@r4-sdk/cli 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +21 -4
  2. package/lib/index.js +332 -1883
  3. package/lib/index.js.map +1 -1
  4. package/package.json +10 -10
package/lib/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/commands/agent/create.ts","../src/lib/client.ts","../src/lib/command-options.ts","../src/lib/output.ts","../src/lib/errors.ts","../src/lib/config.ts","../src/lib/profile-paths.ts","../src/lib/credentials-store.ts","../src/lib/private-key.ts","../src/lib/runtime-config.ts","../src/lib/resolve-auth.ts","../src/commands/agent/get.ts","../src/commands/agent/get-tenant-roles.ts","../src/commands/agent/init.ts","../src/commands/doctor.ts","../../node/lib/index.js","../src/lib/doctor.ts","../src/lib/credentials-file.ts","../src/lib/profile-identity.ts","../src/lib/profile-manager.ts","../src/lib/prompt.ts","../src/commands/agent/list.ts","../src/commands/agent/set-tenant-roles.ts","../src/commands/agent/update.ts","../src/commands/agent/index.ts","../src/commands/auth/diagnose.ts","../src/commands/auth/login.ts","../src/commands/auth/logout.ts","../src/commands/auth/register-agent.ts","../src/lib/public-auth-client.ts","../src/lib/register-agent.ts","../src/commands/auth/status.ts","../src/commands/auth/whoami.ts","../src/commands/profile/show.ts","../src/lib/profile-report.ts","../src/commands/auth/index.ts","../src/commands/billing/readiness.ts","../src/commands/billing/index.ts","../src/commands/budget/create.ts","../src/lib/json-input.ts","../src/commands/budget/list.ts","../src/commands/budget/index.ts","../src/commands/configure.ts","../src/commands/domain/add.ts","../src/commands/domain/list.ts","../src/commands/domain/verify.ts","../src/commands/domain/index.ts","../src/commands/feedback/submit.ts","../src/commands/feedback/index.ts","../src/commands/machine/request.ts","../src/commands/machine/index.ts","../src/commands/monitoring/entity-counts.ts","../src/commands/monitoring/index.ts","../src/commands/permissions/security-groups.ts","../src/commands/permissions/set.ts","../src/commands/permissions/index.ts","../src/commands/profile/list.ts","../src/commands/profile/use.ts","../src/commands/profile/index.ts","../src/commands/space/info.ts","../src/commands/space/index.ts","../src/commands/vault/create.ts","../src/commands/vault/create-item.ts","../src/commands/vault/list.ts","../src/commands/vault/list-items.ts","../src/commands/vault/items.ts","../src/commands/vault/list-vaults.ts","../src/commands/vault/get.ts","../src/commands/vault/search.ts","../src/commands/vault/index.ts","../src/commands/project/add-vault.ts","../src/commands/project/list.ts","../src/commands/project/get.ts","../src/commands/project/create.ts","../src/commands/project/set-agents.ts","../src/commands/project/index.ts","../src/commands/run/index.ts","../src/commands/security-group/create.ts","../src/commands/security-group/index.ts"],"sourcesContent":["import { Command } from 'commander'\nimport { registerAgentCommands } from './commands/agent/index.js'\nimport { registerAuthCommands } from './commands/auth/index.js'\nimport { registerBillingCommands } from './commands/billing/index.js'\nimport { registerBudgetCommands } from './commands/budget/index.js'\nimport { configureCommand } from './commands/configure.js'\nimport { registerDomainCommands } from './commands/domain/index.js'\nimport { doctorCommand } from './commands/doctor.js'\nimport { registerFeedbackCommands } from './commands/feedback/index.js'\nimport { registerMachineCommands } from './commands/machine/index.js'\nimport { registerMonitoringCommands } from './commands/monitoring/index.js'\nimport { registerPermissionsCommands } from './commands/permissions/index.js'\nimport { registerProfileCommands } from './commands/profile/index.js'\nimport { registerSpaceCommands } from './commands/space/index.js'\nimport { registerVaultCommands } from './commands/vault/index.js'\nimport { registerProjectCommands } from './commands/project/index.js'\nimport { registerRunCommand } from './commands/run/index.js'\nimport { registerSecurityGroupCommands } from './commands/security-group/index.js'\n\n/**\n * R4 CLI entry point.\n *\n * Sets up the commander program with global options and command groups:\n * - auth: Manage API key authentication\n * - vault: Manage vault secrets\n * - project: Manage projects\n * - run: Execute commands with vault secrets injected as env vars\n */\nconst program = new Command()\n\nprogram\n .name('r4')\n .description('R4 CLI — manage vaults, projects, and secrets from the terminal')\n .version('1.0.0')\n .option('--api-key <key>', 'API key (overrides R4_API_KEY env var and config file)')\n .option('--profile <name>', 'CLI profile name (overrides R4_PROFILE and the saved current profile)')\n .option('--project-id <id>', 'Optional project ID filter (overrides R4_PROJECT_ID env var and config file)')\n .option('--dev', 'Use https://dev.r4.dev unless an explicit base URL override is set')\n .option('--base-url <url>', 'API base URL (default: https://r4.dev)')\n .option('--private-key-path <path>', 'Path to the agent private key PEM (overrides R4_PRIVATE_KEY_PATH env var and config file)')\n .option('--trust-store-path <path>', 'Path to the local signer trust-store JSON (overrides R4_TRUST_STORE_PATH env var and config file)')\n .option('--json', 'Output as JSON for scripting and piping', false)\n\nregisterAgentCommands(program)\nregisterAuthCommands(program)\nregisterBillingCommands(program)\nregisterBudgetCommands(program)\nprogram.addCommand(configureCommand())\nregisterDomainCommands(program)\nregisterFeedbackCommands(program)\nregisterMachineCommands(program)\nregisterMonitoringCommands(program)\nregisterPermissionsCommands(program)\nregisterProfileCommands(program)\nregisterSecurityGroupCommands(program)\nregisterSpaceCommands(program)\nregisterVaultCommands(program)\nregisterProjectCommands(program)\nregisterRunCommand(program)\nprogram.addCommand(doctorCommand())\n\nprogram.parse()\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { CreateAgentRequest, GlobalOptions } from '../../types.js'\n\nfunction buildCreateAgentBody(options: {\n name: string\n domainTenantId: string\n budgetId?: string\n securityGroupId: string[]\n vaultId?: string\n permission: string[]\n newBudgetName?: string\n newBudgetDescription?: string\n newBudgetTarget?: string\n}): CreateAgentRequest {\n if (options.newBudgetTarget && !options.newBudgetName) {\n throw new Error('Provide --new-budget-name when using --new-budget-target.')\n }\n\n if (options.newBudgetName && !options.newBudgetTarget) {\n throw new Error('Provide --new-budget-target when using --new-budget-name.')\n }\n\n return {\n name: options.name,\n domainTenantId: options.domainTenantId,\n budgetId: options.budgetId,\n securityGroupIds: options.securityGroupId,\n vaultId: options.vaultId,\n permissions: options.permission.length > 0 ? options.permission : undefined,\n newBudget: options.newBudgetName\n ? {\n name: options.newBudgetName,\n description: options.newBudgetDescription,\n target: Number(options.newBudgetTarget),\n }\n : undefined,\n }\n}\n\n/** `r4 agent create` provisions an agent and returns the one-time API secret. */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a new agent')\n .requiredOption('--name <name>', 'Agent name')\n .requiredOption('--domain-tenant-id <id>', 'Target domain tenant ID')\n .option('--budget-id <id>', 'Existing budget ID to assign')\n .option('--vault-id <id>', 'Optional vault ID to store credentials in')\n .option('--new-budget-name <name>', 'Create and assign a new per-agent budget')\n .option('--new-budget-description <text>', 'Description for the new per-agent budget')\n .option('--new-budget-target <amount>', 'Target amount for the new per-agent budget')\n .option(\n '--security-group-id <id>',\n 'Security group IDs (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .option(\n '--permission <grant>',\n 'Machine permission grant (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .action(\n withErrorHandler(\n async (\n options: {\n name: string\n domainTenantId: string\n budgetId?: string\n securityGroupId: string[]\n vaultId?: string\n permission: string[]\n newBudgetName?: string\n newBudgetDescription?: string\n newBudgetTarget?: string\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const body = buildCreateAgentBody(options)\n\n const spinner = ora('Creating agent...').start()\n const response = await client.createAgent(body)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Created agent \"${response.name}\"`)\n printDetail(\n [\n ['ID', response.id],\n ['Access Key', response.accessKey],\n ['Access Secret', response.accessSecret],\n ['Vault Item', response.vaultItemId],\n ],\n false,\n )\n },\n ),\n )\n}\n","import type {\n AgentCreatedResponse,\n AgentDetail,\n AgentListResponse,\n AgentTenantRolesResponse,\n AddDomainResponse,\n AssociateProjectVaultRequest,\n BillingReadinessResponse,\n BudgetSummary,\n CreateBudgetRequest,\n CreateAgentRequest,\n CreateSecurityGroupRequest,\n DomainStatus,\n MonitoringEntityCountsResponse,\n PermissionAssetType,\n ProjectAgentsResponse,\n JsonValue,\n ListMachineVaultItemsResponse,\n ListMachineVaultsResponse,\n MachineIdentityResponse,\n MachineRequestMethod,\n MachineRequestResponse,\n SecurityGroupListResponse,\n SetPermissionsRequest,\n SubmitMachineFeedbackRequest,\n SubmitMachineFeedbackResponse,\n UpdateAgentRequest,\n UpdateAgentTenantRolesRequest,\n UpdateProjectAgentsRequest,\n ProjectListResponse,\n ProjectDetail,\n CreateProjectRequest,\n CreateProjectResponse,\n MachineAgentPublicKeyResponse,\n MachineWrappedKeyResponse,\n VerifyDomainResponse,\n VaultMutationResponse,\n} from '../types.js'\n\n/**\n * Lightweight machine-API client for CLI commands that only need metadata or\n * direct machine endpoints without going through the zero-trust SDK runtime.\n */\nexport class CliClient {\n private apiKey: string\n private baseUrl: string\n\n constructor(apiKey: string, baseUrl: string) {\n this.apiKey = apiKey\n this.baseUrl = baseUrl.replace(/\\/$/, '')\n }\n\n private normalizeMachinePath(path: string): string {\n if (!path || /^\\w+:\\/\\//.test(path)) {\n throw new Error('Machine request path must be a relative machine API path.')\n }\n\n const normalizedPath = path.startsWith('/') ? path : `/${path}`\n return normalizedPath.startsWith('/api/v1/machine')\n ? normalizedPath\n : `/api/v1/machine${normalizedPath}`\n }\n\n /**\n * Make an authenticated request to the machine API.\n * Handles error responses consistently with the SDK pattern.\n */\n private async request<T>(method: string, path: string, body?: unknown): Promise<T> {\n const url = `${this.baseUrl}${path}`\n\n const response = await fetch(url, {\n method,\n headers: {\n 'X-API-Key': this.apiKey,\n 'Content-Type': 'application/json',\n },\n body: body ? JSON.stringify(body) : undefined,\n })\n\n if (!response.ok) {\n const errorBody = (await response.json().catch(() => ({}))) as Record<string, unknown>\n const error = errorBody?.error as Record<string, unknown> | undefined\n const errorMessage = error?.message || `HTTP ${response.status}: ${response.statusText}`\n const errorCode =\n typeof error?.code === 'string'\n ? ` [${error.code}]`\n : ''\n throw new Error(`R4 API Error${errorCode}: ${errorMessage}`)\n }\n\n if (response.status === 204) {\n return undefined as T\n }\n\n const responseText = await response.text()\n if (!responseText) {\n return undefined as T\n }\n\n try {\n return JSON.parse(responseText) as T\n } catch {\n return responseText as unknown as T\n }\n }\n\n /** Call any existing machine API route through the authenticated CLI client. */\n async requestMachine<T = MachineRequestResponse>(params: {\n method: MachineRequestMethod\n path: string\n body?: JsonValue\n }): Promise<T> {\n return this.request<T>(params.method, this.normalizeMachinePath(params.path), params.body)\n }\n\n /** Register or re-confirm the local agent runtime public key. */\n async registerAgentPublicKey(body: {\n publicKey: string\n previousEncryptionKeyId?: string\n rotationSignature?: string\n }): Promise<MachineAgentPublicKeyResponse> {\n return this.request<MachineAgentPublicKeyResponse>(\n 'POST',\n '/api/v1/machine/vault/public-key',\n body,\n )\n }\n\n /** Read the authenticated machine principal and resolved policy context. */\n async getMachineIdentity(): Promise<MachineIdentityResponse> {\n return this.request<MachineIdentityResponse>('GET', '/api/v1/machine/me')\n }\n\n /** List all visible vaults for the authenticated machine principal. */\n async listVaults(projectId?: string): Promise<ListMachineVaultsResponse> {\n const search = projectId ? `?projectId=${encodeURIComponent(projectId)}` : ''\n return this.request<ListMachineVaultsResponse>('GET', `/api/v1/machine/vault${search}`)\n }\n\n /** Create a checkpoint-signed machine vault from a prebuilt JSON payload. */\n async createVault(body: JsonValue): Promise<VaultMutationResponse> {\n return this.request<VaultMutationResponse>('POST', '/api/v1/machine/vault', body)\n }\n\n /** Retrieve the active wrapped DEK for the current agent on a vault. */\n async getAgentWrappedKey(vaultId: string): Promise<MachineWrappedKeyResponse> {\n return this.request<MachineWrappedKeyResponse>(\n 'GET',\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/wrapped-key`,\n )\n }\n\n /** List lightweight metadata for all items in a vault. */\n async listVaultItems(vaultId: string): Promise<ListMachineVaultItemsResponse> {\n return this.request<ListMachineVaultItemsResponse>(\n 'GET',\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/items`,\n )\n }\n\n /** Create a checkpoint-signed vault item from a prebuilt JSON payload. */\n async createVaultItem(vaultId: string, body: JsonValue): Promise<VaultMutationResponse> {\n return this.request<VaultMutationResponse>(\n 'POST',\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/items`,\n body,\n )\n }\n\n /** List all projects. GET /api/v1/machine/project */\n async listProjects(): Promise<ProjectListResponse> {\n return this.request<ProjectListResponse>('GET', '/api/v1/machine/project')\n }\n\n /** List visible budgets and their active windows. */\n async listBudgets(): Promise<BudgetSummary[]> {\n return this.request<BudgetSummary[]>('GET', '/api/v1/machine/budget')\n }\n\n /** Create a budget through the machine billing surface. */\n async createBudget(data: CreateBudgetRequest): Promise<void> {\n await this.request<void>('POST', '/api/v1/machine/budget', data)\n }\n\n /** Get project details. GET /api/v1/machine/project/:id */\n async getProject(id: string): Promise<ProjectDetail> {\n return this.request<ProjectDetail>('GET', `/api/v1/machine/project/${id}`)\n }\n\n /** Create a new project. POST /api/v1/machine/project */\n async createProject(data: CreateProjectRequest): Promise<CreateProjectResponse> {\n return this.request<CreateProjectResponse>('POST', '/api/v1/machine/project', data)\n }\n\n /** List all visible agents for the authenticated principal. */\n async listAgents(): Promise<AgentListResponse> {\n return this.request<AgentListResponse>('GET', '/api/v1/machine/agent')\n }\n\n /** Fetch a single agent by ID. */\n async getAgent(id: string): Promise<AgentDetail> {\n return this.request<AgentDetail>('GET', `/api/v1/machine/agent/${encodeURIComponent(id)}`)\n }\n\n /** Create a new agent and return the one-time API key secret. */\n async createAgent(data: CreateAgentRequest): Promise<AgentCreatedResponse> {\n return this.request<AgentCreatedResponse>('POST', '/api/v1/machine/agent', data)\n }\n\n /** Update mutable agent metadata such as budget and security-group memberships. */\n async updateAgent(id: string, data: UpdateAgentRequest): Promise<void> {\n await this.request<void>('PATCH', `/api/v1/machine/agent/${encodeURIComponent(id)}`, data)\n }\n\n /** Read the explicit and inherited tenant roles for an agent. */\n async getAgentTenantRoles(id: string): Promise<AgentTenantRolesResponse> {\n return this.request<AgentTenantRolesResponse>(\n 'GET',\n `/api/v1/machine/agent/${encodeURIComponent(id)}/tenant-roles`,\n )\n }\n\n /** Replace the explicit tenant roles on an agent. */\n async updateAgentTenantRoles(\n id: string,\n data: UpdateAgentTenantRolesRequest,\n ): Promise<void> {\n await this.request<void>(\n 'PATCH',\n `/api/v1/machine/agent/${encodeURIComponent(id)}/tenant-roles`,\n data,\n )\n }\n\n /** Create a tenant security group. */\n async createSecurityGroup(data: CreateSecurityGroupRequest): Promise<void> {\n await this.request<void>('POST', '/api/v1/machine/tenant-admin/create-security-group', data)\n }\n\n /** List visible security groups through the permissions surface. */\n async listSecurityGroups(): Promise<SecurityGroupListResponse> {\n return this.request<SecurityGroupListResponse>('GET', '/api/v1/machine/permissions/security-groups')\n }\n\n /** Replace permissions for an asset in one request. */\n async setPermissions(\n assetType: PermissionAssetType,\n id: string,\n data: SetPermissionsRequest,\n ): Promise<void> {\n await this.request<void>(\n 'POST',\n `/api/v1/machine/permissions/${assetType}/${encodeURIComponent(id)}/set-permissions`,\n data,\n )\n }\n\n /** Associate a vault with a project. */\n async associateProjectVault(data: AssociateProjectVaultRequest): Promise<void> {\n await this.request<void>('POST', '/api/v1/machine/project/associate-vault', data)\n }\n\n /** Read explicit project agent membership. */\n async getProjectAgents(id: string): Promise<ProjectAgentsResponse> {\n const agents = await this.request<ProjectAgentsResponse['agents']>(\n 'GET',\n `/api/v1/machine/project/project/${encodeURIComponent(id)}/agents`,\n )\n\n return { agents }\n }\n\n /** Replace explicit project agent membership. */\n async updateProjectAgents(id: string, data: UpdateProjectAgentsRequest): Promise<void> {\n await this.request<void>(\n 'PATCH',\n `/api/v1/machine/project/project/${encodeURIComponent(id)}/update-agents`,\n data,\n )\n }\n\n /** Submit structured product feedback from an AGENT-scoped key. */\n async submitFeedback(data: SubmitMachineFeedbackRequest): Promise<SubmitMachineFeedbackResponse> {\n return this.request<SubmitMachineFeedbackResponse>('POST', '/api/v1/machine/feedback', data)\n }\n\n /** List org domains visible to the current machine principal. */\n async listDomains(): Promise<DomainStatus[]> {\n return this.request<DomainStatus[]>('GET', '/api/v1/machine/domain/list')\n }\n\n /** Register a new external domain. */\n async addDomain(domain: string): Promise<AddDomainResponse> {\n return this.request<AddDomainResponse>('POST', '/api/v1/machine/domain/add', { domain })\n }\n\n /** Trigger domain verification. */\n async verifyDomain(id: string): Promise<VerifyDomainResponse> {\n return this.request<VerifyDomainResponse>(\n 'POST',\n `/api/v1/machine/domain/${encodeURIComponent(id)}/verify`,\n )\n }\n\n /** Read the org billing readiness summary. */\n async getBillingReadiness(): Promise<BillingReadinessResponse> {\n return this.request<BillingReadinessResponse>('GET', '/api/v1/machine/billing/readiness')\n }\n\n /** Read monitoring entity counts scoped to the current machine session. */\n async getMonitoringEntityCounts(): Promise<MonitoringEntityCountsResponse> {\n return this.request<MonitoringEntityCountsResponse>(\n 'GET',\n '/api/v1/machine/monitoring/entity-counts',\n )\n }\n}\n","/**\n * Collect repeated Commander option values while also accepting comma-separated\n * input for convenience in shell scripts.\n */\nexport function collectOptionValues(value: string, previous: string[] = []): string[] {\n const nextValues = value\n .split(',')\n .map((entry) => entry.trim())\n .filter(Boolean)\n\n return [...previous, ...nextValues]\n}\n","import chalk from 'chalk'\nimport Table from 'cli-table3'\n\n/**\n * Print data as a formatted table, or as JSON if --json flag is set.\n */\nexport function printTable(\n headers: string[],\n rows: string[][],\n jsonMode: boolean,\n jsonData?: unknown,\n): void {\n if (jsonMode) {\n console.log(JSON.stringify(jsonData ?? rows, null, 2))\n return\n }\n\n const table = new Table({\n head: headers.map((h) => chalk.cyan(h)),\n style: { head: [], border: [] },\n })\n for (const row of rows) {\n table.push(row)\n }\n console.log(table.toString())\n}\n\n/**\n * Print a key-value detail view.\n */\nexport function printDetail(\n entries: [string, string | null | undefined][],\n jsonMode: boolean,\n jsonData?: unknown,\n): void {\n if (jsonMode) {\n console.log(JSON.stringify(jsonData, null, 2))\n return\n }\n\n const maxLen = Math.max(...entries.map(([k]) => k.length))\n for (const [key, value] of entries) {\n const label = chalk.gray(key.padEnd(maxLen))\n const val = value ?? chalk.dim('(empty)')\n console.log(` ${label} ${val}`)\n }\n}\n\n/** Print a success message */\nexport function success(message: string): void {\n console.log(chalk.green('✓') + ' ' + message)\n}\n\n/** Print a warning */\nexport function warn(message: string): void {\n console.log(chalk.yellow('!') + ' ' + message)\n}\n\n/** Print an error message to stderr */\nexport function printError(message: string): void {\n console.error(chalk.red('✗') + ' ' + message)\n}\n","import { printError } from './output.js'\n\nfunction formatErrorMessage(message: string): string {\n if (\n message.includes('[wrapped_key_not_found]') ||\n message.includes('No wrapped key found for this agent and vault.')\n ) {\n return (\n `${message}\\n\\n` +\n 'Remediation:\\n' +\n ' - Make sure the vault or vault item is shared with this agent, one of its security groups, or one of its projects.\\n' +\n ' - If you just created or rotated the local runtime key, re-run `r4 agent init` and then re-wrap access for the agent.\\n' +\n ' - Run `r4 doctor` to see which visible vaults are missing wrapped keys.'\n )\n }\n\n if (message.includes('failed to register the local agent public key')) {\n return (\n `${message}\\n\\n` +\n 'Remediation:\\n' +\n ' - Use an AGENT-scoped API key.\\n' +\n ' - Point `--private-key-path` at the matching local PEM file, or run `r4 agent init` to generate and register one automatically.\\n' +\n ' - If you intentionally target a non-production environment, include `--dev` or set `R4_DEV=1`.'\n )\n }\n\n return message\n}\n\n/**\n * Wrap a command handler to catch errors and exit with proper codes.\n * Formats R4 API errors and auth errors with helpful messages.\n */\nexport function withErrorHandler<T extends unknown[]>(\n fn: (...args: T) => Promise<void>,\n): (...args: T) => Promise<void> {\n return async (...args: T) => {\n try {\n await fn(...args)\n } catch (err) {\n if (err instanceof Error) {\n printError(formatErrorMessage(err.message))\n } else {\n printError('An unexpected error occurred')\n }\n process.exit(1)\n }\n }\n}\n","import fs from 'node:fs'\nimport type {\n LegacyR4ConfigFile,\n MachinePrincipalType,\n R4ConfigFile,\n R4ProfileConfig,\n R4ProfileIdentityCache,\n} from '../types.js'\nimport {\n ensureSecureDirectory,\n getProfileDir,\n getR4HomeDir,\n writeSecureFile,\n} from './profile-paths.js'\n\nexport const DEFAULT_PROFILE_NAME = 'default'\n\nfunction emptyConfig(): R4ConfigFile {\n return {\n version: 3,\n currentProfile: DEFAULT_PROFILE_NAME,\n profiles: {\n [DEFAULT_PROFILE_NAME]: {},\n },\n }\n}\n\nfunction sanitizeIdentityCache(identity: unknown): R4ProfileIdentityCache | undefined {\n if (!identity || typeof identity !== 'object') {\n return undefined\n }\n\n const value = identity as Partial<R4ProfileIdentityCache>\n const nextIdentity: R4ProfileIdentityCache = {}\n\n if (typeof value.apiKeyId === 'string' && value.apiKeyId.trim()) {\n nextIdentity.apiKeyId = value.apiKeyId.trim()\n }\n if (typeof value.apiKeyName === 'string' && value.apiKeyName.trim()) {\n nextIdentity.apiKeyName = value.apiKeyName.trim()\n }\n if (\n value.apiKeyScope === 'ORG' ||\n value.apiKeyScope === 'TENANT' ||\n value.apiKeyScope === 'USER' ||\n value.apiKeyScope === 'AGENT'\n ) {\n nextIdentity.apiKeyScope = value.apiKeyScope\n }\n if (typeof value.policySummary === 'string' && value.policySummary.trim()) {\n nextIdentity.policySummary = value.policySummary.trim()\n }\n if (\n value.principalType === 'AGENT' ||\n value.principalType === 'ORG_USER' ||\n value.principalType === 'ACCOUNT' ||\n value.principalType === 'UNKNOWN'\n ) {\n nextIdentity.principalType = value.principalType as MachinePrincipalType\n }\n if (typeof value.principalId === 'string' && value.principalId.trim()) {\n nextIdentity.principalId = value.principalId.trim()\n }\n if (typeof value.principalLabel === 'string' && value.principalLabel.trim()) {\n nextIdentity.principalLabel = value.principalLabel.trim()\n }\n if (typeof value.orgId === 'string' && value.orgId.trim()) {\n nextIdentity.orgId = value.orgId.trim()\n }\n if (typeof value.orgName === 'string' && value.orgName.trim()) {\n nextIdentity.orgName = value.orgName.trim()\n }\n if (typeof value.tenantId === 'string' && value.tenantId.trim()) {\n nextIdentity.tenantId = value.tenantId.trim()\n }\n if (typeof value.tenantName === 'string' && value.tenantName.trim()) {\n nextIdentity.tenantName = value.tenantName.trim()\n }\n if (\n value.contextType === 'ORG' ||\n value.contextType === 'TENANT' ||\n value.contextType === 'WORKSPACE' ||\n value.contextType === 'USER' ||\n value.contextType === 'GLOBAL'\n ) {\n nextIdentity.contextType = value.contextType\n }\n if (\n value.contextId === null ||\n (typeof value.contextId === 'string' && value.contextId.trim())\n ) {\n nextIdentity.contextId = value.contextId ?? null\n }\n if (typeof value.lastResolvedAt === 'string' && value.lastResolvedAt.trim()) {\n nextIdentity.lastResolvedAt = value.lastResolvedAt.trim()\n }\n\n return Object.keys(nextIdentity).length > 0 ? nextIdentity : undefined\n}\n\nfunction sanitizeProfileConfig(profile: unknown): R4ProfileConfig {\n if (!profile || typeof profile !== 'object') {\n return {}\n }\n\n const value = profile as Partial<R4ProfileConfig>\n const nextProfile: R4ProfileConfig = {}\n\n if (typeof value.baseUrl === 'string' && value.baseUrl.trim()) {\n nextProfile.baseUrl = value.baseUrl.trim()\n }\n if (typeof value.dev === 'boolean') {\n nextProfile.dev = value.dev\n }\n if (typeof value.projectId === 'string' && value.projectId.trim()) {\n nextProfile.projectId = value.projectId.trim()\n }\n if (typeof value.privateKeyPath === 'string' && value.privateKeyPath.trim()) {\n nextProfile.privateKeyPath = value.privateKeyPath.trim()\n }\n if (typeof value.trustStorePath === 'string' && value.trustStorePath.trim()) {\n nextProfile.trustStorePath = value.trustStorePath.trim()\n }\n if (typeof value.agentId === 'string' && value.agentId.trim()) {\n nextProfile.agentId = value.agentId.trim()\n }\n if (typeof value.agentName === 'string' && value.agentName.trim()) {\n nextProfile.agentName = value.agentName.trim()\n }\n const identity = sanitizeIdentityCache(value.identity)\n if (identity) {\n nextProfile.identity = identity\n }\n\n return nextProfile\n}\n\nfunction hasLegacyTopLevelProfileFields(config: LegacyR4ConfigFile): boolean {\n return Boolean(\n config.baseUrl ||\n config.dev !== undefined ||\n config.projectId ||\n config.privateKeyPath ||\n config.trustStorePath ||\n config.agentId ||\n config.agentName ||\n config.identity,\n )\n}\n\nfunction normalizeConfig(raw: unknown): R4ConfigFile {\n if (!raw || typeof raw !== 'object') {\n return emptyConfig()\n }\n\n const parsed = raw as LegacyR4ConfigFile\n const nextConfig = emptyConfig()\n\n if (parsed.profiles && typeof parsed.profiles === 'object') {\n const entries = Object.entries(parsed.profiles)\n .filter(([name]) => typeof name === 'string' && name.trim().length > 0)\n .map(([name, profile]) => [name.trim(), sanitizeProfileConfig(profile)] as const)\n\n if (entries.length > 0) {\n nextConfig.profiles = Object.fromEntries(entries)\n }\n }\n\n if (hasLegacyTopLevelProfileFields(parsed)) {\n nextConfig.profiles[DEFAULT_PROFILE_NAME] = {\n ...nextConfig.profiles[DEFAULT_PROFILE_NAME],\n ...sanitizeProfileConfig(parsed),\n }\n }\n\n const configuredCurrentProfile =\n typeof parsed.currentProfile === 'string' && parsed.currentProfile.trim()\n ? parsed.currentProfile.trim()\n : DEFAULT_PROFILE_NAME\n\n nextConfig.currentProfile =\n nextConfig.profiles[configuredCurrentProfile] !== undefined\n ? configuredCurrentProfile\n : Object.keys(nextConfig.profiles)[0] ?? DEFAULT_PROFILE_NAME\n\n if (Object.keys(nextConfig.profiles).length === 0) {\n return emptyConfig()\n }\n\n return nextConfig\n}\n\n/**\n * Load the R4 config file from ~/.r4/config.json.\n * Returns an empty normalized config if the file does not exist or is invalid.\n */\nexport function loadConfig(): R4ConfigFile {\n try {\n const raw = fs.readFileSync(getConfigPath(), 'utf8')\n return normalizeConfig(JSON.parse(raw))\n } catch {\n return emptyConfig()\n }\n}\n\n/**\n * Save the R4 config file to ~/.r4/config.json.\n * Creates the ~/.r4 directory if it does not exist.\n */\nexport function saveConfig(config: R4ConfigFile): void {\n ensureSecureDirectory(getR4HomeDir())\n writeSecureFile(getConfigPath(), JSON.stringify(config, null, 2) + '\\n')\n}\n\n/**\n * Remove the R4 config file.\n */\nexport function clearConfig(): void {\n try {\n fs.unlinkSync(getConfigPath())\n } catch {\n // File doesn't exist, nothing to do\n }\n}\n\n/**\n * Get the path to the config file (for display purposes).\n */\nexport function getConfigPath(): string {\n return `${getR4HomeDir()}/config.json`\n}\n\n/** Returns the configured profile names in deterministic order. */\nexport function getProfileNames(config: R4ConfigFile): string[] {\n return Object.keys(config.profiles).sort()\n}\n\n/** Returns the currently selected profile name. */\nexport function getCurrentProfileName(config: R4ConfigFile): string {\n return config.currentProfile\n}\n\n/** Resolve the effective profile name from CLI, env, and persisted config. */\nexport function getSelectedProfileName(\n config: R4ConfigFile,\n profileOverride?: string,\n envProfile?: string,\n): string {\n const selectedProfile = profileOverride || envProfile || config.currentProfile\n return selectedProfile?.trim() || DEFAULT_PROFILE_NAME\n}\n\n/** Return the saved settings for a single profile. */\nexport function getProfileConfig(\n config: R4ConfigFile,\n profileName: string,\n): R4ProfileConfig {\n return config.profiles[profileName] ?? {}\n}\n\n/** Upsert a single named profile while keeping the rest of the config intact. */\nexport function updateProfile(\n config: R4ConfigFile,\n profileName: string,\n profile: R4ProfileConfig,\n): R4ConfigFile {\n return {\n ...config,\n profiles: {\n ...config.profiles,\n [profileName]: profile,\n },\n }\n}\n\n/** Select the active profile for future commands. */\nexport function setCurrentProfile(\n config: R4ConfigFile,\n profileName: string,\n): R4ConfigFile {\n return {\n ...config,\n currentProfile: profileName,\n }\n}\n\n/** Remove a profile and fall back to the next available profile when needed. */\nexport function removeProfile(\n config: R4ConfigFile,\n profileName: string,\n): R4ConfigFile {\n const remainingProfiles = Object.fromEntries(\n Object.entries(config.profiles).filter(([name]) => name !== profileName),\n )\n\n if (Object.keys(remainingProfiles).length === 0) {\n return emptyConfig()\n }\n\n return {\n version: 3,\n currentProfile:\n config.currentProfile === profileName\n ? (Object.keys(remainingProfiles).sort()[0] ?? DEFAULT_PROFILE_NAME)\n : config.currentProfile,\n profiles: remainingProfiles,\n }\n}\n\n/** Managed storage directory for a named profile. */\nexport function getManagedProfileDir(profileName: string): string {\n return getProfileDir(profileName)\n}\n\n/** Remove the managed profile directory when it is empty. */\nexport function clearManagedProfileDirectory(profileName: string): void {\n const profileDir = getProfileDir(profileName)\n fs.rmSync(profileDir, { recursive: true, force: true })\n}\n","import fs from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\n\n/**\n * Convert a profile name into a filesystem-safe filename fragment.\n */\nexport function sanitizeProfileName(profileName: string): string {\n const sanitized = profileName\n .trim()\n .toLowerCase()\n .replace(/[^a-z0-9._-]+/g, '-')\n .replace(/^-+|-+$/g, '')\n\n return sanitized || 'default'\n}\n\n/** Root CLI state directory under the user's home directory. */\nexport function getR4HomeDir(): string {\n return path.join(os.homedir(), '.r4')\n}\n\n/** Directory that contains managed per-profile state. */\nexport function getProfilesDir(): string {\n return path.join(getR4HomeDir(), 'profiles')\n}\n\n/** Managed directory for a single named profile. */\nexport function getProfileDir(profileName: string): string {\n return path.join(getProfilesDir(), sanitizeProfileName(profileName))\n}\n\n/** Managed credential file for a named profile. */\nexport function getProfileCredentialsPath(profileName: string): string {\n return path.join(getProfileDir(profileName), 'credentials.json')\n}\n\n/** Managed private-key path for a named profile. */\nexport function getManagedPrivateKeyPath(profileName: string): string {\n return path.join(getProfileDir(profileName), 'private-key.pem')\n}\n\n/** Managed trust-store path for a named profile. */\nexport function getManagedTrustStorePath(profileName: string): string {\n return path.join(getProfileDir(profileName), 'trust-store.json')\n}\n\n/** Ensure a directory exists with restricted owner-only permissions. */\nexport function ensureSecureDirectory(dirPath: string): void {\n fs.mkdirSync(dirPath, { recursive: true, mode: 0o700 })\n fs.chmodSync(dirPath, 0o700)\n}\n\n/** Write a file with owner-only permissions. */\nexport function writeSecureFile(filePath: string, contents: string): void {\n ensureSecureDirectory(path.dirname(filePath))\n fs.writeFileSync(filePath, contents, {\n encoding: 'utf8',\n mode: 0o600,\n })\n fs.chmodSync(filePath, 0o600)\n}\n\n/** Best-effort removal helper for managed profile files. */\nexport function removeFileIfExists(filePath: string): void {\n try {\n fs.unlinkSync(filePath)\n } catch {\n // Ignore missing files.\n }\n}\n","import fs from 'node:fs'\nimport {\n getProfileCredentialsPath,\n writeSecureFile,\n} from './profile-paths.js'\n\nexport interface StoredProfileCredentials {\n version: 1\n accessKey: string\n secretKey: string\n savedAt: string\n}\n\nexport interface ApiKeyParts {\n accessKey: string\n secretKey: string\n}\n\n/**\n * Join split machine credentials into the `{accessKey}.{secret}` format.\n */\nexport function buildApiKeyFromParts(\n accessKey?: string,\n secretKey?: string,\n): string | undefined {\n if (!accessKey || !secretKey) {\n return undefined\n }\n\n return `${accessKey}.${secretKey}`\n}\n\n/**\n * Split a combined API key into the access key and secret halves.\n */\nexport function splitApiKey(apiKey?: string): ApiKeyParts | undefined {\n if (!apiKey) {\n return undefined\n }\n\n const trimmed = apiKey.trim()\n const separatorIndex = trimmed.indexOf('.')\n if (separatorIndex <= 0 || separatorIndex === trimmed.length - 1) {\n return undefined\n }\n\n return {\n accessKey: trimmed.slice(0, separatorIndex),\n secretKey: trimmed.slice(separatorIndex + 1),\n }\n}\n\nfunction sanitizeStoredCredentials(raw: unknown): StoredProfileCredentials | null {\n if (!raw || typeof raw !== 'object') {\n return null\n }\n\n const value = raw as Partial<StoredProfileCredentials>\n if (\n typeof value.accessKey !== 'string' ||\n typeof value.secretKey !== 'string' ||\n !value.accessKey.trim() ||\n !value.secretKey.trim()\n ) {\n return null\n }\n\n return {\n version: 1,\n accessKey: value.accessKey.trim(),\n secretKey: value.secretKey.trim(),\n savedAt:\n typeof value.savedAt === 'string' && value.savedAt.trim()\n ? value.savedAt.trim()\n : new Date().toISOString(),\n }\n}\n\n/** Load stored split credentials for a saved profile. */\nexport function loadProfileCredentials(profileName: string): StoredProfileCredentials | null {\n try {\n const raw = fs.readFileSync(getProfileCredentialsPath(profileName), 'utf8')\n return sanitizeStoredCredentials(JSON.parse(raw))\n } catch {\n return null\n }\n}\n\n/** Persist split credentials for a saved profile. */\nexport function saveProfileCredentials(\n profileName: string,\n credentials: ApiKeyParts,\n): StoredProfileCredentials {\n const stored: StoredProfileCredentials = {\n version: 1,\n accessKey: credentials.accessKey.trim(),\n secretKey: credentials.secretKey.trim(),\n savedAt: new Date().toISOString(),\n }\n writeSecureFile(\n getProfileCredentialsPath(profileName),\n JSON.stringify(stored, null, 2) + '\\n',\n )\n return stored\n}\n\n/** Delete the managed credentials file for a named profile. */\nexport function clearProfileCredentials(profileName: string): void {\n try {\n fs.unlinkSync(getProfileCredentialsPath(profileName))\n } catch {\n // Nothing to do when the file is already absent.\n }\n}\n","import crypto from 'node:crypto'\nimport fs from 'node:fs'\nimport path from 'node:path'\nimport {\n ensureSecureDirectory,\n getManagedPrivateKeyPath,\n sanitizeProfileName,\n writeSecureFile,\n} from './profile-paths.js'\n\nexport { sanitizeProfileName } from './profile-paths.js'\n\n/**\n * Default private-key path for a named profile.\n */\nexport function getDefaultPrivateKeyPath(profileName: string): string {\n return getManagedPrivateKeyPath(profileName)\n}\n\n/**\n * Resolve the best private-key path for the active profile.\n */\nexport function resolvePrivateKeyPath(params: {\n cliPath?: string\n envPath?: string\n profilePath?: string\n profileName: string\n allowDefaultIfMissing?: boolean\n}): {\n value?: string\n source: string | null\n} {\n if (params.cliPath) {\n return { value: params.cliPath, source: '--private-key-path flag' }\n }\n\n if (params.envPath) {\n return { value: params.envPath, source: 'R4_PRIVATE_KEY_PATH env var' }\n }\n\n if (params.profilePath) {\n return { value: params.profilePath, source: 'profile config' }\n }\n\n const defaultPath = getDefaultPrivateKeyPath(params.profileName)\n if (fs.existsSync(defaultPath) || params.allowDefaultIfMissing === true) {\n return { value: defaultPath, source: 'default profile key path' }\n }\n\n return { value: undefined, source: null }\n}\n\n/**\n * Load a PEM-encoded private key from disk.\n */\nexport function loadPrivateKey(privateKeyPath: string): string {\n return fs.readFileSync(path.resolve(privateKeyPath), 'utf8').trim()\n}\n\n/**\n * Derive the matching PEM-encoded public key from a PEM private key.\n */\nexport function derivePublicKey(privateKeyPem: string): string {\n return crypto.createPublicKey(privateKeyPem).export({\n type: 'spki',\n format: 'pem',\n }).toString()\n}\n\n/**\n * Ensure a local RSA private key exists on disk for the agent runtime.\n */\nexport function ensurePrivateKey(privateKeyPath: string): {\n privateKeyPem: string\n created: boolean\n} {\n const resolvedPath = path.resolve(privateKeyPath)\n\n if (fs.existsSync(resolvedPath)) {\n return {\n privateKeyPem: loadPrivateKey(resolvedPath),\n created: false,\n }\n }\n\n const keyPair = crypto.generateKeyPairSync('rsa', {\n modulusLength: 2048,\n publicKeyEncoding: {\n type: 'spki',\n format: 'pem',\n },\n privateKeyEncoding: {\n type: 'pkcs8',\n format: 'pem',\n },\n })\n\n ensureSecureDirectory(path.dirname(resolvedPath))\n writeSecureFile(resolvedPath, keyPair.privateKey.trim() + '\\n')\n\n return {\n privateKeyPem: keyPair.privateKey.trim(),\n created: true,\n }\n}\n","import type { GlobalOptions, R4ProfileConfig } from '../types.js'\n\nexport const R4_DEFAULT_API_BASE_URL = 'https://r4.dev'\nexport const R4_DEV_API_BASE_URL = 'https://dev.r4.dev'\n\ntype RuntimeModeSources = {\n cliBaseUrl?: string\n envBaseUrl?: string\n configBaseUrl?: string\n cliDev?: boolean\n envDev?: string\n configDev?: boolean\n}\n\nexport type ResolvedRuntimeMode = {\n baseUrl: string\n devMode: boolean\n}\n\nfunction normalizeBaseUrl(baseUrl: string): string {\n return baseUrl.replace(/\\/+$/, '')\n}\n\nfunction isTruthyEnvFlag(value?: string): boolean {\n if (!value) {\n return false\n }\n\n return ['1', 'true', 'yes', 'on'].includes(value.trim().toLowerCase())\n}\n\n/**\n * Resolve the effective API base URL and dev-mode state.\n * Any explicit base URL override wins over dev mode.\n */\nexport function resolveRuntimeMode(sources: RuntimeModeSources): ResolvedRuntimeMode {\n const explicitBaseUrl = sources.cliBaseUrl || sources.envBaseUrl || sources.configBaseUrl\n\n if (explicitBaseUrl) {\n return {\n baseUrl: explicitBaseUrl,\n devMode: normalizeBaseUrl(explicitBaseUrl) === R4_DEV_API_BASE_URL,\n }\n }\n\n const devMode =\n sources.cliDev === true ||\n isTruthyEnvFlag(sources.envDev) ||\n sources.configDev === true\n\n return {\n baseUrl: devMode ? R4_DEV_API_BASE_URL : R4_DEFAULT_API_BASE_URL,\n devMode,\n }\n}\n\n/**\n * Resolve the effective runtime mode from CLI flags, env vars, and config file.\n */\nexport function resolveRuntimeModeFromCli(\n opts: GlobalOptions,\n config: R4ProfileConfig,\n): ResolvedRuntimeMode {\n return resolveRuntimeMode({\n cliBaseUrl: opts.baseUrl,\n envBaseUrl: process.env.R4_BASE_URL,\n configBaseUrl: config.baseUrl,\n cliDev: opts.dev,\n envDev: process.env.R4_DEV,\n configDev: config.dev,\n })\n}\n\n/**\n * Apply runtime-related global options to a single persisted CLI profile.\n * Saving an explicit base URL clears saved dev mode, and saving dev mode\n * clears any saved base URL so the dev host actually takes effect.\n */\nexport function applyGlobalRuntimeOptionsToProfile(\n profile: R4ProfileConfig,\n opts: Pick<GlobalOptions, 'baseUrl' | 'dev' | 'projectId' | 'privateKeyPath' | 'trustStorePath'>,\n): R4ProfileConfig {\n const nextProfile: R4ProfileConfig = { ...profile }\n\n if (opts.baseUrl) {\n nextProfile.baseUrl = opts.baseUrl\n delete nextProfile.dev\n } else if (opts.dev === true) {\n nextProfile.dev = true\n delete nextProfile.baseUrl\n } else if (opts.dev === false) {\n delete nextProfile.dev\n delete nextProfile.baseUrl\n }\n\n if (opts.projectId) {\n nextProfile.projectId = opts.projectId\n }\n\n if (opts.privateKeyPath) {\n nextProfile.privateKeyPath = opts.privateKeyPath\n }\n\n if (opts.trustStorePath) {\n nextProfile.trustStorePath = opts.trustStorePath\n }\n\n return nextProfile\n}\n","import type { R4Config } from '@r4security/sdk'\nimport type {\n GlobalOptions,\n R4ConfigFile,\n R4ProfileConfig,\n} from '../types.js'\nimport {\n getProfileConfig,\n getSelectedProfileName,\n loadConfig,\n} from './config.js'\nimport {\n buildApiKeyFromParts,\n loadProfileCredentials,\n} from './credentials-store.js'\nimport {\n resolvePrivateKeyPath,\n} from './private-key.js'\nimport { getManagedTrustStorePath } from './profile-paths.js'\nimport { resolveRuntimeModeFromCli } from './runtime-config.js'\n\nexport type ResolvedConnection = {\n apiKey?: string\n apiKeySource: string\n baseUrl: string\n dev: boolean\n projectId?: string\n privateKeyPath?: string\n privateKeySource: string | null\n trustStorePath?: string\n trustStoreSource: string | null\n profileName: string\n profile: R4ProfileConfig\n configFile: R4ConfigFile\n}\n\nfunction resolveApiKey(\n opts: GlobalOptions,\n profileName: string,\n): { value?: string; source: string; incompleteSplitEnv: boolean } {\n if (opts.apiKey) {\n return {\n value: opts.apiKey,\n source: '--api-key flag',\n incompleteSplitEnv: false,\n }\n }\n\n if (process.env.R4_API_KEY) {\n return {\n value: process.env.R4_API_KEY,\n source: 'R4_API_KEY env var',\n incompleteSplitEnv: false,\n }\n }\n\n const splitEnvApiKey = buildApiKeyFromParts(\n process.env.R4_ACCESS_KEY,\n process.env.R4_SECRET_KEY,\n )\n if (splitEnvApiKey) {\n return {\n value: splitEnvApiKey,\n source: 'R4_ACCESS_KEY + R4_SECRET_KEY env vars',\n incompleteSplitEnv: false,\n }\n }\n\n const storedCredentials = loadProfileCredentials(profileName)\n const storedApiKey = buildApiKeyFromParts(\n storedCredentials?.accessKey,\n storedCredentials?.secretKey,\n )\n if (storedApiKey) {\n return {\n value: storedApiKey,\n source: `profile \"${profileName}\" credentials file`,\n incompleteSplitEnv: false,\n }\n }\n\n return {\n value: undefined,\n source: 'none',\n incompleteSplitEnv: Boolean(process.env.R4_ACCESS_KEY || process.env.R4_SECRET_KEY),\n }\n}\n\nfunction resolveProjectId(\n opts: GlobalOptions,\n profile: R4ProfileConfig,\n): string | undefined {\n return opts.projectId || process.env.R4_PROJECT_ID || profile.projectId\n}\n\nfunction resolveTrustStorePath(\n opts: GlobalOptions,\n profile: R4ProfileConfig,\n profileName: string,\n): {\n value?: string\n source: string | null\n} {\n if (opts.trustStorePath) {\n return { value: opts.trustStorePath, source: '--trust-store-path flag' }\n }\n\n if (process.env.R4_TRUST_STORE_PATH) {\n return { value: process.env.R4_TRUST_STORE_PATH, source: 'R4_TRUST_STORE_PATH env var' }\n }\n\n if (profile.trustStorePath) {\n return { value: profile.trustStorePath, source: 'profile config' }\n }\n\n return {\n value: getManagedTrustStorePath(profileName),\n source: 'default managed profile trust store',\n }\n}\n\n/**\n * Resolve runtime settings from CLI flags, environment variables, and the\n * selected saved profile without requiring local decryption by default.