAAI,MAAM,EAAE,IAAI,MAAM,EAAE,IAAI,MAAM,EAAE,IAC5C,MAAM,EAAE,IAAI,MAAM,EAAE,IAAI,MAAM,EAAE,IAAI,MAAM,EAAE,IAC5C,MAAM,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,IAAI,MAAM,EAAE;AAAA,EAE3C,IAAI,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM,KAAK,MAAM;AAAA,EAC/K,SAAS,IAAI,EAAG,IAAI,QAAQ,KAAK,GAAG;AAAA,IAChC,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,EAC3B;AAAA,EAEA,IAAI,KAAK;AAAA,EACT,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA,EAC1B,IAAI,QAAS,MAAM,MAAO;AAAA;AAuBvB,SAAS,OAAO,CAAC,GAAG,GAAG,GAAG,KAAK;AAAA,EAClC,IAAI,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE,GAAG,MAAM,UAAU,EAAE,EAAE;AAAA,EACjX,SAAS,IAAI,EAAG,IAAI,IAAI,KAAK,GAAG;AAAA,IAC5B,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,EAAE;AAAA,IACxB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,IACvB,MAAO,MAAM,MAAO;AAAA,IACpB,MAAM,KAAK,MAAM,KAAK,CAAC;AAAA,EAC3B;AAAA,EAEA,IAAI,KAAK;AAAA,EACT,IAAI,QAAQ;AAAA,EACZ,IAAI,QAAQ;AAAA,EACZ,IAAI,QAAQ;AAAA,EACZ,IAAI,QAAQ;AAAA,EACZ,IAAI,QAAQ;AAAA,EACZ,IAAI,QAAQ;AAAA,EACZ,IAAI,QAAQ;AAAA,EACZ,IAAI,QAAQ;AAAA,EACZ,WAAW,GAAG;AAAA;AA6EX,IAAM,4BAA4B,aAAa,YAAY;AAAA,EAC9D,cAAc;AAAA,EACd,eAAe;AAAA,EACf,eAAe;AAAA,EACf,gBAAgB;AACpB,CAAC;AAoDD,IAAM,0BAA0B,IAAI,WAAW,EAAE;AAEjD,IAAM,eAAe,CAAC,GAAG,QAAQ;AAAA,EAC7B,EAAE,OAAO,GAAG;AAAA,EACZ,MAAM,WAAW,IAAI,SAAS;AAAA,EAC9B,IAAI;AAAA,IACA,EAAE,OAAO,QAAQ,SAAS,QAAQ,CAAC;AAAA;AAI3C,IAAM,0BAA0B,IAAI,WAAW,EAAE;AACjD,SAAS,UAAU,CAAC,IAAI,KAAK,OAAO,YAAY,KAAK;AAAA,EACjD,IAAI,QAAQ;AAAA,IACR,OAAO,KAAK,WAAW,KAAK;AAAA,EAGhC,MAAM,UAAU,GAAG,KAAK,OAAO,OAAO;AAAA,EACtC,MAAM,UAAU,WAAW,WAAW,QAAQ,MAAM,IAAI,SAAS,GAAG,IAAI;AAAA,EAGxE,MAAM,IAAI,SAAS,OAAO,OAAO;AAAA,EACjC,IAAI;AAAA,IACA,aAAa,GAAG,GAAG;AAAA,EACvB,aAAa,GAAG,UAAU;AAAA,EAC1B,EAAE,OAAO,OAAO;AAAA,EAChB,MAAM,MAAM,EAAE,OAAO;AAAA,EACrB,MAAM,SAAS,OAAO;AAAA,EACtB,OAAO;AAAA;AASJ,IAAM,iBAAiB,CAAC,cAAc,CAAC,KAAK,OAAO,QAAQ;AAAA,EAG9D,MAAM,YAAY;AAAA,EAClB,OAAO;AAAA,IACH,OAAO,CAAC,WAAW,QAAQ;AAAA,MACvB,MAAM,UAAU,UAAU;AAAA,MAC1B,SAAS,UAAU,UAAU,WAAW,QAAQ,KAAK;AAAA,MACrD,OAAO,IAAI,SAAS;AAAA,MACpB,MAAM,SAAS,OAAO,SAAS,GAAG,CAAC,SAAS;AAAA,MAE5C,UAAU,KAAK,OAAO,QAAQ,QAAQ,CAAC;AAAA,MACvC,MAAM,MAAM,WAAW,WAAW,KAAK,OAAO,QAAQ,GAAG;AAAA,MACzD,OAAO,IAAI,KAAK,OAAO;AAAA,MACvB,MAAM,GAAG;AAAA,MACT,OAAO;AAAA;AAAA,IAEX,OAAO,CAAC,YAAY,QAAQ;AAAA,MACxB,SAAS,UAAU,WAAW,SAAS,WAAW,QAAQ,KAAK;AAAA,MAC/D,MAAM,OAAO,WAAW,SAAS,GAAG,CAAC,SAAS;AAAA,MAC9C,MAAM,YAAY,WAAW,SAAS,CAAC,SAAS;AAAA,MAChD,MAAM,MAAM,WAAW,WAAW,KAAK,OAAO,MAAM,GAAG;AAAA,MAGvD,IAAI,CAAC,WAAW,WAAW,GAAG,GAAG;AAAA,QAC7B,MAAM,GAAG;AAAA,QACT,MAAM,IAAI,MAAM,aAAa;AAAA,MACjC;AAAA,MACA,OAAO,IAAI,WAAW,SAAS,GAAG,CAAC,SAAS,CAAC;AAAA,MAE7C,UAAU,KAAK,OAAO,QAAQ,QAAQ,CAAC;AAAA,MACvC,MAAM,GAAG;AAAA,MACT,OAAO;AAAA;AAAA,EAEf;AAAA;AA8CG,IAAM,oCAAoC,WAAW,EAAE,WAAW,IAAI,aAAa,IAAI,WAAW,GAAG,mBAC5F,eAAe,SAAS,CAAC;;;AC9fzC,IAAM,YAAY;AAClB,IAAM,UAAU;AAChB,IAAM,cAAc;AACpB,IAAM,mBAAmB,cAAc,YAAY;AAAA;AAK5C,MAAM,kBAAkB,MAAM;AAAA,EACnC,WAAW,CAAC,SAAiB;AAAA,IAC3B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEhB;AAoBO,SAAS,SAAS,CAAC,WAAuB,KAAiB,MAA+B;AAAA,EAC/F,IAAI,IAAI,WAAW,IAAI;AAAA,IACrB,MAAM,IAAI,MAAM,uDAAsD;AAAA,EACxE;AAAA,EACA,MAAM,UAAU,KAAK,WAAW;AAAA,EAChC,IAAI,UAAU,KAAK,UAAU,KAAK;AAAA,IAChC,MAAM,IAAI,MAAM,mDAAmD,SAAS;AAAA,EAC9E;AAAA,EACA,MAAM,QAAQ,YAAY,SAAS;AAAA,EACnC,MAAM,aAAa,kBAAkB,KAAK,OAAO,KAAK,GAAiB,EAAE,QAAQ,SAAS;AAAA,EAC1F,MAAM,OAAO,IAAI,WAAW,cAAc,YAAY,WAAW,MAAM;AAAA,EACvE,KAAK,KAAK;AAAA,EACV,KAAK,IAAI,OAAO,WAAW;AAAA,EAC3B,KAAK,IAAI,YAAY,cAAc,SAAS;AAAA,EAC5C,OAAO;AAAA;AAIF,SAAS,SAAS,CAAC,UAAsB,KAAiB,MAA+B;AAAA,EAC9F,IAAI,IAAI,WAAW,IAAI;AAAA,IACrB,MAAM,IAAI,MAAM,uDAAsD;AAAA,EACxE;AAAA,EACA,IAAI,SAAS,SAAS,kBAAkB;AAAA,IACtC,MAAM,IAAI,UAAU,oBAAoB;AAAA,EAC1C;AAAA,EACA,MAAM,kBAAkB,KAAK,WAAW;AAAA,EACxC,IAAI,SAAS,OAAO,iBAAiB;AAAA,IACnC,MAAM,IAAI,UAAU,iCAAiC,SAAS,IAAI;AAAA,EACpE;AAAA,EACA,MAAM,QAAQ,SAAS,SAAS,aAAa,cAAc,SAAS;AAAA,EACpE,MAAM,aAAa,SAAS,SAAS,cAAc,SAAS;AAAA,EAC5D,IAAI;AAAA,IACF,OAAO,kBAAkB,KAAK,OAAO,KAAK,GAAiB,EAAE,QAAQ,UAAU;AAAA,IAC/E,MAAM;AAAA,IACN,MAAM,IAAI,UAAU,8BAA8B;AAAA;AAAA;;;ACvFtD,IAAM,QAAQ,IAAI;AAElB,IAAM,gBAAgB;AAEtB,IAAM,aAAa,MAAM,OAAO,sBAAoB;AAQ7C,SAAS,UAAU,CAAC,WAAkD;AAAA,EAC3E,IAAI,CAAC,WAAW;AAAA,IACd,MAAM,QAAO,MAAM,OAAO,eAAa;AAAA,IACvC,OAAO,aAAY,YAAY,KAAI;AAAA,EACrC;AAAA,EACA,MAAM,SAAS,MAAM,OAAO,SAAS;AAAA,EACrC,MAAM,OAAO,IAAI,WAAW,IAAI,OAAO,MAAM;AAAA,EAC7C,KAAK,KAAK;AAAA,EACV,KAAK,IAAI,QAAQ,CAAC;AAAA,EAClB,OAAO,aAAY,YAAY,IAAI;AAAA;AAO9B,SAAS,aAAa,CAAC,OAA2B;AAAA,EACvD,IAAI,IAAI;AAAA,EACR,SAAS,IAAI,EAAG,IAAI,MAAM,QAAQ,KAAK,OAAQ;AAAA,IAC7C,KAAK,OAAO,aAAa,GAAG,MAAM,SAAS,GAAG,IAAI,KAAM,CAAC;AAAA,EAC3D;AAAA,EACA,OAAO,KAAK,CAAC;AAAA;AAGR,SAAS,aAAa,CAAC,KAAyB;AAAA,EACrD,MAAM,MAAM,KAAK,GAAG;AAAA,EACpB,MAAM,MAAM,IAAI,WAAW,IAAI,MAAM;AAAA,EACrC,SAAS,IAAI,EAAG,IAAI,IAAI,QAAQ;AAAA,IAAK,IAAI,KAAK,IAAI,WAAW,CAAC;AAAA,EAC9D,OAAO;AAAA;AAMT,SAAS,UAAU,CAAC,MAAgB,QAAgB,OAAqB;AAAA,EACvE,KAAK,UAAU,QAAQ,OAA0B,IAAI;AAAA;AAGvD,SAAS,UAAU,CAAC,MAAgB,QAAgB,OAAqB;AAAA,EACvE,KAAK,aAAa,QAAQ,OAA0B,IAAI;AAAA;AAG1D,SAAS,SAAS,CAAC,MAAgB,QAAwB;AAAA,EACzD,OAAO,KAAK,UAAU,QAA2B,IAAI;AAAA;AAGvD,SAAS,SAAS,CAAC,MAAgB,QAAwB;AAAA,EACzD,OAAO,KAAK,aAAa,QAA2B,IAAI;AAAA;AAG1D,SAAS,YAAW,IAAI,OAAiC;AAAA,EACvD,IAAI,QAAQ;AAAA,EACZ,WAAW,KAAK;AAAA,IAAO,SAAS,EAAE;AAAA,EAClC,MAAM,MAAM,IAAI,WAAW,KAAK;AAAA,EAChC,IAAI,SAAS;AAAA,EACb,WAAW,KAAK,OAAO;AAAA,IACrB,IAAI,IAAI,GAAG,MAAM;AAAA,IACjB,UAAU,EAAE;AAAA,EACd;AAAA,EACA,OAAO;AAAA;AA0BF,SAAS,cAAc,CAC5B,YACA,aACA,kBACA,UACA,WACA,WACQ;AAAA,EACR,IAAI,SAAS,WAAW,IAAI;AAAA,IAC1B,MAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AAAA,EACA,MAAM,MAAM,aAAa,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,EAErD,MAAM,eAAe,IAAI,IAAI,WAAW,SAAS,IAAI,YAAY,SAAS,IAAI,iBAAiB;AAAA,EAC/F,MAAM,YAAY,IAAI,WAAW,YAAY;AAAA,EAC7C,MAAM,OAAO,IAAI,SAAS,UAAU,MAAM;AAAA,EAC1C,IAAI,SAAS;AAAA,EAEb,WAAW,MAAM,QAAQ,OAAO,GAAG,CAAC;AAAA,EACpC,UAAU;AAAA,EAEV,WAAW,MAAM,QAAQ,WAAW,MAAM;AAAA,EAC1C,UAAU;AAAA,EACV,UAAU,IAAI,YAAY,MAAM;AAAA,EAChC,UAAU,WAAW;AAAA,EAErB,WAAW,MAAM,QAAQ,YAAY,MAAM;AAAA,EAC3C,UAAU;AAAA,EACV,UAAU,IAAI,aAAa,MAAM;AAAA,EACjC,UAAU,YAAY;AAAA,EAEtB,WAAW,MAAM,QAAQ,iBAAiB,MAAM;AAAA,EAChD,UAAU;AAAA,EACV,UAAU,IAAI,kBAAkB,MAAM;AAAA,EAEtC,MAAM,OAAO,UAAU,WAAW,UAAU,EAAE,KAAK,WAAW,SAAS,GAAG,SAAS,cAAc,CAAC;AAAA,EAClG,OAAO,cAAc,IAAI;AAAA;AAwBpB,SAAS,gBAAgB,CAC9B,aACA,UACA,UACA,WACe;AAAA,EACf,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,MAAM,cAAc,WAAW;AAAA,IAC/B,MAAM;AAAA,IACN,MAAM,IAAI,MAAM,uBAAuB;AAAA;AAAA,EAIzC,IAAI,IAAI,UAAU,KAAK,IAAI,OAAO,eAAe;AAAA,IAC/C,MAAM,IAAI,MAAM,oCAAoC,IAAI,IAAI;AAAA,EAC9D;AAAA,EACA,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,YAAY,UAAU,KAAK,UAAU,EAAE,KAAK,WAAW,SAAS,GAAG,SAAS,cAAc,CAAC;AAAA,IAC3F,OAAO,MAAK;AAAA,IACZ,IAAI,gBAAe,WAAW;AAAA,MAC5B,MAAM,IAAI,MAAM,2CAA2C;AAAA,IAC7D;AAAA,IACA,MAAM;AAAA;AAAA,EAER,IAAI,UAAU,SAAS,GAAG;AAAA,IACxB,MAAM,IAAI,MAAM,uBAAuB;AAAA,EACzC;AAAA,EAMA,MAAM,OAAO,IAAI,SAAS,UAAU,QAAQ,UAAU,YAAY,UAAU,UAAU;AAAA,EACtF,IAAI,SAAS;AAAA,EACb,MAAM,cAAc,CAAC,OAAe,QAAgB;AAAA,IAClD,MAAM,MAAM,IAAI,WAAW,GAAG;AAAA,IAC9B,IAAI,IAAI,UAAU,SAAS,OAAO,QAAQ,GAAG,CAAC;AAAA,IAC9C,OAAO;AAAA;AAAA,EAGT,MAAM,YAAY,OAAO,UAAU,MAAM,MAAM,CAAC;AAAA,EAChD,UAAU;AAAA,EAEV,IAAI,WAAW,GAAG;AAAA,IAChB,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,IACxC,IAAI,MAAM,YAAY,UAAU;AAAA,MAC9B,MAAM,IAAI,MAAM,qBAAqB;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,UAAU,MAAM,MAAM;AAAA,EACvC,UAAU;AAAA,EACV,IAAI,SAAS,WAAW,UAAU,QAAQ;AAAA,IACxC,MAAM,IAAI,MAAM,+BAA+B;AAAA,EACjD;AAAA,EACA,MAAM,aAAa,YAAY,QAAQ,QAAQ;AAAA,EAC/C,UAAU;AAAA,EAEV,MAAM,YAAY,UAAU,MAAM,MAAM;AAAA,EACxC,UAAU;AAAA,EACV,IAAI,SAAS,YAAY,UAAU,QAAQ;AAAA,IACzC,MAAM,IAAI,MAAM,gCAAgC;AAAA,EAClD;AAAA,EACA,MAAM,cAAc,YAAY,QAAQ,SAAS;AAAA,EACjD,UAAU;AAAA,EAEV,MAAM,iBAAiB,UAAU,MAAM,MAAM;AAAA,EAC7C,UAAU;AAAA,EACV,IAAI,SAAS,iBAAiB,UAAU,QAAQ;AAAA,IAC9C,MAAM,IAAI,MAAM,sCAAsC;AAAA,EACxD;AAAA,EACA,MAAM,mBAAmB,YAAY,QAAQ,cAAc;AAAA,EAE3D,OAAO,EAAE,YAAY,aAAa,kBAAkB,UAAU;AAAA;;;AC9MhE,eAAe,kBAAiB,CAAC,OAAuC;AAAA,EACtE,OAAO,kBAAwB,KAAK;AAAA;AAGtC,IAAM,eAAe,OAAW,CAAC,CAAC;AAgClC,SAAS,uBAAuB,CAAC,OAAiB,QAAoD;AAAA,EACpG,IAAI,CAAC,QAAQ;AAAA,IAAS,OAAO;AAAA,EAC7B,IAAI,MAAM,YAAY;AAAA,IAAG,OAAO;AAAA,EAIhC,MAAM,OAAQ,MAAc,MAAM,cAAc;AAAA,EAChD,MAAM,YAAY,OAAO,6BAA6B;AAAA,EACtD,IAAI,OAAO;AAAA,IAAW,OAAO;AAAA,EAC7B,OAAO;AAAA;AAMT,SAAS,oBAAoB,CAAC,SAAmB,OAAc,KAAgC;AAAA,EAC7F,MAAM,WAAW,gBAAgB,SAAQ,OAAO,IAAI,UAAU,IAAI;AAAA,EAClE,MAAM,WAAW,cAAc,mBAAmB,SAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG;AAAA,EACzE,SAAiB,kBAAkB;AAAA,EACpC,OAAO;AAAA;AAIT,eAAsB,oBAAoB,CACxC,cACA,SACA,UACA,iBACmB;AAAA,EACnB,QAAQ,UAAU,MAAM,mBAAmB,cAAc,SAAS,UAAU,eAAe;AAAA,EAC3F,MAAM,OAAO,mBAAmB,iBAAiB,CAAC,KAAK,CAAC;AAAA,EACxD,OAAO,cAAc,IAAI;AAAA;AAI3B,eAAsB,iBAAiB,CACrC,QACA,MACA,KACmB;AAAA,EACnB,MAAM,UAAS,OAAO;AAAA,EACtB,QAAQ,QAAQ,WAAW,OAAO,gBAAgB,MAAM,oBAAoB,IAAI;AAAA,EAMhF,IAAI,WAAW;AAAA,EACf,IAAI,kBAAkB;AAAA,EACtB,IAAI,IAAI,oBAAoB,wBAAwB,WAAW,GAAG;AAAA,IAChE,MAAM,WAAW,MAAM,wBAAwB,aAAa,IAAI,gBAAgB;AAAA,IAChF,MAAM,aAAa,IAAI,IAAoB,SAAS,YAAY,CAAC,CAAC;AAAA,IAClE,YAAY,GAAG,MAAM,YAAY,YAAY,CAAC,GAAG;AAAA,MAG/C,WAAW,IAAI,GAAG,CAAC;AAAA,IACrB;AAAA,IACA,WAAW,kBAAkB,UAAU,UAAU;AAAA,IACjD,kBAAkB,SAAS;AAAA,EAC7B;AAAA,EAEA,MAAM,SAAS,aAAa,iBAAiB,QAAQ;AAAA,EAErD,IAAI,OAAO,eAAe,OAAO,MAAM;AAAA,IACrC,MAAM,IAAI,aAAa,2BAA2B,OAAO,mCAAmC,OAAO,SAAS,GAAG;AAAA,EACjH;AAAA,EAEA,cAAc,OAAO,QAAQ,OAAO,QAAQ;AAAA,EAE5C,MAAM,yBAAyB,CAAC,CAAC,IAAI,kBAAkB;AAAA,EACvD,MAAM,MAAM,IAAI,gBACd,SACA,MACA,IAAI,UACJ,OAAO,WACP,IAAI,aACJ,IAAI,SACJ,IAAI,2BACJ;AAAA,IAGE,wBAAwB,IAAI;AAAA,IAC5B,oCAAoC,yBAAyB,IAAI,+BAA+B;AAAA,IAChG;AAAA,EACF,CACF;AAAA,EACA,IAAI,iBAAiB;AAAA,EACrB,IAAI,IAAI;AAAA,IAAe,IAAI,oBAAoB,IAAI,aAAa;AAAA,EAEhE,IAAI;AAAA,IACF,MAAM,SAAS,MAAM,OAAO,QAAS,OAAO,QAAQ,GAAG;AAAA,IACvD,IAAI,cAAc,iBAAiB,SAAQ,QAAQ,IAAI,UAAU,OAAO,SAAS;AAAA,IACjF,IAAI,IAAI,kBAAkB;AAAA,MAIxB,MAAM,YAAY,wBAAwB,aAAa,IAAI,gBAAgB;AAAA,MAC3E,IAAI,IAAI,gCAAgC,QAAQ,YAAY,IAAI,8BAA8B;AAAA,QAC5F,MAAM,YAAY,IAAI,MACpB,iEAAiE,eAAe,IAAI,6CAA6C,OAAO,OAC1I;AAAA,QACA,UAAU,OAAO;AAAA,QACjB,MAAM,YAAW,qBAAqB,SAAQ,WAAW,GAAG;AAAA,QAC5D,oBAAoB,UAAS,SAAS,IAAI,qBAAqB,CAAC;AAAA,QAChE,OAAO;AAAA,MACT;AAAA,MACA,cAAc,MAAM,sBAAsB,aAAa,IAAI,gBAAgB;AAAA,IAC7E;AAAA,IACA,MAAM,UAAU,CAAC,GAAG,IAAI,QAAQ,IAAI,CAAC,MAAM,EAAE,KAAK,GAAG,WAAW;AAAA,IAChE,MAAM,QAAO,mBAAmB,SAAQ,OAAO;AAAA,IAG/C,IAAI,IAAI,oBAAoB,QAAQ,MAAK,aAAa,IAAI,kBAAkB;AAAA,MAC1E,MAAM,YAAY,IAAI,MACpB,yCAAyC,MAAK,gBAAgB,IAAI,iCAAiC,OAAO,OAC5G;AAAA,MACA,UAAU,OAAO;AAAA,MACjB,MAAM,YAAW,qBAAqB,SAAQ,WAAW,GAAG;AAAA,MAC5D,oBAAoB,UAAS,SAAS,IAAI,qBAAqB,CAAC;AAAA,MAChE,OAAO;AAAA,IACT;AAAA,IACA,MAAM,WAAW,cAAc,KAAI;AAAA,IACnC,oBAAoB,SAAS,SAAS,IAAI,qBAAqB,CAAC;AAAA,IAChE,OAAO;AAAA,IACP,OAAO,OAAY;AAAA,IACnB,MAAM,WAAW,gBAAgB,SAAQ,OAAO,IAAI,UAAU,OAAO,SAAS;AAAA,IAC9E,MAAM,WAAW,cAAc,mBAAmB,SAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG;AAAA,IAG1E,oBAAoB,SAAS,SAAS,IAAI,qBAAqB,CAAC;AAAA,IAE/D,SAAiB,kBAAkB;AAAA,IACpC,OAAO;AAAA;AAAA;AAKX,eAAsB,sBAAsB,CAC1C,QACA,MACA,KACmB;AAAA,EACnB,MAAM,aAAa,CAAC,CAAC,OAAO;AAAA,EAC5B,MAAM,eAAe,OAAO;AAAA,EAC5B,MAAM,cAAc,OAAO,eAAe;AAAA,EAE1C,QAAQ,QAAQ,WAAW,OAAO,aAAa,MAAM,oBAAoB,IAAI;AAAA,EAC7E,MAAM,SAAS,aAAa,WAAW,QAAQ;AAAA,EAE/C,IAAI,OAAO,eAAe,OAAO,MAAM;AAAA,IACrC,MAAM,IAAI,aAAa,2BAA2B,OAAO,mCAAmC,OAAO,SAAS,GAAG;AAAA,EACjH;AAAA,EAEA,cAAc,OAAO,QAAQ,OAAO,QAAQ;AAAA,EAG5C,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,IAAI,YAAY;AAAA,MACd,QAAQ,MAAM,OAAO,aAAc,OAAO,MAAM;AAAA,IAClD,EAAO;AAAA,MACL,QAAQ,MAAM,OAAO,aAAc,OAAO,MAAM;AAAA;AAAA,IAElD,OAAO,OAAY;AAAA,IACnB,MAAM,YAAY,OAAO,gBAAgB;AAAA,IACzC,MAAM,WAAW,gBAAgB,WAAW,OAAO,IAAI,UAAU,OAAO,SAAS;AAAA,IACjF,MAAM,WAAW,cAAc,mBAAmB,WAAW,CAAC,QAAQ,CAAC,GAAG,GAAG;AAAA,IAC5E,SAAiB,kBAAkB;AAAA,IACpC,OAAO;AAAA;AAAA,EAIT,MAAM,uBAAuB,OAAO,kBAAkB;AAAA,EAMtD,MAAM,sBAAsB,OAAO,iBAAiB;AAAA,EACpD,MAAM,oBAAoB,OAAO,gBAAgB;AAAA,EAGjD,IAAI,cAAiC;AAAA,EACrC,IAAI,OAAO,gBAAgB,OAAO,YAAY;AAAA,IAC5C,IAAI;AAAA,MACF,MAAM,YAAY,IAAI,gBACpB,OAAO,cACP,MACA,IAAI,UACJ,OAAO,WACP,IAAI,aACJ,IAAI,SACJ,IAAI,yBACN;AAAA,MACA,MAAM,eAAe,OAAO,WAAW,OAAO,QAAQ,OAAO,SAAS;AAAA,MACtE,MAAM,cAAc,iBAAiB,OAAO,cAAc,cAAc,IAAI,UAAU,OAAO,SAAS;AAAA,MACtG,MAAM,gBAAgB,CAAC,GAAG,UAAU,QAAQ,IAAI,CAAC,MAAM,EAAE,KAAK,GAAG,WAAW;AAAA,MAC5E,cAAc,mBAAmB,OAAO,cAAc,aAAa;AAAA,MACnE,OAAO,OAAY;AAAA,MACnB,MAAM,WAAW,gBAAgB,OAAO,cAAc,OAAO,IAAI,UAAU,OAAO,SAAS;AAAA,MAC3F,MAAM,WAAW,cAAc,mBAAmB,OAAO,cAAc,CAAC,QAAQ,CAAC,GAAG,GAAG;AAAA,MACtF,SAAiB,kBAAkB;AAAA,MACpC,OAAO;AAAA;AAAA,EAEX;AAAA,EAEA,IAAI,mBAAmB;AAAA,IAIrB,OAAO,sBACL,QACA,OACA,sBACA,qBACA,KACA,OAAO,WACP,WACF;AAAA,EACF,EAAO;AAAA,IAEL,MAAM,aAAa,IAAI,gBAAgB,UAAU,KAAK;AAAA,IACtD,MAAM,cAAc,iBAAgB,oBAAoB;AAAA,IACxD,MAAM,mBAAmB,iBAAgB,mBAAmB;AAAA,IAC5D,MAAM,QAAQ,eAAe,YAAY,aAAa,kBAAkB,IAAI,UAAU,IAAI,aAAa,SAAS;AAAA,IAEhH,MAAM,YAAY,IAAI;AAAA,IACtB,UAAU,IAAI,WAAW,KAAK;AAAA,IAC9B,MAAM,aAAa,gBAAgB,sBAAsB,SAAS;AAAA,IAClE,MAAM,mBAAmB,mBAAmB,sBAAsB,CAAC,UAAU,CAAC;AAAA,IAE9E,IAAI;AAAA,IACJ,IAAI,aAAa;AAAA,MACf,eAAe,aAAY,aAAa,gBAAgB;AAAA,IAC1D,EAAO;AAAA,MACL,eAAe;AAAA;AAAA,IAGjB,OAAO,cAAc,YAAY;AAAA;AAAA;AAKrC,eAAsB,0BAA0B,CAC9C,QACA,MACA,KACmB;AAAA,EACnB,MAAM,aAAa,CAAC,CAAC,OAAO;AAAA,EAE5B,QAAQ,OAAO,aAAa,MAAM,oBAAoB,IAAI;AAAA,EAG1D,MAAM,cAAc,SAAS,UAAU,IAAI,SAAS;AAAA,EACpD,IAAI,CAAC,aAAa;AAAA,IAChB,MAAM,IAAI,aAAa,2CAA2C,GAAG;AAAA,EACvE;AAAA,EAKA,MAAM,YAAY,SAAS,UAAU,IAAI,UAAU,KAAK;AAAA,EAKxD,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,WAAW,iBAAiB,aAAa,IAAI,UAAU,IAAI,UAAU,IAAI,aAAa,SAAS;AAAA,IAC/F,OAAO,OAAY;AAAA,IACnB,MAAM,IAAI,aAAa,wBAAwB,MAAM,WAAW,GAAG;AAAA;AAAA,EAGrE,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,QAAQ,IAAI,gBAAgB,YAAY,SAAS,UAAU;AAAA,IAC3D,OAAO,OAAY;AAAA,IACnB,QAAQ,MAAM,yDAAyD,MAAM,OAAO;AAAA,IACpF,MAAM,IAAI,aAAa,iCAAiC,MAAM,WAAW,GAAG;AAAA;AAAA,EAK9E,IAAI;AAAA,EACJ,IAAI,SAAS,YAAY,SAAS,GAAG;AAAA,IACnC,eAAe,MAAM,mBAAkB,SAAS,WAAW;AAAA,EAC7D,EAAO;AAAA,IACL,eAAe,OAAO,kBAAkB,OAAO;AAAA;AAAA,EAEjD,IAAI;AAAA,EACJ,IAAI,SAAS,iBAAiB,SAAS,GAAG;AAAA,IACxC,cAAc,MAAM,mBAAkB,SAAS,gBAAgB;AAAA,EACjE,EAAO;AAAA,IAKL,cAAc,OAAO,iBAAiB,OAAO,eAAe;AAAA;AAAA,EAE9D,MAAM,oBAAoB,OAAO,gBAAgB;AAAA,EACjD,IAAI,QAAQ,IAAI;AAAA,IACd,QAAQ,MACN,uCAAuC,OAAO,0BAA0B,+BAA+B,OAAO,KAAK,SAAS,CAAC,CAAC,GAChI;AAAA,EAEF,IAAI,WAAW;AAAA,IAIb,IAAI,OAAO,UAAU;AAAA,MACnB,IAAI;AAAA,QACF,MAAM,OAAO,SAAS,KAAK;AAAA,QAC3B,OAAO,MAAK;AAAA,QACZ,QAAQ,QAAQ,yBAAyB,gBAAe,QAAQ,KAAI,UAAU,MAAK;AAAA;AAAA,IAEvF;AAAA,IACA,OAAO,cAAc,mBAAmB,cAAc,CAAC,CAAC,CAAC;AAAA,EAC3D;AAAA,EAEA,IAAI,mBAAmB;AAAA,IAGrB,OAAO,sBAAsB,QAAQ,OAAO,cAAc,aAAa,KAAK,MAAM,IAAI;AAAA,EACxF,EAAO;AAAA,IAIL,MAAM,yBAAyB,CAAC,CAAC,IAAI,kBAAkB;AAAA,IACvD,MAAM,MAAM,IAAI,gBACd,cACA,mBACA,IAAI,UACJ,MACA,IAAI,aACJ,IAAI,SACJ,IAAI,2BACJ;AAAA,MAGE,wBAAwB,IAAI;AAAA,MAC5B,oCAAoC,yBAAyB,IAAI,+BAA+B;AAAA,MAChG;AAAA,IACF,CACF;AAAA,IACA,IAAI,IAAI;AAAA,MAAe,IAAI,oBAAoB,IAAI,aAAa;AAAA,IAShE,IAAI,iBAAiB;AAAA,IACrB,IAAI,CAAC,qBAAqB,gBAAgB,gBAAgB,SAAS,WAAW,aAAa;AAAA,MACzF,IAAI;AAAA,QACF,iBAAiB,qBAAqB,UAAU,WAAW;AAAA,QAC3D,OAAO,GAAG;AAAA,QAIV,IAAI,aAAa;AAAA,UAAW,MAAM;AAAA,QAClC,QAAQ,QAAQ,+BAA+B,aAAa,QAAQ,EAAE,UAAU,GAAG;AAAA;AAAA,IAEvF;AAAA,IAEA,IAAI;AAAA,MACF,IAAI,OAAO,YAAY;AAAA,QACrB,MAAM,OAAO,WAAW,OAAO,gBAAgB,GAAG;AAAA,MACpD,EAAO;AAAA,QACL,MAAM,OAAO,WAAY,OAAO,GAAG;AAAA;AAAA,MAErC,OAAO,OAAY;AAAA,MACnB,IAAI,QAAQ,IAAI;AAAA,QACd,QAAQ,MACN,wDACA,MAAM,SACN,MAAM,OAAO,MAAM;AAAA,CAAI,EAAE,MAAM,GAAG,CAAC,EAAE,KAAK;AAAA,CAAI,CAChD;AAAA,MACF,MAAM,WAAW,gBAAgB,cAAc,OAAO,IAAI,UAAU,IAAI;AAAA,MACxE,MAAM,WAAW,cAAc,mBAAmB,cAAc,CAAC,QAAQ,CAAC,GAAG,GAAG;AAAA,MAC/E,SAAiB,kBAAkB;AAAA,MACpC,OAAO;AAAA;AAAA,IAIT,MAAM,UAAsB,CAAC;AAAA,IAE7B,IAAI,IAAI,UAAU;AAAA,MAGhB,WAAW,WAAW,IAAI,SAAS;AAAA,QAGjC,IAAI,QAAQ,YAAY,QAAQ,SAAS,OAAO,GAAG;AAAA,UACjD,MAAM,KAAK,IAAI,IAAoB,QAAQ,MAAM,YAAY,CAAC,CAAC;AAAA,UAC/D,YAAY,GAAG,MAAM,QAAQ;AAAA,YAAU,GAAG,IAAI,GAAG,CAAC;AAAA,UAClD,QAAQ,KAAK,kBAAkB,QAAQ,OAAO,EAAE,CAAC;AAAA,QACnD,EAAO;AAAA,UACL,QAAQ,KAAK,QAAQ,KAAK;AAAA;AAAA,MAE9B;AAAA,IACF,EAAO;AAAA,MAEL,MAAM,aAAa,IAAI,gBAAgB,UAAU,KAAK;AAAA,MACtD,MAAM,cAAc,iBAAgB,YAAY;AAAA,MAChD,MAAM,mBAAmB,iBAAgB,WAAW;AAAA,MACpD,MAAM,QAAQ,eAAe,YAAY,aAAa,kBAAkB,IAAI,UAAU,IAAI,aAAa,SAAS;AAAA,MAEhH,WAAW,WAAW,IAAI,SAAS;AAAA,QACjC,MAAM,QAAQ,QAAQ;AAAA,QACtB,IAAI,MAAM,UAAU,GAAG;AAAA,UACrB,MAAM,aAAa,IAAI,IAAoB,MAAM,YAAY,CAAC,CAAC;AAAA,UAE/D,IAAI,QAAQ;AAAA,YAAU,YAAY,GAAG,MAAM,QAAQ;AAAA,cAAU,WAAW,IAAI,GAAG,CAAC;AAAA,UAChF,WAAW,IAAI,WAAW,KAAK;AAAA,UAC/B,QAAQ,KAAK,kBAAkB,OAAO,UAAU,CAAC;AAAA,QACnD,EAAO;AAAA,UACL,QAAQ,KAAK,KAAK;AAAA;AAAA,MAEtB;AAAA,MAKA,IAAI,CAAC,QAAQ,KAAK,CAAC,MAAM,EAAE,UAAU,IAAI,SAAS,CAAC,GAAG;AAAA,QACpD,MAAM,YAAY,IAAI;AAAA,QACtB,UAAU,IAAI,WAAW,KAAK;AAAA,QAC9B,QAAQ,KAAK,gBAAgB,cAAc,SAAS,CAAC;AAAA,MACvD;AAAA;AAAA,IAGF,MAAM,QAAO,mBAAmB,cAAc,OAAO;AAAA,IAGrD,IAAI,IAAI,oBAAoB,QAAQ,MAAK,aAAa,IAAI,kBAAkB;AAAA,MAC1E,MAAM,YAAY,IAAI,MACpB,yCAAyC,MAAK,gBAAgB,IAAI,iCAAiC,OAAO,OAC5G;AAAA,MACA,UAAU,OAAO;AAAA,MACjB,OAAO,qBAAqB,cAAc,WAAW,GAAG;AAAA,IAC1D;AAAA,IACA,OAAO,cAAc,KAAI;AAAA;AAAA;AAK7B,eAAe,qBAAqB,CAClC,QACA,OACA,cACA,aACA,KACA,WACA,aACmB;AAAA,EACnB,MAAM,aAAyB,CAAC;AAAA,EAKhC,MAAM,WAAW,IAAI,0BAA0B,IAAI;AAAA,EACnD,MAAM,mBAAmB,IAAI;AAAA,EAC7B,MAAM,yBAAyB,CAAC,CAAC,