\n */\nexport function resolveConnection(\n opts: GlobalOptions,\n params?: {\n requireApiKey?: boolean\n requirePrivateKey?: boolean\n },\n): ResolvedConnection {\n const configFile = loadConfig()\n const profileName = getSelectedProfileName(\n configFile,\n opts.profile,\n process.env.R4_PROFILE,\n )\n const profile = getProfileConfig(configFile, profileName)\n const runtimeMode = resolveRuntimeModeFromCli(opts, profile)\n\n const apiKey = resolveApiKey(opts, profileName)\n const privateKey = resolvePrivateKeyPath({\n cliPath: opts.privateKeyPath,\n envPath: process.env.R4_PRIVATE_KEY_PATH,\n profilePath: profile.privateKeyPath,\n profileName,\n })\n const trustStorePath = resolveTrustStorePath(opts, profile, profileName)\n\n if (params?.requireApiKey && !apiKey.value) {\n throw new Error(\n 'No API key found. Provide one via:\\n' +\n ' --api-key <key> CLI flag\\n' +\n ' R4_API_KEY environment variable\\n' +\n ' R4_ACCESS_KEY + R4_SECRET_KEY environment variables\\n' +\n ' r4 configure run the guided profile setup\\n' +\n ' r4 auth login save it to a profile\\n' +\n ' r4 agent init bootstrap the full first-run flow' +\n (apiKey.incompleteSplitEnv\n ? '\\n\\nBoth R4_ACCESS_KEY and R4_SECRET_KEY must be set together.'\n : ''),\n )\n }\n\n if (params?.requirePrivateKey && !privateKey.value) {\n throw new Error(\n 'No private key path found. Provide one via:\\n' +\n ' --private-key-path <path> CLI flag\\n' +\n ' R4_PRIVATE_KEY_PATH environment variable\\n' +\n ' profile config saved privateKeyPath\\n' +\n ` r4 configure generate a key at ${resolvePrivateKeyPath({\n profileName,\n allowDefaultIfMissing: true,\n }).value}`,\n )\n }\n\n return {\n apiKey: apiKey.value,\n apiKeySource: apiKey.source,\n baseUrl: runtimeMode.baseUrl,\n dev: runtimeMode.devMode,\n projectId: resolveProjectId(opts, profile),\n privateKeyPath: privateKey.value,\n privateKeySource: privateKey.source,\n trustStorePath: trustStorePath.value,\n trustStoreSource: trustStorePath.source,\n profileName,\n profile,\n configFile,\n }\n}\n\n/**\n * Resolve the SDK's zero-trust auth config for commands that decrypt locally.\n */\nexport function resolveAuth(opts: GlobalOptions): R4Config {\n const connection = resolveConnection(opts, {\n requireApiKey: true,\n requirePrivateKey: true,\n })\n\n return {\n apiKey: connection.apiKey!,\n projectId: connection.projectId,\n baseUrl: connection.baseUrl,\n dev: connection.dev,\n privateKeyPath: connection.privateKeyPath!,\n trustStorePath: connection.trustStorePath,\n }\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 agent get <id>` shows one agent including budget and security groups. */\nexport function getCommand(): Command {\n return new Command('get')\n .description('Get agent details')\n .argument('<id>', 'Agent ID')\n .action(\n withErrorHandler(async (id: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching agent...').start()\n const agent = await client.getAgent(id)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(agent, null, 2))\n return\n }\n\n console.log()\n console.log(chalk.bold(` ${agent.name}`))\n console.log()\n\n printDetail(\n [\n ['ID', agent.id],\n ['Tenant', agent.tenantName],\n ['Domain', agent.domainName],\n ['Domain Tenant ID', agent.domainTenantId],\n ['Budget', agent.budgetId],\n ['Public Key Ready', agent.isPublicKeyRegistered ? 'Yes' : 'No'],\n ['Created At', agent.createdAt],\n ['Updated At', agent.updatedAt],\n ['Archived At', agent.archivedAt],\n ],\n false,\n )\n\n if (agent.securityGroups.length > 0) {\n console.log()\n console.log(chalk.bold(' Security Groups'))\n console.log()\n printTable(\n ['ID', 'Name'],\n agent.securityGroups.map((group) => [group.id, group.name]),\n false,\n )\n }\n\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 agent get-tenant-roles <id>` reads explicit and inherited tenant roles. */\nexport function getTenantRolesCommand(): Command {\n return new Command('get-tenant-roles')\n .description('Get the tenant roles assigned to an agent')\n .argument('<id>', 'Agent ID')\n .action(\n withErrorHandler(async (id: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching agent tenant roles...').start()\n const response = await client.getAgentTenantRoles(id)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n console.log()\n printDetail(\n [\n ['Agent ID', id],\n ['Explicit Roles', response.roles.join(', ') || '(none)'],\n ['Inherited Roles', response.inheritedRoles.join(', ') || '(none)'],\n ],\n false,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { printDoctorReport } from '../doctor.js'\nimport { CliClient } from '../../lib/client.js'\nimport {\n getProfileConfig,\n getSelectedProfileName,\n loadConfig,\n} from '../../lib/config.js'\nimport { parseCredentialsFile } from '../../lib/credentials-file.js'\nimport {\n buildApiKeyFromParts,\n loadProfileCredentials,\n} from '../../lib/credentials-store.js'\nimport { doctorHasFailures, runDoctorChecks } from '../../lib/doctor.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success, warn } from '../../lib/output.js'\nimport {\n cacheProfileIdentity,\n saveProfileApiKey,\n saveProfileState,\n} from '../../lib/profile-manager.js'\nimport { promptText } from '../../lib/prompt.js'\nimport {\n derivePublicKey,\n ensurePrivateKey,\n resolvePrivateKeyPath,\n} from '../../lib/private-key.js'\nimport {\n resolveConnection,\n} from '../../lib/resolve-auth.js'\nimport {\n applyGlobalRuntimeOptionsToProfile,\n resolveRuntimeModeFromCli,\n} from '../../lib/runtime-config.js'\nimport type {\n GlobalOptions,\n ParsedCredentialBundle,\n R4ProfileConfig,\n} from '../../types.js'\n\nfunction getAgentId(bundle: {\n transparency?: {\n entries: Array<{ agentId: string }>\n } | null\n}): string | undefined {\n const entryCount = bundle.transparency?.entries.length ?? 0\n if (!bundle.transparency || entryCount === 0) {\n return undefined\n }\n\n return bundle.transparency.entries[entryCount - 1]?.agentId\n}\n\nfunction applyCredentialBundleToProfile(\n profile: R4ProfileConfig,\n bundle: ParsedCredentialBundle,\n globalOpts: GlobalOptions,\n privateKeyPath: string,\n): R4ProfileConfig {\n let nextProfile: R4ProfileConfig = { ...profile }\n\n if (!globalOpts.baseUrl && globalOpts.dev !== true) {\n if (bundle.baseUrl) {\n nextProfile.baseUrl = bundle.baseUrl\n delete nextProfile.dev\n } else if (bundle.dev === true) {\n nextProfile.dev = true\n delete nextProfile.baseUrl\n } else if (bundle.dev === false) {\n delete nextProfile.dev\n }\n }\n\n if (!globalOpts.projectId && bundle.projectId) {\n nextProfile.projectId = bundle.projectId\n }\n\n if (bundle.agentId) {\n nextProfile.agentId = bundle.agentId\n }\n\n if (bundle.agentName) {\n nextProfile.agentName = bundle.agentName\n }\n\n nextProfile.privateKeyPath = privateKeyPath\n\n nextProfile = applyGlobalRuntimeOptionsToProfile(nextProfile, globalOpts)\n return nextProfile\n}\n\n/** `r4 agent init` — bootstrap the local runtime in one shot. */\nexport function initCommand(): Command {\n return new Command('init')\n .description('Bootstrap local agent auth, key generation, public-key registration, and health checks')\n .option(\n '--credentials-file <path>',\n 'Read credentials from a CSV, .env, JSON, or plain-text handoff file',\n )\n .action(\n withErrorHandler(\n async (\n opts: {\n credentialsFile?: string\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const profileName = getSelectedProfileName(\n config,\n globalOpts.profile,\n process.env.R4_PROFILE,\n )\n const existingProfile = getProfileConfig(config, profileName)\n const bundle = opts.credentialsFile\n ? parseCredentialsFile(opts.credentialsFile)\n : {}\n const storedCredentials = loadProfileCredentials(profileName)\n\n let apiKey =\n globalOpts.apiKey ||\n process.env.R4_API_KEY ||\n buildApiKeyFromParts(\n process.env.R4_ACCESS_KEY,\n process.env.R4_SECRET_KEY,\n ) ||\n bundle.apiKey ||\n buildApiKeyFromParts(\n storedCredentials?.accessKey,\n storedCredentials?.secretKey,\n )\n\n if (!apiKey) {\n apiKey = await promptText('Enter your R4 API key', {\n hidden: true,\n })\n }\n\n if (!apiKey) {\n throw new Error('No API key provided.')\n }\n\n if (!apiKey.includes('.')) {\n warn('API key format is usually {accessKey}.{secret}')\n }\n\n if (globalOpts.baseUrl && globalOpts.dev) {\n warn('--base-url takes precedence over --dev and will be saved as the active runtime URL.')\n }\n\n const privateKeyPath =\n resolvePrivateKeyPath({\n cliPath: globalOpts.privateKeyPath,\n envPath: process.env.R4_PRIVATE_KEY_PATH,\n profilePath: existingProfile.privateKeyPath,\n profileName,\n allowDefaultIfMissing: true,\n }).value\n\n if (!privateKeyPath) {\n throw new Error('Unable to resolve a local private-key path for agent bootstrap.')\n }\n\n const keySpinner = ora('Ensuring a local RSA private key exists...').start()\n const { privateKeyPem, created } = ensurePrivateKey(privateKeyPath)\n keySpinner.stop()\n\n const publicKeyPem = derivePublicKey(privateKeyPem)\n const nextProfile = applyCredentialBundleToProfile(\n existingProfile,\n bundle,\n globalOpts,\n privateKeyPath,\n )\n\n const runtimeMode = resolveRuntimeModeFromCli(globalOpts, nextProfile)\n const client = new CliClient(apiKey, runtimeMode.baseUrl)\n\n const registerSpinner = ora('Registering the local public key...').start()\n const registration = await client.registerAgentPublicKey({\n publicKey: publicKeyPem,\n })\n registerSpinner.stop()\n\n const savedProfile: R4ProfileConfig = {\n ...nextProfile,\n agentId: getAgentId(registration) ?? nextProfile.agentId,\n }\n\n saveProfileApiKey(profileName, apiKey)\n saveProfileState(profileName, savedProfile)\n\n success(\n created\n ? `Generated a private key at ${privateKeyPath}`\n : `Reused the existing private key at ${privateKeyPath}`,\n )\n success(`Saved profile \"${profileName}\" to the local CLI config`)\n\n const doctorConnection = resolveConnection(\n { ...globalOpts, profile: profileName },\n { requireApiKey: true, requirePrivateKey: true },\n )\n const doctorSpinner = ora('Running health checks...').start()\n const report = await runDoctorChecks(doctorConnection)\n doctorSpinner.stop()\n\n printDoctorReport(report)\n\n try {\n const identity = await client.getMachineIdentity()\n cacheProfileIdentity(profileName, identity)\n } catch {\n // The health check already prints the useful failure context.\n }\n\n if (doctorHasFailures(report)) {\n throw new Error(\n 'Agent init saved your local profile, but the health check still has failures.',\n )\n }\n\n success(\n `Agent profile \"${profileName}\" is ready for ${runtimeMode.devMode ? 'dev' : 'prod'} use.`,\n )\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport ora from 'ora'\nimport {\n doctorHasFailures,\n runDoctorChecks,\n type DoctorCheckStatus,\n type DoctorReport,\n} from '../lib/doctor.js'\nimport { withErrorHandler } from '../lib/errors.js'\nimport { printDetail, printTable } from '../lib/output.js'\nimport { resolveConnection } from '../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../types.js'\n\nfunction renderStatus(status: DoctorCheckStatus): string {\n switch (status) {\n case 'pass':\n return chalk.green('PASS')\n case 'warn':\n return chalk.yellow('WARN')\n case 'fail':\n return chalk.red('FAIL')\n default:\n return chalk.gray('SKIP')\n }\n}\n\nexport function printDoctorReport(report: DoctorReport): void {\n console.log()\n console.log(chalk.bold(' R4 Doctor'))\n console.log()\n\n printDetail(\n [\n ['Profile', report.profileName],\n ['Base URL', report.baseUrl],\n ['Mode', report.dev ? 'dev' : 'prod'],\n ['Project ID', report.projectId || chalk.dim('(not set)')],\n ['API Key Scope', report.apiKeyScope || chalk.dim('(unknown)')],\n ['Organization', report.orgName || report.orgId || chalk.dim('(unknown)')],\n ['Tenant', report.tenantName || report.tenantId || chalk.dim('(not bound)')],\n ['Private Key', report.privateKeyPath || chalk.dim('(not set)')],\n ['Trust Store', report.trustStorePath || chalk.dim('(not set)')],\n ['Agent ID', report.agentId || report.agentName || chalk.dim('(unknown)')],\n ],\n false,\n )\n\n console.log()\n printTable(\n ['Check', 'Status', 'Detail'],\n report.checks.map((check) => [\n check.label,\n renderStatus(check.status),\n check.detail,\n ]),\n false,\n )\n\n if (report.vaults.length > 0) {\n console.log()\n console.log(chalk.bold(' Vaults'))\n console.log()\n printTable(\n ['Vault', 'Items', 'Wrapped Key', 'Detail'],\n report.vaults.map((vault) => [\n vault.name,\n String(vault.itemCount),\n vault.wrappedKeyStatus,\n vault.detail ?? '-',\n ]),\n false,\n )\n }\n\n if (report.warnings && report.warnings.length > 0) {\n console.log(chalk.yellow(' Warnings'))\n for (const warning of report.warnings) {\n console.log(chalk.yellow(` - ${warning}`))\n }\n console.log()\n }\n\n console.log()\n}\n\n/**\n * Shared doctor command used by both `r4 doctor` and `r4 auth diagnose`.\n */\nexport function doctorCommand(\n commandName = 'doctor',\n description = 'Verify CLI auth, runtime key registration, vault access, and zero-trust health',\n): Command {\n return new Command(commandName)\n .description(description)\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts)\n\n const spinner = ora('Running CLI health checks...').start()\n const report = await runDoctorChecks(connection)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(report, null, 2))\n if (doctorHasFailures(report)) {\n process.exitCode = 1\n }\n return\n }\n\n printDoctorReport(report)\n\n if (doctorHasFailures(report)) {\n process.exitCode = 1\n }\n }),\n )\n}\n","// src/index.ts\nimport { randomUUID } from \"node:crypto\";\nimport path3 from \"node:path\";\n\n// src/client.ts\nvar R4Client = class {\n apiKey;\n baseUrl;\n constructor(apiKey, baseUrl) {\n this.apiKey = apiKey;\n this.baseUrl = baseUrl.replace(/\\/$/, \"\");\n }\n buildHeaders() {\n return {\n \"X-API-Key\": this.apiKey,\n \"Content-Type\": \"application/json\"\n };\n }\n normalizeMachinePath(path4) {\n if (!path4 || /^\\w+:\\/\\//.test(path4)) {\n throw new Error(\"Machine request path must be a relative machine API path.\");\n }\n const normalizedPath = path4.startsWith(\"/\") ? path4 : `/${path4}`;\n return normalizedPath.startsWith(\"/api/v1/machine\") ? normalizedPath : `/api/v1/machine${normalizedPath}`;\n }\n async request(path4, init) {\n const response = await fetch(`${this.baseUrl}${path4}`, {\n ...init,\n headers: {\n ...this.buildHeaders(),\n ...init.headers ?? {}\n }\n });\n if (!response.ok) {\n const errorBody = await response.json().catch(() => ({}));\n const errorMessage = typeof errorBody.error?.message === \"string\" ? errorBody.error.message : `HTTP ${response.status}: ${response.statusText}`;\n const errorCode = typeof errorBody.error?.code === \"string\" ? ` [${errorBody.error.code}]` : \"\";\n throw new Error(`R4 API Error${errorCode}: ${errorMessage}`);\n }\n if (response.status === 204) {\n return void 0;\n }\n const responseText = await response.text();\n if (!responseText) {\n return void 0;\n }\n try {\n return JSON.parse(responseText);\n } catch {\n return responseText;\n }\n }\n /**\n * Calls any existing machine API route through the authenticated client.\n * Accepts either `/api/v1/machine/...` or the shorter `/...` machine path.\n */\n async requestMachine(params) {\n return this.request(this.normalizeMachinePath(params.path), {\n method: params.method,\n body: params.body === void 0 ? void 0 : JSON.stringify(params.body)\n });\n }\n /**\n * Registers or re-confirms the agent runtime's local RSA public key.\n */\n async registerAgentPublicKey(body) {\n return this.request(\"/api/v1/machine/vault/public-key\", {\n method: \"POST\",\n body: JSON.stringify(body)\n });\n }\n /**\n * Returns the current machine principal, session context, and resolved policy.\n */\n async getMachineIdentity() {\n return this.request(\"/api/v1/machine/me\", {\n method: \"GET\"\n });\n }\n /**\n * Lists all accessible non-hidden vaults. When `projectId` is provided, the\n * backend additionally filters to vaults associated with that project.\n */\n async listVaults(projectId) {\n const search = projectId ? `?projectId=${encodeURIComponent(projectId)}` : \"\";\n return this.request(`/api/v1/machine/vault${search}`, {\n method: \"GET\"\n });\n }\n /**\n * Retrieves the active wrapped DEK for the authenticated agent on a vault.\n */\n async getAgentWrappedKey(vaultId) {\n return this.request(\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/wrapped-key`,\n { method: \"GET\" }\n );\n }\n /**\n * Retrieves the trusted user-key directory for a vault so the runtime can\n * verify wrapped-DEK signatures locally.\n */\n async getVaultUserKeyDirectory(vaultId, params) {\n const searchParams = new URLSearchParams();\n if (params?.knownTransparencyVersion !== void 0) {\n searchParams.set(\"knownTransparencyVersion\", String(params.knownTransparencyVersion));\n }\n if (params?.knownTransparencyHash) {\n searchParams.set(\"knownTransparencyHash\", params.knownTransparencyHash);\n }\n const search = searchParams.size > 0 ? `?${searchParams.toString()}` : \"\";\n return this.request(\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/public-keys${search}`,\n { method: \"GET\" }\n );\n }\n /**\n * Lists all items in a vault with lightweight metadata.\n */\n async listVaultItems(vaultId) {\n return this.request(\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/items`,\n { method: \"GET\" }\n );\n }\n /**\n * Retrieves the full field payloads for a vault item.\n */\n async getVaultItemDetail(vaultId, itemId) {\n return this.request(\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/items/${encodeURIComponent(itemId)}`,\n { method: \"GET\" }\n );\n }\n /**\n * Retrieves the provider-scoped runtime bundle needed for local decryption.\n */\n async getTokenProviderRuntime(tokenProviderId, params) {\n const searchParams = new URLSearchParams();\n if (params?.knownTransparencyVersion !== void 0) {\n searchParams.set(\"knownTransparencyVersion\", String(params.knownTransparencyVersion));\n }\n if (params?.knownTransparencyHash) {\n searchParams.set(\"knownTransparencyHash\", params.knownTransparencyHash);\n }\n const search = searchParams.size > 0 ? `?${searchParams.toString()}` : \"\";\n return this.request(\n `/api/v1/machine/intelligence-provider/${encodeURIComponent(tokenProviderId)}/runtime${search}`,\n { method: \"GET\" }\n );\n }\n /**\n * Runs the managed budget gate before a token-provider call is sent to the vendor.\n */\n async authorizeTokenProviderUsage(tokenProviderId, body) {\n return this.request(\n `/api/v1/machine/intelligence-provider/${encodeURIComponent(tokenProviderId)}/authorize-usage`,\n {\n method: \"POST\",\n body: JSON.stringify(body)\n }\n );\n }\n /**\n * Publishes finalized token usage for a completed managed provider call.\n */\n async reportTokenProviderUsage(tokenProviderId, body) {\n return this.request(\n `/api/v1/machine/intelligence-provider/${encodeURIComponent(tokenProviderId)}/report-usage`,\n {\n method: \"POST\",\n body: JSON.stringify(body)\n }\n );\n }\n};\n\n// src/crypto.ts\nimport crypto from \"node:crypto\";\nimport fs from \"node:fs\";\nimport path from \"node:path\";\n\n// src/transparency.ts\nvar TRANSPARENCY_WITNESS_PAYLOAD_PREFIX = \"r4-transparency-witness-v1\";\nvar DEFAULT_TRANSPARENCY_WITNESS_URL = \"https://transparency.r4.dev\";\nvar TRANSPARENCY_WITNESS_ROOT_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA18JhILFiS/BOWR9laubW\ng2vepQy26BXAlnrscZZVQUzBBaCM4hWobpt3Nh77vxP0gqVAJXP1hVhPPwxGQnOF\n4Qg/RK4iEETjMdmh3KMqFX9MeE9tP4cTOGtsgWsedNpu6TvMT+2vu+0ltmr7p4Xv\nH0ID48Q8JLeNksc/RekrsfzQ9DVtXFS7z1FF2VQgzamdJsW9hGMiM7Q+0iXei7PW\n3PsLd1aNtqJ3lIj3t12qFiJiYyKF0hEq0//Abgb9SgDv/WOlRG1Ianf1/fnP2jer\nZYiZSylXqQdun0Db2d0+FDm/znV2AGAmBEXm6qnCogEHu77LoLyCyJOlB9WNtRwh\nKnbzTmE2Mw/43jxvCcR7pE5kik/tdeMvqGFZfg3ozUG9eM0q0TURH6g9b9J4sBnR\ndxz2PbF4cl/AeL4ANPmLz3kUQaDA6wR0veVk5jV+Uqr55TYz/zEbY1rtJbmnc53Q\nihPS6xtSiexrqnOgqm/AVbiRhxjPqfg3/VJM3zR5Blnu02AqVR9kCT0WkyEWRz5X\n6HU8DEocJIPz8UwBMKQ7rnjMPv/Fjpuav/EIad5vOdfxCZkjyTYoQg8vLUyfXvgD\nmBWFgKIN8GTRyM+LjZIgznjN58dZ8ZvsGd14oKnH7WgAh9FVh8ri7gNmsdJeRTn/\n2zDkTlx+FQxAxqFaYV7qCvcCAwEAAQ==\n-----END PUBLIC KEY-----`;\nvar buildOrgUserKeyDirectoryWitnessPayload = (orgId, head) => [\n TRANSPARENCY_WITNESS_PAYLOAD_PREFIX,\n \"org-user-key-directory\",\n orgId,\n String(head.version),\n head.hash\n].join(\":\");\nvar buildAgentPublicKeyWitnessPayload = (agentId, head) => [\n TRANSPARENCY_WITNESS_PAYLOAD_PREFIX,\n \"agent-public-key\",\n agentId,\n String(head.version),\n head.hash\n].join(\":\");\nvar buildOrgUserKeyDirectoryWitnessPath = (orgId) => `v1/orgs/${orgId}/user-key-directory-head.json`;\nvar buildAgentPublicKeyWitnessPath = (agentId) => `v1/agents/${agentId}/public-key-head.json`;\nvar buildTransparencyWitnessUrl = (baseUrl, path4) => `${baseUrl.replace(/\\/+$/, \"\")}/${path4.replace(/^\\/+/, \"\")}`;\nfunction parseHostname(apiBaseUrl) {\n const trimmed = apiBaseUrl.trim();\n if (!trimmed) {\n return null;\n }\n try {\n const normalized = trimmed.includes(\"://\") ? trimmed : `https://${trimmed}`;\n return new URL(normalized).hostname.toLowerCase();\n } catch {\n return null;\n }\n}\nvar shouldUseDefaultTransparencyWitness = (apiBaseUrl) => {\n const hostname = parseHostname(apiBaseUrl);\n return hostname === \"r4.dev\" || hostname === \"api.r4.dev\";\n};\nvar resolveTransparencyWitnessBaseUrl = (params) => {\n const configuredBaseUrl = params.configuredBaseUrl?.trim();\n if (configuredBaseUrl) {\n return configuredBaseUrl;\n }\n return shouldUseDefaultTransparencyWitness(params.apiBaseUrl) ? DEFAULT_TRANSPARENCY_WITNESS_URL : null;\n};\n\n// src/crypto.ts\nvar RSA_OAEP_CONFIG = {\n padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,\n oaepHash: \"sha256\"\n};\nvar RSA_PSS_SIGN_CONFIG = {\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 32\n};\nvar USER_KEY_ROTATION_PREFIX = \"r4-user-key-rotation-v1\";\nvar USER_KEY_DIRECTORY_CHECKPOINT_PREFIX = \"r4-user-key-directory-checkpoint-v1\";\nvar USER_KEY_DIRECTORY_TRANSPARENCY_ENTRY_PREFIX = \"r4-user-key-directory-transparency-entry-v1\";\nvar AGENT_PUBLIC_KEY_TRANSPARENCY_ENTRY_PREFIX = \"r4-agent-public-key-transparency-entry-v1\";\nvar WRAPPED_DEK_SIGNATURE_PREFIX = \"r4-wrapped-dek-signature-v1\";\nvar VAULT_SUMMARY_CHECKPOINT_PREFIX = \"r4-vault-summary-checkpoint-v1\";\nvar VAULT_ITEM_DETAIL_CHECKPOINT_PREFIX = \"r4-vault-item-detail-checkpoint-v1\";\nfunction pemToDer(pem, beginLabel, endLabel) {\n const derBase64 = pem.replace(beginLabel, \"\").replace(endLabel, \"\").replace(/\\s/g, \"\");\n return Buffer.from(derBase64, \"base64\");\n}\nfunction getWrappedDekFingerprint(wrappedDek) {\n return crypto.createHash(\"sha256\").update(Buffer.from(wrappedDek, \"base64\")).digest(\"hex\");\n}\nfunction getCheckpointFingerprint(prefix, canonicalJson) {\n return `${prefix}:${crypto.createHash(\"sha256\").update(canonicalJson, \"utf8\").digest(\"hex\")}`;\n}\nfunction loadPrivateKey(privateKeyPath) {\n return fs.readFileSync(path.resolve(privateKeyPath), \"utf8\").trim();\n}\nfunction derivePublicKey(privateKeyPem) {\n return crypto.createPublicKey(privateKeyPem).export({\n type: \"spki\",\n format: \"pem\"\n }).toString();\n}\nfunction getPublicKeyFingerprint(publicKeyPem) {\n const derBytes = pemToDer(publicKeyPem, \"-----BEGIN PUBLIC KEY-----\", \"-----END PUBLIC KEY-----\");\n return crypto.createHash(\"sha256\").update(derBytes).digest(\"hex\");\n}\nfunction buildUserKeyRotationPayload(previousUserKeyPairId, newPublicKeyFingerprint) {\n return `${USER_KEY_ROTATION_PREFIX}:${previousUserKeyPairId}:${newPublicKeyFingerprint}`;\n}\nfunction verifyUserKeyRotation(previousUserKeyPairId, newPublicKeyPem, rotationSignature, previousPublicKeyPem) {\n const payload = buildUserKeyRotationPayload(\n previousUserKeyPairId,\n getPublicKeyFingerprint(newPublicKeyPem)\n );\n try {\n return crypto.verify(\n \"sha256\",\n Buffer.from(payload, \"utf8\"),\n {\n key: previousPublicKeyPem,\n ...RSA_PSS_SIGN_CONFIG\n },\n Buffer.from(rotationSignature, \"base64\")\n );\n } catch {\n return false;\n }\n}\nfunction verifyTransparencyWitnessPayload(payload, signature, publicKeyPem) {\n try {\n return crypto.verify(\n \"sha256\",\n Buffer.from(payload, \"utf8\"),\n {\n key: publicKeyPem,\n ...RSA_PSS_SIGN_CONFIG\n },\n Buffer.from(signature, \"base64\")\n );\n } catch {\n return false;\n }\n}\nfunction verifyOrgUserKeyDirectoryWitnessArtifact(artifact, publicKeyPem) {\n return verifyTransparencyWitnessPayload(\n buildOrgUserKeyDirectoryWitnessPayload(artifact.orgId, artifact.head),\n artifact.signature,\n publicKeyPem\n );\n}\nfunction verifyAgentPublicKeyWitnessArtifact(artifact, publicKeyPem) {\n return verifyTransparencyWitnessPayload(\n buildAgentPublicKeyWitnessPayload(artifact.agentId, artifact.head),\n artifact.signature,\n publicKeyPem\n );\n}\nfunction buildAgentPublicKeyTransparencyEntryHash(entry) {\n return getCheckpointFingerprint(\n AGENT_PUBLIC_KEY_TRANSPARENCY_ENTRY_PREFIX,\n JSON.stringify({\n agentId: entry.agentId,\n version: entry.version,\n encryptionKeyId: entry.encryptionKeyId,\n publicKey: entry.publicKey,\n fingerprint: entry.fingerprint,\n previousEncryptionKeyId: entry.previousEncryptionKeyId ?? null,\n rotationSignature: entry.rotationSignature ?? null,\n previousEntryHash: entry.previousEntryHash ?? null\n })\n );\n}\nfunction buildAgentPublicKeyTransparencyEntry(params) {\n const normalized = {\n agentId: params.agentId,\n version: params.version,\n encryptionKeyId: params.encryptionKeyId,\n publicKey: params.publicKey,\n fingerprint: params.fingerprint ?? getPublicKeyFingerprint(params.publicKey),\n previousEncryptionKeyId: params.previousEncryptionKeyId ?? null,\n rotationSignature: params.rotationSignature ?? null,\n previousEntryHash: params.previousEntryHash ?? null\n };\n return {\n ...normalized,\n entryHash: buildAgentPublicKeyTransparencyEntryHash(normalized)\n };\n}\nfunction verifyAgentPublicKeyTransparencyChain(entries) {\n let previousVersion = null;\n let previousHash = null;\n for (const entry of entries) {\n if (buildAgentPublicKeyTransparencyEntryHash(entry) !== entry.entryHash) {\n return false;\n }\n if (entry.previousEntryHash !== previousHash) {\n return false;\n }\n if (previousVersion !== null && entry.version !== previousVersion + 1) {\n return false;\n }\n previousVersion = entry.version;\n previousHash = entry.entryHash;\n }\n return true;\n}\nfunction buildAgentPublicKeyTransparencyHead(entries) {\n const lastEntry = entries[entries.length - 1];\n if (!lastEntry) {\n return null;\n }\n return {\n version: lastEntry.version,\n hash: lastEntry.entryHash\n };\n}\nfunction verifyAgentPublicKeyTransparencyProof(params) {\n const currentEntryHead = {\n version: params.currentEntry.version,\n hash: params.currentEntry.entryHash\n };\n if (params.proof.head.version !== currentEntryHead.version || params.proof.head.hash !== currentEntryHead.hash) {\n return false;\n }\n if (!verifyAgentPublicKeyTransparencyChain(params.proof.entries)) {\n return false;\n }\n const proofHead = buildAgentPublicKeyTransparencyHead(params.proof.entries);\n if (!proofHead || proofHead.version !== currentEntryHead.version || proofHead.hash !== currentEntryHead.hash) {\n return false;\n }\n if (!params.previousHead) {\n return params.proof.entries.length > 0;\n }\n if (params.currentEntry.version < params.previousHead.version) {\n return false;\n }\n const previousEntry = params.proof.entries.find((entry) => entry.version === params.previousHead.version);\n if (params.currentEntry.version === params.previousHead.version) {\n return previousEntry?.entryHash === params.previousHead.hash;\n }\n return previousEntry?.entryHash === params.previousHead.hash;\n}\nfunction normalizeUserKeyDirectoryCheckpoint(checkpoint) {\n return {\n orgId: checkpoint.orgId,\n version: checkpoint.version,\n entries: [...checkpoint.entries].map((entry) => ({\n userKeyPairId: entry.userKeyPairId,\n orgUserId: entry.orgUserId,\n fingerprint: entry.fingerprint,\n previousUserKeyPairId: entry.previousUserKeyPairId ?? null,\n rotationSignature: entry.rotationSignature ?? null\n })).sort((left, right) => left.userKeyPairId.localeCompare(right.userKeyPairId))\n };\n}\nfunction canonicalizeUserKeyDirectoryCheckpoint(checkpoint) {\n return JSON.stringify(normalizeUserKeyDirectoryCheckpoint(checkpoint));\n}\nfunction buildUserKeyDirectoryCheckpointPayload(checkpoint) {\n return getCheckpointFingerprint(\n USER_KEY_DIRECTORY_CHECKPOINT_PREFIX,\n canonicalizeUserKeyDirectoryCheckpoint(checkpoint)\n );\n}\nfunction verifyUserKeyDirectoryCheckpoint(checkpoint, signature, publicKeyPem) {\n try {\n return crypto.verify(\n \"sha256\",\n Buffer.from(buildUserKeyDirectoryCheckpointPayload(checkpoint), \"utf8\"),\n {\n key: publicKeyPem,\n ...RSA_PSS_SIGN_CONFIG\n },\n Buffer.from(signature, \"base64\")\n );\n } catch {\n return false;\n }\n}\nfunction buildUserKeyDirectoryTransparencyEntryHash(entry) {\n return getCheckpointFingerprint(\n USER_KEY_DIRECTORY_TRANSPARENCY_ENTRY_PREFIX,\n JSON.stringify({\n orgId: entry.orgId,\n version: entry.version,\n directoryCheckpointPayload: entry.directoryCheckpointPayload,\n signerUserKeyPairId: entry.signerUserKeyPairId,\n signerOrgUserId: entry.signerOrgUserId,\n signerFingerprint: entry.signerFingerprint,\n signature: entry.signature,\n previousEntryHash: entry.previousEntryHash ?? null\n })\n );\n}\nfunction buildUserKeyDirectoryTransparencyEntry(params) {\n const entryWithoutHash = {\n orgId: params.checkpoint.orgId,\n version: params.checkpoint.version,\n directoryCheckpointPayload: buildUserKeyDirectoryCheckpointPayload(params.checkpoint),\n signerUserKeyPairId: params.signerUserKeyPairId,\n signerOrgUserId: params.signerOrgUserId,\n signerFingerprint: getPublicKeyFingerprint(params.signerPublicKey),\n signature: params.signature,\n previousEntryHash: params.previousEntryHash ?? null\n };\n return {\n ...entryWithoutHash,\n entryHash: buildUserKeyDirectoryTransparencyEntryHash(entryWithoutHash)\n };\n}\nfunction verifyUserKeyDirectoryTransparencyProof(params) {\n if (params.proof.head.version !== params.currentEntry.version || params.proof.head.hash !== params.currentEntry.entryHash) {\n return false;\n }\n if (!params.previousHead) {\n if (params.proof.entries.length === 0) {\n return false;\n }\n for (let index = 0; index < params.proof.entries.length; index++) {\n const entry = params.proof.entries[index];\n if (!entry) {\n return false;\n }\n const expectedHash = buildUserKeyDirectoryTransparencyEntryHash({\n orgId: entry.orgId,\n version: entry.version,\n directoryCheckpointPayload: entry.directoryCheckpointPayload,\n signerUserKeyPairId: entry.signerUserKeyPairId,\n signerOrgUserId: entry.signerOrgUserId,\n signerFingerprint: entry.signerFingerprint,\n signature: entry.signature,\n previousEntryHash: entry.previousEntryHash\n });\n if (expectedHash !== entry.entryHash) {\n return false;\n }\n if (index === 0) {\n continue;\n }\n const previousEntry = params.proof.entries[index - 1];\n if (!previousEntry) {\n return false;\n }\n if (entry.previousEntryHash !== previousEntry.entryHash || entry.version !== previousEntry.version + 1) {\n return false;\n }\n }\n const lastEntry = params.proof.entries[params.proof.entries.length - 1];\n return lastEntry?.entryHash === params.currentEntry.entryHash && lastEntry.version === params.currentEntry.version;\n }\n if (params.currentEntry.version < params.previousHead.version) {\n return false;\n }\n if (params.currentEntry.version === params.previousHead.version) {\n return params.currentEntry.entryHash === params.previousHead.hash && params.proof.entries.length === 0;\n }\n if (params.proof.entries.length === 0) {\n return false;\n }\n let previousVersion = params.previousHead.version;\n let previousHash = params.previousHead.hash;\n for (const entry of params.proof.entries) {\n const expectedHash = buildUserKeyDirectoryTransparencyEntryHash({\n orgId: entry.orgId,\n version: entry.version,\n directoryCheckpointPayload: entry.directoryCheckpointPayload,\n signerUserKeyPairId: entry.signerUserKeyPairId,\n signerOrgUserId: entry.signerOrgUserId,\n signerFingerprint: entry.signerFingerprint,\n signature: entry.signature,\n previousEntryHash: entry.previousEntryHash\n });\n if (expectedHash !== entry.entryHash || entry.previousEntryHash !== previousHash || entry.version !== previousVersion + 1) {\n return false;\n }\n previousVersion = entry.version;\n previousHash = entry.entryHash;\n }\n return previousHash === params.currentEntry.entryHash && previousVersion === params.currentEntry.version;\n}\nfunction buildWrappedDekSignaturePayload(vaultId, recipientKeyId, signerUserKeyPairId, dekVersion, wrappedDek) {\n return [\n WRAPPED_DEK_SIGNATURE_PREFIX,\n vaultId,\n recipientKeyId,\n signerUserKeyPairId,\n String(dekVersion),\n getWrappedDekFingerprint(wrappedDek)\n ].join(\":\");\n}\nfunction verifyWrappedDekSignature(vaultId, recipientKeyId, signerUserKeyPairId, dekVersion, wrappedDek, wrappedDekSignature, signerPublicKeyPem) {\n const payload = buildWrappedDekSignaturePayload(\n vaultId,\n recipientKeyId,\n signerUserKeyPairId,\n dekVersion,\n wrappedDek\n );\n try {\n return crypto.verify(\n \"sha256\",\n Buffer.from(payload, \"utf8\"),\n {\n key: signerPublicKeyPem,\n ...RSA_PSS_SIGN_CONFIG\n },\n Buffer.from(wrappedDekSignature, \"base64\")\n );\n } catch {\n return false;\n }\n}\nfunction normalizeVaultSummaryCheckpoint(checkpoint) {\n return {\n vaultId: checkpoint.vaultId,\n version: checkpoint.version,\n name: checkpoint.name,\n dataClassification: checkpoint.dataClassification ?? null,\n currentDekVersion: checkpoint.currentDekVersion ?? null,\n items: [...checkpoint.items].map((item) => ({\n id: item.id,\n name: item.name,\n type: item.type ?? null,\n websites: [...item.websites],\n groupId: item.groupId ?? null\n })).sort((left, right) => left.id.localeCompare(right.id)),\n groups: [...checkpoint.groups].map((group) => ({\n id: group.id,\n name: group.name,\n parentId: group.parentId ?? null\n })).sort((left, right) => left.id.localeCompare(right.id))\n };\n}\nfunction canonicalizeVaultSummaryCheckpoint(checkpoint) {\n return JSON.stringify(normalizeVaultSummaryCheckpoint(checkpoint));\n}\nfunction buildVaultSummaryCheckpointPayload(checkpoint) {\n return getCheckpointFingerprint(\n VAULT_SUMMARY_CHECKPOINT_PREFIX,\n canonicalizeVaultSummaryCheckpoint(checkpoint)\n );\n}\nfunction verifyVaultSummaryCheckpoint(checkpoint, signature, publicKeyPem) {\n try {\n return crypto.verify(\n \"sha256\",\n Buffer.from(buildVaultSummaryCheckpointPayload(checkpoint), \"utf8\"),\n {\n key: publicKeyPem,\n ...RSA_PSS_SIGN_CONFIG\n },\n Buffer.from(signature, \"base64\")\n );\n } catch {\n return false;\n }\n}\nfunction normalizeVaultItemDetailCheckpoint(checkpoint) {\n return {\n vaultItemId: checkpoint.vaultItemId,\n vaultId: checkpoint.vaultId,\n version: checkpoint.version,\n name: checkpoint.name,\n type: checkpoint.type ?? null,\n websites: [...checkpoint.websites],\n groupId: checkpoint.groupId ?? null,\n fields: [...checkpoint.fields].map((field) => ({\n id: field.id,\n name: field.name,\n type: field.type,\n order: field.order,\n fieldInstanceIds: [...field.fieldInstanceIds].sort(),\n assetIds: [...field.assetIds].sort()\n })).sort((left, right) => left.order - right.order || left.id.localeCompare(right.id))\n };\n}\nfunction canonicalizeVaultItemDetailCheckpoint(checkpoint) {\n return JSON.stringify(normalizeVaultItemDetailCheckpoint(checkpoint));\n}\nfunction buildVaultItemDetailCheckpointPayload(checkpoint) {\n return getCheckpointFingerprint(\n VAULT_ITEM_DETAIL_CHECKPOINT_PREFIX,\n canonicalizeVaultItemDetailCheckpoint(checkpoint)\n );\n}\nfunction verifyVaultItemDetailCheckpoint(checkpoint, signature, publicKeyPem) {\n try {\n return crypto.verify(\n \"sha256\",\n Buffer.from(buildVaultItemDetailCheckpointPayload(checkpoint), \"utf8\"),\n {\n key: publicKeyPem,\n ...RSA_PSS_SIGN_CONFIG\n },\n Buffer.from(signature, \"base64\")\n );\n } catch {\n return false;\n }\n}\nfunction isVaultEnvelope(value) {\n if (!value.startsWith(\"{\")) {\n return false;\n }\n try {\n const parsed = JSON.parse(value);\n return parsed.v === 3;\n } catch {\n return false;\n }\n}\nfunction decryptWithVaultDEK(encryptedValue, dek) {\n if (!isVaultEnvelope(encryptedValue)) {\n throw new Error(\"Invalid encrypted value: expected v3 vault envelope format\");\n }\n const envelope = JSON.parse(encryptedValue);\n const decipher = crypto.createDecipheriv(\"aes-256-gcm\", dek, Buffer.from(envelope.iv, \"base64\"));\n decipher.setAuthTag(Buffer.from(envelope.t, \"base64\"));\n const decrypted = Buffer.concat([\n decipher.update(Buffer.from(envelope.d, \"base64\")),\n decipher.final()\n ]);\n return decrypted.toString(\"utf8\");\n}\nfunction decryptStoredFieldValue(value, dek) {\n return isVaultEnvelope(value) ? decryptWithVaultDEK(value, dek) : value;\n}\nfunction unwrapDEKWithPrivateKey(wrappedDek, privateKeyPem) {\n return crypto.privateDecrypt(\n { key: privateKeyPem, ...RSA_OAEP_CONFIG },\n Buffer.from(wrappedDek, \"base64\")\n );\n}\n\n// src/trust-store.ts\nimport fs2 from \"node:fs\";\nimport path2 from \"node:path\";\nfunction loadTrustStore(trustStorePath) {\n try {\n const raw = fs2.readFileSync(trustStorePath, \"utf8\");\n const parsed = JSON.parse(raw);\n return {\n version: 1,\n userKeyPins: parsed.userKeyPins ?? {},\n checkpointVersionPins: parsed.checkpointVersionPins ?? {},\n transparencyHeadPins: parsed.transparencyHeadPins ?? {}\n };\n } catch {\n return {\n version: 1,\n userKeyPins: {},\n checkpointVersionPins: {},\n transparencyHeadPins: {}\n };\n }\n}\nfunction saveTrustStore(trustStorePath, store) {\n fs2.mkdirSync(path2.dirname(trustStorePath), { recursive: true });\n fs2.writeFileSync(trustStorePath, JSON.stringify(store, null, 2) + \"\\n\", \"utf8\");\n}\nfunction getPinStorageKey(orgId, orgUserId) {\n return `${orgId}:${orgUserId}`;\n}\nfunction getAgentPinStorageKey(orgId, agentId) {\n return `agent:${agentId}`;\n}\nfunction getDirectoryPinStorageKey(orgId) {\n return `org:${orgId}`;\n}\nfunction getAgentTransparencyPinStorageKey(orgId, agentId) {\n return `agent-head:${agentId}`;\n}\nasync function fetchWitnessArtifact(witnessBaseUrl, pathName) {\n const response = await fetch(\n buildTransparencyWitnessUrl(witnessBaseUrl, pathName),\n {\n cache: \"no-store\"\n }\n );\n if (!response.ok) {\n throw new Error(\n `Failed to fetch public transparency witness artifact (${response.status}). Production first-trust bootstrapping needs access to https://transparency.r4.dev. If this is a dev environment, re-run with --dev or set R4_DEV=1. If this is production, verify outbound access to transparency.r4.dev and retry.`\n );\n }\n return response.json();\n}\nfunction getSinglePinnedTransparencyHead(trustStorePath) {\n const store = loadTrustStore(trustStorePath);\n const heads = Object.values(store.transparencyHeadPins);\n return heads.length === 1 ? heads[0] : null;\n}\nasync function getPublicOrgWitnessHead(apiBaseUrl, orgId, configuredWitnessBaseUrl) {\n const witnessBaseUrl = resolveTransparencyWitnessBaseUrl({\n apiBaseUrl,\n configuredBaseUrl: configuredWitnessBaseUrl\n });\n if (!witnessBaseUrl) {\n return null;\n }\n const artifact = await fetchWitnessArtifact(\n witnessBaseUrl,\n buildOrgUserKeyDirectoryWitnessPath(orgId)\n );\n if (artifact.kind !== \"org-user-key-directory\" || artifact.orgId !== orgId || !verifyOrgUserKeyDirectoryWitnessArtifact(\n artifact,\n TRANSPARENCY_WITNESS_ROOT_PUBLIC_KEY_PEM\n )) {\n throw new Error(`Public transparency witness verification failed for org ${orgId}.`);\n }\n return artifact.head;\n}\nasync function getPublicAgentWitnessHead(apiBaseUrl, agentId, configuredWitnessBaseUrl) {\n const witnessBaseUrl = resolveTransparencyWitnessBaseUrl({\n apiBaseUrl,\n configuredBaseUrl: configuredWitnessBaseUrl\n });\n if (!witnessBaseUrl) {\n return null;\n }\n const artifact = await fetchWitnessArtifact(\n witnessBaseUrl,\n buildAgentPublicKeyWitnessPath(agentId)\n );\n if (artifact.kind !== \"agent-public-key\" || artifact.agentId !== agentId || !verifyAgentPublicKeyWitnessArtifact(\n artifact,\n TRANSPARENCY_WITNESS_ROOT_PUBLIC_KEY_PEM\n )) {\n throw new Error(`Public transparency witness verification failed for agent ${agentId}.`);\n }\n return artifact.head;\n}\nasync function pinVaultUserPublicKeys(trustStorePath, orgId, publicKeys) {\n const store = loadTrustStore(trustStorePath);\n let changed = false;\n for (const key of publicKeys) {\n const storageKey = getPinStorageKey(orgId, key.orgUserId);\n const computedFingerprint = getPublicKeyFingerprint(key.publicKey);\n if (computedFingerprint !== key.fingerprint) {\n throw new Error(`Server returned a mismatched fingerprint for user ${key.orgUserId}.`);\n }\n const existing = store.userKeyPins[storageKey];\n const verifiedAt = (/* @__PURE__ */ new Date()).toISOString();\n if (!existing) {\n store.userKeyPins[storageKey] = {\n keyPairId: key.userKeyPairId,\n fingerprint: key.fingerprint,\n publicKey: key.publicKey,\n pinnedAt: verifiedAt,\n verifiedAt\n };\n changed = true;\n continue;\n }\n if (existing.keyPairId === key.userKeyPairId) {\n if (existing.fingerprint !== key.fingerprint || existing.publicKey !== key.publicKey) {\n throw new Error(\n `Pinned public key ${key.userKeyPairId} changed unexpectedly for user ${key.orgUserId}.`\n );\n }\n if (existing.verifiedAt !== verifiedAt) {\n store.userKeyPins[storageKey] = {\n ...existing,\n verifiedAt\n };\n changed = true;\n }\n continue;\n }\n if (!key.previousUserKeyPairId || key.previousUserKeyPairId !== existing.keyPairId || !key.rotationSignature) {\n throw new Error(`Public key rotation for user ${key.orgUserId} is missing a trusted continuity proof.`);\n }\n const rotationVerified = verifyUserKeyRotation(\n existing.keyPairId,\n key.publicKey,\n key.rotationSignature,\n existing.publicKey\n );\n if (!rotationVerified) {\n throw new Error(`Public key rotation for user ${key.orgUserId} failed signature verification.`);\n }\n store.userKeyPins[storageKey] = {\n keyPairId: key.userKeyPairId,\n fingerprint: key.fingerprint,\n publicKey: key.publicKey,\n pinnedAt: existing.pinnedAt,\n verifiedAt\n };\n changed = true;\n }\n if (changed) {\n saveTrustStore(trustStorePath, store);\n }\n return publicKeys;\n}\nasync function pinVaultAgentPublicKeys(trustStorePath, orgId, publicKeys, apiBaseUrl, configuredWitnessBaseUrl) {\n const store = loadTrustStore(trustStorePath);\n let changed = false;\n for (const key of publicKeys) {\n const storageKey = getAgentPinStorageKey(orgId, key.agentId);\n const computedFingerprint = getPublicKeyFingerprint(key.publicKey);\n if (computedFingerprint !== key.fingerprint) {\n throw new Error(`Server returned a mismatched fingerprint for agent ${key.agentId}.`);\n }\n if (!key.transparency) {\n throw new Error(`Server omitted the agent public-key transparency proof for agent ${key.agentId}.