IAAI,kBAAkB;AAAA,EACvD,IAAI,iBAAiB;AAAA,EAGrB,IAAI,0BAA0B;AAAA,EAC9B,IAAI;AAAA,EAGJ,IAAI;AAAA,EAEJ,OAAO,MAAM;AAAA,IAEX,MAAM,gBAAgB,YAAY,OAAO,KAAK,IAAI,GAAG,WAAW,cAAc,IAAI;AAAA,IAClF,MAAM,oBACJ,0BAA0B,oBAAoB,OAC1C,KAAK,IAAI,GAAG,mBAAmB,uBAAuB,IACtD;AAAA,IAEN,MAAM,MAAM,IAAI,gBACd,cACA,MACA,IAAI,UACJ,WACA,IAAI,aACJ,IAAI,SACJ,IAAI,2BACJ;AAAA,MACE,wBAAwB;AAAA,MACxB,oCAAoC;AAAA,MACpC;AAAA,IACF,CACF;AAAA,IACA,IAAI,IAAI;AAAA,MAAe,IAAI,oBAAoB,IAAI,aAAa;AAAA,IAEhE,IAAI;AAAA,MACF,IAAI,OAAO,YAAY;AAAA,QACrB,MAAM,OAAO,WAAW,OAAO,GAAG;AAAA,MACpC,EAAO;AAAA,QAKL,MAAM,YAAY,gBAAgB,WAAW;AAAA,QAC7C,MAAM,OAAO,WAAY,OAAO,WAAW,GAAG;AAAA;AAAA,MAEhD,OAAO,OAAY;AAAA,MACnB,IAAI,QAAQ,IAAI;AAAA,QACd,QAAQ,MAAM,kCAAkC,MAAM,SAAS,MAAM,OAAO,MAAM;AAAA,CAAI,EAAE,MAAM,GAAG,CAAC,EAAE,KAAK;AAAA,CAAI,CAAC;AAAA,MAChH,WAAW,KAAK,gBAAgB,cAAc,OAAO,IAAI,UAAU,SAAS,CAAC;AAAA,MAC7E,gBAAgB,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,OAAO,KAAK,CAAC;AAAA,MACxE;AAAA;AAAA,IAGF,WAAW,WAAW,IAAI,SAAS;AAAA,MACjC,IAAI,QAAQ,QAAQ;AAAA,MAMpB,IAAI,0BAA0B,IAAI,kBAAkB;AAAA,QAClD,MAAM,YAAY,wBAAwB,OAAO,IAAI,gBAAgB;AAAA,QACrE,IAAI,YAAY,KAAK,oBAAoB,QAAQ,0BAA0B,YAAY,kBAAkB;AAAA,UACvG,oBAAoB,IAAI,MACtB,iEAAiE,0BAA0B,eAAe,iCAAiC,OAAO,OACpJ;AAAA,UACA,kBAAkB,OAAO;AAAA,UACzB;AAAA,QACF;AAAA,QACA,IAAI,YAAY,GAAG;AAAA,UACjB,QAAQ,MAAM,sBAAsB,OAAO,IAAI,gBAAgB;AAAA,UAC/D,2BAA2B;AAAA,QAC7B;AAAA,MACF;AAAA,MAGA,IAAI,QAAQ,YAAY,QAAQ,SAAS,OAAO,GAAG;AAAA,QACjD,MAAM,KAAK,IAAI,IAAoB,MAAM,YAAY,CAAC,CAAC;AAAA,QACvD,YAAY,GAAG,MAAM,QAAQ;AAAA,UAAU,GAAG,IAAI,GAAG,CAAC;AAAA,QAClD,QAAQ,kBAAkB,OAAO,EAAE;AAAA,MACrC;AAAA,MACA,WAAW,KAAK,KAAK;AAAA,MACrB,IAAI,YAAY,MAAM;AAAA,QAGpB,IAAI,KAAM,MAAc,MAAM,cAAc;AAAA,QAC5C,IAAI,OAAO,GAAG;AAAA,UAQZ,IAAI;AAAA,YACF,KAAK,eAAe,KAAK,EAAE;AAAA,YAC3B,MAAM;AAAA,YACN,KAAK;AAAA;AAAA,UAQP,IAAI,OAAO;AAAA,YAAG,KAAK;AAAA,QACrB;AAAA,QACA,kBAAkB;AAAA,MACpB;AAAA,IACF;AAAA,IAEA,IAAI,mBAAmB;AAAA,MAIrB,WAAW,SAAS;AAAA,MACpB,WAAW,KAAK,gBAAgB,cAAc,mBAAmB,IAAI,UAAU,SAAS,CAAC;AAAA,MACzF,gBAAgB;AAAA,MAChB;AAAA,IACF;AAAA,IAEA,IAAI,IAAI,UAAU;AAAA,MAChB;AAAA,IACF;AAAA,IAGA,IAAI,YAAY,QAAQ,kBAAkB,UAAU;AAAA,MAClD,MAAM,aAAa,IAAI,gBAAgB,UAAU,KAAK;AAAA,MACtD,MAAM,cAAc,iBAAgB,YAAY;AAAA,MAChD,MAAM,mBAAmB,iBAAgB,WAAW;AAAA,MACpD,MAAM,QAAQ,eAAe,YAAY,aAAa,kBAAkB,IAAI,UAAU,IAAI,aAAa,SAAS;AAAA,MAChH,MAAM,YAAY,IAAI;AAAA,MACtB,UAAU,IAAI,WAAW,KAAK;AAAA,MAC9B,WAAW,KAAK,gBAAgB,cAAc,SAAS,CAAC;AAAA,MACxD;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,YAAY,mBAAmB,cAAc,UAAU;AAAA,EAC7D,IAAI;AAAA,EACJ,IAAI,aAAa;AAAA,IACf,eAAe,aAAY,aAAa,SAAS;AAAA,EACnD,EAAO;AAAA,IACL,eAAe;AAAA;AAAA,EAOjB,MAAM,SAAS,oBAAoB,MAAM;AAAA,EACzC,MAAM,WAAW,cAAc,cAAc,MAAM;AAAA,EACnD,IAAI,eAAe;AAAA,IAChB,SAAiB,kBAAkB;AAAA,EACtC;AAAA,EACA,OAAO;AAAA;AAGT,SAAS,YAAW,IAAI,QAAkC;AAAA,EACxD,MAAM,WAAW,OAAO,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,QAAQ,CAAC;AAAA,EAC5D,MAAM,SAAS,IAAI,WAAW,QAAQ;AAAA,EACtC,IAAI,SAAS;AAAA,EACb,WAAW,OAAO,QAAQ;AAAA,IACxB,OAAO,IAAI,KAAK,MAAM;AAAA,IACtB,UAAU,IAAI;AAAA,EAChB;AAAA,EACA,OAAO;AAAA;;;AC9qBF,IAAM,WAAW;AAEjB,IAAM,QAAQ;AAAA;AAAA;AAId,IAAM,mBAAmB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAqBhC,SAAS,UAAU,CAAC,GAAmB;AAAA,EACrC,OAAO,EAAE,QAAQ,MAAM,OAAO,EAAE,QAAQ,MAAM,MAAM,EAAE,QAAQ,MAAM,MAAM,EAAE,QAAQ,MAAM,QAAQ;AAAA;AAGpG,SAAS,iBAAiB,CAAC,MAAuD;AAAA,EAChF,MAAM,KAAK,KAAK;AAAA,EAEhB,IAAI,OAAO;AAAA,IAAG,OAAO;AAAA,EACrB,IAAI,OAAO;AAAA,IAAG,OAAO;AAAA,EACrB,IAAI,OAAO;AAAA,IAAG,OAAO;AAAA,EACrB,IAAI,OAAO;AAAA,IAAG,OAAO;AAAA,EACrB,IAAI,OAAO;AAAA,IAAG,OAAO;AAAA,EACrB,IAAI,OAAO;AAAA,IAAI,OAAO;AAAA,EACtB,IAAI,OAAO;AAAA,IAAI,OAAO;AAAA,EACtB,IAAI,OAAO;AAAA,IAAI,OAAO;AAAA,EACtB,OAAO,KAAK,SAAS;AAAA;AAOhB,SAAS,gBAAgB,CAC9B,cACA,UACA,cACA,SACQ;AAAA,EACR,MAAM,QAAkB,CAAC;AAAA,EACzB,IAAI,cAAc;AAAA,IAChB,MAAM,KAAK,4BAA4B,WAAW,YAAY,yBAAyB;AAAA,EACzF;AAAA,EACA,IAAI,SAAS;AAAA,IACX,MAAM,KAAK,YAAY,WAAW,OAAO,0BAA0B;AAAA,EACrE;AAAA,EACA,MAAM,KAAK,gFAAgF;AAAA,EAE3F,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA,SAKA,WAAW,YAAY;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,cA8BY;AAAA;AAAA,MAER,WAAW,YAAY;AAAA,qFACwD,WAAW,QAAQ;AAAA;AAAA;AAAA,EAGtG,MAAM,KAAK;AAAA,CAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAaV,SAAS,iBAAiB,CAAC,QAAgB,cAA8B;AAAA,EAC9E,MAAM,eAAe,eAAe,aAAa,WAAW,YAAY,gBAAgB;AAAA,EACxF,MAAM,gBAAgB,UAAU;AAAA,EAChC,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMP;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,cAIY;AAAA;AAAA;AAAA,oDAGsC;AAAA,2CACT,WAAW,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYnE,SAAS,eAAe,CAAC,QAAkC;AAAA,EACzD,MAAM,OAAO,WAAW,OAAO,IAAI;AAAA,EACnC,MAAM,UAAU,OAAO,SAAS;AAAA,EAChC,MAAM,YAAY,CAAC,CAAC,OAAO;AAAA,EAG3B,MAAM,SAAmB,CAAC;AAAA,EAC1B,OAAO,KACL,UAAU,iDAAiD,gDAC7D;AAAA,EACA,IAAI;AAAA,IAAW,OAAO,KAAK,gDAAgD;AAAA,EAG3E,IAAI,aAAa;AAAA,EACjB,MAAM,eAAe,OAAO;AAAA,EAC5B,IAAI,aAAa,OAAO,SAAS,GAAG;AAAA,IAClC,MAAM,OAAO,aAAa,OAAO,IAAI,CAAC,MAAM;AAAA,MAC1C,MAAM,YAAY,WAAW,EAAE,IAAI;AAAA,MACnC,MAAM,YAAY,WAAW,kBAAkB,EAAE,IAAI,CAAC;AAAA,MACtD,MAAM,aACJ,OAAO,YAAY,EAAE,QAAQ,OAAO,WAAW,WAAW,KAAK,UAAU,OAAO,SAAS,EAAE,KAAK,CAAC,IAAI;AAAA,MACvG,OAAO,iBAAiB,kCAAkC,4BAA4B;AAAA,KACvF;AAAA,IACD,aAAa;AAAA;AAAA,EAEf,KAAK,KAAK;AAAA,CAAI;AAAA;AAAA,EAEd,EAAO;AAAA,IACL,aAAa;AAAA;AAAA,EAIf,IAAI,cAAc;AAAA,EAClB,IAAI,WAAW,OAAO,aAAa,OAAO,SAAS,GAAG;AAAA,IACpD,MAAM,OAAO,OAAO,aAAa,OAAO,IAAI,CAAC,MAAM;AAAA,MACjD,OAAO,iBAAiB,WAAW,EAAE,IAAI,0BAA0B,WAAW,kBAAkB,EAAE,IAAI,CAAC;AAAA,KACxG;AAAA,IACD,cAAc;AAAA;AAAA,EAEhB,KAAK,KAAK;AAAA,CAAI;AAAA;AAAA,EAEd;AAAA,EAGA,IAAI,aAAa;AAAA,EACjB,IAAI,aAAa,OAAO,gBAAgB,OAAO,aAAa,OAAO,SAAS,GAAG;AAAA,IAC7E,MAAM,OAAO,OAAO,aAAa,OAAO,IAAI,CAAC,MAAM;AAAA,MACjD,OAAO,iBAAiB,WAAW,EAAE,IAAI,0BAA0B,WAAW,kBAAkB,EAAE,IAAI,CAAC;AAAA,KACxG;AAAA,IACD,aAAa;AAAA;AAAA,EAEf,KAAK,KAAK;AAAA,CAAI;AAAA;AAAA,EAEd;AAAA,EAGA,MAAM,UAAU,OAAO,MAAM,wBAAwB,WAAW,OAAO,GAAG,UAAU;AAAA,EAEpF,OAAO;AAAA;AAAA,4BAEmB;AAAA,EAC1B,OAAO,KAAK;AAAA,CAAI;AAAA;AAAA,EAEhB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAIK,SAAS,iBAAiB,CAC/B,cACA,UACA,SACA,SACQ;AAAA,EACR,MAAM,gBAAgB,CAAC,GAAG,QAAQ,QAAQ,CAAC,EACxC,OAAO,EAAE,UAAU,SAAS,cAAc,EAC1C,KAAK,EAAE,KAAK,OAAO,EAAE,cAAc,CAAC,CAAC;AAAA,EAExC,MAAM,QAAQ,cAAc,IAAI,IAAI,YAAY,gBAAgB,MAAM,CAAC,EAAE,KAAK;AAAA,CAAI;AAAA,EAElF,MAAM,WAAW,UAAU,sBAAsB,WAAW,OAAO,kBAAkB;AAAA,EAErF,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA,SAKA,WAAW,YAAY;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gBAiDc;AAAA;AAAA,QAER,WAAW,YAAY;AAAA;AAAA,uFAEwD,WAAW,QAAQ,WAAW;AAAA;AAAA,EAEnH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACxRF,IAAM,mBAAmB;AACzB,SAAS,OAAO,GAKd;AAAA,EACA,MAAM,MAAY,YAAoB,WAAY,WAAmB,WAAW;AAAA,EAChF,IAAI,CAAC,KAAK;AAAA,IACR,MAAM,IAAI,MAAM,mDAAmD;AAAA,EACrE;AAAA,EACA,OAAO,IAAI,gBAAgB;AAAA;AAE7B,IAAM,aAAa,CAAC,SAAiB,QAAQ,EAAE,WAAW,IAAI;AAC9D,IAAM,aAAa,CAAC,MAAc,QAAa,QAAQ,EAAE,WAAW,MAAM,GAAG;AAC7E,IAAM,eAAc,CAAC,MAAc,QAAQ,EAAE,YAAY,CAAC;AAC1D,IAAM,kBAAkB,CAAC,GAAQ,MAAW,QAAQ,EAAE,gBAAgB,GAAG,CAAC;AAM1E,IAAM,sBAAsB;AAC5B,IAAM,mBAAmB;AACzB,IAAM,yBAAyB;AAC/B,IAAM,kBAAkB;AACxB,IAAM,8BAA8B;AACpC,IAAM,uBAAuB;AAC7B,IAAM,WAAW;AAGjB,IAAM,iCAAsD,IAAI,IAAI,CAAC,oCAAoC,CAAC;AAOnG,SAAS,oBAAoB,GAAW;AAAA,EAE7C,OAAO,aAAY,EAAE,EAAE,SAAS,WAAW;AAAA;AAItC,SAAS,qBAAqB,CAAC,UAA0B;AAAA,EAC9D,MAAM,SAAS,WAAW,QAAQ,EAAE,OAAO,UAAU,OAAO,EAAE,OAAO;AAAA,EACrE,OAAO,OAAO,SAAS,WAAW;AAAA;AAI7B,SAAS,kBAAkB,GAAW;AAAA,EAC3C,OAAO,aAAY,EAAE,EAAE,SAAS,WAAW;AAAA;AAQtC,SAAS,gBAAgB,CAAC,YAAoC;AAAA,EACnE,OAAO,WAAW,UAAU,UAAU,EAAE,OAAO,oBAAoB,EAAE,OAAO;AAAA;AAQ9E,SAAS,YAAY,CAAC,KAAqB;AAAA,EACzC,OAAO,IAAI,SAAS,QAAQ,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG;AAAA;AAItE,SAAS,YAAY,CAAC,GAAmB;AAAA,EAEvC,MAAM,WAAW,EAAE,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAAA,EACvD,OAAO,OAAO,KAAK,UAAU,QAAQ;AAAA;AAkBhC,SAAS,eAAe,CAC7B,cACA,YACA,aACA,YACA,WACA,UACQ;AAAA,EACR,MAAM,MAAM,aAAa,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,EACrD,MAAM,UAAU,OAAO,KAAK,cAAc,OAAO;AAAA,EACjD,MAAM,aAAa,OAAO,KAAK,YAAY,OAAO;AAAA,EAClD,MAAM,WAAW,OAAO,KAAK,aAAa,OAAO;AAAA,EACjD,MAAM,UAAU,OAAO,KAAK,YAAY,IAAI,OAAO;AAAA,EAEnD,MAAM,aAAa,IAAI,IAAI,IAAI,QAAQ,SAAS,IAAI,WAAW,SAAS,IAAI,SAAS,SAAS,IAAI,QAAQ;AAAA,EAC1G,MAAM,UAAU,OAAO,MAAM,UAAU;AAAA,EACvC,IAAI,SAAS;AAAA,EAEb,QAAQ,WAAW,wBAAwB,MAAM;AAAA,EACjD,UAAU;AAAA,EAEV,QAAQ,iBAAiB,OAAO,GAAG,GAAG,MAAM;AAAA,EAC5C,UAAU;AAAA,EAEV,QAAQ,cAAc,QAAQ,QAAQ,MAAM;AAAA,EAC5C,UAAU;AAAA,EACV,QAAQ,KAAK,SAAS,MAAM;AAAA,EAC5B,UAAU,QAAQ;AAAA,EAElB,QAAQ,cAAc,WAAW,QAAQ,MAAM;AAAA,EAC/C,UAAU;AAAA,EACV,WAAW,KAAK,SAAS,MAAM;AAAA,EAC/B,UAAU,WAAW;AAAA,EAErB,QAAQ,cAAc,SAAS,QAAQ,MAAM;AAAA,EAC7C,UAAU;AAAA,EACV,SAAS,KAAK,SAAS,MAAM;AAAA,EAC7B,UAAU,SAAS;AAAA,EAEnB,QAAQ,cAAc,QAAQ,QAAQ,MAAM;AAAA,EAC5C,UAAU;AAAA,EACV,QAAQ,KAAK,SAAS,MAAM;AAAA,EAE5B,MAAM,MAAM,WAAW,UAAU,UAAU,EAAE,OAAO,OAAO,EAAE,OAAO;AAAA,EACpE,OAAO,aAAa,OAAO,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;AAAA;AAe5C,SAAS,iBAAiB,CAC/B,aACA,YACA,SAAiB,iBACI;AAAA,EACrB,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,MAAM,aAAa,WAAW;AAAA,IAC9B,MAAM;AAAA,IACN,MAAM,IAAI,MAAM,0BAA0B;AAAA;AAAA,EAI5C,IAAI,IAAI,SAAS,IAAI;AAAA,IACnB,MAAM,IAAI,MAAM,0BAA0B;AAAA,EAC5C;AAAA,EAGA,MAAM,UAAU,IAAI,SAAS,GAAG,IAAI,SAAS,QAAQ;AAAA,EACrD,MAAM,cAAc,IAAI,SAAS,IAAI,SAAS,QAAQ;AAAA,EACtD,MAAM,cAAc,WAAW,UAAU,UAAU,EAAE,OAAO,OAAO,EAAE,OAAO;AAAA,EAC5E,IAAI,CAAC,gBAAgB,aAAa,WAAW,GAAG;AAAA,IAC9C,MAAM,IAAI,MAAM,mCAAmC;AAAA,EACrD;AAAA,EAGA,MAAM,UAAU,QAAQ,UAAU,CAAC;AAAA,EACnC,IAAI,YAAY,wBAAwB;AAAA,IACtC,MAAM,IAAI,MAAM,sCAAsC,SAAS;AAAA,EACjE;AAAA,EAEA,MAAM,YAAY,OAAO,QAAQ,gBAAgB,CAAC,CAAC;AAAA,EACnD,IAAI,SAAS,GAAG;AAAA,IACd,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI,IAAI;AAAA,IAC5C,IAAI,MAAM,KAAK,MAAM,QAAQ;AAAA,MAC3B,MAAM,IAAI,MAAM,+BAA+B,aAAa,UAAU;AAAA,IACxE;AAAA,EACF;AAAA,EAEA,IAAI,MAAM;AAAA,EACV,MAAM,QAAQ,QAAQ,aAAa,GAAG;AAAA,EACtC,OAAO;AAAA,EACP,MAAM,eAAe,QAAQ,SAAS,KAAK,MAAM,KAAK,EAAE,SAAS,OAAO;AAAA,EACxE,OAAO;AAAA,EAEP,MAAM,WAAW,QAAQ,aAAa,GAAG;AAAA,EACzC,OAAO;AAAA,EACP,MAAM,aAAa,QAAQ,SAAS,KAAK,MAAM,QAAQ,EAAE,SAAS,OAAO;AAAA,EACzE,OAAO;AAAA,EAEP,MAAM,SAAS,QAAQ,aAAa,GAAG;AAAA,EACvC,OAAO;AAAA,EACP,MAAM,cAAc,QAAQ,SAAS,KAAK,MAAM,MAAM,EAAE,SAAS,OAAO;AAAA,EACxE,OAAO;AAAA,EAEP,MAAM,QAAQ,QAAQ,aAAa,GAAG;AAAA,EACtC,OAAO;AAAA,EACP,MAAM,WAAW,QAAQ,SAAS,KAAK,MAAM,KAAK,EAAE,SAAS,OAAO;AAAA,EAEpE,OAAO,EAAE,cAAc,YAAY,aAAa,SAAS;AAAA;AAiBpD,SAAS,mBAAmB,CAAC,QAAqD;AAAA,EACvF,IAAI,SAA+C;AAAA,EAEnD,OAAO,SAAS,QAAQ,GAAkC;AAAA,IACxD,IAAI;AAAA,MAAQ,OAAO;AAAA,IACnB,MAAM,MAAM,GAAG,OAAO,QAAQ,QAAQ,EAAE;AAAA,IACxC,SAAS,MAAM,KAAK,EAAE,QAAQ,YAAY,QAAQ,GAAK,EAAE,CAAC,EACvD,KAAK,OAAO,SAAS;AAAA,MACpB,IAAI,CAAC,KAAK;AAAA,QAAI,MAAM,IAAI,MAAM,uBAAuB,KAAK,QAAQ;AAAA,MAClE,MAAM,OAAO,MAAM,KAAK,KAAK;AAAA,MAC7B,OAAO;AAAA,QACL,uBAAuB,KAAK;AAAA,QAC5B,eAAe,KAAK;AAAA,MACtB;AAAA,KACD,EACA,MAAM,MAAM;AAAA,MACX,SAAS;AAAA,MACT,OAAO;AAAA,KACR;AAAA,IACH,OAAO;AAAA;AAAA;AAeX,eAAsB,oBAAoB,CACxC,eACA,MACA,aACA,cACA,UACA,cACA,YAC8B;AAAA,EAC9B,MAAM,SAAS,IAAI,gBAAgB;AAAA,IACjC,YAAY;AAAA,IACZ;AAAA,IACA,cAAc;AAAA,IACd,eAAe;AAAA,IACf,WAAW;AAAA,EACb,CAAC;AAAA,EACD,IAAI,cAAc;AAAA,IAChB,OAAO,IAAI,iBAAiB,YAAY;AAAA,EAC1C;AAAA,EAEA,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,MAAM,OAAO,MAAM,MAAM,eAAe;AAAA,MACtC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,MAC/D,MAAM,OAAO,SAAS;AAAA,MACtB,QAAQ,YAAY,QAAQ,KAAK;AAAA,IACnC,CAAC;AAAA,IACD,IAAI,CAAC,KAAK,IAAI;AAAA,MACZ,MAAM,OAAO,MAAM,KAAK,KAAK;AAAA,MAC7B,MAAM,IAAI,MAAM,QAAQ,KAAK,WAAW,MAAM;AAAA,IAChD;AAAA,IACA,OAAO,MAAM,KAAK,KAAK;AAAA,IACvB,OAAO,MAAU;AAAA,IACjB,MAAM,IAAI,MAAM,0BAA0B,KAAI,WAAW,MAAK;AAAA;AAAA,EAGhE,MAAM,eAA8B,KAAK,iBAAiB;AAAA,EAE1D,IAAI,YAAY;AAAA,IACd,MAAM,SAAQ,KAAK;AAAA,IACnB,IAAI,CAAC;AAAA,MAAO,MAAM,IAAI,MAAM,iCAAiC;AAAA,IAE7D,IAAI;AAAA,MACF,MAAM,QAAS,OAAiB,MAAM,GAAG;AAAA,MACzC,IAAI,MAAM,UAAU,GAAG;AAAA,QACrB,MAAM,UAAU,IAAK,MAAM,GAAG,SAAS;AAAA,QACvC,MAAM,cAAc,OAAO,KAAK,MAAM,KAAK,IAAI,OAAO,UAAU,CAAC,GAAG,QAAQ,EAAE,SAAS,OAAO;AAAA,QAC9F,MAAM,SAAS,KAAK,MAAM,WAAW;AAAA,QACrC,IAAI,OAAO,OAAO,MAAM;AAAA,UACtB,MAAM,SAAS,KAAK,IAAI,OAAO,OAAO,GAAG,IAAI,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI,GAAG,EAAE;AAAA,UAC9E,OAAO,EAAE,eAAO,QAAQ,aAAa;AAAA,QACvC;AAAA,MACF;AAAA,MACA,MAAM;AAAA,IAGR,OAAO,EAAE,eAAO,QAAQ,6BAA6B,aAAa;AAAA,EACpE;AAAA,EAEA,MAAM,QAAQ,KAAK;AAAA,EACnB,IAAI,CAAC;AAAA,IAAO,MAAM,IAAI,MAAM,qCAAqC;AAAA,EACjE,MAAM,YAAY,KAAK,cAAc;AAAA,EACrC,OAAO,EAAE,OAAO,QAAQ,OAAO,SAAS,GAAG,aAAa;AAAA;AAQnD,SAAS,mBAAmB,CAAC,KAAa,QAAwB;AAAA,EACvE,IAAI,IAAI;AAAA,EACR,IAAI,EAAE,SAAS,sBAAsB;AAAA,IACnC,IAAI,EAAE,MAAM,GAAG,oBAAoB;AAAA,EACrC;AAAA,EACA,IAAI;AAAA,IACF,MAAM,SAAS,IAAI,IAAI,GAAG,cAAc;AAAA,IAExC,IAAI,EAAE,WAAW,SAAS,KAAK,EAAE,WAAW,UAAU,KAAK,EAAE,WAAW,IAAI,GAAG;AAAA,MAC7E,OAAO,UAAU;AAAA,IACnB;AAAA,IAEA,IAAI,OAAO,aAAa,SAAS;AAAA,MAC/B,OAAO,UAAU;AAAA,IACnB;AAAA,IACA,MAAM;AAAA,IACN,OAAO,UAAU;AAAA;AAAA,EAEnB,IAAI,UAAU,CAAC,EAAE,WAAW,MAAM,GAAG;AAAA,IACnC,OAAO,UAAU;AAAA,EACnB;AAAA,EACA,OAAO;AAAA;AAGT,SAAS,WAAW,CAAC,UAA2B;AAAA,EAC9C,OAAO,aAAa,eAAe,aAAa,eAAe,aAAa;AAAA;AAIvE,SAAS,gBAAgB,CAAC,KAAa,gBAA8C;AAAA,EAC1F,MAAM,UAAU,kBAAkB;AAAA,EAClC,IAAI,CAAC,OAAO,IAAI,SAAS;AAAA,IAAM,OAAO;AAAA,EACtC,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,SAAS,IAAI,IAAI,GAAG;AAAA,IACpB,MAAM;AAAA,IACN,OAAO;AAAA;AAAA,EAET,IAAI,OAAO,aAAa,WAAW,OAAO,aAAa;AAAA,IAAU,OAAO;AAAA,EACxE,IAAI,CAAC,OAAO;AAAA,IAAU,OAAO;AAAA,EAE7B,IAAI,YAAY,OAAO,QAAQ,KAAK,OAAO,aAAa;AAAA,IAAS,OAAO;AAAA,EAExE,MAAM,SAAS,GAAG,OAAO,aAAa,OAAO;AAAA,EAC7C,IAAI,QAAQ,IAAI,MAAM;AAAA,IAAG,OAAO;AAAA,EAEhC,IAAI,OAAO,MAAM;AAAA,IACf,MAAM,iBAAiB,GAAG,OAAO,aAAa,OAAO,YAAY,OAAO;AAAA,IACxE,IAAI,QAAQ,IAAI,cAAc;AAAA,MAAG,OAAO;AAAA,EAC1C;AAAA,EACA,OAAO;AAAA;AAQF,SAAS,YAAY,CAAC,SAAuC;AAAA,EAClE,MAAM,SAAS,QAAQ,QAAQ,IAAI,QAAQ;AAAA,EAC3C,MAAM,OAAM,IAAI;AAAA,EAChB,IAAI,CAAC;AAAA,IAAQ,OAAO;AAAA,EACpB,WAAW,QAAQ,OAAO,MAAM,GAAG,GAAG;AAAA,IACpC,MAAM,KAAK,KAAK,QAAQ,GAAG;AAAA,IAC3B,IAAI,KAAK;AAAA,MAAG;AAAA,IACZ,MAAM,OAAO,KAAK,MAAM,GAAG,EAAE,EAAE,KAAK;AAAA,IACpC,MAAM,QAAQ,KAAK,MAAM,KAAK,CAAC,EAAE,KAAK;AAAA,IACtC,KAAI,IAAI,MAAM,KAAK;AAAA,EACrB;AAAA,EACA,OAAO;AAAA;AAYF,SAAS,oBAAoB,CAAC,MAAc,OAAe,SAAmC;AAAA,EACnG,IAAI,SAAS,GAAG,QAAQ;AAAA,EACxB,IAAI,QAAQ,WAAW;AAAA,IAAW,UAAU,aAAa,QAAQ;AAAA,EACjE,IAAI,QAAQ;AAAA,IAAM,UAAU,UAAU,QAAQ;AAAA,EAC9C,IAAI,QAAQ;AAAA,IAAQ,UAAU;AAAA,EAC9B,IAAI,QAAQ;AAAA,IAAU,UAAU;AAAA,EAChC,IAAI,QAAQ;AAAA,IAAU,UAAU,cAAc,QAAQ;AAAA,EACtD,OAAO;AAAA;AAOT,SAAS,WAAU,CAAC,GAAmB;AAAA,EACrC,OAAO,EAAE,QAAQ,MAAM,OAAO,EAAE,QAAQ,MAAM,MAAM,EAAE,QAAQ,MAAM,MAAM,EAAE,QAAQ,MAAM,QAAQ;AAAA;AAI7F,SAAS,mBAAmB,CAAC,SAAiB,QAAuB,UAA0B;AAAA,EACpG,MAAM,aAAa,SAAS,uBAAuB,YAAW,MAAM,YAAY;AAAA,EAChF,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMP;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,cAIY;AAAA;AAAA;AAAA,KAGT,YAAW,OAAO;AAAA,EACrB;AAAA,cACY,YAAW,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYjC,IAAM,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAiBxB,SAAS,mBAAmB,CAAC,YAAoB,WAA2B;AAAA,EAC1E,OAAO;AAAA,8CACqC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAUtB;AAAA;AAAA;AAAA;AAAA;AAOjB,SAAS,iBAAiB,CAAC,QAAwB;AAAA,EACxD,MAAM,YAAY,GAAG;AAAA,EACrB,OACE,UAAU;AAAA,IACV;AAAA,IACA,WAAW,oBAAoB,kBAAkB,SAAS;AAAA;AAcvD,SAAS,kBAAkB,CAAC,WAA2B,aAAqB,kBAAkC;AAAA,EACnH,OAAO,eAAe,YAAY,CAAC,SAAwC;AAAA,IACzE,MAAM,UAAU,aAAa,OAAO;AAAA,IACpC,MAAM,QAAQ,QAAQ,IAAI,UAAU;AAAA,IACpC,IAAI,CAAC,OAAO;AAAA,MACV,MAAM,IAAI,MAAM,gBAAgB;AAAA,IAClC;AAAA,IAEA,MAAM,aAAa,IAAI,QAAQ,QAAQ,OAAO;AAAA,IAC9C,WAAW,IAAI,iBAAiB,UAAU,OAAO;AAAA,IACjD,MAAM,aAAa,IAAI,QAAQ,QAAQ,KAAK;AAAA,MAC1C,QAAQ,QAAQ;AAAA,MAChB,SAAS;AAAA,IACX,CAAC;AAAA,IACD,OAAO,UAAU,UAAU;AAAA;AAAA;AAmDxB,SAAS,gBAAgB,CAC9B,iBACA,cACoB;AAAA,EACpB,IAAI,mBAAmB,gBAAgB,SAAS,GAAG;AAAA,IACjD,OAAO,gBAAgB,KAAK,GAAG;AAAA,EACjC;AAAA,EACA,OAAO;AAAA;AAIF,SAAS,kBAAkB,CAAC,MAAwB,WAA4C;AAAA,EACrG,MAAM,aAAa,iBAAiB,KAAK,UAAU;AAAA,EACnD,MAAM,gBAAgB,oBAAoB,KAAK,MAAM;AAAA,EACrD,OAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,UAAU,KAAK;AAAA,IACf,cAAc,KAAK;AAAA,IACnB,YAAY,KAAK,cAAc;AAAA,IAC/B,QAAQ,KAAK;AAAA,IACb,cAAc,KAAK;AAAA,IACnB,aAAa,KAAK;AAAA,IAClB,OAAO,KAAK,SAAS;AAAA,IACrB,sBAAsB,KAAK,wBAAwB;AAAA,IACnD,oBAAoB,mBAAmB,SAAS;AAAA,IAChD,cAAc,kBAAkB,KAAK,MAAM;AAAA,EAC7C;AAAA;AAOF,IAAM,4BAAiD,IAAI,IAAI,CAAC,sBAAsB,eAAe,CAAC;AAEtG,SAAS,eAAe,CAAC,UAA2B;AAAA,EAClD,OAAO,aAAa,eAAe,aAAa,eAAe,aAAa;AAAA;AAI9E,SAAS,YAAY,CAAC,SAAkB,SAAkB,QAA+B;AAAA,EACvF,QAAQ,OAAO,QAAQ,QAAQ;AAAA,EAC/B,MAAM,SAAS,QAAQ,QAAQ,IAAI,QAAQ;AAAA,EAC3C,IAAI,CAAC;AAAA,IAAQ;AAAA,EACb,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,SAAS,IAAI,IAAI,MAAM;AAAA,IACvB,MAAM;AAAA,IACN;AAAA;AAAA,EAEF,IAAI,OAAO,aAAa,WAAW,OAAO,aAAa;AAAA,IAAU;AAAA,EACjE,IAAI,CAAC,OAAO;AAAA,IAAU;AAAA,EACtB,IAAI,gBAAgB,OAAO,QAAQ,KAAK,OAAO,aAAa,SAAS;AAAA,IACnE,QAAQ,IAAI,+BAA+B,MAAM;AAAA,IACjD;AAAA,EACF;AAAA,EACA,IAAI,OAAO,qBAAqB,IAAI,MAAM,GAAG;AAAA,IAC3C,QAAQ,IAAI,+BAA+B,MAAM;AAAA,EACnD;AAAA;AAGF,SAAS,iBAAiB,CAAC,SAAkB,QAAgB,OAAe,aAA+B;AAAA,EACzG,QAAQ,IAAI,gBAAgB,kBAAkB;AAAA,EAC9C,OAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,mBAAmB,YAAY,CAAC,GAAG,EAAE,QAAQ,QAAQ,CAAC;AAAA;AAapG,eAAsB,qBAAqB,CAAC,SAAkB,QAA4C;AAAA,EACxG,MAAM,UAAU,IAAI;AAAA,EACpB,aAAa,SAAS,SAAS,MAAM;AAAA,EAErC,IAAI,QAAQ,WAAW,WAAW;AAAA,IAChC,QAAQ,IAAI,gCAAgC,eAAe;AAAA,IAC3D,QAAQ,IAAI,gCAAgC,cAAc;AAAA,IAC1D,QAAQ,IAAI,0BAA0B,MAAM;AAAA,IAC5C,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,EACpD;AAAA,EAEA,IAAI,QAAQ,WAAW,QAAQ;AAAA,IAC7B,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,EACpD;AAAA,EAEA,MAAM,SAAS,QAAQ,QAAQ,IAAI,cAAc,KAAK,IAAI,MAAM,GAAG,EAAE,GAAG,KAAK,EAAE,YAAY;AAAA,EAC3F,IAAI,UAAU,qCAAqC;AAAA,IACjD,OAAO,kBAAkB,SAAS,KAAK,mBAAmB,wDAAwD;AAAA,EACpH;AAAA,EAEA,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,MAAM,MAAM,QAAQ,KAAK;AAAA,IACzB,MAAM;AAAA,IACN,OAAO,kBAAkB,SAAS,KAAK,mBAAmB,6BAA6B;AAAA;AAAA,EAGzF,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,OAAO,IAAI,gBAAgB,GAAG;AAAA,IAC9B,MAAM;AAAA,IACN,OAAO,kBAAkB,SAAS,KAAK,mBAAmB,2BAA2B;AAAA;AAAA,EAGvF,MAAM,YAAY,KAAK,IAAI,YAAY,KAAK;AAAA,EAC5C,IAAI,CAAC,0BAA0B,IAAI,SAAS,GAAG;AAAA,IAC7C,OAAO,kBACL,SACA,KACA,0BACA,wDACF;AAAA,EACF;AAAA,EAEA,MAAM,oBAAoB,KAAK,IAAI,WAAW;AAAA,EAC9C,IAAI,qBAAqB,sBAAsB,OAAO,UAAU;AAAA,IAC9D,OAAO,kBAAkB,SAAS,KAAK,kBAAkB,gDAAgD;AAAA,EAC3G;AAAA,EAEA,MAAM,YAAY,MAAM,OAAO,cAAc;AAAA,EAC7C,IAAI,CAAC,WAAW;AAAA,IACd,OAAO,kBAAkB,SAAS,KAAK,gBAAgB,uCAAuC;AAAA,EAChG;AAAA,EAEA,MAAM,WAAW,IAAI;AAAA,EACrB,SAAS,IAAI,cAAc,SAAS;AAAA,EACpC,SAAS,IAAI,aAAa,OAAO,QAAQ;AAAA,EACzC,IAAI,OAAO,cAAc;AAAA,IACvB,SAAS,IAAI,iBAAiB,OAAO,YAAY;AAAA,EACnD;AAAA,EACA,WAAW,OAAO,CAAC,QAAQ,iBAAiB,gBAAgB,iBAAiB,OAAO,GAAG;AAAA,IACrF,MAAM,QAAQ,KAAK,IAAI,GAAG;AAAA,IAC1B,IAAI,UAAU,QAAQ,UAAU,IAAI;AAAA,MAClC,SAAS,IAAI,KAAK,KAAK;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,eAAe,MAAM,MAAM,UAAU,eAAe;AAAA,MAClD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,MAC/D,MAAM,SAAS,SAAS;AAAA,MACxB,QAAQ,YAAY,QAAQ,KAAK;AAAA,IACnC,CAAC;AAAA,IACD,OAAO,MAAU;AAAA,IACjB,OAAO,kBAAkB,SAAS,KAAK,gBAAgB,mCAAmC,MAAK,WAAW,MAAK;AAAA;AAAA,EAGjH,MAAM,OAAO,IAAI,WAAW,MAAM,aAAa,YAAY,CAAC;AAAA,EAC5D,MAAM,KAAK,aAAa,QAAQ,IAAI,cAAc,KAAK;AAAA,EACvD,QAAQ,IAAI,gBAAgB,EAAE;AAAA,EAC9B,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,aAAa,QAAQ,QAAQ,CAAC;AAAA;AAQpE,eAAsB,mBAAmB,CAAC,SAAkB,QAA4C;AAAA,EACtG,MAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAAA,EAC/B,MAAM,WAAW,OAAO,UAAU;AAAA,EAElC,SAAS,aAAa,CAAC,QAAgB,SAAiB,QAAiC;AAAA,IACvF,OAAO,IAAI,SAAS,oBAAoB,SAAS,QAAQ,QAAQ,GAAG;AAAA,MAClE;AAAA,MACA,SAAS,EAAE,gBAAgB,2BAA2B;AAAA,IACxD,CAAC;AAAA;AAAA,EAIH,MAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAAA,EAC1C,IAAI,OAAO;AAAA,IACT,MAAM,YAAY,IAAI,aAAa,IAAI,mBAAmB,KAAK;AAAA,IAC/D,OAAO,cAAc,KAAK,+CAA+C,SAAS;AAAA,EACpF;AAAA,EAGA,MAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AAAA,EACxC,MAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAAA,EAC1C,IAAI,CAAC,QAAQ,CAAC,OAAO;AAAA,IACnB,OAAO,cAAc,KAAK,kDAAkD,IAAI;AAAA,EAClF;AAAA,EAGA,MAAM,UAAU,aAAa,OAAO;AAAA,EACpC,MAAM,gBAAgB,QAAQ,IAAI,mBAAmB;AAAA,EACrD,IAAI,CAAC,eAAe;AAAA,IAClB,OAAO,cAAc,KAAK,wDAAwD,IAAI;AAAA,EACxF;AAAA,EAEA,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,WAAW,kBAAkB,eAAe,OAAO,UAAU;AAAA,IAC7D,MAAM;AAAA,IACN,OAAO,cAAc,KAAK,iDAAiD,IAAI;AAAA;AAAA,EAIjF,MAAM,SAAS,OAAO,KAAK,OAAO,OAAO;AAAA,EACzC,MAAM,SAAS,OAAO,KAAK,SAAS,YAAY,OAAO;AAAA,EACvD,IAAI,OAAO,WAAW,OAAO,UAAU,CAAC,gBAAgB,QAAQ,MAAM,GAAG;AAAA,IACvE,OAAO,cAAc,KAAK,qDAA0D,IAAI;AAAA,EAC1F;AAAA,EAGA,MAAM,YAAY,MAAM,OAAO,cAAc;AAAA,EAC7C,IAAI,CAAC,WAAW;AAAA,IACd,OAAO,cAAc,KAAK,6CAA6C,wBAAwB;AAAA,EACjG;AAAA,EAGA,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,SAAS,MAAM,qBACb,UAAU,eACV,MACA,OAAO,aACP,SAAS,cACT,OAAO,UACP,OAAO,cACP,OAAO,UACT;AAAA,IACA,OAAO,MAAU;AAAA,IACjB,OAAO,cAAc,KAAK,wDAAwD,OAAO,KAAI,WAAW,IAAG,CAAC;AAAA;AAAA,EAG9G,MAAM,qBAAqB,qBAAqB,qBAAqB,IAAI;AAAA,IACvE,QAAQ;AAAA,IACR,MAAM,GAAG,OAAO;AAAA,IAChB,QAAQ,OAAO;AAAA,IACf,UAAU;AAAA,IACV,UAAU;AAAA,EACZ,CAAC;AAAA,EAGD,IAAI,SAAS,UAAU;AAAA,IACrB,MAAM,YAAY,SAAS,SAAS,SAAS,GAAG,IAAI,MAAM;AAAA,IAC1D,MAAM,gBAAgB,CAAC,SAAS,OAAO,OAAO;AAAA,IAC9C,IAAI,OAAO,cAAc;AAAA,MACvB,cAAc,KAAK,iBAAiB,mBAAmB,OAAO,YAAY,GAAG;AAAA,IAC/E;AAAA,IACA,cAAc,KAAK,kBAAkB,mBAAmB,UAAU,aAAa,GAAG;AAAA,IAClF,cAAc,KAAK,aAAa,mBAAmB,OAAO,QAAQ,GAAG;AAAA,IACrE,IAAI,OAAO,cAAc;AAAA,MACvB,cAAc,KAAK,iBAAiB,mBAAmB,OAAO,YAAY,GAAG;AAAA,IAC/E;AAAA,IACA,IAAI,OAAO,YAAY;AAAA,MACrB,cAAc,KAAK,mBAAmB;AAAA,IACxC;AAAA,IACA,MAAM,cAAc,GAAG,SAAS,WAAW,YAAY,cAAc,KAAK,GAAG;AAAA,IAE7E,OAAO,IAAI,SAAS,MAAM;AAAA,MACxB,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,UAAU;AAAA,QACV,iBAAiB;AAAA,QACjB,gBAAgB;AAAA,QAChB,cAAc;AAAA,MAChB;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAGA,MAAM,cAAc,oBAAoB,SAAS,aAAa,OAAO,MAAM;AAAA,EAC3E,MAAM,aAAa,OAAO,UAAU;AAAA,EAEpC,MAAM,aAAa,qBAAqB,kBAAkB,OAAO,OAAO;AAAA,IACtE,QAAQ,OAAO;AAAA,IACf,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,IACf,UAAU;AAAA,IACV,UAAU;AAAA,EACZ,CAAC;AAAA,EAGD,MAAM,UAAU,IAAI;AAAA,EACpB,QAAQ,IAAI,YAAY,WAAW;AAAA,EACnC,QAAQ,IAAI,iBAAiB,qCAAqC;AAAA,EAClE,QAAQ,IAAI,gBAAgB,0BAA0B;AAAA,EACtD,QAAQ,OAAO,cAAc,UAAU;AAAA,EACvC,QAAQ,OAAO,cAAc,kBAAkB;AAAA,EAE/C,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA;AAQ7C,SAAS,iBAAiB,CAAC,UAAmB,QAAmC;AAAA,EACtF,MAAM,aAAa,OAAO,UAAU;AAAA,EACpC,MAAM,kBAAkB,qBAAqB,kBAAkB,IAAI;AAAA,IACjE,QAAQ;AAAA,IACR,MAAM;AAAA,IACN,QAAQ,OAAO;AAAA,IACf,UAAU;AAAA,EACZ,CAAC;AAAA,EACD,OAAO,IAAI,SAAS,MAAM;AAAA,IACxB,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,UAAU,OAAO,UAAU;AAAA,MAC3B,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AAAA;AAQH,eAAsB,wBAAwB,CAAC,SAAkB,QAAmD;AAAA,EAElH,MAAM,SAAS,QAAQ,QAAQ,IAAI,QAAQ,KAAK;AAAA,EAChD,IAAI,CAAC,OAAO,SAAS,WAAW;AAAA,IAAG,OAAO;AAAA,EAG1C,MAAM,YAAY,MAAM,OAAO,cAAc;AAAA,EAC7C,IAAI,CAAC;AAAA,IAAW,OAAO;AAAA,EAEvB,MAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAAA,EAG/B,MAAM,eAAe,qBAAqB;AAAA,EAC1C,MAAM,gBAAgB,sBAAsB,YAAY;AAAA,EACxD,MAAM,aAAa,mBAAmB;AAAA,EAGtC,IAAI,cAAc,IAAI;AAAA,EACtB,IAAI,IAAI,QAAQ;AAAA,IACd,cAAc,GAAG,cAAc,IAAI;AAAA,EACrC;AAAA,EACA,cAAc,oBAAoB,aAAa,OAAO,MAAM;AAAA,EAG5D,MAAM,WAAW,iBAAiB,IAAI,aAAa,IAAI,gBAAgB,KAAK,IAAI,OAAO,oBAAoB;AAAA,EAG3G,MAAM,cAAc,gBAAgB,cAAc,YAAY,aAAa,OAAO,YAAY,WAAW,QAAQ;AAAA,EAGjH,MAAM,aAAa,IAAI,gBAAgB;AAAA,IACrC,eAAe;AAAA,IACf,WAAW,OAAO;AAAA,IAClB,cAAc,OAAO;AAAA,IACrB,gBAAgB;AAAA,IAChB,uBAAuB;AAAA,IACvB,OAAO;AAAA,IACP,OAAO,OAAO;AAAA,EAChB,CAAC;AAAA,EAED,IAAI,UAAU;AAAA,IACZ,WAAW,IAAI,eAAe,SAAS;AAAA,IACvC,WAAW,IAAI,UAAU,SAAS;AAAA,EACpC;AAAA,EACA,MAAM,UAAU,GAAG,UAAU,yBAAyB,WAAW,SAAS;AAAA,EAE1E,MAAM,gBAAgB,qBAAqB,qBAAqB,aAAa;AAAA,IAC3E,QAAQ;AAAA,IACR,MAAM,GAAG,OAAO;AAAA,IAChB,QAAQ,OAAO;AAAA,IACf,UAAU;AAAA,IACV,UAAU;AAAA,EACZ,CAAC;AAAA,EAED,OAAO,IAAI,SAAS,MAAM;AAAA,IACxB,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,UAAU;AAAA,MACV,iBAAiB;AAAA,MACjB,gBAAgB;AAAA,MAChB,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AAAA;AAQI,SAAS,mBAAmB,CAAC,SAAkB,QAA0C;AAAA,EAC9F,MAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAAA,EAC/B,MAAM,WAAW,iBAAiB,IAAI,aAAa,IAAI,gBAAgB,KAAK,IAAI,OAAO,oBAAoB;AAAA,EAC3G,IAAI,CAAC;AAAA,IAAU,OAAO;AAAA,EAGtB,MAAM,UAAU,aAAa,OAAO;AAAA,EACpC,MAAM,QAAQ,QAAQ,IAAI,gBAAgB;AAAA,EAC1C,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EAGnB,IAAI;AAAA,IACF,MAAM,QAAQ,MAAM,MAAM,GAAG;AAAA,IAC7B,IAAI,MAAM,UAAU,GAAG;AAAA,MACrB,MAAM,UAAU,KAAK,MAAM,OAAO,KAAK,MAAM,IAAI,WAAW,EAAE,SAAS,OAAO,CAAC;AAAA,MAC/E,IAAI,OAAO,QAAQ,QAAQ,YAAY,QAAQ,OAAO,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI,GAAG;AAAA,QACnF,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,MAAM;AAAA,EAKR,MAAM,YAAY,SAAS,SAAS,GAAG,IAAI,MAAM;AAAA,EACjD,MAAM,iBAAiB,CAAC,SAAS,OAAO;AAAA,EACxC,MAAM,cAAc,GAAG,WAAW,YAAY,eAAe,KAAK,GAAG;AAAA,EAErE,OAAO,IAAI,SAAS,MAAM;AAAA,IACxB,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,UAAU;AAAA,MACV,iBAAiB;AAAA,IACnB;AAAA,EACF,CAAC;AAAA;;;ACl/BH,IAAM,SAAQ,IAAI;AAClB,IAAM,WAAW,IAAI,YAAY,SAAS,EAAE,OAAO,MAAM,CAAC;AAE1D,IAAM,iBAAgB;AACtB,IAAM,iBAAiB;AAQvB,IAAM,aAAa,IAAI;AACvB,IAAM,aAAa;AAMnB,SAAS,eAAe,CAAC,OAA2B;AAAA,EAClD,IAAI,IAAI;AAAA,EACR,SAAS,IAAI,EAAG,IAAI,MAAM,QAAQ,KAAK,OAAQ;AAAA,IAC7C,KAAK,OAAO,aAAa,GAAG,MAAM,SAAS,GAAG,IAAI,KAAM,CAAC;AAAA,EAC3D;AAAA,EACA,OAAO,KAAK,CAAC,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAAA;AAG1E,SAAS,eAAe,CAAC,GAAuB;AAAA,EAC9C,IAAI,MAAM,EAAE,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAAA,EAEhD,MAAM,MAAM,IAAI,SAAS;AAAA,EACzB,IAAI,QAAQ;AAAA,IAAG,OAAO;AAAA,EACjB,SAAI,QAAQ;AAAA,IAAG,OAAO;AAAA,EACtB,SAAI,QAAQ;AAAA,IAAG,MAAM,IAAI,MAAM,0BAA0B;AAAA,EAC9D,MAAM,MAAM,KAAK,GAAG;AAAA,EACpB,MAAM,MAAM,IAAI,WAAW,IAAI,MAAM;AAAA,EACrC,SAAS,IAAI,EAAG,IAAI,IAAI,QAAQ;AAAA,IAAK,IAAI,KAAK,IAAI,WAAW,CAAC;AAAA,EAC9D,OAAO;AAAA;AASF,SAAS,gBAAgB,CAC9B,UACA,WACA,WACA,UACA,KACA,KACQ;AAAA,EACR,IAAI,UAAU,WAAW,gBAAgB;AAAA,IACvC,MAAM,IAAI,MAAM,sBAAsB,6BAA6B,UAAU,QAAQ;AAAA,EACvF;AAAA,EACA,MAAM,gBAAgB,OAAM,OAAO,QAAQ;AAAA,EAC3C,IAAI,cAAc,SAAS,KAAK;AAAA,IAC9B,MAAM,IAAI,MAAM,uBAAuB,cAAc,wBAAwB;AAAA,EAC/E;AAAA,EACA,MAAM,YAAY,IAAI,WAAW,aAAa,cAAc,SAAS,iBAAiB,UAAU;AAAA,EAChG,MAAM,OAAO,IAAI,SAAS,UAAU,MAAM;AAAA,EAC1C,IAAI,SAAS;AAAA,EACb,KAAK,aAAa,QAAQ,OAAO,OAAO,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI,CAAC,GAAG,IAAI;AAAA,EAC5E,UAAU;AAAA,EACV,UAAU,UAAU,cAAc;AAAA,EAClC,UAAU;AAAA,EACV,UAAU,IAAI,eAAe,MAAM;AAAA,EACnC,UAAU,cAAc;AAAA,EACxB,UAAU,IAAI,WAAW,MAAM;AAAA,EAC/B,UAAU;AAAA,EACV,KAAK,aAAa,QAAQ,OAAO,SAAS,GAAG,IAAI;AAAA,EACjD,MAAM,SAAS,UAAU,WAAW,UAAU,EAAE,KAAK,SAAS,eAAc,CAAC;AAAA,EAC7E,OAAO,gBAAgB,MAAM;AAAA;AAWxB,SAAS,gBAAgB,CAAC,OAAe,UAAsB,KAAqC;AAAA,EACzG,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,MAAM,gBAAgB,KAAK;AAAA,IAC3B,MAAM;AAAA,IACN,MAAM,IAAI,iBAAiB,yBAAyB;AAAA;AAAA,EAEtD,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,YAAY,UAAU,KAAK,UAAU,EAAE,KAAK,SAAS,eAAc,CAAC;AAAA,IACpE,OAAO,MAAK;AAAA,IACZ,IAAI,gBAAe,WAAW;AAAA,MAC5B,MAAM,IAAI,iBAAiB,mCAAmC;AAAA,IAChE;AAAA,IACA,MAAM;AAAA;AAAA,EAER,IAAI,UAAU,SAAS,YAAY;AAAA,IACjC,MAAM,IAAI,iBAAiB,yBAAyB;AAAA,EACtD;AAAA,EACA,MAAM,OAAO,IAAI,SAAS,UAAU,QAAQ,UAAU,YAAY,UAAU,UAAU;AAAA,EACtF,MAAM,cAAc,UAAU;AAAA,EAC9B,MAAM,SAAS,aAAa;AAAA,EAC5B,MAAM,SAAS,SAAS,iBAAiB;AAAA,EACzC,IAAI,UAAU,WAAW,QAAQ;AAAA,IAC/B,MAAM,IAAI,iBAAiB,yBAAyB;AAAA,EACtD;AAAA,EACA,MAAM,WAAW,SAAS,OAAO,UAAU,SAAS,YAAY,MAAM,CAAC;AAAA,EAGvE,MAAM,YAAY,IAAI,WAAW,cAAc;AAAA,EAC/C,UAAU,IAAI,UAAU,SAAS,QAAQ,SAAS,cAAc,CAAC;AAAA,EACjE,MAAM,YAAY,OAAO,KAAK,aAAa,SAAS,gBAAgB,IAAI,CAAC;AAAA,EACzE,OAAO,EAAE,UAAU,WAAW,UAAU;AAAA;AAAA;AAU1C,MAAM,WAAW;AAAA,EACP,SAAS;AAAA,EACT,UAA6B,CAAC;AAAA,OAEhC,QAAO,GAAwB;AAAA,IACnC,IAAI,CAAC,KAAK,QAAQ;AAAA,MAChB,KAAK,SAAS;AAAA,MACd,OAAO,MAAM,KAAK,QAAQ;AAAA,IAC5B;AAAA,IACA,MAAM,IAAI,QAAc,CAAC,YAAY,KAAK,QAAQ,KAAK,OAAO,CAAC;AAAA,IAC/D,KAAK,SAAS;AAAA,IACd,OAAO,MAAM,KAAK,QAAQ;AAAA;AAAA,EAGpB,OAAO,GAAS;AAAA,IACtB,MAAM,OAAO,KAAK,QAAQ,MAAM;AAAA,IAChC,IAAI,MAAM;AAAA,MAER,KAAK;AAAA,IACP,EAAO;AAAA,MACL,KAAK,SAAS;AAAA;AAAA;AAGpB;AA2BO,SAAS,mBAAmB,CACjC,eACA,QACA,WACQ;AAAA,EACR,IAAI,CAAC;AAAA,IAAe,OAAO;AAAA,EAC3B,OAAO,GAAG,UAAU,SAAW,aAAa;AAAA;AAIvC,SAAS,YAAY,CAAC,WAA+B;AAAA,EAC1D,IAAI,IAAI;AAAA,EACR,SAAS,IAAI,EAAG,IAAI,UAAU,QAAQ;AAAA,IAAK,KAAK,UAAU,GAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EACzF,OAAO;AAAA;AAIT,SAAS,UAAU,CAAC,GAAe,GAAwB;AAAA,EACzD,IAAI,EAAE,WAAW,EAAE;AAAA,IAAQ,OAAO;AAAA,EAClC,SAAS,IAAI,EAAG,IAAI,EAAE,QAAQ;AAAA,IAAK,IAAI,EAAE,OAAO,EAAE;AAAA,MAAI,OAAO;AAAA,EAC7D,OAAO;AAAA;AAAA;AAIF,MAAM,gBAAgB;AAAA,EAKC;AAAA,EAHpB,UAAU,IAAI;AAAA,EACd,YAAY;AAAA,EAEpB,WAAW,CAAiB,YAAoB;AAAA,IAApB;AAAA;AAAA,MAExB,QAAQ,GAAY;AAAA,IACtB,OAAO,KAAK;AAAA;AAAA,EAGd,WAAW,CAAC,OAAsB;AAAA,IAChC,KAAK,YAAY;AAAA;AAAA,EAInB,IAAI,CAAC,OAAgB,KAAyB,cAAoE;AAAA,IAChH,IAAI,KAAK,WAAW;AAAA,MAClB,MAAM,IAAI,oBAAoB,gDAA+C;AAAA,IAC/E;AAAA,IACA,MAAM,YAAY,OAAO,KAAK;AAAA,IAC9B,MAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI,IAAI;AAAA,IAClD,MAAM,YAAY,YAAY,cAAc;AAAA,IAC5C,MAAM,MAAM,aAAa,SAAS;AAAA,IAClC,KAAK,QAAQ,IAAI,KAAK;AAAA,MACpB,IAAI;AAAA,MACJ,OAAO,EAAE,OAAO,WAAW,cAAc,MAAM,IAAI,WAAa;AAAA,IAClE,CAAC;AAAA,IACD,OAAO,EAAE,WAAW,UAAU;AAAA;AAAA,EAKhC,GAAG,CAAC,WAAuB,cAA2C;AAAA,IACpE,MAAM,MAAM,aAAa,SAAS;AAAA,IAClC,MAAM,OAAO,KAAK,QAAQ,IAAI,GAAG;AAAA,IACjC,IAAI,CAAC;AAAA,MAAM,OAAO;AAAA,IAClB,IAAI,CAAC,WAAW,KAAK,IAAI,SAAS;AAAA,MAAG,OAAO;AAAA,IAC5C,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,IACxC,IAAI,KAAK,MAAM,YAAY,KAAK;AAAA,MAC9B,KAAK,QAAQ,OAAO,GAAG;AAAA,MACvB,qBAAqB,KAAK,MAAM,KAAK;AAAA,MACrC,OAAO;AAAA,IACT;AAAA,IACA,IAAI,KAAK,MAAM,iBAAiB;AAAA,MAAc,OAAO;AAAA,IACrD,OAAO,KAAK;AAAA;AAAA,EAId,KAAK,CAAC,WAAgC;AAAA,IACpC,MAAM,MAAM,aAAa,SAAS;AAAA,IAClC,MAAM,OAAO,KAAK,QAAQ,IAAI,GAAG;AAAA,IACjC,IAAI,CAAC,QAAQ,CAAC,WAAW,KAAK,IAAI,SAAS;AAAA,MAAG,OAAO;AAAA,IACrD,KAAK,QAAQ,OAAO,GAAG;AAAA,IACvB,qBAAqB,KAAK,MAAM,KAAK;AAAA,IACrC,OAAO;AAAA;AAAA,EAIT,YAAY,CAAC,KAAsB;AAAA,IACjC,MAAM,SAAS,OAAO,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,IAClD,IAAI,QAAQ;AAAA,IACZ,YAAY,KAAK,SAAS,KAAK,SAAS;AAAA,MACtC,IAAI,KAAK,MAAM,YAAY,QAAQ;AAAA,QACjC,KAAK,QAAQ,OAAO,GAAG;AAAA,QACvB,qBAAqB,KAAK,MAAM,KAAK;AAAA,QACrC;AAAA,MACF;AAAA,IACF;AAAA,IACA,OAAO;AAAA;AAAA,EAIT,QAAQ,GAAS;AAAA,IACf,MAAM,QAAQ,MAAM,KAAK,KAAK,QAAQ,OAAO,CAAC;AAAA,IAC9C,KAAK,QAAQ,MAAM;AAAA,IACnB,WAAW,QAAQ;AAAA,MAAO,qBAAqB,KAAK,MAAM,KAAK;AAAA;AAAA,MAG7D,IAAI,GAAW;AAAA,IACjB,OAAO,KAAK,QAAQ;AAAA;AAExB;AAEA,SAAS,oBAAoB,CAAC,OAAsB;AAAA,EAClD,MAAM,SAAU,OAA+B;AAAA,EAC/C,IAAI,OAAO,WAAW;AAAA,IAAY;AAAA,EAClC,IAAI;AAAA,IACD,OAAyB,KAAK,KAAK;AAAA,IACpC,MAAM;AAAA;AAYH,SAAS,kBAAkB,CAAC,UAA2B,SAAS,MAAkB;AAAA,EACvF,MAAM,SAAS,YAAY,MAAM;AAAA,IAC/B,IAAI;AAAA,MACF,SAAS,aAAa;AAAA,MACtB,MAAM;AAAA,KAGP,MAAM;AAAA,EACR,OAAkC,QAAQ;AAAA,EAC3C,OAAO,MAAM,cAAc,MAAM;AAAA;AA+E5B,SAAS,eAAe,CAAC,UAA2B,YAAsC;AAAA,EAC/F,OAAO;AAAA,IACL,OAAO,MAAM,SAAS,YAAY,IAAI;AAAA,IACtC,UAAU,MAAM;AAAA,MACd,aAAa;AAAA,MACb,SAAS,SAAS;AAAA;AAAA,IAEpB,YAAY,MAAM,SAAS;AAAA,IAC3B,aAAa,CAAC,MAAM,SAAS,YAAY,CAAC;AAAA,EAC5C;AAAA;;;AC7SK,IAAM,sBAAuC;AAAA,EAClD,SAAS,CAAC,OAAwB;AAAA,IAChC,OAAO,IAAI,YAAY,EAAE,OACvB,KAAK,UAAU,OAAO,CAAC,MAAM,UAAW,OAAO,UAAU,WAAW,cAAc,UAAU,KAAM,CACpG;AAAA;AAAA,EAEF,WAAW,CAAC,OAAwB;AAAA,IAClC,OAAO,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,KAAK,GAAG,CAAC,MAAM,UACxD,OAAO,UAAU,YAAY,MAAM,WAAW,aAAa,IAAI,OAAO,MAAM,MAAM,EAAE,CAAC,IAAI,KAC3F;AAAA;AAEJ;;;Ab9DA,IAAM,gBAA0B,OAAW,CAAC,CAAC;AAE7C,IAAM,iBAA6C,IAAI;AAMvD,SAAS,mBAAmB,CAAC,SAA+C;AAAA,EAC1E,MAAM,SAAS,QAAQ,QAAQ,IAAI,QAAQ;AAAA,EAC3C,IAAI,CAAC;AAAA,IAAQ,OAAO;AAAA,EACpB,MAAM,MAAM,IAAI;AAAA,EAChB,WAAW,QAAQ,OAAO,MAAM,GAAG,GAAG;AAAA,IACpC,MAAM,OAAO,KAAK,KAAK;AAAA,IACvB,IAAI,CAAC;AAAA,MAAM;AAAA,IACX,MAAM,KAAK,KAAK,QAAQ,GAAG;AAAA,IAC3B,IAAI,KAAK;AAAA,MAAG;AAAA,IACZ,IAAI,IAAI,KAAK,MAAM,GAAG,EAAE,EAAE,KAAK,GAAG,KAAK,MAAM,KAAK,CAAC,EAAE,KAAK,CAAC;AAAA,EAC7D;AAAA,EACA,OAAO;AAAA;AAeF,SAAS,iBAAiB,CAC/B,UACA,SACoD;AAAA,EACpD,MAAM,UAAU,SAAS,UAAU,IAAI,QAAQ,QAAQ,EAAE;AAAA,EACzD,MAAM,WAAW,SAAS,YAAY,YAAY,EAAE;AAAA,EACpD,MAAM,WAAW,SAAS,YAAY;AAAA,EACtC,MAAM,cAAc,SAAS;AAAA,EAC7B,MAAM,aAAa,SAAS,eAAe,YAAY,OAAO,QAAQ;AAAA,EACtE,MAAM,kBAAkB,SAAS;AAAA,EAOjC,MAAM,8BACJ,SAAS,gCACR,SAAS,mBAAmB,OAAO,QAAQ,kBAAkB,KAAK;AAAA,EAKrE,MAAM,yBAAyB,SAAS;AAAA,EACxC,MAAM,mBAAmB,SAAS;AAAA,EAClC,MAAM,+BAA+B,SAAS;AAAA,EAC9C,MAAM,WAAW,SAAS,YAAY,OAAO,WAAW,EAAE,QAAQ,MAAM,EAAE,EAAE,MAAM,GAAG,EAAE;AAAA,EAEvF,IAAI,eAAe,SAAS;AAAA,EAC5B,MAAM,gBAAgB,SAAS;AAAA,EAG/B,IAAI,aAAqC;AAAA,EACzC,IAAI,gBAAgB,eAAe,UAAU;AAAA,IAC3C,MAAM,cAAc,IAAI,IAAI,cAAc,QAAQ;AAAA,IAClD,MAAM,eAAe,YAAY,aAAa;AAAA,IAC9C,MAAM,cAAc,GAAG,cAAc,SAAS,QAAQ,QAAQ,EAAE,IAAI;AAAA,IACpE,MAAM,SAAS,cAAc,qBAAqB;AAAA,IAClD,IAAI,QAAQ;AAAA,MACV,MAAM,eAAe;AAAA,MACrB,aAAa,mBACX;AAAA,QACE,YAAY;AAAA,QACZ;AAAA,QACA,UAAU,cAAc;AAAA,QACxB,cAAc,cAAc;AAAA,QAC5B,YAAY,cAAc;AAAA,QAC1B;AAAA,QACA;AAAA,QACA;AAAA,QACA,OAAO,iBAAiB,cAAc,iBAAiB,SAAS,cAAc;AAAA,QAC9E,sBAAsB,SAAS;AAAA,MACjC,GACA,YACF;AAAA,MACA,eAAe,kBAAkB,cAAc,WAAW,kBAAkB;AAAA,IAC9E;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,SAAS,WAAW;AAAA,EAMpC,IAAI,sBAA8C;AAAA,EAClD,SAAS,eAAe,GAAoB;AAAA,IAC1C,IAAI,CAAC,qBAAqB;AAAA,MACxB,sBAAsB,mBACpB,SAAS,MACT,SACA,UACA,SAAS,mBAAmB,SAC9B,EAAE,KAAK,GAAG,eAAe,SAAS,IAAI,iBAAiB,KAAK,EAAE;AAAA,IAChE;AAAA,IACA,OAAO;AAAA;AAAA,EAET,MAAM,kBAAkB,SAAS,mBAAmB,SAAS,mBAAmB;AAAA,EAOhF,SAAS,sBAAsB,CAAC,cAA6D;AAAA,IAC3F,MAAM,QAAQ,SAAS;AAAA,IACvB,IAAI,UAAU;AAAA,MAAM;AAAA,IACpB,MAAM,gBAAgB,SAAS;AAAA,IAC/B,MAAM,gBAAgB,cAAc,IAAI,oBAAoB;AAAA,IAC5D,IAAI,kBAAkB,WAAW;AAAA,MAC/B,MAAM,IAAI,qBACR;AAAA,IACE;AAAA,IACA,aAAa;AAAA,IACb,qEACA,+DACA,4CACJ;AAAA,IACF;AAAA,IACA,IAAI;AAAA,IACJ,IAAI;AAAA,MACF,cAAc,qBAAqB,aAAa;AAAA,MAChD,MAAM;AAAA,MACN,MAAM,IAAI,qBACR;AAAA,IACE,aAAa;AAAA,IACb,aAAa;AAAA,IACb,4DACA,8CACJ;AAAA;AAAA,IAEF,IAAI,YAAY,OAAO,MAAM,MAAM,YAAY,OAAO,MAAM;AAAA,MAAI;AAAA,IAChE,MAAM,cAAc,YAAY,KAAK,MAAM,MAAO,YAAY,OAAO,MAAM,MAAM,YAAY,KAAK,MAAM;AAAA,IACxG,MAAM,YAAY,cACd,gGAAgG,mBAChG,sFAAsF;AAAA,IAC1F,MAAM,IAAI,qBACR;AAAA,IACE,aAAa;AAAA,IACb,aAAa;AAAA,IACb,gBAAgB,WACpB;AAAA;AAAA,EAGF,MAAM,mBAAmB,SAAS;AAAA,EAClC,MAAM,kBAAkB,SAAS,mBAAmB;AAAA,EACpD,MAAM,eAAe,SAAS;AAAA,EAO9B,MAAM,eAAsC,SAAS,gBAAgB;AAAA,EACrE,IAAI,kBAAkB;AAAA,EACtB,IAAI,qBAA2C;AAAA,EAI/C,MAAM,gBACH,SAAgD;AAAA,EACnD,eAAe,eAAe,CAAC,MAAoC;AAAA,IACjE,IAAI;AAAA,MAAiB;AAAA,IACrB,IAAI,oBAAoB;AAAA,MACtB,MAAM;AAAA,MACN;AAAA,IACF;AAAA,IACA,IAAI,CAAC,cAAc;AAAA,MACjB,kBAAkB;AAAA,MAClB;AAAA,IACF;AAAA,IACA,sBAAsB,YAAY;AAAA,MAChC,IAAI;AAAA,QACF,MAAM,aAAa,IAAI;AAAA,QACvB,kBAAkB;AAAA,gBAClB;AAAA,QACA,qBAAqB;AAAA;AAAA,OAEtB;AAAA,IACH,MAAM;AAAA;AAAA,EAIR,MAAM,oBAAoB,SAAS,qBAAqB;AAAA,EACxD,MAAM,qBAAqB,SAAS,sBAAsB;AAAA,EAC1D,MAAM,qBAAqB,SAAS,sBAAsB;AAAA,EAC1D,MAAM,cAAc,SAAS,gBAAgB,SAAS;AAAA,EACtD,MAAM,UAAU,SAAS,iBAAiB;AAAA,EAG1C,IAAI,cAAc,oBACd,iBAAiB,aAAa,UAAU,qBAAqB,GAAG,oBAAoB,MAAM,OAAO,IACjG;AAAA,EACJ,IAAI,eAAe,qBAAqB,kBAAkB,aAAa,UAAU,SAAS,OAAO,IAAI;AAAA,EACrG,MAAM,eAAe,qBAAqB,kBAAkB,QAAQ,WAAW,IAAI;AAAA,EAGnF,IAAI,YAAY;AAAA,IACd,MAAM,UAAU,WAAW;AAAA,IAC3B,IAAI,aAAa;AAAA,MACf,cAAc,YAAY,QAAQ,WAAW,GAAG;AAAA,QAAkB;AAAA,IACpE;AAAA,IACA,IAAI,cAAc;AAAA,MAChB,eAAe,aAAa,QAAQ,WAAW,GAAG;AAAA,QAAkB;AAAA,IACtE;AAAA,EACF;AAAA,EAEA,MAAM,mBAAmB,SAAS;AAAA,EAClC,MAAM,oBAAoB,SAAS;AAAA,EACnC,MAAM,iBAAiB,SAAS;AAAA,EAGhC,MAAM,6BAA6B,OAAW;AAAA,IAC5C,MAAM,cAAc,KAAK,GAAG,KAAK;AAAA,IACjC,MAAM,gBAAgB,KAAK,GAAG,KAAK;AAAA,IACnC,MAAM,cAAc,eAAe,KAAK,GAAG,KAAK;AAAA,EAClD,CAAC;AAAA,EACD,MAAM,qBAAoB;AAAA,EAC1B,MAAM,uBAAuB;AAAA,EAG7B,MAAM,gBAAgB,SAAS,iBAAiB;AAAA,EAChD,MAAM,mBAAmB,SAAS,oBAAoB;AAAA,EAGtD,MAAM,uBAAgD,gBAClD,OAAO,QAAQ,SAAS,qBAAqB,CAAC,CAAC,IAC/C,CAAC;AAAA,EACL,MAAM,kBAAkB,gBAAgB,IAAI,gBAAgB,gBAAgB,IAAI;AAAA,EAIhF,MAAM,aAAa,kBAAkB,mBAAmB,eAAe,IAAI;AAAA,EAC3E,IAAI,SAAS,mBAAmB,iBAAiB;AAAA,IAC/C,QAAQ,gBAAgB,gBAAgB,iBAAiB,cAAc,SAAS,CAAC;AAAA,EACnF;AAAA,EAQA,MAAM,6BAAuC,CAAC;AAAA,EAC9C,MAAM,wBAAwB,oBAAoB,QAAQ,wBAAwB;AAAA,EAClF,IAAI,uBAAuB;AAAA,IACzB,2BAA2B,KAAK,MAAM;AAAA,EACxC;AAAA,EACA,IAAI,oBAAoB,MAAM;AAAA,IAC5B,2BAA2B,KAAK,MAAM;AAAA,EACxC;AAAA,EAGA,SAAS,oBAAoB,CAAC,SAAkB,YAAY,OAAa;AAAA,IACvE,IAAI,2BAA2B,QAAQ;AAAA,MACrC,QAAQ,IAAI,2BAA2B,2BAA2B,KAAK,IAAI,CAAC;AAAA,IAC9E;AAAA,IACA,IAAI,mBAAmB,MAAM;AAAA,MAC3B,QAAQ,IAAI,yBAAyB,OAAO,eAAe,CAAC;AAAA,IAC9D;AAAA,IACA,IAAI,oBAAoB,MAAM;AAAA,MAC5B,QAAQ,IAAI,0BAA0B,OAAO,gBAAgB,CAAC;AAAA,IAChE;AAAA,IACA,IAAI,gCAAgC,MAAM;AAAA,MACxC,QAAQ,IAAI,uCAAuC,OAAO,4BAA4B,CAAC;AAAA,IACzF;AAAA,IAGA,QAAQ,IAAI,+BAA+B,kBAAkB,UAAU,SAAS,OAAO;AAAA,IACvF,IAAI,mBAAmB;AAAA,MACrB,QAAQ,IAAI,0BAA0B,MAAM;AAAA,MAC5C,IAAI,kBAAkB,MAAM;AAAA,QAC1B,QAAQ,IAAI,wBAAwB,OAAO,cAAc,CAAC;AAAA,MAC5D;AAAA,IACF;AAAA,IACA,IAAI,eAAe;AAAA,MACjB,QAAQ,IAAI,uBAAuB,MAAM;AAAA,MACzC,QAAQ,IAAI,2BAA2B,OAAO,KAAK,MAAM,gBAAgB,CAAC,CAAC;AAAA,MAC3E,IAAI,qBAAqB,SAAS,GAAG;AAAA,QACnC,QAAQ,IAAI,4BAA4B,qBAAqB,IAAI,EAAE,OAAO,CAAC,EAAE,KAAK,IAAI,CAAC;AAAA,MACzF;AAAA,IACF;AAAA,IACA,IAAI,cAAc,mBAAmB,QAAQ,qBAAqB,gBAAgB;AAAA,MAEhF,IAAI,CAAC,QAAQ,IAAI,eAAe,GAAG;AAAA,QACjC,QAAQ,IAAI,iBAAiB,qBAAqB;AAAA,MACpD;AAAA,IACF;AAAA;AAAA,EAIF,MAAM,UAAU;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,MAAM;AAAA,EACR;AAAA,EAEA,SAAS,cAAc,CAAC,SAAkB,YAAY,OAAO,kBAAwC;AAAA,IACnG,IAAI,aAAa;AAAA,MACf,QAAQ,IAAI,+BAA+B,WAAW;AAAA,MACtD,QAAQ,IAAI,gCAAgC,eAAe;AAAA,MAK3D,QAAQ,IACN,gCACA,oBAAoB,iBAAiB,SAAS,IAAI,mBAAmB,6BACvE;AAAA,MACA,QAAQ,IACN,iCACA,2DAA2D,4GAC7D;AAAA,MACA,IAAI,aAAa,cAAc,MAAM;AAAA,QACnC,QAAQ,IAAI,0BAA0B,OAAO,UAAU,CAAC;AAAA,MAC1D;AAAA,IACF;AAAA;AAAA,EAGF,eAAe,kBAAkB,CAC/B,UACA,mBACA,mBACmB;AAAA,IACnB,IAAI,oBAAoB;AAAA,MAAM,OAAO;AAAA,IAGrC,MAAM,QAAQ,qBAAqB,wBAAwB,SAAS,oBAAoB,SAAS;AAAA,IACjG,IAAI,CAAC;AAAA,MAAO,OAAO;AAAA,IACnB,MAAM,eAAe,IAAI,WAAW,MAAM,SAAS,YAAY,CAAC;AAAA,IAChE,MAAM,aACJ,UAAU,SAAS,MAAM,aAAa,cAAc,gBAAgB,IAAI,MAAM,aAAa,YAAY;AAAA,IACzG,MAAM,UAAU,IAAI,QAAQ,SAAS,OAAO;AAAA,IAC5C,QAAQ,IAAI,oBAAoB,KAAK;AAAA,IACrC,OAAO,IAAI,SAAS,YAAmC;AAAA,MACrD,QAAQ,SAAS;AAAA,MACjB;AAAA,IACF,CAAC;AAAA;AAAA,EAGH,SAAS,iBAAiB,CAAC,OAAc,YAAoB,UAAoB,eAAwB;AAAA,IACvG,MAAM,WAAW,gBAAgB,SAAQ,OAAO,UAAU,IAAI;AAAA,IAC9D,MAAM,OAAO,mBAAmB,SAAQ,CAAC,QAAQ,CAAC;AAAA,IAClD,MAAM,OAAO,cAAc,MAAM,UAAU;AAAA,IAC3C,eAAe,KAAK,OAAO;AAAA,IAC3B,OAAO;AAAA;AAAA,EAGT,MAAM,uBAAuB,SAAS,wBAAwB;AAAA,EAC9D,MAAM,aAAa,GAAG;AAAA,EACtB,MAAM,aAAa,uBACf,KAAK,UAAU,EAAE,QAAQ,MAAM,WAAW,UAAU,UAAU,YAAY,CAAC,IAC3E;AAAA,EAEJ,OAAO,eAAe,OAAO,CAAC,SAAqC;AAAA,IACjE,MAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAAA,IAC/B,MAAM,OAAO,IAAI;AAAA,IAKjB,IACE,cACA,SAAS,GAAG,0BACX,QAAQ,WAAW,UAAU,QAAQ,WAAW,YACjD;AAAA,MACA,OAAO,sBAAsB,SAAS,UAAU;AAAA,IAClD;AAAA,IAIA,IAAI,eAAe,QAAQ,QAAQ,WAAW,SAAS,SAAS,YAAY;AAAA,MAC1E,MAAM,UAAU,IAAI,QAAQ,EAAE,gBAAgB,mBAAmB,CAAC;AAAA,MAClE,eAAe,OAAO;AAAA,MACtB,qBAAqB,OAAO;AAAA,MAC5B,OAAO,IAAI,SAAS,YAAY,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,IAC1D;AAAA,IAGA,IAAI,iBAAiB,SAAS,cAAc,MAAM,GAAG;AAAA,MACnD,IAAI,QAAQ,WAAW,OAAO;AAAA,QAC5B,OAAO,IAAI,SAAS,sBAAsB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC3D;AAAA,MACA,MAAM,WAAW,4BAA4B,aAAa;AAAA,MAI1D,IAAI,cAAc,cAAc,cAAc;AAAA,QAC5C,MAAM,cAAc,IAAI,IAAI,cAAc,QAAQ;AAAA,QAClD,SAAS,iBAAiB,GAAG,YAAY,aAAa,YAAY,OAAO;AAAA,MAC3E;AAAA,MACA,MAAM,QAAO,KAAK,UAAU,QAAQ;AAAA,MACpC,MAAM,UAAU,IAAI,QAAQ;AAAA,QAC1B,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,MACnB,CAAC;AAAA,MACD,eAAe,OAAO;AAAA,MACtB,OAAO,IAAI,SAAS,OAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,IACpD;AAAA,IAGA,IAAI,QAAQ,WAAW,WAAW;AAAA,MAChC,MAAM,UAAU,IAAI;AAAA,MACpB,eAAe,SAAS,MAAM,QAAQ,QAAQ,IAAI,gCAAgC,CAAC;AAAA,MACnF,qBAAqB,SAAS,IAAI;AAAA,MAIlC,IACE,eACA,mBAAmB,QACnB,oBAAoB,QACpB,gCAAgC,QAChC,qBACA,iBACA,SAAS,GAAG,2BACZ;AAAA,QACA,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,MACpD;AAAA,MACA,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3C;AAAA,IAGA,IAAI,QAAQ,WAAW,OAAO;AAAA,MAE5B,IAAI,YAAY;AAAA,QACd,IAAI,SAAS,GAAG,0BAA0B;AAAA,UACxC,OAAO,oBAAoB,SAAS,UAAU;AAAA,QAChD;AAAA,QACA,IAAI,SAAS,GAAG,wBAAwB;AAAA,UACtC,OAAO,kBAAkB,SAAS,UAAU;AAAA,QAC9C;AAAA,QAGA,MAAM,gBAAgB,oBAAoB,SAAS,UAAU;AAAA,QAC7D,IAAI;AAAA,UAAe,OAAO;AAAA,MAC5B;AAAA,MAIA,IAAI,gBAAgB,YAAY;AAAA,QAC9B,IAAI;AAAA,UACF,MAAM,aAAa,OAAO;AAAA,UAC1B,MAAM;AAAA,UAEN,MAAM,WAAW,MAAM,yBAAyB,SAAS,UAAU;AAAA,UACnE,IAAI;AAAA,YAAU,OAAO;AAAA;AAAA,MAGzB;AAAA,MAGA,IAAI,gBAAgB,SAAS,UAAU,SAAS,GAAG,YAAY;AAAA,QAC7D,MAAM,UAAU,IAAI,QAAQ,EAAE,gBAAgB,2BAA2B,CAAC;AAAA,QAC1E,eAAe,OAAO;AAAA,QACtB,OAAO,IAAI,SAAS,aAAa,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,MAC3D;AAAA,MAGA,IAAI,gBAAgB,SAAS,GAAG,mBAAmB;AAAA,QACjD,MAAM,UAAU,IAAI,QAAQ,EAAE,gBAAgB,2BAA2B,CAAC;AAAA,QAC1E,eAAe,OAAO;AAAA,QACtB,OAAO,IAAI,SAAS,cAAc,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,MAC5D;AAAA,MAGA,IAAI,cAAc;AAAA,QAChB,MAAM,UAAU,IAAI,QAAQ,EAAE,gBAAgB,2BAA2B,CAAC;AAAA,QAC1E,eAAe,OAAO;AAAA,QACtB,OAAO,IAAI,SAAS,cAAc,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,MAC5D;AAAA,MAEA,OAAO,IAAI,SAAS,aAAa,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClD;AAAA,IAOA,IAAI,QAAQ,WAAW,YAAY,iBAAiB,mBAAmB,SAAS,GAAG,UAAU,oBAAoB;AAAA,MAC/G,MAAM,UAAU,IAAI;AAAA,MACpB,eAAe,OAAO;AAAA,MACtB,qBAAqB,OAAO;AAAA,MAC5B,MAAM,eAAe,QAAQ,QAAQ,IAAI,cAAc,KAAK,IAAI,KAAK;AAAA,MACrE,IAAI,CAAC,aAAa;AAAA,QAChB,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,MACpD;AAAA,MAMA,IAAI,eAAe,oBAAoB,OAAO,MAAM,IAAI;AAAA,MACxD,IAAI,eAA8B;AAAA,MAClC,IAAI,cAAc;AAAA,QAChB,IAAI;AAAA,UACF,MAAM,QAAO,MAAM,aAAa,OAAO;AAAA,UACvC,IAAI,OAAM,eAAe;AAAA,YACvB,eAAe,MAAK,aAAa;AAAA,YACjC,eAAe,oBAAoB,MAAM,MAAK,QAAQ,MAAK,SAAS;AAAA,UACtE;AAAA,UACA,MAAM;AAAA,MAMV;AAAA,MACA,MAAM,MAAM,WAAW,YAAY;AAAA,MACnC,IAAI;AAAA,MACJ,IAAI;AAAA,QACF,SAAS,iBAAiB,aAAa,UAAU,GAAG;AAAA,QACpD,MAAM;AAAA,QACN,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA;AAAA,MAEpD,IAAI,OAAO,aAAa,UAAU;AAAA,QAChC,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,MACpD;AAAA,MACA,MAAM,QAAQ,gBAAgB,IAAI,OAAO,WAAW,YAAY;AAAA,MAChE,IAAI,CAAC,OAAO;AAAA,QACV,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,MACpD;AAAA,MACA,MAAM,UAAU,MAAM,MAAM,KAAK,QAAQ;AAAA,MACzC,IAAI;AAAA,QACF,gBAAgB,MAAM,OAAO,SAAS;AAAA,gBACtC;AAAA,QACA,QAAQ;AAAA;AAAA,MAEV,QAAQ,IAAI,sBAAsB,MAAM;AAAA,MACxC,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,IACpD;AAAA,IAEA,IAAI,QAAQ,WAAW,QAAQ;AAAA,MAC7B,OAAO,IAAI,SAAS,sBAAsB,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3D;AAAA,IAGA,MAAM,MAAM,KAAK,SAAS,SAAS,oBAAoB,OAAO,EAAE;AAAA,IAQhE,IAAI,cAAc;AAAA,MAChB,IAAI;AAAA,QACF,IAAI,cAAc,MAAM,aAAa,OAAO;AAAA,QAC5C,OAAO,OAAY;AAAA,QACnB,MAAM,UAAU,IAAI,QAAQ,EAAE,gBAAgB,aAAa,CAAC;AAAA,QAC5D,eAAe,OAAO;AAAA,QACtB,IAAI,eAAe;AAAA,UACjB,MAAM,cAAc,IAAI,IAAI,QAAQ,GAAG;AAAA,UACvC,YAAY,WAAW,cAAc,MAAM;AAAA,UAC3C,YAAY,SAAS;AAAA,UACrB,QAAQ,IACN,oBACA,2BACE,YAAY,SAAS,GACrB,cAAc,UACd,cAAc,cACd,cAAc,oBACd,cAAc,oBACd,cAAc,sBAChB,CACF;AAAA,QACF;AAAA,QACA,OAAO,IAAI,SAAS,MAAM,WAAW,gBAAgB,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA;AAAA,IAEjF;AAAA,IAIA,MAAM,uBAAuB,QAAQ,QAAQ,IAAI,iBAAiB,KAAK,IAAI,YAAY;AAAA,IACvF,MAAM,yBAAyB,oBAAoB,SAAS,MAAM;AAAA,IAClE,MAAM,yBAAyB,oBAAoB,SAAS,MAAM;AAAA,IAUlE,IAAI,oBAAyC;AAAA,IAC7C,IAAI,aAAgC;AAAA,IACpC,IAAI,iBAAiB,iBAAiB;AAAA,MACpC,MAAM,QAAO,IAAI;AAAA,MACjB,MAAM,eAAe,OAAM,gBAAiB,MAAK,aAAa,KAAM;AAAA,MACpE,MAAM,eAAe,oBAAoB,CAAC,CAAC,OAAM,eAAe,OAAM,QAAQ,OAAM,SAAS;AAAA,MAC7F,MAAM,MAAM,WAAW,YAAY;AAAA,MACnC,MAAM,eAAe,QAAQ,QAAQ,IAAI,qBAAqB,KAAK,IAAI,KAAK,EAAE,YAAY,MAAM;AAAA,MAChG,MAAM,iBAAiB,QAAQ,QAAQ,IAAI,cAAc,KAAK,IAAI,KAAK;AAAA,MAEvE,IAAI,cAA8B;AAAA,MAClC,IAAI,kBAAiC;AAAA,MAErC,IAAI,eAAe;AAAA,QACjB,IAAI;AAAA,QACJ,IAAI;AAAA,UACF,SAAS,iBAAiB,eAAe,UAAU,GAAG;AAAA,UACtD,IAAI,OAAO,aAAa,UAAU;AAAA,YAChC,MAAM,IAAI,iBAAiB,qEAAqE;AAAA,UAClG;AAAA,UACA,OAAO,MAAK;AAAA,UAEZ,MAAM,IAAI,gBAAe,QAAQ,OAAM,IAAI,MAAM,OAAO,IAAG,CAAC;AAAA,UAC5D,MAAM,IAAI,kBAAkB,GAAG,GAAG;AAAA,UAClC,qBAAqB,EAAE,OAAO;AAAA,UAC9B,OAAO,mBAAmB,GAAG,wBAAwB,sBAAsB;AAAA;AAAA,QAE7E,MAAM,QAAQ,gBAAgB,IAAI,OAAO,WAAW,YAAY;AAAA,QAChE,IAAI,CAAC,OAAO;AAAA,UACV,MAAM,IAAI,kBAAkB,IAAI,iBAAiB,mDAAmD,GAAG,GAAG;AAAA,UAC1G,qBAAqB,EAAE,OAAO;AAAA,UAC9B,OAAO,mBAAmB,GAAG,wBAAwB,sBAAsB;AAAA,QAC7E;AAAA,QACA,oBAAoB,MAAM,MAAM,KAAK,QAAQ;AAAA,QAC7C,cAAc,MAAM;AAAA,QACpB,kBAAkB,aAAa,OAAO,SAAS;AAAA,MACjD;AAAA,MAKA,MAAM,OAAmB;AAAA,QACvB;AAAA,QACA,OAAO;AAAA,QACP,WAAW;AAAA,QACX,WAAW;AAAA,QACX,QAAQ;AAAA,QACR,QAAQ,gBAAgB,WAAW;AAAA,QACnC,KAAK,CAAC,OAAgB,KAAc;AAAA,UAClC,QAAQ,WAAW,cAAc,gBAAiB,KAAK,OAAO,KAAK,YAAY;AAAA,UAC/E,KAAK,YAAY,aAAa,SAAS;AAAA,UACvC,KAAK,QAAQ;AAAA,UACb,KAAK,YAAY,iBAAiB,UAAU,WAAW,WAAW,UAAU,GAAG;AAAA;AAAA,QAEjF,MAAM,GAAG;AAAA,UACP,IAAI,KAAK;AAAA,YAAQ;AAAA,UACjB,MAAM,MAAM,KAAK;AAAA,UACjB,IAAI,CAAC;AAAA,YAAK;AAAA,UAEV,MAAM,QAAQ,IAAI,WAAW,IAAI,SAAS,CAAC;AAAA,UAC3C,SAAS,IAAI,EAAG,IAAI,MAAM,QAAQ;AAAA,YAAK,MAAM,KAAK,SAAS,IAAI,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE;AAAA,UAG1F,IAAI,mBAAmB;AAAA,YACrB,kBAAkB;AAAA,YAClB,oBAAoB;AAAA,UACtB;AAAA,UACA,gBAAiB,MAAM,KAAK;AAAA,UAC5B,KAAK,QAAQ;AAAA,UACb,KAAK,SAAS;AAAA;AAAA,MAElB;AAAA,MACA,aAAa;AAAA,MACb,IAAI,gBAAgB;AAAA,IACtB;AAAA,IAGA,MAAM,cAAc,QAAQ,QAAQ,IAAI,cAAc;AAAA,IACtD,IAAI,CAAC,eAAe,CAAC,YAAY,SAAS,kBAAkB,GAAG;AAAA,MAC7D,IAAI;AAAA,QAAmB,kBAAkB;AAAA,MACzC,OAAO,IAAI,SAAS,oCAAoC,sBAAsB,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/F;AAAA,IAKA,MAAM,qBACJ,SAAS,cAAc,SAAS,GAAG,UAAU,6BAA4B,SAAS,GAAG;AAAA,IACvF,IAAI,mBAAmB,QAAQ,CAAC,oBAAoB;AAAA,MAClD,MAAM,gBAAgB,QAAQ,QAAQ,IAAI,gBAAgB;AAAA,MAC1D,IAAI,iBAAiB,SAAS,eAAe,EAAE,IAAI,iBAAiB;AAAA,QAClE,OAAO,IAAI,SAAS,0BAA0B,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC/D;AAAA,IACF;AAAA,IAEA,MAAM,oBAAoB;AAAA,IAC1B,MAAM,oBAAoB;AAAA,IAG1B,IAAI,OAAO,IAAI,WAAW,MAAM,QAAQ,YAAY,CAAC;AAAA,IACrD,IAAI,mBAAmB,QAAQ,CAAC,sBAAsB,KAAK,aAAa,iBAAiB;AAAA,MACvF,OAAO,IAAI,SAAS,0BAA0B,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/D;AAAA,IACA,MAAM,mBAAmB,QAAQ,QAAQ,IAAI,kBAAkB,KAAK,IAAI,KAAK,EAAE,YAAY;AAAA,IAC3F,IAAI,oBAAoB,UAAU,oBAAoB,QAAQ;AAAA,MAC5D,IAAI;AAAA,QACF,OACE,oBAAoB,SAChB,MAAM,eAAe,MAAM,2BAA2B,IACtD,MAAM,eAAe,MAAM,2BAA2B;AAAA,QAC5D,OAAO,OAAY;AAAA,QAGnB,MAAM,UAAU,OAAO,WAAW,GAAG;AAAA,QACrC,MAAM,SAAS,QAAQ,SAAS,QAAQ,KAAK,QAAQ,SAAS,KAAK,IAAI,MAAM;AAAA,QAC7E,MAAM,UAAU,IAAI,QAAQ,EAAE,gBAAgB,aAAa,CAAC;AAAA,QAC5D,eAAe,OAAO;AAAA,QACtB,qBAAqB,OAAO;AAAA,QAC5B,OAAO,IAAI,SAAS,SAAS,EAAE,QAAQ,QAAQ,CAAC;AAAA;AAAA,IAEpD,EAAO,SAAI,iBAAiB;AAAA,MAC1B,MAAM,UAAU,IAAI,QAAQ,EAAE,gBAAgB,aAAa,CAAC;AAAA,MAC5D,eAAe,OAAO;AAAA,MACtB,qBAAqB,OAAO;AAAA,MAC5B,OAAO,IAAI,SAAS,iCAAiC,mBAAmB,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAAA,IAClG;AAAA,IAGA,IAAI,SAAS,GAAG,UAAU,2BAA0B;AAAA,MAClD,IAAI,CAAC,mBAAmB;AAAA,QACtB,OAAO,IAAI,SAAS,aAAa,EAAE,QAAQ,IAAI,CAAC;AAAA,MAClD;AAAA,MACA,IAAI;AAAA,QACF,QAAQ,QAAQ,WAAW,OAAO,aAAa,MAAM,oBAA4B,IAAI;AAAA,QACrF,MAAM,SAAS,aAAa,WAAW,QAAQ;AAAA,QAC/C,IAAI,OAAO,eAAe,oBAAmB;AAAA,UAC3C,MAAM,IAAI,aACR,2BAA2B,OAAO,mCAAmC,uBACrE,GACF;AAAA,QACF;AAAA,QACA,MAAM,WAAW,OAAO,OAAO;AAAA,QAC/B,IAAI,QAAQ,OAAO,aAAa,WAAW,OAAO,QAAQ,IAAI,OAAO,YAAY,CAAC;AAAA,QAClF,IAAI,CAAC,OAAO,SAAS,KAAK,KAAK,QAAQ;AAAA,UAAG,QAAQ;AAAA,QAClD,IAAI,QAAQ;AAAA,UAAsB,QAAQ;AAAA,QAE1C,MAAM,OAAsE,CAAC;AAAA,QAC7E,SAAS,IAAI,EAAG,IAAI,OAAO,KAAK;AAAA,UAC9B,KAAK,KAAK,MAAM,kBAAkB,kBAAkB,CAAC;AAAA,QACvD;AAAA,QAQA,MAAM,YAAY,KAAK,IAAI,CAAC,MAAM,EAAE,UAAU,QAAQ,CAAC;AAAA,QACvD,MAAM,cAAc,iBAAiB,4BAA4B;AAAA,UAC/D,YAAY,KAAK,IAAI,CAAC,MAAM,EAAE,SAAS;AAAA,UACvC,cAAc,KAAK,IAAI,CAAC,MAAM,EAAE,WAAW;AAAA,UAC3C,YAAY;AAAA,QACd,CAAC;AAAA,QACD,MAAM,eAAe,mBAAmB,4BAA4B,CAAC,WAAW,CAAC;AAAA,QACjF,MAAM,WAAW,cAAc,YAAY;AAAA,QAC3C,eAAe,SAAS,OAAO;AAAA,QAC/B,qBAAqB,SAAS,OAAO;AAAA,QACrC,OAAO,mBAAmB,UAAU,mBAAmB,iBAAiB;AAAA,QACxE,OAAO,OAAY;AAAA,QACnB,IAAI,iBAAiB,cAAc;AAAA,UACjC,MAAM,KAAI,kBAAkB,OAAO,MAAM,YAAY,0BAA0B;AAAA,UAC/E,qBAAqB,GAAE,OAAO;AAAA,UAC9B,OAAO,mBAAmB,IAAG,mBAAmB,iBAAiB;AAAA,QACnE;AAAA,QACA,MAAM,IAAI,kBAAkB,OAAO,KAAK,0BAA0B;AAAA,QAClE,qBAAqB,EAAE,OAAO;AAAA,QAC9B,OAAO,mBAAmB,GAAG,mBAAmB,iBAAiB;AAAA;AAAA,IAErE;AAAA,IAGA,IAAI,SAAS,GAAG,UAAU,wBAAwB;AAAA,MAChD,IAAI;AAAA,QACF,MAAM,WAAW,MAAM,qBACrB,SAAS,MACT,SACA,UACA,SAAS,mBAAmB,SAC9B;AAAA,QACA,eAAe,SAAS,OAAO;AAAA,QAC/B,OAAO,mBAAmB,UAAU,mBAAmB,iBAAiB;AAAA,QACxE,OAAO,OAAY;AAAA,QACnB,OAAO,mBAAmB,kBAAkB,OAAO,GAAG,GAAG,mBAAmB,iBAAiB;AAAA;AAAA,IAEjG;AAAA,IAGA,IAAI,CAAC,KAAK,WAAW,GAAG,SAAS,GAAG;AAAA,MAClC,OAAO,IAAI,SAAS,aAAa,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClD;AAAA,IAEA,MAAM,UAAU,KAAK,MAAM,OAAO,SAAS,CAAC;AAAA,IAC5C,IAAI;AAAA,IACJ,IAAI;AAAA,IAEJ,IAAI,QAAQ,SAAS,OAAO,GAAG;AAAA,MAC7B,aAAa,QAAQ,MAAM,GAAG,EAAE;AAAA,MAChC,SAAS;AAAA,IACX,EAAO,SAAI,QAAQ,SAAS,WAAW,GAAG;AAAA,MACxC,aAAa,QAAQ,MAAM,GAAG,EAAE;AAAA,MAChC,SAAS;AAAA,IACX,EAAO;AAAA,MACL,aAAa;AAAA,MACb,SAAS;AAAA;AAAA,IAIX,MAAM,SAAS,QAAQ,IAAI,UAAU;AAAA,IACrC,IAAI,CAAC,QAAQ;AAAA,MACX,MAAM,YAAY,CAAC,GAAG,QAAQ,KAAK,CAAC,EAAE,KAAK;AAAA,MAC3C,MAAM,OAAM,IAAI,0BACd,oBAAoB,oCAAoC,UAAU,KAAK,IAAI,IAC7E;AAAA,MACA,OAAO,mBAAmB,kBAAkB,MAAK,GAAG,GAAG,mBAAmB,iBAAiB;AAAA,IAC7F;AAAA,IAUA,IAAI,SAAS,yBAAyB,QAAQ,eAAe,wBAAwB,WAAW,YAAY;AAAA,MAC1G,IAAI;AAAA,QAIF,IAAI;AAAA,QACJ,IAAI;AAAA,UACF,MAAM,SAAS,iBAAiB,IAAI;AAAA,UACpC,UAAU,OAAO,YAAY;AAAA,UAC7B,MAAM;AAAA,QAIR,uBAAuB,OAAO;AAAA,QAC9B,OAAO,KAAK;AAAA,QACZ,MAAM,YAAY,OAAO,+BAA4B,OAAO,eAAe;AAAA,QAC3E,MAAM,WAAW,gBAAgB,WAAW,KAAc,UAAU,IAAI;AAAA,QACxE,MAAM,UAAU,mBAAmB,WAAW,CAAC,QAAQ,CAAC;AAAA,QACxD,MAAM,WAAW,cAAc,SAAS,GAAG;AAAA,QAC3C,eAAe,SAAS,OAAO;AAAA,QAC/B,qBAAqB,SAAS,OAAO;AAAA,QACrC,OAAO,mBAAmB,UAAU,mBAAmB,iBAAiB;AAAA;AAAA,IAE5E;AAAA,IAKA,MAAM,gBAAgB,aAAa;AAAA,IAEnC,MAAM,aAAa,OAAO,+BAA4B,UAAU;AAAA,IAChE,MAAM,eAAe,MAAM,gBAAgB;AAAA,IAC3C,MAAM,OAAO,IAAI;AAAA,IACjB,MAAM,OAAqB;AAAA,MACzB,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA,WAAW;AAAA,MACX,UAAU,SAAS;AAAA,MACnB;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN,WAAW,MAAM,aAAa;AAAA,MAC9B,YAAY,MAAM,UAAU;AAAA,MAC5B,eAAe,MAAM,iBAAiB;AAAA,MAItC,aAAa,WAAW,SAAS,OAAO;AAAA,IAC1C;AAAA,IACA,MAAM,QAAwB;AAAA,MAC5B,cAAc;AAAA,MACd,eAAe;AAAA,MACf,WAAW;AAAA,MACX,YAAY;AAAA,MACZ,YAAY;AAAA,MACZ,aAAa;AAAA,IACf;AAAA,IAEA,MAAM,YAAY,cAAc,gBAAgB,IAAI;AAAA,IACpD,IAAI;AAAA,IAEJ,IAAI;AAAA,MACF,IAAI;AAAA,MAEJ,IAAI,WAAW,QAAQ;AAAA,QACrB,IAAI,OAAO,8BAA2B;AAAA,UACpC,MAAM,IAAI,aAAa,WAAW,sEAAsE,GAAG;AAAA,QAC7G;AAAA,QACA,WAAW,MAAM,kBAAkB,QAAQ,MAAM,GAAG;AAAA,MACtD,EAAO,SAAI,WAAW,QAAQ;AAAA,QAC5B,IAAI,OAAO,gCAA4B;AAAA,UACrC,MAAM,IAAI,aACR,WAAW,2CAA2C,UAAU,uBAChE,GACF;AAAA,QACF;AAAA,QACA,WAAW,MAAM,uBAAuB,QAAQ,MAAM,GAAG;AAAA,MAC3D,EAAO;AAAA,QACL,IAAI,OAAO,gCAA4B;AAAA,UACrC,MAAM,IAAI,aACR,WAAW,2CAA2C,UAAU,uBAChE,GACF;AAAA,QACF;AAAA,QACA,WAAW,MAAM,2BAA2B,QAAQ,MAAM,GAAG;AAAA;AAAA,MAI/D,MAAM,gBAAiB,SAAiB;AAAA,MACxC,IAAI,eAAe;AAAA,QACjB,gBAAgB,yBAAyB,QAAQ,gBAAgB,IAAI,MAAM,OAAO,aAAa,CAAC;AAAA,MAClG;AAAA,MACA,eAAe,SAAS,OAAO;AAAA,MAC/B,qBAAqB,SAAS,OAAO;AAAA,MACrC,2BAA2B,SAAS,SAAS,UAAU;AAAA,MACvD,OAAO,mBAAmB,UAAU,mBAAmB,iBAAiB;AAAA,MACxE,OAAO,OAAY;AAAA,MACnB,gBAAgB,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,OAAO,KAAK,CAAC;AAAA,MACxE,IAAI,iBAAiB,cAAc;AAAA,QACjC,MAAM,KAAI,kBAAkB,OAAO,MAAM,UAAU;AAAA,QACnD,qBAAqB,GAAE,OAAO;AAAA,QAC9B,2BAA2B,GAAE,SAAS,UAAU;AAAA,QAChD,OAAO,mBAAmB,IAAG,mBAAmB,iBAAiB;AAAA,MACnE;AAAA,MACA,MAAM,IAAI,kBAAkB,OAAO,GAAG;AAAA,MACtC,qBAAqB,EAAE,OAAO;AAAA,MAC9B,2BAA2B,EAAE,SAAS,UAAU;AAAA,MAChD,OAAO,mBAAmB,GAAG,mBAAmB,iBAAiB;AAAA,cACjE;AAAA,MAEA,IAAI,YAAY;AAAA,QACd,IAAI,WAAW;AAAA,UAAW,KAAK,YAAY,WAAW;AAAA,QACtD,KAAK,gBAAgB,WAAW;AAAA,MAClC;AAAA,MACA,cAAc,cAAc,WAAW,MAAM,OAAO,aAAa;AAAA,MAGjE,IAAI,mBAAmB;AAAA,QACrB,IAAI;AAAA,UACF,kBAAkB;AAAA,UAClB,MAAM;AAAA,QAGR,oBAAoB;AAAA,MACtB;AAAA;AAAA;AAAA,EAKJ,SAAS,0BAA0B,CAAC,SAAkB,MAA+B;AAAA,IACnF,IAAI,CAAC;AAAA,MAAM;AAAA,IACX,IAAI,KAAK,cAAc,MAAM;AAAA,MAC3B,QAAQ,IAAI,gBAAgB,KAAK,SAAS;AAAA,MAI1C,YAAY,MAAM,UAAU,sBAAsB;AAAA,QAChD,QAAQ,IAAI,GAAG,qBAAqB,QAAQ,KAAK;AAAA,MACnD;AAAA,IACF;AAAA,IACA,IAAI,KAAK,QAAQ;AAAA,MACf,QAAQ,IAAI,sBAAsB,MAAM;AAAA,IAC1C;AAAA;AAAA;;Ac7hCJ,IAAI;AACJ,IAAI,OAAO,cAAc,eAAe,CAAC,UAAU,WAAW,aAAa,cAAc,GAAG;AAAA,EACxF,MAAM,OAAO;AAAA,EACb,MAAM,UAAU;AAAA,EAChB,aAAa,GAAG,QAAQ;AAC5B;AACA,SAAS,eAAe,CAAC,OAAO,UAAU;AAAA,EACtC,IAAI,SAAS,MAAM;AAAA,IACf,OAAO;AAAA,EACX;AAAA,EACA,IAAI;AAAA,IACA,OAAQ,iBAAiB,YACrB,OAAO,eAAe,KAAK,EAAE,OAAO,iBAAiB,SAAS,UAAU,OAAO;AAAA,IAEvF,MAAM;AAAA,IACF,OAAO;AAAA;AAAA;AAGf,IAAM,wBAAwB;AAC9B,IAAM,uBAAuB;AAC7B,SAAS,cAAc,CAAC,SAAS,MAAM,OAAO;AAAA,EAC1C,MAAM,OAAM,IAAI,UAAU,SAAS,EAAE,MAAM,CAAC;AAAA,EAC5C,OAAO,OAAO,MAAK,EAAE,KAAK,CAAC;AAAA,EAC3B,OAAO;AAAA;AAEJ,IAAM,wBAAwB,OAAO;AACrC,IAAM,YAAY,OAAO;AACzB,IAAM,iBAAiB,OAAO;AAC9B,IAAM,cAAc,OAAO;AAC3B,IAAM,kBAAkB,OAAO;AAC/B,IAAM,aAAa,OAAO;AAC1B,IAAM,YAAY,OAAO;AAChC,IAAM,UAAU,IAAI;AACpB,IAAM,UAAU,IAAI;AACpB,SAAS,GAAG,CAAC,OAAO;AAAA,EAChB,IAAI,OAAO,UAAU,UAAU;AAAA,IAC3B,OAAO,QAAQ,OAAO,KAAK;AAAA,EAC/B;AAAA,EACA,OAAO,QAAQ,OAAO,KAAK;AAAA;AAE/B,IAAI;AACJ,IAAI,WAAW,UAAU,UAAU;AAAA,EAC/B,kBAAkB,CAAC,UAAU;AAAA,IACzB,IAAI,iBAAiB,aAAa;AAAA,MAC9B,QAAQ,IAAI,WAAW,KAAK;AAAA,IAChC;AAAA,IACA,OAAO,MAAM,SAAS,EAAE,UAAU,aAAa,aAAa,KAAK,CAAC;AAAA;AAE1E,EACK;AAAA,EACD,MAAM,aAAa;AAAA,EACnB,kBAAkB,CAAC,UAAU;AAAA,IACzB,IAAI,iBAAiB,aAAa;AAAA,MAC9B,QAAQ,IAAI,WAAW,KAAK;AAAA,IAChC;AAAA,IACA,MAAM,MAAM,CAAC;AAAA,IACb,SAAS,IAAI,EAAG,IAAI,MAAM,YAAY,KAAK,YAAY;AAAA,MACnD,IAAI,KAAK,OAAO,aAAa,MAAM,MAAM,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,CAAC;AAAA,IAC/E;AAAA,IACA,OAAO,KAAK,IAAI,KAAK,EAAE,CAAC,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG;AAAA;AAAA;AAG1F,IAAI;AACJ,IAAI,WAAW,YAAY;AAAA,EACvB,kBAAkB,CAAC,UAAU;AAAA,IACzB,IAAI;AAAA,MACA,OAAO,WAAW,WAAW,OAAO,EAAE,UAAU,YAAY,CAAC;AAAA,MAEjE,OAAO,OAAO;AAAA,MACV,MAAM,eAAe,qDAAqD,uBAAuB,KAAK;AAAA;AAAA;AAGlH,EACK;AAAA,EACD,kBAAkB,CAAC,UAAU;AAAA,IACzB,IAAI;AAAA,MACA,MAAM,UAAS,KAAK,MAAM,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG,EAAE,QAAQ,OAAO,EAAE,CAAC;AAAA,MAClF,MAAM,QAAQ,IAAI,WAAW,QAAO,MAAM;AAAA,MAC1C,SAAS,IAAI,EAAG,IAAI,QAAO,QAAQ,KAAK;AAAA,QACpC,MAAM,KAAK,QAAO,WAAW,CAAC;AAAA,MAClC;AAAA,MACA,OAAO;AAAA,MAEX,OAAO,OAAO;AAAA,MACV,MAAM,eAAe,qDAAqD,uBAAuB,KAAK;AAAA;AAAA;AAAA;AAIlH,SAAS,IAAI,CAAC,OAAO;AAAA,EACjB,IAAI,OAAO,UAAU,UAAU;AAAA,IAC3B,OAAO,gBAAgB,KAAK;AAAA,EAChC;AAAA,EACA,OAAO,gBAAgB,KAAK;AAAA;AAAA;AAEzB,MAAM,kCAAkC,MAAM;AAAA,EACjD;AAAA,EACA,WAAW,CAAC,SAAS,SAAS;AAAA,IAC1B,MAAM,SAAS,OAAO;AAAA,IACtB,KAAK,OAAO,KAAK,YAAY;AAAA,IAC7B,KAAK,OAAO;AAAA,IACZ,MAAM,oBAAoB,MAAM,KAAK,WAAW;AAAA;AAExD;AAAA;AACO,MAAM,iCAAiC,MAAM;AAAA,EAChD;AAAA,EACA,WAAW,CAAC,SAAS,SAAS;AAAA,IAC1B,MAAM,SAAS,OAAO;AAAA,IACtB,KAAK,OAAO,KAAK,YAAY;AAAA,IAC7B,IAAI,SAAS,MAAM;AAAA,MACf,KAAK,OAAO,SAAS;AAAA,IACzB;AAAA,IACA,MAAM,oBAAoB,MAAM,KAAK,WAAW;AAAA;AAExD;AACA,SAAS,GAAG,CAAC,SAAS,MAAM,OAAO;AAAA,EAC/B,OAAO,IAAI,yBAAyB,SAAS,EAAE,MAAM,MAAM,CAAC;AAAA;AAEhE,eAAe,sBAAsB,CAAC,KAAK;AAAA,EACvC,IAAI;AAAA,EACJ,QAAQ,IAAI;AAAA,SACH;AAAA,MACD,aAAa;AAAA,QACT,KAAK,IAAI;AAAA,QACT,KAAK,IAAI;AAAA,QACT,GAAG,IAAI;AAAA,QACP,GAAG,IAAI;AAAA,MACX;AAAA,MACA;AAAA,SACC;AAAA,MACD,aAAa;AAAA,QACT,KAAK,IAAI;AAAA,QACT,KAAK,IAAI;AAAA,QACT,GAAG,IAAI;AAAA,MACX;AAAA,MACA;AAAA,SACC;AAAA,MACD,aAAa;AAAA,QACT,KAAK,IAAI;AAAA,QACT,KAAK,IAAI;AAAA,QACT,KAAK,IAAI;AAAA,MACb;AAAA,MACA;AAAA,SACC;AAAA,MACD,aAAa;AAAA,QACT,GAAG,IAAI;AAAA,QACP,KAAK,IAAI;AAAA,QACT,GAAG,IAAI;AAAA,MACX;AAAA,MACA;AAAA;AAAA,MAEA,MAAM,IAAI,0BAA0B,4BAA4B,EAAE,OAAO,IAAI,CAAC;AAAA;AAAA,EAEtF,OAAO,KAAK,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI,KAAK,UAAU,UAAU,CAAC,CAAC,CAAC;AAAA;AAEtF,SAAS,eAAe,CAAC,KAAK,IAAI;AAAA,EAC9B,IAAI,EAAE,eAAe,YAAY;AAAA,IAC7B,MAAM,eAAe,GAAG,0BAA0B,oBAAoB;AAAA,EAC1E;AAAA;AAEJ,SAAS,gBAAgB,CAAC,KAAK,IAAI;AAAA,EAC/B,gBAAgB,KAAK,EAAE;AAAA,EACvB,IAAI,IAAI,SAAS,WAAW;AAAA,IACxB,MAAM,eAAe,GAAG,kCAAkC,qBAAqB;AAAA,EACnF;AAAA;AAEJ,SAAS,eAAe,CAAC,KAAK,IAAI;AAAA,EAC9B,gBAAgB,KAAK,EAAE;AAAA,EACvB,IAAI,IAAI,SAAS,UAAU;AAAA,IACvB,MAAM,eAAe,GAAG,iCAAiC,qBAAqB;AAAA,EAClF;AAAA;AAEJ,SAAS,YAAY,CAAC,OAAO;AAAA,EACzB,OAAO,MAAM,YAAY,EAAE,QAAQ,kBAAkB,EAAE;AAAA;AAE3D,SAAS,YAAY,CAAC,OAAO;AAAA,EACzB,IAAI,UAAU,QAAQ,OAAO,UAAU,YAAY,MAAM,QAAQ,KAAK,GAAG;AAAA,IACrE,OAAO;AAAA,EACX;AAAA,EACA,OAAO;AAAA;AAEX,SAAS,cAAc,CAAC,OAAO;AAAA,EAC3B,IAAI,gBAAgB,OAAO,OAAO,GAAG;AAAA,IACjC,QAAQ,OAAO,YAAY,MAAM,QAAQ,CAAC;AAAA,EAC9C;AAAA,EACA,MAAM,UAAU,IAAI,QAAQ,SAAS,CAAC,CAAC;AAAA,EACvC,IAAI,cAAc,CAAC,QAAQ,IAAI,YAAY,GAAG;AAAA,IAC1C,QAAQ,IAAI,cAAc,UAAU;AAAA,EACxC;AAAA,EACA,IAAI,QAAQ,IAAI,eAAe,GAAG;AAAA,IAC9B,MAAM,eAAe,sEAAsE,qBAAqB;AAAA,EACpH;AAAA,EACA,OAAO;AAAA;AAEX,SAAS,MAAM,CAAC,KAAK,OAAO;AAAA,EACxB,IAAI,UAAU,WAAW;AAAA,IACrB,IAAI,OAAO,UAAU,YAAY;AAAA,MAC7B,QAAQ,MAAM,IAAI,IAAI;AAAA,IAC1B;AAAA,IACA,IAAI,EAAE,iBAAiB,cAAc;AAAA,MACjC,MAAM,eAAe,iEAAiE,oBAAoB;AAAA,IAC9G;AAAA,IACA,OAAO;AAAA,EACX;AAAA,EACA;AAAA;AAEJ,SAAS,kBAAkB,CAAC,UAAU;AAAA,EAClC,IAAI,SAAS,SAAS,IAAI,GAAG;AAAA,IACzB,OAAO,SAAS,QAAQ,MAAM,GAAG;AAAA,EACrC;AAAA,EACA,OAAO;AAAA;AAEX,SAAS,gBAAgB,CAAC,KAAK,WAAW,wBAAwB,OAAO;AAAA,EACrE,IAAI,IAAI,aAAa,KAAK;AAAA,IACtB,IAAI,WAAW;AAAA,EACnB,EACK;AAAA,IACD,IAAI,WAAW,mBAAmB,GAAG,aAAa,wBAAwB,IAAI,WAAW,IAAI,SAAS,QAAQ,SAAS,EAAE,GAAG;AAAA;AAAA,EAEhI,OAAO;AAAA;AAEX,SAAS,eAAe,CAAC,KAAK,WAAW;AAAA,EACrC,IAAI,WAAW,mBAAmB,GAAG,IAAI,YAAY,WAAW;AAAA,EAChE,OAAO;AAAA;AAEX,eAAe,gBAAgB,CAAC,OAAO,SAAS,WAAW,SAAS;AAAA,EAChE,IAAI,EAAE,iBAAiB,MAAM;AAAA,IACzB,MAAM,eAAe,IAAI,uCAAuC,oBAAoB;AAAA,EACxF;AAAA,EACA,cAAc,OAAO,UAAU,2BAA2B,IAAI;AAAA,EAC9D,MAAM,MAAM,UAAU,IAAI,IAAI,MAAM,IAAI,CAAC;AAAA,EACzC,MAAM,UAAU,eAAe,SAAS,OAAO;AAAA,EAC/C,QAAQ,IAAI,UAAU,kBAAkB;AAAA,EACxC,QAAQ,UAAU,gBAAgB,OAAO,IAAI,MAAM;AAAA,IAC/C,MAAM;AAAA,IACN,SAAS,OAAO,YAAY,QAAQ,QAAQ,CAAC;AAAA,IAC7C,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK,SAAS,MAAM;AAAA,EACvC,CAAC;AAAA;AAEL,eAAsB,gBAAgB,CAAC,kBAAkB,SAAS;AAAA,EAC9D,OAAO,iBAAiB,kBAAkB,oBAAoB,CAAC,QAAQ;AAAA,IACnE,QAAQ,SAAS;AAAA,WACR;AAAA,WACA;AAAA,QACD,gBAAgB,KAAK,kCAAkC;AAAA,QACvD;AAAA,WACC;AAAA,QACD,iBAAiB,KAAK,wCAAwC;AAAA,QAC9D;AAAA;AAAA,QAEA,MAAM,eAAe,6DAA6D,qBAAqB;AAAA;AAAA,IAE/G,OAAO;AAAA,KACR,OAAO;AAAA;AAwBd,SAAS,YAAY,CAAC,OAAO,IAAI,MAAM,OAAO;AAAA,EAC1C,IAAI;AAAA,IACA,IAAI,OAAO,UAAU,UAAU;AAAA,MAC3B,MAAM,eAAe,GAAG,uBAAuB,sBAAsB,KAAK;AAAA,IAC9E;AAAA,IACA,IAAI,MAAM,WAAW,GAAG;AAAA,MACpB,MAAM,eAAe,GAAG,wBAAwB,uBAAuB,KAAK;AAAA,IAChF;AAAA,IAEJ,OAAO,MAAK;AAAA,IACR,IAAI,MAAM;AAAA,MACN,MAAM,IAAI,KAAI,SAAS,MAAM,KAAK;AAAA,IACtC;AAAA,IACA,MAAM;AAAA;AAAA;AAGd,eAAsB,wBAAwB,CAAC,0BAA0B,UAAU;AAAA,EAC/E,MAAM,WAAW;AAAA,EACjB,IAAI,EAAE,oBAAoB,QAAQ,aAAa,mBAAmB;AAAA,IAC9D,MAAM,eAAe,yDAAyD,oBAAoB;AAAA,EACtG;AAAA,EACA,IAAI,CAAC,gBAAgB,UAAU,QAAQ,GAAG;AAAA,IACtC,MAAM,eAAe,8CAA8C,oBAAoB;AAAA,EAC3F;AAAA,EACA,IAAI,SAAS,WAAW,KAAK;AAAA,IACzB,MAAM,IAAI,oGAAoG,yBAAyB,QAAQ;AAAA,EACnJ;AAAA,EACA,uBAAuB,QAAQ;AAAA,EAC/B,MAAM,OAAO,MAAM,oBAAoB,QAAQ;AAAA,EAC/C,aAAa,KAAK,QAAQ,qCAAqC,kBAAkB,EAAE,MAAM,KAAK,CAAC;AAAA,EAC/F,IAAI,aAAa,qBAAqB,IAAI,IAAI,KAAK,MAAM,EAAE,SAAS,SAAS,MAAM;AAAA,IAC/E,MAAM,IAAI,uEAAuE,2BAA2B,EAAE,UAAU,SAAS,MAAM,MAAM,MAAM,WAAW,SAAS,CAAC;AAAA,EAC5K;AAAA,EACA,OAAO;AAAA;AAEX,SAAS,qBAAqB,CAAC,UAAU;AAAA,EACrC,kBAAkB,UAAU,kBAAkB;AAAA;AAElD,SAAS,OAAO,CAAC,aAAa,OAAO;AAAA,EACjC,IAAI,MAAM;AAAA,EACV,IAAI,MAAM,SAAS,GAAG;AAAA,IAClB,MAAM,OAAO,MAAM,IAAI;AAAA,IACvB,OAAO,GAAG,MAAM,KAAK,IAAI,SAAS;AAAA,EACtC,EACK,SAAI,MAAM,WAAW,GAAG;AAAA,IACzB,OAAO,GAAG,MAAM,SAAS,MAAM;AAAA,EACnC,EACK;AAAA,IACD,OAAO,MAAM;AAAA;AAAA,EAEjB,OAAO,IAAI,KAAK,sBAAsB,QAAQ;AAAA;AAElD,SAAS,kBAAkB,CAAC,aAAa,OAAO;AAAA,EAC5C,IAAI,CAAC,MAAM,SAAS,eAAe,QAAQ,CAAC,GAAG;AAAA,IAC3C,MAAM,QAAQ,UAAU,GAAG,KAAK;AAAA,EACpC;AAAA;AAEJ,SAAS,iBAAiB,CAAC,UAAU,aAAa;AAAA,EAC9C,IAAI,eAAe,QAAQ,MAAM,aAAa;AAAA,IAC1C,MAAM,QAAQ,UAAU,WAAW;AAAA,EACvC;AAAA;AAEJ,SAAS,YAAW,GAAG;AAAA,EACnB,OAAO,KAAK,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC;AAAA;AA8B1D,SAAS,KAAK,CAAC,KAAK;AAAA,EAChB,QAAQ,IAAI,UAAU,KAAK;AAAA,SAClB;AAAA,MACD,OAAO;AAAA,SACN;AAAA,MACD,OAAO;AAAA,SACN;AAAA,MACD,OAAO;AAAA;AAAA,MAEP,MAAM,IAAI,0BAA0B,+CAA+C;AAAA,QAC/E,OAAO;AAAA,MACX,CAAC;AAAA;AAAA;AAGb,SAAS,KAAK,CAAC,KAAK;AAAA,EAChB,QAAQ,IAAI,UAAU,KAAK;AAAA,SAClB;AAAA,MACD,OAAO;AAAA,SACN;AAAA,MACD,OAAO;AAAA,SACN;AAAA,MACD,OAAO;AAAA;AAAA,MAEP,MAAM,IAAI,0BAA0B,+CAA+C;AAAA,QAC/E,OAAO;AAAA,MACX,CAAC;AAAA;AAAA;AAGb,SAAS,KAAK,CAAC,KAAK;AAAA,EAChB,QAAQ,IAAI,UAAU;AAAA,SACb;AAAA,MACD,OAAO;AAAA,SACN;AAAA,MACD,OAAO;AAAA,SACN;AAAA,MACD,OAAO;AAAA;AAAA,MAEP,MAAM,IAAI,0BAA0B,yCAAyC,EAAE,OAAO,IAAI,CAAC;AAAA;AAAA;AAGvG,SAAS,QAAQ,CAAC,KAAK;AAAA,EACnB,QAAQ,IAAI,UAAU;AAAA,SACb;AAAA,MACD,OAAO,MAAM,GAAG;AAAA,SACf;AAAA,MACD,OAAO,MAAM,GAAG;AAAA,SACf;AAAA,MACD,OAAO,MAAM,GAAG;AAAA,SACf;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,MACD,OAAO,IAAI,UAAU;AAAA,SACpB;AAAA,MACD,OAAO;AAAA;AAAA,MAEP,MAAM,IAAI,0BAA0B,wCAAwC,EAAE,OAAO,IAAI,CAAC;AAAA;AAAA;AAGtG,SAAS,YAAY,CAAC,QAAQ;AAAA,EAC1B,MAAM,OAAO,SAAS;AAAA,EACtB,OAAO,OAAO,SAAS,YAAY,OAAO,SAAS,IAAI,IAAI,OAAO;AAAA;AAEtE,SAAS,iBAAiB,CAAC,QAAQ;AAAA,EAC/B,MAAM,YAAY,SAAS;AAAA,EAC3B,OAAO,OAAO,cAAc,YAAY,OAAO,SAAS,SAAS,KAAK,KAAK,KAAK,SAAS,MAAM,KACzF,YACA;AAAA;AAEV,SAAS,SAAS,GAAG;AAAA,EACjB,OAAO,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA;AAEvC,SAAS,QAAQ,CAAC,IAAI;AAAA,EAClB,IAAI,OAAO,OAAO,YAAY,OAAO,MAAM;AAAA,IACvC,MAAM,eAAe,0BAA0B,oBAAoB;AAAA,EACvE;AAAA,EACA,aAAa,GAAG,QAAQ,aAAa;AAAA;AA4FzC,eAAe,OAAO,CAAC,QAAQ,SAAS,KAAK;AAAA,EACzC,IAAI,CAAC,IAAI,OAAO,SAAS,MAAM,GAAG;AAAA,IAC9B,MAAM,eAAe,yFAAyF,qBAAqB;AAAA,EACvI;AAAA,EACA,MAAM,QAAQ,GAAG,KAAK,IAAI,KAAK,UAAU,MAAM,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,UAAU,OAAO,CAAC,CAAC;AAAA,EACvF,MAAM,YAAY,KAAK,MAAM,OAAO,OAAO,KAAK,YAAY,GAAG,GAAG,KAAK,IAAI,KAAK,CAAC,CAAC;AAAA,EAClF,OAAO,GAAG,SAAS;AAAA;AAoEvB,IAAI;AACJ,eAAe,oBAAoB,CAAC,KAAK,KAAK;AAAA,EAC1C,QAAQ,KAAK,GAAG,GAAG,GAAG,GAAG,KAAK,QAAQ,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG;AAAA,EAC9E,MAAM,MAAM,EAAE,KAAK,GAAG,GAAG,GAAG,GAAG,KAAK,IAAI;AAAA,EACxC,IAAI,QAAQ;AAAA,IACR,IAAI,MAAM;AAAA,EACd,SAAS,IAAI,KAAK,GAAG;AAAA,EACrB,OAAO;AAAA;AAEX,eAAe,SAAS,CAAC,KAAK,KAAK;AAAA,EAC/B,aAAa,IAAI;AAAA,EACjB,OAAO,SAAS,IAAI,GAAG,KAAK,qBAAqB,KAAK,GAAG;AAAA;AAE7D,IAAM,WAAW,IAAI,QAEb,CAAC,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,IACpC,CAAC,KAAK,SAAS;AAAA,EACb,IAAI;AAAA,IACA,OAAO,IAAI,IAAI,KAAK,IAAI;AAAA,IAE5B,MAAM;AAAA,IACF,OAAO;AAAA;AAAA;AAGZ,SAAS,aAAa,CAAC,KAAK,cAAc;AAAA,EAC7C,IAAI,gBAAgB,IAAI,aAAa,UAAU;AAAA,IAC3C,MAAM,IAAI,sCAAsC,wBAAwB,GAAG;AAAA,EAC/E;AAAA,EACA,IAAI,IAAI,aAAa,YAAY,IAAI,aAAa,SAAS;AAAA,IACvD,MAAM,IAAI,4CAA4C,4BAA4B,GAAG;AAAA,EACzF;AAAA;AAEJ,SAAS,gBAAgB,CAAC,OAAO,UAAU,cAAc,cAAc;AAAA,EACnE,IAAI;AAAA,EACJ,IAAI,OAAO,UAAU,YAAY,EAAE,MAAM,SAAS,KAAK,IAAI;AAAA,IACvD,MAAM,IAAI,0DAA0D,eAAe,6BAA6B,cAAc,OAAO,eAAe,UAAU,YAAY,0BAA0B,yBAAyB,EAAE,WAAW,eAAe,yBAAyB,aAAa,SAAS,CAAC;AAAA,EAC7S;AAAA,EACA,cAAc,KAAK,YAAY;AAAA,EAC/B,OAAO;AAAA;AAEJ,SAAS,eAAe,CAAC,IAAI,UAAU,cAAc,cAAc;AAAA,EACtE,IAAI,gBAAgB,GAAG,yBAAyB,YAAY,GAAG,uBAAuB;AAAA,IAClF,OAAO,iBAAiB,GAAG,sBAAsB,WAAW,UAAU,cAAc,YAAY;AAAA,EACpG;AAAA,EACA,OAAO,iBAAiB,GAAG,WAAW,UAAU,cAAc,YAAY;AAAA;AAkB9E,MAAM,YAAY;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,WAAW,CAAC,QAAQ,SAAS,SAAS;AAAA,IAClC,iBAAiB,SAAS,YAAY,mBAAmB;AAAA,IACzD,gBAAgB,SAAS,WAAW,kBAAkB;AAAA,IACtD,IAAI,CAAC,QAAQ,UAAU,aAAa;AAAA,MAChC,MAAM,eAAe,6CAA6C,qBAAqB;AAAA,IAC3F;AAAA,IACA,KAAK,mBAAmB,UAAU;AAAA,IAClC,KAAK,aAAa,aAAa,MAAM;AAAA,IACrC,KAAK,cAAc,QAAQ;AAAA,IAC3B,KAAK,aAAa,QAAQ;AAAA,IAC1B,QAAQ,IAAI,IAAI;AAAA;AAAA,EAEpB,IAAI,CAAC,KAAK;AAAA,IACN,KAAK,SAAS,IAAI;AAAA,IAClB,IAAI,OAAO,KAAK,KAAK,IAAI,GAAG;AAAA,IAC5B,IAAI,MAAM;AAAA,MACN,KAAK,KAAK,OAAO,GAAG;AAAA,MACpB,KAAK,KAAK,IAAI,KAAK,IAAI;AAAA,IAC3B;AAAA,IACA,OAAO;AAAA;AAAA,EAEX,IAAI,CAAC,KAAK,KAAK;AAAA,IACX,KAAK,SAAS,IAAI;AAAA,IAClB,KAAK,KAAK,OAAO,GAAG;AAAA,IACpB,IAAI,KAAK,KAAK,SAAS,KAAK;AAAA,MACxB,KAAK,KAAK,OAAO,KAAK,KAAK,KAAK,EAAE,KAAK,EAAE,KAAK;AAAA,IAClD;AAAA,IACA,KAAK,KAAK,IAAI,KAAK,GAAG;AAAA;AAAA,OAEpB,oBAAmB,GAAG;AAAA,IACxB,IAAI,CAAC,KAAK,MAAM;AAAA,MACZ,MAAM,MAAM,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,UAAU;AAAA,MAChE,KAAK,SAAS,MAAM,uBAAuB,GAAG;AAAA,IAClD;AAAA,IACA,OAAO,KAAK;AAAA;AAAA,OAEV,SAAQ,CAAC,KAAK,SAAS,KAAK,aAAa;AAAA,IAC3C,MAAM,MAAM,SAAS,KAAK,WAAW;AAAA,IACrC,KAAK,YAAY;AAAA,MACb;AAAA,MACA,KAAK;AAAA,MACL,KAAK,MAAM,UAAU,KAAK,YAAY,GAAG;AAAA,IAC7C;AAAA,IACA,MAAM,QAAQ,KAAK,KAAK,IAAI,MAAM;AAAA,IAClC,MAAM,MAAM,UAAU,IAAI,KAAK;AAAA,IAC/B,MAAM,UAAU;AAAA,MACZ,KAAK;AAAA,MACL,KAAK,aAAY;AAAA,MACjB;AAAA,MACA;AAAA,MACA,KAAK,GAAG,IAAI,SAAS,IAAI;AAAA,MACzB,KAAK,cACC,KAAK,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI,WAAW,CAAC,CAAC,IAC5D;AAAA,IACV;AAAA,IACA,KAAK,mBAAmB,KAAK,SAAS,OAAO;AAAA,IAC7C,QAAQ,IAAI,QAAQ,MAAM,QAAQ,KAAK,SAAS,SAAS,KAAK,WAAW,CAAC;AAAA;AAAA,EAE9E,UAAU,CAAC,UAAU,KAAK;AAAA,IACtB,IAAI;AAAA,MACA,MAAM,QAAQ,SAAS,QAAQ,IAAI,YAAY;AAAA,MAC/C,IAAI,OAAO;AAAA,QACP,KAAK,KAAK,IAAI,QAAQ,KAAK;AAAA,MAC/B;AAAA,MAEJ,MAAM;AAAA;AAEd;AAgEA,IAAM,aAAa;AACnB,IAAM,eAAe;AACrB,IAAM,cAAc;AACpB,IAAM,qBAAqB,MAAM,aAAa,eAAe;AAC7D,IAAM,eAAe,MAAM,aAAa,gBAAgB,aAAa;AACrE,IAAM,WAAW,IAAI,OAAO,cAAc,aAAa,GAAG;AAC1D,IAAM,gBAAgB,IAAI,OAAO,aAAa,qBAAqB,aAAa;AAChF,IAAM,kBAAkB,IAAI,OAAO,aAAa,eAAe,aAAa;AAC5E,IAAM,iBAAiB,IAAI,OAAO,OAAO,eAAe,mBAAmB;AA0K3E,IAAI;AACJ,SAAS,YAAY,CAAC,IAAI,MAAM,KAAK,OAAO;AAAA,EACxC,YAAY,IAAI;AAAA,EAChB,QAAQ,IAAI,IAAI;AAAA,IACZ;AAAA,IACA;AAAA,QACI,GAAG,GAAG;AAAA,MACN,OAAO,UAAU,IAAI,KAAK;AAAA;AAAA,EAElC,CAAC;AAAA,EACD,IAAI,OAAO;AAAA,IACP,OAAO,OAAO,OAAO,EAAE,MAAM,gBAAgB,IAAI,GAAG,IAAI,CAAC;AAAA,EAC7D;AAAA;AAEJ,SAAS,gBAAgB,CAAC,OAAO;AAAA,EAC7B,IAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAAA,IAC7C,OAAO;AAAA,EACX;AAAA,EACA,IAAI,EAAE,SAAS,UAAU,OAAO,MAAM,QAAQ,YAAY,UAAU,IAAI,MAAM,OAAO,KAAK;AAAA,IACtF,OAAO;AAAA,EACX;AAAA,EACA,IAAI,EAAE,UAAU,UACZ,CAAC,aAAa,MAAM,IAAI,KACxB,CAAC,MAAM,QAAQ,MAAM,KAAK,IAAI,KAC9B,CAAC,MAAM,UAAU,MAAM,KAAK,MAAM,KAAK,MAAM,YAAY,GAAG;AAAA,IAC5D,OAAO;AAAA,EACX;AAAA,EACA,OAAO;AAAA;AAEX,SAAS,cAAc,CAAC,IAAI,OAAO;AAAA,EAC/B,SAAS,OAAO,EAAE;AAAA,EAClB,OAAO,OAAO;AAAA,EACd,OAAO,OAAO;AAAA;AAElB,eAAe,gCAAgC,CAAC,IAAI,SAAS,QAAQ;AAAA,EACjE,QAAQ,KAAK,QAAQ;AAAA,EACrB,qBAAqB,MAAM;AAAA,EAC3B,IAAI,CAAC,SAAS,IAAI,EAAE,KAAK,iBAAiB,UAAU,UAAU,GAAG;AAAA,IAC7D,aAAa,IAAI,UAAU,WAAW,MAAM,UAAU,WAAW,GAAG;AAAA,EACxE;AAAA,EACA,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI,SAAS,IAAI,EAAE,GAAG;AAAA,KAEjB,EAAE,MAAM,IAAI,IAAI,QAAQ,IAAI,EAAE;AAAA,IAC/B,IAAI,OAAO,KAAK;AAAA,MACZ,eAAe,IAAI,UAAU,UAAU;AAAA,MACvC,OAAO,iCAAiC,IAAI,SAAS,MAAM;AAAA,IAC/D;AAAA,EACJ,EACK;AAAA,IACD,OAAO,MAAM,YAAY,IAAI,OAAO,EAAE,KAAK,mBAAmB;AAAA,IAC9D,MAAM;AAAA,IACN,aAAa,IAAI,MAAM,UAAU,GAAG,UAAU,UAAU;AAAA;AAAA,EAE5D,IAAI;AAAA,EACJ,QAAQ,IAAI,MAAM,GAAG,CAAC;AAAA,SACb;AAAA,SACA;AAAA,MACD,MAAM;AAAA,MACN;AAAA,SACC;AAAA,MACD,MAAM;AAAA,MACN;AAAA,SACC;AAAA,MACD,MAAM;AAAA,MACN;AAAA,SACC;AAAA,MACD,MAAM;AAAA,MACN;AAAA;AAAA,MAEA,MAAM,IAAI,0BAA0B,6BAA6B,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAAA;AAAA,EAE3F,MAAM,aAAa,KAAK,KAAK,OAAO,CAAC,SAAQ;AAAA,IACzC,IAAI,KAAI,QAAQ,KAAK;AAAA,MACjB,OAAO;AAAA,IACX;AAAA,IACA,IAAI,QAAQ,aAAa,QAAQ,KAAI,KAAK;AAAA,MACtC,OAAO;AAAA,IACX;AAAA,IACA,IAAI,KAAI,QAAQ,aAAa,QAAQ,KAAI,KAAK;AAAA,MAC1C,OAAO;AAAA,IACX;AAAA,IACA,IAAI,KAAI,QAAQ,aAAa,KAAI,QAAQ,OAAO;AAAA,MAC5C,OAAO;AAAA,IACX;AAAA,IACA,IAAI,KAAI,SAAS,SAAS,QAAQ,MAAM,OAAO;AAAA,MAC3C,OAAO;AAAA,IACX;AAAA,IACA,QAAQ;AAAA,YACC,QAAQ,WAAW,KAAI,QAAQ;AAAA,YAC/B,QAAQ,WAAW,KAAI,QAAQ;AAAA,YAC/B,QAAQ,WAAW,KAAI,QAAQ;AAAA,YAC/B,QAAQ,aAAa,KAAI,QAAQ;AAAA,YACjC,QAAQ,WAAW,KAAI,QAAQ;AAAA,QAChC,OAAO;AAAA;AAAA,IAEf,OAAO;AAAA,GACV;AAAA,EACD,QAAQ,GAAG,KAAK,WAAW;AAAA,EAC3B,IAAI,CAAC,QAAQ;AAAA,IACT,IAAI,OAAO,IAAI;AAAA,MACX,eAAe,IAAI,UAAU,UAAU;AAAA,MACvC,OAAO,iCAAiC,IAAI,SAAS,MAAM;AAAA,IAC/D;AAAA,IACA,MAAM,IAAI,yEAAyE,eAAe,EAAE,QAAQ,YAAY,UAAU,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;AAAA,EAC5J;AAAA,EACA,IAAI,WAAW,GAAG;AAAA,IACd,MAAM,IAAI,yHAAyH,eAAe,EAAE,QAAQ,YAAY,UAAU,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;AAAA,EAC5M;AAAA,EACA,OAAO,UAAU,KAAK,GAAG;AAAA;AAEtB,IAAM,mBAAmB,OAAO;AAChC,SAAS,cAAc,CAAC,OAAO;AAAA,EAClC,OAAO,MAAM,QAAQ,IAAI,cAAc,GAAG,MAAM,GAAG,EAAE;AAAA;AA2EzD,IAAM,gBAAgB,IAAI;AAC1B,IAAM,UAAU,IAAI;AAgHpB,SAAS,gBAAgB,CAAC,UAAU,QAAQ;AAAA,EACxC,IAAI,MAAM,QAAQ,OAAO,OAAO,GAAG,GAAG;AAAA,IAClC,IAAI,CAAC,OAAO,OAAO,IAAI,SAAS,QAAQ,GAAG;AAAA,MACvC,MAAM,IAAI,+CAA+C,sBAAsB;AAAA,QAC3E;AAAA,QACA,QAAQ,OAAO;AAAA,QACf,OAAO;AAAA,MACX,CAAC;AAAA,IACL;AAAA,EACJ,EACK,SAAI,OAAO,OAAO,QAAQ,UAAU;AAAA,IACrC,MAAM,IAAI,+CAA+C,sBAAsB;AAAA,MAC3E;AAAA,MACA,QAAQ,OAAO;AAAA,MACf,OAAO;AAAA,IACX,CAAC;AAAA,EACL;AAAA,EACA,OAAO;AAAA;AAQX,SAAS,cAAc,CAAC,IAAI,QAAQ;AAAA,EAChC,MAAM,WAAW,GAAG,mBAAmB,MAAM,KAAK,GAAG;AAAA,EACrD,IAAI,OAAO,OAAO,QAAQ,UAAU;AAAA,IAChC,MAAM,IAAI,6CAA6C,sBAAsB;AAAA,MACzE;AAAA,MACA,QAAQ,OAAO;AAAA,MACf,OAAO;AAAA,IACX,CAAC;AAAA,EACL;AAAA,EACA,OAAO;AAAA;AAEX,IAAM,UAAU,IAAI;AAKb,IAAM,SAAS,OAAO;AAqB7B,IAAM,gBAAgB;AAAA,EAClB,KAAK;AAAA,EACL,QAAQ;AAAA,EACR,WAAW;AAAA,EACX,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,WAAW;AACf;AACA,SAAS,gBAAgB,CAAC,UAAU,QAAQ;AAAA,EACxC,WAAW,SAAS,UAAU;AAAA,IAC1B,IAAI,OAAO,OAAO,WAAW,WAAW;AAAA,MACpC,