`);\n }\n const currentProofEntry = key.transparency.entries[key.transparency.entries.length - 1];\n if (!currentProofEntry) {\n throw new Error(`Server returned an empty agent public-key transparency proof for agent ${key.agentId}.`);\n }\n const expectedCurrentEntry = buildAgentPublicKeyTransparencyEntry({\n agentId: key.agentId,\n version: currentProofEntry.version,\n encryptionKeyId: key.encryptionKeyId,\n publicKey: key.publicKey,\n fingerprint: key.fingerprint,\n previousEncryptionKeyId: key.previousEncryptionKeyId ?? null,\n rotationSignature: key.rotationSignature ?? null,\n previousEntryHash: currentProofEntry.previousEntryHash ?? null\n });\n if (expectedCurrentEntry.entryHash !== currentProofEntry.entryHash) {\n throw new Error(`Agent public-key transparency entry does not match the current key for agent ${key.agentId}.`);\n }\n const pinnedTransparencyHead = store.transparencyHeadPins[getAgentTransparencyPinStorageKey(orgId, key.agentId)] ?? null;\n const witnessHead = !pinnedTransparencyHead ? await getPublicAgentWitnessHead(apiBaseUrl, key.agentId, configuredWitnessBaseUrl) : null;\n const trustedPreviousHead = witnessHead ?? pinnedTransparencyHead;\n if (witnessHead && key.transparency.head.version < witnessHead.version) {\n throw new Error(`Public transparency witness head is ahead of the server response for agent ${key.agentId}.`);\n }\n if (witnessHead && key.transparency.head.version === witnessHead.version) {\n if (key.transparency.head.hash !== witnessHead.hash) {\n throw new Error(`Public transparency witness head fork detected for agent ${key.agentId}.`);\n }\n if (currentProofEntry.entryHash !== witnessHead.hash || expectedCurrentEntry.entryHash !== witnessHead.hash) {\n throw new Error(`Agent public-key transparency witness anchor mismatch for agent ${key.agentId}.`);\n }\n } else if (!verifyAgentPublicKeyTransparencyProof({\n currentEntry: expectedCurrentEntry,\n proof: key.transparency,\n previousHead: trustedPreviousHead\n })) {\n throw new Error(`Agent public-key transparency proof verification failed for agent ${key.agentId}.`);\n }\n const existing = store.userKeyPins[storageKey];\n const verifiedAt = (/* @__PURE__ */ new Date()).toISOString();\n if (!existing) {\n store.userKeyPins[storageKey] = {\n keyPairId: key.encryptionKeyId,\n fingerprint: key.fingerprint,\n publicKey: key.publicKey,\n pinnedAt: verifiedAt,\n verifiedAt\n };\n store.transparencyHeadPins[getAgentTransparencyPinStorageKey(orgId, key.agentId)] = key.transparency.head;\n changed = true;\n continue;\n }\n if (existing.keyPairId === key.encryptionKeyId) {\n if (existing.fingerprint !== key.fingerprint || existing.publicKey !== key.publicKey) {\n throw new Error(\n `Pinned public key ${key.encryptionKeyId} changed unexpectedly for agent ${key.agentId}.`\n );\n }\n if (existing.verifiedAt !== verifiedAt || store.transparencyHeadPins[getAgentTransparencyPinStorageKey(orgId, key.agentId)]?.version !== key.transparency.head.version || store.transparencyHeadPins[getAgentTransparencyPinStorageKey(orgId, key.agentId)]?.hash !== key.transparency.head.hash) {\n store.userKeyPins[storageKey] = {\n ...existing,\n verifiedAt\n };\n store.transparencyHeadPins[getAgentTransparencyPinStorageKey(orgId, key.agentId)] = key.transparency.head;\n changed = true;\n }\n continue;\n }\n if (!key.previousEncryptionKeyId || key.previousEncryptionKeyId !== existing.keyPairId || !key.rotationSignature) {\n throw new Error(`Public key rotation for agent ${key.agentId} is missing a trusted continuity proof.`);\n }\n const rotationVerified = verifyUserKeyRotation(\n existing.keyPairId,\n key.publicKey,\n key.rotationSignature,\n existing.publicKey\n );\n if (!rotationVerified) {\n throw new Error(`Public key rotation for agent ${key.agentId} failed signature verification.`);\n }\n store.userKeyPins[storageKey] = {\n keyPairId: key.encryptionKeyId,\n fingerprint: key.fingerprint,\n publicKey: key.publicKey,\n pinnedAt: existing.pinnedAt,\n verifiedAt\n };\n store.transparencyHeadPins[getAgentTransparencyPinStorageKey(orgId, key.agentId)] = key.transparency.head;\n changed = true;\n }\n if (changed) {\n saveTrustStore(trustStorePath, store);\n }\n return publicKeys;\n}\nasync function verifySignedUserKeyDirectory(trustStorePath, directory, anchorHead) {\n if (!directory.directoryCheckpoint) {\n if (directory.publicKeys.length > 0) {\n throw new Error(\"Server omitted the user-key directory checkpoint for a non-empty vault signer directory.\");\n }\n return null;\n }\n const { directoryCheckpoint } = directory;\n const orgId = directoryCheckpoint.checkpoint.orgId;\n if (!directoryCheckpoint.signerOrgUserId || !directoryCheckpoint.signerPublicKey) {\n throw new Error(\"Server returned an incomplete user-key directory signer payload.\");\n }\n const signerFingerprint = getPublicKeyFingerprint(directoryCheckpoint.signerPublicKey);\n const signerEntry = directoryCheckpoint.checkpoint.entries.find(\n (entry) => entry.userKeyPairId === directoryCheckpoint.signerUserKeyPairId && entry.orgUserId === directoryCheckpoint.signerOrgUserId\n );\n const signerKey = {\n userKeyPairId: directoryCheckpoint.signerUserKeyPairId,\n orgUserId: directoryCheckpoint.signerOrgUserId,\n publicKey: directoryCheckpoint.signerPublicKey,\n fingerprint: signerFingerprint,\n previousUserKeyPairId: signerEntry?.previousUserKeyPairId ?? null,\n rotationSignature: signerEntry?.rotationSignature ?? null\n };\n const storeBeforeVerification = loadTrustStore(trustStorePath);\n try {\n await pinVaultUserPublicKeys(trustStorePath, orgId, [signerKey]);\n const verified = verifyUserKeyDirectoryCheckpoint(\n directoryCheckpoint.checkpoint,\n directoryCheckpoint.signature,\n directoryCheckpoint.signerPublicKey\n );\n if (!verified) {\n throw new Error(`User-key directory signature verification failed for org ${orgId}.`);\n }\n if (!directory.transparency) {\n throw new Error(`Server omitted the user-key directory transparency proof for org ${orgId}.`);\n }\n const store = loadTrustStore(trustStorePath);\n const pinnedTransparencyHead = store.transparencyHeadPins[getDirectoryPinStorageKey(orgId)] ?? null;\n const trustedPreviousHead = anchorHead ?? pinnedTransparencyHead;\n const legacyPinnedVersion = store.checkpointVersionPins[getDirectoryPinStorageKey(orgId)] ?? null;\n if (!trustedPreviousHead && legacyPinnedVersion !== null && directory.transparency.head.version < legacyPinnedVersion) {\n throw new Error(`User-key transparency head rolled back unexpectedly for org ${orgId}.`);\n }\n if (!trustedPreviousHead && directory.transparency.entries.length === 0) {\n throw new Error(`Server omitted the current transparency entry for org ${orgId}.`);\n }\n if (directory.transparency.entries.length > 0) {\n const currentProofEntry = directory.transparency.entries[directory.transparency.entries.length - 1];\n if (!currentProofEntry) {\n throw new Error(`Server returned an empty transparency proof for org ${orgId}.`);\n }\n const expectedCurrentEntry = buildUserKeyDirectoryTransparencyEntry({\n checkpoint: directoryCheckpoint.checkpoint,\n signerUserKeyPairId: directoryCheckpoint.signerUserKeyPairId,\n signerOrgUserId: directoryCheckpoint.signerOrgUserId,\n signerPublicKey: directoryCheckpoint.signerPublicKey,\n signature: directoryCheckpoint.signature,\n previousEntryHash: currentProofEntry.previousEntryHash ?? null\n });\n if (expectedCurrentEntry.entryHash !== currentProofEntry.entryHash) {\n throw new Error(`User-key transparency entry does not match the signed directory for org ${orgId}.`);\n }\n if (anchorHead && directory.transparency.head.version === anchorHead.version) {\n if (directory.transparency.head.hash !== anchorHead.hash) {\n throw new Error(`Public transparency witness head fork detected for org ${orgId}.`);\n }\n if (currentProofEntry.entryHash !== anchorHead.hash || expectedCurrentEntry.entryHash !== anchorHead.hash) {\n throw new Error(`User-key transparency witness anchor mismatch for org ${orgId}.`);\n }\n } else if (!verifyUserKeyDirectoryTransparencyProof({\n currentEntry: expectedCurrentEntry,\n proof: directory.transparency,\n previousHead: trustedPreviousHead\n })) {\n throw new Error(`User-key transparency proof verification failed for org ${orgId}.`);\n }\n } else if (anchorHead && directory.transparency.head.version === anchorHead.version) {\n throw new Error(`Server omitted the current transparency entry required to verify org ${orgId} against the public witness.`);\n } else if (!trustedPreviousHead || trustedPreviousHead.version !== directory.transparency.head.version || trustedPreviousHead.hash !== directory.transparency.head.hash) {\n throw new Error(`Server returned an incomplete user-key transparency proof for org ${orgId}.`);\n }\n assertAndPinTransparencyHead(trustStorePath, orgId, directory.transparency.head);\n const checkpointEntries = new Map(\n directoryCheckpoint.checkpoint.entries.map((entry) => [entry.userKeyPairId, entry])\n );\n for (const key of directory.publicKeys) {\n const entry = checkpointEntries.get(key.userKeyPairId);\n if (!entry) {\n throw new Error(`User key ${key.userKeyPairId} is missing from the signed org directory.`);\n }\n if (entry.orgUserId !== key.orgUserId || entry.fingerprint !== key.fingerprint || entry.previousUserKeyPairId !== key.previousUserKeyPairId || entry.rotationSignature !== key.rotationSignature) {\n throw new Error(`User key ${key.userKeyPairId} does not match the signed org directory.`);\n }\n }\n return orgId;\n } catch (error) {\n saveTrustStore(trustStorePath, storeBeforeVerification);\n throw error;\n }\n}\nasync function verifyAndPinVaultUserPublicKeys(trustStorePath, directory, anchorHead) {\n const orgId = await verifySignedUserKeyDirectory(trustStorePath, directory, anchorHead);\n if (!orgId) {\n return directory.publicKeys;\n }\n return pinVaultUserPublicKeys(trustStorePath, orgId, directory.publicKeys);\n}\nasync function verifyAndPinVaultAgentPublicKeys(trustStorePath, orgId, publicKeys, apiBaseUrl, configuredWitnessBaseUrl) {\n return pinVaultAgentPublicKeys(\n trustStorePath,\n orgId,\n publicKeys,\n apiBaseUrl,\n configuredWitnessBaseUrl\n );\n}\nfunction assertAndPinCheckpointVersion(trustStorePath, storageKey, version) {\n const store = loadTrustStore(trustStorePath);\n const pinnedVersion = store.checkpointVersionPins[storageKey];\n if (pinnedVersion !== void 0 && version < pinnedVersion) {\n throw new Error(`Checkpoint version rolled back unexpectedly for ${storageKey}.`);\n }\n if (pinnedVersion === void 0 || version > pinnedVersion) {\n store.checkpointVersionPins[storageKey] = version;\n saveTrustStore(trustStorePath, store);\n }\n}\nfunction assertAndPinTransparencyHead(trustStorePath, orgId, head) {\n const store = loadTrustStore(trustStorePath);\n const storageKey = getDirectoryPinStorageKey(orgId);\n const pinnedHead = store.transparencyHeadPins[storageKey];\n if (pinnedHead) {\n if (head.version < pinnedHead.version) {\n throw new Error(`User-key transparency head rolled back unexpectedly for org ${orgId}.`);\n }\n if (head.version === pinnedHead.version && head.hash !== pinnedHead.hash) {\n throw new Error(`User-key transparency head fork detected for org ${orgId}.`);\n }\n }\n if (!pinnedHead || head.version > pinnedHead.version) {\n store.transparencyHeadPins[storageKey] = head;\n saveTrustStore(trustStorePath, store);\n }\n assertAndPinCheckpointVersion(trustStorePath, storageKey, head.version);\n}\n\n// src/index.ts\nvar R4_DEFAULT_API_BASE_URL = \"https://r4.dev\";\nvar R4_DEV_API_BASE_URL = \"https://dev.r4.dev\";\nfunction toScreamingSnakeCase(input) {\n return input.replace(/[^a-zA-Z0-9]/g, \"_\").replace(/_+/g, \"_\").replace(/^_|_$/g, \"\").toUpperCase();\n}\nfunction resolveTrustStorePath(config) {\n if (config.trustStorePath) {\n return path3.resolve(config.trustStorePath);\n }\n if (config.privateKeyPath) {\n return `${path3.resolve(config.privateKeyPath)}.trust.json`;\n }\n return path3.resolve(process.cwd(), \".r4-trust-store.json\");\n}\nfunction resolveApiBaseUrl(config) {\n if (config.baseUrl) {\n return config.baseUrl;\n }\n return config.dev ? R4_DEV_API_BASE_URL : R4_DEFAULT_API_BASE_URL;\n}\nfunction buildVaultSummaryCheckpointFromListResponse(response, version) {\n return {\n vaultId: response.vaultId,\n version,\n name: response.vaultName,\n dataClassification: response.dataClassification ?? null,\n currentDekVersion: response.currentDekVersion ?? null,\n items: response.items.map((item) => ({\n id: item.id,\n name: item.name,\n type: item.type ?? null,\n websites: item.websites ?? [],\n groupId: item.groupId ?? null\n })),\n groups: response.vaultItemGroups.map((group) => ({\n id: group.id,\n name: group.name,\n parentId: group.parentId ?? null\n }))\n };\n}\nfunction buildVaultItemDetailCheckpointFromResponse(item, version) {\n return {\n vaultItemId: item.id,\n vaultId: item.vaultId,\n version,\n name: item.name,\n type: item.type ?? null,\n websites: item.websites ?? [],\n groupId: item.groupId ?? null,\n fields: item.fields.map((field, index) => ({\n id: field.id,\n name: field.name,\n type: field.type,\n order: field.order ?? index,\n fieldInstanceIds: field.fieldInstanceIds ?? [],\n assetIds: field.assetIds ?? []\n }))\n };\n}\nfunction getCheckpointSignerPublicKey(params) {\n const signerType = params.checkpoint.signerType ?? \"USER_KEY_PAIR\";\n if (signerType === \"AGENT_ENCRYPTION_KEY\") {\n const signerKey2 = params.agentKeys.find(\n (publicKey) => publicKey.encryptionKeyId === params.checkpoint.signerEncryptionKeyId\n );\n const historicalSignerKey = params.agentKeys.flatMap((publicKey) => publicKey.transparency?.entries ?? []).find((entry) => entry.encryptionKeyId === params.checkpoint.signerEncryptionKeyId);\n if (!signerKey2 && !historicalSignerKey) {\n throw new Error(\n `R4 SDK: checkpoint signer ${params.checkpoint.signerEncryptionKeyId ?? \"unknown\"} was not present in the trusted agent key directory.`\n );\n }\n return signerKey2?.publicKey ?? historicalSignerKey.publicKey;\n }\n const signerKey = params.userKeys.find(\n (publicKey) => publicKey.userKeyPairId === params.checkpoint.signerUserKeyPairId\n );\n if (!signerKey) {\n throw new Error(\n `R4 SDK: checkpoint signer ${params.checkpoint.signerUserKeyPairId ?? \"unknown\"} was not present in the trusted user key directory.`\n );\n }\n return signerKey.publicKey;\n}\nvar R4 = class _R4 {\n client;\n baseUrl;\n transparencyWitnessUrl;\n projectId;\n privateKeyPem;\n publicKeyPem;\n trustStorePath;\n _env = null;\n constructor(config) {\n if (!config.apiKey) {\n throw new Error(\"R4 SDK: apiKey is required\");\n }\n if (!config.privateKey && !config.privateKeyPath) {\n throw new Error(\n \"R4 SDK: privateKey or privateKeyPath is required for zero-trust local decryption.\"\n );\n }\n const baseUrl = resolveApiBaseUrl(config);\n this.baseUrl = baseUrl;\n this.transparencyWitnessUrl = config.transparencyWitnessUrl;\n this.client = new R4Client(config.apiKey, baseUrl);\n this.projectId = config.projectId;\n this.privateKeyPem = config.privateKey ?? loadPrivateKey(config.privateKeyPath);\n this.publicKeyPem = derivePublicKey(this.privateKeyPem);\n this.trustStorePath = resolveTrustStorePath(config);\n }\n /**\n * Static factory method that creates and initializes an R4 instance.\n */\n static async create(config) {\n const instance = new _R4(config);\n await instance.init();\n return instance;\n }\n /**\n * Initializes the SDK by registering the agent public key (idempotent) and\n * decrypting all accessible vault values locally into a flat env map.\n */\n async init() {\n this._env = await this.fetchEnv();\n }\n /**\n * Returns the locally decrypted env map.\n */\n get env() {\n if (!this._env) {\n throw new Error(\n \"R4 SDK: env is not initialized. Call await r4.init() first, or use R4.create() for automatic initialization.\"\n );\n }\n return this._env;\n }\n /**\n * Re-fetches and locally re-decrypts the current vault view.\n */\n async refresh() {\n this._env = await this.fetchEnv();\n }\n /**\n * Sends an authenticated request to an arbitrary machine API route so\n * callers can use the full headless surface without hand-rolling fetch code.\n */\n async requestMachine(params) {\n return this.client.requestMachine(params);\n }\n /**\n * Fetches, verifies, and locally decrypts a token provider's vault-backed\n * credential fields without exposing plaintext back to R4.\n */\n async getTokenProviderFields(tokenProviderId, options) {\n if (options?.unsafeExport !== true) {\n throw new Error(\n \"R4 SDK: getTokenProviderFields exports decrypted provider secrets. Pass { unsafeExport: true } to confirm or use callAnthropicWithTokenProvider() instead.\"\n );\n }\n await this.registerAgentPublicKey();\n const runtime = await this.getVerifiedTokenProviderRuntime(tokenProviderId);\n return {\n id: runtime.id,\n name: runtime.name,\n providerType: runtime.providerType,\n fields: this.decryptTokenProviderFields(runtime)\n };\n }\n /**\n * Managed Anthropic call path:\n * 1. decrypt the provider secret locally\n * 2. preflight the budget gate with estimated usage\n * 3. call Anthropic directly\n * 4. publish finalized usage back to R4\n */\n async callAnthropicWithTokenProvider(params) {\n await this.registerAgentPublicKey();\n const runtime = await this.getVerifiedTokenProviderRuntime(params.tokenProviderId);\n if (runtime.providerType !== \"ANTHROPIC\") {\n throw new Error(\n `R4 SDK: token provider ${params.tokenProviderId} is ${runtime.providerType}, not ANTHROPIC.`\n );\n }\n const fields = this.decryptTokenProviderFields(runtime);\n const apiKey = fields[\"API Key\"];\n const endpoint = fields[\"Endpoint URL\"] || \"https://api.anthropic.com/v1/messages\";\n const model = this.requireStringField(params.body.model, \"body.model\");\n if (!apiKey) {\n throw new Error(`R4 SDK: token provider ${params.tokenProviderId} does not contain an API Key field.`);\n }\n const requestId = randomUUID();\n const authorization = await this.client.authorizeTokenProviderUsage(params.tokenProviderId, {\n model,\n estimatedInputTokens: params.estimatedInputTokens ?? 0,\n estimatedOutputTokens: params.estimatedOutputTokens ?? this.inferEstimatedOutputTokens(params.body.max_tokens)\n });\n const response = await fetch(endpoint, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"x-api-key\": apiKey,\n \"anthropic-version\": \"2023-06-01\"\n },\n body: JSON.stringify(params.body),\n signal: params.signal\n });\n if (!response.ok) {\n const bodyText = await response.text().catch(() => \"\");\n throw new Error(`Anthropic API error: ${response.status} ${response.statusText}${bodyText ? ` - ${bodyText}` : \"\"}`);\n }\n const parsedResponse = await response.json();\n const inputTokens = this.toNonNegativeInt(parsedResponse.usage?.input_tokens);\n const outputTokens = this.toNonNegativeInt(parsedResponse.usage?.output_tokens);\n const usage = await this.client.reportTokenProviderUsage(params.tokenProviderId, {\n requestId,\n model,\n vendorRequestId: typeof parsedResponse.id === \"string\" ? parsedResponse.id : null,\n inputTokens,\n outputTokens,\n totalTokens: inputTokens + outputTokens,\n estimatedCostUsd: authorization.estimatedCostUsd,\n metadata: {\n providerType: runtime.providerType\n }\n });\n return {\n response: parsedResponse,\n usage,\n authorization,\n requestId\n };\n }\n /**\n * Registers the local agent public key, loads all accessible vaults, verifies\n * wrapped-DEK signatures against pinned signer keys, unwraps each vault DEK,\n * and builds a flat SCREAMING_SNAKE_CASE env map from decrypted field values.\n */\n async fetchEnv() {\n await this.registerAgentPublicKey();\n const { vaults } = await this.client.listVaults(this.projectId);\n const envEntries = await Promise.all(vaults.map((vault) => this.fetchVaultEnv(vault.id)));\n return Object.assign({}, ...envEntries);\n }\n /**\n * Ensures the local agent public key is registered before any zero-trust\n * wrapped-key or token-provider flow runs.\n */\n async registerAgentPublicKey() {\n try {\n await this.client.registerAgentPublicKey({\n publicKey: this.publicKeyPem\n });\n } catch (error) {\n throw new Error(\n `R4 SDK: failed to register the local agent public key. The zero-trust SDK requires an AGENT-scoped API key and a matching local private key. ${error instanceof Error ? error.message : String(error)}`\n );\n }\n }\n /**\n * Fetches a single vault's wrapped DEK, verifies it against the pinned signer\n * directory, unwraps the DEK locally, then decrypts every field value in that\n * vault item-by-item.\n */\n async fetchVaultEnv(vaultId) {\n const pinnedTransparencyHead = getSinglePinnedTransparencyHead(this.trustStorePath);\n const [wrappedKey, itemsResponse, initialPublicKeyDirectory] = await Promise.all([\n this.client.getAgentWrappedKey(vaultId),\n this.client.listVaultItems(vaultId),\n this.client.getVaultUserKeyDirectory(\n vaultId,\n pinnedTransparencyHead ? {\n knownTransparencyVersion: pinnedTransparencyHead.version,\n knownTransparencyHash: pinnedTransparencyHead.hash\n } : void 0\n )\n ]);\n let publicKeyDirectory = initialPublicKeyDirectory;\n let witnessAnchorHead = null;\n if (!pinnedTransparencyHead) {\n const orgId = initialPublicKeyDirectory.directoryCheckpoint?.checkpoint.orgId ?? null;\n if (orgId && initialPublicKeyDirectory.directoryCheckpoint && initialPublicKeyDirectory.transparency) {\n witnessAnchorHead = await getPublicOrgWitnessHead(\n this.baseUrl,\n orgId,\n this.transparencyWitnessUrl\n );\n if (witnessAnchorHead) {\n if (initialPublicKeyDirectory.transparency.head.version < witnessAnchorHead.version) {\n throw new Error(`R4 SDK: public transparency witness head is ahead of the server response for org ${orgId}.`);\n }\n if (initialPublicKeyDirectory.transparency.head.version === witnessAnchorHead.version) {\n if (initialPublicKeyDirectory.transparency.head.hash !== witnessAnchorHead.hash) {\n throw new Error(`R4 SDK: public transparency witness head fork detected for org ${orgId}.`);\n }\n } else {\n publicKeyDirectory = await this.client.getVaultUserKeyDirectory(vaultId, {\n knownTransparencyVersion: witnessAnchorHead.version,\n knownTransparencyHash: witnessAnchorHead.hash\n });\n }\n }\n }\n }\n const trustedPublicKeys = await verifyAndPinVaultUserPublicKeys(\n this.trustStorePath,\n publicKeyDirectory,\n witnessAnchorHead\n );\n const checkpointOrgId = publicKeyDirectory.directoryCheckpoint?.checkpoint.orgId ?? vaultId;\n const trustedAgentPublicKeys = await verifyAndPinVaultAgentPublicKeys(\n this.trustStorePath,\n checkpointOrgId,\n publicKeyDirectory.agentPublicKeys ?? [],\n this.baseUrl,\n this.transparencyWitnessUrl\n );\n const signerKey = trustedPublicKeys.find(\n (publicKey) => publicKey.userKeyPairId === wrappedKey.signerUserKeyPairId\n );\n const historicalAgentSignerKey = trustedAgentPublicKeys.flatMap((publicKey) => publicKey.transparency?.entries ?? []).find((entry) => entry.encryptionKeyId === wrappedKey.signerEncryptionKeyId);\n const wrappedKeySignerPublicKey = wrappedKey.signerEncryptionKeyId ? trustedAgentPublicKeys.find(\n (publicKey) => publicKey.encryptionKeyId === wrappedKey.signerEncryptionKeyId\n )?.publicKey ?? historicalAgentSignerKey?.publicKey : signerKey?.publicKey;\n if (!wrappedKeySignerPublicKey) {\n throw new Error(\n `R4 SDK: wrapped DEK signer ${wrappedKey.signerEncryptionKeyId ?? wrappedKey.signerUserKeyPairId ?? \"unknown\"} was not present in the trusted key directory.`\n );\n }\n const signatureVerified = verifyWrappedDekSignature(\n vaultId,\n wrappedKey.encryptionKeyId,\n wrappedKey.signerEncryptionKeyId ?? wrappedKey.signerUserKeyPairId,\n wrappedKey.dekVersion,\n wrappedKey.wrappedDek,\n wrappedKey.wrappedDekSignature,\n wrappedKeySignerPublicKey\n );\n if (!signatureVerified) {\n throw new Error(`R4 SDK: wrapped DEK signature verification failed for vault ${vaultId}.`);\n }\n const dek = unwrapDEKWithPrivateKey(wrappedKey.wrappedDek, this.privateKeyPem);\n if (!itemsResponse.summaryCheckpoint) {\n throw new Error(`R4 SDK: vault ${vaultId} is missing a signed summary checkpoint.`);\n }\n const expectedSummaryCheckpoint = buildVaultSummaryCheckpointFromListResponse(\n itemsResponse,\n itemsResponse.summaryCheckpoint.checkpoint.version\n );\n const summaryVerified = verifyVaultSummaryCheckpoint(\n expectedSummaryCheckpoint,\n itemsResponse.summaryCheckpoint.signature,\n getCheckpointSignerPublicKey({\n checkpoint: itemsResponse.summaryCheckpoint,\n userKeys: trustedPublicKeys,\n agentKeys: trustedAgentPublicKeys\n })\n );\n if (!summaryVerified) {\n throw new Error(`R4 SDK: vault summary checkpoint verification failed for vault ${vaultId}.`);\n }\n assertAndPinCheckpointVersion(\n this.trustStorePath,\n `summary:${vaultId}`,\n expectedSummaryCheckpoint.version\n );\n const itemDetails = await Promise.all(\n itemsResponse.items.map((item) => this.client.getVaultItemDetail(vaultId, item.id))\n );\n const env = {};\n for (const item of itemDetails) {\n if (!item.detailCheckpoint) {\n throw new Error(`R4 SDK: vault item ${item.id} is missing a signed detail checkpoint.`);\n }\n const expectedDetailCheckpoint = buildVaultItemDetailCheckpointFromResponse(\n item,\n item.detailCheckpoint.checkpoint.version\n );\n const detailVerified = verifyVaultItemDetailCheckpoint(\n expectedDetailCheckpoint,\n item.detailCheckpoint.signature,\n getCheckpointSignerPublicKey({\n checkpoint: item.detailCheckpoint,\n userKeys: trustedPublicKeys,\n agentKeys: trustedAgentPublicKeys\n })\n );\n if (!detailVerified) {\n throw new Error(`R4 SDK: vault item checkpoint verification failed for item ${item.id}.`);\n }\n assertAndPinCheckpointVersion(\n this.trustStorePath,\n `detail:${item.id}`,\n expectedDetailCheckpoint.version\n );\n for (const field of item.fields) {\n if (field.value === null) {\n continue;\n }\n env[toScreamingSnakeCase(`${item.name}_${field.name}`)] = decryptStoredFieldValue(\n field.value,\n dek\n );\n }\n }\n return env;\n }\n async getVerifiedTokenProviderRuntime(tokenProviderId) {\n const pinnedTransparencyHead = getSinglePinnedTransparencyHead(this.trustStorePath);\n let runtime = await this.client.getTokenProviderRuntime(\n tokenProviderId,\n pinnedTransparencyHead ? {\n knownTransparencyVersion: pinnedTransparencyHead.version,\n knownTransparencyHash: pinnedTransparencyHead.hash\n } : void 0\n );\n let witnessAnchorHead = null;\n if (!pinnedTransparencyHead) {\n const orgId = runtime.keyDirectory.directoryCheckpoint?.checkpoint.orgId ?? null;\n if (orgId && runtime.keyDirectory.directoryCheckpoint && runtime.keyDirectory.transparency) {\n witnessAnchorHead = await getPublicOrgWitnessHead(\n this.baseUrl,\n orgId,\n this.transparencyWitnessUrl\n );\n if (witnessAnchorHead) {\n if (runtime.keyDirectory.transparency.head.version < witnessAnchorHead.version) {\n throw new Error(\n `R4 SDK: public transparency witness head is ahead of the server response for org ${orgId}.`\n );\n }\n if (runtime.keyDirectory.transparency.head.version === witnessAnchorHead.version) {\n if (runtime.keyDirectory.transparency.head.hash !== witnessAnchorHead.hash) {\n throw new Error(`R4 SDK: public transparency witness head fork detected for org ${orgId}.`);\n }\n } else {\n runtime = await this.client.getTokenProviderRuntime(tokenProviderId, {\n knownTransparencyVersion: witnessAnchorHead.version,\n knownTransparencyHash: witnessAnchorHead.hash\n });\n }\n }\n }\n }\n const trustedPublicKeys = await verifyAndPinVaultUserPublicKeys(\n this.trustStorePath,\n runtime.keyDirectory,\n witnessAnchorHead\n );\n const checkpointOrgId = runtime.keyDirectory.directoryCheckpoint?.checkpoint.orgId ?? runtime.vaultId;\n const trustedAgentPublicKeys = await verifyAndPinVaultAgentPublicKeys(\n this.trustStorePath,\n checkpointOrgId,\n runtime.keyDirectory.agentPublicKeys ?? [],\n this.baseUrl,\n this.transparencyWitnessUrl\n );\n const wrappedKeySignerPublicKey = this.getWrappedKeySignerPublicKey(\n runtime.wrappedKey,\n trustedPublicKeys,\n trustedAgentPublicKeys\n );\n if (!verifyWrappedDekSignature(\n runtime.vaultId,\n runtime.wrappedKey.encryptionKeyId,\n runtime.wrappedKey.signerEncryptionKeyId ?? runtime.wrappedKey.signerUserKeyPairId,\n runtime.wrappedKey.dekVersion,\n runtime.wrappedKey.wrappedDek,\n runtime.wrappedKey.wrappedDekSignature,\n wrappedKeySignerPublicKey\n )) {\n throw new Error(`R4 SDK: wrapped DEK signature verification failed for vault ${runtime.vaultId}.`);\n }\n const expectedDetailCheckpoint = buildVaultItemDetailCheckpointFromResponse(\n runtime.vaultItemDetail,\n runtime.vaultItemDetail.detailCheckpoint?.checkpoint.version ?? 0\n );\n if (!runtime.vaultItemDetail.detailCheckpoint) {\n throw new Error(`R4 SDK: vault item ${runtime.vaultItemDetail.id} is missing a signed detail checkpoint.`);\n }\n const detailVerified = verifyVaultItemDetailCheckpoint(\n expectedDetailCheckpoint,\n runtime.vaultItemDetail.detailCheckpoint.signature,\n getCheckpointSignerPublicKey({\n checkpoint: runtime.vaultItemDetail.detailCheckpoint,\n userKeys: trustedPublicKeys,\n agentKeys: trustedAgentPublicKeys\n })\n );\n if (!detailVerified) {\n throw new Error(\n `R4 SDK: vault item checkpoint verification failed for item ${runtime.vaultItemDetail.id}.`\n );\n }\n assertAndPinCheckpointVersion(\n this.trustStorePath,\n `detail:${runtime.vaultItemDetail.id}`,\n expectedDetailCheckpoint.version\n );\n return runtime;\n }\n decryptTokenProviderFields(runtime) {\n const dek = unwrapDEKWithPrivateKey(runtime.wrappedKey.wrappedDek, this.privateKeyPem);\n const fields = {};\n for (const field of runtime.vaultItemDetail.fields) {\n if (field.value === null) {\n continue;\n }\n fields[field.name] = decryptStoredFieldValue(field.value, dek);\n }\n return fields;\n }\n getWrappedKeySignerPublicKey(wrappedKey, userKeys, agentKeys) {\n const signerKey = userKeys.find(\n (publicKey) => publicKey.userKeyPairId === wrappedKey.signerUserKeyPairId\n );\n const historicalAgentSignerKey = agentKeys.flatMap((publicKey) => publicKey.transparency?.entries ?? []).find((entry) => entry.encryptionKeyId === wrappedKey.signerEncryptionKeyId);\n const wrappedKeySignerPublicKey = wrappedKey.signerEncryptionKeyId ? agentKeys.find(\n (publicKey) => publicKey.encryptionKeyId === wrappedKey.signerEncryptionKeyId\n )?.publicKey ?? historicalAgentSignerKey?.publicKey : signerKey?.publicKey;\n if (!wrappedKeySignerPublicKey) {\n throw new Error(\n `R4 SDK: wrapped DEK signer ${wrappedKey.signerEncryptionKeyId ?? wrappedKey.signerUserKeyPairId ?? \"unknown\"} was not present in the trusted key directory.`\n );\n }\n return wrappedKeySignerPublicKey;\n }\n requireStringField(value, label) {\n if (typeof value !== \"string\" || value.length === 0) {\n throw new Error(`R4 SDK: ${label} must be a non-empty string.`);\n }\n return value;\n }\n inferEstimatedOutputTokens(value) {\n if (typeof value === \"number\" && Number.isFinite(value) && value >= 0) {\n return Math.floor(value);\n }\n return 0;\n }\n toNonNegativeInt(value) {\n if (typeof value === \"number\" && Number.isFinite(value) && value >= 0) {\n return Math.floor(value);\n }\n return 0;\n }\n};\nvar src_default = R4;\nexport {\n R4,\n R4Client,\n src_default as default\n};\n//# sourceMappingURL=index.js.map","import R4 from '@r4security/sdk'\nimport { CliClient } from './client.js'\nimport { derivePublicKey, loadPrivateKey } from './private-key.js'\nimport type {\n MachineIdentityResponse,\n MachineAgentPublicKeyResponse,\n MachineVaultSummary,\n} from '../types.js'\nimport type { ResolvedConnection } from './resolve-auth.js'\n\nexport type DoctorCheckStatus = 'pass' | 'warn' | 'fail' | 'skip'\n\nexport interface DoctorCheck {\n id: string\n label: string\n status: DoctorCheckStatus\n detail: string\n}\n\nexport interface DoctorVaultStatus {\n id: string\n name: string\n itemCount: number\n wrappedKeyStatus: 'present' | 'missing' | 'error' | 'skipped'\n detail?: string\n}\n\nexport interface DoctorReport {\n profileName: string\n baseUrl: string\n dev: boolean\n projectId?: string\n privateKeyPath?: string\n trustStorePath?: string\n apiKeyScope?: string\n orgId?: string\n orgName?: string\n tenantId?: string\n tenantName?: string\n agentId?: string\n agentName?: string\n warnings?: string[]\n remoteIdentityError?: string\n registration?: {\n encryptionKeyId: string\n fingerprint: string\n }\n envKeyCount?: number\n checks: DoctorCheck[]\n vaults: DoctorVaultStatus[]\n}\n\nfunction getAgentIdFromRegistration(\n registration?: MachineAgentPublicKeyResponse,\n): string | undefined {\n const entryCount = registration?.transparency?.entries.length ?? 0\n if (!registration?.transparency || entryCount === 0) {\n return undefined\n }\n\n return registration.transparency.entries[entryCount - 1]?.agentId\n}\n\nfunction toDetailList(vaults: MachineVaultSummary[]): string {\n if (vaults.length === 0) {\n return '0 visible vaults.'\n }\n\n const visibleNames = vaults.slice(0, 5).map((vault) => vault.name)\n const suffix = vaults.length > visibleNames.length ? ', ...' : ''\n return `${vaults.length} visible vault${vaults.length === 1 ? '' : 's'}: ${visibleNames.join(', ')}${suffix}`\n}\n\nfunction isWrappedKeyMissing(error: unknown): boolean {\n return (\n error instanceof Error &&\n (error.message.includes('[wrapped_key_not_found]') ||\n error.message.includes('No wrapped key found for this agent and vault.'))\n )\n}\n\nexport function doctorHasFailures(report: DoctorReport): boolean {\n return report.checks.some((check) => check.status === 'fail')\n}\n\n/**\n * Run the CLI doctor checks without mutating local config.\n */\nexport async function runDoctorChecks(\n connection: ResolvedConnection,\n): Promise<DoctorReport> {\n const report: DoctorReport = {\n profileName: connection.profileName,\n baseUrl: connection.baseUrl,\n dev: connection.dev,\n projectId: connection.projectId,\n privateKeyPath: connection.privateKeyPath,\n trustStorePath: connection.trustStorePath,\n agentName: connection.profile.agentName,\n checks: [],\n vaults: [],\n }\n\n report.checks.push({\n id: 'base-url',\n label: 'Base URL',\n status: 'pass',\n detail: `${connection.baseUrl}${connection.dev ? ' (dev mode)' : ''}`,\n })\n\n if (!connection.apiKey) {\n report.checks.push({\n id: 'api-key',\n label: 'API Key',\n status: 'fail',\n detail: 'No API key is configured for the active profile.',\n })\n report.checks.push({\n id: 'project-filter',\n label: 'Project Filter',\n status: 'pass',\n detail: connection.projectId\n ? `Filtering to project ${connection.projectId}.`\n : 'No project filter is set.',\n })\n return report\n }\n\n report.checks.push({\n id: 'api-key',\n label: 'API Key',\n status: 'pass',\n detail: `Loaded from ${connection.apiKeySource}.`,\n })\n\n report.checks.push({\n id: 'project-filter',\n label: 'Project Filter',\n status: 'pass',\n detail: connection.projectId\n ? `Filtering vault reads to project ${connection.projectId}.`\n : 'No project filter is set.',\n })\n\n const client = new CliClient(connection.apiKey, connection.baseUrl)\n let machineIdentity: MachineIdentityResponse | undefined\n let registration: MachineAgentPublicKeyResponse | undefined\n\n try {\n machineIdentity = await client.getMachineIdentity()\n report.apiKeyScope = machineIdentity.apiKey.scope\n report.orgId = machineIdentity.org.id\n report.orgName = machineIdentity.org.name ?? undefined\n report.tenantId = machineIdentity.tenant?.id ?? undefined\n report.tenantName = machineIdentity.tenant?.name ?? undefined\n report.agentId = machineIdentity.principal.agentId ?? connection.profile.agentId\n report.agentName = machineIdentity.agent?.name ?? connection.profile.agentName\n report.warnings = machineIdentity.warnings\n\n report.checks.push({\n id: 'machine-identity',\n label: 'Machine Identity',\n status: 'pass',\n detail: `${machineIdentity.apiKey.scope} key in ${machineIdentity.org.name || machineIdentity.org.id}${\n machineIdentity.tenant ? ` / ${machineIdentity.tenant.name || machineIdentity.tenant.id}` : ''\n } with policy \"${machineIdentity.apiKey.summary}\".`,\n })\n } catch (error) {\n report.remoteIdentityError = error instanceof Error ? error.message : String(error)\n report.checks.push({\n id: 'machine-identity',\n label: 'Machine Identity',\n status: 'warn',\n detail: `Could not read /machine/me. ${report.remoteIdentityError}`,\n })\n }\n\n if (!connection.privateKeyPath) {\n report.checks.push({\n id: 'private-key',\n label: 'Private Key',\n status: 'fail',\n detail: 'No local private-key path is configured, so zero-trust checks cannot run.',\n })\n report.checks.push({\n id: 'public-key',\n label: 'Public Key Registration',\n status: 'skip',\n detail: 'Skipped because no local private key is configured.',\n })\n report.checks.push({\n id: 'agent-identity',\n label: 'Agent Identity',\n status: 'skip',\n detail: 'Skipped because public-key registration could not run.',\n })\n } else {\n try {\n const privateKeyPem = loadPrivateKey(connection.privateKeyPath)\n const publicKeyPem = derivePublicKey(privateKeyPem)\n registration = await client.registerAgentPublicKey({ publicKey: publicKeyPem })\n report.agentId =\n report.agentId ??\n getAgentIdFromRegistration(registration) ??\n connection.profile.agentId\n report.registration = {\n encryptionKeyId: registration.encryptionKeyId,\n fingerprint: registration.fingerprint,\n }\n\n report.checks.push({\n id: 'private-key',\n label: 'Private Key',\n status: 'pass',\n detail: `Loaded ${connection.privateKeyPath}.`,\n })\n report.checks.push({\n id: 'public-key',\n label: 'Public Key Registration',\n status: 'pass',\n detail: `Registered encryption key ${registration.encryptionKeyId}.`,\n })\n report.checks.push({\n id: 'agent-identity',\n label: 'Agent Identity',\n status: report.agentId ? 'pass' : 'warn',\n detail: report.agentId\n ? `Agent ${report.agentId}${report.agentName ? ` (${report.agentName})` : ''}.`\n : 'The API returned no agent ID in the current registration proof.',\n })\n } catch (error) {\n report.checks.push({\n id: 'private-key',\n label: 'Private Key',\n status: 'pass',\n detail: `Configured at ${connection.privateKeyPath}.`,\n })\n report.checks.push({\n id: 'public-key',\n label: 'Public Key Registration',\n status: 'fail',\n detail: error instanceof Error ? error.message : String(error),\n })\n report.checks.push({\n id: 'agent-identity',\n label: 'Agent Identity',\n status: 'skip',\n detail: 'Skipped because public-key registration did not succeed.',\n })\n }\n }\n\n let vaults: MachineVaultSummary[] = []\n try {\n const response = await client.listVaults(connection.projectId)\n vaults = response.vaults\n report.checks.push({\n id: 'visible-vaults',\n label: 'Visible Vaults',\n status: 'pass',\n detail: toDetailList(vaults),\n })\n } catch (error) {\n report.checks.push({\n id: 'visible-vaults',\n label: 'Visible Vaults',\n status: 'fail',\n detail: error instanceof Error ? error.message : String(error),\n })\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'skip',\n detail: 'Skipped because visible vaults could not be listed.',\n })\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'skip',\n detail: 'Skipped because visible vaults could not be listed.',\n })\n return report\n }\n\n if (vaults.length === 0) {\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'skip',\n detail: 'No visible vaults means there were no wrapped keys to verify.',\n })\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'skip',\n detail: 'No visible vaults were returned, so no vault trust proof was exercised.',\n })\n return report\n }\n\n let missingWrappedKeys = 0\n let wrappedKeyErrors = 0\n\n for (const vault of vaults) {\n try {\n await client.getAgentWrappedKey(vault.id)\n report.vaults.push({\n id: vault.id,\n name: vault.name,\n itemCount: vault.itemCount,\n wrappedKeyStatus: 'present',\n })\n } catch (error) {\n if (isWrappedKeyMissing(error)) {\n missingWrappedKeys += 1\n report.vaults.push({\n id: vault.id,\n name: vault.name,\n itemCount: vault.itemCount,\n wrappedKeyStatus: 'missing',\n detail: error instanceof Error ? error.message : String(error),\n })\n continue\n }\n\n wrappedKeyErrors += 1\n report.vaults.push({\n id: vault.id,\n name: vault.name,\n itemCount: vault.itemCount,\n wrappedKeyStatus: 'error',\n detail: error instanceof Error ? error.message : String(error),\n })\n }\n }\n\n if (wrappedKeyErrors > 0) {\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'fail',\n detail: `${wrappedKeyErrors} vault read${wrappedKeyErrors === 1 ? '' : 's'} hit an unexpected wrapped-key error.`,\n })\n } else if (missingWrappedKeys > 0) {\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'warn',\n detail: `${missingWrappedKeys} of ${vaults.length} visible vault${vaults.length === 1 ? '' : 's'} do not have wrapped keys for this agent.`,\n })\n } else {\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'pass',\n detail: `Wrapped keys are present for all ${vaults.length} visible vault${vaults.length === 1 ? '' : 's'}.`,\n })\n }\n\n if (!connection.privateKeyPath) {\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'fail',\n detail: 'A local private key is required for end-to-end zero-trust verification.',\n })\n return report\n }\n\n try {\n const r4 = await R4.create({\n apiKey: connection.apiKey,\n baseUrl: connection.baseUrl,\n dev: connection.dev,\n projectId: connection.projectId,\n privateKeyPath: connection.privateKeyPath,\n trustStorePath: connection.trustStorePath,\n })\n report.envKeyCount = Object.keys(r4.env).length\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'pass',\n detail: `Verified trust/transparency checks and decrypted ${report.envKeyCount} env key${report.envKeyCount === 1 ? '' : 's'} locally.`,\n })\n } catch (error) {\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'fail',\n detail: error instanceof Error ? error.message : String(error),\n })\n }\n\n return report\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\nimport type { ParsedCredentialBundle } from '../types.js'\n\nfunction normalizeFieldName(fieldName: string): string {\n return fieldName.trim().toLowerCase().replace(/[^a-z0-9]+/g, '')\n}\n\nfunction stripWrappingQuotes(value: string): string {\n const trimmed = value.trim()\n if (\n (trimmed.startsWith('\"') && trimmed.endsWith('\"')) ||\n (trimmed.startsWith(\"'\") && trimmed.endsWith(\"'\"))\n ) {\n return trimmed.slice(1, -1).trim()\n }\n return trimmed\n}\n\nfunction parseBooleanLike(value: string): boolean | undefined {\n const normalized = value.trim().toLowerCase()\n if (['1', 'true', 'yes', 'on', 'dev', 'development'].includes(normalized)) {\n return true\n }\n if (['0', 'false', 'no', 'off', 'prod', 'production'].includes(normalized)) {\n return false\n }\n return undefined\n}\n\nfunction applyField(\n bundle: ParsedCredentialBundle,\n fieldName: string,\n rawValue: string,\n): void {\n const value = stripWrappingQuotes(rawValue)\n if (!value) {\n return\n }\n\n const normalized = normalizeFieldName(fieldName)\n\n if (['apikey', 'r4apikey', 'machineapikey'].includes(normalized)) {\n bundle.apiKey = value\n return\n }\n\n if (['accesskey', 'r4accesskey', 'accesskeyid', 'access', 'keyid'].includes(normalized)) {\n bundle.accessKey = value\n return\n }\n\n if (['secretkey', 'r4secretkey', 'secret', 'accesssecret', 'secretaccesskey'].includes(normalized)) {\n bundle.secretKey = value\n return\n }\n\n if (['baseurl', 'r4baseurl', 'apiurl', 'apibaseurl', 'targetbaseurl', 'url'].includes(normalized)) {\n bundle.baseUrl = value\n return\n }\n\n if (['environment', 'env', 'targetenvironment'].includes(normalized)) {\n const dev = parseBooleanLike(value)\n if (dev !== undefined) {\n bundle.dev = dev\n }\n return\n }\n\n if (['projectid', 'r4projectid', 'project', 'projectscope', 'scopeprojectid'].includes(normalized)) {\n bundle.projectId = value\n return\n }\n\n if (['agentid', 'r4agentid', 'machineid'].includes(normalized)) {\n bundle.agentId = value\n return\n }\n\n if (['agentname', 'r4agentname', 'machinename'].includes(normalized)) {\n bundle.agentName = value\n }\n}\n\nfunction finalizeBundle(bundle: ParsedCredentialBundle): ParsedCredentialBundle {\n if (!bundle.apiKey && bundle.accessKey && bundle.secretKey) {\n bundle.apiKey = `${bundle.accessKey}.${bundle.secretKey}`\n }\n\n return bundle\n}\n\nfunction parseJsonContent(content: string): ParsedCredentialBundle {\n const parsed = JSON.parse(content) as Record<string, unknown>\n const bundle: ParsedCredentialBundle = {}\n\n const sources = [parsed]\n\n for (const key of ['credentials', 'profile']) {\n const nested = parsed[key]\n if (nested && typeof nested === 'object') {\n sources.push(nested as Record<string, unknown>)\n }\n }\n\n for (const source of sources) {\n for (const [key, value] of Object.entries(source)) {\n if (typeof value === 'string') {\n applyField(bundle, key, value)\n } else if (typeof value === 'boolean') {\n applyField(bundle, key, String(value))\n }\n }\n }\n\n return finalizeBundle(bundle)\n}\n\nfunction parseEnvContent(content: string): ParsedCredentialBundle {\n const bundle: ParsedCredentialBundle = {}\n for (const rawLine of content.split(/\\r?\\n/)) {\n const line = rawLine.trim()\n if (!line || line.startsWith('#')) {\n continue\n }\n\n const separatorIndex = line.indexOf('=')\n if (separatorIndex === -1) {\n continue\n }\n\n const key = line.slice(0, separatorIndex).trim()\n const value = line.slice(separatorIndex + 1).trim()\n applyField(bundle, key, value)\n }\n\n return finalizeBundle(bundle)\n}\n\nfunction splitCsvLine(line: string): string[] {\n const cells: string[] = []\n let current = ''\n let inQuotes = false\n\n for (let index = 0; index < line.length; index += 1) {\n const character = line[index]\n\n if (character === '\"') {\n const nextCharacter = line[index + 1]\n if (inQuotes && nextCharacter === '\"') {\n current += '\"'\n index += 1\n } else {\n inQuotes = !inQuotes\n }\n continue\n }\n\n if (character === ',' && !inQuotes) {\n cells.push(current.trim())\n current = ''\n continue\n }\n\n current += character\n }\n\n cells.push(current.trim())\n return cells\n}\n\nfunction parseHeaderlessCsvRow(values: string[]): ParsedCredentialBundle {\n const bundle: ParsedCredentialBundle = {}\n\n if (values.length >= 1) {\n bundle.accessKey = stripWrappingQuotes(values[0] ?? '')\n }\n if (values.length >= 2) {\n bundle.secretKey = stripWrappingQuotes(values[1] ?? '')\n }\n if (values.length >= 3) {\n const thirdValue = stripWrappingQuotes(values[2] ?? '')\n if (thirdValue.startsWith('http://') || thirdValue.startsWith('https://')) {\n bundle.baseUrl = thirdValue\n } else if (thirdValue) {\n bundle.projectId = thirdValue\n }\n }\n if (values.length >= 4) {\n const fourthValue = stripWrappingQuotes(values[3] ?? '')\n if (!bundle.projectId) {\n bundle.projectId = fourthValue\n } else if (!bundle.baseUrl) {\n bundle.baseUrl = fourthValue\n }\n }\n\n return finalizeBundle(bundle)\n}\n\nfunction parseCsvContent(content: string): ParsedCredentialBundle {\n const lines = content\n .split(/\\r?\\n/)\n .map((line) => line.trim())\n .filter((line) => line.length > 0)\n\n if (lines.length === 0) {\n return {}\n }\n\n const firstRow = splitCsvLine(lines[0] ?? '')\n const firstHeaders = firstRow.map(normalizeFieldName)\n const looksLikeHeader = firstHeaders.some((header) =>\n [\n 'apikey',\n 'accesskey',\n 'secretkey',\n 'baseurl',\n 'environment',\n 'projectid',\n 'agentid',\n 'agentname',\n ].includes(header),\n )\n\n if (!looksLikeHeader) {\n return parseHeaderlessCsvRow(firstRow)\n }\n\n const dataRow = lines.slice(1).find((line) => line.trim().length > 0)\n if (!dataRow) {\n return {}\n }\n\n const values = splitCsvLine(dataRow)\n const bundle: ParsedCredentialBundle = {}\n\n for (const [index, header] of firstRow.entries()) {\n applyField(bundle, header, values[index] ?? '')\n }\n\n return finalizeBundle(bundle)\n}\n\nfunction parsePlainTextContent(content: string): ParsedCredentialBundle {\n const trimmed = content.trim()\n if (!trimmed) {\n return {}\n }\n\n if (trimmed.includes('.') && !/\\s/.test(trimmed)) {\n return { apiKey: trimmed }\n }\n\n const commaValues = splitCsvLine(trimmed)\n if (commaValues.length >= 2) {\n return parseHeaderlessCsvRow(commaValues)\n }\n\n return {}\n}\n\n/**\n * Parse a credentials handoff file from disk.\n *\n * Supported formats:\n * - JSON objects\n * - .env / KEY=value files\n * - CSV with or without a header row\n * - Plain text API keys\n */\nexport function parseCredentialsFile(credentialsFilePath: string): ParsedCredentialBundle {\n const resolvedPath = path.resolve(credentialsFilePath)\n const content = fs.readFileSync(resolvedPath, 'utf8')\n const extension = path.extname(resolvedPath).toLowerCase()\n\n if (extension === '.json') {\n return parseJsonContent(content)\n }\n\n if (extension === '.env') {\n return parseEnvContent(content)\n }\n\n if (extension === '.csv') {\n return parseCsvContent(content)\n }\n\n if (content.includes('=') && !content.trim().startsWith('{')) {\n return parseEnvContent(content)\n }\n\n if (content.includes(',') || content.includes('\\n')) {\n const csvBundle = parseCsvContent(content)\n if (csvBundle.apiKey || csvBundle.accessKey || csvBundle.secretKey) {\n return csvBundle\n }\n }\n\n if (content.trim().startsWith('{')) {\n return parseJsonContent(content)\n }\n\n return parsePlainTextContent(content)\n}\n","import type {\n MachineIdentityResponse,\n MachinePrincipalType,\n R4ProfileConfig,\n R4ProfileIdentityCache,\n} from '../types.js'\n\nfunction getPrincipalType(identity: MachineIdentityResponse): MachinePrincipalType {\n if (identity.agent?.id || identity.principal.agentId) {\n return 'AGENT'\n }\n if (identity.principal.orgUserId) {\n return 'ORG_USER'\n }\n if (identity.principal.accountId) {\n return 'ACCOUNT'\n }\n return 'UNKNOWN'\n}\n\n/** Human-friendly principal label for display and cached identity snapshots. */\nexport function getPrincipalLabel(\n identity:\n | Pick<MachineIdentityResponse, 'agent' | 'principal' | 'apiKey'>\n | R4ProfileIdentityCache,\n): string {\n if ('principalLabel' in identity && identity.principalLabel) {\n return identity.principalLabel\n }\n\n if ('agent' in identity) {\n if (identity.agent?.name) {\n return identity.agent.name\n }\n if (identity.principal.agentId) {\n return identity.principal.agentId\n }\n if (identity.principal.orgUserId) {\n return `Org user ${identity.principal.orgUserId}`\n }\n if (identity.principal.accountId) {\n return `Account ${identity.principal.accountId}`\n }\n return identity.apiKey.name\n }\n\n if (identity.principalId) {\n return identity.principalId\n }\n\n return identity.apiKeyName || '(unknown)'\n}\n\n/** Convert a live machine identity response into profile-cached metadata. */\nexport function buildIdentityCache(\n identity: MachineIdentityResponse,\n): R4ProfileIdentityCache {\n const principalType = getPrincipalType(identity)\n const principalId =\n identity.agent?.id ||\n identity.principal.agentId ||\n identity.principal.orgUserId ||\n identity.principal.accountId ||\n undefined\n\n return {\n apiKeyId: identity.apiKey.id,\n apiKeyName: identity.apiKey.name,\n apiKeyScope: identity.apiKey.scope,\n policySummary: identity.apiKey.summary,\n principalType,\n principalId,\n principalLabel: getPrincipalLabel(identity),\n orgId: identity.org.id,\n orgName: identity.org.name || identity.org.id,\n tenantId: identity.tenant?.id,\n tenantName: identity.tenant?.name || identity.tenant?.id,\n contextType: identity.session.contextType,\n contextId: identity.session.contextId,\n lastResolvedAt: new Date().toISOString(),\n }\n}\n\n/** Update a saved profile with the latest live machine identity metadata. */\nexport function applyIdentityToProfile(\n profile: R4ProfileConfig,\n identity: MachineIdentityResponse,\n): R4ProfileConfig {\n const nextProfile: R4ProfileConfig = {\n ...profile,\n identity: buildIdentityCache(identity),\n }\n\n if (identity.agent?.id || identity.principal.agentId) {\n nextProfile.agentId = identity.agent?.id || identity.principal.agentId || undefined\n nextProfile.agentName = identity.agent?.name || nextProfile.agentName\n } else {\n delete nextProfile.agentId\n delete nextProfile.agentName\n }\n\n return nextProfile\n}\n","import {\n getProfileConfig,\n loadConfig,\n saveConfig,\n setCurrentProfile,\n updateProfile,\n} from './config.js'\nimport {\n saveProfileCredentials,\n splitApiKey,\n} from './credentials-store.js'\nimport { applyIdentityToProfile } from './profile-identity.js'\nimport type { MachineIdentityResponse, R4ProfileConfig } from '../types.js'\n\n/**\n * Persist a profile update and keep that profile selected as current.\n */\nexport function saveProfileState(\n profileName: string,\n profile: R4ProfileConfig,\n): R4ProfileConfig {\n const nextProfile = { ...profile }\n const config = loadConfig()\n saveConfig(\n setCurrentProfile(updateProfile(config, profileName, nextProfile), profileName),\n )\n return nextProfile\n}\n\n/**\n * Persist split credentials for a profile when a combined API key is available.\n */\nexport function saveProfileApiKey(profileName: string, apiKey: string): void {\n const parts = splitApiKey(apiKey)\n if (parts) {\n saveProfileCredentials(profileName, parts)\n return\n }\n\n throw new Error('API key format must be {accessKey}.{secret}.')\n}\n\n/**\n * Update the cached identity metadata for a profile after a live machine lookup.\n */\nexport function cacheProfileIdentity(\n profileName: string,\n identity: MachineIdentityResponse,\n): R4ProfileConfig {\n const config = loadConfig()\n const currentProfile = getProfileConfig(config, profileName)\n const nextProfile = applyIdentityToProfile(currentProfile, identity)\n saveConfig(updateProfile(config, profileName, nextProfile))\n return nextProfile\n}\n","import readline from 'node:readline'\nimport { Writable } from 'node:stream'\n\ntype PromptTextOptions = {\n defaultValue?: string\n hidden?: boolean\n required?: boolean\n}\n\ntype PromptChoiceOption<T extends string> = {\n label: string\n value: T\n description?: string\n}\n\nclass MutableOutput extends Writable {\n muted = false\n\n _write(chunk: Buffer | string, _encoding: BufferEncoding, callback: () => void): void {\n if (!this.muted) {\n process.stdout.write(chunk)\n }\n callback()\n }\n}\n\n/** Ask a free-form terminal question. */\nexport async function promptText(\n question: string,\n options: PromptTextOptions = {},\n): Promise<string> {\n const output = new MutableOutput()\n const promptSuffix = options.defaultValue ? ` [${options.defaultValue}]` : ''\n const label = `${question}${promptSuffix}: `\n\n return new Promise((resolve) => {\n const rl = readline.createInterface({\n input: process.stdin,\n output,\n terminal: true,\n })\n\n const handleAnswer = (rawAnswer: string) => {\n const answer = rawAnswer.trim() || options.defaultValue || ''\n if (options.required !== false && !answer) {\n rl.close()\n void promptText(question, options).then(resolve)\n return\n }\n\n rl.close()\n resolve(answer)\n }\n\n if (options.hidden) {\n process.stdout.write(label)\n output.muted = true\n rl.question('', (answer) => {\n output.muted = false\n process.stdout.write('\\n')\n handleAnswer(answer)\n })\n return\n }\n\n rl.question(label, handleAnswer)\n })\n}\n\n/** Ask a yes/no terminal question with a default answer. */\nexport async function promptYesNo(\n question: string,\n defaultValue: boolean,\n): Promise<boolean> {\n const defaultLabel = defaultValue ? 'Y/n' : 'y/N'\n const answer = (\n await promptText(`${question} (${defaultLabel})`, {\n defaultValue: defaultValue ? 'y' : 'n',\n })\n )\n .trim()\n .toLowerCase()\n\n return ['y', 'yes'].includes(answer)\n}\n\n/** Ask the user to select one of a small set of options. */\nexport async function promptChoice<T extends string>(\n question: string,\n options: PromptChoiceOption<T>[],\n defaultValue?: T,\n): Promise<T> {\n console.log()\n console.log(` ${question}`)\n options.forEach((option, index) => {\n const detail = option.description ? ` ${option.description}` : ''\n console.log(` ${index + 1}. ${option.label}${detail}`)\n })\n\n const defaultIndex =\n defaultValue !== undefined\n ? Math.max(\n options.findIndex((option) => option.value === defaultValue),\n 0,\n ) + 1\n : 1\n\n while (true) {\n const answer = await promptText('Select an option', {\n defaultValue: String(defaultIndex),\n })\n const numericIndex = Number.parseInt(answer, 10)\n const selectedByNumber =\n Number.isInteger(numericIndex) && numericIndex >= 1 && numericIndex <= options.length\n ? options[numericIndex - 1]\n : undefined\n if (selectedByNumber) {\n return selectedByNumber.value\n }\n\n const selectedByValue = options.find((option) => option.value === answer)\n if (selectedByValue) {\n return selectedByValue.value\n }\n }\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 agent list` renders visible agents with budget and readiness metadata. */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List visible agents')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching agents...').start()\n const response = await client.listAgents()\n spinner.stop()\n\n const rows = response.agents.map((agent) => [\n agent.id,\n agent.name,\n agent.tenantName,\n agent.domainName,\n agent.budgetId || '-',\n agent.isPublicKeyRegistered ? 'Yes' : 'No',\n agent.securityGroups.map((group) => group.name).join(', ') || '-',\n ])\n\n console.log()\n printTable(\n ['ID', 'Name', 'Tenant', 'Domain', 'Budget', 'Key Ready', 'Security Groups'],\n rows,\n !!globalOpts.json,\n response.agents,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 agent set-tenant-roles <id>` replaces the explicit tenant roles on an agent. */\nexport function setTenantRolesCommand(): Command {\n return new Command('set-tenant-roles')\n .description('Replace the explicit tenant roles on an agent')\n .argument('<id>', 'Agent ID')\n .option(\n '--role <role>',\n 'Tenant role (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .option('--clear', 'Remove all explicit tenant roles')\n .action(\n withErrorHandler(\n async (\n id: string,\n options: { role: string[]; clear?: boolean },\n cmd: Command,\n ) => {\n if (!options.clear && options.role.length === 0) {\n throw new Error('Provide at least one --role or use --clear.')\n }\n\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Updating agent tenant roles...').start()\n await client.updateAgentTenantRoles(id, {\n roles: options.clear ? [] : options.role,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ id, roles: options.clear ? [] : options.role }, null, 2))\n return\n }\n\n success(`Updated tenant roles for agent ${id}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions, UpdateAgentRequest } from '../../types.js'\n\nfunction buildUpdateAgentBody(options: {\n name?: string\n budgetId?: string\n clearBudget?: boolean\n securityGroupId: string[]\n clearSecurityGroups?: boolean\n}): UpdateAgentRequest {\n if (options.clearBudget && options.budgetId) {\n throw new Error('Use either --budget-id or --clear-budget, not both.')\n }\n\n if (options.clearSecurityGroups && options.securityGroupId.length > 0) {\n throw new Error('Use either --security-group-id or --clear-security-groups, not both.')\n }\n\n const body: UpdateAgentRequest = {}\n\n if (options.name) {\n body.name = options.name\n }\n\n if (options.clearBudget) {\n body.budgetId = null\n } else if (options.budgetId) {\n body.budgetId = options.budgetId\n }\n\n if (options.clearSecurityGroups) {\n body.securityGroupIds = []\n } else if (options.securityGroupId.length > 0) {\n body.securityGroupIds = options.securityGroupId\n }\n\n if (Object.keys(body).length === 0) {\n throw new Error('No update fields provided.')\n }\n\n return body\n}\n\n/** `r4 agent update <id>` patches mutable agent metadata. */\nexport function updateCommand(): Command {\n return new Command('update')\n .description('Update an existing agent')\n .argument('<id>', 'Agent ID')\n .option('--name <name>', 'New agent name')\n .option('--budget-id <id>', 'Budget ID to assign')\n .option('--clear-budget', 'Remove the assigned budget')\n .option(\n '--security-group-id <id>',\n 'Security group IDs (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .option('--clear-security-groups', 'Remove all security-group memberships')\n .action(\n withErrorHandler(\n async (\n id: string,\n options: {\n name?: string\n budgetId?: string\n clearBudget?: boolean\n securityGroupId: string[]\n clearSecurityGroups?: boolean\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const body = buildUpdateAgentBody(options)\n\n const spinner = ora('Updating agent...').start()\n await client.updateAgent(id, body)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ id, updated: true }, null, 2))\n return\n }\n\n success(`Updated agent ${id}`)\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { createCommand } from './create.js'\nimport { getCommand } from './get.js'\nimport { getTenantRolesCommand } from './get-tenant-roles.js'\nimport { initCommand } from './init.js'\nimport { listCommand } from './list.js'\nimport { setTenantRolesCommand } from './set-tenant-roles.js'\nimport { updateCommand } from './update.js'\n\n/** Register agent bootstrap commands on the CLI program. */\nexport function registerAgentCommands(program: Command): void {\n const agent = program.command('agent').description('Bootstrap and manage local agent runtime setup')\n\n agent.addCommand(listCommand())\n agent.addCommand(getCommand())\n agent.addCommand(createCommand())\n agent.addCommand(updateCommand())\n agent.addCommand(getTenantRolesCommand())\n agent.addCommand(setTenantRolesCommand())\n agent.addCommand(initCommand())\n}\n","import { doctorCommand } from '../doctor.js'\n\n/** `r4 auth diagnose` — alias for the root doctor command. */\nexport function diagnoseCommand() {\n return doctorCommand(\n 'diagnose',\n 'Verify auth, public-key registration, vault access, and zero-trust health',\n )\n}\n","import { Command } from 'commander'\nimport {\n getConfigPath,\n getProfileConfig,\n getSelectedProfileName,\n loadConfig,\n} from '../../lib/config.js'\nimport { parseCredentialsFile } from '../../lib/credentials-file.js'\nimport {\n buildApiKeyFromParts,\n loadProfileCredentials,\n} from '../../lib/credentials-store.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success, warn } from '../../lib/output.js'\nimport { saveProfileApiKey, saveProfileState } from '../../lib/profile-manager.js'\nimport { promptText } from '../../lib/prompt.js'\nimport { applyGlobalRuntimeOptionsToProfile } from '../../lib/runtime-config.js'\nimport type { GlobalOptions, ParsedCredentialBundle, R4ProfileConfig } from '../../types.js'\n\nfunction applyCredentialBundleToProfile(\n profile: R4ProfileConfig,\n bundle: ParsedCredentialBundle,\n globalOpts: GlobalOptions,\n): R4ProfileConfig {\n let nextProfile = { ...profile }\n\n if (!globalOpts.baseUrl && globalOpts.dev !== true) {\n if (bundle.baseUrl) {\n nextProfile.baseUrl = bundle.baseUrl\n delete nextProfile.dev\n } else if (bundle.dev === true) {\n nextProfile.dev = true\n delete nextProfile.baseUrl\n } else if (bundle.dev === false) {\n delete nextProfile.dev\n }\n }\n\n if (!globalOpts.projectId && bundle.projectId) {\n nextProfile.projectId = bundle.projectId\n }\n\n if (bundle.agentId) {\n nextProfile.agentId = bundle.agentId\n }\n\n if (bundle.agentName) {\n nextProfile.agentName = bundle.agentName\n }\n\n return applyGlobalRuntimeOptionsToProfile(nextProfile, globalOpts)\n}\n\n/** `r4 auth login` — save auth/runtime settings to a named CLI profile. */\nexport function loginCommand(): Command {\n return new Command('login')\n .description('Save your API key and runtime settings to the active CLI profile')\n .option(\n '--credentials-file <path>',\n 'Read credentials from a CSV, .env, JSON, or plain-text handoff file',\n )\n .addHelpText(\n 'after',\n `\nFirst run:\n r4 agent init --credentials-file ./agent-creds.csv --dev\n\nThat bootstrap flow can read the credentials bundle, generate a local RSA key if\nneeded, register the public key with the machine API, save the profile, and run\n\\`r4 doctor\\`.\n\nManual save-only flow:\n r4 auth login --profile loom-dev --credentials-file ./agent-creds.csv --dev\n r4 doctor --profile loom-dev\n`,\n )\n .action(\n withErrorHandler(\n async (\n opts: {\n credentialsFile?: string\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const profileName = getSelectedProfileName(\n config,\n globalOpts.profile,\n process.env.R4_PROFILE,\n )\n const existingProfile = getProfileConfig(config, profileName)\n const bundle = opts.credentialsFile\n ? parseCredentialsFile(opts.credentialsFile)\n : {}\n const storedCredentials = loadProfileCredentials(profileName)\n\n let apiKey =\n globalOpts.apiKey ||\n process.env.R4_API_KEY ||\n buildApiKeyFromParts(\n process.env.R4_ACCESS_KEY,\n process.env.R4_SECRET_KEY,\n ) ||\n bundle.apiKey ||\n buildApiKeyFromParts(\n storedCredentials?.accessKey,\n storedCredentials?.secretKey,\n )\n\n if (!apiKey) {\n apiKey = await promptText('Enter your R4 API key', {\n hidden: true,\n })\n }\n\n if (!apiKey) {\n throw new Error('No API key provided.')\n }\n\n if (!apiKey.includes('.')) {\n warn('API key format is usually {accessKey}.{secret}')\n }\n\n if (globalOpts.baseUrl && globalOpts.dev) {\n warn('--base-url takes precedence over --dev and will be saved as the active runtime URL.')\n }\n\n const nextProfile = applyCredentialBundleToProfile(\n existingProfile,\n bundle,\n globalOpts,\n )\n\n saveProfileApiKey(profileName, apiKey)\n saveProfileState(profileName, nextProfile)\n success(`Saved profile \"${profileName}\" to ${getConfigPath()}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport {\n clearManagedProfileDirectory,\n clearConfig,\n getConfigPath,\n getProfileNames,\n getSelectedProfileName,\n loadConfig,\n removeProfile,\n saveConfig,\n} from '../../lib/config.js'\nimport { clearProfileCredentials } from '../../lib/credentials-store.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 auth logout` — remove saved credentials from the active profile. */\nexport function logoutCommand(): Command {\n return new Command('logout')\n .description('Remove saved credentials from the active profile')\n .option('--all', 'Remove every saved profile and delete the config file')\n .action(\n withErrorHandler(async (opts: { all?: boolean }, cmd: Command) => {\n if (opts.all) {\n const config = loadConfig()\n for (const profileName of getProfileNames(config)) {\n clearProfileCredentials(profileName)\n clearManagedProfileDirectory(profileName)\n }\n clearConfig()\n success(`Removed all saved profiles from ${getConfigPath()}`)\n return\n }\n\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const profileName = getSelectedProfileName(\n config,\n globalOpts.profile,\n process.env.R4_PROFILE,\n )\n\n if (!config.profiles[profileName]) {\n throw new Error(`Profile \"${profileName}\" does not exist.`)\n }\n\n if (Object.keys(config.profiles).length === 1) {\n clearConfig()\n } else {\n const nextConfig = removeProfile(config, profileName)\n saveConfig(nextConfig)\n }\n clearProfileCredentials(profileName)\n clearManagedProfileDirectory(profileName)\n\n success(`Removed profile \"${profileName}\" from ${getConfigPath()}`)\n }),\n )\n}\n","import { Command } from 'commander'\nimport { getProfileCredentialsPath } from '../../lib/profile-paths.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { warn, success } from '../../lib/output.js'\nimport { getDefaultPrivateKeyPath } from '../../lib/private-key.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { registerAgentProfile } from '../../lib/register-agent.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 auth register-agent` bootstraps a public agent directly into a CLI profile. */\nexport function registerAgentCommand(): Command {\n return new Command('register-agent')\n .description('Register a brand-new public agent and save it to the selected CLI profile')\n .requiredOption('--name <name>', 'Agent name to register')\n .option('--org-name <name>', 'Organization name to create alongside the agent')\n .option(\n '--permission <grant>',\n 'Optional machine permission grant (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .action(\n withErrorHandler(\n async (\n options: {\n name: string\n orgName?: string\n permission: string[]\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts)\n const privateKeyPath =\n connection.privateKeyPath || getDefaultPrivateKeyPath(connection.profileName)\n const result = await registerAgentProfile({\n profileName: connection.profileName,\n profile: connection.profile,\n agentName: options.name,\n orgName: options.orgName,\n baseUrl: connection.baseUrl,\n privateKeyPath,\n runtimeOptions: {\n baseUrl: globalOpts.baseUrl,\n dev: globalOpts.dev,\n projectId: globalOpts.projectId,\n },\n permissionGrants: options.permission.length > 0 ? options.permission : undefined,\n })\n\n if (globalOpts.json) {\n console.log(\n JSON.stringify(\n {\n ...result.registration,\n profileName: connection.profileName,\n privateKeyPath: result.privateKeyPath,\n trustStorePath: result.trustStorePath,\n },\n null,\n 2,\n ),\n )\n return\n }\n\n success(\n `Registered agent \"${options.name}\" into profile \"${connection.profileName}\"`,\n )\n success(`Credentials: ${getProfileCredentialsPath(connection.profileName)}`)\n success(`Private key: ${result.privateKeyPath}`)\n success(`Trust store: ${result.trustStorePath}`)\n\n if (result.createdPrivateKey) {\n success('Generated a new managed private key for this profile')\n }\n\n if (result.identityError) {\n warn(`Saved the profile, but the live identity check failed: ${result.identityError}`)\n }\n },\n ),\n )\n}\n","import crypto from 'node:crypto'\n\ntype AgentChallengeResponse = {\n nonce: string\n task: string\n signature: string\n expiresAt: number\n}\n\ntype RegisterAgentBody = {\n name: string\n orgName?: string\n nonce: string\n answer: string\n signature: string\n expiresAt: number\n publicKey?: string\n permissionGrants?: string[]\n}\n\nexport type RegisterAgentResponse = {\n agentId: string\n orgId: string\n tenantId: string\n domainId: string\n domainTenantId: string\n domain: string\n apiKey: string\n accessKey: string\n accessSecret: string\n permissionGrants: string[]\n effectivePermissions: string[]\n initialPublicKeyRegistered: boolean\n encryptionKeyId: string | null\n}\n\n/**\n * Thin client for unauthenticated auth bootstrap flows used by `r4 configure`.\n */\nexport class PublicAuthClient {\n private readonly baseUrl: string\n\n constructor(baseUrl: string) {\n this.baseUrl = baseUrl.replace(/\\/$/, '')\n }\n\n private async request<T>(path: string, body?: unknown): Promise<T> {\n const response = await fetch(`${this.baseUrl}${path}`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'X-Requested-With': 'R4Client',\n },\n body: body ? JSON.stringify(body) : undefined,\n })\n\n if (!response.ok) {\n const errorBody = (await response.json().catch(() => ({}))) as Record<string, unknown>\n const error = errorBody?.error as Record<string, unknown> | undefined\n const errorMessage = error?.message || `HTTP ${response.status}: ${response.statusText}`\n throw new Error(String(errorMessage))\n }\n\n return response.json() as Promise<T>\n }\n\n /** Fetch the current agent bootstrap challenge. */\n async getAgentChallenge(): Promise<AgentChallengeResponse> {\n return this.request<AgentChallengeResponse>('/api/v1/auth/auth/agent-challenge')\n }\n\n /** Register a new agent-only runtime and receive its first machine credentials. */\n async registerAgent(body: RegisterAgentBody): Promise<RegisterAgentResponse> {\n return this.request<RegisterAgentResponse>('/api/v1/auth/auth/register-agent', body)\n }\n}\n\n/** Solve the auth bootstrap proof-of-work challenge expected by the auth API. */\nexport function solveAgentChallenge(nonce: string): string {\n return crypto.createHash('sha256').update(nonce).digest('hex')\n}\n","import { CliClient } from './client.js'\nimport { saveProfileCredentials } from './credentials-store.js'\nimport { cacheProfileIdentity, saveProfileState } from './profile-manager.js'\nimport { PublicAuthClient, solveAgentChallenge } from './public-auth-client.js'\nimport { derivePublicKey, ensurePrivateKey } from './private-key.js'\nimport { getManagedTrustStorePath } from './profile-paths.js'\nimport { applyGlobalRuntimeOptionsToProfile } from './runtime-config.js'\nimport type { GlobalOptions, R4ProfileConfig, RegisterAgentResponse } from '../types.js'\n\nexport interface RegisterAgentProfileParams {\n profileName: string\n profile: R4ProfileConfig\n agentName: string\n orgName?: string\n baseUrl: string\n privateKeyPath: string\n runtimeOptions: Pick<GlobalOptions, 'baseUrl' | 'dev' | 'projectId'>\n permissionGrants?: string[]\n}\n\nexport interface RegisterAgentProfileResult {\n registration: RegisterAgentResponse\n privateKeyPath: string\n trustStorePath: string\n createdPrivateKey: boolean\n identityError?: string\n}\n\n/**\n * Bootstrap a brand-new public agent registration into a managed CLI profile.\n *\n * Logic steps:\n * 1. Ensure the local profile key exists and derive the matching public key.\n * 2. Solve the public bootstrap challenge and request the initial AGENT API key.\n * 3. Persist the split credentials plus non-secret profile metadata.\n * 4. Best-effort cache the resolved machine identity for later profile inspection.\n */\nexport async function registerAgentProfile(\n params: RegisterAgentProfileParams,\n): Promise<RegisterAgentProfileResult> {\n const privateKey = ensurePrivateKey(params.privateKeyPath)\n const trustStorePath = getManagedTrustStorePath(params.profileName)\n const authClient = new PublicAuthClient(params.baseUrl)\n const challenge = await authClient.getAgentChallenge()\n const registration = await authClient.registerAgent({\n name: params.agentName,\n orgName: params.orgName || params.agentName,\n nonce: challenge.nonce,\n answer: solveAgentChallenge(challenge.nonce),\n signature: challenge.signature,\n expiresAt: challenge.expiresAt,\n publicKey: derivePublicKey(privateKey.privateKeyPem),\n permissionGrants: params.permissionGrants,\n })\n\n saveProfileCredentials(params.profileName, {\n accessKey: registration.accessKey,\n secretKey: registration.accessSecret,\n })\n\n saveProfileState(\n params.profileName,\n applyGlobalRuntimeOptionsToProfile(\n {\n ...params.profile,\n privateKeyPath: params.privateKeyPath,\n trustStorePath,\n agentId: registration.agentId,\n agentName: params.agentName,\n },\n params.runtimeOptions,\n ),\n )\n\n let identityError: string | undefined\n\n try {\n const identity = await new CliClient(registration.apiKey, params.baseUrl).getMachineIdentity()\n cacheProfileIdentity(params.profileName, identity)\n } catch (error) {\n identityError = error instanceof Error ? error.message : String(error)\n }\n\n return {\n registration,\n privateKeyPath: params.privateKeyPath,\n trustStorePath,\n createdPrivateKey: privateKey.created,\n identityError,\n }\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport { getConfigPath } from '../../lib/config.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { getProfileCredentialsPath } from '../../lib/profile-paths.js'\nimport type { GlobalOptions } from '../../types.js'\n\nfunction maskKey(key: string): string {\n if (key.length <= 8) {\n return key\n }\n return `${key.substring(0, 8)}...`\n}\n\n/** `r4 auth status` — show the currently resolved auth state. */\nexport function statusCommand(): Command {\n return new Command('status')\n .description('Show current authentication and profile status')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts)\n\n if (globalOpts.json) {\n console.log(\n JSON.stringify(\n {\n authenticated: Boolean(connection.apiKey),\n profile: connection.profileName,\n source: connection.apiKeySource,\n apiKey: connection.apiKey ? maskKey(connection.apiKey) : null,\n credentialsPath: getProfileCredentialsPath(connection.profileName),\n agentId: connection.profile.agentId || null,\n agentName: connection.profile.agentName || null,\n cachedIdentity: connection.profile.identity || null,\n baseUrl: connection.baseUrl,\n devMode: connection.dev,\n projectId: connection.projectId || null,\n privateKeyPath: connection.privateKeyPath || null,\n trustStorePath: connection.trustStorePath || null,\n configPath: getConfigPath(),\n },\n null,\n 2,\n ),\n )\n return\n }\n\n console.log()\n\n if (!connection.apiKey) {\n console.log(chalk.bold(' Not authenticated'))\n console.log()\n console.log(` Active profile: ${chalk.cyan(connection.profileName)}`)\n console.log(\n ' Run ' +\n chalk.cyan('r4 configure') +\n ', ' +\n chalk.cyan('r4 auth login') +\n ', or ' +\n chalk.cyan('r4 agent init') +\n ' to save credentials.',\n )\n console.log()\n return\n }\n\n console.log(chalk.bold(' Authenticated'))\n console.log()\n printDetail(\n [\n ['Profile', connection.profileName],\n ['Source', connection.apiKeySource],\n ['Credentials File', getProfileCredentialsPath(connection.profileName)],\n ['API Key', maskKey(connection.apiKey)],\n [\n 'Principal',\n connection.profile.identity?.principalLabel ||\n connection.profile.agentName ||\n connection.profile.agentId ||\n chalk.dim('(unknown)'),\n ],\n [\n 'Scope',\n connection.profile.identity?.apiKeyScope || chalk.dim('(not cached yet)'),\n ],\n ['Mode', connection.dev ? 'dev' : 'prod'],\n ['Base URL', connection.baseUrl],\n ['Project ID', connection.projectId || chalk.dim('(not set)')],\n ['Private Key', connection.privateKeyPath || chalk.dim('(not set)')],\n ['Trust Store', connection.trustStorePath || chalk.dim('(not set)')],\n ['Config File', getConfigPath()],\n ],\n false,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport { renderProfileReport } from '../profile/show.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { collectProfileReport } from '../../lib/profile-report.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 auth whoami` — show the currently selected profile identity. */\nexport function whoamiCommand(): Command {\n return new Command('whoami')\n .description('Show the current profile, agent identity, and runtime target')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const report = await collectProfileReport(globalOpts)\n renderProfileReport(\n report,\n !!globalOpts.json,\n report.authenticated ? ' Current Identity' : ' Current Profile',\n )\n }),\n )\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport {\n collectProfileReport,\n getReportPrincipalLabel,\n type ProfileReport,\n} from '../../lib/profile-report.js'\nimport type { GlobalOptions } from '../../types.js'\n\nfunction buildJsonPayload(report: ProfileReport): Record<string, unknown> {\n return {\n authenticated: report.authenticated,\n profile: report.profileName,\n credentialSource: report.credentialSource,\n credentialsPath: report.credentialsPath,\n baseUrl: report.baseUrl,\n devMode: report.devMode,\n projectId: report.projectId,\n privateKeyPath: report.privateKeyPath,\n privateKeySource: report.privateKeySource,\n trustStorePath: report.trustStorePath,\n trustStoreSource: report.trustStoreSource,\n profileDir: report.profileDir,\n configPath: report.configPath,\n liveIdentity: report.liveIdentity,\n cachedIdentity: report.cachedIdentity ?? null,\n remoteIdentityError: report.remoteIdentityError,\n }\n}\n\nexport function renderProfileReport(\n report: ProfileReport,\n jsonMode: boolean,\n heading = ' Current Profile',\n): void {\n const liveIdentity = report.liveIdentity\n const cachedIdentity = report.cachedIdentity\n const scope = liveIdentity?.apiKey.scope || cachedIdentity?.apiKeyScope || chalk.dim('(unknown)')\n const apiKeyName =\n liveIdentity?.apiKey.name || cachedIdentity?.apiKeyName || chalk.dim('(unknown)')\n const principalType =\n liveIdentity\n ? liveIdentity.agent?.id || liveIdentity.principal.agentId\n ? 'AGENT'\n : liveIdentity.principal.orgUserId\n ? 'ORG_USER'\n : liveIdentity.principal.accountId\n ? 'ACCOUNT'\n : 'UNKNOWN'\n : cachedIdentity?.principalType || chalk.dim('(unknown)')\n const orgLabel =\n liveIdentity?.org.name ||\n liveIdentity?.org.id ||\n cachedIdentity?.orgName ||\n cachedIdentity?.orgId ||\n chalk.dim('(unknown)')\n const tenantLabel =\n liveIdentity?.tenant?.name ||\n liveIdentity?.tenant?.id ||\n cachedIdentity?.tenantName ||\n cachedIdentity?.tenantId ||\n chalk.dim('(not bound)')\n const contextType =\n liveIdentity?.session.contextType || cachedIdentity?.contextType || chalk.dim('(unknown)')\n const policy =\n liveIdentity?.apiKey.summary || cachedIdentity?.policySummary || chalk.dim('(unknown)')\n const identitySource = liveIdentity\n ? 'live'\n : cachedIdentity\n ? 'cached'\n : 'none'\n\n console.log()\n console.log(chalk.bold(heading))\n console.log()\n printDetail(\n [\n ['Profile', report.profileName],\n ['Authenticated', report.authenticated ? 'yes' : 'no'],\n ['Credential Source', report.credentialSource],\n ['Credentials File', report.credentialsPath],\n ['API Key Name', apiKeyName],\n ['API Key Scope', scope],\n ['Principal Type', principalType],\n ['Principal', getReportPrincipalLabel(report) || chalk.dim('(unknown)')],\n ['Organization', orgLabel],\n ['Tenant', tenantLabel],\n ['Session Context', contextType],\n ['Policy', policy],\n ['Identity Source', identitySource],\n ['Base URL', report.baseUrl],\n ['Mode', report.devMode ? 'dev' : 'prod'],\n ['Project ID', report.projectId || chalk.dim('(not set)')],\n ['Private Key', report.privateKeyPath || chalk.dim('(not set)')],\n ['Trust Store', report.trustStorePath || chalk.dim('(not set)')],\n ['Profile Dir', report.profileDir],\n ['Config File', report.configPath],\n ['Remote Identity', report.remoteIdentityError || 'ok'],\n ],\n jsonMode,\n buildJsonPayload(report),\n )\n console.log()\n}\n\n/** `r4 profile show` — show the active profile, identity, and managed paths. */\nexport function showCommand(): Command {\n return new Command('show')\n .alias('info')\n .description('Show the current profile, identity, and managed storage paths')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const report = await collectProfileReport(globalOpts)\n renderProfileReport(report, !!globalOpts.json)\n }),\n )\n}\n","import { getConfigPath, getManagedProfileDir } from './config.js'\nimport { getProfileCredentialsPath } from './profile-paths.js'\nimport { CliClient } from './client.js'\nimport { cacheProfileIdentity } from './profile-manager.js'\nimport { resolveConnection } from './resolve-auth.js'\nimport { getPrincipalLabel } from './profile-identity.js'\nimport type {\n GlobalOptions,\n MachineIdentityResponse,\n R4ProfileIdentityCache,\n} from '../types.js'\n\nexport interface ProfileReport {\n authenticated: boolean\n profileName: string\n credentialSource: string\n credentialsPath: string\n baseUrl: string\n devMode: boolean\n projectId: string | null\n privateKeyPath: string | null\n privateKeySource: string | null\n trustStorePath: string | null\n trustStoreSource: string | null\n configPath: string\n profileDir: string\n liveIdentity: MachineIdentityResponse | null\n cachedIdentity: R4ProfileIdentityCache | undefined\n remoteIdentityError: string | null\n}\n\n/** Gather local profile state plus an optional live machine identity lookup. */\nexport async function collectProfileReport(\n globalOpts: GlobalOptions,\n): Promise<ProfileReport> {\n const connection = resolveConnection(globalOpts)\n let liveIdentity: MachineIdentityResponse | null = null\n let remoteIdentityError: string | null = null\n let cachedIdentity = connection.profile.identity\n\n if (connection.apiKey) {\n try {\n liveIdentity = await new CliClient(\n connection.apiKey,\n connection.baseUrl,\n ).getMachineIdentity()\n cachedIdentity = cacheProfileIdentity(connection.profileName, liveIdentity).identity\n } catch (error) {\n remoteIdentityError = error instanceof Error ? error.message : String(error)\n }\n }\n\n return {\n authenticated: Boolean(connection.apiKey),\n profileName: connection.profileName,\n credentialSource: connection.apiKeySource,\n credentialsPath: getProfileCredentialsPath(connection.profileName),\n baseUrl: connection.baseUrl,\n devMode: connection.dev,\n projectId: connection.projectId || null,\n privateKeyPath: connection.privateKeyPath || null,\n privateKeySource: connection.privateKeySource,\n trustStorePath: connection.trustStorePath || null,\n trustStoreSource: connection.trustStoreSource,\n configPath: getConfigPath(),\n profileDir: getManagedProfileDir(connection.profileName),\n liveIdentity,\n cachedIdentity,\n remoteIdentityError,\n }\n}\n\n/** Best available principal label from live or cached identity data. */\nexport function getReportPrincipalLabel(report: ProfileReport): string | null {\n if (report.liveIdentity) {\n return getPrincipalLabel(report.liveIdentity)\n }\n if (report.cachedIdentity) {\n return getPrincipalLabel(report.cachedIdentity)\n }\n return null\n}\n","import type { Command } from 'commander'\nimport { diagnoseCommand } from './diagnose.js'\nimport { loginCommand } from './login.js'\nimport { logoutCommand } from './logout.js'\nimport { registerAgentCommand } from './register-agent.js'\nimport { statusCommand } from './status.js'\nimport { whoamiCommand } from './whoami.js'\n\n/** Register auth subcommands on the CLI program */\nexport function registerAuthCommands(program: Command): void {\n const auth = program.command('auth').description('Manage API key authentication')\n\n auth.addCommand(loginCommand())\n auth.addCommand(logoutCommand())\n auth.addCommand(registerAgentCommand())\n auth.addCommand(statusCommand())\n auth.addCommand(whoamiCommand())\n auth.addCommand(diagnoseCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 billing readiness` reads whether the org is ready for paid operations. */\nexport function readinessCommand(): Command {\n return new Command('readiness')\n .description('Show billing readiness for paid operations')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Checking billing readiness...').start()\n const readiness = await client.getBillingReadiness()\n spinner.stop()\n\n printDetail(\n [\n ['Has Verified Domain', readiness.hasVerifiedDomain ? 'Yes' : 'No'],\n ['Has Credit', readiness.hasCredit ? 'Yes' : 'No'],\n ['Ready', readiness.ready ? 'Yes' : 'No'],\n ],\n !!globalOpts.json,\n readiness,\n )\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { readinessCommand } from './readiness.js'\n\n/** Register billing subcommands on the CLI program. */\nexport function registerBillingCommands(program: Command): void {\n const billing = program.command('billing').description('Inspect billing readiness')\n\n billing.addCommand(readinessCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { CreateBudgetRequest, GlobalOptions } from '../../types.js'\n\nfunction parseBudgetBody(options: { body?: string; bodyFile?: string }): CreateBudgetRequest {\n const parsed = parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n })\n\n if (!parsed || Array.isArray(parsed) || typeof parsed !== 'object') {\n throw new Error('Provide a budget request object with --body or --body-file.')\n }\n\n return parsed as CreateBudgetRequest\n}\n\n/** `r4 budget create` creates a budget from a JSON payload. */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a budget from a JSON payload')\n .option('--body <json>', 'Inline budget create JSON')\n .option('--body-file <path>', 'Read the budget create JSON from a file')\n .action(\n withErrorHandler(\n async (\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const body = parseBudgetBody(options)\n\n const spinner = ora('Creating budget...').start()\n await client.createBudget(body)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ created: true, name: body.name }, null, 2))\n return\n }\n\n success(`Created budget \"${body.name}\"`)\n },\n ),\n )\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\nimport type { JsonValue } from '../types.js'\n\n/**\n * Parse JSON from an inline CLI flag or a file path, with source-aware errors.\n */\nexport function parseJsonInput(params: {\n body?: string\n bodyFile?: string\n bodyFlagName?: string\n bodyFileFlagName?: string\n}): JsonValue | undefined {\n const bodyFlagName = params.bodyFlagName ?? '--body'\n const bodyFileFlagName = params.bodyFileFlagName ?? '--body-file'\n\n if (params.body && params.bodyFile) {\n throw new Error(`Use either ${bodyFlagName} or ${bodyFileFlagName}, not both.