MAAM,IAAI,QAAQ,WAAW,cAAc,yBAAyB,kBAAkB;AAAA,QAClF,QAAQ,OAAO;AAAA,MACnB,CAAC;AAAA,IACL;AAAA,EACJ;AAAA,EACA,OAAO;AAAA;AAEJ,IAAM,gBAAgB,OAAO;AAC7B,IAAM,oBAAoB,OAAO;AAsFjC,IAAM,wBAAwB;AAG9B,IAAM,cAAc;AACpB,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AACxB,IAAM,uBAAuB;AAC7B,IAAM,0BAA0B;AAChC,IAAM,yBAAyB;AAC/B,IAAM,6BAA6B;AACnC,IAAM,sBAAsB;AAC5B,IAAM,uBAAuB;AAC7B,IAAM,4BAA4B;AAClC,IAAM,gBAAgB;AACtB,IAAM,0BAA0B;AAChC,IAAM,0BAA0B;AACvC,SAAS,YAAY,CAAC,UAAU,QAAQ;AAAA,EACpC,IAAI,OAAO,OAAO,OAAO,QAAQ,YAAY,aAAa,OAAO,OAAO,GAAG,MAAM,UAAU;AAAA,IACvF,MAAM,IAAI,+CAA+C,kBAAkB;AAAA,MACvE,QAAQ,OAAO;AAAA,IACnB,CAAC;AAAA,EACL;AAAA,EACA,OAAO;AAAA;AAqCX,SAAS,sBAAsB,CAAC,UAAU;AAAA,EACtC,IAAI,SAAS,UAAU;AAAA,IACnB,MAAM,eAAe,yCAAyC,qBAAqB;AAAA,EACvF;AAAA;AAoDJ,eAAe,WAAW,CAAC,IAAI,SAAS;AAAA,EACpC,SAAS,EAAE;AAAA,EACX,MAAM,MAAM,gBAAgB,IAAI,YAAY,OAAO,UAAU,2BAA2B,IAAI;AAAA,EAC5F,MAAM,UAAU,eAAe,SAAS,OAAO;AAAA,EAC/C,QAAQ,IAAI,UAAU,kBAAkB;AAAA,EACxC,QAAQ,OAAO,UAAU,0BAA0B;AAAA,EACnD,QAAQ,UAAU,gBAAgB,OAAO,IAAI,MAAM;AAAA,IAC/C,MAAM;AAAA,IACN,SAAS,OAAO,YAAY,QAAQ,QAAQ,CAAC;AAAA,IAC7C,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK,SAAS,MAAM;AAAA,EACvC,CAAC;AAAA;AAEL,eAAe,mBAAmB,CAAC,UAAU;AAAA,EACzC,IAAI,CAAC,gBAAgB,UAAU,QAAQ,GAAG;AAAA,IACtC,MAAM,eAAe,8CAA8C,oBAAoB;AAAA,EAC3F;AAAA,EACA,IAAI,SAAS,WAAW,KAAK;AAAA,IACzB,MAAM,IAAI,uFAAuF,yBAAyB,QAAQ;AAAA,EACtI;AAAA,EACA,uBAAuB,QAAQ;AAAA,EAC/B,MAAM,OAAO,MAAM,oBAAoB,UAAU,CAAC,cAAa,mBAAmB,WAAU,oBAAoB,0BAA0B,CAAC;AAAA,EAC3I,IAAI,CAAC,MAAM,QAAQ,KAAK,IAAI,GAAG;AAAA,IAC3B,MAAM,IAAI,oDAAoD,kBAAkB,EAAE,MAAM,KAAK,CAAC;AAAA,EAClG;AAAA,EACA,IAAI,CAAC,MAAM,UAAU,MAAM,KAAK,KAAK,MAAM,YAAY,GAAG;AAAA,IACtD,MAAM,IAAI,yEAAyE,kBAAkB,EAAE,MAAM,KAAK,CAAC;AAAA,EACvH;AAAA,EACA,OAAO;AAAA;AAEX,SAAS,SAAS,CAAC,KAAK;AAAA,EACpB,QAAQ;AAAA,SACC;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,MACD,OAAO;AAAA;AAAA,MAEP,OAAO;AAAA;AAAA;AAGnB,SAAS,oBAAoB,CAAC,QAAQ;AAAA,EAClC,IAAI,CAAC,UAAU,OAAO,GAAG,GAAG;AAAA,IACxB,MAAM,IAAI,0BAA0B,oCAAoC;AAAA,MACpE,OAAO,EAAE,KAAK,OAAO,IAAI;AAAA,IAC7B,CAAC;AAAA,EACL;AAAA;AAEJ,SAAS,oBAAoB,CAAC,KAAK;AAAA,EAC/B,QAAQ,cAAc;AAAA,EACtB,IAAI,OAAO,UAAU,kBAAkB,YAAY,UAAU,gBAAgB,MAAM;AAAA,IAC/E,MAAM,IAAI,0BAA0B,eAAe,UAAU,sBAAsB;AAAA,MAC/E,OAAO;AAAA,IACX,CAAC;AAAA,EACL;AAAA;AAEJ,SAAS,aAAa,CAAC,KAAK;AAAA,EACxB,QAAQ,cAAc;AAAA,EACtB,QAAQ,UAAU;AAAA,SACT;AAAA,MACD,OAAO;AAAA,SACN;AAAA,MACD,OAAO;AAAA,SACN;AAAA,MACD,OAAO;AAAA;AAAA,MAEP,MAAM,IAAI,0BAA0B,gCAAgC,EAAE,OAAO,IAAI,CAAC;AAAA;AAAA;AAG9F,SAAS,WAAW,CAAC,KAAK;AAAA,EACtB,QAAQ,IAAI,UAAU;AAAA,SACb;AAAA,MACD,OAAO;AAAA,QACH,MAAM,IAAI,UAAU;AAAA,QACpB,MAAM,cAAc,GAAG;AAAA,MAC3B;AAAA,SACC,WAAW;AAAA,MACZ,qBAAqB,GAAG;AAAA,MACxB,QAAQ,IAAI,UAAU,KAAK;AAAA,aAClB;AAAA,aACA;AAAA,aACA;AAAA,UACD,OAAO;AAAA,YACH,MAAM,IAAI,UAAU;AAAA,YACpB,YAAY,SAAS,IAAI,UAAU,KAAK,KAAK,MAAM,EAAE,GAAG,EAAE,KAAK;AAAA,UACnE;AAAA;AAAA,UAEA,MAAM,IAAI,0BAA0B,iCAAiC,EAAE,OAAO,IAAI,CAAC;AAAA;AAAA,IAE/F;AAAA,SACK;AAAA,MACD,qBAAqB,GAAG;AAAA,MACxB,OAAO,IAAI,UAAU;AAAA,SACpB;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,MACD,OAAO,IAAI,UAAU;AAAA;AAAA,EAE7B,MAAM,IAAI,0BAA0B,wCAAwC,EAAE,OAAO,IAAI,CAAC;AAAA;AAE9F,eAAe,oBAAoB,CAAC,iBAAiB,SAAS,KAAK,WAAW;AAAA,EAC1E,MAAM,OAAO,IAAI,GAAG,mBAAmB,SAAS;AAAA,EAChD,MAAM,YAAY,YAAY,GAAG;AAAA,EACjC,MAAM,WAAW,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK,WAAW,IAAI;AAAA,EAC3E,IAAI,CAAC,UAAU;AAAA,IACX,MAAM,IAAI,qCAAqC,kBAAkB;AAAA,MAC7D;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAEJ,eAAe,WAAW,CAAC,KAAK,UAAU,YAAW,iBAAgB,YAAY;AAAA,EAC7E,MAAM,GAAG,iBAAiB,GAAG,SAAS,WAAW,IAAI,MAAM,GAAG;AAAA,EAC9D,IAAI,WAAW,GAAG;AAAA,IACd,IAAI,eAAe,WAAW;AAAA,MAC1B,MAAM,MAAM,WAAW,GAAG;AAAA,OACzB,EAAE,GAAG,iBAAiB,GAAG,SAAS,OAAO,IAAI,IAAI,MAAM,GAAG;AAAA,IAC/D,EACK;AAAA,MACD,MAAM,IAAI,0BAA0B,oCAAoC,EAAE,OAAO,IAAI,CAAC;AAAA;AAAA,EAE9F;AAAA,EACA,IAAI,WAAW,GAAG;AAAA,IACd,MAAM,IAAI,eAAe,kBAAkB,GAAG;AAAA,EAClD;AAAA,EACA,IAAI;AAAA,EACJ,IAAI;AAAA,IACA,SAAS,KAAK,MAAM,IAAI,KAAK,eAAe,CAAC,CAAC;AAAA,IAElD,OAAO,OAAO;AAAA,IACV,MAAM,IAAI,6DAA6D,aAAa,KAAK;AAAA;AAAA,EAE7F,IAAI,CAAC,aAAa,MAAM,GAAG;AAAA,IACvB,MAAM,IAAI,yCAAyC,kBAAkB,GAAG;AAAA,EAC5E;AAAA,EACA,SAAS,MAAM;AAAA,EACf,IAAI,OAAO,SAAS,WAAW;AAAA,IAC3B,MAAM,IAAI,0BAA0B,2DAA2D;AAAA,MAC3F,OAAO,EAAE,OAAO;AAAA,IACpB,CAAC;AAAA,EACL;AAAA,EACA,IAAI;AAAA,EACJ,IAAI;AAAA,IACA,SAAS,KAAK,MAAM,IAAI,KAAK,OAAO,CAAC,CAAC;AAAA,IAE1C,OAAO,OAAO;AAAA,IACV,MAAM,IAAI,8DAA8D,aAAa,KAAK;AAAA;AAAA,EAE9F,IAAI,CAAC,aAAa,MAAM,GAAG;AAAA,IACvB,MAAM,IAAI,0CAA0C,kBAAkB,GAAG;AAAA,EAC7E;AAAA,EACA,MAAM,MAAM,UAAU,IAAI;AAAA,EAC1B,IAAI,OAAO,QAAQ,WAAW;AAAA,IAC1B,IAAI,OAAO,OAAO,QAAQ,UAAU;AAAA,MAChC,MAAM,IAAI,qDAAqD,kBAAkB,EAAE,OAAO,CAAC;AAAA,IAC/F;AAAA,IACA,IAAI,OAAO,OAAO,MAAM,iBAAgB;AAAA,MACpC,MAAM,IAAI,4FAA4F,qBAAqB,EAAE,QAAQ,KAAK,WAAW,iBAAgB,OAAO,MAAM,CAAC;AAAA,IACvL;AAAA,EACJ;AAAA,EACA,IAAI,OAAO,QAAQ,WAAW;AAAA,IAC1B,IAAI,OAAO,OAAO,QAAQ,UAAU;AAAA,MAChC,MAAM,IAAI,+CAA+C,kBAAkB,EAAE,OAAO,CAAC;AAAA,IACzF;AAAA,EACJ;AAAA,EACA,IAAI,OAAO,QAAQ,WAAW;AAAA,IAC1B,IAAI,OAAO,OAAO,QAAQ,UAAU;AAAA,MAChC,MAAM,IAAI,4CAA4C,kBAAkB,EAAE,OAAO,CAAC;AAAA,IACtF;AAAA,EACJ;AAAA,EACA,IAAI,OAAO,QAAQ,WAAW;AAAA,IAC1B,IAAI,OAAO,OAAO,QAAQ,UAAU;AAAA,MAChC,MAAM,IAAI,gDAAgD,kBAAkB,EAAE,OAAO,CAAC;AAAA,IAC1F;AAAA,IACA,IAAI,OAAO,MAAM,MAAM,iBAAgB;AAAA,MACnC,MAAM,IAAI,iDAAiD,qBAAqB;AAAA,QAC5E;AAAA,QACA;AAAA,QACA,WAAW;AAAA,QACX,OAAO;AAAA,MACX,CAAC;AAAA,IACL;AAAA,EACJ;AAAA,EACA,IAAI,OAAO,QAAQ,WAAW;AAAA,IAC1B,IAAI,OAAO,OAAO,QAAQ,YAAY,CAAC,MAAM,QAAQ,OAAO,GAAG,GAAG;AAAA,MAC9D,MAAM,IAAI,8CAA8C,kBAAkB,EAAE,OAAO,CAAC;AAAA,IACxF;AAAA,EACJ;AAAA,EACA,OAAO,EAAE,QAAQ,QAAQ,KAAK,IAAI;AAAA;AA0NtC,SAAS,qBAAqB,CAAC,QAAQ,QAAQ,UAAU,QAAQ;AAAA,EAC7D,IAAI,WAAW,WAAW;AAAA,IACtB,IAAI,OAAO,WAAW,WAAW,OAAO,QAAQ,SAAS,CAAC,OAAO,SAAS,OAAO,GAAG,GAAG;AAAA,MACnF,MAAM,IAAI,yCAAyC,kBAAkB;AAAA,QACjE;AAAA,QACA,UAAU;AAAA,QACV,QAAQ;AAAA,MACZ,CAAC;AAAA,IACL;AAAA,IACA;AAAA,EACJ;AAAA,EACA,IAAI,MAAM,QAAQ,MAAM,GAAG;AAAA,IACvB,IAAI,CAAC,OAAO,SAAS,OAAO,GAAG,GAAG;AAAA,MAC9B,MAAM,IAAI,yCAAyC,kBAAkB;AAAA,QACjE;AAAA,QACA,UAAU;AAAA,QACV,QAAQ;AAAA,MACZ,CAAC;AAAA,IACL;AAAA,IACA;AAAA,EACJ;AAAA,EACA,IAAI,aAAa,WAAW;AAAA,IACxB,IAAI,OAAO,aAAa,WAClB,OAAO,QAAQ,WACf,OAAO,aAAa,aAChB,CAAC,SAAS,OAAO,GAAG,IACpB,CAAC,SAAS,SAAS,OAAO,GAAG,GAAG;AAAA,MACtC,MAAM,IAAI,yCAAyC,kBAAkB;AAAA,QACjE;AAAA,QACA,UAAU;AAAA,QACV,QAAQ;AAAA,MACZ,CAAC;AAAA,IACL;AAAA,IACA;AAAA,EACJ;AAAA,EACA,MAAM,IAAI,oFAAoF,WAAW,EAAE,QAAQ,QAAQ,SAAS,CAAC;AAAA;AASlI,IAAM,iBAAiB,OAAO;AAC9B,IAAM,gBAAgB,OAAO;AAyDpC,SAAS,WAAW,CAAC,KAAK;AAAA,EACtB,QAAQ;AAAA,SACC;AAAA,SACA;AAAA,SACA;AAAA,MACD,OAAO,EAAE,MAAM,WAAW,MAAM,OAAO,IAAI,MAAM,EAAE,IAAI;AAAA,SACtD;AAAA,SACA;AAAA,SACA;AAAA,MACD,OAAO,EAAE,MAAM,qBAAqB,MAAM,OAAO,IAAI,MAAM,EAAE,IAAI;AAAA,SAChE;AAAA,SACA;AAAA,MACD,OAAO,EAAE,MAAM,SAAS,YAAY,KAAK,IAAI,MAAM,EAAE,IAAI;AAAA,SACxD;AAAA,MACD,OAAO,EAAE,MAAM,SAAS,YAAY,QAAQ;AAAA,SAC3C;AAAA,MACD,OAAO;AAAA,SACN;AAAA,SACA;AAAA,SACA;AAAA,SACA;AAAA,MACD,OAAO;AAAA;AAAA,MAEP,MAAM,IAAI,0BAA0B,6BAA6B,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAAA;AAAA;AAG/F,eAAe,SAAS,CAAC,KAAK,KAAK;AAAA,EAC/B,QAAQ,KAAK,SAAS,QAAQ,QAAQ;AAAA,EACtC,OAAO,OAAO,OAAO,UAAU,OAAO,KAAK,YAAY,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC;AAAA;AAoEjF,SAAS,YAAY,CAAC,KAAK;AAAA,EACvB,MAAM,MAAM,IAAI,IAAI,GAAG;AAAA,EACvB,IAAI,SAAS;AAAA,EACb,IAAI,OAAO;AAAA,EACX,OAAO,IAAI;AAAA;AAEf,eAAe,YAAY,CAAC,SAAS,aAAa,mBAAmB,SAAS;AAAA,EAC1E,MAAM,cAAc,QAAQ,QAAQ,IAAI,MAAM;AAAA,EAC9C,IAAI,gBAAgB,MAAM;AAAA,IACtB,MAAM,IAAI,wEAAwE,iBAAiB,EAAE,SAAS,QAAQ,QAAQ,CAAC;AAAA,EACnI;AAAA,EACA,IAAI,QAAQ,QAAQ,IAAI,eAAe,GAAG,YAAY,EAAE,WAAW,OAAO,MAAM,OAAO;AAAA,IACnF,MAAM,IAAI,+FAA+F,iBAAiB,EAAE,SAAS,QAAQ,QAAQ,CAAC;AAAA,EAC1J;AAAA,EACA,IAAI,OAAO,kBAAkB,KAAK,QAAQ,UAAU;AAAA,IAChD,MAAM,IAAI,uFAAuF,iBAAiB,EAAE,QAAQ,kBAAkB,CAAC;AAAA,EACnJ;AAAA,EACA,MAAM,aAAY,aAAa,OAAO;AAAA,EACtC,MAAM,QAAQ,MAAM,YAAY,aAAa,sBAAsB,KAAK,WAAW,SAAS,mBAAmB,WAAW,SAAS,GAAG,YAAW,kBAAkB,OAAO,GAAG,SAAS,EACjL,KAAK,aAAa,KAAK,WAAW,UAAU,CAAC,EAC7C,KAAK,iBAAiB,KAAK,WAAW,CAAC,OAAO,OAAO,OAAO,OAAO,KAAK,CAAC,CAAC;AAAA,EAC/E,MAAM,MAAM,UAAU,IAAI;AAAA,EAC1B,MAAM,OAAO,KAAK,IAAI,MAAM,MAAM,OAAO,GAAG;AAAA,EAC5C,IAAI,OAAO,KAAK;AAAA,IACZ,MAAM,IAAI,uCAAuC,qBAAqB;AAAA,MAClE;AAAA,MACA,QAAQ,MAAM;AAAA,MACd,OAAO;AAAA,IACX,CAAC;AAAA,EACL;AAAA,EACA,IAAI,MAAM,OAAO,QAAQ,QAAQ,QAAQ;AAAA,IACrC,MAAM,IAAI,2BAA2B,sBAAsB;AAAA,MACvD,UAAU,QAAQ;AAAA,MAClB,QAAQ,MAAM;AAAA,MACd,OAAO;AAAA,IACX,CAAC;AAAA,EACL;AAAA,EACA,IAAI,OAAO,MAAM,OAAO,QAAQ,YAC5B,aAAa,MAAM,OAAO,GAAG,MAAM,aAAa,QAAQ,GAAG,GAAG;AAAA,IAC9D,MAAM,IAAI,2BAA2B,sBAAsB;AAAA,MACvD,UAAU,aAAa,QAAQ,GAAG;AAAA,MAClC,QAAQ,MAAM;AAAA,MACd,OAAO;AAAA,IACX,CAAC;AAAA,EACL;AAAA,EACA;AAAA,IACI,MAAM,WAAW,KAAK,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI,WAAW,CAAC,CAAC;AAAA,IAC7E,IAAI,MAAM,OAAO,QAAQ,UAAU;AAAA,MAC/B,MAAM,IAAI,2BAA2B,sBAAsB;AAAA,QACvD;AAAA,QACA,QAAQ,MAAM;AAAA,QACd,OAAO;AAAA,MACX,CAAC;AAAA,IACL;AAAA,EACJ;AAAA,EACA,QAAQ,KAAK,QAAQ,MAAM;AAAA,EAC3B,IAAI,CAAC,aAAa,GAAG,GAAG;AAAA,IACpB,MAAM,IAAI,yDAAyD,iBAAiB;AAAA,MAChF,QAAQ,MAAM;AAAA,IAClB,CAAC;AAAA,EACL;AAAA,EACA;AAAA,IACI,MAAM,WAAW,MAAM,uBAAuB,GAAG;AAAA,IACjD,IAAI,kBAAkB,IAAI,QAAQ,UAAU;AAAA,MACxC,MAAM,IAAI,0CAA0C,sBAAsB;AAAA,QACtE;AAAA,QACA,QAAQ;AAAA,QACR,OAAO;AAAA,MACX,CAAC;AAAA,IACL;AAAA,EACJ;AAAA,EACA,QAAQ,GAAG,iBAAiB,GAAG,SAAS,GAAG,qBAAqB,YAAY,MAAM,GAAG;AAAA,EACrF,MAAM,YAAY,KAAK,gBAAgB;AAAA,EACvC,MAAM,MAAM,MAAM,UAAU,KAAK,GAAG;AAAA,EACpC,IAAI,IAAI,SAAS,UAAU;AAAA,IACvB,MAAM,IAAI,6DAA6D,iBAAiB;AAAA,MACpF,QAAQ,MAAM;AAAA,IAClB,CAAC;AAAA,EACL;AAAA,EACA,MAAM,qBAAqB,iBAAiB,SAAS,KAAK,SAAS;AAAA;AAEvE,eAAsB,sBAAsB,CAAC,IAAI,SAAS,kBAAkB,SAAS;AAAA,EACjF,SAAS,EAAE;AAAA,EACX,IAAI,CAAC,gBAAgB,SAAS,OAAO,GAAG;AAAA,IACpC,MAAM,eAAe,4CAA4C,oBAAoB;AAAA,EACzF;AAAA,EACA,aAAa,kBAAkB,oBAAoB;AAAA,EACnD,MAAM,gBAAgB,QAAQ,QAAQ,IAAI,eAAe;AAAA,EACzD,IAAI,kBAAkB,MAAM;AAAA,IACxB,MAAM,IAAI,qDAAqD,iBAAiB;AAAA,MAC5E,SAAS,QAAQ;AAAA,IACrB,CAAC;AAAA,EACL;AAAA,EACA,MAAM,GAAG,QAAQ,GAAG,aAAa,WAAW,cAAc,MAAM,GAAG;AAAA,EACnE,SAAS,OAAO,YAAY;AAAA,EAC5B,QAAQ;AAAA,SACC;AAAA,SACA;AAAA,MACD;AAAA;AAAA,MAEA,MAAM,IAAI,0BAA0B,gDAAgD;AAAA,QAChF,OAAO,EAAE,SAAS,QAAQ,QAAQ;AAAA,MACtC,CAAC;AAAA;AAAA,EAET,IAAI,WAAW,GAAG;AAAA,IACd,MAAM,IAAI,4CAA4C,iBAAiB;AAAA,MACnE,SAAS,QAAQ;AAAA,IACrB,CAAC;AAAA,EACL;AAAA,EACA,MAAM,iBAAiB;AAAA,IACnB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AAAA,EACA,IAAI,SAAS,eAAe,WAAW,UAAU,QAAQ,QAAQ,IAAI,MAAM,GAAG;AAAA,IAC1E,eAAe,KAAK,KAAK;AAAA,EAC7B;AAAA,EACA,QAAQ,QAAQ,WAAW,MAAM,YAAY,aAAa,sBAAsB,KAAK,WAAW,SAAS,mBAAmB,WAAW,SAAS,GAAG,aAAa,OAAO,GAAG,kBAAkB,OAAO,GAAG,SAAS,EAC1M,KAAK,aAAa,KAAK,WAAW,QAAQ,CAAC,EAC3C,KAAK,iBAAiB,KAAK,WAAW,cAAc,CAAC,EACrD,KAAK,eAAe,KAAK,WAAW,EAAE,CAAC,EACvC,KAAK,iBAAiB,KAAK,WAAW,gBAAgB,CAAC,EACvD,MAAM,cAAc;AAAA,EACzB,WAAW,SAAS,CAAC,aAAa,OAAO,KAAK,GAAG;AAAA,IAC7C,IAAI,OAAO,OAAO,WAAW,UAAU;AAAA,MACnC,MAAM,IAAI,mBAAmB,qBAAqB,iBAAiB,EAAE,OAAO,CAAC;AAAA,IACjF;AAAA,EACJ;AAAA,EACA,IAAI,SAAS,QAAQ;AAAA,IACjB,IAAI,CAAC,aAAa,OAAO,GAAG,GAAG;AAAA,MAC3B,MAAM,IAAI,mDAAmD,iBAAiB,EAAE,OAAO,CAAC;AAAA,IAC5F;AAAA,IACA,QAAQ,GAAG,KAAK,oBAAW,OAAO,KAAK,OAAO,GAAG;AAAA,IACjD,IAAI,SAAQ;AAAA,MACR,IAAI,YAAW,GAAG;AAAA,QACd,MAAM,IAAI,0BAA0B,kDAAkD;AAAA,UAClF,OAAO,EAAE,OAAO;AAAA,QACpB,CAAC;AAAA,MACL;AAAA,MACA,IAAI,QAAQ,OAAO;AAAA,QACf,MAAM,IAAI,0BAA0B,uCAAuC;AAAA,UACvE,OAAO,EAAE,OAAO;AAAA,QACpB,CAAC;AAAA,MACL;AAAA,IACJ;AAAA,EACJ;AAAA,EACA,QAAQ,GAAG,iBAAiB,GAAG,SAAS,GAAG,qBAAqB,YAAY,MAAM,GAAG;AAAA,EACrF,MAAM,YAAY,KAAK,gBAAgB;AAAA,EACvC,MAAM,MAAM,MAAM,iCAAiC,IAAI,SAAS,MAAM;AAAA,EACtE,MAAM,qBAAqB,iBAAiB,SAAS,KAAK,SAAS;AAAA,EACnE,IAAI,SAAS,eACT,WAAW,UACX,OAAO,KAAK,QAAQ,aACpB,QAAQ,QAAQ,IAAI,MAAM,GAAG;AAAA,IAC7B,MAAM,aAAa,SAAS,aAAa,QAAQ,OAAO,EAAE,MAAM,cAAc;AAAA,EAClF;AAAA,EACA,OAAO;AAAA;AAEX,SAAS,cAAc,CAAC,MAAK;AAAA,EACzB,IAAI,gBAAe,4BAA4B,MAAK,SAAS,iBAAiB;AAAA,IAC1E,KAAI,OAAO;AAAA,EACf;AAAA,EACA,MAAM;AAAA;AAwHV,eAAe,mBAAmB,CAAC,UAAU,QAAQ,uBAAuB;AAAA,EACxE,IAAI;AAAA,EACJ,IAAI;AAAA,IACA,OAAO,MAAM,SAAS,KAAK;AAAA,IAE/B,OAAO,OAAO;AAAA,IACV,MAAM,QAAQ;AAAA,IACd,MAAM,IAAI,2CAA2C,aAAa,KAAK;AAAA;AAAA,EAE3E,IAAI,CAAC,aAAa,IAAI,GAAG;AAAA,IACrB,MAAM,IAAI,8CAA8C,kBAAkB,EAAE,MAAM,KAAK,CAAC;AAAA,EAC5F;AAAA,EACA,OAAO;AAAA;AAGJ,IAAM,oBAAoB,OAAO;AACjC,IAAM,kBAAkB,OAAO;;;AC76E/B,SAAS,eAAe,CAAC,SAAiD;AAAA,EAC/E,MAAM,iBAAiB,QAAQ,kBAAkB;AAAA,EACjD,MAAM,SAAS,QAAQ,UAAU;AAAA,EACjC,MAAM,WAAW,QAAQ;AAAA,EAEzB,IAAI,YAAuD;AAAA,EAE3D,eAAe,sBAAsB,GAAuC;AAAA,IAC1E,IAAI,QAAQ,SAAS;AAAA,MACnB,OAAO;AAAA,QACL,QAAQ,QAAQ;AAAA,QAChB,UAAU,QAAQ;AAAA,MACpB;AAAA,IACF;AAAA,IACA,MAAM,YAAY,IAAI,IAAI,QAAQ,MAAM;AAAA,IACxC,MAAM,WAAW,MAAY,iBAAiB,SAAS;AAAA,IACvD,OAAa,yBAAyB,WAAW,QAAQ;AAAA;AAAA,EAG3D,OAAO,eAAe,YAAY,CAAC,SAAwC;AAAA,IACzE,IAAI,CAAC,WAAW;AAAA,MACd,YAAY,uBAAuB;AAAA,IACrC;AAAA,IAEA,IAAI;AAAA,IACJ,IAAI;AAAA,MACF,KAAK,MAAM;AAAA,MACX,OAAO,OAAO;AAAA,MAEd,YAAY;AAAA,MACZ,MAAM;AAAA;AAAA,IAKR,MAAM,YAAY,MAAM,QAAQ,QAAQ,IAAI,WAAW,CAAC,QAAQ;AAAA,IAChE,IAAI;AAAA,IACJ,IAAI;AAAA,IACJ,WAAW,OAAO,WAAW;AAAA,MAC3B,IAAI;AAAA,QACF,SAAS,MAAY,uBAAuB,IAAI,SAAS,GAAG;AAAA,QAC5D;AAAA,QACA,OAAO,OAAO;AAAA,QACd,YAAY;AAAA;AAAA,IAEhB;AAAA,IACA,IAAI,CAAC,QAAQ;AAAA,MACX,MAAM;AAAA,IACR;AAAA,IACA,MAAM,YAAa,OAAO,mBAA0C;AAAA,IAEpE,OAAO,IAAI,YAAY,QAAQ,MAAM,WAAW,MAAwC;AAAA;AAAA;;ACrE5F,IAAM,oBAAmB;AAEzB,SAAS,eAAe,GAA8C;AAAA,EACpE,MAAM,MAAY,YAAoB,WAAY,WAAmB,WAAW;AAAA,EAChF,IAAI,CAAC,KAAK;AAAA,IACR,MAAM,IAAI,MAAM,sEAAsE;AAAA,EACxF;AAAA,EACA,MAAM,KAAK,IAAI,iBAAgB;AAAA,EAC/B,OAAO,EAAE,iBAAiB,GAAG,iBAAiB,YAAY,GAAG,WAAW;AAAA;AA8B1E,SAAS,qBAAqB,CAAC,MAAc,WAA6B;AAAA,EACxE,MAAM,QAAkB,CAAC;AAAA,EACzB,IAAI,UAAoB,CAAC;AAAA,EACzB,IAAI,WAAW;AAAA,EACf,IAAI,IAAI;AAAA,EACR,OAAO,IAAI,KAAK,QAAQ;AAAA,IACtB,MAAM,KAAK,KAAK;AAAA,IAChB,IAAI,OAAO,KAAK;AAAA,MACd,WAAW,CAAC;AAAA,MACZ,QAAQ,KAAK,EAAE;AAAA,IACjB,EAAO,SAAI,OAAO,QAAQ,YAAY,IAAI,IAAI,KAAK,QAAQ;AAAA,MACzD,QAAQ,KAAK,EAAE;AAAA,MACf,QAAQ,KAAK,KAAK,IAAI,EAAE;AAAA,MACxB;AAAA,IACF,EAAO,SAAI,OAAO,aAAa,CAAC,UAAU;AAAA,MACxC,MAAM,KAAK,QAAQ,KAAK,EAAE,CAAC;AAAA,MAC3B,UAAU,CAAC;AAAA,IACb,EAAO;AAAA,MACL,QAAQ,KAAK,EAAE;AAAA;AAAA,IAEjB;AAAA,EACF;AAAA,EACA,MAAM,KAAK,QAAQ,KAAK,EAAE,CAAC;AAAA,EAC3B,OAAO;AAAA;AAGT,SAAS,cAAc,CAAC,MAAsB;AAAA,EAC5C,OAAO,KAAK,QAAQ,UAAU,IAAI;AAAA;AAIpC,SAAS,SAAS,CAAC,SAAyB;AAAA,EAC1C,WAAW,QAAQ,QAAQ,MAAM,UAAU,GAAG;AAAA,IAC5C,MAAM,UAAU,KAAK,KAAK;AAAA,IAC1B,IAAI,QAAQ,YAAY,EAAE,WAAW,KAAK,GAAG;AAAA,MAC3C,OAAO,QAAQ,MAAM,CAAC;AAAA,IACxB;AAAA,EACF;AAAA,EACA,OAAO;AAAA;AAUF,SAAS,SAAS,CAAC,aAAoC;AAAA,EAC5D,MAAM,WAA0B,CAAC;AAAA,EACjC,WAAW,cAAc,sBAAsB,aAAa,GAAG,GAAG;AAAA,IAChE,MAAM,UAAU,WAAW,KAAK;AAAA,IAChC,IAAI,CAAC;AAAA,MAAS;AAAA,IACd,MAAM,QAAQ,sBAAsB,SAAS,GAAG;AAAA,IAChD,MAAM,SAA4C,CAAC;AAAA,IACnD,WAAW,QAAQ,OAAO;AAAA,MACxB,MAAM,IAAI,KAAK,KAAK;AAAA,MACpB,IAAI,CAAC;AAAA,QAAG;AAAA,MACR,MAAM,QAAQ,EAAE,QAAQ,GAAG;AAAA,MAC3B,IAAI,QAAQ;AAAA,QAAG;AAAA,MACf,MAAM,MAAM,EAAE,MAAM,GAAG,KAAK,EAAE,KAAK,EAAE,YAAY;AAAA,MACjD,IAAI,QAAQ,EAAE,MAAM,QAAQ,CAAC,EAAE,KAAK;AAAA,MACpC,IAAI,MAAM,UAAU,KAAK,MAAM,OAAO,OAAO,MAAM,MAAM,SAAS,OAAO,KAAK;AAAA,QAC5E,QAAQ,eAAe,MAAM,MAAM,GAAG,EAAE,CAAC;AAAA,MAC3C;AAAA,MACA,IAAI,QAAQ,UAAU,QAAQ,SAAS,QAAQ,MAAM;AAAA,QACnD,QAAQ,mBAAmB,KAAK;AAAA,MAClC;AAAA,MACA,IAAI,QAAQ,OAAO;AAAA,QACjB,MAAM,WAAW,OAAO;AAAA,QACxB,IAAI,MAAM,QAAQ,QAAQ,GAAG;AAAA,UAC3B,SAAS,KAAK,KAAK;AAAA,QACrB,EAAO;AAAA,UACL,OAAO,MAAM,CAAC,KAAK;AAAA;AAAA,MAEvB,EAAO;AAAA,QACL,OAAO,OAAO;AAAA;AAAA,IAElB;AAAA,IACA,MAAM,MAAM,MAAM,QAAQ,OAAO,GAAG,IAAI,OAAO,MAAM,CAAC;AAAA,IACtD,SAAS,KAAK;AAAA,MACZ,MAAM,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO;AAAA,MACtD,MAAM,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO;AAAA,MACtD,SAAS,OAAO,OAAO,YAAY,WAAW,OAAO,UAAU;AAAA,MAC/D,KAAK,OAAO,OAAO,QAAQ,WAAW,OAAO,MAAM;AAAA,MACnD;AAAA,MACA,IAAI,OAAO,OAAO,OAAO,WAAW,OAAO,KAAK;AAAA,IAClD,CAAC;AAAA,EACH;AAAA,EACA,OAAO;AAAA;AAYF,SAAS,oBAAoB,CAAC,SAIlB;AAAA,EACjB,MAAM,WAAW,SAAS;AAAA,EAC1B,MAAM,SAAS,SAAS,UAAU;AAAA,EAClC,MAAM,gBAAgB,SAAS,iBAAiB;AAAA,EAEhD,OAAO,eAAe,YAAY,CAAC,SAAwC;AAAA,IACzE,MAAM,cAAc,QAAQ,QAAQ,IAAI,yBAAyB;AAAA,IACjE,IAAI,CAAC,aAAa;AAAA,MAChB,MAAM,IAAI,MAAM,wCAAwC;AAAA,IAC1D;AAAA,IACA,MAAM,WAAW,UAAU,WAAW;AAAA,IACtC,IAAI,SAAS,WAAW,GAAG;AAAA,MACzB,MAAM,IAAI,MAAM,sCAAsC;AAAA,IACxD;AAAA,IACA,MAAM,UAAU,kBAAkB,UAAU,SAAS,KAAK,SAAS,SAAS,SAAS;AAAA,IACrF,IAAI,UAAU;AAAA,MACZ,OAAO,SAAS,OAAO;AAAA,IACzB;AAAA,IACA,MAAM,YAAY,QAAQ,UAAU,UAAU,QAAQ,OAAO,IAAI;AAAA,IACjE,MAAM,SAA8B,CAAC;AAAA,IACrC,IAAI,QAAQ;AAAA,MAAM,OAAO,OAAO,QAAQ;AAAA,IACxC,IAAI,QAAQ;AAAA,MAAS,OAAO,UAAU,QAAQ;AAAA,IAC9C,IAAI,QAAQ;AAAA,MAAK,OAAO,MAAM,QAAQ;AAAA,IACtC,IAAI,QAAQ,IAAI,SAAS;AAAA,MAAG,OAAO,MAAM,CAAC,GAAG,QAAQ,GAAG;AAAA,IACxD,IAAI,QAAQ;AAAA,MAAI,OAAO,KAAK,QAAQ;AAAA,IACpC,OAAO,IAAI,YAAY,QAAQ,MAAM,WAAW,MAAM;AAAA;AAAA;AAQ1D,SAAS,mBAAmB,CAAC,SAAkB,QAAiC;AAAA,EAC9E,MAAM,MAAM,QAAQ,QAAQ,IAAI,MAAM;AAAA,EACtC,IAAI,CAAC,KAAK;AAAA,IACR,MAAM,IAAI,MAAM,WAAW,eAAe;AAAA,EAC5C;AAAA,EACA,MAAM,SAAS,mBAAmB,GAAG;AAAA,EACrC,IAAI,CAAC,OAAO,WAAW,6BAA6B,GAAG;AAAA,IACrD,MAAM,IAAI,MAAM,uCAAuC;AAAA,EACzD;AAAA,EACA,QAAQ,oBAAoB,gBAAgB;AAAA,EAC5C,IAAI;AAAA,IACF,OAAO,IAAI,gBAAgB,MAAM;AAAA,IACjC,OAAO,KAAK;AAAA,IACZ,MAAM,IAAI,MAAM,oCAAoC,KAAK;AAAA;AAAA;AAI7D,SAAS,eAAe,CAAC,MAA6B;AAAA,EACpD,MAAM,MAAM,IAAI;AAAA,EAChB,MAAM,YAAY,IAAI,KAAK,KAAK,SAAS;AAAA,EACzC,MAAM,WAAW,IAAI,KAAK