`)\n }\n\n if (!params.body && !params.bodyFile) {\n return undefined\n }\n\n const rawInput = params.bodyFile\n ? fs.readFileSync(path.resolve(params.bodyFile), 'utf8')\n : params.body!\n const sourceLabel = params.bodyFile\n ? `${bodyFileFlagName} ${params.bodyFile}`\n : bodyFlagName\n\n try {\n return JSON.parse(rawInput) as JsonValue\n } catch (error) {\n throw new Error(\n `Failed to parse ${sourceLabel} as JSON. ${\n error instanceof Error ? error.message : String(error)\n }`,\n )\n }\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { BudgetSummary, GlobalOptions } from '../../types.js'\n\nfunction formatBudgetWindow(budget: BudgetSummary): string {\n const start = new Date(budget.startDate).toISOString().slice(0, 10)\n const end = new Date(budget.endDate).toISOString().slice(0, 10)\n return `${start} -> ${end}`\n}\n\nfunction formatBudgetSubject(budget: BudgetSummary): string {\n switch (budget.subjectType) {\n case 'TENANT':\n return `TENANT:${budget.tenantSubjectId ?? '-'}`\n case 'USER':\n return `USER:${budget.userSubjectId ?? '-'}`\n case 'AGENT':\n return `AGENT:${budget.agentSubjectId ?? '-'}`\n default:\n return 'ORG'\n }\n}\n\n/** `r4 budget list` shows visible budgets and their active windows. */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List visible budgets and their active windows')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching budgets...').start()\n const budgets = await client.listBudgets()\n spinner.stop()\n\n const rows = budgets.map((budget) => [\n budget.id,\n budget.name,\n formatBudgetSubject(budget),\n String(budget.target),\n formatBudgetWindow(budget),\n String(budget.limits.length),\n ])\n\n console.log()\n printTable(\n ['ID', 'Name', 'Subject', 'Target', 'Window', 'Limits'],\n rows,\n !!globalOpts.json,\n budgets,\n )\n console.log()\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { createCommand } from './create.js'\nimport { listCommand } from './list.js'\n\n/** Register budget subcommands on the CLI program. */\nexport function registerBudgetCommands(program: Command): void {\n const budget = program.command('budget').description('Inspect and manage budgets')\n\n budget.addCommand(listCommand())\n budget.addCommand(createCommand())\n}\n","import { Command } from 'commander'\nimport fs from 'node:fs'\nimport { CliClient } from '../lib/client.js'\nimport {\n getConfigPath,\n getManagedProfileDir,\n getProfileConfig,\n getSelectedProfileName,\n loadConfig,\n} from '../lib/config.js'\nimport { saveProfileCredentials } from '../lib/credentials-store.js'\nimport { withErrorHandler } from '../lib/errors.js'\nimport { success, warn } from '../lib/output.js'\nimport { cacheProfileIdentity, saveProfileState } from '../lib/profile-manager.js'\nimport { promptChoice, promptText } from '../lib/prompt.js'\nimport {\n getDefaultPrivateKeyPath,\n loadPrivateKey,\n derivePublicKey,\n ensurePrivateKey,\n} from '../lib/private-key.js'\nimport { getProfileCredentialsPath, getManagedTrustStorePath } from '../lib/profile-paths.js'\nimport {\n R4_DEFAULT_API_BASE_URL,\n R4_DEV_API_BASE_URL,\n applyGlobalRuntimeOptionsToProfile,\n} from '../lib/runtime-config.js'\nimport { registerAgentProfile } from '../lib/register-agent.js'\nimport type { GlobalOptions, R4ProfileConfig } from '../types.js'\n\ntype ConfigureMode = 'manual' | 'bootstrap'\ntype RuntimeTarget = 'prod' | 'dev' | 'custom'\ntype PrivateKeyMode = 'generate' | 'existing'\n\nasync function promptRuntimeTarget(existingProfile: R4ProfileConfig): Promise<{\n baseUrl?: string\n dev?: boolean\n projectId?: string\n}> {\n const defaultTarget: RuntimeTarget = existingProfile.baseUrl\n ? 'custom'\n : existingProfile.dev\n ? 'dev'\n : 'prod'\n\n const runtimeTarget = await promptChoice<RuntimeTarget>(\n 'Which R4 environment should this profile use?',\n [\n { label: 'Production', value: 'prod', description: `(${R4_DEFAULT_API_BASE_URL})` },\n { label: 'Development', value: 'dev', description: `(${R4_DEV_API_BASE_URL})` },\n { label: 'Custom URL', value: 'custom' },\n ],\n defaultTarget,\n )\n\n const runtimeOptions: {\n baseUrl?: string\n dev?: boolean\n projectId?: string\n } = {}\n\n if (runtimeTarget === 'custom') {\n runtimeOptions.baseUrl = await promptText('Base URL', {\n defaultValue: existingProfile.baseUrl || R4_DEFAULT_API_BASE_URL,\n })\n } else if (runtimeTarget === 'dev') {\n runtimeOptions.dev = true\n } else {\n runtimeOptions.dev = false\n }\n\n const projectId = await promptText('Project ID (optional)', {\n defaultValue: existingProfile.projectId,\n required: false,\n })\n if (projectId) {\n runtimeOptions.projectId = projectId\n }\n\n return runtimeOptions\n}\n\nasync function resolvePrivateKeyMaterial(\n profileName: string,\n existingProfile: R4ProfileConfig,\n): Promise<{\n privateKeyPath: string\n publicKeyPem: string\n created: boolean\n}> {\n const managedPrivateKeyPath = getDefaultPrivateKeyPath(profileName)\n const defaultMode: PrivateKeyMode =\n existingProfile.privateKeyPath || fs.existsSync(managedPrivateKeyPath)\n ? 'existing'\n : 'generate'\n\n const privateKeyMode = await promptChoice<PrivateKeyMode>(\n 'How should this profile handle its local private key?',\n [\n {\n label: 'Generate a managed key',\n value: 'generate',\n description: `(store at ${managedPrivateKeyPath})`,\n },\n {\n label: 'Use an existing PEM file',\n value: 'existing',\n },\n ],\n defaultMode,\n )\n\n if (privateKeyMode === 'generate') {\n const { privateKeyPem, created } = ensurePrivateKey(managedPrivateKeyPath)\n return {\n privateKeyPath: managedPrivateKeyPath,\n publicKeyPem: derivePublicKey(privateKeyPem),\n created,\n }\n }\n\n const privateKeyPath = await promptText('Existing private-key path', {\n defaultValue: existingProfile.privateKeyPath || managedPrivateKeyPath,\n })\n const privateKeyPem = loadPrivateKey(privateKeyPath)\n return {\n privateKeyPath,\n publicKeyPem: derivePublicKey(privateKeyPem),\n created: false,\n }\n}\n\nasync function configureManualProfile(\n profileName: string,\n existingProfile: R4ProfileConfig,\n): Promise<void> {\n const runtimeOptions = await promptRuntimeTarget(existingProfile)\n const privateKey = await resolvePrivateKeyMaterial(profileName, existingProfile)\n const accessKey = await promptText('API access key')\n const secretKey = await promptText('API secret', {\n hidden: true,\n })\n\n saveProfileCredentials(profileName, { accessKey, secretKey })\n\n const nextProfile = applyGlobalRuntimeOptionsToProfile(\n {\n ...existingProfile,\n privateKeyPath: privateKey.privateKeyPath,\n trustStorePath: getManagedTrustStorePath(profileName),\n },\n runtimeOptions,\n )\n saveProfileState(profileName, nextProfile)\n\n const baseUrl =\n runtimeOptions.baseUrl ||\n (runtimeOptions.dev ? R4_DEV_API_BASE_URL : R4_DEFAULT_API_BASE_URL)\n\n try {\n const identity = await new CliClient(\n `${accessKey}.${secretKey}`,\n baseUrl,\n ).getMachineIdentity()\n cacheProfileIdentity(profileName, identity)\n } catch (error) {\n warn(\n `Saved the profile, but the live identity check failed: ${\n error instanceof Error ? error.message : String(error)\n }`,\n )\n }\n\n success(`Saved profile \"${profileName}\" to ${getConfigPath()}`)\n success(`Credentials: ${getProfileCredentialsPath(profileName)}`)\n success(`Private key: ${privateKey.privateKeyPath}`)\n success(`Trust store: ${getManagedTrustStorePath(profileName)}`)\n}\n\nasync function configureBootstrapProfile(\n profileName: string,\n existingProfile: R4ProfileConfig,\n): Promise<void> {\n const runtimeOptions = await promptRuntimeTarget(existingProfile)\n const privateKey = await resolvePrivateKeyMaterial(profileName, existingProfile)\n const agentName = await promptText('Agent name', {\n defaultValue: existingProfile.agentName || profileName,\n })\n const orgName = await promptText('Organization name (optional)', {\n defaultValue: agentName,\n required: false,\n })\n\n const baseUrl =\n runtimeOptions.baseUrl ||\n (runtimeOptions.dev ? R4_DEV_API_BASE_URL : R4_DEFAULT_API_BASE_URL)\n const result = await registerAgentProfile({\n profileName,\n profile: existingProfile,\n agentName,\n orgName: orgName || agentName,\n baseUrl,\n privateKeyPath: privateKey.privateKeyPath,\n runtimeOptions,\n })\n\n if (result.identityError) {\n warn(\n `Created the profile, but the live identity check failed: ${\n result.identityError\n }`,\n )\n }\n\n success(`Bootstrapped agent \"${agentName}\" into profile \"${profileName}\"`)\n success(`Credentials: ${getProfileCredentialsPath(profileName)}`)\n success(`Private key: ${result.privateKeyPath}`)\n success(`Trust store: ${result.trustStorePath}`)\n}\n\n/** `r4 configure` — guided profile setup for machine credentials and key material. */\nexport function configureCommand(): Command {\n return new Command('configure')\n .description('Guided setup for an R4 CLI profile')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const initialProfileName = getSelectedProfileName(\n config,\n globalOpts.profile,\n process.env.R4_PROFILE,\n )\n const profileName = await promptText('Profile name', {\n defaultValue: initialProfileName,\n })\n const existingProfile = getProfileConfig(config, profileName)\n\n console.log()\n console.log(` Managed profile directory: ${getManagedProfileDir(profileName)}`)\n\n const mode = await promptChoice<ConfigureMode>(\n 'How do you want to set up this profile?',\n [\n {\n label: 'Use existing API credentials',\n value: 'manual',\n description: '(enter an access key, secret, and private key)',\n },\n {\n label: 'Create a new agent runtime',\n value: 'bootstrap',\n description: '(bootstrap a new agent-only org and API key)',\n },\n ],\n 'manual',\n )\n\n console.log()\n if (mode === 'manual') {\n await configureManualProfile(profileName, existingProfile)\n } else {\n await configureBootstrapProfile(profileName, existingProfile)\n }\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 domain add` registers a new external domain. */\nexport function addCommand(): Command {\n return new Command('add')\n .description('Register a new external domain')\n .argument('<domain>', 'Domain name')\n .action(\n withErrorHandler(async (domain: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora(`Registering domain ${domain}...`).start()\n const response = await client.addDomain(domain)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Registered domain ${domain}`)\n printDetail(\n [\n ['Domain ID', response.domainId],\n ['Domain Tenant', response.domainTenantId],\n ['TXT Host', response.txtRecordHost],\n ['TXT Value', response.verificationTxtRecord],\n ['Instructions', response.instructions],\n ],\n false,\n )\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 domain list` lists visible org domains. */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List visible external domains')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching domains...').start()\n const domains = await client.listDomains()\n spinner.stop()\n\n const rows = domains.map((domain) => [\n domain.id,\n domain.domain,\n domain.verified ? 'Yes' : 'No',\n domain.state,\n domain.verificationTxtValue ?? '-',\n ])\n\n console.log()\n printTable(\n ['ID', 'Domain', 'Verified', 'State', 'TXT Value'],\n rows,\n !!globalOpts.json,\n domains,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 domain verify` triggers domain TXT verification. */\nexport function verifyCommand(): Command {\n return new Command('verify')\n .description('Trigger verification for a domain')\n .argument('<id>', 'Domain ID')\n .action(\n withErrorHandler(async (id: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora(`Verifying domain ${id}...`).start()\n const response = await client.verifyDomain(id)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Verification finished for ${id}`)\n printDetail(\n [\n ['Verified', response.verified ? 'Yes' : 'No'],\n ['Error', response.error ?? '-'],\n ],\n false,\n )\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { addCommand } from './add.js'\nimport { listCommand } from './list.js'\nimport { verifyCommand } from './verify.js'\n\n/** Register domain subcommands on the CLI program. */\nexport function registerDomainCommands(program: Command): void {\n const domain = program.command('domain').description('Manage external domains')\n\n domain.addCommand(listCommand())\n domain.addCommand(addCommand())\n domain.addCommand(verifyCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { FeedbackSurface, GlobalOptions } from '../../types.js'\n\nconst FEEDBACK_SURFACES = new Set<FeedbackSurface>(['CLI', 'SDK', 'MCP', 'MACHINE_API', 'OTHER'])\n\nfunction normalizeFeedbackSurface(surface: string): FeedbackSurface {\n const normalized = surface.trim().toUpperCase() as FeedbackSurface\n\n if (!FEEDBACK_SURFACES.has(normalized)) {\n throw new Error(\n `Unsupported feedback surface \"${surface}\". Use one of: ${[...FEEDBACK_SURFACES].join(', ')}.`,\n )\n }\n\n return normalized\n}\n\n/** `r4 feedback submit` sends structured product feedback from an AGENT key. */\nexport function submitCommand(): Command {\n return new Command('submit')\n .description('Submit structured feedback about a missing capability')\n .requiredOption('--surface <surface>', 'Feedback surface: CLI, SDK, MCP, MACHINE_API, OTHER')\n .requiredOption('--summary <summary>', 'Short summary of the blocker')\n .requiredOption('--details <details>', 'Longer description of the blocker')\n .option('--desired-outcome <text>', 'What the product should ideally support')\n .action(\n withErrorHandler(\n async (\n options: {\n surface: string\n summary: string\n details: string\n desiredOutcome?: string\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Submitting feedback...').start()\n const response = await client.submitFeedback({\n surface: normalizeFeedbackSurface(options.surface),\n summary: options.summary,\n details: options.details,\n desiredOutcome: options.desiredOutcome,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success('Submitted feedback')\n printDetail(\n [\n ['Feedback ID', response.id],\n ['Submitted At', response.submittedAt],\n ['Notification Sent', response.notified ? 'Yes' : 'No'],\n ],\n false,\n )\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { submitCommand } from './submit.js'\n\n/** Register feedback subcommands on the CLI program. */\nexport function registerFeedbackCommands(program: Command): void {\n const feedback = program.command('feedback').description('Submit structured product feedback')\n\n feedback.addCommand(submitCommand())\n}\n","import { Command } from 'commander'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { CliClient } from '../../lib/client.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport type { GlobalOptions, MachineRequestMethod } from '../../types.js'\n\nconst MACHINE_REQUEST_METHODS = new Set<MachineRequestMethod>(['GET', 'POST', 'PUT', 'PATCH', 'DELETE'])\n\nfunction normalizeMethod(method: string): MachineRequestMethod {\n const normalizedMethod = method.trim().toUpperCase()\n\n if (!MACHINE_REQUEST_METHODS.has(normalizedMethod as MachineRequestMethod)) {\n throw new Error(`Unsupported method \"${method}\". Use GET, POST, PUT, PATCH, or DELETE.`)\n }\n\n return normalizedMethod as MachineRequestMethod\n}\n\n/** `r4 machine request` sends an authenticated request to any machine API route. */\nexport function requestCommand(): Command {\n return new Command('request')\n .description('Call an arbitrary machine API route')\n .argument('<method>', 'HTTP method (GET, POST, PUT, PATCH, DELETE)')\n .argument('<path>', 'Machine path like /webhook or /api/v1/machine/webhook')\n .option('--body <json>', 'Optional JSON request body')\n .option('--body-file <path>', 'Read the JSON request body from a file')\n .action(\n withErrorHandler(\n async (\n method: string,\n path: string,\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n const client = new CliClient(config.apiKey, config.baseUrl)\n const result = await client.requestMachine({\n method: normalizeMethod(method),\n path,\n body: parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n }),\n })\n\n if (result == null) {\n return\n }\n\n if (typeof result === 'string') {\n console.log(result)\n return\n }\n\n console.log(JSON.stringify(result, null, globalOpts.json ? 0 : 2))\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { requestCommand } from './request.js'\n\n/** Register generic machine-API passthrough commands on the CLI program. */\nexport function registerMachineCommands(program: Command): void {\n const machine = program.command('machine').description('Call the headless machine API directly')\n\n machine.addCommand(requestCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 monitoring entity-counts` shows the scoped machine entity counters. */\nexport function entityCountsCommand(): Command {\n return new Command('entity-counts')\n .description('Show visible machine entity counts')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching monitoring entity counts...').start()\n const counts = await client.getMonitoringEntityCounts()\n spinner.stop()\n\n printDetail(\n [\n ['Tenants', String(counts.tenants)],\n ['Users', String(counts.users)],\n ['Security Groups', String(counts.securityGroups)],\n ['Vaults', String(counts.vaults)],\n ['Vault Items', String(counts.vaultItems)],\n ['Domains', String(counts.domains)],\n ['Integrations', String(counts.integrations)],\n ['Agents', String(counts.agents)],\n ['Projects', String(counts.projects)],\n ['API Keys', String(counts.apiKeys)],\n ],\n !!globalOpts.json,\n counts,\n )\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { entityCountsCommand } from './entity-counts.js'\n\n/** Register monitoring subcommands on the CLI program. */\nexport function registerMonitoringCommands(program: Command): void {\n const monitoring = program.command('monitoring').description('Inspect machine monitoring summaries')\n\n monitoring.addCommand(entityCountsCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 permissions security-groups` lists visible security groups. */\nexport function securityGroupsCommand(): Command {\n return new Command('security-groups')\n .description('List visible security groups from the permissions surface')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching security groups...').start()\n const response = await client.listSecurityGroups()\n spinner.stop()\n\n const rows = response.securityGroups.map((group) => [\n group.id,\n group.name,\n group.tenantName,\n group.isDefault ? 'Yes' : 'No',\n group.roles.join(', ') || '-',\n String(group.numberOfMembers),\n ])\n\n console.log()\n printTable(\n ['ID', 'Name', 'Tenant', 'Default', 'Roles', 'Members'],\n rows,\n !!globalOpts.json,\n response.securityGroups,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type {\n GlobalOptions,\n PermissionAssetType,\n SetPermissionsRequest,\n} from '../../types.js'\n\nconst PERMISSION_ASSET_TYPES = new Set<PermissionAssetType>([\n 'VAULT',\n 'VAULT_ITEM',\n 'PROJECT',\n 'LICENSE_INSTANCE',\n 'ENCRYPTION_KEY',\n 'TOKEN_PROVIDER',\n])\n\nfunction normalizePermissionAssetType(assetType: string): PermissionAssetType {\n const normalized = assetType.trim().toUpperCase() as PermissionAssetType\n\n if (!PERMISSION_ASSET_TYPES.has(normalized)) {\n throw new Error(\n `Unsupported asset type \"${assetType}\". Use one of: ${[...PERMISSION_ASSET_TYPES].join(', ')}.`,\n )\n }\n\n return normalized\n}\n\nfunction parsePermissionsBody(options: {\n body?: string\n bodyFile?: string\n}): SetPermissionsRequest {\n const parsed = parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n })\n\n if (!parsed) {\n throw new Error('Provide permission data with --body or --body-file.')\n }\n\n if (Array.isArray(parsed)) {\n return { permissions: parsed as SetPermissionsRequest['permissions'] }\n }\n\n if (typeof parsed === 'object' && parsed !== null && Array.isArray(parsed.permissions)) {\n return parsed as unknown as SetPermissionsRequest\n }\n\n throw new Error('Permission data must be either an array of permissions or an object with a permissions array.')\n}\n\n/** `r4 permissions set` replaces permissions on an asset with structured input. */\nexport function setCommand(): Command {\n return new Command('set')\n .description('Replace permissions for an asset')\n .argument('<assetType>', 'Asset type: PROJECT, VAULT, VAULT_ITEM, LICENSE_INSTANCE, ENCRYPTION_KEY, TOKEN_PROVIDER')\n .argument('<id>', 'Asset ID')\n .option('--body <json>', 'Inline permissions JSON')\n .option('--body-file <path>', 'Read the permissions JSON from a file')\n .action(\n withErrorHandler(\n async (\n assetType: string,\n id: string,\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const body = parsePermissionsBody(options)\n\n const spinner = ora('Updating permissions...').start()\n await client.setPermissions(normalizePermissionAssetType(assetType), id, body)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ assetType: assetType.toUpperCase(), id, updated: true }, null, 2))\n return\n }\n\n success(`Updated permissions for ${assetType.toUpperCase()} ${id}`)\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { securityGroupsCommand } from './security-groups.js'\nimport { setCommand } from './set.js'\n\n/** Register permissions subcommands on the CLI program. */\nexport function registerPermissionsCommands(program: Command): void {\n const permissions = program.command('permissions').description('Manage asset permissions')\n\n permissions.addCommand(securityGroupsCommand())\n permissions.addCommand(setCommand())\n}\n","import { Command } from 'commander'\nimport { getCurrentProfileName, getProfileNames, loadConfig } from '../../lib/config.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 profile list` — show saved CLI profiles. */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List saved CLI profiles')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const currentProfile = getCurrentProfileName(config)\n const rows = getProfileNames(config).map((profileName) => {\n const profile = config.profiles[profileName] ?? {}\n return [\n profileName,\n profileName === currentProfile ? 'yes' : '',\n profile.identity?.apiKeyScope || '-',\n profile.identity?.principalLabel || profile.agentName || profile.agentId || '-',\n profile.baseUrl || (profile.dev ? 'https://dev.r4.dev' : '(default)'),\n profile.projectId || '-',\n ]\n })\n\n console.log()\n printTable(\n ['Name', 'Current', 'Scope', 'Principal', 'Base URL', 'Project ID'],\n rows,\n !!globalOpts.json,\n rows.map(([name, current, scope, principal, baseUrl, projectId]) => ({\n name,\n current: current === 'yes',\n scope: scope === '-' ? null : scope,\n principal: principal === '-' ? null : principal,\n baseUrl,\n projectId: projectId === '-' ? null : projectId,\n })),\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport {\n getProfileConfig,\n loadConfig,\n saveConfig,\n setCurrentProfile,\n} from '../../lib/config.js'\nimport { success } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\n\n/** `r4 profile use <name>` — switch the active CLI profile. */\nexport function useCommand(): Command {\n return new Command('use')\n .description('Switch the active CLI profile')\n .argument('<name>', 'Profile name')\n .action(\n withErrorHandler(async (profileName: string) => {\n const config = loadConfig()\n const profile = getProfileConfig(config, profileName)\n\n if (Object.keys(profile).length === 0 && !config.profiles[profileName]) {\n throw new Error(`Profile \"${profileName}\" does not exist.`)\n }\n\n saveConfig(setCurrentProfile(config, profileName))\n success(`Now using profile \"${profileName}\"`)\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { listCommand } from './list.js'\nimport { showCommand } from './show.js'\nimport { useCommand } from './use.js'\n\n/** Register CLI profile commands. */\nexport function registerProfileCommands(program: Command): void {\n const profile = program.command('profile').description('Manage saved CLI profiles')\n\n profile.addCommand(listCommand())\n profile.addCommand(showCommand())\n profile.addCommand(useCommand())\n}\n","import { Command } from 'commander'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { collectProfileReport } from '../../lib/profile-report.js'\nimport { renderProfileReport } from '../profile/show.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 space info` — concise alias for the current runtime/profile identity view. */\nexport function infoCommand(): Command {\n return new Command('info')\n .description('Show the current runtime identity and profile context')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const report = await collectProfileReport(globalOpts)\n renderProfileReport(report, !!globalOpts.json, ' Current Runtime')\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { infoCommand } from './info.js'\n\n/** Register runtime-context inspection commands. */\nexport function registerSpaceCommands(program: Command): void {\n const space = program.command('space').description('Inspect the active runtime context')\n space.addCommand(infoCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions, JsonValue } from '../../types.js'\n\nfunction parseVaultBody(options: { body?: string; bodyFile?: string }): JsonValue {\n const parsed = parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n })\n\n if (!parsed || Array.isArray(parsed) || typeof parsed !== 'object') {\n throw new Error('Provide a vault create request object with --body or --body-file.')\n }\n\n return parsed\n}\n\n/** `r4 vault create` wraps the checkpoint-signed machine vault create route. */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a checkpoint-signed vault from a JSON payload')\n .option('--body <json>', 'Inline vault create JSON')\n .option('--body-file <path>', 'Read the vault create JSON from a file')\n .action(\n withErrorHandler(\n async (\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Creating vault...').start()\n const response = await client.createVault(parseVaultBody(options))\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Created vault ${response.id}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions, JsonValue } from '../../types.js'\n\nfunction parseVaultItemBody(options: { body?: string; bodyFile?: string }): JsonValue {\n const parsed = parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n })\n\n if (!parsed || Array.isArray(parsed) || typeof parsed !== 'object') {\n throw new Error('Provide a vault item create request object with --body or --body-file.')\n }\n\n return parsed\n}\n\n/** `r4 vault create-item` wraps the checkpoint-signed machine vault-item create route. */\nexport function createItemCommand(): Command {\n return new Command('create-item')\n .description('Create a checkpoint-signed vault item from a JSON payload')\n .argument('<vaultId>', 'Vault ID')\n .option('--body <json>', 'Inline vault item create JSON')\n .option('--body-file <path>', 'Read the vault item create JSON from a file')\n .action(\n withErrorHandler(\n async (\n vaultId: string,\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora(`Creating vault item in ${vaultId}...`).start()\n const response = await client.createVaultItem(vaultId, parseVaultItemBody(options))\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Created vault item ${response.id} in vault ${vaultId}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/sdk'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * r4 vault list — List all locally decrypted environment variables as a table.\n */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List all locally decrypted environment variables')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n\n const spinner = ora('Fetching environment variables...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n const keys = Object.keys(env).sort()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(env, null, 2))\n return\n }\n\n if (keys.length === 0) {\n console.log('\\n No environment variables found.\\n')\n return\n }\n\n const rows = keys.map((key) => [key, env[key]])\n\n console.log()\n printTable(['Key', 'Value'], rows, false)\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport { renderVaultMetadataRows } from './items.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 vault list-items` — list vault metadata without local decryption. */\nexport function listItemsCommand(): Command {\n return new Command('list-items')\n .description('List vault item metadata only, without requiring local decryption')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n await renderVaultMetadataRows(globalOpts)\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/sdk'\nimport { CliClient } from '../../lib/client.js'\nimport { resolveAuth, resolveConnection } from '../../lib/resolve-auth.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * Represents a vault item derived from environment variable keys.\n * Groups related fields that share the same item name prefix.\n */\ninterface VaultItem {\n name: string\n fields: { name: string; key: string }[]\n}\n\ninterface MetadataRow {\n vaultId: string\n vaultName: string\n itemId: string\n itemName: string\n type: string | null\n fieldCount: number\n groupName: string | null\n websites: string[]\n}\n\n/**\n * Derive vault items from a flat env map.\n *\n * Env keys follow the pattern: ITEM_NAME_FIELD_NAME (SCREAMING_SNAKE_CASE).\n * Since we only have the flat map, we group by common prefix heuristic:\n * - Each unique env key is treated as a single-field item\n * - The full key is the item name\n *\n * This provides a useful overview of all available secrets.\n */\nfunction deriveItems(env: Record<string, string>): VaultItem[] {\n const keys = Object.keys(env).sort()\n return keys.map((key) => ({\n name: key,\n fields: [{ name: key, key }],\n }))\n}\n\n/**\n * Load item metadata directly from the machine API without decrypting values.\n */\nexport async function loadVaultMetadataRows(\n globalOpts: GlobalOptions,\n): Promise<MetadataRow[]> {\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const { vaults } = await client.listVaults(connection.projectId)\n const rows: MetadataRow[] = []\n\n for (const vault of vaults) {\n const response = await client.listVaultItems(vault.id)\n const groupNames = Object.fromEntries(\n response.vaultItemGroups.map((group) => [group.id, group.name] as const),\n )\n\n for (const item of response.items) {\n rows.push({\n vaultId: vault.id,\n vaultName: vault.name,\n itemId: item.id,\n itemName: item.name,\n type: item.type,\n fieldCount: item.fieldCount,\n groupName: item.groupId ? (groupNames[item.groupId] ?? item.groupId) : null,\n websites: item.websites,\n })\n }\n }\n\n return rows.sort((left, right) => {\n const vaultCompare = left.vaultName.localeCompare(right.vaultName)\n return vaultCompare !== 0\n ? vaultCompare\n : left.itemName.localeCompare(right.itemName)\n })\n}\n\n/**\n * Render metadata-only vault items for commands that do not need decryption.\n */\nexport async function renderVaultMetadataRows(\n globalOpts: GlobalOptions,\n): Promise<void> {\n const spinner = ora('Fetching vault item metadata...').start()\n const rows = await loadVaultMetadataRows(globalOpts)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(rows, null, 2))\n return\n }\n\n if (rows.length === 0) {\n console.log('\\n No vault items found.\\n')\n return\n }\n\n console.log()\n printTable(\n ['Vault', 'Item', 'Type', 'Fields', 'Group', 'Websites'],\n rows.map((row) => [\n row.vaultName,\n row.itemName,\n row.type || '-',\n String(row.fieldCount),\n row.groupName || '-',\n row.websites.join(', ') || '-',\n ]),\n false,\n )\n console.log()\n}\n\n/**\n * r4 vault items — List all vault items with their field names and types.\n * Uses the zero-trust SDK env map and groups keys heuristically by item prefix.\n */\nexport function itemsCommand(): Command {\n return new Command('items')\n .description('List vault items from the decrypted env map, or use --metadata-only for raw machine metadata')\n .option('--metadata-only', 'List item metadata without local decryption')\n .action(\n withErrorHandler(async (opts: { metadataOnly?: boolean }, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n\n if (opts.metadataOnly) {\n await renderVaultMetadataRows(globalOpts)\n return\n }\n\n const config = resolveAuth(globalOpts)\n\n const spinner = ora('Fetching vault items...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n const items = deriveItems(env)\n\n if (globalOpts.json) {\n console.log(JSON.stringify(items, null, 2))\n return\n }\n\n if (items.length === 0) {\n console.log('\\n No vault items found.\\n')\n return\n }\n\n const rows = items.map((item) => [\n item.name,\n 'secret',\n item.fields.map((f) => f.name).join(', '),\n ])\n\n console.log()\n printTable(['Name', 'Type', 'Fields'], rows, false)\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 vault list-vaults` — list visible vault metadata without decryption. */\nexport function listVaultsCommand(): Command {\n return new Command('list-vaults')\n .description('List visible vaults without requiring local decryption')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching visible vaults...').start()\n const response = await client.listVaults(connection.projectId)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response.vaults, null, 2))\n return\n }\n\n if (response.vaults.length === 0) {\n console.log('\\n No visible vaults found.\\n')\n return\n }\n\n console.log()\n printTable(\n ['ID', 'Name', 'Classification', 'Items', 'Created At'],\n response.vaults.map((vault) => [\n vault.id,\n vault.name,\n vault.dataClassification || '-',\n String(vault.itemCount),\n vault.createdAt,\n ]),\n false,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/sdk'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * r4 vault get <KEY> — Get a specific locally decrypted environment variable value.\n * Outputs the raw value, perfect for piping: r4 vault get PRODUCTION_DB_PASSWORD | pbcopy\n */\nexport function getCommand(): Command {\n return new Command('get')\n .description('Get a specific locally decrypted environment variable value')\n .argument('<key>', 'Environment variable key (SCREAMING_SNAKE_CASE)')\n .action(\n withErrorHandler(\n async (keyArg: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n\n const spinner = ora('Fetching environment variables...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n const key = keyArg.toUpperCase()\n const value = env[key]\n\n if (value === undefined) {\n const available = Object.keys(env).sort().join(', ') || '(none)'\n throw new Error(`Key \"${key}\" not found. Available keys: ${available}`)\n }\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ key, value }, null, 2))\n return\n }\n\n // Raw output — perfect for piping: r4 vault get PRODUCTION_DB_PASSWORD | pbcopy\n process.stdout.write(value)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/sdk'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * r4 vault search <query> — Search vault items by name (case-insensitive).\n * Matches locally decrypted env variable keys that contain the search query.\n * Useful for finding secrets when you know part of the name.\n */\nexport function searchCommand(): Command {\n return new Command('search')\n .description('Search vault items by name')\n .argument('<query>', 'Search query (case-insensitive match against key names)')\n .action(\n withErrorHandler(\n async (query: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n\n const spinner = ora('Searching vault items...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n const lowerQuery = query.toLowerCase()\n\n const matches = Object.keys(env)\n .filter((key) => key.toLowerCase().includes(lowerQuery))\n .sort()\n\n if (globalOpts.json) {\n const result = matches.map((key) => ({ key, value: env[key] }))\n console.log(JSON.stringify(result, null, 2))\n return\n }\n\n if (matches.length === 0) {\n console.log(`\\n No items matching \"${query}\" found.\\n`)\n return\n }\n\n const rows = matches.map((key) => [key, env[key]])\n\n console.log()\n printTable(['Key', 'Value'], rows, false)\n console.log()\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { createCommand } from './create.js'\nimport { createItemCommand } from './create-item.js'\nimport { listCommand } from './list.js'\nimport { listItemsCommand } from './list-items.js'\nimport { listVaultsCommand } from './list-vaults.js'\nimport { getCommand } from './get.js'\nimport { itemsCommand } from './items.js'\nimport { searchCommand } from './search.js'\n\n/** Register vault subcommands on the CLI program */\nexport function registerVaultCommands(program: Command): void {\n const vault = program.command('vault').description('Manage vault secrets')\n\n vault.addCommand(createCommand())\n vault.addCommand(createItemCommand())\n vault.addCommand(listCommand())\n vault.addCommand(listVaultsCommand())\n vault.addCommand(listItemsCommand())\n vault.addCommand(getCommand())\n vault.addCommand(itemsCommand())\n vault.addCommand(searchCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 project add-vault` associates a vault to a project. */\nexport function addVaultCommand(): Command {\n return new Command('add-vault')\n .description('Associate a vault with a project')\n .argument('<projectId>', 'Project ID')\n .argument('<vaultId>', 'Vault ID')\n .action(\n withErrorHandler(\n async (\n projectId: string,\n vaultId: string,\n _opts: unknown,\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Associating vault with project...').start()\n await client.associateProjectVault({\n projectId,\n vaultId,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ projectId, vaultId }, null, 2))\n return\n }\n\n success(`Associated vault ${vaultId} with project ${projectId}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** r4 project list — List all projects as a table */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List all projects')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching projects...').start()\n const response = await client.listProjects()\n spinner.stop()\n\n const rows = response.projects.map((p) => [\n p.id,\n p.name,\n p.externalId || '-',\n String(p.vaultsCount),\n String(p.licensesCount),\n String(p.licenseGroupsCount),\n ])\n\n console.log()\n printTable(\n ['ID', 'Name', 'External ID', 'Vaults', 'Licenses', 'License Groups'],\n rows,\n !!globalOpts.json,\n response.projects,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { printDetail, printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** r4 project get <id> — Show project details with associated resources */\nexport function getCommand(): Command {\n return new Command('get')\n .description('Get project details')\n .argument('<id>', 'Project ID')\n .action(\n withErrorHandler(async (id: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching project...').start()\n const project = await client.getProject(id)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(project, null, 2))\n return\n }\n\n console.log()\n console.log(chalk.bold(` ${project.name}`))\n console.log()\n\n printDetail(\n [\n ['ID', project.id],\n ['External ID', project.externalId],\n ['Description', project.description],\n ['Created At', project.createdAt],\n ['Vaults', String(project.vaultsCount)],\n ['Licenses', String(project.licensesCount)],\n ['License Groups', String(project.licenseGroupsCount)],\n ],\n false,\n )\n\n if (project.vaults.length > 0) {\n console.log()\n console.log(chalk.bold(' Vaults'))\n console.log()\n printTable(\n ['ID', 'Name', 'Encrypted'],\n project.vaults.map((v) => [v.id, v.name, v.isEncrypted ? 'Yes' : 'No']),\n false,\n )\n }\n\n if (project.licenses.length > 0) {\n console.log()\n console.log(chalk.bold(' Licenses'))\n console.log()\n printTable(\n ['ID', 'Name', 'Type'],\n project.licenses.map((l) => [l.id, l.name || '-', l.type]),\n false,\n )\n }\n\n if (project.licenseGroups.length > 0) {\n console.log()\n console.log(chalk.bold(' License Groups'))\n console.log()\n printTable(\n ['ID', 'Name'],\n project.licenseGroups.map((lg) => [lg.id, lg.name]),\n false,\n )\n }\n\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport readline from 'node:readline'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { success } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** Prompt the user for input via stdin */\nfunction prompt(question: string): Promise<string> {\n const rl = readline.createInterface({ input: process.stdin, output: process.stdout })\n return new Promise((resolve) => {\n rl.question(question, (answer) => {\n rl.close()\n resolve(answer.trim())\n })\n })\n}\n\n/** r4 project create — Create a new project */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a new project')\n .option('--name <name>', 'Project name')\n .option('--description <description>', 'Project description')\n .option('--external-id <externalId>', 'External identifier')\n .action(\n withErrorHandler(async (opts: { name?: string; description?: string; externalId?: string }, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n let name = opts.name\n if (!name) {\n name = await prompt('Project name: ')\n }\n if (!name) {\n throw new Error('Project name is required.')\n }\n\n const spinner = ora('Creating project...').start()\n const response = await client.createProject({\n name,\n description: opts.description,\n externalId: opts.externalId,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Project created with ID: ${response.id}`)\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 project set-agents` replaces explicit project agent membership. */\nexport function setAgentsCommand(): Command {\n return new Command('set-agents')\n .description('Replace the explicit agent membership for a project')\n .argument('<projectId>', 'Project ID')\n .option(\n '--agent-id <id>',\n 'Agent ID to keep on the project (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .action(\n withErrorHandler(\n async (\n projectId: string,\n options: { agentId: string[] },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Updating project agents...').start()\n await client.updateProjectAgents(projectId, {\n agentIds: options.agentId,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ projectId, agentIds: options.agentId }, null, 2))\n return\n }\n\n success(`Updated agent membership for project ${projectId}`)\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { addVaultCommand } from './add-vault.js'\nimport { listCommand } from './list.js'\nimport { getCommand } from './get.js'\nimport { createCommand } from './create.js'\nimport { setAgentsCommand } from './set-agents.js'\n\n/** Register project subcommands on the CLI program */\nexport function registerProjectCommands(program: Command): void {\n const project = program.command('project').description('Manage projects')\n\n project.addCommand(listCommand())\n project.addCommand(getCommand())\n project.addCommand(createCommand())\n project.addCommand(addVaultCommand())\n project.addCommand(setAgentsCommand())\n}\n","import { Command } from 'commander'\nimport { spawn } from 'node:child_process'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/sdk'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * r4 run <command...> — Run a command with vault secrets injected as environment variables.\n *\n * Env var naming: SCREAMING_SNAKE_CASE keys built from locally decrypted vault items.\n *\n * Examples:\n * r4 run --project-id abc123 node deploy.js\n * r4 run --prefix R4 -- docker compose up\n */\nexport function registerRunCommand(program: Command): void {\n program\n .command('run')\n .description('Run a command with vault secrets injected as environment variables')\n .argument('<command...>', 'Command and arguments to execute')\n .option('--prefix <prefix>', 'Add prefix to all injected env var names')\n .action(\n withErrorHandler(\n async (commandParts: string[], opts: { prefix?: string }, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n\n // 1. Fetch and locally decrypt env vars via the R4 SDK\n const spinner = ora('Loading vault secrets...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n\n // 2. Build environment variable map (optionally with prefix)\n const secretEnv: Record<string, string> = {}\n\n for (const key of Object.keys(env)) {\n const envName = opts.prefix\n ? `${opts.prefix.toUpperCase()}_${key}`\n : key\n secretEnv[envName] = env[key]\n }\n\n // 3. Spawn the child process with merged environment\n const [command, ...args] = commandParts\n const child = spawn(command, args, {\n stdio: 'inherit',\n env: { ...process.env, ...secretEnv },\n shell: true,\n })\n\n // 4. Forward the child's exit code\n child.on('close', (code) => {\n process.exit(code ?? 1)\n })\n\n child.on('error', (err) => {\n throw new Error(`Failed to execute command \"${command}\": ${err.message}`)\n })\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 security-group create` provisions a tenant security group. */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a tenant security group')\n .requiredOption('--name <name>', 'Security group name')\n .requiredOption('--tenant-id <id>', 'Tenant ID')\n .option('--parent-id <id>', 'Optional parent security group ID')\n .option(\n '--role <role>',\n 'Tenant role to grant through this group (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .action(\n withErrorHandler(\n async (\n options: {\n name: string\n tenantId: string\n parentId?: string\n role: string[]\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Creating security group...').start()\n await client.createSecurityGroup({\n name: options.name,\n parentId: options.parentId ?? null,\n tenantId: options.tenantId,\n roles: options.role,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(\n JSON.stringify(\n {\n name: options.name,\n tenantId: options.tenantId,\n parentId: options.parentId ?? null,\n roles: options.role,\n },\n null,\n 2,\n ),\n )\n return\n }\n\n success(`Created security group \"${options.name}\"`)\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { createCommand } from './create.js'\n\n/** Register security-group subcommands on the CLI program. */\nexport function registerSecurityGroupCommands(program: Command): void {\n const securityGroup = program\n .command('security-group')\n .description('Manage tenant security groups')\n\n securityGroup.addCommand(createCommand())\n}\n"],"mappings":";;;AAAA,SAAS,WAAAA,iBAAe;;;ACAxB,SAAS,eAAe;AACxB,OAAO,SAAS;;;AC0CT,IAAM,YAAN,MAAgB;AAAA,EACb;AAAA,EACA;AAAA,EAER,YAAY,QAAgB,SAAiB;AAC3C,SAAK,SAAS;AACd,SAAK,UAAU,QAAQ,QAAQ,OAAO,EAAE;AAAA,EAC1C;AAAA,EAEQ,qBAAqBC,OAAsB;AACjD,QAAI,CAACA,SAAQ,YAAY,KAAKA,KAAI,GAAG;AACnC,YAAM,IAAI,MAAM,2DAA2D;AAAA,IAC7E;AAEA,UAAM,iBAAiBA,MAAK,WAAW,GAAG,IAAIA,QAAO,IAAIA,KAAI;AAC7D,WAAO,eAAe,WAAW,iBAAiB,IAC9C,iBACA,kBAAkB,cAAc;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,QAAW,QAAgBA,OAAc,MAA4B;AACjF,UAAM,MAAM,GAAG,KAAK,OAAO,GAAGA,KAAI;AAElC,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC;AAAA,MACA,SAAS;AAAA,QACP,aAAa,KAAK;AAAA,QAClB,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,YAAa,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACzD,YAAM,QAAQ,WAAW;AACzB,YAAM,eAAe,OAAO,WAAW,QAAQ,SAAS,MAAM,KAAK,SAAS,UAAU;AACtF,YAAM,YACJ,OAAO,OAAO,SAAS,WACnB,KAAK,MAAM,IAAI,MACf;AACN,YAAM,IAAI,MAAM,eAAe,SAAS,KAAK,YAAY,EAAE;AAAA,IAC7D;AAEA,QAAI,SAAS,WAAW,KAAK;AAC3B,aAAO;AAAA,IACT;AAEA,UAAM,eAAe,MAAM,SAAS,KAAK;AACzC,QAAI,CAAC,cAAc;AACjB,aAAO;AAAA,IACT;AAEA,QAAI;AACF,aAAO,KAAK,MAAM,YAAY;AAAA,IAChC,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,eAA2C,QAIlC;AACb,WAAO,KAAK,QAAW,OAAO,QAAQ,KAAK,qBAAqB,OAAO,IAAI,GAAG,OAAO,IAAI;AAAA,EAC3F;AAAA;AAAA,EAGA,MAAM,uBAAuB,MAIc;AACzC,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,qBAAuD;AAC3D,WAAO,KAAK,QAAiC,OAAO,oBAAoB;AAAA,EAC1E;AAAA;AAAA,EAGA,MAAM,WAAW,WAAwD;AACvE,UAAM,SAAS,YAAY,cAAc,mBAAmB,SAAS,CAAC,KAAK;AAC3E,WAAO,KAAK,QAAmC,OAAO,wBAAwB,MAAM,EAAE;AAAA,EACxF;AAAA;AAAA,EAGA,MAAM,YAAY,MAAiD;AACjE,WAAO,KAAK,QAA+B,QAAQ,yBAAyB,IAAI;AAAA,EAClF;AAAA;AAAA,EAGA,MAAM,mBAAmB,SAAqD;AAC5E,WAAO,KAAK;AAAA,MACV;AAAA,MACA,yBAAyB,mBAAmB,OAAO,CAAC;AAAA,IACtD;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,eAAe,SAAyD;AAC5E,WAAO,KAAK;AAAA,MACV;AAAA,MACA,yBAAyB,mBAAmB,OAAO,CAAC;AAAA,IACtD;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,gBAAgB,SAAiB,MAAiD;AACtF,WAAO,KAAK;AAAA,MACV;AAAA,MACA,yBAAyB,mBAAmB,OAAO,CAAC;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,eAA6C;AACjD,WAAO,KAAK,QAA6B,OAAO,yBAAyB;AAAA,EAC3E;AAAA;AAAA,EAGA,MAAM,cAAwC;AAC5C,WAAO,KAAK,QAAyB,OAAO,wBAAwB;AAAA,EACtE;AAAA;AAAA,EAGA,MAAM,aAAa,MAA0C;AAC3D,UAAM,KAAK,QAAc,QAAQ,0BAA0B,IAAI;AAAA,EACjE;AAAA;AAAA,EAGA,MAAM,WAAW,IAAoC;AACnD,WAAO,KAAK,QAAuB,OAAO,2BAA2B,EAAE,EAAE;AAAA,EAC3E;AAAA;AAAA,EAGA,MAAM,cAAc,MAA4D;AAC9E,WAAO,KAAK,QAA+B,QAAQ,2BAA2B,IAAI;AAAA,EACpF;AAAA;AAAA,EAGA,MAAM,aAAyC;AAC7C,WAAO,KAAK,QAA2B,OAAO,uBAAuB;AAAA,EACvE;AAAA;AAAA,EAGA,MAAM,SAAS,IAAkC;AAC/C,WAAO,KAAK,QAAqB,OAAO,yBAAyB,mBAAmB,EAAE,CAAC,EAAE;AAAA,EAC3F;AAAA;AAAA,EAGA,MAAM,YAAY,MAAyD;AACzE,WAAO,KAAK,QAA8B,QAAQ,yBAAyB,IAAI;AAAA,EACjF;AAAA;AAAA,EAGA,MAAM,YAAY,IAAY,MAAyC;AACrE,UAAM,KAAK,QAAc,SAAS,yBAAyB,mBAAmB,EAAE,CAAC,IAAI,IAAI;AAAA,EAC3F;AAAA;AAAA,EAGA,MAAM,oBAAoB,IAA+C;AACvE,WAAO,KAAK;AAAA,MACV;AAAA,MACA,yBAAyB,mBAAmB,EAAE,CAAC;AAAA,IACjD;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,uBACJ,IACA,MACe;AACf,UAAM,KAAK;AAAA,MACT;AAAA,MACA,yBAAyB,mBAAmB,EAAE,CAAC;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,oBAAoB,MAAiD;AACzE,UAAM,KAAK,QAAc,QAAQ,sDAAsD,IAAI;AAAA,EAC7F;AAAA;AAAA,EAGA,MAAM,qBAAyD;AAC7D,WAAO,KAAK,QAAmC,OAAO,6CAA6C;AAAA,EACrG;AAAA;AAAA,EAGA,MAAM,eACJ,WACA,IACA,MACe;AACf,UAAM,KAAK;AAAA,MACT;AAAA,MACA,+BAA+B,SAAS,IAAI,mBAAmB,EAAE,CAAC;AAAA,MAClE;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,sBAAsB,MAAmD;AAC7E,UAAM,KAAK,QAAc,QAAQ,2CAA2C,IAAI;AAAA,EAClF;AAAA;AAAA,EAGA,MAAM,iBAAiB,IAA4C;AACjE,UAAM,SAAS,MAAM,KAAK;AAAA,MACxB;AAAA,MACA,mCAAmC,mBAAmB,EAAE,CAAC;AAAA,IAC3D;AAEA,WAAO,EAAE,OAAO;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,oBAAoB,IAAY,MAAiD;AACrF,UAAM,KAAK;AAAA,MACT;AAAA,MACA,mCAAmC,mBAAmB,EAAE,CAAC;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,eAAe,MAA4E;AAC/F,WAAO,KAAK,QAAuC,QAAQ,4BAA4B,IAAI;AAAA,EAC7F;AAAA;AAAA,EAGA,MAAM,cAAuC;AAC3C,WAAO,KAAK,QAAwB,OAAO,6BAA6B;AAAA,EAC1E;AAAA;AAAA,EAGA,MAAM,UAAU,QAA4C;AAC1D,WAAO,KAAK,QAA2B,QAAQ,8BAA8B,EAAE,OAAO,CAAC;AAAA,EACzF;AAAA;AAAA,EAGA,MAAM,aAAa,IAA2C;AAC5D,WAAO,KAAK;AAAA,MACV;AAAA,MACA,0BAA0B,mBAAmB,EAAE,CAAC;AAAA,IAClD;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,sBAAyD;AAC7D,WAAO,KAAK,QAAkC,OAAO,mCAAmC;AAAA,EAC1F;AAAA;AAAA,EAGA,MAAM,4BAAqE;AACzE,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;;;ACxTO,SAAS,oBAAoB,OAAe,WAAqB,CAAC,GAAa;AACpF,QAAM,aAAa,MAChB,MAAM,GAAG,EACT,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAC3B,OAAO,OAAO;AAEjB,SAAO,CAAC,GAAG,UAAU,GAAG,UAAU;AACpC;;;ACXA,OAAO,WAAW;AAClB,OAAO,WAAW;AAKX,SAAS,WACd,SACA,MACA,UACA,UACM;AACN,MAAI,UAAU;AACZ,YAAQ,IAAI,KAAK,UAAU,YAAY,MAAM,MAAM,CAAC,CAAC;AACrD;AAAA,EACF;AAEA,QAAM,QAAQ,IAAI,MAAM;AAAA,IACtB,MAAM,QAAQ,IAAI,CAAC,MAAM,MAAM,KAAK,CAAC,CAAC;AAAA,IACtC,OAAO,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,EAAE;AAAA,EAChC,CAAC;AACD,aAAW,OAAO,MAAM;AACtB,UAAM,KAAK,GAAG;AAAA,EAChB;AACA,UAAQ,IAAI,MAAM,SAAS,CAAC;AAC9B;AAKO,SAAS,YACd,SACA,UACA,UACM;AACN,MAAI,UAAU;AACZ,YAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,EACF;AAEA,QAAM,SAAS,KAAK,IAAI,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC;AACzD,aAAW,CAAC,KAAK,KAAK,KAAK,SAAS;AAClC,UAAM,QAAQ,MAAM,KAAK,IAAI,OAAO,MAAM,CAAC;AAC3C,UAAM,MAAM,SAAS,MAAM,IAAI,SAAS;AACxC,YAAQ,IAAI,KAAK,KAAK,KAAK,GAAG,EAAE;AAAA,EAClC;AACF;AAGO,SAAS,QAAQ,SAAuB;AAC7C,UAAQ,IAAI,MAAM,MAAM,QAAG,IAAI,MAAM,OAAO;AAC9C;AAGO,SAAS,KAAK,SAAuB;AAC1C,UAAQ,IAAI,MAAM,OAAO,GAAG,IAAI,MAAM,OAAO;AAC/C;AAGO,SAAS,WAAW,SAAuB;AAChD,UAAQ,MAAM,MAAM,IAAI,QAAG,IAAI,MAAM,OAAO;AAC9C;;;AC3DA,SAAS,mBAAmB,SAAyB;AACnD,MACE,QAAQ,SAAS,yBAAyB,KAC1C,QAAQ,SAAS,gDAAgD,GACjE;AACA,WACE,GAAG,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMd;AAEA,MAAI,QAAQ,SAAS,+CAA+C,GAAG;AACrE,WACE,GAAG,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMd;AAEA,SAAO;AACT;AAMO,SAAS,iBACd,IAC+B;AAC/B,SAAO,UAAU,SAAY;AAC3B,QAAI;AACF,YAAM,GAAG,GAAG,IAAI;AAAA,IAClB,SAAS,KAAK;AACZ,UAAI,eAAe,OAAO;AACxB,mBAAW,mBAAmB,IAAI,OAAO,CAAC;AAAA,MAC5C,OAAO;AACL,mBAAW,8BAA8B;AAAA,MAC3C;AACA,cAAQ,KAAK,CAAC;AAAA,IAChB;AAAA,EACF;AACF;;;AChDA,OAAOC,SAAQ;;;ACAf,OAAO,QAAQ;AACf,OAAO,QAAQ;AACf,OAAO,UAAU;AAKV,SAAS,oBAAoB,aAA6B;AAC/D,QAAM,YAAY,YACf,KAAK,EACL,YAAY,EACZ,QAAQ,kBAAkB,GAAG,EAC7B,QAAQ,YAAY,EAAE;AAEzB,SAAO,aAAa;AACtB;AAGO,SAAS,eAAuB;AACrC,SAAO,KAAK,KAAK,GAAG,QAAQ,GAAG,KAAK;AACtC;AAGO,SAAS,iBAAyB;AACvC,SAAO,KAAK,KAAK,aAAa,GAAG,UAAU;AAC7C;AAGO,SAAS,cAAc,aAA6B;AACzD,SAAO,KAAK,KAAK,eAAe,GAAG,oBAAoB,WAAW,CAAC;AACrE;AAGO,SAAS,0BAA0B,aAA6B;AACrE,SAAO,KAAK,KAAK,cAAc,WAAW,GAAG,kBAAkB;AACjE;AAGO,SAAS,yBAAyB,aAA6B;AACpE,SAAO,KAAK,KAAK,cAAc,WAAW,GAAG,iBAAiB;AAChE;AAGO,SAAS,yBAAyB,aAA6B;AACpE,SAAO,KAAK,KAAK,cAAc,WAAW,GAAG,kBAAkB;AACjE;AAGO,SAAS,sBAAsB,SAAuB;AAC3D,KAAG,UAAU,SAAS,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,KAAG,UAAU,SAAS,GAAK;AAC7B;AAGO,SAAS,gBAAgB,UAAkB,UAAwB;AACxE,wBAAsB,KAAK,QAAQ,QAAQ,CAAC;AAC5C,KAAG,cAAc,UAAU,UAAU;AAAA,IACnC,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AACD,KAAG,UAAU,UAAU,GAAK;AAC9B;;;AD9CO,IAAM,uBAAuB;AAEpC,SAAS,cAA4B;AACnC,SAAO;AAAA,IACL,SAAS;AAAA,IACT,gBAAgB;AAAA,IAChB,UAAU;AAAA,MACR,CAAC,oBAAoB,GAAG,CAAC;AAAA,IAC3B;AAAA,EACF;AACF;AAEA,SAAS,sBAAsB,UAAuD;AACpF,MAAI,CAAC,YAAY,OAAO,aAAa,UAAU;AAC7C,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ;AACd,QAAM,eAAuC,CAAC;AAE9C,MAAI,OAAO,MAAM,aAAa,YAAY,MAAM,SAAS,KAAK,GAAG;AAC/D,iBAAa,WAAW,MAAM,SAAS,KAAK;AAAA,EAC9C;AACA,MAAI,OAAO,MAAM,eAAe,YAAY,MAAM,WAAW,KAAK,GAAG;AACnE,iBAAa,aAAa,MAAM,WAAW,KAAK;AAAA,EAClD;AACA,MACE,MAAM,gBAAgB,SACtB,MAAM,gBAAgB,YACtB,MAAM,gBAAgB,UACtB,MAAM,gBAAgB,SACtB;AACA,iBAAa,cAAc,MAAM;AAAA,EACnC;AACA,MAAI,OAAO,MAAM,kBAAkB,YAAY,MAAM,cAAc,KAAK,GAAG;AACzE,iBAAa,gBAAgB,MAAM,cAAc,KAAK;AAAA,EACxD;AACA,MACE,MAAM,kBAAkB,WACxB,MAAM,kBAAkB,cACxB,MAAM,kBAAkB,aACxB,MAAM,kBAAkB,WACxB;AACA,iBAAa,gBAAgB,MAAM;AAAA,EACrC;AACA,MAAI,OAAO,MAAM,gBAAgB,YAAY,MAAM,YAAY,KAAK,GAAG;AACrE,iBAAa,cAAc,MAAM,YAAY,KAAK;AAAA,EACpD;AACA,MAAI,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,GAAG;AAC3E,iBAAa,iBAAiB,MAAM,eAAe,KAAK;AAAA,EAC1D;AACA,MAAI,OAAO,MAAM,UAAU,YAAY,MAAM,MAAM,KAAK,GAAG;AACzD,iBAAa,QAAQ,MAAM,MAAM,KAAK;AAAA,EACxC;AACA,MAAI,OAAO,MAAM,YAAY,YAAY,MAAM,QAAQ,KAAK,GAAG;AAC7D,iBAAa,UAAU,MAAM,QAAQ,KAAK;AAAA,EAC5C;AACA,MAAI,OAAO,MAAM,aAAa,YAAY,MAAM,SAAS,KAAK,GAAG;AAC/D,iBAAa,WAAW,MAAM,SAAS,KAAK;AAAA,EAC9C;AACA,MAAI,OAAO,MAAM,eAAe,YAAY,MAAM,WAAW,KAAK,GAAG;AACnE,iBAAa,aAAa,MAAM,WAAW,KAAK;AAAA,EAClD;AACA,MACE,MAAM,gBAAgB,SACtB,MAAM,gBAAgB,YACtB,MAAM,gBAAgB,eACtB,MAAM,gBAAgB,UACtB,MAAM,gBAAgB,UACtB;AACA,iBAAa,cAAc,MAAM;AAAA,EACnC;AACA,MACE,MAAM,cAAc,QACnB,OAAO,MAAM,cAAc,YAAY,MAAM,UAAU,KAAK,GAC7D;AACA,iBAAa,YAAY,MAAM,aAAa;AAAA,EAC9C;AACA,MAAI,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,GAAG;AAC3E,iBAAa,iBAAiB,MAAM,eAAe,KAAK;AAAA,EAC1D;AAEA,SAAO,OAAO,KAAK,YAAY,EAAE,SAAS,IAAI,eAAe;AAC/D;AAEA,SAAS,sBAAsB,SAAmC;AAChE,MAAI,CAAC,WAAW,OAAO,YAAY,UAAU;AAC3C,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,QAAQ;AACd,QAAM,cAA+B,CAAC;AAEtC,MAAI,OAAO,MAAM,YAAY,YAAY,MAAM,QAAQ,KAAK,GAAG;AAC7D,gBAAY,UAAU,MAAM,QAAQ,KAAK;AAAA,EAC3C;AACA,MAAI,OAAO,MAAM,QAAQ,WAAW;AAClC,gBAAY,MAAM,MAAM;AAAA,EAC1B;AACA,MAAI,OAAO,MAAM,cAAc,YAAY,MAAM,UAAU,KAAK,GAAG;AACjE,gBAAY,YAAY,MAAM,UAAU,KAAK;AAAA,EAC/C;AACA,MAAI,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,GAAG;AAC3E,gBAAY,iBAAiB,MAAM,eAAe,KAAK;AAAA,EACzD;AACA,MAAI,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,GAAG;AAC3E,gBAAY,iBAAiB,MAAM,eAAe,KAAK;AAAA,EACzD;AACA,MAAI,OAAO,MAAM,YAAY,YAAY,MAAM,QAAQ,KAAK,GAAG;AAC7D,gBAAY,UAAU,MAAM,QAAQ,KAAK;AAAA,EAC3C;AACA,MAAI,OAAO,MAAM,cAAc,YAAY,MAAM,UAAU,KAAK,GAAG;AACjE,gBAAY,YAAY,MAAM,UAAU,KAAK;AAAA,EAC/C;AACA,QAAM,WAAW,sBAAsB,MAAM,QAAQ;AACrD,MAAI,UAAU;AACZ,gBAAY,WAAW;AAAA,EACzB;AAEA,SAAO;AACT;AAEA,SAAS,+BAA+B,QAAqC;AAC3E,SAAO;AAAA,IACL,OAAO,WACL,OAAO,QAAQ,UACf,OAAO,aACP,OAAO,kBACP,OAAO,kBACP,OAAO,WACP,OAAO,aACP,OAAO;AAAA,EACX;AACF;AAEA,SAAS,gBAAgB,KAA4B;AACnD,MAAI,CAAC,OAAO,OAAO,QAAQ,UAAU;AACnC,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAAS;AACf,QAAM,aAAa,YAAY;AAE/B,MAAI,OAAO,YAAY,OAAO,OAAO,aAAa,UAAU;AAC1D,UAAM,UAAU,OAAO,QAAQ,OAAO,QAAQ,EAC3C,OAAO,CAAC,CAAC,IAAI,MAAM,OAAO,SAAS,YAAY,KAAK,KAAK,EAAE,SAAS,CAAC,EACrE,IAAI,CAAC,CAAC,MAAM,OAAO,MAAM,CAAC,KAAK,KAAK,GAAG,sBAAsB,OAAO,CAAC,CAAU;AAElF,QAAI,QAAQ,SAAS,GAAG;AACtB,iBAAW,WAAW,OAAO,YAAY,OAAO;AAAA,IAClD;AAAA,EACF;AAEA,MAAI,+BAA+B,MAAM,GAAG;AAC1C,eAAW,SAAS,oBAAoB,IAAI;AAAA,MAC1C,GAAG,WAAW,SAAS,oBAAoB;AAAA,MAC3C,GAAG,sBAAsB,MAAM;AAAA,IACjC;AAAA,EACF;AAEA,QAAM,2BACJ,OAAO,OAAO,mBAAmB,YAAY,OAAO,eAAe,KAAK,IACpE,OAAO,eAAe,KAAK,IAC3B;AAEN,aAAW,iBACT,WAAW,SAAS,wBAAwB,MAAM,SAC9C,2BACA,OAAO,KAAK,WAAW,QAAQ,EAAE,CAAC,KAAK;AAE7C,MAAI,OAAO,KAAK,WAAW,QAAQ,EAAE,WAAW,GAAG;AACjD,WAAO,YAAY;AAAA,EACrB;AAEA,SAAO;AACT;AAMO,SAAS,aAA2B;AACzC,MAAI;AACF,UAAM,MAAMC,IAAG,aAAa,cAAc,GAAG,MAAM;AACnD,WAAO,gBAAgB,KAAK,MAAM,GAAG,CAAC;AAAA,EACxC,QAAQ;AACN,WAAO,YAAY;AAAA,EACrB;AACF;AAMO,SAAS,WAAW,QAA4B;AACrD,wBAAsB,aAAa,CAAC;AACpC,kBAAgB,cAAc,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,IAAI,IAAI;AACzE;AAKO,SAAS,cAAoB;AAClC,MAAI;AACF,IAAAA,IAAG,WAAW,cAAc,CAAC;AAAA,EAC/B,QAAQ;AAAA,EAER;AACF;AAKO,SAAS,gBAAwB;AACtC,SAAO,GAAG,aAAa,CAAC;AAC1B;AAGO,SAAS,gBAAgB,QAAgC;AAC9D,SAAO,OAAO,KAAK,OAAO,QAAQ,EAAE,KAAK;AAC3C;AAGO,SAAS,sBAAsB,QAA8B;AAClE,SAAO,OAAO;AAChB;AAGO,SAAS,uBACd,QACA,iBACA,YACQ;AACR,QAAM,kBAAkB,mBAAmB,cAAc,OAAO;AAChE,SAAO,iBAAiB,KAAK,KAAK;AACpC;AAGO,SAAS,iBACd,QACA,aACiB;AACjB,SAAO,OAAO,SAAS,WAAW,KAAK,CAAC;AAC1C;AAGO,SAAS,cACd,QACA,aACA,SACc;AACd,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,MACR,GAAG,OAAO;AAAA,MACV,CAAC,WAAW,GAAG;AAAA,IACjB;AAAA,EACF;AACF;AAGO,SAAS,kBACd,QACA,aACc;AACd,SAAO;AAAA,IACL,GAAG;AAAA,IACH,gBAAgB;AAAA,EAClB;AACF;AAGO,SAAS,cACd,QACA,aACc;AACd,QAAM,oBAAoB,OAAO;AAAA,IAC/B,OAAO,QAAQ,OAAO,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,MAAM,SAAS,WAAW;AAAA,EACzE;AAEA,MAAI,OAAO,KAAK,iBAAiB,EAAE,WAAW,GAAG;AAC/C,WAAO,YAAY;AAAA,EACrB;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,gBACE,OAAO,mBAAmB,cACrB,OAAO,KAAK,iBAAiB,EAAE,KAAK,EAAE,CAAC,KAAK,uBAC7C,OAAO;AAAA,IACb,UAAU;AAAA,EACZ;AACF;AAGO,SAAS,qBAAqB,aAA6B;AAChE,SAAO,cAAc,WAAW;AAClC;AAGO,SAAS,6BAA6B,aAA2B;AACtE,QAAM,aAAa,cAAc,WAAW;AAC5C,EAAAA,IAAG,OAAO,YAAY,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AACxD;;;AE9TA,OAAOC,SAAQ;AAqBR,SAAS,qBACd,WACA,WACoB;AACpB,MAAI,CAAC,aAAa,CAAC,WAAW;AAC5B,WAAO;AAAA,EACT;AAEA,SAAO,GAAG,SAAS,IAAI,SAAS;AAClC;AAKO,SAAS,YAAY,QAA0C;AACpE,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,OAAO,KAAK;AAC5B,QAAM,iBAAiB,QAAQ,QAAQ,GAAG;AAC1C,MAAI,kBAAkB,KAAK,mBAAmB,QAAQ,SAAS,GAAG;AAChE,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,WAAW,QAAQ,MAAM,GAAG,cAAc;AAAA,IAC1C,WAAW,QAAQ,MAAM,iBAAiB,CAAC;AAAA,EAC7C;AACF;AAEA,SAAS,0BAA0B,KAA+C;AAChF,MAAI,CAAC,OAAO,OAAO,QAAQ,UAAU;AACnC,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ;AACd,MACE,OAAO,MAAM,cAAc,YAC3B,OAAO,MAAM,cAAc,YAC3B,CAAC,MAAM,UAAU,KAAK,KACtB,CAAC,MAAM,UAAU,KAAK,GACtB;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,WAAW,MAAM,UAAU,KAAK;AAAA,IAChC,WAAW,MAAM,UAAU,KAAK;AAAA,IAChC,SACE,OAAO,MAAM,YAAY,YAAY,MAAM,QAAQ,KAAK,IACpD,MAAM,QAAQ,KAAK,KACnB,oBAAI,KAAK,GAAE,YAAY;AAAA,EAC/B;AACF;AAGO,SAAS,uBAAuB,aAAsD;AAC3F,MAAI;AACF,UAAM,MAAMC,IAAG,aAAa,0BAA0B,WAAW,GAAG,MAAM;AAC1E,WAAO,0BAA0B,KAAK,MAAM,GAAG,CAAC;AAAA,EAClD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGO,SAAS,uBACd,aACA,aAC0B;AAC1B,QAAM,SAAmC;AAAA,IACvC,SAAS;AAAA,IACT,WAAW,YAAY,UAAU,KAAK;AAAA,IACtC,WAAW,YAAY,UAAU,KAAK;AAAA,IACtC,UAAS,oBAAI,KAAK,GAAE,YAAY;AAAA,EAClC;AACA;AAAA,IACE,0BAA0B,WAAW;AAAA,IACrC,KAAK,UAAU,QAAQ,MAAM,CAAC,IAAI;AAAA,EACpC;AACA,SAAO;AACT;AAGO,SAAS,wBAAwB,aAA2B;AACjE,MAAI;AACF,IAAAA,IAAG,WAAW,0BAA0B,WAAW,CAAC;AAAA,EACtD,QAAQ;AAAA,EAER;AACF;;;ACjHA,OAAO,YAAY;AACnB,OAAOC,SAAQ;AACf,OAAOC,WAAU;AAaV,SAAS,yBAAyB,aAA6B;AACpE,SAAO,yBAAyB,WAAW;AAC7C;AAKO,SAAS,sBAAsB,QASpC;AACA,MAAI,OAAO,SAAS;AAClB,WAAO,EAAE,OAAO,OAAO,SAAS,QAAQ,0BAA0B;AAAA,EACpE;AAEA,MAAI,OAAO,SAAS;AAClB,WAAO,EAAE,OAAO,OAAO,SAAS,QAAQ,8BAA8B;AAAA,EACxE;AAEA,MAAI,OAAO,aAAa;AACtB,WAAO,EAAE,OAAO,OAAO,aAAa,QAAQ,iBAAiB;AAAA,EAC/D;AAEA,QAAM,cAAc,yBAAyB,OAAO,WAAW;AAC/D,MAAIC,IAAG,WAAW,WAAW,KAAK,OAAO,0BAA0B,MAAM;AACvE,WAAO,EAAE,OAAO,aAAa,QAAQ,2BAA2B;AAAA,EAClE;AAEA,SAAO,EAAE,OAAO,QAAW,QAAQ,KAAK;AAC1C;AAKO,SAAS,eAAe,gBAAgC;AAC7D,SAAOA,IAAG,aAAaC,MAAK,QAAQ,cAAc,GAAG,MAAM,EAAE,KAAK;AACpE;AAKO,SAAS,gBAAgB,eAA+B;AAC7D,SAAO,OAAO,gBAAgB,aAAa,EAAE,OAAO;AAAA,IAClD,MAAM;AAAA,IACN,QAAQ;AAAA,EACV,CAAC,EAAE,SAAS;AACd;AAKO,SAAS,iBAAiB,gBAG/B;AACA,QAAM,eAAeA,MAAK,QAAQ,cAAc;AAEhD,MAAID,IAAG,WAAW,YAAY,GAAG;AAC/B,WAAO;AAAA,MACL,eAAe,eAAe,YAAY;AAAA,MAC1C,SAAS;AAAA,IACX;AAAA,EACF;AAEA,QAAM,UAAU,OAAO,oBAAoB,OAAO;AAAA,IAChD,eAAe;AAAA,IACf,mBAAmB;AAAA,MACjB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,IACA,oBAAoB;AAAA,MAClB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,EACF,CAAC;AAED,wBAAsBC,MAAK,QAAQ,YAAY,CAAC;AAChD,kBAAgB,cAAc,QAAQ,WAAW,KAAK,IAAI,IAAI;AAE9D,SAAO;AAAA,IACL,eAAe,QAAQ,WAAW,KAAK;AAAA,IACvC,SAAS;AAAA,EACX;AACF;;;ACtGO,IAAM,0BAA0B;AAChC,IAAM,sBAAsB;AAgBnC,SAAS,iBAAiB,SAAyB;AACjD,SAAO,QAAQ,QAAQ,QAAQ,EAAE;AACnC;AAEA,SAAS,gBAAgB,OAAyB;AAChD,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO,CAAC,KAAK,QAAQ,OAAO,IAAI,EAAE,SAAS,MAAM,KAAK,EAAE,YAAY,CAAC;AACvE;AAMO,SAAS,mBAAmB,SAAkD;AACnF,QAAM,kBAAkB,QAAQ,cAAc,QAAQ,cAAc,QAAQ;AAE5E,MAAI,iBAAiB;AACnB,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,iBAAiB,eAAe,MAAM;AAAA,IACjD;AAAA,EACF;AAEA,QAAM,UACJ,QAAQ,WAAW,QACnB,gBAAgB,QAAQ,MAAM,KAC9B,QAAQ,cAAc;AAExB,SAAO;AAAA,IACL,SAAS,UAAU,sBAAsB;AAAA,IACzC;AAAA,EACF;AACF;AAKO,SAAS,0BACd,MACA,QACqB;AACrB,SAAO,mBAAmB;AAAA,IACxB,YAAY,KAAK;AAAA,IACjB,YAAY,QAAQ,IAAI;AAAA,IACxB,eAAe,OAAO;AAAA,IACtB,QAAQ,KAAK;AAAA,IACb,QAAQ,QAAQ,IAAI;AAAA,IACpB,WAAW,OAAO;AAAA,EACpB,CAAC;AACH;AAOO,SAAS,mCACd,SACA,MACiB;AACjB,QAAM,cAA+B,EAAE,GAAG,QAAQ;AAElD,MAAI,KAAK,SAAS;AAChB,gBAAY,UAAU,KAAK;AAC3B,WAAO,YAAY;AAAA,EACrB,WAAW,KAAK,QAAQ,MAAM;AAC5B,gBAAY,MAAM;AAClB,WAAO,YAAY;AAAA,EACrB,WAAW,KAAK,QAAQ,OAAO;AAC7B,WAAO,YAAY;AACnB,WAAO,YAAY;AAAA,EACrB;AAEA,MAAI,KAAK,WAAW;AAClB,gBAAY,YAAY,KAAK;AAAA,EAC/B;AAEA,MAAI,KAAK,gBAAgB;AACvB,gBAAY,iBAAiB,KAAK;AAAA,EACpC;AAEA,MAAI,KAAK,gBAAgB;AACvB,gBAAY,iBAAiB,KAAK;AAAA,EACpC;AAEA,SAAO;AACT;;;ACxEA,SAAS,cACP,MACA,aACiE;AACjE,MAAI,KAAK,QAAQ;AACf,WAAO;AAAA,MACL,OAAO,KAAK;AAAA,MACZ,QAAQ;AAAA,MACR,oBAAoB;AAAA,IACtB;AAAA,EACF;AAEA,MAAI,QAAQ,IAAI,YAAY;AAC1B,WAAO;AAAA,MACL,OAAO,QAAQ,IAAI;AAAA,MACnB,QAAQ;AAAA,MACR,oBAAoB;AAAA,IACtB;AAAA,EACF;AAEA,QAAM,iBAAiB;AAAA,IACrB,QAAQ,IAAI;AAAA,IACZ,QAAQ,IAAI;AAAA,EACd;AACA,MAAI,gBAAgB;AAClB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,oBAAoB;AAAA,IACtB;AAAA,EACF;AAEA,QAAM,oBAAoB,uBAAuB,WAAW;AAC5D,QAAM,eAAe;AAAA,IACnB,mBAAmB;AAAA,IACnB,mBAAmB;AAAA,EACrB;AACA,MAAI,cAAc;AAChB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,YAAY,WAAW;AAAA,MAC/B,oBAAoB;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,oBAAoB,QAAQ,QAAQ,IAAI,iBAAiB,QAAQ,IAAI,aAAa;AAAA,EACpF;AACF;AAEA,SAAS,iBACP,MACA,SACoB;AACpB,SAAO,KAAK,aAAa,QAAQ,IAAI,iBAAiB,QAAQ;AAChE;AAEA,SAAS,sBACP,MACA,SACA,aAIA;AACA,MAAI,KAAK,gBAAgB;AACvB,WAAO,EAAE,OAAO,KAAK,gBAAgB,QAAQ,0BAA0B;AAAA,EACzE;AAEA,MAAI,QAAQ,IAAI,qBAAqB;AACnC,WAAO,EAAE,OAAO,QAAQ,IAAI,qBAAqB,QAAQ,8BAA8B;AAAA,EACzF;AAEA,MAAI,QAAQ,gBAAgB;AAC1B,WAAO,EAAE,OAAO,QAAQ,gBAAgB,QAAQ,iBAAiB;AAAA,EACnE;AAEA,SAAO;AAAA,IACL,OAAO,yBAAyB,WAAW;AAAA,IAC3C,QAAQ;AAAA,EACV;AACF;AAMO,SAAS,kBACd,MACA,QAIoB;AACpB,QAAM,aAAa,WAAW;AAC9B,QAAM,cAAc;AAAA,IAClB;AAAA,IACA,KAAK;AAAA,IACL,QAAQ,IAAI;AAAA,EACd;AACA,QAAM,UAAU,iBAAiB,YAAY,WAAW;AACxD,QAAM,cAAc,0BAA0B,MAAM,OAAO;AAE3D,QAAM,SAAS,cAAc,MAAM,WAAW;AAC9C,QAAM,aAAa,sBAAsB;AAAA,IACvC,SAAS,KAAK;AAAA,IACd,SAAS,QAAQ,IAAI;AAAA,IACrB,aAAa,QAAQ;AAAA,IACrB;AAAA,EACF,CAAC;AACD,QAAM,iBAAiB,sBAAsB,MAAM,SAAS,WAAW;AAEvE,MAAI,QAAQ,iBAAiB,CAAC,OAAO,OAAO;AAC1C,UAAM,IAAI;AAAA,MACN,4WAOC,OAAO,qBACJ,mEACA;AAAA,IACR;AAAA,EACF;AAEA,MAAI,QAAQ,qBAAqB,CAAC,WAAW,OAAO;AAClD,UAAM,IAAI;AAAA,MACN;AAAA;AAAA;AAAA;AAAA,kDAImD,sBAAsB;AAAA,QACvE;AAAA,QACA,uBAAuB;AAAA,MACzB,CAAC,EAAE,KAAK;AAAA,IACZ;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,cAAc,OAAO;AAAA,IACrB,SAAS,YAAY;AAAA,IACrB,KAAK,YAAY;AAAA,IACjB,WAAW,iBAAiB,MAAM,OAAO;AAAA,IACzC,gBAAgB,WAAW;AAAA,IAC3B,kBAAkB,WAAW;AAAA,IAC7B,gBAAgB,eAAe;AAAA,IAC/B,kBAAkB,eAAe;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAKO,SAAS,YAAY,MAA+B;AACzD,QAAM,aAAa,kBAAkB,MAAM;AAAA,IACzC,eAAe;AAAA,IACf,mBAAmB;AAAA,EACrB,CAAC;AAED,SAAO;AAAA,IACL,QAAQ,WAAW;AAAA,IACnB,WAAW,WAAW;AAAA,IACtB,SAAS,WAAW;AAAA,IACpB,KAAK,WAAW;AAAA,IAChB,gBAAgB,WAAW;AAAA,IAC3B,gBAAgB,WAAW;AAAA,EAC7B;AACF;;;AV1MA,SAAS,qBAAqB,SAUP;AACrB,MAAI,QAAQ,mBAAmB,CAAC,QAAQ,eAAe;AACrD,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC7E;AAEA,MAAI,QAAQ,iBAAiB,CAAC,QAAQ,iBAAiB;AACrD,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC7E;AAEA,SAAO;AAAA,IACL,MAAM,QAAQ;AAAA,IACd,gBAAgB,QAAQ;AAAA,IACxB,UAAU,QAAQ;AAAA,IAClB,kBAAkB,QAAQ;AAAA,IAC1B,SAAS,QAAQ;AAAA,IACjB,aAAa,QAAQ,WAAW,SAAS,IAAI,QAAQ,aAAa;AAAA,IAClE,WAAW,QAAQ,gBACf;AAAA,MACE,MAAM,QAAQ;AAAA,MACd,aAAa,QAAQ;AAAA,MACrB,QAAQ,OAAO,QAAQ,eAAe;AAAA,IACxC,IACA;AAAA,EACN;AACF;AAGO,SAAS,gBAAyB;AACvC,SAAO,IAAI,QAAQ,QAAQ,EACxB,YAAY,oBAAoB,EAChC,eAAe,iBAAiB,YAAY,EAC5C,eAAe,2BAA2B,yBAAyB,EACnE,OAAO,oBAAoB,8BAA8B,EACzD,OAAO,mBAAmB,2CAA2C,EACrE,OAAO,4BAA4B,0CAA0C,EAC7E,OAAO,mCAAmC,0CAA0C,EACpF,OAAO,gCAAgC,4CAA4C,EACnF;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,MACE,OACE,SAWA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,cAAM,OAAO,qBAAqB,OAAO;AAEzC,cAAM,UAAU,IAAI,mBAAmB,EAAE,MAAM;AAC/C,cAAM,WAAW,MAAM,OAAO,YAAY,IAAI;AAC9C,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,QACF;AAEA,gBAAQ,kBAAkB,SAAS,IAAI,GAAG;AAC1C;AAAA,UACE;AAAA,YACE,CAAC,MAAM,SAAS,EAAE;AAAA,YAClB,CAAC,cAAc,SAAS,SAAS;AAAA,YACjC,CAAC,iBAAiB,SAAS,YAAY;AAAA,YACvC,CAAC,cAAc,SAAS,WAAW;AAAA,UACrC;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACJ;;;AW/GA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,YAAW;AAClB,OAAOC,UAAS;AAQT,SAAS,aAAsB;AACpC,SAAO,IAAIC,SAAQ,KAAK,EACrB,YAAY,mBAAmB,EAC/B,SAAS,QAAQ,UAAU,EAC3B;AAAA,IACC,iBAAiB,OAAO,IAAY,OAAgB,QAAiB;AACnE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,KAAI,mBAAmB,EAAE,MAAM;AAC/C,YAAM,QAAQ,MAAM,OAAO,SAAS,EAAE;AACtC,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAC1C;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ,cAAQ,IAAIC,OAAM,KAAK,KAAK,MAAM,IAAI,EAAE,CAAC;AACzC,cAAQ,IAAI;AAEZ;AAAA,QACE;AAAA,UACE,CAAC,MAAM,MAAM,EAAE;AAAA,UACf,CAAC,UAAU,MAAM,UAAU;AAAA,UAC3B,CAAC,UAAU,MAAM,UAAU;AAAA,UAC3B,CAAC,oBAAoB,MAAM,cAAc;AAAA,UACzC,CAAC,UAAU,MAAM,QAAQ;AAAA,UACzB,CAAC,oBAAoB,MAAM,wBAAwB,QAAQ,IAAI;AAAA,UAC/D,CAAC,cAAc,MAAM,SAAS;AAAA,UAC9B,CAAC,cAAc,MAAM,SAAS;AAAA,UAC9B,CAAC,eAAe,MAAM,UAAU;AAAA,QAClC;AAAA,QACA;AAAA,MACF;AAEA,UAAI,MAAM,eAAe,SAAS,GAAG;AACnC,gBAAQ,IAAI;AACZ,gBAAQ,IAAIA,OAAM,KAAK,mBAAmB,CAAC;AAC3C,gBAAQ,IAAI;AACZ;AAAA,UACE,CAAC,MAAM,MAAM;AAAA,UACb,MAAM,eAAe,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,IAAI,CAAC;AAAA,UAC1D;AAAA,QACF;AAAA,MACF;AAEA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC9DA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;AAQT,SAAS,wBAAiC;AAC/C,SAAO,IAAIC,SAAQ,kBAAkB,EAClC,YAAY,2CAA2C,EACvD,SAAS,QAAQ,UAAU,EAC3B;AAAA,IACC,iBAAiB,OAAO,IAAY,OAAgB,QAAiB;AACnE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,KAAI,gCAAgC,EAAE,MAAM;AAC5D,YAAM,WAAW,MAAM,OAAO,oBAAoB,EAAE;AACpD,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ;AAAA,QACE;AAAA,UACE,CAAC,YAAY,EAAE;AAAA,UACf,CAAC,kBAAkB,SAAS,MAAM,KAAK,IAAI,KAAK,QAAQ;AAAA,UACxD,CAAC,mBAAmB,SAAS,eAAe,KAAK,IAAI,KAAK,QAAQ;AAAA,QACpE;AAAA,QACA;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACxCA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;;;ACDhB,SAAS,WAAAC,gBAAe;AACxB,OAAOC,YAAW;AAClB,OAAOC,UAAS;;;ACDhB,SAAS,kBAAkB;AAC3B,OAAO,WAAW;AAgLlB,OAAOC,aAAY;AACnB,OAAOC,SAAQ;AACf,OAAOC,WAAU;AAihBjB,OAAOC,UAAS;AAChB,OAAOC,YAAW;AAjsBlB,IAAI,WAAW,MAAM;AAAA,EACnB;AAAA,EACA;AAAA,EACA,YAAY,QAAQ,SAAS;AAC3B,SAAK,SAAS;AACd,SAAK,UAAU,QAAQ,QAAQ,OAAO,EAAE;AAAA,EAC1C;AAAA,EACA,eAAe;AACb,WAAO;AAAA,MACL,aAAa,KAAK;AAAA,MAClB,gBAAgB;AAAA,IAClB;AAAA,EACF;AAAA,EACA,qBAAqBC,QAAO;AAC1B,QAAI,CAACA,UAAS,YAAY,KAAKA,MAAK,GAAG;AACrC,YAAM,IAAI,MAAM,2DAA2D;AAAA,IAC7E;AACA,UAAM,iBAAiBA,OAAM,WAAW,GAAG,IAAIA,SAAQ,IAAIA,MAAK;AAChE,WAAO,eAAe,WAAW,iBAAiB,IAAI,iBAAiB,kBAAkB,cAAc;AAAA,EACzG;AAAA,EACA,MAAM,QAAQA,QAAO,MAAM;AACzB,UAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,GAAGA,MAAK,IAAI;AAAA,MACtD,GAAG;AAAA,MACH,SAAS;AAAA,QACP,GAAG,KAAK,aAAa;AAAA,QACrB,GAAG,KAAK,WAAW,CAAC;AAAA,MACtB;AAAA,IACF,CAAC;AACD,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACxD,YAAM,eAAe,OAAO,UAAU,OAAO,YAAY,WAAW,UAAU,MAAM,UAAU,QAAQ,SAAS,MAAM,KAAK,SAAS,UAAU;AAC7I,YAAM,YAAY,OAAO,UAAU,OAAO,SAAS,WAAW,KAAK,UAAU,MAAM,IAAI,MAAM;AAC7F,YAAM,IAAI,MAAM,eAAe,SAAS,KAAK,YAAY,EAAE;AAAA,IAC7D;AACA,QAAI,SAAS,WAAW,KAAK;AAC3B,aAAO;AAAA,IACT;AACA,UAAM,eAAe,MAAM,SAAS,KAAK;AACzC,QAAI,CAAC,cAAc;AACjB,aAAO;AAAA,IACT;AACA,QAAI;AACF,aAAO,KAAK,MAAM,YAAY;AAAA,IAChC,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,QAAQ;AAC3B,WAAO,KAAK,QAAQ,KAAK,qBAAqB,OAAO,IAAI,GAAG;AAAA,MAC1D,QAAQ,OAAO;AAAA,MACf,MAAM,OAAO,SAAS,SAAS,SAAS,KAAK,UAAU,OAAO,IAAI;AAAA,IACpE,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,uBAAuB,MAAM;AACjC,WAAO,KAAK,QAAQ,oCAAoC;AAAA,MACtD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,IAAI;AAAA,IAC3B,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,qBAAqB;AACzB,WAAO,KAAK,QAAQ,sBAAsB;AAAA,MACxC,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,WAAW;AAC1B,UAAM,SAAS,YAAY,cAAc,mBAAmB,SAAS,CAAC,KAAK;AAC3E,WAAO,KAAK,QAAQ,wBAAwB,MAAM,IAAI;AAAA,MACpD,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,mBAAmB,SAAS;AAChC,WAAO,KAAK;AAAA,MACV,yBAAyB,mBAAmB,OAAO,CAAC;AAAA,MACpD,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,yBAAyB,SAAS,QAAQ;AAC9C,UAAM,eAAe,IAAI,gBAAgB;AACzC,QAAI,QAAQ,6BAA6B,QAAQ;AAC/C,mBAAa,IAAI,4BAA4B,OAAO,OAAO,wBAAwB,CAAC;AAAA,IACtF;AACA,QAAI,QAAQ,uBAAuB;AACjC,mBAAa,IAAI,yBAAyB,OAAO,qBAAqB;AAAA,IACxE;AACA,UAAM,SAAS,aAAa,OAAO,IAAI,IAAI,aAAa,SAAS,CAAC,KAAK;AACvE,WAAO,KAAK;AAAA,MACV,yBAAyB,mBAAmB,OAAO,CAAC,eAAe,MAAM;AAAA,MACzE,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,eAAe,SAAS;AAC5B,WAAO,KAAK;AAAA,MACV,yBAAyB,mBAAmB,OAAO,CAAC;AAAA,MACpD,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,mBAAmB,SAAS,QAAQ;AACxC,WAAO,KAAK;AAAA,MACV,yBAAyB,mBAAmB,OAAO,CAAC,UAAU,mBAAmB,MAAM,CAAC;AAAA,MACxF,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,wBAAwB,iBAAiB,QAAQ;AACrD,UAAM,eAAe,IAAI,gBAAgB;AACzC,QAAI,QAAQ,6BAA6B,QAAQ;AAC/C,mBAAa,IAAI,4BAA4B,OAAO,OAAO,wBAAwB,CAAC;AAAA,IACtF;AACA,QAAI,QAAQ,uBAAuB;AACjC,mBAAa,IAAI,yBAAyB,OAAO,qBAAqB;AAAA,IACxE;AACA,UAAM,SAAS,aAAa,OAAO,IAAI,IAAI,aAAa,SAAS,CAAC,KAAK;AACvE,WAAO,KAAK;AAAA,MACV,yCAAyC,mBAAmB,eAAe,CAAC,WAAW,MAAM;AAAA,MAC7F,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,4BAA4B,iBAAiB,MAAM;AACvD,WAAO,KAAK;AAAA,MACV,yCAAyC,mBAAmB,eAAe,CAAC;AAAA,MAC5E;AAAA,QACE,QAAQ;AAAA,QACR,MAAM,KAAK,UAAU,IAAI;AAAA,MAC3B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,yBAAyB,iBAAiB,MAAM;AACpD,WAAO,KAAK;AAAA,MACV,yCAAyC,mBAAmB,eAAe,CAAC;AAAA,MAC5E;AAAA,QACE,QAAQ;AAAA,QACR,MAAM,KAAK,UAAU,IAAI;AAAA,MAC3B;AAAA,IACF;AAAA,EACF;AACF;AAQA,IAAI,sCAAsC;AAC1C,IAAI,mCAAmC;AACvC,IAAI,2CAA2C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAc/C,IAAI,yCAAyC,CAAC,OAAO,SAAS;AAAA,EAC5D;AAAA,EACA;AAAA,EACA;AAAA,EACA,OAAO,KAAK,OAAO;AAAA,EACnB,KAAK;AACP,EAAE,KAAK,GAAG;AACV,IAAI,oCAAoC,CAAC,SAAS,SAAS;AAAA,EACzD;AAAA,EACA;AAAA,EACA;AAAA,EACA,OAAO,KAAK,OAAO;AAAA,EACnB,KAAK;AACP,EAAE,KAAK,GAAG;AACV,IAAI,sCAAsC,CAAC,UAAU,WAAW,KAAK;AACrE,IAAI,iCAAiC,CAAC,YAAY,aAAa,OAAO;AACtE,IAAI,8BAA8B,CAAC,SAASA,WAAU,GAAG,QAAQ,QAAQ,QAAQ,EAAE,CAAC,IAAIA,OAAM,QAAQ,QAAQ,EAAE,CAAC;AACjH,SAAS,cAAc,YAAY;AACjC,QAAM,UAAU,WAAW,KAAK;AAChC,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AACA,MAAI;AACF,UAAM,aAAa,QAAQ,SAAS,KAAK,IAAI,UAAU,WAAW,OAAO;AACzE,WAAO,IAAI,IAAI,UAAU,EAAE,SAAS,YAAY;AAAA,EAClD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AACA,IAAI,sCAAsC,CAAC,eAAe;AACxD,QAAM,WAAW,cAAc,UAAU;AACzC,SAAO,aAAa,YAAY,aAAa;AAC/C;AACA,IAAI,oCAAoC,CAAC,WAAW;AAClD,QAAM,oBAAoB,OAAO,mBAAmB,KAAK;AACzD,MAAI,mBAAmB;AACrB,WAAO;AAAA,EACT;AACA,SAAO,oCAAoC,OAAO,UAAU,IAAI,mCAAmC;AACrG;AAGA,IAAI,kBAAkB;AAAA,EACpB,SAASL,QAAO,UAAU;AAAA,EAC1B,UAAU;AACZ;AACA,IAAI,sBAAsB;AAAA,EACxB,SAASA,QAAO,UAAU;AAAA,EAC1B,YAAY;AACd;AACA,IAAI,2BAA2B;AAC/B,IAAI,uCAAuC;AAC3C,IAAI,+CAA+C;AACnD,IAAI,6CAA6C;AACjD,IAAI,+BAA+B;AACnC,IAAI,kCAAkC;AACtC,IAAI,sCAAsC;AAC1C,SAAS,SAAS,KAAK,YAAY,UAAU;AAC3C,QAAM,YAAY,IAAI,QAAQ,YAAY,EAAE,EAAE,QAAQ,UAAU,EAAE,EAAE,QAAQ,OAAO,EAAE;AACrF,SAAO,OAAO,KAAK,WAAW,QAAQ;AACxC;AACA,SAAS,yBAAyB,YAAY;AAC5C,SAAOA,QAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,KAAK,YAAY,QAAQ,CAAC,EAAE,OAAO,KAAK;AAC3F;AACA,SAAS,yBAAyB,QAAQ,eAAe;AACvD,SAAO,GAAG,MAAM,IAAIA,QAAO,WAAW,QAAQ,EAAE,OAAO,eAAe,MAAM,EAAE,OAAO,KAAK,CAAC;AAC7F;AACA,SAASM,gBAAe,gBAAgB;AACtC,SAAOL,IAAG,aAAaC,MAAK,QAAQ,cAAc,GAAG,MAAM,EAAE,KAAK;AACpE;AACA,SAASK,iBAAgB,eAAe;AACtC,SAAOP,QAAO,gBAAgB,aAAa,EAAE,OAAO;AAAA,IAClD,MAAM;AAAA,IACN,QAAQ;AAAA,EACV,CAAC,EAAE,SAAS;AACd;AACA,SAAS,wBAAwB,cAAc;AAC7C,QAAM,WAAW,SAAS,cAAc,8BAA8B,0BAA0B;AAChG,SAAOA,QAAO,WAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO,KAAK;AAClE;AACA,SAAS,4BAA4B,uBAAuB,yBAAyB;AACnF,SAAO,GAAG,wBAAwB,IAAI,qBAAqB,IAAI,uBAAuB;AACxF;AACA,SAAS,sBAAsB,uBAAuB,iBAAiB,mBAAmB,sBAAsB;AAC9G,QAAM,UAAU;AAAA,IACd;AAAA,IACA,wBAAwB,eAAe;AAAA,EACzC;AACA,MAAI;AACF,WAAOA,QAAO;AAAA,MACZ;AAAA,MACA,OAAO,KAAK,SAAS,MAAM;AAAA,MAC3B;AAAA,QACE,KAAK;AAAA,QACL,GAAG;AAAA,MACL;AAAA,MACA,OAAO,KAAK,mBAAmB,QAAQ;AAAA,IACzC;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AACA,SAAS,iCAAiC,SAAS,WAAW,cAAc;AAC1E,MAAI;AACF,WAAOA,QAAO;AAAA,MACZ;AAAA,MACA,OAAO,KAAK,SAAS,MAAM;AAAA,MAC3B;AAAA,QACE,KAAK;AAAA,QACL,GAAG;AAAA,MACL;AAAA,MACA,OAAO,KAAK,WAAW,QAAQ;AAAA,IACjC;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AACA,SAAS,yCAAyC,UAAU,cAAc;AACxE,SAAO;AAAA,IACL,uCAAuC,SAAS,OAAO,SAAS,IAAI;AAAA,IACpE,SAAS;AAAA,IACT;AAAA,EACF;AACF;AACA,SAAS,oCAAoC,UAAU,cAAc;AACnE,SAAO;AAAA,IACL,kCAAkC,SAAS,SAAS,SAAS,IAAI;AAAA,IACjE,SAAS;AAAA,IACT;AAAA,EACF;AACF;AACA,SAAS,yCAAyC,OAAO;AACvD,SAAO;AAAA,IACL;AAAA,IACA,KAAK,UAAU;AAAA,MACb,SAAS,MAAM;AAAA,MACf,SAAS,MAAM;AAAA,MACf,iBAAiB,MAAM;AAAA,MACvB,WAAW,MAAM;AAAA,MACjB,aAAa,MAAM;AAAA,MACnB,yBAAyB,MAAM,2BAA2B;AAAA,MAC1D,mBAAmB,MAAM,qBAAqB;AAAA,MAC9C,mBAAmB,MAAM,qBAAqB;AAAA,IAChD,CAAC;AAAA,EACH;AACF;AACA,SAAS,qCAAqC,QAAQ;AACpD,QAAM,aAAa;AAAA,IACjB,SAAS,OAAO;AAAA,IAChB,SAAS,OAAO;AAAA,IAChB,iBAAiB,OAAO;AAAA,IACxB,WAAW,OAAO;AAAA,IAClB,aAAa,OAAO,eAAe,wBAAwB,OAAO,SAAS;AAAA,IAC3E,yBAAyB,OAAO,2BAA2B;AAAA,IAC3D,mBAAmB,OAAO,qBAAqB;AAAA,IAC/C,mBAAmB,OAAO,qBAAqB;AAAA,EACjD;AACA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,WAAW,yCAAyC,UAAU;AAAA,EAChE;AACF;AACA,SAAS,sCAAsC,SAAS;AACtD,MAAI,kBAAkB;AACtB,MAAI,eAAe;AACnB,aAAW,SAAS,SAAS;AAC3B,QAAI,yCAAyC,KAAK,MAAM,MAAM,WAAW;AACvE,aAAO;AAAA,IACT;AACA,QAAI,MAAM,sBAAsB,cAAc;AAC5C,aAAO;AAAA,IACT;AACA,QAAI,oBAAoB,QAAQ,MAAM,YAAY,kBAAkB,GAAG;AACrE,aAAO;AAAA,IACT;AACA,sBAAkB,MAAM;AACxB,mBAAe,MAAM;AAAA,EACvB;AACA,SAAO;AACT;AACA,SAAS,oCAAoC,SAAS;AACpD,QAAM,YAAY,QAAQ,QAAQ,SAAS,CAAC;AAC5C,MAAI,CAAC,WAAW;AACd,WAAO;AAAA,EACT;AACA,SAAO;AAAA,IACL,SAAS,UAAU;AAAA,IACnB,MAAM,UAAU;AAAA,EAClB;AACF;AACA,SAAS,sCAAsC,QAAQ;AACrD,QAAM,mBAAmB;AAAA,IACvB,SAAS,OAAO,aAAa;AAAA,IAC7B,MAAM,OAAO,aAAa;AAAA,EAC5B;AACA,MAAI,OAAO,MAAM,KAAK,YAAY,iBAAiB,WAAW,OAAO,MAAM,KAAK,SAAS,iBAAiB,MAAM;AAC9G,WAAO;AAAA,EACT;AACA,MAAI,CAAC,sCAAsC,OAAO,MAAM,OAAO,GAAG;AAChE,WAAO;AAAA,EACT;AACA,QAAM,YAAY,oCAAoC,OAAO,MAAM,OAAO;AAC1E,MAAI,CAAC,aAAa,UAAU,YAAY,iBAAiB,WAAW,UAAU,SAAS,iBAAiB,MAAM;AAC5G,WAAO;AAAA,EACT;AACA,MAAI,CAAC,OAAO,cAAc;AACxB,WAAO,OAAO,MAAM,QAAQ,SAAS;AAAA,EACvC;AACA,MAAI,OAAO,aAAa,UAAU,OAAO,aAAa,SAAS;AAC7D,WAAO;AAAA,EACT;AACA,QAAM,gBAAgB,OAAO,MAAM,QAAQ,KAAK,CAAC,UAAU,MAAM,YAAY,OAAO,aAAa,OAAO;AACxG,MAAI,OAAO,aAAa,YAAY,OAAO,aAAa,SAAS;AAC/D,WAAO,eAAe,cAAc,OAAO,aAAa;AAAA,EAC1D;AACA,SAAO,eAAe,cAAc,OAAO,aAAa;AAC1D;AACA,SAAS,oCAAoC,YAAY;AACvD,SAAO;AAAA,IACL,OAAO,WAAW;AAAA,IAClB,SAAS,WAAW;AAAA,IACpB,SAAS,CAAC,GAAG,WAAW,OAAO,EAAE,IAAI,CAAC,WAAW;AAAA,MAC/C,eAAe,MAAM;AAAA,MACrB,WAAW,MAAM;AAAA,MACjB,aAAa,MAAM;AAAA,MACnB,uBAAuB,MAAM,yBAAyB;AAAA,MACtD,mBAAmB,MAAM,qBAAqB;AAAA,IAChD,EAAE,EAAE,KAAK,CAAC,MAAM,UAAU,KAAK,cAAc,cAAc,MAAM,aAAa,CAAC;AAAA,EACjF;AACF;AACA,SAAS,uCAAuC,YAAY;AAC1D,SAAO,KAAK,UAAU,oCAAoC,UAAU,CAAC;AACvE;AACA,SAAS,uCAAuC,YAAY;AAC1D,SAAO;AAAA,IACL;AAAA,IACA,uCAAuC,UAAU;AAAA,EACnD;AACF;AACA,SAAS,iCAAiC,YAAY,WAAW,cAAc;AAC7E,MAAI;AACF,WAAOA,QAAO;AAAA,MACZ;AAAA,MACA,OAAO,KAAK,uCAAuC,UAAU,GAAG,MAAM;AAAA,MACtE;AAAA,QACE,KAAK;AAAA,QACL,GAAG;AAAA,MACL;AAAA,MACA,OAAO,KAAK,WAAW,QAAQ;AAAA,IACjC;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AACA,SAAS,2CAA2C,OAAO;AACzD,SAAO;AAAA,IACL;AAAA,IACA,KAAK,UAAU;AAAA,MACb,OAAO,MAAM;AAAA,MACb,SAAS,MAAM;AAAA,MACf,4BAA4B,MAAM;AAAA,MAClC,qBAAqB,MAAM;AAAA,MAC3B,iBAAiB,MAAM;AAAA,MACvB,mBAAmB,MAAM;AAAA,MACzB,WAAW,MAAM;AAAA,MACjB,mBAAmB,MAAM,qBAAqB;AAAA,IAChD,CAAC;AAAA,EACH;AACF;AACA,SAAS,uCAAuC,QAAQ;AACtD,QAAM,mBAAmB;AAAA,IACvB,OAAO,OAAO,WAAW;AAAA,IACzB,SAAS,OAAO,WAAW;AAAA,IAC3B,4BAA4B,uCAAuC,OAAO,UAAU;AAAA,IACpF,qBAAqB,OAAO;AAAA,IAC5B,iBAAiB,OAAO;AAAA,IACxB,mBAAmB,wBAAwB,OAAO,eAAe;AAAA,IACjE,WAAW,OAAO;AAAA,IAClB,mBAAmB,OAAO,qBAAqB;AAAA,EACjD;AACA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,WAAW,2CAA2C,gBAAgB;AAAA,EACxE;AACF;AACA,SAAS,wCAAwC,QAAQ;AACvD,MAAI,OAAO,MAAM,KAAK,YAAY,OAAO,aAAa,WAAW,OAAO,MAAM,KAAK,SAAS,OAAO,aAAa,WAAW;AACzH,WAAO;AAAA,EACT;AACA,MAAI,CAAC,OAAO,cAAc;AACxB,QAAI,OAAO,MAAM,QAAQ,WAAW,GAAG;AACrC,aAAO;AAAA,IACT;AACA,aAAS,QAAQ,GAAG,QAAQ,OAAO,MAAM,QAAQ,QAAQ,SAAS;AAChE,YAAM,QAAQ,OAAO,MAAM,QAAQ,KAAK;AACxC,UAAI,CAAC,OAAO;AACV,eAAO;AAAA,MACT;AACA,YAAM,eAAe,2CAA2C;AAAA,QAC9D,OAAO,MAAM;AAAA,QACb,SAAS,MAAM;AAAA,QACf,4BAA4B,MAAM;AAAA,QAClC,qBAAqB,MAAM;AAAA,QAC3B,iBAAiB,MAAM;AAAA,QACvB,mBAAmB,MAAM;AAAA,QACzB,WAAW,MAAM;AAAA,QACjB,mBAAmB,MAAM;AAAA,MAC3B,CAAC;AACD,UAAI,iBAAiB,MAAM,WAAW;AACpC,eAAO;AAAA,MACT;AACA,UAAI,UAAU,GAAG;AACf;AAAA,MACF;AACA,YAAM,gBAAgB,OAAO,MAAM,QAAQ,QAAQ,CAAC;AACpD,UAAI,CAAC,eAAe;AAClB,eAAO;AAAA,MACT;AACA,UAAI,MAAM,sBAAsB,cAAc,aAAa,MAAM,YAAY,cAAc,UAAU,GAAG;AACtG,eAAO;AAAA,MACT;AAAA,IACF;AACA,UAAM,YAAY,OAAO,MAAM,QAAQ,OAAO,MAAM,QAAQ,SAAS,CAAC;AACtE,WAAO,WAAW,cAAc,OAAO,aAAa,aAAa,UAAU,YAAY,OAAO,aAAa;AAAA,EAC7G;AACA,MAAI,OAAO,aAAa,UAAU,OAAO,aAAa,SAAS;AAC7D,WAAO;AAAA,EACT;AACA,MAAI,OAAO,aAAa,YAAY,OAAO,aAAa,SAAS;AAC/D,WAAO,OAAO,aAAa,cAAc,OAAO,aAAa,QAAQ,OAAO,MAAM,QAAQ,WAAW;AAAA,EACvG;AACA,MAAI,OAAO,MAAM,QAAQ,WAAW,GAAG;AACrC,WAAO;AAAA,EACT;AACA,MAAI,kBAAkB,OAAO,aAAa;AAC1C,MAAI,eAAe,OAAO,aAAa;AACvC,aAAW,SAAS,OAAO,MAAM,SAAS;AACxC,UAAM,eAAe,2CAA2C;AAAA,MAC9D,OAAO,MAAM;AAAA,MACb,SAAS,MAAM;AAAA,MACf,4BAA4B,MAAM;AAAA,MAClC,qBAAqB,MAAM;AAAA,MAC3B,iBAAiB,MAAM;AAAA,MACvB,mBAAmB,MAAM;AAAA,MACzB,WAAW,MAAM;AAAA,MACjB,mBAAmB,MAAM;AAAA,IAC3B,CAAC;AACD,QAAI,iBAAiB,MAAM,aAAa,MAAM,sBAAsB,gBAAgB,MAAM,YAAY,kBAAkB,GAAG;AACzH,aAAO;AAAA,IACT;AACA,sBAAkB,MAAM;AACxB,mBAAe,MAAM;AAAA,EACvB;AACA,SAAO,iBAAiB,OAAO,aAAa,aAAa,oBAAoB,OAAO,aAAa;AACnG;AACA,SAAS,gCAAgC,SAAS,gBAAgB,qBAAqB,YAAY,YAAY;AAC7G,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO,UAAU;AAAA,IACjB,yBAAyB,UAAU;AAAA,EACrC,EAAE,KAAK,GAAG;AACZ;AACA,SAAS,0BAA0B,SAAS,gBAAgB,qBAAqB,YAAY,YAAY,qBAAqB,oBAAoB;AAChJ,QAAM,UAAU;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI;AACF,WAAOA,QAAO;AAAA,MACZ;AAAA,MACA,OAAO,KAAK,SAAS,MAAM;AAAA,MAC3B;AAAA,QACE,KAAK;AAAA,QACL,GAAG;AAAA,MACL;AAAA,MACA,OAAO,KAAK,qBAAqB,QAAQ;AAAA,IAC3C;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AACA,SAAS,gCAAgC,YAAY;AACnD,SAAO;AAAA,IACL,SAAS,WAAW;AAAA,IACpB,SAAS,WAAW;AAAA,IACpB,MAAM,WAAW;AAAA,IACjB,oBAAoB,WAAW,sBAAsB;AAAA,IACrD,mBAAmB,WAAW,qBAAqB;AAAA,IACnD,OAAO,CAAC,GAAG,WAAW,KAAK,EAAE,IAAI,CAAC,UAAU;AAAA,MAC1C,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,MAAM,KAAK,QAAQ;AAAA,MACnB,UAAU,CAAC,GAAG,KAAK,QAAQ;AAAA,MAC3B,SAAS,KAAK,WAAW;AAAA,IAC3B,EAAE,EAAE,KAAK,CAAC,MAAM,UAAU,KAAK,GAAG,cAAc,MAAM,EAAE,CAAC;AAAA,IACzD,QAAQ,CAAC,GAAG,WAAW,MAAM,EAAE,IAAI,CAAC,WAAW;AAAA,MAC7C,IAAI,MAAM;AAAA,MACV,MAAM,MAAM;AAAA,MACZ,UAAU,MAAM,YAAY;AAAA,IAC9B,EAAE,EAAE,KAAK,CAAC,MAAM,UAAU,KAAK,GAAG,cAAc,MAAM,EAAE,CAAC;AAAA,EAC3D;AACF;AACA,SAAS,mCAAmC,YAAY;AACtD,SAAO,KAAK,UAAU,gCAAgC,UAAU,CAAC;AACnE;AACA,SAAS,mCAAmC,YAAY;AACtD,SAAO;AAAA,IACL;AAAA,IACA,mCAAmC,UAAU;AAAA,EAC/C;AACF;AACA,SAAS,6BAA6B,YAAY,WAAW,cAAc;AACzE,MAAI;AACF,WAAOA,QAAO;AAAA,MACZ;AAAA,MACA,OAAO,KAAK,mCAAmC,UAAU,GAAG,MAAM;AAAA,MAClE;AAAA,QACE,KAAK;AAAA,QACL,GAAG;AAAA,MACL;AAAA,MACA,OAAO,KAAK,WAAW,QAAQ;AAAA,IACjC;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AACA,SAAS,mCAAmC,YAAY;AACtD,SAAO;AAAA,IACL,aAAa,WAAW;AAAA,IACxB,SAAS,WAAW;AAAA,IACpB,SAAS,WAAW;AAAA,IACpB,MAAM,WAAW;AAAA,IACjB,MAAM,WAAW,QAAQ;AAAA,IACzB,UAAU,CAAC,GAAG,WAAW,QAAQ;AAAA,IACjC,SAAS,WAAW,WAAW;AAAA,IAC/B,QAAQ,CAAC,GAAG,WAAW,MAAM,EAAE,IAAI,CAAC,WAAW;AAAA,MAC7C,IAAI,MAAM;AAAA,MACV,MAAM,MAAM;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,OAAO,MAAM;AAAA,MACb,kBAAkB,CAAC,GAAG,MAAM,gBAAgB,EAAE,KAAK;AAAA,MACnD,UAAU,CAAC,GAAG,MAAM,QAAQ,EAAE,KAAK;AAAA,IACrC,EAAE,EAAE,KAAK,CAAC,MAAM,UAAU,KAAK,QAAQ,MAAM,SAAS,KAAK,GAAG,cAAc,MAAM,EAAE,CAAC;AAAA,EACvF;AACF;AACA,SAAS,sCAAsC,YAAY;AACzD,SAAO,KAAK,UAAU,mCAAmC,UAAU,CAAC;AACtE;AACA,SAAS,sCAAsC,YAAY;AACzD,SAAO;AAAA,IACL;AAAA,IACA,sCAAsC,UAAU;AAAA,EAClD;AACF;AACA,SAAS,gCAAgC,YAAY,WAAW,cAAc;AAC5E,MAAI;AACF,WAAOA,QAAO;AAAA,MACZ;AAAA,MACA,OAAO,KAAK,sCAAsC,UAAU,GAAG,MAAM;AAAA,MACrE;AAAA,QACE,KAAK;AAAA,QACL,GAAG;AAAA,MACL;AAAA,MACA,OAAO,KAAK,WAAW,QAAQ;AAAA,IACjC;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AACA,SAAS,gBAAgB,OAAO;AAC9B,MAAI,CAAC,MAAM,WAAW,GAAG,GAAG;AAC1B,WAAO;AAAA,EACT;AACA,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,KAAK;AAC/B,WAAO,OAAO,MAAM;AAAA,EACtB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AACA,SAAS,oBAAoB,gBAAgB,KAAK;AAChD,MAAI,CAAC,gBAAgB,cAAc,GAAG;AACpC,UAAM,IAAI,MAAM,4DAA4D;AAAA,EAC9E;AACA,QAAM,WAAW,KAAK,MAAM,cAAc;AAC1C,QAAM,WAAWA,QAAO,iBAAiB,eAAe,KAAK,OAAO,KAAK,SAAS,IAAI,QAAQ,CAAC;AAC/F,WAAS,WAAW,OAAO,KAAK,SAAS,GAAG,QAAQ,CAAC;AACrD,QAAM,YAAY,OAAO,OAAO;AAAA,IAC9B,SAAS,OAAO,OAAO,KAAK,SAAS,GAAG,QAAQ,CAAC;AAAA,IACjD,SAAS,MAAM;AAAA,EACjB,CAAC;AACD,SAAO,UAAU,SAAS,MAAM;AAClC;AACA,SAAS,wBAAwB,OAAO,KAAK;AAC3C,SAAO,gBAAgB,KAAK,IAAI,oBAAoB,OAAO,GAAG,IAAI;AACpE;AACA,SAAS,wBAAwB,YAAY,eAAe;AAC1D,SAAOA,QAAO;AAAA,IACZ,EAAE,KAAK,eAAe,GAAG,gBAAgB;AAAA,IACzC,OAAO,KAAK,YAAY,QAAQ;AAAA,EAClC;AACF;AAKA,SAAS,eAAe,gBAAgB;AACtC,MAAI;AACF,UAAM,MAAMG,KAAI,aAAa,gBAAgB,MAAM;AACnD,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,WAAO;AAAA,MACL,SAAS;AAAA,MACT,aAAa,OAAO,eAAe,CAAC;AAAA,MACpC,uBAAuB,OAAO,yBAAyB,CAAC;AAAA,MACxD,sBAAsB,OAAO,wBAAwB,CAAC;AAAA,IACxD;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,MACL,SAAS;AAAA,MACT,aAAa,CAAC;AAAA,MACd,uBAAuB,CAAC;AAAA,MACxB,sBAAsB,CAAC;AAAA,IACzB;AAAA,EACF;AACF;AACA,SAAS,eAAe,gBAAgB,OAAO;AAC7C,EAAAA,KAAI,UAAUC,OAAM,QAAQ,cAAc,GAAG,EAAE,WAAW,KAAK,CAAC;AAChE,EAAAD,KAAI,cAAc,gBAAgB,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,MAAM,MAAM;AACjF;AACA,SAAS,iBAAiB,OAAO,WAAW;AAC1C,SAAO,GAAG,KAAK,IAAI,SAAS;AAC9B;AACA,SAAS,sBAAsB,OAAO,SAAS;AAC7C,SAAO,SAAS,OAAO;AACzB;AACA,SAAS,0BAA0B,OAAO;AACxC,SAAO,OAAO,KAAK;AACrB;AACA,SAAS,kCAAkC,OAAO,SAAS;AACzD,SAAO,cAAc,OAAO;AAC9B;AACA,eAAe,qBAAqB,gBAAgB,UAAU;AAC5D,QAAM,WAAW,MAAM;AAAA,IACrB,4BAA4B,gBAAgB,QAAQ;AAAA,IACpD;AAAA,MACE,OAAO;AAAA,IACT;AAAA,EACF;AACA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,IAAI;AAAA,MACR,yDAAyD,SAAS,MAAM;AAAA,IAC1E;AAAA,EACF;AACA,SAAO,SAAS,KAAK;AACvB;AACA,SAAS,gCAAgC,gBAAgB;AACvD,QAAM,QAAQ,eAAe,cAAc;AAC3C,QAAM,QAAQ,OAAO,OAAO,MAAM,oBAAoB;AACtD,SAAO,MAAM,WAAW,IAAI,MAAM,CAAC,IAAI;AACzC;AACA,eAAe,wBAAwB,YAAY,OAAO,0BAA0B;AAClF,QAAM,iBAAiB,kCAAkC;AAAA,IACvD;AAAA,IACA,mBAAmB;AAAA,EACrB,CAAC;AACD,MAAI,CAAC,gBAAgB;AACnB,WAAO;AAAA,EACT;AACA,QAAM,WAAW,MAAM;AAAA,IACrB;AAAA,IACA,oCAAoC,KAAK;AAAA,EAC3C;AACA,MAAI,SAAS,SAAS,4BAA4B,SAAS,UAAU,SAAS,CAAC;AAAA,IAC7E;AAAA,IACA;AAAA,EACF,GAAG;AACD,UAAM,IAAI,MAAM,2DAA2D,KAAK,GAAG;AAAA,EACrF;AACA,SAAO,SAAS;AAClB;AACA,eAAe,0BAA0B,YAAY,SAAS,0BAA0B;AACtF,QAAM,iBAAiB,kCAAkC;AAAA,IACvD;AAAA,IACA,mBAAmB;AAAA,EACrB,CAAC;AACD,MAAI,CAAC,gBAAgB;AACnB,WAAO;AAAA,EACT;AACA,QAAM,WAAW,MAAM;AAAA,IACrB;AAAA,IACA,+BAA+B,OAAO;AAAA,EACxC;AACA,MAAI,SAAS,SAAS,sBAAsB,SAAS,YAAY,WAAW,CAAC;AAAA,IAC3E;AAAA,IACA;AAAA,EACF,GAAG;AACD,UAAM,IAAI,MAAM,6DAA6D,OAAO,GAAG;AAAA,EACzF;AACA,SAAO,SAAS;AAClB;AACA,eAAe,uBAAuB,gBAAgB,OAAO,YAAY;AACvE,QAAM,QAAQ,eAAe,cAAc;AAC3C,MAAI,UAAU;AACd,aAAW,OAAO,YAAY;AAC5B,UAAM,aAAa,iBAAiB,OAAO,IAAI,SAAS;AACxD,UAAM,sBAAsB,wBAAwB,IAAI,SAAS;AACjE,QAAI,wBAAwB,IAAI,aAAa;AAC3C,YAAM,IAAI,MAAM,qDAAqD,IAAI,SAAS,GAAG;AAAA,IACvF;AACA,UAAM,WAAW,MAAM,YAAY,UAAU;AAC7C,UAAM,cAA8B,oBAAI,KAAK,GAAG,YAAY;AAC5D,QAAI,CAAC,UAAU;AACb,YAAM,YAAY,UAAU,IAAI;AAAA,QAC9B,WAAW,IAAI;AAAA,QACf,aAAa,IAAI;AAAA,QACjB,WAAW,IAAI;AAAA,QACf,UAAU;AAAA,QACV;AAAA,MACF;AACA,gBAAU;AACV;AAAA,IACF;AACA,QAAI,SAAS,cAAc,IAAI,eAAe;AAC5C,UAAI,SAAS,gBAAgB,IAAI,eAAe,SAAS,cAAc,IAAI,WAAW;AACpF,cAAM,IAAI;AAAA,UACR,qBAAqB,IAAI,aAAa,kCAAkC,IAAI,SAAS;AAAA,QACvF;AAAA,MACF;AACA,UAAI,SAAS,eAAe,YAAY;AACtC,cAAM,YAAY,UAAU,IAAI;AAAA,UAC9B,GAAG;AAAA,UACH;AAAA,QACF;AACA,kBAAU;AAAA,MACZ;AACA;AAAA,IACF;AACA,QAAI,CAAC,IAAI,yBAAyB,IAAI,0BAA0B,SAAS,aAAa,CAAC,IAAI,mBAAmB;AAC5G,YAAM,IAAI,MAAM,gCAAgC,IAAI,SAAS,yCAAyC;AAAA,IACxG;AACA,UAAM,mBAAmB;AAAA,MACvB,SAAS;AAAA,MACT,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,SAAS;AAAA,IACX;AACA,QAAI,CAAC,kBAAkB;AACrB,YAAM,IAAI,MAAM,gCAAgC,IAAI,SAAS,iCAAiC;AAAA,IAChG;AACA,UAAM,YAAY,UAAU,IAAI;AAAA,MAC9B,WAAW,IAAI;AAAA,MACf,aAAa,IAAI;AAAA,MACjB,WAAW,IAAI;AAAA,MACf,UAAU,SAAS;AAAA,MACnB;AAAA,IACF;AACA,cAAU;AAAA,EACZ;AACA,MAAI,SAAS;AACX,mBAAe,gBAAgB,KAAK;AAAA,EACtC;AACA,SAAO;AACT;AACA,eAAe,wBAAwB,gBAAgB,OAAO,YAAY,YAAY,0BAA0B;AAC9G,QAAM,QAAQ,eAAe,cAAc;AAC3C,MAAI,UAAU;AACd,aAAW,OAAO,YAAY;AAC5B,UAAM,aAAa,sBAAsB,OAAO,IAAI,OAAO;AAC3D,UAAM,sBAAsB,wBAAwB,IAAI,SAAS;AACjE,QAAI,wBAAwB,IAAI,aAAa;AAC3C,YAAM,IAAI,MAAM,sDAAsD,IAAI,OAAO,GAAG;AAAA,IACtF;AACA,QAAI,CAAC,IAAI,cAAc;AACrB,YAAM,IAAI,MAAM,oEAAoE,IAAI,OAAO,GAAG;AAAA,IACpG;AACA,UAAM,oBAAoB,IAAI,aAAa,QAAQ,IAAI,aAAa,QAAQ,SAAS,CAAC;AACtF,QAAI,CAAC,mBAAmB;AACtB,YAAM,IAAI,MAAM,0EAA0E,IAAI,OAAO,GAAG;AAAA,IAC1G;AACA,UAAM,uBAAuB,qCAAqC;AAAA,MAChE,SAAS,IAAI;AAAA,MACb,SAAS,kBAAkB;AAAA,MAC3B,iBAAiB,IAAI;AAAA,MACrB,WAAW,IAAI;AAAA,MACf,aAAa,IAAI;AAAA,MACjB,yBAAyB,IAAI,2BAA2B;AAAA,MACxD,mBAAmB,IAAI,qBAAqB;AAAA,MAC5C,mBAAmB,kBAAkB,qBAAqB;AAAA,IAC5D,CAAC;AACD,QAAI,qBAAqB,cAAc,kBAAkB,WAAW;AAClE,YAAM,IAAI,MAAM,gFAAgF,IAAI,OAAO,GAAG;AAAA,IAChH;AACA,UAAM,yBAAyB,MAAM,qBAAqB,kCAAkC,OAAO,IAAI,OAAO,CAAC,KAAK;AACpH,UAAM,cAAc,CAAC,yBAAyB,MAAM,0BAA0B,YAAY,IAAI,SAAS,wBAAwB,IAAI;AACnI,UAAM,sBAAsB,eAAe;AAC3C,QAAI,eAAe,IAAI,aAAa,KAAK,UAAU,YAAY,SAAS;AACtE,YAAM,IAAI,MAAM,8EAA8E,IAAI,OAAO,GAAG;AAAA,IAC9G;AACA,QAAI,eAAe,IAAI,aAAa,KAAK,YAAY,YAAY,SAAS;AACxE,UAAI,IAAI,aAAa,KAAK,SAAS,YAAY,MAAM;AACnD,cAAM,IAAI,MAAM,4DAA4D,IAAI,OAAO,GAAG;AAAA,MAC5F;AACA,UAAI,kBAAkB,cAAc,YAAY,QAAQ,qBAAqB,cAAc,YAAY,MAAM;AAC3G,cAAM,IAAI,MAAM,mEAAmE,IAAI,OAAO,GAAG;AAAA,MACnG;AAAA,IACF,WAAW,CAAC,sCAAsC;AAAA,MAChD,cAAc;AAAA,MACd,OAAO,IAAI;AAAA,MACX,cAAc;AAAA,IAChB,CAAC,GAAG;AACF,YAAM,IAAI,MAAM,qEAAqE,IAAI,OAAO,GAAG;AAAA,IACrG;AACA,UAAM,WAAW,MAAM,YAAY,UAAU;AAC7C,UAAM,cAA8B,oBAAI,KAAK,GAAG,YAAY;AAC5D,QAAI,CAAC,UAAU;AACb,YAAM,YAAY,UAAU,IAAI;AAAA,QAC9B,WAAW,IAAI;AAAA,QACf,aAAa,IAAI;AAAA,QACjB,WAAW,IAAI;AAAA,QACf,UAAU;AAAA,QACV;AAAA,MACF;AACA,YAAM,qBAAqB,kCAAkC,OAAO,IAAI,OAAO,CAAC,IAAI,IAAI,aAAa;AACrG,gBAAU;AACV;AAAA,IACF;AACA,QAAI,SAAS,cAAc,IAAI,iBAAiB;AAC9C,UAAI,SAAS,gBAAgB,IAAI,eAAe,SAAS,cAAc,IAAI,WAAW;AACpF,cAAM,IAAI;AAAA,UACR,qBAAqB,IAAI,eAAe,mCAAmC,IAAI,OAAO;AAAA,QACxF;AAAA,MACF;AACA,UAAI,SAAS,eAAe,cAAc,MAAM,qBAAqB,kCAAkC,OAAO,IAAI,OAAO,CAAC,GAAG,YAAY,IAAI,aAAa,KAAK,WAAW,MAAM,qBAAqB,kCAAkC,OAAO,IAAI,OAAO,CAAC,GAAG,SAAS,IAAI,aAAa,KAAK,MAAM;AAChS,cAAM,YAAY,UAAU,IAAI;AAAA,UAC9B,GAAG;AAAA,UACH;AAAA,QACF;AACA,cAAM,qBAAqB,kCAAkC,OAAO,IAAI,OAAO,CAAC,IAAI,IAAI,aAAa;AACrG,kBAAU;AAAA,MACZ;AACA;AAAA,IACF;AACA,QAAI,CAAC,IAAI,2BAA2B,IAAI,4BAA4B,SAAS,aAAa,CAAC,IAAI,mBAAmB;AAChH,YAAM,IAAI,MAAM,iCAAiC,IAAI,OAAO,yCAAyC;AAAA,IACvG;AACA,UAAM,mBAAmB;AAAA,MACvB,SAAS;AAAA,MACT,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,SAAS;AAAA,IACX;AACA,QAAI,CAAC,kBAAkB;AACrB,YAAM,IAAI,MAAM,iCAAiC,IAAI,OAAO,iCAAiC;AAAA,IAC/F;AACA,UAAM,YAAY,UAAU,IAAI;AAAA,MAC9B,WAAW,IAAI;AAAA,MACf,aAAa,IAAI;AAAA,MACjB,WAAW,IAAI;AAAA,MACf,UAAU,SAAS;AAAA,MACnB;AAAA,IACF;AACA,UAAM,qBAAqB,kCAAkC,OAAO,IAAI,OAAO,CAAC,IAAI,IAAI,aAAa;AACrG,