,KAAK,OAAO;AAAA,EACtC,IAAI,MAAM,WAAW;AAAA,IACnB,MAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AAAA,EACA,IAAI,MAAM,UAAU;AAAA,IAClB,MAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAAA;AAYK,SAAS,gBAAgB,CAAC,SAId;AAAA,EACjB,QAAQ,UAAU,SAAS,qBAAqB,cAAc,UAAU;AAAA,EAExE,OAAO,eAAe,YAAY,CAAC,SAAwC;AAAA,IACzE,MAAM,OAAO,oBAAoB,SAAS,MAAM;AAAA,IAChD,IAAI,aAAa;AAAA,MACf,gBAAgB,IAAI;AAAA,IACtB;AAAA,IACA,OAAO,SAAS,IAAI;AAAA;AAAA;AAIxB,IAAM,uBAAuB,IAAI,IAAI,CAAC,UAAU,QAAQ,UAAU,QAAQ,CAAC;AAQpE,SAAS,2BAA2B,CAAC,SAMzB;AAAA,EACjB,QAAQ,cAAc,QAAQ,YAAY,UAAU,gBAAgB;AAAA,EACpE,IAAI,CAAC,qBAAqB,IAAI,SAAS,GAAG;AAAA,IACxC,MAAM,IAAI,MAAM,+BAA+B,WAAW;AAAA,EAC5D;AAAA,EACA,MAAM,UACJ,wBAAwB,MAAM,eAAe,IAAI,IAAI,OAAO,QAAQ,YAAY,CAAC;AAAA,EAEnF,SAAS,QAAQ,CAAC,MAAoC;AAAA,IACpD,QAAQ,4BAAe,gBAAgB;AAAA,IACvC,MAAM,KAAK,YAAW,SAAS,EAAE,OAAO,KAAK,GAAG,EAAE,OAAO,KAAK;AAAA,IAC9D,MAAM,MAAM,QAAQ,IAAI,EAAE;AAAA,IAC1B,IAAI,CAAC,KAAK;AAAA,MACR,MAAM,IAAI,MAAM,oCAAoC,IAAI;AAAA,IAC1D;AAAA,IACA,OAAO;AAAA;AAAA,EAGT,OAAO,iBAAiB,EAAE,UAAU,QAAQ,YAAY,CAAC;AAAA;AASpD,SAAS,uBAAuB,CAAC,SAKrB;AAAA,EACjB,QAAQ,QAAQ,SAAS,QAAQ,kBAAkB,MAAM,gBAAgB,WAAW,CAAC;AAAA,EAErF,SAAS,QAAQ,CAAC,MAAoC;AAAA,IAEpD,MAAM,eAAyB,KAAK,QACjC,MAAM;AAAA,CAAI,EACV,IAAI,CAAC,MAAc,EAAE,KAAK,CAAC,EAC3B,OAAO,OAAO;AAAA,IACjB,MAAM,YAAY,aAAa,KAAK,IAAI;AAAA,IAExC,IAAI,KAAK;AAAA,IACT,WAAW,QAAQ,cAAc;AAAA,MAC/B,IAAI,KAAK,YAAY,EAAE,WAAW,KAAK,GAAG;AAAA,QACxC,KAAK,KAAK,MAAM,CAAC;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAAA,IAEA,IAAI,oBAAoB,QAAQ,CAAC,gBAAgB,IAAI,EAAE,GAAG;AAAA,MACxD,MAAM,IAAI,MAAM,eAAe,6BAA6B;AAAA,IAC9D;AAAA,IAEA,MAAM,YAAY,OAAO,KAAK,KAAK,cAAc,EAAE,SAAS,EAAE;AAAA,IAC9D,MAAM,gBAAgB,IAAI,KAAK,KAAK,OAAO,EAAE,YAAY;AAAA,IAEzD,OAAO,IAAI,YAAY,QAAQ,MAAM,IAAI;AAAA,MACvC,YAAY;AAAA,MACZ,QAAQ;AAAA,MACR,iBAAiB;AAAA,IACnB,CAAC;AAAA;AAAA,EAGH,OAAO,iBAAiB,EAAE,UAAU,QAAQ,YAAY,CAAC;AAAA;;ACnS3D,IAAM,WAAW;AAMjB,SAAS,aAAa,CAAC,OAAwB;AAAA,EAC7C,IAAI,UAAU;AAAA,IAAM,OAAO;AAAA,EAC3B,IAAI,OAAO,UAAU;AAAA,IAAW,OAAO,QAAQ,SAAS;AAAA,EACxD,IAAI,OAAO,UAAU,UAAU;AAAA,IAK7B,OAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAAA,EACA,IAAI,OAAO,UAAU;AAAA,IAAU,OAAO,KAAK,UAAU,KAAK;AAAA,EAC1D,IAAI,MAAM,QAAQ,KAAK,GAAG;AAAA,IACxB,OAAO,IAAI,MAAM,IAAI,aAAa,EAAE,KAAK,GAAG;AAAA,EAC9C;AAAA,EACA,IAAI,OAAO,UAAU,UAAU;AAAA,IAC7B,MAAM,OAAO,OAAO,KAAK,KAAgC,EAAE,KAAK;AAAA,IAChE,MAAM,QAAQ,KAAK,IAAI,CAAC,MAAM,GAAG,KAAK,UAAU,CAAC,KAAK,cAAe,MAAkC,EAAE,GAAG;AAAA,IAC5G,OAAO,IAAI,MAAM,KAAK,GAAG;AAAA,EAC3B;AAAA,EACA,MAAM,IAAI,UAAU,mCAAmC,OAAO,OAAO;AAAA;AAGvE,eAAe,UAAS,CAAC,MAAmC;AAAA,EAG1D,MAAM,OAAM,IAAI,YAAY,KAAK,UAAU;AAAA,EAC3C,IAAI,WAAW,IAAG,EAAE,IAAI,IAAI;AAAA,EAC5B,MAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW,IAAG;AAAA,EACxD,OAAO,MAAM,KAAK,IAAI,WAAW,MAAM,CAAC,EACrC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAAA;AAaZ,eAAsB,WAAW,CAC/B,YACA,KACA,KACiB;AAAA,EACjB,MAAM,WAAW,QAAQ,YAAY,MAAM,QAAQ,IAAI;AAAA,EACvD,MAAM,YAAY,OAAQ,QAAQ;AAAA,EAElC,MAAM,cAAsC,CAAC;AAAA,EAC7C,WAAW,OAAO,OAAO,KAAK,SAAS,GAAG;AAAA,IACxC,IAAI,IAAI,WAAW,UAAU,GAAG;AAAA,MAC9B,MAAM,IAAI,UAAU;AAAA,MACpB,IAAI,MAAM;AAAA,QAAW,YAAY,OAAO;AAAA,IAC1C;AAAA,EACF;AAAA,EAEA,MAAM,YAAY;AAAA,IAChB,KAAK,CAAC,GAAG,UAAU;AAAA,IACnB,KAAK;AAAA,IACL,KAAK;AAAA,EACP;AAAA,EACA,MAAM,UAAU,IAAI,YAAY,EAAE,OAAO,cAAc,SAAS,CAAC;AAAA,EACjE,MAAM,MAAM,MAAM,WAAU,OAAO;AAAA,EACnC,OAAO,IAAI,MAAM,GAAG,QAAQ;AAAA;;ACpE9B;AACA,0CAA4B;;;ACK5B,iCAAoB;AAWpB,IAAM,UAAU;AAEhB,IAAM,iBAAiB;AAEvB,SAAS,QAAQ,CAAC,KAAsB;AAAA,EACtC,IAAI,CAAC,OAAO,UAAU,GAAG,KAAK,OAAO;AAAA,IAAG,OAAO;AAAA,EAC/C,IAAI;AAAA,IACF,QAAQ,KAAK,KAAK,CAAC;AAAA,IACnB,OAAO;AAAA,IACP,OAAO,MAAK;AAAA,IACZ,OAAQ,MAA2B,SAAS;AAAA;AAAA;AAIhD,SAAS,OAAO,CAAC,MAAsB;AAAA,EACrC,IAAI;AAAA,IACF,MAAM,KAAK,SAAS,MAAM,GAAG,QAAQ;AAAA,IACrC,IAAI;AAAA,MACF,MAAM,OAAM,OAAO,MAAM,EAAE;AAAA,MAC3B,MAAM,IAAI,SAAS,IAAI,MAAK,GAAG,KAAI,QAAQ,CAAC;AAAA,MAC5C,MAAM,OAAO,KAAI,SAAS,GAAG,CAAC,EAAE,SAAS,MAAM,EAAE,KAAK;AAAA,MACtD,IAAI,SAAS;AAAA,QAAI,OAAO;AAAA,MACxB,MAAM,SAAS,OAAO,IAAI;AAAA,MAC1B,OAAO,OAAO,UAAU,MAAM,IAAI,SAAS;AAAA,cAC3C;AAAA,MACA,UAAU,EAAE;AAAA;AAAA,IAEd,MAAM;AAAA,IACN,OAAO;AAAA;AAAA;AAIX,SAAS,WAAW,CAAC,MAAuB;AAAA,EAI1C,MAAM,KAAK,SAAS,MAAM,GAAG,SAAS,GAAG,SAAS,GAAK;AAAA,EACvD,IAAI;AAAA,IAIF,MAAM,QAAQ,OAAO,KAAK,OAAO,QAAQ,GAAG,GAAG,MAAM;AAAA,IAGrD,QAAQ;AAAA,IACR,cAAc,IAAI,CAAC;AAAA,IACnB,IAAI,UAAU;AAAA,IACd,OAAO,UAAU,MAAM,QAAQ;AAAA,MAC7B,MAAM,IAAI,UAAU,IAAI,OAAO,SAAS,MAAM,SAAS,SAAS,IAAI,OAAO;AAAA,MAC3E,IAAI,KAAK;AAAA,QAAG,MAAM,IAAI,MAAM,sBAAsB,GAAG;AAAA,MACrD,WAAW;AAAA,IACb;AAAA,IAGA,MAAM,KAAK,SAAS,IAAI;AAAA,IACxB,IAAI,GAAG,SAAS,MAAM;AAAA,MAAQ,OAAO;AAAA,IACrC,OAAO;AAAA,YACP;AAAA,IACA,UAAU,EAAE;AAAA;AAAA;AAIhB,SAAS,UAAU,CAAC,MAAoB;AAAA,EACtC,IAAI;AAAA,IACF,MAAM,KAAK,SAAS,MAAM,GAAG,MAAM;AAAA,IACnC,IAAI;AAAA,MACF,QAAQ;AAAA,MACR,cAAc,IAAI,CAAC;AAAA,cACnB;AAAA,MACA,UAAU,EAAE;AAAA;AAAA,IAEd,MAAM;AAAA;AAYH,SAAS,cAAc,CAAC,UAAyC;AAAA,EACtE,SAAS,UAAU,EAAG,UAAU,gBAAgB,WAAW;AAAA,IACzD,MAAM,cAAc,QAAQ,QAAQ;AAAA,IACpC,IAAI,cAAc,KAAK,SAAS,WAAW,GAAG;AAAA,MAG5C,OAAO;AAAA,IACT;AAAA,IAEA,IAAI,CAAC,YAAY,QAAQ;AAAA,MAAG;AAAA,IAC5B,MAAM,YAAY,QAAQ,QAAQ;AAAA,IAClC,IAAI,cAAc,QAAQ,KAAK;AAAA,MAE7B;AAAA,IACF;AAAA,IACA,IAAI,WAAW;AAAA,IACf,OAAO;AAAA,MACL,MAAM;AAAA,MACN,OAAO,GAAG;AAAA,QACR,IAAI;AAAA,UAAU;AAAA,QACd,WAAW;AAAA,QACX,WAAW,QAAQ;AAAA;AAAA,IAEvB;AAAA,EACF;AAAA,EACA,OAAO;AAAA;AAIT,eAAsB,WAAW,CAAC,UAAkB,WAA4C;AAAA,EAC9F,MAAM,WAAW,KAAK,IAAI,IAAI,KAAK,IAAI,GAAG,SAAS;AAAA,EACnD,UAAS;AAAA,IACP,MAAM,SAAS,eAAe,QAAQ;AAAA,IACtC,IAAI;AAAA,MAAQ,OAAO;AAAA,IACnB,IAAI,KAAK,IAAI,KAAK,UAAU;AAAA,MAC1B,MAAM,IAAI,MAAM,qBAAqB,mBAAmB,aAAa;AAAA,IACvE;AAAA,IACA,MAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AAAA,EACjD;AAAA;;;AChKF,0DAA8C;AAC9C;AACA;AAeO,SAAS,WAAW,CAAC,UAAkB,QAA6B;AAAA,EACzE,OAAO;AAAA,IACL,UAAe,UAAK,UAAU,GAAG,aAAa;AAAA,IAC9C,UAAe,UAAK,UAAU,GAAG,aAAa;AAAA,IAC9C,UAAe,UAAK,UAAU,GAAG,aAAa;AAAA,EAChD;AAAA;AAeK,SAAS,eAAe,GAAW;AAAA,EACxC,IAAI;AAAA,EACJ,IAAI,QAAQ,aAAa,SAAS;AAAA,IAChC,OAAY,UAAK,OAAO,GAAG,SAAS;AAAA,EACtC,EAAO;AAAA,IACL,MAAM,MAAM,QAAQ,IAAI;AAAA,IACxB,IAAI,KAAK;AAAA,MACP,OAAY,UAAK,KAAK,SAAS;AAAA,IACjC,EAAO;AAAA,MACL,MAAM,MAAM,OAAO,QAAQ,YAAY,aAAa,QAAQ,QAAQ,IAAI;AAAA,MACxE,OAAY,UAAK,OAAO,GAAG,WAAW,KAAK;AAAA;AAAA;AAAA,EAG/C,UAAU,MAAM,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAAA,EAChD,IAAI,QAAQ,aAAa,WAAW,OAAO,QAAQ,YAAY,YAAY;AAAA,IAEzE,IAAI;AAAA,MAEF,MAAM,KAAK,UAAS,IAAI;AAAA,MACxB,IAAI,GAAG,QAAQ,QAAQ,QAAQ,GAAG;AAAA,QAChC,MAAM,IAAI,MAAM,mBAAmB,mCAAmC;AAAA,MACxE;AAAA,MACA,OAAO,MAAK;AAAA,MACZ,IAAK,MAA2B,SAAS,UAAU,CAEnD,EAAO;AAAA,QACL,MAAM;AAAA;AAAA;AAAA,EAGZ;AAAA,EACA,OAAO;AAAA;AAQF,SAAS,SAAS,CAAC,UAAkB,YAA+B,KAAa,UAAwB;AAAA,EAC9G,MAAM,UAAU;AAAA,IACd,KAAK,CAAC,GAAG,UAAU;AAAA,IACnB;AAAA,IACA,QAAQ;AAAA,IACR,YAAY,KAAK,IAAI,IAAI;AAAA,IACzB,cAAc,QAAQ;AAAA,EACxB;AAAA,EACA,IAAI;AAAA,IACF,cAAc,UAAU,KAAK,UAAU,SAAS,MAAM,CAAC,GAAG,EAAE,UAAU,QAAQ,MAAM,IAAM,CAAC;AAAA,IAC3F,MAAM;AAAA;AAmCV,eAAsB,WAAW,CAAC,UAAkB,YAAY,MAAwB;AAAA,EACtF,IAAI,CAAC,WAAW,QAAQ;AAAA,IAAG,OAAO;AAAA,EAGlC,MAAM,MAAM,MAAa;AAAA,EACzB,OAAO,IAAI,QAAiB,CAAC,YAAY;AAAA,IACvC,MAAM,OAAO,IAAI,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAAA,IACpD,MAAM,QAAQ,WAAW,MAAM;AAAA,MAC7B,KAAK,QAAQ;AAAA,MACb,QAAQ,KAAK;AAAA,OACZ,SAAS;AAAA,IACZ,KAAK,KAAK,WAAW,MAAM;AAAA,MACzB,aAAa,KAAK;AAAA,MAClB,KAAK,IAAI;AAAA,MACT,QAAQ,IAAI;AAAA,KACb;AAAA,IACD,KAAK,KAAK,SAAS,MAAM;AAAA,MACvB,aAAa,KAAK;AAAA,MAClB,QAAQ,KAAK;AAAA,KACd;AAAA,GACF;AAAA;AAGH,SAAS,WAAW,CAAC,UAA4E;AAAA,EAC/F,IAAI;AAAA,IACF,MAAM,MAAM,aAAa,UAAU,MAAM;AAAA,IACzC,MAAM,OAAO,KAAK,MAAM,GAAG;AAAA,IAC3B,OAAO;AAAA,MACL,KAAK,MAAM,QAAQ,KAAK,GAAG,IAAI,KAAK,IAAI,IAAI,MAAM,IAAI,CAAC;AAAA,MACvD,KAAK,OAAO,KAAK,QAAQ,WAAW,KAAK,MAAM;AAAA,MAC/C,WAAW,OAAO,KAAK,eAAe,WAAW,KAAK,aAAa;AAAA,IACrE;AAAA,IACA,MAAM;AAAA,IACN,OAAO,EAAE,KAAK,CAAC,GAAG,KAAK,IAAI,WAAW,KAAK;AAAA;AAAA;AAK/C,eAAsB,UAAU,CAAC,UAAwC;AAAA,EACvE,QAAQ,gBAAgB,MAAa;AAAA,EACrC,MAAM,OAAoB,CAAC;AAAA,EAC3B,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,UAAU,YAAY,QAAQ;AAAA,IAC9B,MAAM;AAAA,IACN,OAAO;AAAA;AAAA,EAET,WAAW,QAAQ,QAAQ,KAAK,GAAG;AAAA,IACjC,IAAI,CAAC,KAAK,SAAS,OAAO;AAAA,MAAG;AAAA,IAC7B,MAAM,SAAS,KAAK,MAAM,GAAG,EAAE;AAAA,IAC/B,QAAQ,UAAU,aAAa,YAAY,UAAU,MAAM;AAAA,IAC3D,MAAM,OAAO,YAAY,QAAQ;AAAA,IACjC,KAAK,KAAK;AAAA,MACR;AAAA,MACA,KAAK,KAAK;AAAA,MACV,KAAK,KAAK;AAAA,MACV,QAAQ;AAAA,MACR,WAAW,KAAK;AAAA,MAChB,OAAO,MAAM,YAAY,QAAQ;AAAA,IACnC,CAAC;AAAA,EACH;AAAA,EACA,OAAO;AAAA;AAYT,eAAsB,UAAU,CAC9B,UACA,YACA,SACmB;AAAA,EACnB,QAAQ,gBAAgB,MAAa;AAAA,EACrC,MAAM,UAAoB,CAAC;AAAA,EAC3B,MAAM,UAAoB,CAAC;AAAA,EAC3B,MAAM,QAAQ,SAAS,SAAS;AAAA,EAChC,MAAM,cAAc,SAAS,eAAe;AAAA,EAE5C,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,UAAU,YAAY,QAAQ;AAAA,IAC9B,MAAM;AAAA,IACN,OAAO,EAAE,SAAS,cAAc,QAAQ;AAAA;AAAA,EAG1C,IAAI,OAAO;AAAA,EACX,WAAW,QAAQ,QAAQ,KAAK,GAAG;AAAA,IACjC,IAAI,CAAC,KAAK,SAAS,OAAO;AAAA,MAAG;AAAA,IAC7B,IAAI,UAAU,QAAQ,QAAQ;AAAA,MAAO;AAAA,IACrC,QAAQ;AAAA,IACR,MAAM,SAAS,KAAK,MAAM,GAAG,EAAE;AAAA,IAC/B,IAAI,gBAAgB,QAAQ,WAAW;AAAA,MAAa;AAAA,IAEpD,QAAQ,UAAU,UAAU,aAAa,YAAY,UAAU,MAAM;AAAA,IACrE,MAAM,UAAU,MAAM,WAAW,QAAQ;AAAA,IACzC,IAAI,YAAY,MAAM;AAAA,MACpB,QAAQ,KAAK,MAAM;AAAA,MACnB;AAAA,IACF;AAAA,IACA,IAAI;AAAA,MACF,IAAI,MAAM,YAAY,QAAQ,GAAG;AAAA,QAE/B;AAAA,MACF;AAAA,MACA,WAAW,KAAK,CAAC,UAAU,UAAU,QAAQ,GAAG;AAAA,QAC9C,IAAI;AAAA,UACF,WAAW,CAAC;AAAA,UACZ,MAAM;AAAA,MAGV;AAAA,MACA,QAAQ,KAAK,MAAM;AAAA,cACnB;AAAA,MACA,QAAQ;AAAA;AAAA,EAEZ;AAAA,EACA,OAAO,EAAE,SAAS,cAAc,QAAQ;AAAA;;;AFpN1C,IAAM,mBAAmB;AA4BzB,eAAsB,MAAM,CAAC,QAAuC;AAAA,EAClE,IAAI,CAAC,OAAO,cAAc,OAAO,WAAW,WAAW,GAAG;AAAA,IACxD,MAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AAAA,EACA,MAAM,WAAW,OAAO,YAAY,gBAAgB;AAAA,EACpD,MAAM,cAAc,OAAO,eAAe;AAAA,EAC1C,MAAM,oBAAoB,OAAO,kBAAkB,MAAM;AAAA,EACzD,MAAM,oBAAoB,OAAO,wBAAwB,MAAM;AAAA,EAE/D,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI;AAAA,EAEJ,IAAI,OAAO,eAAe,WAAW;AAAA,IACnC,QAAQ,YAAY,MAAa;AAAA,IACjC,WAAW,QAAQ,OAAO,UAAU;AAAA,IAEpC,WAAW,GAAG;AAAA,IACd,WAAW;AAAA,IACX,SAAS;AAAA,EACX,EAAO;AAAA,IACL,SAAS,MAAM,YAAY,OAAO,UAAU;AAAA,IAC5C,MAAM,QAAQ,YAAY,UAAU,MAAM;AAAA,IAC1C,WAAW,MAAM;AAAA,IACjB,WAAW,MAAM;AAAA,IACjB,WAAW,MAAM;AAAA;AAAA,EAGnB,MAAM,SAAS,MAAM,YAAY,UAAU,gBAAgB;AAAA,EAC3D,IAAI;AAAA,IAEF,IAAI,MAAM,YAAY,QAAQ,GAAG;AAAA,MAC/B,OAAO;AAAA,IACT;AAAA,IAEA,IAAI;AAAA,MACF,YAAW,QAAQ;AAAA,MACnB,MAAM;AAAA,IAIR,IAAI,aAAa,MAAM;AAAA,MACrB,UAAU,UAAU,OAAO,YAAY,QAAQ,IAAI,GAAG,QAAQ;AAAA,IAChE;AAAA,IACA,MAAM,YAAY,OAAO,YAAY,UAAU,aAAa,OAAO,gBAAgB,MAAM,gBAAgB;AAAA,IACzG,OAAO;AAAA,YACP;AAAA,IACA,OAAO,QAAQ;AAAA,IAEf,IAAI,WAAW,MAAM;AAAA,MACnB,IAAI;AAAA,QACF,MAAM,WACJ,UACA,OAAO,MAAM;AAAA,UACX,MAAM,IAAI,eAAe,CAAC;AAAA,UAC1B,OAAO,IAAI,MAAM,EAAE,QAAQ,IAAI;AAAA,WAEjC,EAAE,OAAO,kBAAkB,aAAa,OAAO,CACjD;AAAA,QACA,MAAM;AAAA,IAGV;AAAA;AAAA;AAKJ,eAAe,WAAW,CACxB,YACA,UACA,aACA,cACA,kBACe;AAAA,EACf,MAAM,WAAW,CAAC,GAAG,YAAY,UAAU,UAAU,kBAAkB,OAAO,WAAW,CAAC;AAAA,EAC1F,OAAO,QAAQ,QAAQ;AAAA,EAEvB,MAAM,eAAe,iBAAiB,OAAO,WAAW;AAAA,EAExD,MAAM,OAAO,MAAM,KAAK,MAAM;AAAA,IAC5B,OAAO,CAAC,UAAU,QAAQ,YAAY;AAAA,IACtC,UAAU;AAAA,EACZ,CAAC;AAAA,EAED,IAAI,iBAAiB,QAAQ,KAAK,QAAQ;AAAA,IAExC,MAAM,OAAO,kBAAkB,cAAc,EAAE,OAAO,IAAI,CAAC;AAAA,IAC3D,KAAK,OAAO,KAAK,IAAI;AAAA,EACvB;AAAA,EAEA,MAAM,iBAAiB,QAAQ;AAAA,EAG/B,MAAM,SAAS,WAAW,KAAK,MAAM;AAAA,EACrC,MAAM,WAAW,KAAK,IAAI,IAAI;AAAA,EAE9B,OAAO,KAAK,IAAI,IAAI,UAAU;AAAA,IAE5B,MAAM,YAAY,WAAW,KAAK,IAAI;AAAA,IACtC,MAAM,SAAS,MAAM,QAAQ,KAAK;AAAA,MAChC,OAAO,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,QAAiB,OAAO,EAAE,EAAE;AAAA,MAC/D,SAAS,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,MAAM,QAAiB,GAAG,EAAE;AAAA,MAC3D,MAAM,SAAS,EAAE,KAAK,OAAO,EAAE,MAAM,UAAmB,EAAE;AAAA,IAC5D,CAAC;AAAA,IAED,IAAI,OAAO,SAAS,QAAQ;AAAA,MAC1B,MAAM,IAAI,MAAM,sCAAsC,OAAO,KAAK;AAAA,IACpE;AAAA,IACA,IAAI,OAAO,SAAS,WAAW;AAAA,MAC7B,KAAK,KAAK,SAAS;AAAA,MACnB,MAAM,IAAI,MAAM,0CAA0C,oBAAoB;AAAA,IAChF;AAAA,IACA,IAAI,OAAO,MAAM,MAAM;AAAA,MAErB,MAAM,KAAK,MAAM,SAAS,IAAI;AAAA,MAC9B,MAAM,IAAI,MAAM,sCAAsC,KAAK;AAAA,IAC7D;AAAA,IACA,MAAM,OAAO,OAAO,MAAM;AAAA,IAC1B,IAAI,KAAK,WAAW,OAAO,GAAG;AAAA,MAC5B,IAAI,SAAS,gBAAgB;AAAA,QAC3B,KAAK,KAAK,SAAS;AAAA,QACnB,MAAM,IAAI,MACR,oCAAoC,KAAK,UAAU,IAAI,eAAe,KAAK,UAAU,cAAc,IACrG;AAAA,MACF;AAAA,MAEA,OAAO,gBAAgB;AAAA,MACvB;AAAA,IACF;AAAA,IAEA,QAAQ,IAAI,0BACV,QAAQ,OAAO,MAAM,4CAA4C,KAAK,UAAU,IAAI;AAAA,CAAK;AAAA,EAC7F;AAAA,EACA,KAAK,KAAK,SAAS;AAAA,EACnB,MAAM,IAAI,MAAM,0CAA0C,oBAAoB;AAAA;AAahF,SAAS,UAAU,CAAC,QAA2C;AAAA,EAC7D,IAAI,SAAS;AAAA,EACb,IAAI,QAAQ;AAAA,EACZ,MAAM,SAAmB,CAAC;AAAA,EAC1B,MAAM,UAAmE,CAAC;AAAA,EAC1E,IAAI,cAAc;AAAA,EAElB,MAAM,cAAc,MAAM;AAAA,IACxB,IAAI,QAAQ,WAAW;AAAA,MAAG;AAAA,IAC1B,IAAI,OAAO,SAAS,GAAG;AAAA,MACrB,MAAM,IAAI,QAAQ,MAAM;AAAA,MACxB,IAAI,EAAE,MAAM,OAAO,OAAO,OAAO,MAAM,KAAK,GAAG,CAAC;AAAA,IAClD,EAAO,SAAI,OAAO;AAAA,MAChB,MAAM,IAAI,QAAQ,MAAM;AAAA,MACxB,IAAI,EAAE,MAAM,MAAM,OAAO,GAAG,CAAC;AAAA,IAC/B;AAAA;AAAA,EAGF,OAAO,cAAc,MAAM;AAAA,EAC3B,OAAO,GAAG,QAAQ,CAAC,UAAU;AAAA,IAC3B,IAAI;AAAA,MAAa;AAAA,IACjB,UAAU,OAAO,KAAK;AAAA,IACtB,UAAS;AAAA,MACP,MAAM,KAAK,OAAO,QAAQ;AAAA,CAAI;AAAA,MAC9B,IAAI,KAAK;AAAA,QAAG;AAAA,MACZ,MAAM,OAAO,OAAO,MAAM,GAAG,EAAE,EAAE,QAAQ,OAAO,EAAE;AAAA,MAClD,SAAS,OAAO,MAAM,KAAK,CAAC;AAAA,MAC5B,OAAO,KAAK,IAAI;AAAA,IAClB;AAAA,IACA,YAAY;AAAA,GACb;AAAA,EACD,OAAO,GAAG,OAAO,MAAM;AAAA,IACrB,QAAQ;AAAA,IACR,IAAI,OAAO,SAAS,GAAG;AAAA,MACrB,OAAO,KAAK,OAAO,QAAQ,OAAO,EAAE,CAAC;AAAA,MACrC,SAAS;AAAA,IACX;AAAA,IACA,YAAY;AAAA,GACb;AAAA,EACD,OAAO,GAAG,SAAS,MAAM;AAAA,IACvB,QAAQ;AAAA,IACR,YAAY;AAAA,GACb;AAAA,EAED,OAAO;AAAA,IACL,IAAI,GAAG;AAAA,MACL,OAAO,IAAI,QAAQ,CAAC,YAAY;AAAA,QAC9B,QAAQ,KAAK,OAAO;AAAA,QACpB,YAAY;AAAA,OACb;AAAA;AAAA,IAEH,eAAe,GAAG;AAAA,MAChB,cAAc;AAAA,MAEd,OAAO,SAAS;AAAA,MAChB,OAAO,SAAS;AAAA;AAAA,EAEpB;AAAA;AAGF,SAAS,QAAQ,CAAC,MAA8D;AAAA,EAC9E,OAAO,IAAI,QAAQ,CAAC,YAAY;AAAA,IAC9B,KAAK,KAAK,QAAQ,CAAC,SAAS,QAAQ,IAAI,CAAC;AAAA,GAC1C;AAAA;AAGH,SAAS,KAAK,CAAC,IAA2B;AAAA,EACxC,OAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,KAAK,IAAI,GAAG,EAAE,CAAC,CAAC;AAAA;;AGxQ1D,uBAAS,2BAAY;AACrB;AACA;;;ACRA,IAAM,gBAAe,OAAW,CAAC,CAAC;AAiBlC,eAAsB,cAAc,CAClC,QACA,QACA,QACA,QACA,UACA,WACA,gBACA,MACe;AAAA,EACf,MAAM,aAAa,CAAC,CAAC,OAAO;AAAA,EAE5B,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,IAAI,YAAY;AAAA,MACd,QAAQ,MAAM,OAAO,aAAc,MAAM;AAAA,IAC3C,EAAO;AAAA,MACL,QAAQ,MAAM,OAAO,aAAc,MAAM;AAAA;AAAA,IAE3C,OAAO,OAAY;AAAA,IACnB,MAAM,YAAY,OAAO,gBAAgB;AAAA,IACzC,MAAM,WAAW,gBAAgB,WAAW,OAAO,UAAU,SAAS;AAAA,IACtE,MAAM,OAAO,YAAY,WAAW,CAAC,QAAQ,CAAC;AAAA,IAE9C,MAAM,eAAc,MAAM,OAAO,eAAe;AAAA,IAChD,IAAI,cAAa;AAAA,MACf,OAAQ,MAAM,OAAO,cAAc,MAAO,MAAM,CAEhD;AAAA,IACF;AAAA,IACA;AAAA;AAAA,EAMF,MAAM,eAAe,OAAO,kBAAkB,OAAO;AAAA,EAIrD,MAAM,oBAAoB,OAAO,gBAAgB;AAAA,EAGjD,IAAI,OAAO,gBAAgB,OAAO,YAAY;AAAA,IAC5C,IAAI;AAAA,MACF,MAAM,YAAY,IAAI,gBAAgB,OAAO,cAAc,MAAM,UAAU,WAAW,WAAW,WAAW,IAAI;AAAA,MAChH,MAAM,eAAe,OAAO,WAAW,QAAQ,OAAO,SAAS;AAAA,MAC/D,MAAM,cAAc,iBAAiB,OAAO,cAAc,cAAc,UAAU,SAAS;AAAA,MAC3F,MAAM,gBAAgB,CAAC,GAAG,UAAU,QAAQ,IAAI,CAAC,MAAM,EAAE,KAAK,GAAG,WAAW;AAAA,MAC5E,MAAM,OAAO,YAAY,OAAO,cAAc,aAAa;AAAA,MAC3D,OAAO,OAAY;AAAA,MACnB,MAAM,WAAW,gBAAgB,OAAO,cAAc,OAAO,UAAU,SAAS;AAAA,MAChF,MAAM,OAAO,YAAY,OAAO,cAAc,CAAC,QAAQ,CAAC;AAAA,MAExD,MAAM,eAAc,MAAM,OAAO,eAAe;AAAA,MAChD,IAAI,cAAa;AAAA,QACf,OAAQ,MAAM,OAAO,cAAc,MAAO,MAAM,CAAC;AAAA,MACnD;AAAA,MACA;AAAA;AAAA,EAEJ;AAAA,EAGA,MAAM,cAAc,MAAM,OAAO,eAAe;AAAA,EAChD,IAAI,CAAC,aAAa;AAAA,IAChB,MAAM,WAAW,gBAAgB,cAAc,IAAI,MAAM,mCAAmC,GAAG,UAAU,SAAS;AAAA,IAClH,MAAM,OAAO,YAAY,cAAc,CAAC,QAAQ,CAAC;AAAA,IACjD;AAAA,EACF;AAAA,EAKA,MAAM,SAAS,OAAO,WAAW,YAAY;AAAA,EAM7C,MAAM,sBAAsB,OAAO,iBAAiB,OAAO;AAAA,EAE3D,IAAI;AAAA,IACF,OAAO,MAAM;AAAA,MACX,IAAI,aAAa,MAAM,OAAO,cAAc;AAAA,MAC5C,IAAI,CAAC;AAAA,QAAY;AAAA,MAMjB,IAAI,WAAW,UAAU,IAAI,UAAU,GAAG;AAAA,QACxC,IAAI,OAAO,UAAU;AAAA,UACnB,IAAI;AAAA,YACF,MAAM,OAAO,SAAS,KAAK;AAAA,YAC3B,OAAO,MAAK;AAAA,YACZ,QAAQ,QAAQ,yBAAyB,gBAAe,QAAQ,KAAI,UAAU,MAAK;AAAA;AAAA,QAEvF;AAAA,QACA;AAAA,MACF;AAAA,MAQA,IAAI,uBAAuB,CAAC,qBAAqB,WAAW,WAAW,qBAAqB;AAAA,QAC1F,IAAI;AAAA,UACF,aAAa,qBAAqB,YAAY,mBAAmB;AAAA,UACjE,OAAO,GAAG;AAAA,UAOV,IAAI,aAAa;AAAA,YAAW,MAAM;AAAA,UAClC,QAAQ,QAAQ,+BAA+B,aAAa,QAAQ,EAAE,UAAU,GAAG;AAAA;AAAA,MAEvF;AAAA,MAEA,MAAM,MAAM,IAAI,gBAAgB,cAAc,mBAAmB,UAAU,WAAW,WAAW,WAAW,IAAI;AAAA,MAEhH,IAAI,YAAY;AAAA,QACd,MAAM,OAAO,WAAY,OAAO,GAAG;AAAA,MACrC,EAAO;AAAA,QACL,MAAM,OAAO,WAAY,OAAO,YAAY,GAAG;AAAA;AAAA,MAGjD,WAAW,WAAW,IAAI,SAAS;AAAA,QACjC,IAAI,QAAQ,QAAQ;AAAA,QACpB,IAAI,gBAAgB;AAAA,UAClB,QAAQ,MAAM,sBAAsB,OAAO,cAAc;AAAA,QAC3D;AAAA,QAIA,IAAI,QAAQ,YAAY,QAAQ,SAAS,OAAO,GAAG;AAAA,UACjD,QAAQ,kBAAkB,OAAO,QAAQ,QAAQ;AAAA,QACnD;AAAA,QACA,MAAM,OAAO,MAAM,KAAK;AAAA,MAC1B;AAAA,MAEA,IAAI,IAAI,UAAU;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IACA,OAAO,OAAY;AAAA,IACnB,MAAM,OAAO,MAAM,gBAAgB,cAAc,OAAO,UAAU,SAAS,CAAC;AAAA;AAAA,EAG9E,MAAM,OAAO,MAAM;AAAA,EAMnB,IAAI;AAAA,IACF,OAAQ,MAAM,OAAO,cAAc,MAAO,MAAM,CAAC;AAAA,IACjD,MAAM;AAAA;;;AC/KV,eAAsB,aAAa,CACjC,QACA,QACA,QACA,UACA,WACA,gBACA,MACe;AAAA,EACf,MAAM,UAAS,OAAO;AAAA,EACtB,MAAM,MAAM,IAAI,gBAAgB,SAAQ,MAAM,UAAU,WAAW,WAAW,WAAW,IAAI;AAAA,EAE7F,IAAI;AAAA,IACF,MAAM,SAAS,MAAM,OAAO,QAAS,QAAQ,GAAG;AAAA,IAChD,IAAI,cAAc,iBAAiB,SAAQ,QAAQ,UAAU,SAAS;AAAA,IACtE,IAAI,gBAAgB;AAAA,MAClB,cAAc,MAAM,sBAAsB,aAAa,cAAc;AAAA,IACvE;AAAA,IAEA,MAAM,UAAU,CAAC,GAAG,IAAI,QAAQ,IAAI,CAAC,MAAM,EAAE,KAAK,GAAG,WAAW;AAAA,IAChE,MAAM,OAAO,YAAY,SAAQ,OAAO;AAAA,IACxC,OAAO,OAAY;AAAA,IACnB,MAAM,QAAQ,gBAAgB,SAAQ,OAAO,UAAU,SAAS;AAAA,IAChE,MAAM,OAAO,YAAY,SAAQ,CAAC,KAAK,CAAC;AAAA;AAAA;;;AC9B5C,IAAM,YAAY;AAWlB,IAAM,gBAAe;AACrB,IAAI,aAA+F;AACnG,SAAS,eAAc,GAA4E;AAAA,EACjG,IAAI;AAAA,IAAY,OAAO;AAAA,EACvB,MAAM,MAAY,YAAoB,WAAY,WAAmB,WAAW;AAAA,EAChF,IAAI,CAAC,KAAK;AAAA,IACR,MAAM,IAAI,MACR,6EACE,wDACJ;AAAA,EACF;AAAA,EACA,MAAM,KAAK,IAAI,aAAY;AAAA,EAC3B,aAAa,GAAG,UAAU,KAAK,EAAE;AAAA,EACjC,OAAO;AAAA;AAcT,SAAS,QAAQ,CAAC,IAAY,MAAwB;AAAA,EACpD,MAAM,aAAY,gBAAe;AAAA,EACjC,IAAI,SAAS;AAAA,EACb,OAAO,SAAS,KAAK,QAAQ;AAAA,IAC3B,IAAI;AAAA,MACF,MAAM,UAAU,WAAU,IAAI,MAAM,QAAQ,KAAK,SAAS,MAAM;AAAA,MAChE,IAAI,WAAW;AAAA,QAAG,MAAM,IAAI,MAAM,sBAAsB,SAAS;AAAA,MACjE,UAAU;AAAA,MACV,OAAO,GAAQ;AAAA,MACf,IAAI,EAAE,SAAS,UAAU;AAAA,QAIvB,QAAQ,KAAK,IAAI,WAAW,IAAI,kBAAkB,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAAA,QAC9D;AAAA,MACF;AAAA,MACA,MAAM;AAAA;AAAA,EAEV;AAAA;AAgBF,eAAe,cAAc,CAAC,QAAgB,MAAiC;AAAA,EAC7E,IAAI,OAAO,aAAa,OAAO,eAAe;AAAA,IAC5C,MAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AAAA,EACA,MAAM,KAAK,OAAO,MAAM,IAAI;AAAA,EAC5B,IAAI;AAAA,IAAI;AAAA,EACR,MAAM,IAAI,QAAc,CAAC,SAAS,WAAW;AAAA,IAC3C,MAAM,UAAU,MAAM;AAAA,MACpB,OAAO,IAAI,SAAS,OAAO;AAAA,MAC3B,OAAO,IAAI,SAAS,OAAO;AAAA,MAC3B,OAAO,IAAI,SAAS,OAAO;AAAA;AAAA,IAE7B,MAAM,UAAU,MAAM;AAAA,MACpB,QAAQ;AAAA,MACR,QAAQ;AAAA;AAAA,IAEV,MAAM,UAAU,CAAC,SAAe;AAAA,MAC9B,QAAQ;AAAA,MACR,OAAO,IAAG;AAAA;AAAA,IAEZ,MAAM,UAAU,MAAM;AAAA,MAGpB,QAAQ;AAAA,MACR,QAAQ;AAAA;AAAA,IAEV,OAAO,KAAK,SAAS,OAAO;AAAA,IAC5B,OAAO,KAAK,SAAS,OAAO;AAAA,IAC5B,OAAO,KAAK,SAAS,OAAO;AAAA,GAC7B;AAAA;AAAA;AAcI,MAAM,gBAAgB;AAAA,EACV;AAAA,EAOjB,WAAW,CAAC,aAA8B,WAAW;AAAA,IACnD,IAAI,OAAO,eAAe,UAAU;AAAA,MAClC,KAAK,SAAS,EAAE,MAAM,MAAM,IAAI,WAAW;AAAA,IAC7C,EAAO;AAAA,MACL,KAAK,SAAS,EAAE,MAAM,UAAU,QAAQ,WAAW;AAAA;AAAA;AAAA,OAQjD,YAAW,CAAC,SAAmB,SAAoC;AAAA,IAOvE,MAAM,QAAQ,iBAAiB,SAAQ,OAAO;AAAA,IAC9C,IAAI,KAAK,OAAO,SAAS,MAAM;AAAA,MAC7B,SAAS,KAAK,OAAO,IAAI,KAAK;AAAA,IAChC,EAAO;AAAA,MACL,MAAM,eAAe,KAAK,OAAO,QAAQ,KAAK;AAAA;AAAA;AAAA,EAOlD,UAAU,CAAC,SAAsC;AAAA,IAC/C,OAAO,IAAI,kBAAkB,KAAK,QAAQ,OAAM;AAAA;AAEpD;AAAA;AAqBO,MAAM,kBAAkB;AAAA,EACZ;AAAA,EACA;AAAA,EACT,SAAS;AAAA,EAIT,aAA4B,QAAQ,QAAQ;AAAA,EAEpD,WAAW,CAAC,QAAsB,SAAmB;AAAA,IACnD,KAAK,SAAS;AAAA,IACd,KAAK,UAAU,yBAAyB,OAAM;AAAA,IAG9C,KAAK,QAAQ,KAAK,QAAQ,MAAM,CAAC;AAAA;AAAA,OAI7B,MAAK,CAAC,OAAgC;AAAA,IAC1C,IAAI,KAAK;AAAA,MAAQ,MAAM,IAAI,MAAM,uBAAuB;AAAA,IACxD,OAAO,KAAK,QAAQ,KAAK,QAAQ,WAAW,KAAK,CAAC;AAAA;AAAA,OAI9C,MAAK,GAAkB;AAAA,IAC3B,IAAI,KAAK;AAAA,MAAQ;AAAA,IACjB,KAAK,SAAS;AAAA,IACd,OAAO,KAAK,QAAQ,KAAK,QAAQ,OAAO,CAAC;AAAA;AAAA,EAGnC,OAAO,CAAC,OAAkC;AAAA,IAChD,MAAM,OAAO,KAAK,WAAW,KAAK,MAAM;AAAA,MACtC,IAAI,KAAK,OAAO,SAAS,MAAM;AAAA,QAC7B,SAAS,KAAK,OAAO,IAAI,KAAK;AAAA,QAC9B;AAAA,MACF;AAAA,MACA,OAAO,eAAe,KAAK,OAAO,QAAQ,KAAK;AAAA,KAChD;AAAA,IAID,KAAK,aAAa,KAAK,MAAM,MAAG;AAAA,MAAG;AAAA,KAAS;AAAA,IAC5C,OAAO;AAAA;AAEX;;;AH1LA,IAAM,gBAAe,OAAW,CAAC,CAAC;AAsDlC,eAAsB,SAAS,CAAC,UAAoB,SAAqD;AAAA,EACvG,MAAM,WAAgB,cAAQ,QAAQ,QAAQ;AAAA,EAC9C,MAAM,eAAe,QAAQ,eAAe;AAAA,EAC5C,MAAM,gBAAgB,QAAQ,uBAAuB;AAAA,EACrD,MAAM,kBAAkB,QAAQ,mBAAmB;AAAA,EACnD,MAAM,WAAW,QAAQ,YAAY,OAAO,WAAW,EAAE,QAAQ,MAAM,EAAE,EAAE,MAAM,GAAG,EAAE;AAAA,EACtF,MAAM,iBAAiB,QAAQ,kBAAkB;AAAA,EACjD,MAAM,eAAe,QAAQ,gBAAgB;AAAA,EAC7C,MAAM,iBAAiB,QAAQ;AAAA,EAC/B,MAAM,eAAe,QAAQ,gBAAgB;AAAA,EAC7C,MAAM,UAAU,QAAQ,WAAW;AAAA,EACnC,MAAM,mBAAmB,QAAQ,oBAAoB,QAAQ;AAAA,EAO7D,IAAI,YAAW,QAAQ,GAAG;AAAA,IACxB,IAAI;AAAA,MAEF,YAAW,QAAQ;AAAA,MACnB,MAAM;AAAA,EAGV;AAAA,EAGA,IAAI,kBAAyG;AAAA,EAC7G,SAAS,YAAY,GAAmF;AAAA,IACtG,IAAI,CAAC,iBAAiB;AAAA,MACpB,kBAAkB,mBAAmB,SAAS,MAAM,SAAS,WAAW,GAAG,QAAQ,EAAE,KACnF,GAAG,OAAO,gBAAgB;AAAA,QACxB;AAAA,QACA,cAAc,SAAS,IAAI,uBAAuB,KAAK;AAAA,MACzD,EACF;AAAA,IACF;AAAA,IACA,OAAO;AAAA;AAAA,EAIT,IAAI,kBAAkB;AAAA,EACtB,eAAe,eAAe,GAAkB;AAAA,IAC9C,IAAI;AAAA,MAAiB;AAAA,IACrB,IAAI,cAAc;AAAA,MAChB,MAAM,8BAA+B;AAAA,IACvC;AAAA,IACA,kBAAkB;AAAA;AAAA,EAGpB,MAAM,SAAiB,aAAa,EAAE,eAAe,MAAM,CAAC;AAAA,EAE5D,IAAI,oBAAoB;AAAA,EACxB,IAAI,YAAkD;AAAA,EACtD,IAAI,cAA0B,MAAM;AAAA,EACpC,IAAI,aAAqC,MAAM;AAAA,EAC/C,MAAM,OAAO,IAAI,QAAc,CAAC,UAAS,WAAW;AAAA,IAClD,cAAc;AAAA,IACd,aAAa;AAAA,GACd;AAAA,EACD,IAAI,UAAU;AAAA,EAEd,SAAS,YAAY,GAAS;AAAA,IAC5B,IAAI,gBAAgB;AAAA,MAAG;AAAA,IACvB,IAAI;AAAA,MAAW,aAAa,SAAS;AAAA,IACrC,YAAY,WAAW,MAAM;AAAA,MAC3B,IAAI,sBAAsB,KAAK,CAAC,SAAS;AAAA,QAClC,SAAS;AAAA,MAChB;AAAA,OACC,eAAe,IAAI;AAAA;AAAA,EAGxB,SAAS,eAAe,GAAS;AAAA,IAC/B,IAAI,WAAW;AAAA,MACb,aAAa,SAAS;AAAA,MACtB,YAAY;AAAA,IACd;AAAA;AAAA,EAGF,eAAe,QAAQ,GAAkB;AAAA,IACvC,IAAI;AAAA,MAAS;AAAA,IACb,UAAU;AAAA,IACV,gBAAgB;AAAA,IAChB,MAAM,IAAI,QAAc,CAAC,aAAY;AAAA,MACnC,OAAO,MAAM,MAAM,SAAQ,CAAC;AAAA,KAC7B;AAAA,IACD,IAAI;AAAA,MACF,YAAW,QAAQ;AAAA,MACnB,MAAM;AAAA,IAGR,YAAY;AAAA;AAAA,EAGd,OAAO,GAAG,cAAc,CAAC,WAAW;AAAA,IAClC,qBAAqB;AAAA,IACrB,gBAAgB;AAAA,IAChB,iBAAiB,MAAM,EACpB,MAAM,CAAC,SAAQ;AAAA,MAGd,QAAQ,OAAO,MAAM,oCAAqC,MAAe,WAAW;AAAA,CAAO;AAAA,KAC5F,EACA,QAAQ,MAAM;AAAA,MACb,qBAAqB;AAAA,MACrB,OAAO,QAAQ;AAAA,MACf,IAAI,sBAAsB,KAAK,CAAC,SAAS;AAAA,QACvC,aAAa;AAAA,MACf;AAAA,KACD;AAAA,GACJ;AAAA,EAED,OAAO,GAAG,SAAS,CAAC,SAAQ;AAAA,IAC1B,IAAI;AAAA,MAAS;AAAA,IACb,WAAW,IAAG;AAAA,GACf;AAAA,EAED,eAAe,gBAAgB,CAAC,QAA+B;AAAA,IAE7D,MAAM,SAAS,MAAM,gBAAgB,OAAO,MAAM;AAAA,IAUlD,MAAM,SAAS,IAAI,gBAAgB,MAAM;AAAA,IAEzC,IAAI;AAAA,MAEF,MAAM,gBAAgB;AAAA,MAEtB,OAAO,MAAM;AAAA,QACX,IAAI;AAAA,UACF,MAAM,UAAU,QAAQ,MAAM;AAAA,UAC9B,OAAO,GAAY;AAAA,UACnB,MAAM,OAAM;AAAA,UAEZ,IACE,MAAK,SAAS,SAAS,QAAQ,KAC/B,MAAK,SAAS,SAAS,yBAAyB,KAChD,MAAK,SAAS,SAAS,kBAAkB,KACzC,MAAK,SAAS,SAAS,KAAK,KAC5B,MAAK,SAAS,WACd,MAAK,SAAS,gCACd,MAAK,SAAS,wBACd;AAAA,YACA;AAAA,UACF;AAAA,UACA,MAAM;AAAA;AAAA,MAEV;AAAA,cACA;AAAA,MACA,IAAI;AAAA,QACF,MAAM,OAAO,OAAO;AAAA,QACpB,MAAM;AAAA;AAAA;AAAA,EAMZ,eAAe,SAAS,CAAC,QAAyB,QAAwC;AAAA,IACxF,MAAM,SAAS,MAAM,OAAO,WAAW;AAAA,IACvC,IAAI,CAAC,QAAQ;AAAA,MACX,MAAM,IAAI,MAAM,KAAK;AAAA,IACvB;AAAA,IACA,QAAQ,iBAAQ,YAAY;AAAA,IAC5B,IAAI,QAAQ,WAAW,GAAG;AAAA,MACxB,MAAM,OAAM,IAAI,SAAS,iBAAiB,sCAAsC,EAAE;AAAA,MAClF,MAAM,WAAW,gBAAgB,eAAc,MAAK,UAAU,IAAI;AAAA,MAClE,MAAM,OAAO,YAAY,eAAc,CAAC,QAAQ,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,IACA,MAAM,QAAQ,QAAQ;AAAA,IACtB,IAAI;AAAA,IACJ,IAAI;AAAA,IACJ,IAAI;AAAA,IACJ,IAAI;AAAA,MACF,MAAM,SAAS,aAAa,SAAQ,KAAK;AAAA,MACzC,aAAa,OAAO;AAAA,MACpB,SAAS,OAAO;AAAA,MAChB,YAAY,OAAO;AAAA,MACnB,OAAO,GAAY;AAAA,MACnB,MAAM,WAAW,gBAAgB,eAAc,GAAY,UAAU,IAAI;AAAA,MACzE,MAAM,OAAO,YAAY,eAAc,CAAC,QAAQ,CAAC;AAAA,MACjD,IAAI,aAAa,gBAAgB,aAAa;AAAA,QAAU;AAAA,MACxD,MAAM;AAAA;AAAA,IAGR,IAAI,eAAe,wBAAwB,gBAAgB;AAAA,MACzD,QAAQ,OAAO,cAAc,MAAM,aAAa;AAAA,MAChD,MAAM,OAAO,YAAY,UAAU,QAAQ,CAAC,SAAS,CAAC;AAAA,MACtD;AAAA,IACF;AAAA,IAEA,MAAM,UAAU,SAAS,WAAW;AAAA,IACpC,MAAM,SAAS,QAAQ,IAAI,UAAU;AAAA,IACrC,IAAI,CAAC,QAAQ;AAAA,MACX,MAAM,YAAY,CAAC,GAAG,QAAQ,KAAK,CAAC,EAAE,KAAK;AAAA,MAC3C,MAAM,OAAM,IAAI,MAAM,oBAAoB,oCAAoC,UAAU,KAAK,IAAI,IAAI;AAAA,MACrG,MAAM,WAAW,gBAAgB,eAAc,MAAK,UAAU,SAAS;AAAA,MACvE,MAAM,OAAO,YAAY,eAAc,CAAC,QAAQ,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,IAEA,MAAM,aAAa,OAAO,+BAA4B,UAAU;AAAA,IAChE,IAAI;AAAA,IACJ,IAAI;AAAA,MACF,cAAc,eAAe,KAAK;AAAA,MAClC,MAAM;AAAA,IAGR,QAAQ,iBAAiB,MAAM,aAAa;AAAA,IAC5C,MAAM,OAAqB;AAAA,MACzB,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,SAAS;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,WAAW;AAAA,MACX,YAAY;AAAA,MACZ,eAAe;AAAA,MACf,YAAY;AAAA,MACZ;AAAA,IACF;AAAA,IACA,MAAM,QAAwB;AAAA,MAC5B,cAAc;AAAA,MACd,eAAe;AAAA,MACf,WAAW;AAAA,MACX,YAAY;AAAA,MACZ,YAAY;AAAA,MACZ,aAAa;AAAA,IACf;AAAA,IAEA,MAAM,QAAQ,cAAc,gBAAgB,IAAI;AAAA,IAChD,IAAI;AAAA,IACJ,cAAc,QAAQ,OAAO,QAAQ;AAAA,IACrC,IAAI;AAAA,MACF,IAAI,OAAO,8BAA2B;AAAA,QACpC,MAAM,cAAc,QAAQ,QAAQ,QAAQ,UAAU,WAAW,iCAAkC;AAAA,MACrG,EAAO;AAAA,QACL,MAAM,eAAe,QAAQ,QAAQ,QAAQ,QAAQ,UAAU,WAAW,iCAAkC;AAAA;AAAA,MAE9G,OAAO,GAAG;AAAA,MACV,gBAAgB,aAAa,QAAQ,IAAI,IAAI,MAAM,OAAO,CAAC,CAAC;AAAA,MAC5D,MAAM;AAAA,cACN;AAAA,MACA,cAAc,cAAc,OAAO,MAAM,OAAO,aAAa;AAAA;AAAA;AAAA,EAKjE,MAAM,IAAI,QAAc,CAAC,UAAS,WAAW;AAAA,IAC3C,OAAO,OAAO,EAAE,MAAM,UAAU,QAAQ,GAAG,MAAM,SAAQ,CAAC;AAAA,IAC1D,OAAO,KAAK,SAAS,CAAC,SAAQ,OAAO,IAAG,CAAC;AAAA,GAC1C;AAAA,EAID,IAAI;AAAA,IACF,QAAQ,cAAc,MAAa;AAAA,IACnC,UAAU,UAAU,GAAK;AAAA,IACzB,MAAM;AAAA,EAIR,QAAQ,UAAU,QAAQ;AAAA,EAE1B,iBAAiB,MAAM,QAAQ;AAAA,CAAY;AAAA,EAG3C,IAAI,eAAe,GAAG;AAAA,IACpB,WAAW,MAAM;AAAA,MACf,IAAI,sBAAsB,KAAK,CAAC;AAAA,QAAS,aAAa;AAAA,OACrD,gBAAgB,IAAI,EAAE,QAAQ;AAAA,EACnC;AAAA,EAEA,OAAO;AAAA,IACL,YAAY;AAAA,IACZ,MAAM;AAAA,IACN;AAAA,EACF;AAAA;;AI9VK,IAAM,MAAM,KAAK;AAEjB,IAAM,QAAQ,OAAO;AAErB,IAAM,MAAM,MAAU;AAEtB,IAAM,SAAQ,MAAU;AAExB,IAAM,SAAQ,MAAU;AAExB,IAAM,QAAO,KAAS;AAEtB,IAAM,SAAQ,MAAU;AAExB,IAAM,UAAS,OAAW;AAE1B,IAAM,UAAS,OAAW;AAE1B,IAAM,UAAS,OAAW;AAE1B,IAAM,QAAQ,QAAY;AAE1B,IAAM,WAAU,QAAY;AAE5B,IAAM,QAAO,KAAS;AAiC7B,SAAS,OAAO,CAAC,GAA2B;AAAA,EAC1C,OACE,KAAK,QACL,OAAQ,EAAU,SAAS,YAC1B,EAAU,QAAQ,QACnB,OAAQ,EAAU,aAAa;AAAA;AAInC,SAAS,UAAU,CAAC,GAA8B;AAAA,EAChD,OAAO,KAAK,QAAQ,OAAQ,EAAU,WAAW;AAAA;AAM5C,SAAS,QAAQ,CAAC,MAA6B;AAAA,EAEpD,MAAM,cAAe,KAA8B;AAAA,EACnD,IAAI,MAAM,QAAQ,WAAW,GAAG;AAAA,IAC9B,MAAM,MAAkB,CAAC;AAAA,IACzB,WAAW,KAAK,aAAmC;AAAA,MACjD,IAAI,QAAQ,CAAC,GAAG;AAAA,QACd,IAAI,KAAK,CAAC;AAAA,MACZ,EAAO;AAAA,QACL,IAAI,KAAK,MAAU,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,MAAM,EAAE,QAAQ,CAAC;AAAA;AAAA,IAEtE;AAAA,IACA,OAAO,OAAW,GAAG;AAAA,EACvB;AAAA,EAEA,MAAM,SAAqB,CAAC;AAAA,EAC5B,YAAY,MAAM,UAAU,OAAO,QAAQ,IAAI,GAAG;AAAA,IAChD,IAAI,QAAQ,KAAK,GAAG;AAAA,MAClB,OAAO,KAAK,KAAK;AAAA,IACnB,EAAO,SAAI,WAAW,KAAK,GAAG;AAAA,MAC5B,OAAO,KAAK,MAAU,MAAM,OAAO,KAAK,CAAC;AAAA,IAC3C,EAAO;AAAA,MACL,MAAM,IAAI,UAAU,6BAA6B,0CAA0C,OAAO,OAAO;AAAA;AAAA,EAE7G;AAAA,EACA,OAAO,OAAW,MAAM;AAAA;AAYnB,SAAS,eAAe,CAAC,MAAsD;AAAA,EACpF,MAAM,MAAM,SAAS,IAAI;AAAA,EACzB,IAAI,IAAI,OAAO,WAAW;AAAA,IAAG;AAAA,EAE7B,MAAM,SAAiC,CAAC;AAAA,EACxC,WAAW,KAAK,IAAI,QAAQ;AAAA,IAC1B,IAAI;AAAA,IACJ,IAAI,OAAO,EAAE,IAAI;AAAA,MAAG,SAAS;AAAA,IACxB,SAAI,SAAS,EAAE,IAAI;AAAA,MAAG,SAAS;AAAA,IAC/B,SAAI,OAAO,EAAE,IAAI;AAAA,MAAG,SAAS;AAAA,IAC7B,SAAI,QAAQ,EAAE,IAAI;AAAA,MAAG,SAAS;AAAA,IAC9B,SAAI,MAAM,EAAE,IAAI;AAAA,MAAG,SAAS;AAAA,IACjC,IAAI,CAAC;AAAA,MAAQ;AAAA,IACb,OAAO,EAAE,QAAQ;AAAA,EACnB;AAAA,EACA,OAAO;AAAA;;;AC7IT,IAAM,gBAAe,OAAW,CAAC,CAAC;AAAA;AAM3B,MAAM,SAAS;AAAA,EAEX;AAAA,EAQA;AAAA,EAEA;AAAA,EACD,WAA0C,IAAI;AAAA,EAEtD,WAAW,CAAC,MAAc,SAAwC;AAAA,IAChE,KAAK,OAAO;AAAA,IACZ,MAAM,MAAM,SAAS;AAAA,IACrB,IAAI,QAAQ,aAAa,QAAQ,IAAI;AAAA,MACnC,KAAK,kBAAkB;AAAA,MACvB,KAAK,uBAAuB;AAAA,IAC9B,EAAO;AAAA,MACL,KAAK,kBAAkB;AAAA,MACvB,KAAK,uBAAuB,qBAAqB,GAAG;AAAA;AAAA;AAAA,EAcxD,KAAK,CACH,MACA,QAQM;AAAA,IACN,MAAM,SAAS,SAAS,OAAO,MAAM;AAAA,IACrC,KAAK,SAAS,IAAI,MAAM;AAAA,MACtB;AAAA,MACA;AAAA,MACA,cAAc;AAAA,MACd,cAAc,SAAS,OAAO,MAAM;AAAA,MACpC,SAAS,OAAO;AAAA,MAChB,KAAK,OAAO;AAAA,MACZ,UAAU,OAAO;AAAA,MACjB,YAAY,OAAO,cAAc,gBAAgB,MAAM;AAAA,IACzD,CAAC;AAAA,IACD,OAAO;AAAA;AAAA,EAOT,QAAW,CACT,MACA,QAYM;AAAA,IACN,MAAM,SAAS,SAAS,OAAO,MAAM;AAAA,IACrC,KAAK,SAAS,IAAI,MAAM;AAAA,MACtB;AAAA,MACA;AAAA,MACA,cAAc;AAAA,MACd,cAAc;AAAA,MACd,cAAc,SAAS,OAAO,YAAY;AAAA,MAC1C,aAAa;AAAA,MACb,cAAc,OAAO;AAAA,MACrB,YAAY,OAAO;AAAA,MACnB,UAAU,OAAO;AAAA,MACjB,cAAc,OAAO,eAAe,SAAS,OAAO,YAAY,IAAI;AAAA,MACpE,YAAY,OAAO;AAAA,MACnB,KAAK,OAAO;AAAA,MACZ,UAAU,OAAO;AAAA,MACjB,YAAY,OAAO,cAAc,gBAAgB,MAAM;AAAA,IACzD,CAAC;AAAA,IACD,OAAO;AAAA;AAAA,EAOT,QAAW,CACT,MACA,QAaM;AAAA,IACN,MAAM,SAAS,SAAS,OAAO,MAAM;AAAA,IACrC,KAAK,SAAS,IAAI,MAAM;AAAA,MACtB;AAAA,MACA;AAAA,MACA,cAAc;AAAA,MACd,cAAc;AAAA,MACd,aAAa,SAAS,OAAO,WAAW;AAAA,MACxC,cAAc,SAAS,OAAO,YAAY;AAAA,MAC1C,cAAc,OAAO;AAAA,MACrB,YAAY,OAAO;AAAA,MACnB,UAAU,OAAO;AAAA,MACjB,cAAc,OAAO,eAAe,SAAS,OAAO,YAAY,IAAI;AAAA,MACpE,YAAY,OAAO;AAAA,MACnB,KAAK,OAAO;AAAA,MACZ,UAAU,OAAO;AAAA,MACjB,YAAY,OAAO,cAAc,gBAAgB,MAAM;AAAA,IACzD,CAAC;AAAA,IACD,OAAO;AAAA;AAAA,EAKT,UAAU,GAAkC;AAAA,IAC1C,OAAO,IAAI,IAAI,KAAK,QAAQ;AAAA;AAEhC;;AC5IA,IAAM,gBAAe,OAAW,CAAC,CAAC;AAElC,SAAS,cAAc,GAAW;AAAA,EAChC,MAAM,SAAQ,IAAI,WAAW,EAAE;AAAA,EAC/B,OAAO,gBAAgB,MAAK;AAAA,EAC5B,IAAI,MAAM;AAAA,EACV,SAAS,IAAI,EAAG,IAAI,OAAM,QAAQ,KAAK;AAAA,IACrC,OAAO,OAAM,GAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EAC9C;AAAA,EACA,OAAO;AAAA;AAAA;AAOF,MAAM,aAAa;AAAA,EAChB;AAAA,EACA;AAAA,EACA;AAAA,EAIA,mBAGI;AAAA,EACJ;AAAA,EACA,eAAoC;AAAA,EACpC;AAAA,EACA,eAAsC;AAAA,EAKtC,kBAAkB;AAAA,EAE1B,WAAW,CACT,UACA,SASA;AAAA,IACA,KAAK,WAAW;AAAA,IAChB,KAAK,iBAAiB,SAAS,kBAAkB;AAAA,IACjD,KAAK,WAAW,SAAS,YAAY,OAAO,WAAW,EAAE,QAAQ,MAAM,EAAE,EAAE,MAAM,GAAG,EAAE;AAAA,IACtF,KAAK,eAAe,SAAS,gBAAgB;AAAA,IAC7C,KAAK,iBAAiB,SAAS;AAAA,IAC/B,KAAK,kBAAkB,SAAS,mBAAmB;AAAA,IACnD,KAAK,eAAe,SAAS,gBAAgB;AAAA;AAAA,OAKjC,gBAAe,CAAC,MAAoC;AAAA,IAChE,IAAI,KAAK;AAAA,MAAiB;AAAA,IAC1B,IAAI,KAAK,cAAc;AAAA,MACrB,MAAM,KAAK,aAAa,IAAI;AAAA,IAC9B;AAAA,IACA,KAAK,kBAAkB;AAAA;AAAA,OAIX,aAAY,GAGvB;AAAA,IACD,IAAI,CAAC,KAAK,kBAAkB;AAAA,MAC1B,KAAK,mBAAmB,mBACtB,KAAK,SAAS,MACd,KAAK,SAAS,WAAW,GACzB,KAAK,UACL,KAAK,SAAS,mBAAmB,SACnC,EAAE,KAAK,GAAG,OAAO,gBAAgB;AAAA,QAC/B;AAAA,QACA,cAAc,SAAS,IAAI,uBAAuB,KAAK;AAAA,MACzD,EAAE;AAAA,IACJ;AAAA,IACA,OAAO,KAAK;AAAA;AAAA,EAQN,oBAAoB,CAAC,eAAyC;AAAA,IACpE,MAAM,cAAc,KAAK,SAAS;AAAA,IAClC,MAAM,gBAAgB,KAAK,SAAS;AAAA,IACpC,IAAI,kBAAkB,WAAW;AAAA,MAC/B,MAAM,IAAI,qBACR;AAAA,IACE;AAAA,IACA,aAAa;AAAA,IACb,qEACA,+DACA,4CACJ;AAAA,IACF;AAAA,IACA,IAAI;AAAA,IACJ,IAAI;AAAA,MACF,cAAc,qBAAqB,aAAa;AAAA,MAChD,MAAM;AAAA,MACN,MAAM,IAAI,qBACR;AAAA,IACE,aAAa;AAAA,IACb,aAAa;AAAA,IACb,4DACA,8CACJ;AAAA;AAAA,IAEF,IAAI,YAAY,OAAO,YAAY,MAAM,YAAY,OAAO,YAAY,IAAI;AAAA,MAC1E;AAAA,IACF;AAAA,IACA,MAAM,cACJ,YAAY,KAAK,YAAY,MAAO,YAAY,OAAO,YAAY,MAAM,YAAY,KAAK,YAAY;AAAA,IACxG,MAAM,YAAY,cACd,gGAAgG,mBAChG,sFAAsF;AAAA,IAC1F,MAAM,IAAI,qBACR;AAAA,IACE,aAAa;AAAA,IACb,aAAa;AAAA,IACb,gBAAgB,WACpB;AAAA;AAAA,OAII,IAAG,GAAkB;AAAA,IACzB,MAAM,QAAQ,QAAQ;AAAA,IAGtB,IAAI,QAAQ,MAAM,SAAS,QAAQ,OAAO,OAAO;AAAA,MAC/C,QAAQ,OAAO,MACb,sEACE;AAAA,IACA,4DACA;AAAA,CACJ;AAAA,IACF;AAAA,IAEA,MAAM,SAAS,MAAM,gBAAgB,OAAO,KAAK;AAAA,IACjD,MAAM,SAAS,IAAI;AAAA,IAEnB,IAAI;AAAA,MACF,OAAO,MAAM;AAAA,QAKX,MAAM,KAAK,iCAAkC;AAAA,QAC7C,MAAM,KAAK,SAAS,QAAQ,MAAM;AAAA,MACpC;AAAA,MACA,OAAO,GAAQ;AAAA,MAEf,IACE,EAAE,SAAS,SAAS,QAAQ,KAC5B,EAAE,SAAS,SAAS,yBAAyB,KAC7C,EAAE,SAAS,SAAS,kBAAkB,KACtC,EAAE,SAAS,WACX,EAAE,SAAS,gCACX,EAAE,SAAS,0BACV,aAAa,SAAS,EAAE,QAAQ,SAAS,KAAK,GAC/C;AAAA,QACA;AAAA,MACF;AAAA,MAEA,MAAM;AAAA,cACN;AAAA,MACA,MAAM,OAAO,OAAO;AAAA;AAAA;AAAA,OAIV,SAAQ,CAAC,QAAyB,QAAwC;AAAA,IACtF,MAAM,SAAS,MAAM,OAAO,WAAW;AAAA,IACvC,IAAI,CAAC,QAAQ;AAAA,MACX,MAAM,IAAI,MAAM,KAAK;AAAA,IACvB;AAAA,IAEA,QAAQ,iBAAQ,YAAY;AAAA,IAC5B,IAAI,QAAQ,WAAW,GAAG;AAAA,MACxB,MAAM,OAAM,IAAI,SAAS,iBAAiB,sCAAsC,EAAE;AAAA,MAClF,MAAM,WAAW,gBAAgB,eAAc,MAAK,KAAK,UAAU,IAAI;AAAA,MACvE,MAAM,OAAO,YAAY,eAAc,CAAC,QAAQ,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,IAEA,MAAM,QAAQ,QAAQ;AAAA,IACtB,IAAI;AAAA,IACJ,IAAI;AAAA,IACJ,IAAI;AAAA,IAEJ,IAAI;AAAA,MACF,MAAM,SAAS,aAAa,SAAQ,KAAK;AAAA,MACzC,aAAa,OAAO;AAAA,MACpB,SAAS,OAAO;AAAA,MAChB,YAAY,OAAO;AAAA,MACnB,OAAO,GAAQ;AAAA,MAEf,MAAM,WAAW,gBAAgB,eAAc,GAAG,KAAK,UAAU,IAAI;AAAA,MACrE,MAAM,OAAO,YAAY,eAAc,CAAC,QAAQ,CAAC;AAAA,MACjD,IAAI,aAAa,gBAAgB,aAAa,UAAU;AAAA,QACtD;AAAA,MACF;AAAA,MACA,MAAM;AAAA;AAAA,IAIR,IAAI,eAAe,wBAAwB,KAAK,gBAAgB;AAAA,MAC9D,QAAQ,kBAAU,MAAM,KAAK,aAAa;AAAA,MAC1C,MAAM,OAAO,YAAY,OAAM,QAAQ,CAAC,MAAK,CAAC;AAAA,MAC9C;AAAA,IACF;AAAA,IAGA,MAAM,UAAU,KAAK,SAAS,WAAW;AAAA,IACzC,MAAM,SAAS,QAAQ,IAAI,UAAU;AAAA,IACrC,IAAI,CAAC,QAAQ;AAAA,MACX,MAAM,YAAY,CAAC,GAAG,QAAQ,KAAK,CAAC,EAAE,KAAK;AAAA,MAC3C,MAAM,OAAM,IAAI,0BACd,oBAAoB,oCAAoC,UAAU,KAAK,IAAI,IAC7E;AAAA,MACA,MAAM,WAAW,gBAAgB,eAAc,MAAK,KAAK,UAAU,SAAS;AAAA,MAC5E,MAAM,OAAO,YAAY,eAAc,CAAC,QAAQ,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,IAMA,IAAI,KAAK,SAAS,yBAAyB,MAAM;AAAA,MAC/C,IAAI;AAAA,QACF,MAAM,KAAK,MAAM;AAAA,QACjB,KAAK,qBAAqB,IAAI,IAAI,oBAAoB,CAAC;AAAA,QACvD,OAAO,KAAK;AAAA,QACZ,MAAM,YAAY,OAAO,+BAA4B,OAAO,eAAe;AAAA,QAC3E,MAAM,WAAW,gBAAgB,WAAW,KAAc,KAAK,UAAU,SAAS;AAAA,QAClF,MAAM,OAAO,YAAY,WAAW,CAAC,QAAQ,CAAC;AAAA,QAC9C;AAAA;AAAA,IAEJ;AAAA,IAGA,MAAM,aAAa,OAAO,+BAA4B,UAAU;AAAA,IAGhE,IAAI;AAAA,IACJ,IAAI;AAAA,MACF,cAAc,eAAe,KAAY;AAAA,MACzC,MAAM;AAAA,IAIR,IAAI;AAAA,IACJ,IAAI,eAAe,UAAU;AAAA,MAC3B,WAAW,eAAe;AAAA,IAC5B;AAAA,IAEA,QAAQ,iBAAiB,MAAM,KAAK,aAAa;AAAA,IACjD,MAAM,OAAqB;AAAA,MACzB,QAAQ;AAAA,MACR;AAAA,MACA,UAAU,KAAK;AAAA,MACf;AAAA,MACA,UAAU,KAAK,SAAS;AAAA,MACxB;AAAA,MACA,iBAAiB,KAAK;AAAA,MACtB;AAAA,MACA,WAAW;AAAA,MACX,YAAY;AAAA,MACZ,eAAe;AAAA,MACf,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,IACF;AAAA,IACA,MAAM,QAAwB;AAAA,MAC5B,cAAc;AAAA,MACd,eAAe;AAAA,MACf,WAAW;AAAA,MACX,YAAY;AAAA,MACZ,YAAY;AAAA,MACZ,aAAa;AAAA,IACf;AAAA,IAEA,MAAM,QAAQ,KAAK,cAAc,gBAAgB,IAAI;AAAA,IACrD,IAAI;AAAA,IAEJ,cAAc,QAAQ,OAAO,QAAQ;AAAA,IAErC,IAAI;AAAA,MACF,IAAI,OAAO,8BAA2B;AAAA,QACpC,MAAM,cAAc,QAAQ,QAAQ,QAAQ,KAAK,UAAU,WAAW,KAAK,iCAAkC;AAAA,MAC/G,EAAO;AAAA,QACL,MAAM,eACJ,QACA,QACA,QACA,QACA,KAAK,UACL,WACA,KAAK,iCAEP;AAAA;AAAA,MAEF,OAAO,GAAG;AAAA,MACV,gBAAgB,aAAa,QAAQ,IAAI,IAAI,MAAM,OAAO,CAAC,CAAC;AAAA,MAC5D,MAAM;AAAA,cACN;AAAA,MACA,KAAK,cAAc,cAAc,OAAO,MAAM,OAAO,aAAa;AAAA;AAAA;AAGxE;",
|
|
62
|
+
"debugId": "577B8BC5B26DC1B764756E2164756E21",
|
|
25
63
|
"names": []
|
|
26
64
|
}
|