cAAU;AAAA,EACZ;AACA,MAAI,SAAS;AACX,mBAAe,gBAAgB,KAAK;AAAA,EACtC;AACA,SAAO;AACT;AACA,eAAe,6BAA6B,gBAAgB,WAAW,YAAY;AACjF,MAAI,CAAC,UAAU,qBAAqB;AAClC,QAAI,UAAU,WAAW,SAAS,GAAG;AACnC,YAAM,IAAI,MAAM,0FAA0F;AAAA,IAC5G;AACA,WAAO;AAAA,EACT;AACA,QAAM,EAAE,oBAAoB,IAAI;AAChC,QAAM,QAAQ,oBAAoB,WAAW;AAC7C,MAAI,CAAC,oBAAoB,mBAAmB,CAAC,oBAAoB,iBAAiB;AAChF,UAAM,IAAI,MAAM,kEAAkE;AAAA,EACpF;AACA,QAAM,oBAAoB,wBAAwB,oBAAoB,eAAe;AACrF,QAAM,cAAc,oBAAoB,WAAW,QAAQ;AAAA,IACzD,CAAC,UAAU,MAAM,kBAAkB,oBAAoB,uBAAuB,MAAM,cAAc,oBAAoB;AAAA,EACxH;AACA,QAAM,YAAY;AAAA,IAChB,eAAe,oBAAoB;AAAA,IACnC,WAAW,oBAAoB;AAAA,IAC/B,WAAW,oBAAoB;AAAA,IAC/B,aAAa;AAAA,IACb,uBAAuB,aAAa,yBAAyB;AAAA,IAC7D,mBAAmB,aAAa,qBAAqB;AAAA,EACvD;AACA,QAAM,0BAA0B,eAAe,cAAc;AAC7D,MAAI;AACF,UAAM,uBAAuB,gBAAgB,OAAO,CAAC,SAAS,CAAC;AAC/D,UAAM,WAAW;AAAA,MACf,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,IACtB;AACA,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,4DAA4D,KAAK,GAAG;AAAA,IACtF;AACA,QAAI,CAAC,UAAU,cAAc;AAC3B,YAAM,IAAI,MAAM,oEAAoE,KAAK,GAAG;AAAA,IAC9F;AACA,UAAM,QAAQ,eAAe,cAAc;AAC3C,UAAM,yBAAyB,MAAM,qBAAqB,0BAA0B,KAAK,CAAC,KAAK;AAC/F,UAAM,sBAAsB,cAAc;AAC1C,UAAM,sBAAsB,MAAM,sBAAsB,0BAA0B,KAAK,CAAC,KAAK;AAC7F,QAAI,CAAC,uBAAuB,wBAAwB,QAAQ,UAAU,aAAa,KAAK,UAAU,qBAAqB;AACrH,YAAM,IAAI,MAAM,+DAA+D,KAAK,GAAG;AAAA,IACzF;AACA,QAAI,CAAC,uBAAuB,UAAU,aAAa,QAAQ,WAAW,GAAG;AACvE,YAAM,IAAI,MAAM,yDAAyD,KAAK,GAAG;AAAA,IACnF;AACA,QAAI,UAAU,aAAa,QAAQ,SAAS,GAAG;AAC7C,YAAM,oBAAoB,UAAU,aAAa,QAAQ,UAAU,aAAa,QAAQ,SAAS,CAAC;AAClG,UAAI,CAAC,mBAAmB;AACtB,cAAM,IAAI,MAAM,uDAAuD,KAAK,GAAG;AAAA,MACjF;AACA,YAAM,uBAAuB,uCAAuC;AAAA,QAClE,YAAY,oBAAoB;AAAA,QAChC,qBAAqB,oBAAoB;AAAA,QACzC,iBAAiB,oBAAoB;AAAA,QACrC,iBAAiB,oBAAoB;AAAA,QACrC,WAAW,oBAAoB;AAAA,QAC/B,mBAAmB,kBAAkB,qBAAqB;AAAA,MAC5D,CAAC;AACD,UAAI,qBAAqB,cAAc,kBAAkB,WAAW;AAClE,cAAM,IAAI,MAAM,2EAA2E,KAAK,GAAG;AAAA,MACrG;AACA,UAAI,cAAc,UAAU,aAAa,KAAK,YAAY,WAAW,SAAS;AAC5E,YAAI,UAAU,aAAa,KAAK,SAAS,WAAW,MAAM;AACxD,gBAAM,IAAI,MAAM,0DAA0D,KAAK,GAAG;AAAA,QACpF;AACA,YAAI,kBAAkB,cAAc,WAAW,QAAQ,qBAAqB,cAAc,WAAW,MAAM;AACzG,gBAAM,IAAI,MAAM,yDAAyD,KAAK,GAAG;AAAA,QACnF;AAAA,MACF,WAAW,CAAC,wCAAwC;AAAA,QAClD,cAAc;AAAA,QACd,OAAO,UAAU;AAAA,QACjB,cAAc;AAAA,MAChB,CAAC,GAAG;AACF,cAAM,IAAI,MAAM,2DAA2D,KAAK,GAAG;AAAA,MACrF;AAAA,IACF,WAAW,cAAc,UAAU,aAAa,KAAK,YAAY,WAAW,SAAS;AACnF,YAAM,IAAI,MAAM,wEAAwE,KAAK,8BAA8B;AAAA,IAC7H,WAAW,CAAC,uBAAuB,oBAAoB,YAAY,UAAU,aAAa,KAAK,WAAW,oBAAoB,SAAS,UAAU,aAAa,KAAK,MAAM;AACvK,YAAM,IAAI,MAAM,qEAAqE,KAAK,GAAG;AAAA,IAC/F;AACA,iCAA6B,gBAAgB,OAAO,UAAU,aAAa,IAAI;AAC/E,UAAM,oBAAoB,IAAI;AAAA,MAC5B,oBAAoB,WAAW,QAAQ,IAAI,CAAC,UAAU,CAAC,MAAM,eAAe,KAAK,CAAC;AAAA,IACpF;AACA,eAAW,OAAO,UAAU,YAAY;AACtC,YAAM,QAAQ,kBAAkB,IAAI,IAAI,aAAa;AACrD,UAAI,CAAC,OAAO;AACV,cAAM,IAAI,MAAM,YAAY,IAAI,aAAa,4CAA4C;AAAA,MAC3F;AACA,UAAI,MAAM,cAAc,IAAI,aAAa,MAAM,gBAAgB,IAAI,eAAe,MAAM,0BAA0B,IAAI,yBAAyB,MAAM,sBAAsB,IAAI,mBAAmB;AAChM,cAAM,IAAI,MAAM,YAAY,IAAI,aAAa,2CAA2C;AAAA,MAC1F;AAAA,IACF;AACA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,mBAAe,gBAAgB,uBAAuB;AACtD,UAAM;AAAA,EACR;AACF;AACA,eAAe,gCAAgC,gBAAgB,WAAW,YAAY;AACpF,QAAM,QAAQ,MAAM,6BAA6B,gBAAgB,WAAW,UAAU;AACtF,MAAI,CAAC,OAAO;AACV,WAAO,UAAU;AAAA,EACnB;AACA,SAAO,uBAAuB,gBAAgB,OAAO,UAAU,UAAU;AAC3E;AACA,eAAe,iCAAiC,gBAAgB,OAAO,YAAY,YAAY,0BAA0B;AACvH,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AACA,SAAS,8BAA8B,gBAAgB,YAAY,SAAS;AAC1E,QAAM,QAAQ,eAAe,cAAc;AAC3C,QAAM,gBAAgB,MAAM,sBAAsB,UAAU;AAC5D,MAAI,kBAAkB,UAAU,UAAU,eAAe;AACvD,UAAM,IAAI,MAAM,mDAAmD,UAAU,GAAG;AAAA,EAClF;AACA,MAAI,kBAAkB,UAAU,UAAU,eAAe;AACvD,UAAM,sBAAsB,UAAU,IAAI;AAC1C,mBAAe,gBAAgB,KAAK;AAAA,EACtC;AACF;AACA,SAAS,6BAA6B,gBAAgB,OAAO,MAAM;AACjE,QAAM,QAAQ,eAAe,cAAc;AAC3C,QAAM,aAAa,0BAA0B,KAAK;AAClD,QAAM,aAAa,MAAM,qBAAqB,UAAU;AACxD,MAAI,YAAY;AACd,QAAI,KAAK,UAAU,WAAW,SAAS;AACrC,YAAM,IAAI,MAAM,+DAA+D,KAAK,GAAG;AAAA,IACzF;AACA,QAAI,KAAK,YAAY,WAAW,WAAW,KAAK,SAAS,WAAW,MAAM;AACxE,YAAM,IAAI,MAAM,oDAAoD,KAAK,GAAG;AAAA,IAC9E;AAAA,EACF;AACA,MAAI,CAAC,cAAc,KAAK,UAAU,WAAW,SAAS;AACpD,UAAM,qBAAqB,UAAU,IAAI;AACzC,mBAAe,gBAAgB,KAAK;AAAA,EACtC;AACA,gCAA8B,gBAAgB,YAAY,KAAK,OAAO;AACxE;AAGA,IAAIK,2BAA0B;AAC9B,IAAIC,uBAAsB;AAC1B,SAAS,qBAAqB,OAAO;AACnC,SAAO,MAAM,QAAQ,iBAAiB,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,UAAU,EAAE,EAAE,YAAY;AACnG;AACA,SAASC,uBAAsB,QAAQ;AACrC,MAAI,OAAO,gBAAgB;AACzB,WAAO,MAAM,QAAQ,OAAO,cAAc;AAAA,EAC5C;AACA,MAAI,OAAO,gBAAgB;AACzB,WAAO,GAAG,MAAM,QAAQ,OAAO,cAAc,CAAC;AAAA,EAChD;AACA,SAAO,MAAM,QAAQ,QAAQ,IAAI,GAAG,sBAAsB;AAC5D;AACA,SAAS,kBAAkB,QAAQ;AACjC,MAAI,OAAO,SAAS;AAClB,WAAO,OAAO;AAAA,EAChB;AACA,SAAO,OAAO,MAAMD,uBAAsBD;AAC5C;AACA,SAAS,4CAA4C,UAAU,SAAS;AACtE,SAAO;AAAA,IACL,SAAS,SAAS;AAAA,IAClB;AAAA,IACA,MAAM,SAAS;AAAA,IACf,oBAAoB,SAAS,sBAAsB;AAAA,IACnD,mBAAmB,SAAS,qBAAqB;AAAA,IACjD,OAAO,SAAS,MAAM,IAAI,CAAC,UAAU;AAAA,MACnC,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,MAAM,KAAK,QAAQ;AAAA,MACnB,UAAU,KAAK,YAAY,CAAC;AAAA,MAC5B,SAAS,KAAK,WAAW;AAAA,IAC3B,EAAE;AAAA,IACF,QAAQ,SAAS,gBAAgB,IAAI,CAAC,WAAW;AAAA,MAC/C,IAAI,MAAM;AAAA,MACV,MAAM,MAAM;AAAA,MACZ,UAAU,MAAM,YAAY;AAAA,IAC9B,EAAE;AAAA,EACJ;AACF;AACA,SAAS,2CAA2C,MAAM,SAAS;AACjE,SAAO;AAAA,IACL,aAAa,KAAK;AAAA,IAClB,SAAS,KAAK;AAAA,IACd;AAAA,IACA,MAAM,KAAK;AAAA,IACX,MAAM,KAAK,QAAQ;AAAA,IACnB,UAAU,KAAK,YAAY,CAAC;AAAA,IAC5B,SAAS,KAAK,WAAW;AAAA,IACzB,QAAQ,KAAK,OAAO,IAAI,CAAC,OAAO,WAAW;AAAA,MACzC,IAAI,MAAM;AAAA,MACV,MAAM,MAAM;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,OAAO,MAAM,SAAS;AAAA,MACtB,kBAAkB,MAAM,oBAAoB,CAAC;AAAA,MAC7C,UAAU,MAAM,YAAY,CAAC;AAAA,IAC/B,EAAE;AAAA,EACJ;AACF;AACA,SAAS,6BAA6B,QAAQ;AAC5C,QAAM,aAAa,OAAO,WAAW,cAAc;AACnD,MAAI,eAAe,wBAAwB;AACzC,UAAM,aAAa,OAAO,UAAU;AAAA,MAClC,CAAC,cAAc,UAAU,oBAAoB,OAAO,WAAW;AAAA,IACjE;AACA,UAAM,sBAAsB,OAAO,UAAU,QAAQ,CAAC,cAAc,UAAU,cAAc,WAAW,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,MAAM,oBAAoB,OAAO,WAAW,qBAAqB;AAC5L,QAAI,CAAC,cAAc,CAAC,qBAAqB;AACvC,YAAM,IAAI;AAAA,QACR,6BAA6B,OAAO,WAAW,yBAAyB,SAAS;AAAA,MACnF;AAAA,IACF;AACA,WAAO,YAAY,aAAa,oBAAoB;AAAA,EACtD;AACA,QAAM,YAAY,OAAO,SAAS;AAAA,IAChC,CAAC,cAAc,UAAU,kBAAkB,OAAO,WAAW;AAAA,EAC/D;AACA,MAAI,CAAC,WAAW;AACd,UAAM,IAAI;AAAA,MACR,6BAA6B,OAAO,WAAW,uBAAuB,SAAS;AAAA,IACjF;AAAA,EACF;AACA,SAAO,UAAU;AACnB;AACA,IAAI,KAAK,MAAM,IAAI;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,OAAO;AAAA,EACP,YAAY,QAAQ;AAClB,QAAI,CAAC,OAAO,QAAQ;AAClB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AACA,QAAI,CAAC,OAAO,cAAc,CAAC,OAAO,gBAAgB;AAChD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,UAAU,kBAAkB,MAAM;AACxC,SAAK,UAAU;AACf,SAAK,yBAAyB,OAAO;AACrC,SAAK,SAAS,IAAI,SAAS,OAAO,QAAQ,OAAO;AACjD,SAAK,YAAY,OAAO;AACxB,SAAK,gBAAgB,OAAO,cAAcF,gBAAe,OAAO,cAAc;AAC9E,SAAK,eAAeC,iBAAgB,KAAK,aAAa;AACtD,SAAK,iBAAiBG,uBAAsB,MAAM;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA,EAIA,aAAa,OAAO,QAAQ;AAC1B,UAAM,WAAW,IAAI,IAAI,MAAM;AAC/B,UAAM,SAAS,KAAK;AACpB,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO;AACX,SAAK,OAAO,MAAM,KAAK,SAAS;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAIA,IAAI,MAAM;AACR,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,UAAU;AACd,SAAK,OAAO,MAAM,KAAK,SAAS;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,QAAQ;AAC3B,WAAO,KAAK,OAAO,eAAe,MAAM;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,uBAAuB,iBAAiB,SAAS;AACrD,QAAI,SAAS,iBAAiB,MAAM;AAClC,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,KAAK,uBAAuB;AAClC,UAAM,UAAU,MAAM,KAAK,gCAAgC,eAAe;AAC1E,WAAO;AAAA,MACL,IAAI,QAAQ;AAAA,MACZ,MAAM,QAAQ;AAAA,MACd,cAAc,QAAQ;AAAA,MACtB,QAAQ,KAAK,2BAA2B,OAAO;AAAA,IACjD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,+BAA+B,QAAQ;AAC3C,UAAM,KAAK,uBAAuB;AAClC,UAAM,UAAU,MAAM,KAAK,gCAAgC,OAAO,eAAe;AACjF,QAAI,QAAQ,iBAAiB,aAAa;AACxC,YAAM,IAAI;AAAA,QACR,0BAA0B,OAAO,eAAe,OAAO,QAAQ,YAAY;AAAA,MAC7E;AAAA,IACF;AACA,UAAM,SAAS,KAAK,2BAA2B,OAAO;AACtD,UAAM,SAAS,OAAO,SAAS;AAC/B,UAAM,WAAW,OAAO,cAAc,KAAK;AAC3C,UAAM,QAAQ,KAAK,mBAAmB,OAAO,KAAK,OAAO,YAAY;AACrE,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,0BAA0B,OAAO,eAAe,qCAAqC;AAAA,IACvG;AACA,UAAM,YAAY,WAAW;AAC7B,UAAM,gBAAgB,MAAM,KAAK,OAAO,4BAA4B,OAAO,iBAAiB;AAAA,MAC1F;AAAA,MACA,sBAAsB,OAAO,wBAAwB;AAAA,MACrD,uBAAuB,OAAO,yBAAyB,KAAK,2BAA2B,OAAO,KAAK,UAAU;AAAA,IAC/G,CAAC;AACD,UAAM,WAAW,MAAM,MAAM,UAAU;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,aAAa;AAAA,QACb,qBAAqB;AAAA,MACvB;AAAA,MACA,MAAM,KAAK,UAAU,OAAO,IAAI;AAAA,MAChC,QAAQ,OAAO;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,WAAW,MAAM,SAAS,KAAK,EAAE,MAAM,MAAM,EAAE;AACrD,YAAM,IAAI,MAAM,wBAAwB,SAAS,MAAM,IAAI,SAAS,UAAU,GAAG,WAAW,MAAM,QAAQ,KAAK,EAAE,EAAE;AAAA,IACrH;AACA,UAAM,iBAAiB,MAAM,SAAS,KAAK;AAC3C,UAAM,cAAc,KAAK,iBAAiB,eAAe,OAAO,YAAY;AAC5E,UAAM,eAAe,KAAK,iBAAiB,eAAe,OAAO,aAAa;AAC9E,UAAM,QAAQ,MAAM,KAAK,OAAO,yBAAyB,OAAO,iBAAiB;AAAA,MAC/E;AAAA,MACA;AAAA,MACA,iBAAiB,OAAO,eAAe,OAAO,WAAW,eAAe,KAAK;AAAA,MAC7E;AAAA,MACA;AAAA,MACA,aAAa,cAAc;AAAA,MAC3B,kBAAkB,cAAc;AAAA,MAChC,UAAU;AAAA,QACR,cAAc,QAAQ;AAAA,MACxB;AAAA,IACF,CAAC;AACD,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAW;AACf,UAAM,KAAK,uBAAuB;AAClC,UAAM,EAAE,OAAO,IAAI,MAAM,KAAK,OAAO,WAAW,KAAK,SAAS;AAC9D,UAAM,aAAa,MAAM,QAAQ,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,cAAc,MAAM,EAAE,CAAC,CAAC;AACxF,WAAO,OAAO,OAAO,CAAC,GAAG,GAAG,UAAU;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,yBAAyB;AAC7B,QAAI;AACF,YAAM,KAAK,OAAO,uBAAuB;AAAA,QACvC,WAAW,KAAK;AAAA,MAClB,CAAC;AAAA,IACH,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,gJAAgJ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACxM;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,cAAc,SAAS;AAC3B,UAAM,yBAAyB,gCAAgC,KAAK,cAAc;AAClF,UAAM,CAAC,YAAY,eAAe,yBAAyB,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC/E,KAAK,OAAO,mBAAmB,OAAO;AAAA,MACtC,KAAK,OAAO,eAAe,OAAO;AAAA,MAClC,KAAK,OAAO;AAAA,QACV;AAAA,QACA,yBAAyB;AAAA,UACvB,0BAA0B,uBAAuB;AAAA,UACjD,uBAAuB,uBAAuB;AAAA,QAChD,IAAI;AAAA,MACN;AAAA,IACF,CAAC;AACD,QAAI,qBAAqB;AACzB,QAAI,oBAAoB;AACxB,QAAI,CAAC,wBAAwB;AAC3B,YAAM,QAAQ,0BAA0B,qBAAqB,WAAW,SAAS;AACjF,UAAI,SAAS,0BAA0B,uBAAuB,0BAA0B,cAAc;AACpG,4BAAoB,MAAM;AAAA,UACxB,KAAK;AAAA,UACL;AAAA,UACA,KAAK;AAAA,QACP;AACA,YAAI,mBAAmB;AACrB,cAAI,0BAA0B,aAAa,KAAK,UAAU,kBAAkB,SAAS;AACnF,kBAAM,IAAI,MAAM,oFAAoF,KAAK,GAAG;AAAA,UAC9G;AACA,cAAI,0BAA0B,aAAa,KAAK,YAAY,kBAAkB,SAAS;AACrF,gBAAI,0BAA0B,aAAa,KAAK,SAAS,kBAAkB,MAAM;AAC/E,oBAAM,IAAI,MAAM,kEAAkE,KAAK,GAAG;AAAA,YAC5F;AAAA,UACF,OAAO;AACL,iCAAqB,MAAM,KAAK,OAAO,yBAAyB,SAAS;AAAA,cACvE,0BAA0B,kBAAkB;AAAA,cAC5C,uBAAuB,kBAAkB;AAAA,YAC3C,CAAC;AAAA,UACH;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,UAAM,oBAAoB,MAAM;AAAA,MAC9B,KAAK;AAAA,MACL;AAAA,MACA;AAAA,IACF;AACA,UAAM,kBAAkB,mBAAmB,qBAAqB,WAAW,SAAS;AACpF,UAAM,yBAAyB,MAAM;AAAA,MACnC,KAAK;AAAA,MACL;AAAA,MACA,mBAAmB,mBAAmB,CAAC;AAAA,MACvC,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AACA,UAAM,YAAY,kBAAkB;AAAA,MAClC,CAAC,cAAc,UAAU,kBAAkB,WAAW;AAAA,IACxD;AACA,UAAM,2BAA2B,uBAAuB,QAAQ,CAAC,cAAc,UAAU,cAAc,WAAW,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,MAAM,oBAAoB,WAAW,qBAAqB;AAChM,UAAM,4BAA4B,WAAW,wBAAwB,uBAAuB;AAAA,MAC1F,CAAC,cAAc,UAAU,oBAAoB,WAAW;AAAA,IAC1D,GAAG,aAAa,0BAA0B,YAAY,WAAW;AACjE,QAAI,CAAC,2BAA2B;AAC9B,YAAM,IAAI;AAAA,QACR,8BAA8B,WAAW,yBAAyB,WAAW,uBAAuB,SAAS;AAAA,MAC/G;AAAA,IACF;AACA,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,WAAW;AAAA,MACX,WAAW,yBAAyB,WAAW;AAAA,MAC/C,WAAW;AAAA,MACX,WAAW;AAAA,MACX,WAAW;AAAA,MACX;AAAA,IACF;AACA,QAAI,CAAC,mBAAmB;AACtB,YAAM,IAAI,MAAM,+DAA+D,OAAO,GAAG;AAAA,IAC3F;AACA,UAAM,MAAM,wBAAwB,WAAW,YAAY,KAAK,aAAa;AAC7E,QAAI,CAAC,cAAc,mBAAmB;AACpC,YAAM,IAAI,MAAM,iBAAiB,OAAO,0CAA0C;AAAA,IACpF;AACA,UAAM,4BAA4B;AAAA,MAChC;AAAA,MACA,cAAc,kBAAkB,WAAW;AAAA,IAC7C;AACA,UAAM,kBAAkB;AAAA,MACtB;AAAA,MACA,cAAc,kBAAkB;AAAA,MAChC,6BAA6B;AAAA,QAC3B,YAAY,cAAc;AAAA,QAC1B,UAAU;AAAA,QACV,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AACA,QAAI,CAAC,iBAAiB;AACpB,YAAM,IAAI,MAAM,kEAAkE,OAAO,GAAG;AAAA,IAC9F;AACA;AAAA,MACE,KAAK;AAAA,MACL,WAAW,OAAO;AAAA,MAClB,0BAA0B;AAAA,IAC5B;AACA,UAAM,cAAc,MAAM,QAAQ;AAAA,MAChC,cAAc,MAAM,IAAI,CAAC,SAAS,KAAK,OAAO,mBAAmB,SAAS,KAAK,EAAE,CAAC;AAAA,IACpF;AACA,UAAM,MAAM,CAAC;AACb,eAAW,QAAQ,aAAa;AAC9B,UAAI,CAAC,KAAK,kBAAkB;AAC1B,cAAM,IAAI,MAAM,sBAAsB,KAAK,EAAE,yCAAyC;AAAA,MACxF;AACA,YAAM,2BAA2B;AAAA,QAC/B;AAAA,QACA,KAAK,iBAAiB,WAAW;AAAA,MACnC;AACA,YAAM,iBAAiB;AAAA,QACrB;AAAA,QACA,KAAK,iBAAiB;AAAA,QACtB,6BAA6B;AAAA,UAC3B,YAAY,KAAK;AAAA,UACjB,UAAU;AAAA,UACV,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AACA,UAAI,CAAC,gBAAgB;AACnB,cAAM,IAAI,MAAM,8DAA8D,KAAK,EAAE,GAAG;AAAA,MAC1F;AACA;AAAA,QACE,KAAK;AAAA,QACL,UAAU,KAAK,EAAE;AAAA,QACjB,yBAAyB;AAAA,MAC3B;AACA,iBAAW,SAAS,KAAK,QAAQ;AAC/B,YAAI,MAAM,UAAU,MAAM;AACxB;AAAA,QACF;AACA,YAAI,qBAAqB,GAAG,KAAK,IAAI,IAAI,MAAM,IAAI,EAAE,CAAC,IAAI;AAAA,UACxD,MAAM;AAAA,UACN;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EACA,MAAM,gCAAgC,iBAAiB;AACrD,UAAM,yBAAyB,gCAAgC,KAAK,cAAc;AAClF,QAAI,UAAU,MAAM,KAAK,OAAO;AAAA,MAC9B;AAAA,MACA,yBAAyB;AAAA,QACvB,0BAA0B,uBAAuB;AAAA,QACjD,uBAAuB,uBAAuB;AAAA,MAChD,IAAI;AAAA,IACN;AACA,QAAI,oBAAoB;AACxB,QAAI,CAAC,wBAAwB;AAC3B,YAAM,QAAQ,QAAQ,aAAa,qBAAqB,WAAW,SAAS;AAC5E,UAAI,SAAS,QAAQ,aAAa,uBAAuB,QAAQ,aAAa,cAAc;AAC1F,4BAAoB,MAAM;AAAA,UACxB,KAAK;AAAA,UACL;AAAA,UACA,KAAK;AAAA,QACP;AACA,YAAI,mBAAmB;AACrB,cAAI,QAAQ,aAAa,aAAa,KAAK,UAAU,kBAAkB,SAAS;AAC9E,kBAAM,IAAI;AAAA,cACR,oFAAoF,KAAK;AAAA,YAC3F;AAAA,UACF;AACA,cAAI,QAAQ,aAAa,aAAa,KAAK,YAAY,kBAAkB,SAAS;AAChF,gBAAI,QAAQ,aAAa,aAAa,KAAK,SAAS,kBAAkB,MAAM;AAC1E,oBAAM,IAAI,MAAM,kEAAkE,KAAK,GAAG;AAAA,YAC5F;AAAA,UACF,OAAO;AACL,sBAAU,MAAM,KAAK,OAAO,wBAAwB,iBAAiB;AAAA,cACnE,0BAA0B,kBAAkB;AAAA,cAC5C,uBAAuB,kBAAkB;AAAA,YAC3C,CAAC;AAAA,UACH;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,UAAM,oBAAoB,MAAM;AAAA,MAC9B,KAAK;AAAA,MACL,QAAQ;AAAA,MACR;AAAA,IACF;AACA,UAAM,kBAAkB,QAAQ,aAAa,qBAAqB,WAAW,SAAS,QAAQ;AAC9F,UAAM,yBAAyB,MAAM;AAAA,MACnC,KAAK;AAAA,MACL;AAAA,MACA,QAAQ,aAAa,mBAAmB,CAAC;AAAA,MACzC,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AACA,UAAM,4BAA4B,KAAK;AAAA,MACrC,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACF;AACA,QAAI,CAAC;AAAA,MACH,QAAQ;AAAA,MACR,QAAQ,WAAW;AAAA,MACnB,QAAQ,WAAW,yBAAyB,QAAQ,WAAW;AAAA,MAC/D,QAAQ,WAAW;AAAA,MACnB,QAAQ,WAAW;AAAA,MACnB,QAAQ,WAAW;AAAA,MACnB;AAAA,IACF,GAAG;AACD,YAAM,IAAI,MAAM,+DAA+D,QAAQ,OAAO,GAAG;AAAA,IACnG;AACA,UAAM,2BAA2B;AAAA,MAC/B,QAAQ;AAAA,MACR,QAAQ,gBAAgB,kBAAkB,WAAW,WAAW;AAAA,IAClE;AACA,QAAI,CAAC,QAAQ,gBAAgB,kBAAkB;AAC7C,YAAM,IAAI,MAAM,sBAAsB,QAAQ,gBAAgB,EAAE,yCAAyC;AAAA,IAC3G;AACA,UAAM,iBAAiB;AAAA,MACrB;AAAA,MACA,QAAQ,gBAAgB,iBAAiB;AAAA,MACzC,6BAA6B;AAAA,QAC3B,YAAY,QAAQ,gBAAgB;AAAA,QACpC,UAAU;AAAA,QACV,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AACA,QAAI,CAAC,gBAAgB;AACnB,YAAM,IAAI;AAAA,QACR,8DAA8D,QAAQ,gBAAgB,EAAE;AAAA,MAC1F;AAAA,IACF;AACA;AAAA,MACE,KAAK;AAAA,MACL,UAAU,QAAQ,gBAAgB,EAAE;AAAA,MACpC,yBAAyB;AAAA,IAC3B;AACA,WAAO;AAAA,EACT;AAAA,EACA,2BAA2B,SAAS;AAClC,UAAM,MAAM,wBAAwB,QAAQ,WAAW,YAAY,KAAK,aAAa;AACrF,UAAM,SAAS,CAAC;AAChB,eAAW,SAAS,QAAQ,gBAAgB,QAAQ;AAClD,UAAI,MAAM,UAAU,MAAM;AACxB;AAAA,MACF;AACA,aAAO,MAAM,IAAI,IAAI,wBAAwB,MAAM,OAAO,GAAG;AAAA,IAC/D;AACA,WAAO;AAAA,EACT;AAAA,EACA,6BAA6B,YAAY,UAAU,WAAW;AAC5D,UAAM,YAAY,SAAS;AAAA,MACzB,CAAC,cAAc,UAAU,kBAAkB,WAAW;AAAA,IACxD;AACA,UAAM,2BAA2B,UAAU,QAAQ,CAAC,cAAc,UAAU,cAAc,WAAW,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,MAAM,oBAAoB,WAAW,qBAAqB;AACnL,UAAM,4BAA4B,WAAW,wBAAwB,UAAU;AAAA,MAC7E,CAAC,cAAc,UAAU,oBAAoB,WAAW;AAAA,IAC1D,GAAG,aAAa,0BAA0B,YAAY,WAAW;AACjE,QAAI,CAAC,2BAA2B;AAC9B,YAAM,IAAI;AAAA,QACR,8BAA8B,WAAW,yBAAyB,WAAW,uBAAuB,SAAS;AAAA,MAC/G;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EACA,mBAAmB,OAAO,OAAO;AAC/B,QAAI,OAAO,UAAU,YAAY,MAAM,WAAW,GAAG;AACnD,YAAM,IAAI,MAAM,WAAW,KAAK,8BAA8B;AAAA,IAChE;AACA,WAAO;AAAA,EACT;AAAA,EACA,2BAA2B,OAAO;AAChC,QAAI,OAAO,UAAU,YAAY,OAAO,SAAS,KAAK,KAAK,SAAS,GAAG;AACrE,aAAO,KAAK,MAAM,KAAK;AAAA,IACzB;AACA,WAAO;AAAA,EACT;AAAA,EACA,iBAAiB,OAAO;AACtB,QAAI,OAAO,UAAU,YAAY,OAAO,SAAS,KAAK,KAAK,SAAS,GAAG;AACrE,aAAO,KAAK,MAAM,KAAK;AAAA,IACzB;AACA,WAAO;AAAA,EACT;AACF;AACA,IAAI,cAAc;;;ACjlDlB,SAAS,2BACP,cACoB;AACpB,QAAM,aAAa,cAAc,cAAc,QAAQ,UAAU;AACjE,MAAI,CAAC,cAAc,gBAAgB,eAAe,GAAG;AACnD,WAAO;AAAA,EACT;AAEA,SAAO,aAAa,aAAa,QAAQ,aAAa,CAAC,GAAG;AAC5D;AAEA,SAAS,aAAa,QAAuC;AAC3D,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO;AAAA,EACT;AAEA,QAAM,eAAe,OAAO,MAAM,GAAG,CAAC,EAAE,IAAI,CAAC,UAAU,MAAM,IAAI;AACjE,QAAM,SAAS,OAAO,SAAS,aAAa,SAAS,UAAU;AAC/D,SAAO,GAAG,OAAO,MAAM,iBAAiB,OAAO,WAAW,IAAI,KAAK,GAAG,KAAK,aAAa,KAAK,IAAI,CAAC,GAAG,MAAM;AAC7G;AAEA,SAAS,oBAAoB,OAAyB;AACpD,SACE,iBAAiB,UAChB,MAAM,QAAQ,SAAS,yBAAyB,KAC/C,MAAM,QAAQ,SAAS,gDAAgD;AAE7E;AAEO,SAAS,kBAAkB,QAA+B;AAC/D,SAAO,OAAO,OAAO,KAAK,CAAC,UAAU,MAAM,WAAW,MAAM;AAC9D;AAKA,eAAsB,gBACpB,YACuB;AACvB,QAAM,SAAuB;AAAA,IAC3B,aAAa,WAAW;AAAA,IACxB,SAAS,WAAW;AAAA,IACpB,KAAK,WAAW;AAAA,IAChB,WAAW,WAAW;AAAA,IACtB,gBAAgB,WAAW;AAAA,IAC3B,gBAAgB,WAAW;AAAA,IAC3B,WAAW,WAAW,QAAQ;AAAA,IAC9B,QAAQ,CAAC;AAAA,IACT,QAAQ,CAAC;AAAA,EACX;AAEA,SAAO,OAAO,KAAK;AAAA,IACjB,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ,GAAG,WAAW,OAAO,GAAG,WAAW,MAAM,gBAAgB,EAAE;AAAA,EACrE,CAAC;AAED,MAAI,CAAC,WAAW,QAAQ;AACtB,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,WAAW,YACf,wBAAwB,WAAW,SAAS,MAC5C;AAAA,IACN,CAAC;AACD,WAAO;AAAA,EACT;AAEA,SAAO,OAAO,KAAK;AAAA,IACjB,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ,eAAe,WAAW,YAAY;AAAA,EAChD,CAAC;AAED,SAAO,OAAO,KAAK;AAAA,IACjB,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ,WAAW,YACf,oCAAoC,WAAW,SAAS,MACxD;AAAA,EACN,CAAC;AAED,QAAM,SAAS,IAAI,UAAU,WAAW,QAAQ,WAAW,OAAO;AAClE,MAAI;AACJ,MAAI;AAEJ,MAAI;AACF,sBAAkB,MAAM,OAAO,mBAAmB;AAClD,WAAO,cAAc,gBAAgB,OAAO;AAC5C,WAAO,QAAQ,gBAAgB,IAAI;AACnC,WAAO,UAAU,gBAAgB,IAAI,QAAQ;AAC7C,WAAO,WAAW,gBAAgB,QAAQ,MAAM;AAChD,WAAO,aAAa,gBAAgB,QAAQ,QAAQ;AACpD,WAAO,UAAU,gBAAgB,UAAU,WAAW,WAAW,QAAQ;AACzE,WAAO,YAAY,gBAAgB,OAAO,QAAQ,WAAW,QAAQ;AACrE,WAAO,WAAW,gBAAgB;AAElC,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,GAAG,gBAAgB,OAAO,KAAK,WAAW,gBAAgB,IAAI,QAAQ,gBAAgB,IAAI,EAAE,GAClG,gBAAgB,SAAS,MAAM,gBAAgB,OAAO,QAAQ,gBAAgB,OAAO,EAAE,KAAK,EAC9F,iBAAiB,gBAAgB,OAAO,OAAO;AAAA,IACjD,CAAC;AAAA,EACH,SAAS,OAAO;AACd,WAAO,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAClF,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,+BAA+B,OAAO,mBAAmB;AAAA,IACnE,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,WAAW,gBAAgB;AAC9B,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AAAA,EACH,OAAO;AACL,QAAI;AACF,YAAM,gBAAgB,eAAe,WAAW,cAAc;AAC9D,YAAM,eAAe,gBAAgB,aAAa;AAClD,qBAAe,MAAM,OAAO,uBAAuB,EAAE,WAAW,aAAa,CAAC;AAC9E,aAAO,UACL,OAAO,WACP,2BAA2B,YAAY,KACvC,WAAW,QAAQ;AACrB,aAAO,eAAe;AAAA,QACpB,iBAAiB,aAAa;AAAA,QAC9B,aAAa,aAAa;AAAA,MAC5B;AAEA,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ,UAAU,WAAW,cAAc;AAAA,MAC7C,CAAC;AACD,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ,6BAA6B,aAAa,eAAe;AAAA,MACnE,CAAC;AACD,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ,OAAO,UAAU,SAAS;AAAA,QAClC,QAAQ,OAAO,UACX,SAAS,OAAO,OAAO,GAAG,OAAO,YAAY,KAAK,OAAO,SAAS,MAAM,EAAE,MAC1E;AAAA,MACN,CAAC;AAAA,IACH,SAAS,OAAO;AACd,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ,iBAAiB,WAAW,cAAc;AAAA,MACpD,CAAC;AACD,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,MAC/D,CAAC;AACD,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,SAAgC,CAAC;AACrC,MAAI;AACF,UAAM,WAAW,MAAM,OAAO,WAAW,WAAW,SAAS;AAC7D,aAAS,SAAS;AAClB,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,aAAa,MAAM;AAAA,IAC7B,CAAC;AAAA,EACH,SAAS,OAAO;AACd,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAC/D,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO;AAAA,EACT;AAEA,MAAI,qBAAqB;AACzB,MAAI,mBAAmB;AAEvB,aAAW,SAAS,QAAQ;AAC1B,QAAI;AACF,YAAM,OAAO,mBAAmB,MAAM,EAAE;AACxC,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI,MAAM;AAAA,QACV,MAAM,MAAM;AAAA,QACZ,WAAW,MAAM;AAAA,QACjB,kBAAkB;AAAA,MACpB,CAAC;AAAA,IACH,SAAS,OAAO;AACd,UAAI,oBAAoB,KAAK,GAAG;AAC9B,8BAAsB;AACtB,eAAO,OAAO,KAAK;AAAA,UACjB,IAAI,MAAM;AAAA,UACV,MAAM,MAAM;AAAA,UACZ,WAAW,MAAM;AAAA,UACjB,kBAAkB;AAAA,UAClB,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAC/D,CAAC;AACD;AAAA,MACF;AAEA,0BAAoB;AACpB,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI,MAAM;AAAA,QACV,MAAM,MAAM;AAAA,QACZ,WAAW,MAAM;AAAA,QACjB,kBAAkB;AAAA,QAClB,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,MAC/D,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,mBAAmB,GAAG;AACxB,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,GAAG,gBAAgB,cAAc,qBAAqB,IAAI,KAAK,GAAG;AAAA,IAC5E,CAAC;AAAA,EACH,WAAW,qBAAqB,GAAG;AACjC,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,GAAG,kBAAkB,OAAO,OAAO,MAAM,iBAAiB,OAAO,WAAW,IAAI,KAAK,GAAG;AAAA,IAClG,CAAC;AAAA,EACH,OAAO;AACL,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,oCAAoC,OAAO,MAAM,iBAAiB,OAAO,WAAW,IAAI,KAAK,GAAG;AAAA,IAC1G,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,WAAW,gBAAgB;AAC9B,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,KAAK,MAAM,YAAG,OAAO;AAAA,MACzB,QAAQ,WAAW;AAAA,MACnB,SAAS,WAAW;AAAA,MACpB,KAAK,WAAW;AAAA,MAChB,WAAW,WAAW;AAAA,MACtB,gBAAgB,WAAW;AAAA,MAC3B,gBAAgB,WAAW;AAAA,IAC7B,CAAC;AACD,WAAO,cAAc,OAAO,KAAK,GAAG,GAAG,EAAE;AACzC,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,oDAAoD,OAAO,WAAW,WAAW,OAAO,gBAAgB,IAAI,KAAK,GAAG;AAAA,IAC9H,CAAC;AAAA,EACH,SAAS,OAAO;AACd,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAC/D,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AF7XA,SAAS,aAAa,QAAmC;AACvD,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAOC,OAAM,MAAM,MAAM;AAAA,IAC3B,KAAK;AACH,aAAOA,OAAM,OAAO,MAAM;AAAA,IAC5B,KAAK;AACH,aAAOA,OAAM,IAAI,MAAM;AAAA,IACzB;AACE,aAAOA,OAAM,KAAK,MAAM;AAAA,EAC5B;AACF;AAEO,SAAS,kBAAkB,QAA4B;AAC5D,UAAQ,IAAI;AACZ,UAAQ,IAAIA,OAAM,KAAK,aAAa,CAAC;AACrC,UAAQ,IAAI;AAEZ;AAAA,IACE;AAAA,MACE,CAAC,WAAW,OAAO,WAAW;AAAA,MAC9B,CAAC,YAAY,OAAO,OAAO;AAAA,MAC3B,CAAC,QAAQ,OAAO,MAAM,QAAQ,MAAM;AAAA,MACpC,CAAC,cAAc,OAAO,aAAaA,OAAM,IAAI,WAAW,CAAC;AAAA,MACzD,CAAC,iBAAiB,OAAO,eAAeA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC9D,CAAC,gBAAgB,OAAO,WAAW,OAAO,SAASA,OAAM,IAAI,WAAW,CAAC;AAAA,MACzE,CAAC,UAAU,OAAO,cAAc,OAAO,YAAYA,OAAM,IAAI,aAAa,CAAC;AAAA,MAC3E,CAAC,eAAe,OAAO,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC/D,CAAC,eAAe,OAAO,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC/D,CAAC,YAAY,OAAO,WAAW,OAAO,aAAaA,OAAM,IAAI,WAAW,CAAC;AAAA,IAC3E;AAAA,IACA;AAAA,EACF;AAEA,UAAQ,IAAI;AACZ;AAAA,IACE,CAAC,SAAS,UAAU,QAAQ;AAAA,IAC5B,OAAO,OAAO,IAAI,CAAC,UAAU;AAAA,MAC3B,MAAM;AAAA,MACN,aAAa,MAAM,MAAM;AAAA,MACzB,MAAM;AAAA,IACR,CAAC;AAAA,IACD;AAAA,EACF;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,YAAQ,IAAI;AACZ,YAAQ,IAAIA,OAAM,KAAK,UAAU,CAAC;AAClC,YAAQ,IAAI;AACZ;AAAA,MACE,CAAC,SAAS,SAAS,eAAe,QAAQ;AAAA,MAC1C,OAAO,OAAO,IAAI,CAAC,UAAU;AAAA,QAC3B,MAAM;AAAA,QACN,OAAO,MAAM,SAAS;AAAA,QACtB,MAAM;AAAA,QACN,MAAM,UAAU;AAAA,MAClB,CAAC;AAAA,MACD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,YAAY,OAAO,SAAS,SAAS,GAAG;AACjD,YAAQ,IAAIA,OAAM,OAAO,YAAY,CAAC;AACtC,eAAW,WAAW,OAAO,UAAU;AACrC,cAAQ,IAAIA,OAAM,OAAO,OAAO,OAAO,EAAE,CAAC;AAAA,IAC5C;AACA,YAAQ,IAAI;AAAA,EACd;AAEA,UAAQ,IAAI;AACd;AAKO,SAAS,cACd,cAAc,UACd,cAAc,kFACL;AACT,SAAO,IAAIC,SAAQ,WAAW,EAC3B,YAAY,WAAW,EACvB;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,UAAU;AAE/C,YAAM,UAAUC,KAAI,8BAA8B,EAAE,MAAM;AAC1D,YAAM,SAAS,MAAM,gBAAgB,UAAU;AAC/C,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAC3C,YAAI,kBAAkB,MAAM,GAAG;AAC7B,kBAAQ,WAAW;AAAA,QACrB;AACA;AAAA,MACF;AAEA,wBAAkB,MAAM;AAExB,UAAI,kBAAkB,MAAM,GAAG;AAC7B,gBAAQ,WAAW;AAAA,MACrB;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AGvHA,OAAOC,SAAQ;AACf,OAAOC,WAAU;AAGjB,SAAS,mBAAmB,WAA2B;AACrD,SAAO,UAAU,KAAK,EAAE,YAAY,EAAE,QAAQ,eAAe,EAAE;AACjE;AAEA,SAAS,oBAAoB,OAAuB;AAClD,QAAM,UAAU,MAAM,KAAK;AAC3B,MACG,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,KAC/C,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,GAChD;AACA,WAAO,QAAQ,MAAM,GAAG,EAAE,EAAE,KAAK;AAAA,EACnC;AACA,SAAO;AACT;AAEA,SAAS,iBAAiB,OAAoC;AAC5D,QAAM,aAAa,MAAM,KAAK,EAAE,YAAY;AAC5C,MAAI,CAAC,KAAK,QAAQ,OAAO,MAAM,OAAO,aAAa,EAAE,SAAS,UAAU,GAAG;AACzE,WAAO;AAAA,EACT;AACA,MAAI,CAAC,KAAK,SAAS,MAAM,OAAO,QAAQ,YAAY,EAAE,SAAS,UAAU,GAAG;AAC1E,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,WACP,QACA,WACA,UACM;AACN,QAAM,QAAQ,oBAAoB,QAAQ;AAC1C,MAAI,CAAC,OAAO;AACV;AAAA,EACF;AAEA,QAAM,aAAa,mBAAmB,SAAS;AAE/C,MAAI,CAAC,UAAU,YAAY,eAAe,EAAE,SAAS,UAAU,GAAG;AAChE,WAAO,SAAS;AAChB;AAAA,EACF;AAEA,MAAI,CAAC,aAAa,eAAe,eAAe,UAAU,OAAO,EAAE,SAAS,UAAU,GAAG;AACvF,WAAO,YAAY;AACnB;AAAA,EACF;AAEA,MAAI,CAAC,aAAa,eAAe,UAAU,gBAAgB,iBAAiB,EAAE,SAAS,UAAU,GAAG;AAClG,WAAO,YAAY;AACnB;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,aAAa,UAAU,cAAc,iBAAiB,KAAK,EAAE,SAAS,UAAU,GAAG;AACjG,WAAO,UAAU;AACjB;AAAA,EACF;AAEA,MAAI,CAAC,eAAe,OAAO,mBAAmB,EAAE,SAAS,UAAU,GAAG;AACpE,UAAM,MAAM,iBAAiB,KAAK;AAClC,QAAI,QAAQ,QAAW;AACrB,aAAO,MAAM;AAAA,IACf;AACA;AAAA,EACF;AAEA,MAAI,CAAC,aAAa,eAAe,WAAW,gBAAgB,gBAAgB,EAAE,SAAS,UAAU,GAAG;AAClG,WAAO,YAAY;AACnB;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,aAAa,WAAW,EAAE,SAAS,UAAU,GAAG;AAC9D,WAAO,UAAU;AACjB;AAAA,EACF;AAEA,MAAI,CAAC,aAAa,eAAe,aAAa,EAAE,SAAS,UAAU,GAAG;AACpE,WAAO,YAAY;AAAA,EACrB;AACF;AAEA,SAAS,eAAe,QAAwD;AAC9E,MAAI,CAAC,OAAO,UAAU,OAAO,aAAa,OAAO,WAAW;AAC1D,WAAO,SAAS,GAAG,OAAO,SAAS,IAAI,OAAO,SAAS;AAAA,EACzD;AAEA,SAAO;AACT;AAEA,SAAS,iBAAiB,SAAyC;AACjE,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,QAAM,SAAiC,CAAC;AAExC,QAAM,UAAU,CAAC,MAAM;AAEvB,aAAW,OAAO,CAAC,eAAe,SAAS,GAAG;AAC5C,UAAM,SAAS,OAAO,GAAG;AACzB,QAAI,UAAU,OAAO,WAAW,UAAU;AACxC,cAAQ,KAAK,MAAiC;AAAA,IAChD;AAAA,EACF;AAEA,aAAW,UAAU,SAAS;AAC5B,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,UAAI,OAAO,UAAU,UAAU;AAC7B,mBAAW,QAAQ,KAAK,KAAK;AAAA,MAC/B,WAAW,OAAO,UAAU,WAAW;AACrC,mBAAW,QAAQ,KAAK,OAAO,KAAK,CAAC;AAAA,MACvC;AAAA,IACF;AAAA,EACF;AAEA,SAAO,eAAe,MAAM;AAC9B;AAEA,SAAS,gBAAgB,SAAyC;AAChE,QAAM,SAAiC,CAAC;AACxC,aAAW,WAAW,QAAQ,MAAM,OAAO,GAAG;AAC5C,UAAM,OAAO,QAAQ,KAAK;AAC1B,QAAI,CAAC,QAAQ,KAAK,WAAW,GAAG,GAAG;AACjC;AAAA,IACF;AAEA,UAAM,iBAAiB,KAAK,QAAQ,GAAG;AACvC,QAAI,mBAAmB,IAAI;AACzB;AAAA,IACF;AAEA,UAAM,MAAM,KAAK,MAAM,GAAG,cAAc,EAAE,KAAK;AAC/C,UAAM,QAAQ,KAAK,MAAM,iBAAiB,CAAC,EAAE,KAAK;AAClD,eAAW,QAAQ,KAAK,KAAK;AAAA,EAC/B;AAEA,SAAO,eAAe,MAAM;AAC9B;AAEA,SAAS,aAAa,MAAwB;AAC5C,QAAM,QAAkB,CAAC;AACzB,MAAI,UAAU;AACd,MAAI,WAAW;AAEf,WAAS,QAAQ,GAAG,QAAQ,KAAK,QAAQ,SAAS,GAAG;AACnD,UAAM,YAAY,KAAK,KAAK;AAE5B,QAAI,cAAc,KAAK;AACrB,YAAM,gBAAgB,KAAK,QAAQ,CAAC;AACpC,UAAI,YAAY,kBAAkB,KAAK;AACrC,mBAAW;AACX,iBAAS;AAAA,MACX,OAAO;AACL,mBAAW,CAAC;AAAA,MACd;AACA;AAAA,IACF;AAEA,QAAI,cAAc,OAAO,CAAC,UAAU;AAClC,YAAM,KAAK,QAAQ,KAAK,CAAC;AACzB,gBAAU;AACV;AAAA,IACF;AAEA,eAAW;AAAA,EACb;AAEA,QAAM,KAAK,QAAQ,KAAK,CAAC;AACzB,SAAO;AACT;AAEA,SAAS,sBAAsB,QAA0C;AACvE,QAAM,SAAiC,CAAC;AAExC,MAAI,OAAO,UAAU,GAAG;AACtB,WAAO,YAAY,oBAAoB,OAAO,CAAC,KAAK,EAAE;AAAA,EACxD;AACA,MAAI,OAAO,UAAU,GAAG;AACtB,WAAO,YAAY,oBAAoB,OAAO,CAAC,KAAK,EAAE;AAAA,EACxD;AACA,MAAI,OAAO,UAAU,GAAG;AACtB,UAAM,aAAa,oBAAoB,OAAO,CAAC,KAAK,EAAE;AACtD,QAAI,WAAW,WAAW,SAAS,KAAK,WAAW,WAAW,UAAU,GAAG;AACzE,aAAO,UAAU;AAAA,IACnB,WAAW,YAAY;AACrB,aAAO,YAAY;AAAA,IACrB;AAAA,EACF;AACA,MAAI,OAAO,UAAU,GAAG;AACtB,UAAM,cAAc,oBAAoB,OAAO,CAAC,KAAK,EAAE;AACvD,QAAI,CAAC,OAAO,WAAW;AACrB,aAAO,YAAY;AAAA,IACrB,WAAW,CAAC,OAAO,SAAS;AAC1B,aAAO,UAAU;AAAA,IACnB;AAAA,EACF;AAEA,SAAO,eAAe,MAAM;AAC9B;AAEA,SAAS,gBAAgB,SAAyC;AAChE,QAAM,QAAQ,QACX,MAAM,OAAO,EACb,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC;AAEnC,MAAI,MAAM,WAAW,GAAG;AACtB,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,WAAW,aAAa,MAAM,CAAC,KAAK,EAAE;AAC5C,QAAM,eAAe,SAAS,IAAI,kBAAkB;AACpD,QAAM,kBAAkB,aAAa;AAAA,IAAK,CAAC,WACzC;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,EAAE,SAAS,MAAM;AAAA,EACnB;AAEA,MAAI,CAAC,iBAAiB;AACpB,WAAO,sBAAsB,QAAQ;AAAA,EACvC;AAEA,QAAM,UAAU,MAAM,MAAM,CAAC,EAAE,KAAK,CAAC,SAAS,KAAK,KAAK,EAAE,SAAS,CAAC;AACpE,MAAI,CAAC,SAAS;AACZ,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,SAAS,aAAa,OAAO;AACnC,QAAM,SAAiC,CAAC;AAExC,aAAW,CAAC,OAAO,MAAM,KAAK,SAAS,QAAQ,GAAG;AAChD,eAAW,QAAQ,QAAQ,OAAO,KAAK,KAAK,EAAE;AAAA,EAChD;AAEA,SAAO,eAAe,MAAM;AAC9B;AAEA,SAAS,sBAAsB,SAAyC;AACtE,QAAM,UAAU,QAAQ,KAAK;AAC7B,MAAI,CAAC,SAAS;AACZ,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,QAAQ,SAAS,GAAG,KAAK,CAAC,KAAK,KAAK,OAAO,GAAG;AAChD,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B;AAEA,QAAM,cAAc,aAAa,OAAO;AACxC,MAAI,YAAY,UAAU,GAAG;AAC3B,WAAO,sBAAsB,WAAW;AAAA,EAC1C;AAEA,SAAO,CAAC;AACV;AAWO,SAAS,qBAAqB,qBAAqD;AACxF,QAAM,eAAeA,MAAK,QAAQ,mBAAmB;AACrD,QAAM,UAAUD,IAAG,aAAa,cAAc,MAAM;AACpD,QAAM,YAAYC,MAAK,QAAQ,YAAY,EAAE,YAAY;AAEzD,MAAI,cAAc,SAAS;AACzB,WAAO,iBAAiB,OAAO;AAAA,EACjC;AAEA,MAAI,cAAc,QAAQ;AACxB,WAAO,gBAAgB,OAAO;AAAA,EAChC;AAEA,MAAI,cAAc,QAAQ;AACxB,WAAO,gBAAgB,OAAO;AAAA,EAChC;AAEA,MAAI,QAAQ,SAAS,GAAG,KAAK,CAAC,QAAQ,KAAK,EAAE,WAAW,GAAG,GAAG;AAC5D,WAAO,gBAAgB,OAAO;AAAA,EAChC;AAEA,MAAI,QAAQ,SAAS,GAAG,KAAK,QAAQ,SAAS,IAAI,GAAG;AACnD,UAAM,YAAY,gBAAgB,OAAO;AACzC,QAAI,UAAU,UAAU,UAAU,aAAa,UAAU,WAAW;AAClE,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,QAAQ,KAAK,EAAE,WAAW,GAAG,GAAG;AAClC,WAAO,iBAAiB,OAAO;AAAA,EACjC;AAEA,SAAO,sBAAsB,OAAO;AACtC;;;AC1SA,SAAS,iBAAiB,UAAyD;AACjF,MAAI,SAAS,OAAO,MAAM,SAAS,UAAU,SAAS;AACpD,WAAO;AAAA,EACT;AACA,MAAI,SAAS,UAAU,WAAW;AAChC,WAAO;AAAA,EACT;AACA,MAAI,SAAS,UAAU,WAAW;AAChC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAGO,SAAS,kBACd,UAGQ;AACR,MAAI,oBAAoB,YAAY,SAAS,gBAAgB;AAC3D,WAAO,SAAS;AAAA,EAClB;AAEA,MAAI,WAAW,UAAU;AACvB,QAAI,SAAS,OAAO,MAAM;AACxB,aAAO,SAAS,MAAM;AAAA,IACxB;AACA,QAAI,SAAS,UAAU,SAAS;AAC9B,aAAO,SAAS,UAAU;AAAA,IAC5B;AACA,QAAI,SAAS,UAAU,WAAW;AAChC,aAAO,YAAY,SAAS,UAAU,SAAS;AAAA,IACjD;AACA,QAAI,SAAS,UAAU,WAAW;AAChC,aAAO,WAAW,SAAS,UAAU,SAAS;AAAA,IAChD;AACA,WAAO,SAAS,OAAO;AAAA,EACzB;AAEA,MAAI,SAAS,aAAa;AACxB,WAAO,SAAS;AAAA,EAClB;AAEA,SAAO,SAAS,cAAc;AAChC;AAGO,SAAS,mBACd,UACwB;AACxB,QAAM,gBAAgB,iBAAiB,QAAQ;AAC/C,QAAM,cACJ,SAAS,OAAO,MAChB,SAAS,UAAU,WACnB,SAAS,UAAU,aACnB,SAAS,UAAU,aACnB;AAEF,SAAO;AAAA,IACL,UAAU,SAAS,OAAO;AAAA,IAC1B,YAAY,SAAS,OAAO;AAAA,IAC5B,aAAa,SAAS,OAAO;AAAA,IAC7B,eAAe,SAAS,OAAO;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,gBAAgB,kBAAkB,QAAQ;AAAA,IAC1C,OAAO,SAAS,IAAI;AAAA,IACpB,SAAS,SAAS,IAAI,QAAQ,SAAS,IAAI;AAAA,IAC3C,UAAU,SAAS,QAAQ;AAAA,IAC3B,YAAY,SAAS,QAAQ,QAAQ,SAAS,QAAQ;AAAA,IACtD,aAAa,SAAS,QAAQ;AAAA,IAC9B,WAAW,SAAS,QAAQ;AAAA,IAC5B,iBAAgB,oBAAI,KAAK,GAAE,YAAY;AAAA,EACzC;AACF;AAGO,SAAS,uBACd,SACA,UACiB;AACjB,QAAM,cAA+B;AAAA,IACnC,GAAG;AAAA,IACH,UAAU,mBAAmB,QAAQ;AAAA,EACvC;AAEA,MAAI,SAAS,OAAO,MAAM,SAAS,UAAU,SAAS;AACpD,gBAAY,UAAU,SAAS,OAAO,MAAM,SAAS,UAAU,WAAW;AAC1E,gBAAY,YAAY,SAAS,OAAO,QAAQ,YAAY;AAAA,EAC9D,OAAO;AACL,WAAO,YAAY;AACnB,WAAO,YAAY;AAAA,EACrB;AAEA,SAAO;AACT;;;ACrFO,SAAS,iBACd,aACA,SACiB;AACjB,QAAM,cAAc,EAAE,GAAG,QAAQ;AACjC,QAAM,SAAS,WAAW;AAC1B;AAAA,IACE,kBAAkB,cAAc,QAAQ,aAAa,WAAW,GAAG,WAAW;AAAA,EAChF;AACA,SAAO;AACT;AAKO,SAAS,kBAAkB,aAAqB,QAAsB;AAC3E,QAAM,QAAQ,YAAY,MAAM;AAChC,MAAI,OAAO;AACT,2BAAuB,aAAa,KAAK;AACzC;AAAA,EACF;AAEA,QAAM,IAAI,MAAM,8CAA8C;AAChE;AAKO,SAAS,qBACd,aACA,UACiB;AACjB,QAAM,SAAS,WAAW;AAC1B,QAAM,iBAAiB,iBAAiB,QAAQ,WAAW;AAC3D,QAAM,cAAc,uBAAuB,gBAAgB,QAAQ;AACnE,aAAW,cAAc,QAAQ,aAAa,WAAW,CAAC;AAC1D,SAAO;AACT;;;ACtDA,OAAO,cAAc;AACrB,SAAS,gBAAgB;AAczB,IAAM,gBAAN,cAA4B,SAAS;AAAA,EACnC,QAAQ;AAAA,EAER,OAAO,OAAwB,WAA2B,UAA4B;AACpF,QAAI,CAAC,KAAK,OAAO;AACf,cAAQ,OAAO,MAAM,KAAK;AAAA,IAC5B;AACA,aAAS;AAAA,EACX;AACF;AAGA,eAAsB,WACpB,UACA,UAA6B,CAAC,GACb;AACjB,QAAM,SAAS,IAAI,cAAc;AACjC,QAAM,eAAe,QAAQ,eAAe,KAAK,QAAQ,YAAY,MAAM;AAC3E,QAAM,QAAQ,GAAG,QAAQ,GAAG,YAAY;AAExC,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,UAAM,KAAK,SAAS,gBAAgB;AAAA,MAClC,OAAO,QAAQ;AAAA,MACf;AAAA,MACA,UAAU;AAAA,IACZ,CAAC;AAED,UAAM,eAAe,CAAC,cAAsB;AAC1C,YAAM,SAAS,UAAU,KAAK,KAAK,QAAQ,gBAAgB;AAC3D,UAAI,QAAQ,aAAa,SAAS,CAAC,QAAQ;AACzC,WAAG,MAAM;AACT,aAAK,WAAW,UAAU,OAAO,EAAE,KAAK,OAAO;AAC/C;AAAA,MACF;AAEA,SAAG,MAAM;AACT,cAAQ,MAAM;AAAA,IAChB;AAEA,QAAI,QAAQ,QAAQ;AAClB,cAAQ,OAAO,MAAM,KAAK;AAC1B,aAAO,QAAQ;AACf,SAAG,SAAS,IAAI,CAAC,WAAW;AAC1B,eAAO,QAAQ;AACf,gBAAQ,OAAO,MAAM,IAAI;AACzB,qBAAa,MAAM;AAAA,MACrB,CAAC;AACD;AAAA,IACF;AAEA,OAAG,SAAS,OAAO,YAAY;AAAA,EACjC,CAAC;AACH;AAoBA,eAAsB,aACpB,UACA,SACA,cACY;AACZ,UAAQ,IAAI;AACZ,UAAQ,IAAI,KAAK,QAAQ,EAAE;AAC3B,UAAQ,QAAQ,CAAC,QAAQ,UAAU;AACjC,UAAM,SAAS,OAAO,cAAc,IAAI,OAAO,WAAW,KAAK;AAC/D,YAAQ,IAAI,KAAK,QAAQ,CAAC,KAAK,OAAO,KAAK,GAAG,MAAM,EAAE;AAAA,EACxD,CAAC;AAED,QAAM,eACJ,iBAAiB,SACb,KAAK;AAAA,IACH,QAAQ,UAAU,CAAC,WAAW,OAAO,UAAU,YAAY;AAAA,IAC3D;AAAA,EACF,IAAI,IACJ;AAEN,SAAO,MAAM;AACX,UAAM,SAAS,MAAM,WAAW,oBAAoB;AAAA,MAClD,cAAc,OAAO,YAAY;AAAA,IACnC,CAAC;AACD,UAAM,eAAe,OAAO,SAAS,QAAQ,EAAE;AAC/C,UAAM,mBACJ,OAAO,UAAU,YAAY,KAAK,gBAAgB,KAAK,gBAAgB,QAAQ,SAC3E,QAAQ,eAAe,CAAC,IACxB;AACN,QAAI,kBAAkB;AACpB,aAAO,iBAAiB;AAAA,IAC1B;AAEA,UAAM,kBAAkB,QAAQ,KAAK,CAAC,WAAW,OAAO,UAAU,MAAM;AACxE,QAAI,iBAAiB;AACnB,aAAO,gBAAgB;AAAA,IACzB;AAAA,EACF;AACF;;;APpFA,SAAS,WAAW,QAIG;AACrB,QAAM,aAAa,OAAO,cAAc,QAAQ,UAAU;AAC1D,MAAI,CAAC,OAAO,gBAAgB,eAAe,GAAG;AAC5C,WAAO;AAAA,EACT;AAEA,SAAO,OAAO,aAAa,QAAQ,aAAa,CAAC,GAAG;AACtD;AAEA,SAAS,+BACP,SACA,QACA,YACA,gBACiB;AACjB,MAAI,cAA+B,EAAE,GAAG,QAAQ;AAEhD,MAAI,CAAC,WAAW,WAAW,WAAW,QAAQ,MAAM;AAClD,QAAI,OAAO,SAAS;AAClB,kBAAY,UAAU,OAAO;AAC7B,aAAO,YAAY;AAAA,IACrB,WAAW,OAAO,QAAQ,MAAM;AAC9B,kBAAY,MAAM;AAClB,aAAO,YAAY;AAAA,IACrB,WAAW,OAAO,QAAQ,OAAO;AAC/B,aAAO,YAAY;AAAA,IACrB;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,aAAa,OAAO,WAAW;AAC7C,gBAAY,YAAY,OAAO;AAAA,EACjC;AAEA,MAAI,OAAO,SAAS;AAClB,gBAAY,UAAU,OAAO;AAAA,EAC/B;AAEA,MAAI,OAAO,WAAW;AACpB,gBAAY,YAAY,OAAO;AAAA,EACjC;AAEA,cAAY,iBAAiB;AAE7B,gBAAc,mCAAmC,aAAa,UAAU;AACxE,SAAO;AACT;AAGO,SAAS,cAAuB;AACrC,SAAO,IAAIC,SAAQ,MAAM,EACtB,YAAY,wFAAwF,EACpG;AAAA,IACC;AAAA,IACA;AAAA,EACF,EACC;AAAA,IACC;AAAA,MACE,OACE,MAGA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,WAAW;AAC1B,cAAM,cAAc;AAAA,UAClB;AAAA,UACA,WAAW;AAAA,UACX,QAAQ,IAAI;AAAA,QACd;AACA,cAAM,kBAAkB,iBAAiB,QAAQ,WAAW;AAC5D,cAAM,SAAS,KAAK,kBAChB,qBAAqB,KAAK,eAAe,IACzC,CAAC;AACL,cAAM,oBAAoB,uBAAuB,WAAW;AAE5D,YAAI,SACF,WAAW,UACX,QAAQ,IAAI,cACZ;AAAA,UACE,QAAQ,IAAI;AAAA,UACZ,QAAQ,IAAI;AAAA,QACd,KACA,OAAO,UACP;AAAA,UACE,mBAAmB;AAAA,UACnB,mBAAmB;AAAA,QACrB;AAEF,YAAI,CAAC,QAAQ;AACX,mBAAS,MAAM,WAAW,yBAAyB;AAAA,YACjD,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAEA,YAAI,CAAC,QAAQ;AACX,gBAAM,IAAI,MAAM,sBAAsB;AAAA,QACxC;AAEA,YAAI,CAAC,OAAO,SAAS,GAAG,GAAG;AACzB,eAAK,gDAAgD;AAAA,QACvD;AAEA,YAAI,WAAW,WAAW,WAAW,KAAK;AACxC,eAAK,qFAAqF;AAAA,QAC5F;AAEA,cAAM,iBACJ,sBAAsB;AAAA,UACpB,SAAS,WAAW;AAAA,UACpB,SAAS,QAAQ,IAAI;AAAA,UACrB,aAAa,gBAAgB;AAAA,UAC7B;AAAA,UACA,uBAAuB;AAAA,QACzB,CAAC,EAAE;AAEL,YAAI,CAAC,gBAAgB;AACnB,gBAAM,IAAI,MAAM,iEAAiE;AAAA,QACnF;AAEA,cAAM,aAAaC,KAAI,4CAA4C,EAAE,MAAM;AAC3E,cAAM,EAAE,eAAe,QAAQ,IAAI,iBAAiB,cAAc;AAClE,mBAAW,KAAK;AAEhB,cAAM,eAAe,gBAAgB,aAAa;AAClD,cAAM,cAAc;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAEA,cAAM,cAAc,0BAA0B,YAAY,WAAW;AACrE,cAAM,SAAS,IAAI,UAAU,QAAQ,YAAY,OAAO;AAExD,cAAM,kBAAkBA,KAAI,qCAAqC,EAAE,MAAM;AACzE,cAAM,eAAe,MAAM,OAAO,uBAAuB;AAAA,UACvD,WAAW;AAAA,QACb,CAAC;AACD,wBAAgB,KAAK;AAErB,cAAM,eAAgC;AAAA,UACpC,GAAG;AAAA,UACH,SAAS,WAAW,YAAY,KAAK,YAAY;AAAA,QACnD;AAEA,0BAAkB,aAAa,MAAM;AACrC,yBAAiB,aAAa,YAAY;AAE1C;AAAA,UACE,UACI,8BAA8B,cAAc,KAC5C,sCAAsC,cAAc;AAAA,QAC1D;AACA,gBAAQ,kBAAkB,WAAW,2BAA2B;AAEhE,cAAM,mBAAmB;AAAA,UACvB,EAAE,GAAG,YAAY,SAAS,YAAY;AAAA,UACtC,EAAE,eAAe,MAAM,mBAAmB,KAAK;AAAA,QACjD;AACA,cAAM,gBAAgBA,KAAI,0BAA0B,EAAE,MAAM;AAC5D,cAAM,SAAS,MAAM,gBAAgB,gBAAgB;AACrD,sBAAc,KAAK;AAEnB,0BAAkB,MAAM;AAExB,YAAI;AACF,gBAAM,WAAW,MAAM,OAAO,mBAAmB;AACjD,+BAAqB,aAAa,QAAQ;AAAA,QAC5C,QAAQ;AAAA,QAER;AAEA,YAAI,kBAAkB,MAAM,GAAG;AAC7B,gBAAM,IAAI;AAAA,YACR;AAAA,UACF;AAAA,QACF;AAEA;AAAA,UACE,kBAAkB,WAAW,kBAAkB,YAAY,UAAU,QAAQ,MAAM;AAAA,QACrF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACJ;;;AQtOA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;AAQT,SAAS,cAAuB;AACrC,SAAO,IAAIC,SAAQ,MAAM,EACtB,YAAY,qBAAqB,EACjC;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,KAAI,oBAAoB,EAAE,MAAM;AAChD,YAAM,WAAW,MAAM,OAAO,WAAW;AACzC,cAAQ,KAAK;AAEb,YAAM,OAAO,SAAS,OAAO,IAAI,CAAC,UAAU;AAAA,QAC1C,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM,YAAY;AAAA,QAClB,MAAM,wBAAwB,QAAQ;AAAA,QACtC,MAAM,eAAe,IAAI,CAAC,UAAU,MAAM,IAAI,EAAE,KAAK,IAAI,KAAK;AAAA,MAChE,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,UAAU,UAAU,UAAU,aAAa,iBAAiB;AAAA,QAC3E;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,SAAS;AAAA,MACX;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC1CA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;AAST,SAAS,wBAAiC;AAC/C,SAAO,IAAIC,SAAQ,kBAAkB,EAClC,YAAY,+CAA+C,EAC3D,SAAS,QAAQ,UAAU,EAC3B;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC,OAAO,WAAW,kCAAkC,EACpD;AAAA,IACC;AAAA,MACE,OACE,IACA,SACA,QACG;AACH,YAAI,CAAC,QAAQ,SAAS,QAAQ,KAAK,WAAW,GAAG;AAC/C,gBAAM,IAAI,MAAM,6CAA6C;AAAA,QAC/D;AAEA,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,KAAI,gCAAgC,EAAE,MAAM;AAC5D,cAAM,OAAO,uBAAuB,IAAI;AAAA,UACtC,OAAO,QAAQ,QAAQ,CAAC,IAAI,QAAQ;AAAA,QACtC,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,IAAI,OAAO,QAAQ,QAAQ,CAAC,IAAI,QAAQ,KAAK,GAAG,MAAM,CAAC,CAAC;AACrF;AAAA,QACF;AAEA,gBAAQ,kCAAkC,EAAE,EAAE;AAAA,MAChD;AAAA,IACF;AAAA,EACF;AACJ;;;ACnDA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;AAQhB,SAAS,qBAAqB,SAMP;AACrB,MAAI,QAAQ,eAAe,QAAQ,UAAU;AAC3C,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,MAAI,QAAQ,uBAAuB,QAAQ,gBAAgB,SAAS,GAAG;AACrE,UAAM,IAAI,MAAM,sEAAsE;AAAA,EACxF;AAEA,QAAM,OAA2B,CAAC;AAElC,MAAI,QAAQ,MAAM;AAChB,SAAK,OAAO,QAAQ;AAAA,EACtB;AAEA,MAAI,QAAQ,aAAa;AACvB,SAAK,WAAW;AAAA,EAClB,WAAW,QAAQ,UAAU;AAC3B,SAAK,WAAW,QAAQ;AAAA,EAC1B;AAEA,MAAI,QAAQ,qBAAqB;AAC/B,SAAK,mBAAmB,CAAC;AAAA,EAC3B,WAAW,QAAQ,gBAAgB,SAAS,GAAG;AAC7C,SAAK,mBAAmB,QAAQ;AAAA,EAClC;AAEA,MAAI,OAAO,KAAK,IAAI,EAAE,WAAW,GAAG;AAClC,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC9C;AAEA,SAAO;AACT;AAGO,SAAS,gBAAyB;AACvC,SAAO,IAAIC,SAAQ,QAAQ,EACxB,YAAY,0BAA0B,EACtC,SAAS,QAAQ,UAAU,EAC3B,OAAO,iBAAiB,gBAAgB,EACxC,OAAO,oBAAoB,qBAAqB,EAChD,OAAO,kBAAkB,4BAA4B,EACrD;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC,OAAO,2BAA2B,uCAAuC,EACzE;AAAA,IACC;AAAA,MACE,OACE,IACA,SAOA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,cAAM,OAAO,qBAAqB,OAAO;AAEzC,cAAM,UAAUC,KAAI,mBAAmB,EAAE,MAAM;AAC/C,cAAM,OAAO,YAAY,IAAI,IAAI;AACjC,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,IAAI,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAC1D;AAAA,QACF;AAEA,gBAAQ,iBAAiB,EAAE,EAAE;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AACJ;;;ACrFO,SAAS,sBAAsBC,UAAwB;AAC5D,QAAM,QAAQA,SAAQ,QAAQ,OAAO,EAAE,YAAY,gDAAgD;AAEnG,QAAM,WAAW,YAAY,CAAC;AAC9B,QAAM,WAAW,WAAW,CAAC;AAC7B,QAAM,WAAW,cAAc,CAAC;AAChC,QAAM,WAAW,cAAc,CAAC;AAChC,QAAM,WAAW,sBAAsB,CAAC;AACxC,QAAM,WAAW,sBAAsB,CAAC;AACxC,QAAM,WAAW,YAAY,CAAC;AAChC;;;ACjBO,SAAS,kBAAkB;AAChC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;;;ACRA,SAAS,WAAAC,gBAAe;AAmBxB,SAASC,gCACP,SACA,QACA,YACiB;AACjB,MAAI,cAAc,EAAE,GAAG,QAAQ;AAE/B,MAAI,CAAC,WAAW,WAAW,WAAW,QAAQ,MAAM;AAClD,QAAI,OAAO,SAAS;AAClB,kBAAY,UAAU,OAAO;AAC7B,aAAO,YAAY;AAAA,IACrB,WAAW,OAAO,QAAQ,MAAM;AAC9B,kBAAY,MAAM;AAClB,aAAO,YAAY;AAAA,IACrB,WAAW,OAAO,QAAQ,OAAO;AAC/B,aAAO,YAAY;AAAA,IACrB;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,aAAa,OAAO,WAAW;AAC7C,gBAAY,YAAY,OAAO;AAAA,EACjC;AAEA,MAAI,OAAO,SAAS;AAClB,gBAAY,UAAU,OAAO;AAAA,EAC/B;AAEA,MAAI,OAAO,WAAW;AACpB,gBAAY,YAAY,OAAO;AAAA,EACjC;AAEA,SAAO,mCAAmC,aAAa,UAAU;AACnE;AAGO,SAAS,eAAwB;AACtC,SAAO,IAAIC,SAAQ,OAAO,EACvB,YAAY,kEAAkE,EAC9E;AAAA,IACC;AAAA,IACA;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYF,EACC;AAAA,IACC;AAAA,MACE,OACE,MAGA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,WAAW;AAC1B,cAAM,cAAc;AAAA,UAClB;AAAA,UACA,WAAW;AAAA,UACX,QAAQ,IAAI;AAAA,QACd;AACA,cAAM,kBAAkB,iBAAiB,QAAQ,WAAW;AAC5D,cAAM,SAAS,KAAK,kBAChB,qBAAqB,KAAK,eAAe,IACzC,CAAC;AACL,cAAM,oBAAoB,uBAAuB,WAAW;AAE5D,YAAI,SACF,WAAW,UACX,QAAQ,IAAI,cACZ;AAAA,UACE,QAAQ,IAAI;AAAA,UACZ,QAAQ,IAAI;AAAA,QACd,KACA,OAAO,UACP;AAAA,UACE,mBAAmB;AAAA,UACnB,mBAAmB;AAAA,QACrB;AAEF,YAAI,CAAC,QAAQ;AACX,mBAAS,MAAM,WAAW,yBAAyB;AAAA,YACjD,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAEA,YAAI,CAAC,QAAQ;AACX,gBAAM,IAAI,MAAM,sBAAsB;AAAA,QACxC;AAEA,YAAI,CAAC,OAAO,SAAS,GAAG,GAAG;AACzB,eAAK,gDAAgD;AAAA,QACvD;AAEA,YAAI,WAAW,WAAW,WAAW,KAAK;AACxC,eAAK,qFAAqF;AAAA,QAC5F;AAEA,cAAM,cAAcD;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAEA,0BAAkB,aAAa,MAAM;AACrC,yBAAiB,aAAa,WAAW;AACzC,gBAAQ,kBAAkB,WAAW,QAAQ,cAAc,CAAC,EAAE;AAAA,MAChE;AAAA,IACF;AAAA,EACF;AACJ;;;AC5IA,SAAS,WAAAE,iBAAe;AAiBjB,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,kDAAkD,EAC9D,OAAO,SAAS,uDAAuD,EACvE;AAAA,IACC,iBAAiB,OAAO,MAAyB,QAAiB;AAChE,UAAI,KAAK,KAAK;AACZ,cAAMC,UAAS,WAAW;AAC1B,mBAAWC,gBAAe,gBAAgBD,OAAM,GAAG;AACjD,kCAAwBC,YAAW;AACnC,uCAA6BA,YAAW;AAAA,QAC1C;AACA,oBAAY;AACZ,gBAAQ,mCAAmC,cAAc,CAAC,EAAE;AAC5D;AAAA,MACF;AAEA,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,WAAW;AAC1B,YAAM,cAAc;AAAA,QAClB;AAAA,QACA,WAAW;AAAA,QACX,QAAQ,IAAI;AAAA,MACd;AAEA,UAAI,CAAC,OAAO,SAAS,WAAW,GAAG;AACjC,cAAM,IAAI,MAAM,YAAY,WAAW,mBAAmB;AAAA,MAC5D;AAEA,UAAI,OAAO,KAAK,OAAO,QAAQ,EAAE,WAAW,GAAG;AAC7C,oBAAY;AAAA,MACd,OAAO;AACL,cAAM,aAAa,cAAc,QAAQ,WAAW;AACpD,mBAAW,UAAU;AAAA,MACvB;AACA,8BAAwB,WAAW;AACnC,mCAA6B,WAAW;AAExC,cAAQ,oBAAoB,WAAW,UAAU,cAAc,CAAC,EAAE;AAAA,IACpE,CAAC;AAAA,EACH;AACJ;;;AC1DA,SAAS,WAAAC,iBAAe;;;ACAxB,OAAOC,aAAY;AAuCZ,IAAM,mBAAN,MAAuB;AAAA,EACX;AAAA,EAEjB,YAAY,SAAiB;AAC3B,SAAK,UAAU,QAAQ,QAAQ,OAAO,EAAE;AAAA,EAC1C;AAAA,EAEA,MAAc,QAAWC,OAAc,MAA4B;AACjE,UAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,GAAGA,KAAI,IAAI;AAAA,MACrD,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,oBAAoB;AAAA,MACtB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,YAAa,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACzD,YAAM,QAAQ,WAAW;AACzB,YAAM,eAAe,OAAO,WAAW,QAAQ,SAAS,MAAM,KAAK,SAAS,UAAU;AACtF,YAAM,IAAI,MAAM,OAAO,YAAY,CAAC;AAAA,IACtC;AAEA,WAAO,SAAS,KAAK;AAAA,EACvB;AAAA;AAAA,EAGA,MAAM,oBAAqD;AACzD,WAAO,KAAK,QAAgC,mCAAmC;AAAA,EACjF;AAAA;AAAA,EAGA,MAAM,cAAc,MAAyD;AAC3E,WAAO,KAAK,QAA+B,oCAAoC,IAAI;AAAA,EACrF;AACF;AAGO,SAAS,oBAAoB,OAAuB;AACzD,SAAOD,QAAO,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AAC/D;;;AC3CA,eAAsB,qBACpB,QACqC;AACrC,QAAM,aAAa,iBAAiB,OAAO,cAAc;AACzD,QAAM,iBAAiB,yBAAyB,OAAO,WAAW;AAClE,QAAM,aAAa,IAAI,iBAAiB,OAAO,OAAO;AACtD,QAAM,YAAY,MAAM,WAAW,kBAAkB;AACrD,QAAM,eAAe,MAAM,WAAW,cAAc;AAAA,IAClD,MAAM,OAAO;AAAA,IACb,SAAS,OAAO,WAAW,OAAO;AAAA,IAClC,OAAO,UAAU;AAAA,IACjB,QAAQ,oBAAoB,UAAU,KAAK;AAAA,IAC3C,WAAW,UAAU;AAAA,IACrB,WAAW,UAAU;AAAA,IACrB,WAAW,gBAAgB,WAAW,aAAa;AAAA,IACnD,kBAAkB,OAAO;AAAA,EAC3B,CAAC;AAED,yBAAuB,OAAO,aAAa;AAAA,IACzC,WAAW,aAAa;AAAA,IACxB,WAAW,aAAa;AAAA,EAC1B,CAAC;AAED;AAAA,IACE,OAAO;AAAA,IACP;AAAA,MACE;AAAA,QACE,GAAG,OAAO;AAAA,QACV,gBAAgB,OAAO;AAAA,QACvB;AAAA,QACA,SAAS,aAAa;AAAA,QACtB,WAAW,OAAO;AAAA,MACpB;AAAA,MACA,OAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI;AAEJ,MAAI;AACF,UAAM,WAAW,MAAM,IAAI,UAAU,aAAa,QAAQ,OAAO,OAAO,EAAE,mBAAmB;AAC7F,yBAAqB,OAAO,aAAa,QAAQ;AAAA,EACnD,SAAS,OAAO;AACd,oBAAgB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,EACvE;AAEA,SAAO;AAAA,IACL;AAAA,IACA,gBAAgB,OAAO;AAAA,IACvB;AAAA,IACA,mBAAmB,WAAW;AAAA,IAC9B;AAAA,EACF;AACF;;;AF/EO,SAAS,uBAAgC;AAC9C,SAAO,IAAIE,UAAQ,gBAAgB,EAChC,YAAY,2EAA2E,EACvF,eAAe,iBAAiB,wBAAwB,EACxD,OAAO,qBAAqB,iDAAiD,EAC7E;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,MACE,OACE,SAKA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,UAAU;AAC/C,cAAM,iBACJ,WAAW,kBAAkB,yBAAyB,WAAW,WAAW;AAC9E,cAAM,SAAS,MAAM,qBAAqB;AAAA,UACxC,aAAa,WAAW;AAAA,UACxB,SAAS,WAAW;AAAA,UACpB,WAAW,QAAQ;AAAA,UACnB,SAAS,QAAQ;AAAA,UACjB,SAAS,WAAW;AAAA,UACpB;AAAA,UACA,gBAAgB;AAAA,YACd,SAAS,WAAW;AAAA,YACpB,KAAK,WAAW;AAAA,YAChB,WAAW,WAAW;AAAA,UACxB;AAAA,UACA,kBAAkB,QAAQ,WAAW,SAAS,IAAI,QAAQ,aAAa;AAAA,QACzE,CAAC;AAED,YAAI,WAAW,MAAM;AACnB,kBAAQ;AAAA,YACN,KAAK;AAAA,cACH;AAAA,gBACE,GAAG,OAAO;AAAA,gBACV,aAAa,WAAW;AAAA,gBACxB,gBAAgB,OAAO;AAAA,gBACvB,gBAAgB,OAAO;AAAA,cACzB;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAAA,UACF;AACA;AAAA,QACF;AAEA;AAAA,UACE,qBAAqB,QAAQ,IAAI,mBAAmB,WAAW,WAAW;AAAA,QAC5E;AACA,gBAAQ,gBAAgB,0BAA0B,WAAW,WAAW,CAAC,EAAE;AAC3E,gBAAQ,gBAAgB,OAAO,cAAc,EAAE;AAC/C,gBAAQ,gBAAgB,OAAO,cAAc,EAAE;AAE/C,YAAI,OAAO,mBAAmB;AAC5B,kBAAQ,sDAAsD;AAAA,QAChE;AAEA,YAAI,OAAO,eAAe;AACxB,eAAK,0DAA0D,OAAO,aAAa,EAAE;AAAA,QACvF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACJ;;;AGpFA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,YAAW;AAQlB,SAAS,QAAQ,KAAqB;AACpC,MAAI,IAAI,UAAU,GAAG;AACnB,WAAO;AAAA,EACT;AACA,SAAO,GAAG,IAAI,UAAU,GAAG,CAAC,CAAC;AAC/B;AAGO,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,gDAAgD,EAC5D;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,UAAU;AAE/C,UAAI,WAAW,MAAM;AACnB,gBAAQ;AAAA,UACN,KAAK;AAAA,YACH;AAAA,cACE,eAAe,QAAQ,WAAW,MAAM;AAAA,cACxC,SAAS,WAAW;AAAA,cACpB,QAAQ,WAAW;AAAA,cACnB,QAAQ,WAAW,SAAS,QAAQ,WAAW,MAAM,IAAI;AAAA,cACzD,iBAAiB,0BAA0B,WAAW,WAAW;AAAA,cACjE,SAAS,WAAW,QAAQ,WAAW;AAAA,cACvC,WAAW,WAAW,QAAQ,aAAa;AAAA,cAC3C,gBAAgB,WAAW,QAAQ,YAAY;AAAA,cAC/C,SAAS,WAAW;AAAA,cACpB,SAAS,WAAW;AAAA,cACpB,WAAW,WAAW,aAAa;AAAA,cACnC,gBAAgB,WAAW,kBAAkB;AAAA,cAC7C,gBAAgB,WAAW,kBAAkB;AAAA,cAC7C,YAAY,cAAc;AAAA,YAC5B;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AACA;AAAA,MACF;AAEA,cAAQ,IAAI;AAEZ,UAAI,CAAC,WAAW,QAAQ;AACtB,gBAAQ,IAAIC,OAAM,KAAK,qBAAqB,CAAC;AAC7C,gBAAQ,IAAI;AACZ,gBAAQ,IAAI,qBAAqBA,OAAM,KAAK,WAAW,WAAW,CAAC,EAAE;AACrE,gBAAQ;AAAA,UACN,WACEA,OAAM,KAAK,cAAc,IACzB,OACAA,OAAM,KAAK,eAAe,IAC1B,UACAA,OAAM,KAAK,eAAe,IAC1B;AAAA,QACJ;AACA,gBAAQ,IAAI;AACZ;AAAA,MACF;AAEA,cAAQ,IAAIA,OAAM,KAAK,iBAAiB,CAAC;AACzC,cAAQ,IAAI;AACZ;AAAA,QACE;AAAA,UACE,CAAC,WAAW,WAAW,WAAW;AAAA,UAClC,CAAC,UAAU,WAAW,YAAY;AAAA,UAClC,CAAC,oBAAoB,0BAA0B,WAAW,WAAW,CAAC;AAAA,UACtE,CAAC,WAAW,QAAQ,WAAW,MAAM,CAAC;AAAA,UACtC;AAAA,YACE;AAAA,YACA,WAAW,QAAQ,UAAU,kBAC3B,WAAW,QAAQ,aACnB,WAAW,QAAQ,WACnBA,OAAM,IAAI,WAAW;AAAA,UACzB;AAAA,UACA;AAAA,YACE;AAAA,YACA,WAAW,QAAQ,UAAU,eAAeA,OAAM,IAAI,kBAAkB;AAAA,UAC1E;AAAA,UACA,CAAC,QAAQ,WAAW,MAAM,QAAQ,MAAM;AAAA,UACxC,CAAC,YAAY,WAAW,OAAO;AAAA,UAC/B,CAAC,cAAc,WAAW,aAAaA,OAAM,IAAI,WAAW,CAAC;AAAA,UAC7D,CAAC,eAAe,WAAW,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,UACnE,CAAC,eAAe,WAAW,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,UACnE,CAAC,eAAe,cAAc,CAAC;AAAA,QACjC;AAAA,QACA;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACrGA,SAAS,WAAAC,iBAAe;;;ACAxB,SAAS,WAAAC,iBAAe;AACxB,OAAOC,YAAW;;;AC+BlB,eAAsB,qBACpB,YACwB;AACxB,QAAM,aAAa,kBAAkB,UAAU;AAC/C,MAAI,eAA+C;AACnD,MAAI,sBAAqC;AACzC,MAAI,iBAAiB,WAAW,QAAQ;AAExC,MAAI,WAAW,QAAQ;AACrB,QAAI;AACF,qBAAe,MAAM,IAAI;AAAA,QACvB,WAAW;AAAA,QACX,WAAW;AAAA,MACb,EAAE,mBAAmB;AACrB,uBAAiB,qBAAqB,WAAW,aAAa,YAAY,EAAE;AAAA,IAC9E,SAAS,OAAO;AACd,4BAAsB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAC7E;AAAA,EACF;AAEA,SAAO;AAAA,IACL,eAAe,QAAQ,WAAW,MAAM;AAAA,IACxC,aAAa,WAAW;AAAA,IACxB,kBAAkB,WAAW;AAAA,IAC7B,iBAAiB,0BAA0B,WAAW,WAAW;AAAA,IACjE,SAAS,WAAW;AAAA,IACpB,SAAS,WAAW;AAAA,IACpB,WAAW,WAAW,aAAa;AAAA,IACnC,gBAAgB,WAAW,kBAAkB;AAAA,IAC7C,kBAAkB,WAAW;AAAA,IAC7B,gBAAgB,WAAW,kBAAkB;AAAA,IAC7C,kBAAkB,WAAW;AAAA,IAC7B,YAAY,cAAc;AAAA,IAC1B,YAAY,qBAAqB,WAAW,WAAW;AAAA,IACvD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAGO,SAAS,wBAAwB,QAAsC;AAC5E,MAAI,OAAO,cAAc;AACvB,WAAO,kBAAkB,OAAO,YAAY;AAAA,EAC9C;AACA,MAAI,OAAO,gBAAgB;AACzB,WAAO,kBAAkB,OAAO,cAAc;AAAA,EAChD;AACA,SAAO;AACT;;;ADtEA,SAAS,iBAAiB,QAAgD;AACxE,SAAO;AAAA,IACL,eAAe,OAAO;AAAA,IACtB,SAAS,OAAO;AAAA,IAChB,kBAAkB,OAAO;AAAA,IACzB,iBAAiB,OAAO;AAAA,IACxB,SAAS,OAAO;AAAA,IAChB,SAAS,OAAO;AAAA,IAChB,WAAW,OAAO;AAAA,IAClB,gBAAgB,OAAO;AAAA,IACvB,kBAAkB,OAAO;AAAA,IACzB,gBAAgB,OAAO;AAAA,IACvB,kBAAkB,OAAO;AAAA,IACzB,YAAY,OAAO;AAAA,IACnB,YAAY,OAAO;AAAA,IACnB,cAAc,OAAO;AAAA,IACrB,gBAAgB,OAAO,kBAAkB;AAAA,IACzC,qBAAqB,OAAO;AAAA,EAC9B;AACF;AAEO,SAAS,oBACd,QACA,UACA,UAAU,qBACJ;AACN,QAAM,eAAe,OAAO;AAC5B,QAAM,iBAAiB,OAAO;AAC9B,QAAM,QAAQ,cAAc,OAAO,SAAS,gBAAgB,eAAeC,OAAM,IAAI,WAAW;AAChG,QAAM,aACJ,cAAc,OAAO,QAAQ,gBAAgB,cAAcA,OAAM,IAAI,WAAW;AAClF,QAAM,gBACJ,eACI,aAAa,OAAO,MAAM,aAAa,UAAU,UAC/C,UACA,aAAa,UAAU,YACrB,aACA,aAAa,UAAU,YACrB,YACA,YACN,gBAAgB,iBAAiBA,OAAM,IAAI,WAAW;AAC5D,QAAM,WACJ,cAAc,IAAI,QAClB,cAAc,IAAI,MAClB,gBAAgB,WAChB,gBAAgB,SAChBA,OAAM,IAAI,WAAW;AACvB,QAAM,cACJ,cAAc,QAAQ,QACtB,cAAc,QAAQ,MACtB,gBAAgB,cAChB,gBAAgB,YAChBA,OAAM,IAAI,aAAa;AACzB,QAAM,cACJ,cAAc,QAAQ,eAAe,gBAAgB,eAAeA,OAAM,IAAI,WAAW;AAC3F,QAAM,SACJ,cAAc,OAAO,WAAW,gBAAgB,iBAAiBA,OAAM,IAAI,WAAW;AACxF,QAAM,iBAAiB,eACnB,SACA,iBACE,WACA;AAEN,UAAQ,IAAI;AACZ,UAAQ,IAAIA,OAAM,KAAK,OAAO,CAAC;AAC/B,UAAQ,IAAI;AACZ;AAAA,IACE;AAAA,MACE,CAAC,WAAW,OAAO,WAAW;AAAA,MAC9B,CAAC,iBAAiB,OAAO,gBAAgB,QAAQ,IAAI;AAAA,MACrD,CAAC,qBAAqB,OAAO,gBAAgB;AAAA,MAC7C,CAAC,oBAAoB,OAAO,eAAe;AAAA,MAC3C,CAAC,gBAAgB,UAAU;AAAA,MAC3B,CAAC,iBAAiB,KAAK;AAAA,MACvB,CAAC,kBAAkB,aAAa;AAAA,MAChC,CAAC,aAAa,wBAAwB,MAAM,KAAKA,OAAM,IAAI,WAAW,CAAC;AAAA,MACvE,CAAC,gBAAgB,QAAQ;AAAA,MACzB,CAAC,UAAU,WAAW;AAAA,MACtB,CAAC,mBAAmB,WAAW;AAAA,MAC/B,CAAC,UAAU,MAAM;AAAA,MACjB,CAAC,mBAAmB,cAAc;AAAA,MAClC,CAAC,YAAY,OAAO,OAAO;AAAA,MAC3B,CAAC,QAAQ,OAAO,UAAU,QAAQ,MAAM;AAAA,MACxC,CAAC,cAAc,OAAO,aAAaA,OAAM,IAAI,WAAW,CAAC;AAAA,MACzD,CAAC,eAAe,OAAO,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC/D,CAAC,eAAe,OAAO,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC/D,CAAC,eAAe,OAAO,UAAU;AAAA,MACjC,CAAC,eAAe,OAAO,UAAU;AAAA,MACjC,CAAC,mBAAmB,OAAO,uBAAuB,IAAI;AAAA,IACxD;AAAA,IACA;AAAA,IACA,iBAAiB,MAAM;AAAA,EACzB;AACA,UAAQ,IAAI;AACd;AAGO,SAAS,cAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,MAAM,MAAM,EACZ,YAAY,+DAA+D,EAC3E;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,MAAM,qBAAqB,UAAU;AACpD,0BAAoB,QAAQ,CAAC,CAAC,WAAW,IAAI;AAAA,IAC/C,CAAC;AAAA,EACH;AACJ;;;ADhHO,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,8DAA8D,EAC1E;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,MAAM,qBAAqB,UAAU;AACpD;AAAA,QACE;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,OAAO,gBAAgB,uBAAuB;AAAA,MAChD;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AGZO,SAAS,qBAAqBC,UAAwB;AAC3D,QAAM,OAAOA,SAAQ,QAAQ,MAAM,EAAE,YAAY,+BAA+B;AAEhF,OAAK,WAAW,aAAa,CAAC;AAC9B,OAAK,WAAW,cAAc,CAAC;AAC/B,OAAK,WAAW,qBAAqB,CAAC;AACtC,OAAK,WAAW,cAAc,CAAC;AAC/B,OAAK,WAAW,cAAc,CAAC;AAC/B,OAAK,WAAW,gBAAgB,CAAC;AACnC;;;AClBA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,UAAS;AAQT,SAAS,mBAA4B;AAC1C,SAAO,IAAIC,UAAQ,WAAW,EAC3B,YAAY,4CAA4C,EACxD;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,KAAI,+BAA+B,EAAE,MAAM;AAC3D,YAAM,YAAY,MAAM,OAAO,oBAAoB;AACnD,cAAQ,KAAK;AAEb;AAAA,QACE;AAAA,UACE,CAAC,uBAAuB,UAAU,oBAAoB,QAAQ,IAAI;AAAA,UAClE,CAAC,cAAc,UAAU,YAAY,QAAQ,IAAI;AAAA,UACjD,CAAC,SAAS,UAAU,QAAQ,QAAQ,IAAI;AAAA,QAC1C;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AC7BO,SAAS,wBAAwBC,UAAwB;AAC9D,QAAM,UAAUA,SAAQ,QAAQ,SAAS,EAAE,YAAY,2BAA2B;AAElF,UAAQ,WAAW,iBAAiB,CAAC;AACvC;;;ACRA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;;;ACDhB,OAAOC,SAAQ;AACf,OAAOC,WAAU;AAMV,SAAS,eAAe,QAKL;AACxB,QAAM,eAAe,OAAO,gBAAgB;AAC5C,QAAM,mBAAmB,OAAO,oBAAoB;AAEpD,MAAI,OAAO,QAAQ,OAAO,UAAU;AAClC,UAAM,IAAI,MAAM,cAAc,YAAY,OAAO,gBAAgB,aAAa;AAAA,EAChF;AAEA,MAAI,CAAC,OAAO,QAAQ,CAAC,OAAO,UAAU;AACpC,WAAO;AAAA,EACT;AAEA,QAAM,WAAW,OAAO,WACpBD,IAAG,aAAaC,MAAK,QAAQ,OAAO,QAAQ,GAAG,MAAM,IACrD,OAAO;AACX,QAAM,cAAc,OAAO,WACvB,GAAG,gBAAgB,IAAI,OAAO,QAAQ,KACtC;AAEJ,MAAI;AACF,WAAO,KAAK,MAAM,QAAQ;AAAA,EAC5B,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,mBAAmB,WAAW,aAC5B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CACvD;AAAA,IACF;AAAA,EACF;AACF;;;AD/BA,SAAS,gBAAgB,SAAoE;AAC3F,QAAM,SAAS,eAAe;AAAA,IAC5B,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,EACpB,CAAC;AAED,MAAI,CAAC,UAAU,MAAM,QAAQ,MAAM,KAAK,OAAO,WAAW,UAAU;AAClE,UAAM,IAAI,MAAM,6DAA6D;AAAA,EAC/E;AAEA,SAAO;AACT;AAGO,SAASC,iBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,qCAAqC,EACjD,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,sBAAsB,yCAAyC,EACtE;AAAA,IACC;AAAA,MACE,OACE,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,cAAM,OAAO,gBAAgB,OAAO;AAEpC,cAAM,UAAUC,MAAI,oBAAoB,EAAE,MAAM;AAChD,cAAM,OAAO,aAAa,IAAI;AAC9B,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,SAAS,MAAM,MAAM,KAAK,KAAK,GAAG,MAAM,CAAC,CAAC;AACvE;AAAA,QACF;AAEA,gBAAQ,mBAAmB,KAAK,IAAI,GAAG;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACJ;;;AEpDA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAOhB,SAAS,mBAAmB,QAA+B;AACzD,QAAM,QAAQ,IAAI,KAAK,OAAO,SAAS,EAAE,YAAY,EAAE,MAAM,GAAG,EAAE;AAClE,QAAM,MAAM,IAAI,KAAK,OAAO,OAAO,EAAE,YAAY,EAAE,MAAM,GAAG,EAAE;AAC9D,SAAO,GAAG,KAAK,OAAO,GAAG;AAC3B;AAEA,SAAS,oBAAoB,QAA+B;AAC1D,UAAQ,OAAO,aAAa;AAAA,IAC1B,KAAK;AACH,aAAO,UAAU,OAAO,mBAAmB,GAAG;AAAA,IAChD,KAAK;AACH,aAAO,QAAQ,OAAO,iBAAiB,GAAG;AAAA,IAC5C,KAAK;AACH,aAAO,SAAS,OAAO,kBAAkB,GAAG;AAAA,IAC9C;AACE,aAAO;AAAA,EACX;AACF;AAGO,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,+CAA+C,EAC3D;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,qBAAqB,EAAE,MAAM;AACjD,YAAM,UAAU,MAAM,OAAO,YAAY;AACzC,cAAQ,KAAK;AAEb,YAAM,OAAO,QAAQ,IAAI,CAAC,WAAW;AAAA,QACnC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,oBAAoB,MAAM;AAAA,QAC1B,OAAO,OAAO,MAAM;AAAA,QACpB,mBAAmB,MAAM;AAAA,QACzB,OAAO,OAAO,OAAO,MAAM;AAAA,MAC7B,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,WAAW,UAAU,UAAU,QAAQ;AAAA,QACtD;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACvDO,SAAS,uBAAuBC,UAAwB;AAC7D,QAAM,SAASA,SAAQ,QAAQ,QAAQ,EAAE,YAAY,4BAA4B;AAEjF,SAAO,WAAWC,aAAY,CAAC;AAC/B,SAAO,WAAWC,eAAc,CAAC;AACnC;;;ACVA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,SAAQ;AAiCf,eAAe,oBAAoB,iBAIhC;AACD,QAAM,gBAA+B,gBAAgB,UACjD,WACA,gBAAgB,MACd,QACA;AAEN,QAAM,gBAAgB,MAAM;AAAA,IAC1B;AAAA,IACA;AAAA,MACE,EAAE,OAAO,cAAc,OAAO,QAAQ,aAAa,IAAI,uBAAuB,IAAI;AAAA,MAClF,EAAE,OAAO,eAAe,OAAO,OAAO,aAAa,IAAI,mBAAmB,IAAI;AAAA,MAC9E,EAAE,OAAO,cAAc,OAAO,SAAS;AAAA,IACzC;AAAA,IACA;AAAA,EACF;AAEA,QAAM,iBAIF,CAAC;AAEL,MAAI,kBAAkB,UAAU;AAC9B,mBAAe,UAAU,MAAM,WAAW,YAAY;AAAA,MACpD,cAAc,gBAAgB,WAAW;AAAA,IAC3C,CAAC;AAAA,EACH,WAAW,kBAAkB,OAAO;AAClC,mBAAe,MAAM;AAAA,EACvB,OAAO;AACL,mBAAe,MAAM;AAAA,EACvB;AAEA,QAAM,YAAY,MAAM,WAAW,yBAAyB;AAAA,IAC1D,cAAc,gBAAgB;AAAA,IAC9B,UAAU;AAAA,EACZ,CAAC;AACD,MAAI,WAAW;AACb,mBAAe,YAAY;AAAA,EAC7B;AAEA,SAAO;AACT;AAEA,eAAe,0BACb,aACA,iBAKC;AACD,QAAM,wBAAwB,yBAAyB,WAAW;AAClE,QAAM,cACJ,gBAAgB,kBAAkBC,IAAG,WAAW,qBAAqB,IACjE,aACA;AAEN,QAAM,iBAAiB,MAAM;AAAA,IAC3B;AAAA,IACA;AAAA,MACE;AAAA,QACE,OAAO;AAAA,QACP,OAAO;AAAA,QACP,aAAa,aAAa,qBAAqB;AAAA,MACjD;AAAA,MACA;AAAA,QACE,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA;AAAA,EACF;AAEA,MAAI,mBAAmB,YAAY;AACjC,UAAM,EAAE,eAAAC,gBAAe,QAAQ,IAAI,iBAAiB,qBAAqB;AACzE,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,cAAc,gBAAgBA,cAAa;AAAA,MAC3C;AAAA,IACF;AAAA,EACF;AAEA,QAAM,iBAAiB,MAAM,WAAW,6BAA6B;AAAA,IACnE,cAAc,gBAAgB,kBAAkB;AAAA,EAClD,CAAC;AACD,QAAM,gBAAgB,eAAe,cAAc;AACnD,SAAO;AAAA,IACL;AAAA,IACA,cAAc,gBAAgB,aAAa;AAAA,IAC3C,SAAS;AAAA,EACX;AACF;AAEA,eAAe,uBACb,aACA,iBACe;AACf,QAAM,iBAAiB,MAAM,oBAAoB,eAAe;AAChE,QAAM,aAAa,MAAM,0BAA0B,aAAa,eAAe;AAC/E,QAAM,YAAY,MAAM,WAAW,gBAAgB;AACnD,QAAM,YAAY,MAAM,WAAW,cAAc;AAAA,IAC/C,QAAQ;AAAA,EACV,CAAC;AAED,yBAAuB,aAAa,EAAE,WAAW,UAAU,CAAC;AAE5D,QAAM,cAAc;AAAA,IAClB;AAAA,MACE,GAAG;AAAA,MACH,gBAAgB,WAAW;AAAA,MAC3B,gBAAgB,yBAAyB,WAAW;AAAA,IACtD;AAAA,IACA;AAAA,EACF;AACA,mBAAiB,aAAa,WAAW;AAEzC,QAAM,UACJ,eAAe,YACd,eAAe,MAAM,sBAAsB;AAE9C,MAAI;AACF,UAAM,WAAW,MAAM,IAAI;AAAA,MACzB,GAAG,SAAS,IAAI,SAAS;AAAA,MACzB;AAAA,IACF,EAAE,mBAAmB;AACrB,yBAAqB,aAAa,QAAQ;AAAA,EAC5C,SAAS,OAAO;AACd;AAAA,MACE,0DACE,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CACvD;AAAA,IACF;AAAA,EACF;AAEA,UAAQ,kBAAkB,WAAW,QAAQ,cAAc,CAAC,EAAE;AAC9D,UAAQ,gBAAgB,0BAA0B,WAAW,CAAC,EAAE;AAChE,UAAQ,gBAAgB,WAAW,cAAc,EAAE;AACnD,UAAQ,gBAAgB,yBAAyB,WAAW,CAAC,EAAE;AACjE;AAEA,eAAe,0BACb,aACA,iBACe;AACf,QAAM,iBAAiB,MAAM,oBAAoB,eAAe;AAChE,QAAM,aAAa,MAAM,0BAA0B,aAAa,eAAe;AAC/E,QAAM,YAAY,MAAM,WAAW,cAAc;AAAA,IAC/C,cAAc,gBAAgB,aAAa;AAAA,EAC7C,CAAC;AACD,QAAM,UAAU,MAAM,WAAW,gCAAgC;AAAA,IAC/D,cAAc;AAAA,IACd,UAAU;AAAA,EACZ,CAAC;AAED,QAAM,UACJ,eAAe,YACd,eAAe,MAAM,sBAAsB;AAC9C,QAAM,SAAS,MAAM,qBAAqB;AAAA,IACxC;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS,WAAW;AAAA,IACpB;AAAA,IACA,gBAAgB,WAAW;AAAA,IAC3B;AAAA,EACF,CAAC;AAED,MAAI,OAAO,eAAe;AACxB;AAAA,MACE,4DACE,OAAO,aACT;AAAA,IACF;AAAA,EACF;AAEA,UAAQ,uBAAuB,SAAS,mBAAmB,WAAW,GAAG;AACzE,UAAQ,gBAAgB,0BAA0B,WAAW,CAAC,EAAE;AAChE,UAAQ,gBAAgB,OAAO,cAAc,EAAE;AAC/C,UAAQ,gBAAgB,OAAO,cAAc,EAAE;AACjD;AAGO,SAAS,mBAA4B;AAC1C,SAAO,IAAIC,UAAQ,WAAW,EAC3B,YAAY,oCAAoC,EAChD;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,WAAW;AAC1B,YAAM,qBAAqB;AAAA,QACzB;AAAA,QACA,WAAW;AAAA,QACX,QAAQ,IAAI;AAAA,MACd;AACA,YAAM,cAAc,MAAM,WAAW,gBAAgB;AAAA,QACnD,cAAc;AAAA,MAChB,CAAC;AACD,YAAM,kBAAkB,iBAAiB,QAAQ,WAAW;AAE5D,cAAQ,IAAI;AACZ,cAAQ,IAAI,gCAAgC,qBAAqB,WAAW,CAAC,EAAE;AAE/E,YAAM,OAAO,MAAM;AAAA,QACjB;AAAA,QACA;AAAA,UACE;AAAA,YACE,OAAO;AAAA,YACP,OAAO;AAAA,YACP,aAAa;AAAA,UACf;AAAA,UACA;AAAA,YACE,OAAO;AAAA,YACP,OAAO;AAAA,YACP,aAAa;AAAA,UACf;AAAA,QACF;AAAA,QACA;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ,UAAI,SAAS,UAAU;AACrB,cAAM,uBAAuB,aAAa,eAAe;AAAA,MAC3D,OAAO;AACL,cAAM,0BAA0B,aAAa,eAAe;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AC1QA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,aAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,gCAAgC,EAC5C,SAAS,YAAY,aAAa,EAClC;AAAA,IACC,iBAAiB,OAAO,QAAgB,OAAgB,QAAiB;AACvE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,sBAAsB,MAAM,KAAK,EAAE,MAAM;AAC7D,YAAM,WAAW,MAAM,OAAO,UAAU,MAAM;AAC9C,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,MACF;AAEA,cAAQ,qBAAqB,MAAM,EAAE;AACrC;AAAA,QACE;AAAA,UACE,CAAC,aAAa,SAAS,QAAQ;AAAA,UAC/B,CAAC,iBAAiB,SAAS,cAAc;AAAA,UACzC,CAAC,YAAY,SAAS,aAAa;AAAA,UACnC,CAAC,aAAa,SAAS,qBAAqB;AAAA,UAC5C,CAAC,gBAAgB,SAAS,YAAY;AAAA,QACxC;AAAA,QACA;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;ACzCA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,+BAA+B,EAC3C;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,qBAAqB,EAAE,MAAM;AACjD,YAAM,UAAU,MAAM,OAAO,YAAY;AACzC,cAAQ,KAAK;AAEb,YAAM,OAAO,QAAQ,IAAI,CAAC,WAAW;AAAA,QACnC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,OAAO,WAAW,QAAQ;AAAA,QAC1B,OAAO;AAAA,QACP,OAAO,wBAAwB;AAAA,MACjC,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,UAAU,YAAY,SAAS,WAAW;AAAA,QACjD;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACxCA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,mCAAmC,EAC/C,SAAS,QAAQ,WAAW,EAC5B;AAAA,IACC,iBAAiB,OAAO,IAAY,OAAgB,QAAiB;AACnE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,oBAAoB,EAAE,KAAK,EAAE,MAAM;AACvD,YAAM,WAAW,MAAM,OAAO,aAAa,EAAE;AAC7C,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,MACF;AAEA,cAAQ,6BAA6B,EAAE,EAAE;AACzC;AAAA,QACE;AAAA,UACE,CAAC,YAAY,SAAS,WAAW,QAAQ,IAAI;AAAA,UAC7C,CAAC,SAAS,SAAS,SAAS,GAAG;AAAA,QACjC;AAAA,QACA;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AChCO,SAAS,uBAAuBC,UAAwB;AAC7D,QAAM,SAASA,SAAQ,QAAQ,QAAQ,EAAE,YAAY,yBAAyB;AAE9E,SAAO,WAAWC,aAAY,CAAC;AAC/B,SAAO,WAAW,WAAW,CAAC;AAC9B,SAAO,WAAW,cAAc,CAAC;AACnC;;;ACZA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAOhB,IAAM,oBAAoB,oBAAI,IAAqB,CAAC,OAAO,OAAO,OAAO,eAAe,OAAO,CAAC;AAEhG,SAAS,yBAAyB,SAAkC;AAClE,QAAM,aAAa,QAAQ,KAAK,EAAE,YAAY;AAE9C,MAAI,CAAC,kBAAkB,IAAI,UAAU,GAAG;AACtC,UAAM,IAAI;AAAA,MACR,iCAAiC,OAAO,kBAAkB,CAAC,GAAG,iBAAiB,EAAE,KAAK,IAAI,CAAC;AAAA,IAC7F;AAAA,EACF;AAEA,SAAO;AACT;AAGO,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,uDAAuD,EACnE,eAAe,uBAAuB,qDAAqD,EAC3F,eAAe,uBAAuB,8BAA8B,EACpE,eAAe,uBAAuB,mCAAmC,EACzE,OAAO,4BAA4B,yCAAyC,EAC5E;AAAA,IACC;AAAA,MACE,OACE,SAMA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,wBAAwB,EAAE,MAAM;AACpD,cAAM,WAAW,MAAM,OAAO,eAAe;AAAA,UAC3C,SAAS,yBAAyB,QAAQ,OAAO;AAAA,UACjD,SAAS,QAAQ;AAAA,UACjB,SAAS,QAAQ;AAAA,UACjB,gBAAgB,QAAQ;AAAA,QAC1B,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,QACF;AAEA,gBAAQ,oBAAoB;AAC5B;AAAA,UACE;AAAA,YACE,CAAC,eAAe,SAAS,EAAE;AAAA,YAC3B,CAAC,gBAAgB,SAAS,WAAW;AAAA,YACrC,CAAC,qBAAqB,SAAS,WAAW,QAAQ,IAAI;AAAA,UACxD;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACJ;;;ACnEO,SAAS,yBAAyBC,UAAwB;AAC/D,QAAM,WAAWA,SAAQ,QAAQ,UAAU,EAAE,YAAY,oCAAoC;AAE7F,WAAS,WAAW,cAAc,CAAC;AACrC;;;ACRA,SAAS,WAAAC,iBAAe;AAOxB,IAAM,0BAA0B,oBAAI,IAA0B,CAAC,OAAO,QAAQ,OAAO,SAAS,QAAQ,CAAC;AAEvG,SAAS,gBAAgB,QAAsC;AAC7D,QAAM,mBAAmB,OAAO,KAAK,EAAE,YAAY;AAEnD,MAAI,CAAC,wBAAwB,IAAI,gBAAwC,GAAG;AAC1E,UAAM,IAAI,MAAM,uBAAuB,MAAM,0CAA0C;AAAA,EACzF;AAEA,SAAO;AACT;AAGO,SAAS,iBAA0B;AACxC,SAAO,IAAIC,UAAQ,SAAS,EACzB,YAAY,qCAAqC,EACjD,SAAS,YAAY,6CAA6C,EAClE,SAAS,UAAU,uDAAuD,EAC1E,OAAO,iBAAiB,4BAA4B,EACpD,OAAO,sBAAsB,wCAAwC,EACrE;AAAA,IACC;AAAA,MACE,OACE,QACAC,OACA,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,YAAY,UAAU;AACrC,cAAM,SAAS,IAAI,UAAU,OAAO,QAAQ,OAAO,OAAO;AAC1D,cAAM,SAAS,MAAM,OAAO,eAAe;AAAA,UACzC,QAAQ,gBAAgB,MAAM;AAAA,UAC9B,MAAAA;AAAA,UACA,MAAM,eAAe;AAAA,YACnB,MAAM,QAAQ;AAAA,YACd,UAAU,QAAQ;AAAA,UACpB,CAAC;AAAA,QACH,CAAC;AAED,YAAI,UAAU,MAAM;AAClB;AAAA,QACF;AAEA,YAAI,OAAO,WAAW,UAAU;AAC9B,kBAAQ,IAAI,MAAM;AAClB;AAAA,QACF;AAEA,gBAAQ,IAAI,KAAK,UAAU,QAAQ,MAAM,WAAW,OAAO,IAAI,CAAC,CAAC;AAAA,MACnE;AAAA,IACF;AAAA,EACF;AACJ;;;ACxDO,SAAS,wBAAwBC,UAAwB;AAC9D,QAAM,UAAUA,SAAQ,QAAQ,SAAS,EAAE,YAAY,wCAAwC;AAE/F,UAAQ,WAAW,eAAe,CAAC;AACrC;;;ACRA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,sBAA+B;AAC7C,SAAO,IAAIC,UAAQ,eAAe,EAC/B,YAAY,oCAAoC,EAChD;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,sCAAsC,EAAE,MAAM;AAClE,YAAM,SAAS,MAAM,OAAO,0BAA0B;AACtD,cAAQ,KAAK;AAEb;AAAA,QACE;AAAA,UACE,CAAC,WAAW,OAAO,OAAO,OAAO,CAAC;AAAA,UAClC,CAAC,SAAS,OAAO,OAAO,KAAK,CAAC;AAAA,UAC9B,CAAC,mBAAmB,OAAO,OAAO,cAAc,CAAC;AAAA,UACjD,CAAC,UAAU,OAAO,OAAO,MAAM,CAAC;AAAA,UAChC,CAAC,eAAe,OAAO,OAAO,UAAU,CAAC;AAAA,UACzC,CAAC,WAAW,OAAO,OAAO,OAAO,CAAC;AAAA,UAClC,CAAC,gBAAgB,OAAO,OAAO,YAAY,CAAC;AAAA,UAC5C,CAAC,UAAU,OAAO,OAAO,MAAM,CAAC;AAAA,UAChC,CAAC,YAAY,OAAO,OAAO,QAAQ,CAAC;AAAA,UACpC,CAAC,YAAY,OAAO,OAAO,OAAO,CAAC;AAAA,QACrC;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;ACpCO,SAAS,2BAA2BC,UAAwB;AACjE,QAAM,aAAaA,SAAQ,QAAQ,YAAY,EAAE,YAAY,sCAAsC;AAEnG,aAAW,WAAW,oBAAoB,CAAC;AAC7C;;;ACRA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,wBAAiC;AAC/C,SAAO,IAAIC,UAAQ,iBAAiB,EACjC,YAAY,2DAA2D,EACvE;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,6BAA6B,EAAE,MAAM;AACzD,YAAM,WAAW,MAAM,OAAO,mBAAmB;AACjD,cAAQ,KAAK;AAEb,YAAM,OAAO,SAAS,eAAe,IAAI,CAAC,UAAU;AAAA,QAClD,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM,YAAY,QAAQ;AAAA,QAC1B,MAAM,MAAM,KAAK,IAAI,KAAK;AAAA,QAC1B,OAAO,MAAM,eAAe;AAAA,MAC9B,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,UAAU,WAAW,SAAS,SAAS;AAAA,QACtD;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,SAAS;AAAA,MACX;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACzCA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAYhB,IAAM,yBAAyB,oBAAI,IAAyB;AAAA,EAC1D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,SAAS,6BAA6B,WAAwC;AAC5E,QAAM,aAAa,UAAU,KAAK,EAAE,YAAY;AAEhD,MAAI,CAAC,uBAAuB,IAAI,UAAU,GAAG;AAC3C,UAAM,IAAI;AAAA,MACR,2BAA2B,SAAS,kBAAkB,CAAC,GAAG,sBAAsB,EAAE,KAAK,IAAI,CAAC;AAAA,IAC9F;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,qBAAqB,SAGJ;AACxB,QAAM,SAAS,eAAe;AAAA,IAC5B,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,EACpB,CAAC;AAED,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,MAAI,MAAM,QAAQ,MAAM,GAAG;AACzB,WAAO,EAAE,aAAa,OAA+C;AAAA,EACvE;AAEA,MAAI,OAAO,WAAW,YAAY,WAAW,QAAQ,MAAM,QAAQ,OAAO,WAAW,GAAG;AACtF,WAAO;AAAA,EACT;AAEA,QAAM,IAAI,MAAM,+FAA+F;AACjH;AAGO,SAAS,aAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,kCAAkC,EAC9C,SAAS,eAAe,0FAA0F,EAClH,SAAS,QAAQ,UAAU,EAC3B,OAAO,iBAAiB,yBAAyB,EACjD,OAAO,sBAAsB,uCAAuC,EACpE;AAAA,IACC;AAAA,MACE,OACE,WACA,IACA,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,cAAM,OAAO,qBAAqB,OAAO;AAEzC,cAAM,UAAUC,MAAI,yBAAyB,EAAE,MAAM;AACrD,cAAM,OAAO,eAAe,6BAA6B,SAAS,GAAG,IAAI,IAAI;AAC7E,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,WAAW,UAAU,YAAY,GAAG,IAAI,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAC9F;AAAA,QACF;AAEA,gBAAQ,2BAA2B,UAAU,YAAY,CAAC,IAAI,EAAE,EAAE;AAAA,MACpE;AAAA,IACF;AAAA,EACF;AACJ;;;ACvFO,SAAS,4BAA4BC,UAAwB;AAClE,QAAM,cAAcA,SAAQ,QAAQ,aAAa,EAAE,YAAY,0BAA0B;AAEzF,cAAY,WAAW,sBAAsB,CAAC;AAC9C,cAAY,WAAW,WAAW,CAAC;AACrC;;;ACVA,SAAS,WAAAC,iBAAe;AAOjB,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,yBAAyB,EACrC;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,WAAW;AAC1B,YAAM,iBAAiB,sBAAsB,MAAM;AACnD,YAAM,OAAO,gBAAgB,MAAM,EAAE,IAAI,CAAC,gBAAgB;AACxD,cAAM,UAAU,OAAO,SAAS,WAAW,KAAK,CAAC;AACjD,eAAO;AAAA,UACL;AAAA,UACA,gBAAgB,iBAAiB,QAAQ;AAAA,UACzC,QAAQ,UAAU,eAAe;AAAA,UACjC,QAAQ,UAAU,kBAAkB,QAAQ,aAAa,QAAQ,WAAW;AAAA,UAC5E,QAAQ,YAAY,QAAQ,MAAM,uBAAuB;AAAA,UACzD,QAAQ,aAAa;AAAA,QACvB;AAAA,MACF,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,QAAQ,WAAW,SAAS,aAAa,YAAY,YAAY;AAAA,QAClE;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,KAAK,IAAI,CAAC,CAAC,MAAM,SAAS,OAAO,WAAW,SAAS,SAAS,OAAO;AAAA,UACnE;AAAA,UACA,SAAS,YAAY;AAAA,UACrB,OAAO,UAAU,MAAM,OAAO;AAAA,UAC9B,WAAW,cAAc,MAAM,OAAO;AAAA,UACtC;AAAA,UACA,WAAW,cAAc,MAAM,OAAO;AAAA,QACxC,EAAE;AAAA,MACJ;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC5CA,SAAS,WAAAC,iBAAe;AAWjB,SAAS,aAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,+BAA+B,EAC3C,SAAS,UAAU,cAAc,EACjC;AAAA,IACC,iBAAiB,OAAO,gBAAwB;AAC9C,YAAM,SAAS,WAAW;AAC1B,YAAM,UAAU,iBAAiB,QAAQ,WAAW;AAEpD,UAAI,OAAO,KAAK,OAAO,EAAE,WAAW,KAAK,CAAC,OAAO,SAAS,WAAW,GAAG;AACtE,cAAM,IAAI,MAAM,YAAY,WAAW,mBAAmB;AAAA,MAC5D;AAEA,iBAAW,kBAAkB,QAAQ,WAAW,CAAC;AACjD,cAAQ,sBAAsB,WAAW,GAAG;AAAA,IAC9C,CAAC;AAAA,EACH;AACJ;;;ACtBO,SAAS,wBAAwBC,UAAwB;AAC9D,QAAM,UAAUA,SAAQ,QAAQ,SAAS,EAAE,YAAY,2BAA2B;AAElF,UAAQ,WAAWC,aAAY,CAAC;AAChC,UAAQ,WAAW,YAAY,CAAC;AAChC,UAAQ,WAAW,WAAW,CAAC;AACjC;;;ACZA,SAAS,WAAAC,iBAAe;AAOjB,SAAS,cAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,uDAAuD,EACnE;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,MAAM,qBAAqB,UAAU;AACpD,0BAAoB,QAAQ,CAAC,CAAC,WAAW,MAAM,mBAAmB;AAAA,IACpE,CAAC;AAAA,EACH;AACJ;;;ACbO,SAAS,sBAAsBC,UAAwB;AAC5D,QAAM,QAAQA,SAAQ,QAAQ,OAAO,EAAE,YAAY,oCAAoC;AACvF,QAAM,WAAW,YAAY,CAAC;AAChC;;;ACPA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQhB,SAAS,eAAe,SAA0D;AAChF,QAAM,SAAS,eAAe;AAAA,IAC5B,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,EACpB,CAAC;AAED,MAAI,CAAC,UAAU,MAAM,QAAQ,MAAM,KAAK,OAAO,WAAW,UAAU;AAClE,UAAM,IAAI,MAAM,mEAAmE;AAAA,EACrF;AAEA,SAAO;AACT;AAGO,SAASC,iBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,sDAAsD,EAClE,OAAO,iBAAiB,0BAA0B,EAClD,OAAO,sBAAsB,wCAAwC,EACrE;AAAA,IACC;AAAA,MACE,OACE,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,mBAAmB,EAAE,MAAM;AAC/C,cAAM,WAAW,MAAM,OAAO,YAAY,eAAe,OAAO,CAAC;AACjE,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,QACF;AAEA,gBAAQ,iBAAiB,SAAS,EAAE,EAAE;AAAA,MACxC;AAAA,IACF;AAAA,EACF;AACJ;;;ACnDA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQhB,SAAS,mBAAmB,SAA0D;AACpF,QAAM,SAAS,eAAe;AAAA,IAC5B,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,EACpB,CAAC;AAED,MAAI,CAAC,UAAU,MAAM,QAAQ,MAAM,KAAK,OAAO,WAAW,UAAU;AAClE,UAAM,IAAI,MAAM,wEAAwE;AAAA,EAC1F;AAEA,SAAO;AACT;AAGO,SAAS,oBAA6B;AAC3C,SAAO,IAAIC,UAAQ,aAAa,EAC7B,YAAY,2DAA2D,EACvE,SAAS,aAAa,UAAU,EAChC,OAAO,iBAAiB,+BAA+B,EACvD,OAAO,sBAAsB,6CAA6C,EAC1E;AAAA,IACC;AAAA,MACE,OACE,SACA,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,0BAA0B,OAAO,KAAK,EAAE,MAAM;AAClE,cAAM,WAAW,MAAM,OAAO,gBAAgB,SAAS,mBAAmB,OAAO,CAAC;AAClF,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,QACF;AAEA,gBAAQ,sBAAsB,SAAS,EAAE,aAAa,OAAO,EAAE;AAAA,MACjE;AAAA,IACF;AAAA,EACF;AACJ;;;ACrDA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AASR,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,kDAAkD,EAC9D;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,YAAY,UAAU;AAErC,YAAM,UAAUC,MAAI,mCAAmC,EAAE,MAAM;AAC/D,YAAM,KAAK,MAAMC,IAAG,OAAO,MAAM;AACjC,cAAQ,KAAK;AAEb,YAAM,MAAM,GAAG;AACf,YAAM,OAAO,OAAO,KAAK,GAAG,EAAE,KAAK;AAEnC,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,KAAK,MAAM,CAAC,CAAC;AACxC;AAAA,MACF;AAEA,UAAI,KAAK,WAAW,GAAG;AACrB,gBAAQ,IAAI,uCAAuC;AACnD;AAAA,MACF;AAEA,YAAM,OAAO,KAAK,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC;AAE9C,cAAQ,IAAI;AACZ,iBAAW,CAAC,OAAO,OAAO,GAAG,MAAM,KAAK;AACxC,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC3CA,SAAS,WAAAC,iBAAe;;;ACAxB,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AAqCf,SAAS,YAAY,KAA0C;AAC7D,QAAM,OAAO,OAAO,KAAK,GAAG,EAAE,KAAK;AACnC,SAAO,KAAK,IAAI,CAAC,SAAS;AAAA,IACxB,MAAM;AAAA,IACN,QAAQ,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;AAAA,EAC7B,EAAE;AACJ;AAKA,eAAsB,sBACpB,YACwB;AACxB,QAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,QAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,WAAW,WAAW,SAAS;AAC/D,QAAM,OAAsB,CAAC;AAE7B,aAAW,SAAS,QAAQ;AAC1B,UAAM,WAAW,MAAM,OAAO,eAAe,MAAM,EAAE;AACrD,UAAM,aAAa,OAAO;AAAA,MACxB,SAAS,gBAAgB,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,IAAI,CAAU;AAAA,IACzE;AAEA,eAAW,QAAQ,SAAS,OAAO;AACjC,WAAK,KAAK;AAAA,QACR,SAAS,MAAM;AAAA,QACf,WAAW,MAAM;AAAA,QACjB,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,MAAM,KAAK;AAAA,QACX,YAAY,KAAK;AAAA,QACjB,WAAW,KAAK,UAAW,WAAW,KAAK,OAAO,KAAK,KAAK,UAAW;AAAA,QACvE,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO,KAAK,KAAK,CAAC,MAAM,UAAU;AAChC,UAAM,eAAe,KAAK,UAAU,cAAc,MAAM,SAAS;AACjE,WAAO,iBAAiB,IACpB,eACA,KAAK,SAAS,cAAc,MAAM,QAAQ;AAAA,EAChD,CAAC;AACH;AAKA,eAAsB,wBACpB,YACe;AACf,QAAM,UAAUC,MAAI,iCAAiC,EAAE,MAAM;AAC7D,QAAM,OAAO,MAAM,sBAAsB,UAAU;AACnD,UAAQ,KAAK;AAEb,MAAI,WAAW,MAAM;AACnB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AAEA,MAAI,KAAK,WAAW,GAAG;AACrB,YAAQ,IAAI,6BAA6B;AACzC;AAAA,EACF;AAEA,UAAQ,IAAI;AACZ;AAAA,IACE,CAAC,SAAS,QAAQ,QAAQ,UAAU,SAAS,UAAU;AAAA,IACvD,KAAK,IAAI,CAAC,QAAQ;AAAA,MAChB,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI,QAAQ;AAAA,MACZ,OAAO,IAAI,UAAU;AAAA,MACrB,IAAI,aAAa;AAAA,MACjB,IAAI,SAAS,KAAK,IAAI,KAAK;AAAA,IAC7B,CAAC;AAAA,IACD;AAAA,EACF;AACA,UAAQ,IAAI;AACd;AAMO,SAAS,eAAwB;AACtC,SAAO,IAAIC,UAAQ,OAAO,EACvB,YAAY,8FAA8F,EAC1G,OAAO,mBAAmB,6CAA6C,EACvE;AAAA,IACC,iBAAiB,OAAO,MAAkC,QAAiB;AACzE,YAAM,aAAa,IAAI,gBAA+B;AAEtD,UAAI,KAAK,cAAc;AACrB,cAAM,wBAAwB,UAAU;AACxC;AAAA,MACF;AAEA,YAAM,SAAS,YAAY,UAAU;AAErC,YAAM,UAAUD,MAAI,yBAAyB,EAAE,MAAM;AACrD,YAAM,KAAK,MAAME,IAAG,OAAO,MAAM;AACjC,cAAQ,KAAK;AAEb,YAAM,MAAM,GAAG;AACf,YAAM,QAAQ,YAAY,GAAG;AAE7B,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAC1C;AAAA,MACF;AAEA,UAAI,MAAM,WAAW,GAAG;AACtB,gBAAQ,IAAI,6BAA6B;AACzC;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,IAAI,CAAC,SAAS;AAAA,QAC/B,KAAK;AAAA,QACL;AAAA,QACA,KAAK,OAAO,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,IAAI;AAAA,MAC1C,CAAC;AAED,cAAQ,IAAI;AACZ,iBAAW,CAAC,QAAQ,QAAQ,QAAQ,GAAG,MAAM,KAAK;AAClD,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ADnKO,SAAS,mBAA4B;AAC1C,SAAO,IAAIC,UAAQ,YAAY,EAC5B,YAAY,mEAAmE,EAC/E;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,wBAAwB,UAAU;AAAA,IAC1C,CAAC;AAAA,EACH;AACJ;;;AEfA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,oBAA6B;AAC3C,SAAO,IAAIC,UAAQ,aAAa,EAC7B,YAAY,wDAAwD,EACpE;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,4BAA4B,EAAE,MAAM;AACxD,YAAM,WAAW,MAAM,OAAO,WAAW,WAAW,SAAS;AAC7D,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,SAAS,QAAQ,MAAM,CAAC,CAAC;AACpD;AAAA,MACF;AAEA,UAAI,SAAS,OAAO,WAAW,GAAG;AAChC,gBAAQ,IAAI,gCAAgC;AAC5C;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,kBAAkB,SAAS,YAAY;AAAA,QACtD,SAAS,OAAO,IAAI,CAAC,UAAU;AAAA,UAC7B,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM,sBAAsB;AAAA,UAC5B,OAAO,MAAM,SAAS;AAAA,UACtB,MAAM;AAAA,QACR,CAAC;AAAA,QACD;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC/CA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AASR,SAASC,cAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,6DAA6D,EACzE,SAAS,SAAS,iDAAiD,EACnE;AAAA,IACC;AAAA,MACE,OAAO,QAAgB,OAAgB,QAAiB;AACtD,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,YAAY,UAAU;AAErC,cAAM,UAAUC,MAAI,mCAAmC,EAAE,MAAM;AAC/D,cAAM,KAAK,MAAMC,IAAG,OAAO,MAAM;AACjC,gBAAQ,KAAK;AAEb,cAAM,MAAM,GAAG;AACf,cAAM,MAAM,OAAO,YAAY;AAC/B,cAAM,QAAQ,IAAI,GAAG;AAErB,YAAI,UAAU,QAAW;AACvB,gBAAM,YAAY,OAAO,KAAK,GAAG,EAAE,KAAK,EAAE,KAAK,IAAI,KAAK;AACxD,gBAAM,IAAI,MAAM,QAAQ,GAAG,gCAAgC,SAAS,EAAE;AAAA,QACxE;AAEA,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,KAAK,MAAM,GAAG,MAAM,CAAC,CAAC;AACnD;AAAA,QACF;AAGA,gBAAQ,OAAO,MAAM,KAAK;AAAA,MAC5B;AAAA,IACF;AAAA,EACF;AACJ;;;AC5CA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AAWR,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,4BAA4B,EACxC,SAAS,WAAW,yDAAyD,EAC7E;AAAA,IACC;AAAA,MACE,OAAO,OAAe,OAAgB,QAAiB;AACrD,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,YAAY,UAAU;AAErC,cAAM,UAAUC,MAAI,0BAA0B,EAAE,MAAM;AACtD,cAAM,KAAK,MAAMC,IAAG,OAAO,MAAM;AACjC,gBAAQ,KAAK;AAEb,cAAM,MAAM,GAAG;AACf,cAAM,aAAa,MAAM,YAAY;AAErC,cAAM,UAAU,OAAO,KAAK,GAAG,EAC5B,OAAO,CAAC,QAAQ,IAAI,YAAY,EAAE,SAAS,UAAU,CAAC,EACtD,KAAK;AAER,YAAI,WAAW,MAAM;AACnB,gBAAM,SAAS,QAAQ,IAAI,CAAC,SAAS,EAAE,KAAK,OAAO,IAAI,GAAG,EAAE,EAAE;AAC9D,kBAAQ,IAAI,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAC3C;AAAA,QACF;AAEA,YAAI,QAAQ,WAAW,GAAG;AACxB,kBAAQ,IAAI;AAAA,uBAA0B,KAAK;AAAA,CAAY;AACvD;AAAA,QACF;AAEA,cAAM,OAAO,QAAQ,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC;AAEjD,gBAAQ,IAAI;AACZ,mBAAW,CAAC,OAAO,OAAO,GAAG,MAAM,KAAK;AACxC,gBAAQ,IAAI;AAAA,MACd;AAAA,IACF;AAAA,EACF;AACJ;;;AC1CO,SAAS,sBAAsBC,UAAwB;AAC5D,QAAM,QAAQA,SAAQ,QAAQ,OAAO,EAAE,YAAY,sBAAsB;AAEzE,QAAM,WAAWC,eAAc,CAAC;AAChC,QAAM,WAAW,kBAAkB,CAAC;AACpC,QAAM,WAAWC,aAAY,CAAC;AAC9B,QAAM,WAAW,kBAAkB,CAAC;AACpC,QAAM,WAAW,iBAAiB,CAAC;AACnC,QAAM,WAAWC,YAAW,CAAC;AAC7B,QAAM,WAAW,aAAa,CAAC;AAC/B,QAAM,WAAW,cAAc,CAAC;AAClC;;;ACtBA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,kBAA2B;AACzC,SAAO,IAAIC,UAAQ,WAAW,EAC3B,YAAY,kCAAkC,EAC9C,SAAS,eAAe,YAAY,EACpC,SAAS,aAAa,UAAU,EAChC;AAAA,IACC;AAAA,MACE,OACE,WACA,SACA,OACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,mCAAmC,EAAE,MAAM;AAC/D,cAAM,OAAO,sBAAsB;AAAA,UACjC;AAAA,UACA;AAAA,QACF,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,WAAW,QAAQ,GAAG,MAAM,CAAC,CAAC;AAC3D;AAAA,QACF;AAEA,gBAAQ,oBAAoB,OAAO,iBAAiB,SAAS,EAAE;AAAA,MACjE;AAAA,IACF;AAAA,EACF;AACJ;;;AC1CA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,mBAAmB,EAC/B;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,sBAAsB,EAAE,MAAM;AAClD,YAAM,WAAW,MAAM,OAAO,aAAa;AAC3C,cAAQ,KAAK;AAEb,YAAM,OAAO,SAAS,SAAS,IAAI,CAAC,MAAM;AAAA,QACxC,EAAE;AAAA,QACF,EAAE;AAAA,QACF,EAAE,cAAc;AAAA,QAChB,OAAO,EAAE,WAAW;AAAA,QACpB,OAAO,EAAE,aAAa;AAAA,QACtB,OAAO,EAAE,kBAAkB;AAAA,MAC7B,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,eAAe,UAAU,YAAY,gBAAgB;AAAA,QACpE;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,SAAS;AAAA,MACX;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACzCA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,YAAW;AAClB,OAAOC,WAAS;AAQT,SAASC,cAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,qBAAqB,EACjC,SAAS,QAAQ,YAAY,EAC7B;AAAA,IACC,iBAAiB,OAAO,IAAY,OAAgB,QAAiB;AACnE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,qBAAqB,EAAE,MAAM;AACjD,YAAM,UAAU,MAAM,OAAO,WAAW,EAAE;AAC1C,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAC5C;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ,cAAQ,IAAIC,OAAM,KAAK,KAAK,QAAQ,IAAI,EAAE,CAAC;AAC3C,cAAQ,IAAI;AAEZ;AAAA,QACE;AAAA,UACE,CAAC,MAAM,QAAQ,EAAE;AAAA,UACjB,CAAC,eAAe,QAAQ,UAAU;AAAA,UAClC,CAAC,eAAe,QAAQ,WAAW;AAAA,UACnC,CAAC,cAAc,QAAQ,SAAS;AAAA,UAChC,CAAC,UAAU,OAAO,QAAQ,WAAW,CAAC;AAAA,UACtC,CAAC,YAAY,OAAO,QAAQ,aAAa,CAAC;AAAA,UAC1C,CAAC,kBAAkB,OAAO,QAAQ,kBAAkB,CAAC;AAAA,QACvD;AAAA,QACA;AAAA,MACF;AAEA,UAAI,QAAQ,OAAO,SAAS,GAAG;AAC7B,gBAAQ,IAAI;AACZ,gBAAQ,IAAIA,OAAM,KAAK,UAAU,CAAC;AAClC,gBAAQ,IAAI;AACZ;AAAA,UACE,CAAC,MAAM,QAAQ,WAAW;AAAA,UAC1B,QAAQ,OAAO,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,QAAQ,IAAI,CAAC;AAAA,UACtE;AAAA,QACF;AAAA,MACF;AAEA,UAAI,QAAQ,SAAS,SAAS,GAAG;AAC/B,gBAAQ,IAAI;AACZ,gBAAQ,IAAIA,OAAM,KAAK,YAAY,CAAC;AACpC,gBAAQ,IAAI;AACZ;AAAA,UACE,CAAC,MAAM,QAAQ,MAAM;AAAA,UACrB,QAAQ,SAAS,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,QAAQ,KAAK,EAAE,IAAI,CAAC;AAAA,UACzD;AAAA,QACF;AAAA,MACF;AAEA,UAAI,QAAQ,cAAc,SAAS,GAAG;AACpC,gBAAQ,IAAI;AACZ,gBAAQ,IAAIA,OAAM,KAAK,kBAAkB,CAAC;AAC1C,gBAAQ,IAAI;AACZ;AAAA,UACE,CAAC,MAAM,MAAM;AAAA,UACb,QAAQ,cAAc,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAAA,UAClD;AAAA,QACF;AAAA,MACF;AAEA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AClFA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,eAAc;AACrB,OAAOC,WAAS;AAQhB,SAAS,OAAO,UAAmC;AACjD,QAAM,KAAKC,UAAS,gBAAgB,EAAE,OAAO,QAAQ,OAAO,QAAQ,QAAQ,OAAO,CAAC;AACpF,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,UAAU,CAAC,WAAW;AAChC,SAAG,MAAM;AACT,cAAQ,OAAO,KAAK,CAAC;AAAA,IACvB,CAAC;AAAA,EACH,CAAC;AACH;AAGO,SAASC,iBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,sBAAsB,EAClC,OAAO,iBAAiB,cAAc,EACtC,OAAO,+BAA+B,qBAAqB,EAC3D,OAAO,8BAA8B,qBAAqB,EAC1D;AAAA,IACC,iBAAiB,OAAO,MAAoE,QAAiB;AAC3G,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,UAAI,OAAO,KAAK;AAChB,UAAI,CAAC,MAAM;AACT,eAAO,MAAM,OAAO,gBAAgB;AAAA,MACtC;AACA,UAAI,CAAC,MAAM;AACT,cAAM,IAAI,MAAM,2BAA2B;AAAA,MAC7C;AAEA,YAAM,UAAUC,MAAI,qBAAqB,EAAE,MAAM;AACjD,YAAM,WAAW,MAAM,OAAO,cAAc;AAAA,QAC1C;AAAA,QACA,aAAa,KAAK;AAAA,QAClB,YAAY,KAAK;AAAA,MACnB,CAAC;AACD,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,MACF;AAEA,cAAQ,4BAA4B,SAAS,EAAE,EAAE;AAAA,IACnD,CAAC;AAAA,EACH;AACJ;;;ACzDA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAST,SAAS,mBAA4B;AAC1C,SAAO,IAAIC,UAAQ,YAAY,EAC5B,YAAY,qDAAqD,EACjE,SAAS,eAAe,YAAY,EACpC;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,MACE,OACE,WACA,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,4BAA4B,EAAE,MAAM;AACxD,cAAM,OAAO,oBAAoB,WAAW;AAAA,UAC1C,UAAU,QAAQ;AAAA,QACpB,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,WAAW,UAAU,QAAQ,QAAQ,GAAG,MAAM,CAAC,CAAC;AAC7E;AAAA,QACF;AAEA,gBAAQ,wCAAwC,SAAS,EAAE;AAAA,MAC7D;AAAA,IACF;AAAA,EACF;AACJ;;;ACtCO,SAAS,wBAAwBC,UAAwB;AAC9D,QAAM,UAAUA,SAAQ,QAAQ,SAAS,EAAE,YAAY,iBAAiB;AAExE,UAAQ,WAAWC,aAAY,CAAC;AAChC,UAAQ,WAAWC,YAAW,CAAC;AAC/B,UAAQ,WAAWC,eAAc,CAAC;AAClC,UAAQ,WAAW,gBAAgB,CAAC;AACpC,UAAQ,WAAW,iBAAiB,CAAC;AACvC;;;ACfA,SAAS,aAAa;AACtB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AAcR,SAAS,mBAAmBC,UAAwB;AACzD,EAAAA,SACG,QAAQ,KAAK,EACb,YAAY,oEAAoE,EAChF,SAAS,gBAAgB,kCAAkC,EAC3D,OAAO,qBAAqB,0CAA0C,EACtE;AAAA,IACC;AAAA,MACE,OAAO,cAAwB,MAA2B,QAAiB;AACzE,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,YAAY,UAAU;AAGrC,cAAM,UAAUC,MAAI,0BAA0B,EAAE,MAAM;AACtD,cAAM,KAAK,MAAMC,IAAG,OAAO,MAAM;AACjC,gBAAQ,KAAK;AAEb,cAAM,MAAM,GAAG;AAGf,cAAM,YAAoC,CAAC;AAE3C,mBAAW,OAAO,OAAO,KAAK,GAAG,GAAG;AAClC,gBAAM,UAAU,KAAK,SACjB,GAAG,KAAK,OAAO,YAAY,CAAC,IAAI,GAAG,KACnC;AACJ,oBAAU,OAAO,IAAI,IAAI,GAAG;AAAA,QAC9B;AAGA,cAAM,CAAC,SAAS,GAAG,IAAI,IAAI;AAC3B,cAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACjC,OAAO;AAAA,UACP,KAAK,EAAE,GAAG,QAAQ,KAAK,GAAG,UAAU;AAAA,UACpC,OAAO;AAAA,QACT,CAAC;AAGD,cAAM,GAAG,SAAS,CAAC,SAAS;AAC1B,kBAAQ,KAAK,QAAQ,CAAC;AAAA,QACxB,CAAC;AAED,cAAM,GAAG,SAAS,CAAC,QAAQ;AACzB,gBAAM,IAAI,MAAM,8BAA8B,OAAO,MAAM,IAAI,OAAO,EAAE;AAAA,QAC1E,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACJ;;;ACjEA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAST,SAASC,iBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,gCAAgC,EAC5C,eAAe,iBAAiB,qBAAqB,EACrD,eAAe,oBAAoB,WAAW,EAC9C,OAAO,oBAAoB,mCAAmC,EAC9D;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,MACE,OACE,SAMA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,4BAA4B,EAAE,MAAM;AACxD,cAAM,OAAO,oBAAoB;AAAA,UAC/B,MAAM,QAAQ;AAAA,UACd,UAAU,QAAQ,YAAY;AAAA,UAC9B,UAAU,QAAQ;AAAA,UAClB,OAAO,QAAQ;AAAA,QACjB,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ;AAAA,YACN,KAAK;AAAA,cACH;AAAA,gBACE,MAAM,QAAQ;AAAA,gBACd,UAAU,QAAQ;AAAA,gBAClB,UAAU,QAAQ,YAAY;AAAA,gBAC9B,OAAO,QAAQ;AAAA,cACjB;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAAA,UACF;AACA;AAAA,QACF;AAEA,gBAAQ,2BAA2B,QAAQ,IAAI,GAAG;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AACJ;;;AC9DO,SAAS,8BAA8BC,UAAwB;AACpE,QAAM,gBAAgBA,SACnB,QAAQ,gBAAgB,EACxB,YAAY,+BAA+B;AAE9C,gBAAc,WAAWC,eAAc,CAAC;AAC1C;;;A/EkBA,IAAM,UAAU,IAAIC,UAAQ;AAE5B,QACG,KAAK,IAAI,EACT,YAAY,sEAAiE,EAC7E,QAAQ,OAAO,EACf,OAAO,mBAAmB,wDAAwD,EAClF,OAAO,oBAAoB,uEAAuE,EAClG,OAAO,qBAAqB,8EAA8E,EAC1G,OAAO,SAAS,oEAAoE,EACpF,OAAO,oBAAoB,wCAAwC,EACnE,OAAO,6BAA6B,2FAA2F,EAC/H,OAAO,6BAA6B,mGAAmG,EACvI,OAAO,UAAU,2CAA2C,KAAK;AAEpE,sBAAsB,OAAO;AAC7B,qBAAqB,OAAO;AAC5B,wBAAwB,OAAO;AAC/B,uBAAuB,OAAO;AAC9B,QAAQ,WAAW,iBAAiB,CAAC;AACrC,uBAAuB,OAAO;AAC9B,yBAAyB,OAAO;AAChC,wBAAwB,OAAO;AAC/B,2BAA2B,OAAO;AAClC,4BAA4B,OAAO;AACnC,wBAAwB,OAAO;AAC/B,8BAA8B,OAAO;AACrC,sBAAsB,OAAO;AAC7B,sBAAsB,OAAO;AAC7B,wBAAwB,OAAO;AAC/B,mBAAmB,OAAO;AAC1B,QAAQ,WAAW,cAAc,CAAC;AAElC,QAAQ,MAAM;","names":["Command","path","fs","fs","fs","fs","fs","path","fs","path","Command","chalk","ora","Command","ora","chalk","Command","ora","Command","ora","Command","ora","Command","chalk","ora","crypto","fs","path","fs2","path2","path4","loadPrivateKey","derivePublicKey","R4_DEFAULT_API_BASE_URL","R4_DEV_API_BASE_URL","resolveTrustStorePath","chalk","Command","ora","fs","path","Command","ora","Command","ora","Command","ora","Command","ora","Command","ora","Command","ora","Command","ora","program","Command","applyCredentialBundleToProfile","Command","Command","Command","config","profileName","Command","crypto","path","Command","Command","chalk","Command","chalk","Command","Command","chalk","chalk","Command","Command","program","Command","ora","Command","ora","program","Command","ora","fs","path","createCommand","Command","ora","Command","ora","listCommand","Command","ora","program","listCommand","createCommand","Command","fs","fs","privateKeyPem","Command","Command","ora","Command","ora","Command","ora","listCommand","Command","ora","Command","ora","Command","ora","program","listCommand","Command","ora","Command","ora","program","Command","Command","path","program","Command","ora","Command","ora","program","Command","ora","Command","ora","Command","ora","Command","ora","program","Command","listCommand","Command","Command","Command","program","listCommand","Command","Command","program","Command","ora","createCommand","Command","ora","Command","ora","Command","ora","Command","ora","R4","listCommand","Command","ora","R4","Command","Command","ora","R4","ora","Command","R4","Command","Command","ora","Command","ora","Command","ora","R4","getCommand","Command","ora","R4","Command","ora","R4","Command","ora","R4","program","createCommand","listCommand","getCommand","Command","ora","Command","ora","Command","ora","listCommand","Command","ora","Command","chalk","ora","getCommand","Command","ora","chalk","Command","readline","ora","readline","createCommand","Command","ora","Command","ora","Command","ora","program","listCommand","getCommand","createCommand","ora","R4","program","ora","R4","Command","ora","createCommand","Command","ora","program","createCommand","Command"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/commands/agent/create.ts","../src/lib/client.ts","../src/lib/command-options.ts","../src/lib/output.ts","../src/lib/errors.ts","../src/lib/config.ts","../src/lib/profile-paths.ts","../src/lib/credentials-store.ts","../src/lib/private-key.ts","../src/lib/runtime-config.ts","../src/lib/resolve-auth.ts","../src/commands/agent/get.ts","../src/commands/agent/get-tenant-roles.ts","../src/commands/agent/init.ts","../src/commands/doctor.ts","../src/lib/doctor.ts","../src/lib/credentials-file.ts","../src/lib/profile-identity.ts","../src/lib/profile-manager.ts","../src/lib/prompt.ts","../src/commands/agent/list.ts","../src/commands/agent/set-tenant-roles.ts","../src/commands/agent/update.ts","../src/commands/agent/index.ts","../src/commands/auth/diagnose.ts","../src/commands/auth/login.ts","../src/commands/auth/logout.ts","../src/commands/auth/register-agent.ts","../src/lib/public-auth-client.ts","../src/lib/register-agent.ts","../src/commands/auth/status.ts","../src/commands/auth/whoami.ts","../src/commands/profile/show.ts","../src/lib/profile-report.ts","../src/commands/auth/index.ts","../src/commands/billing/readiness.ts","../src/commands/billing/index.ts","../src/commands/budget/create.ts","../src/lib/json-input.ts","../src/commands/budget/list.ts","../src/commands/budget/index.ts","../src/commands/configure.ts","../src/commands/domain/add.ts","../src/commands/domain/list.ts","../src/commands/domain/verify.ts","../src/commands/domain/index.ts","../src/commands/feedback/submit.ts","../src/commands/feedback/index.ts","../src/commands/machine/request.ts","../src/commands/machine/index.ts","../src/commands/monitoring/entity-counts.ts","../src/commands/monitoring/index.ts","../src/commands/permissions/security-groups.ts","../src/commands/permissions/set.ts","../src/commands/permissions/index.ts","../src/commands/profile/list.ts","../src/commands/profile/use.ts","../src/commands/profile/index.ts","../src/commands/space/info.ts","../src/commands/space/index.ts","../src/commands/vault/create.ts","../src/commands/vault/create-item.ts","../src/commands/vault/download-asset.ts","../src/commands/vault/list.ts","../src/commands/vault/list-items.ts","../src/commands/vault/items.ts","../src/commands/vault/list-vaults.ts","../src/commands/vault/get.ts","../src/commands/vault/search.ts","../src/commands/vault/index.ts","../src/commands/project/add-vault.ts","../src/commands/project/list.ts","../src/commands/project/get.ts","../src/commands/project/create.ts","../src/commands/project/set-agents.ts","../src/commands/project/index.ts","../src/commands/run/index.ts","../src/commands/security-group/create.ts","../src/commands/security-group/index.ts"],"sourcesContent":["import { Command } from 'commander'\nimport { registerAgentCommands } from './commands/agent/index.js'\nimport { registerAuthCommands } from './commands/auth/index.js'\nimport { registerBillingCommands } from './commands/billing/index.js'\nimport { registerBudgetCommands } from './commands/budget/index.js'\nimport { configureCommand } from './commands/configure.js'\nimport { registerDomainCommands } from './commands/domain/index.js'\nimport { doctorCommand } from './commands/doctor.js'\nimport { registerFeedbackCommands } from './commands/feedback/index.js'\nimport { registerMachineCommands } from './commands/machine/index.js'\nimport { registerMonitoringCommands } from './commands/monitoring/index.js'\nimport { registerPermissionsCommands } from './commands/permissions/index.js'\nimport { registerProfileCommands } from './commands/profile/index.js'\nimport { registerSpaceCommands } from './commands/space/index.js'\nimport { registerVaultCommands } from './commands/vault/index.js'\nimport { registerProjectCommands } from './commands/project/index.js'\nimport { registerRunCommand } from './commands/run/index.js'\nimport { registerSecurityGroupCommands } from './commands/security-group/index.js'\n\n/**\n * R4 CLI entry point.\n *\n * Sets up the commander program with global options and command groups:\n * - auth: Manage API key authentication\n * - vault: Manage vault secrets\n * - project: Manage projects\n * - run: Execute commands with vault secrets injected as env vars\n */\nconst program = new Command()\n\nprogram\n .name('r4')\n .description('R4 CLI — manage vaults, projects, and secrets from the terminal')\n .version('1.0.2')\n .option('--api-key <key>', 'API key (overrides R4_API_KEY env var and config file)')\n .option('--profile <name>', 'CLI profile name (overrides R4_PROFILE and the saved current profile)')\n .option('--project-id <id>', 'Optional project ID filter (overrides R4_PROJECT_ID env var and config file)')\n .option('--dev', 'Use https://dev.r4.dev unless an explicit base URL override is set')\n .option('--base-url <url>', 'API base URL (default: https://r4.dev)')\n .option('--private-key-path <path>', 'Path to the agent private key PEM (overrides R4_PRIVATE_KEY_PATH env var and config file)')\n .option('--trust-store-path <path>', 'Path to the local signer trust-store JSON (overrides R4_TRUST_STORE_PATH env var and config file)')\n .option('--json', 'Output as JSON for scripting and piping', false)\n\nregisterAgentCommands(program)\nregisterAuthCommands(program)\nregisterBillingCommands(program)\nregisterBudgetCommands(program)\nprogram.addCommand(configureCommand())\nregisterDomainCommands(program)\nregisterFeedbackCommands(program)\nregisterMachineCommands(program)\nregisterMonitoringCommands(program)\nregisterPermissionsCommands(program)\nregisterProfileCommands(program)\nregisterSecurityGroupCommands(program)\nregisterSpaceCommands(program)\nregisterVaultCommands(program)\nregisterProjectCommands(program)\nregisterRunCommand(program)\nprogram.addCommand(doctorCommand())\n\nprogram.parse()\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { CreateAgentRequest, GlobalOptions } from '../../types.js'\n\nfunction buildCreateAgentBody(options: {\n name: string\n domainTenantId: string\n budgetId?: string\n securityGroupId: string[]\n vaultId?: string\n permission: string[]\n newBudgetName?: string\n newBudgetDescription?: string\n newBudgetTarget?: string\n}): CreateAgentRequest {\n if (options.newBudgetTarget && !options.newBudgetName) {\n throw new Error('Provide --new-budget-name when using --new-budget-target.')\n }\n\n if (options.newBudgetName && !options.newBudgetTarget) {\n throw new Error('Provide --new-budget-target when using --new-budget-name.')\n }\n\n return {\n name: options.name,\n domainTenantId: options.domainTenantId,\n budgetId: options.budgetId,\n securityGroupIds: options.securityGroupId,\n vaultId: options.vaultId,\n permissions: options.permission.length > 0 ? options.permission : undefined,\n newBudget: options.newBudgetName\n ? {\n name: options.newBudgetName,\n description: options.newBudgetDescription,\n target: Number(options.newBudgetTarget),\n }\n : undefined,\n }\n}\n\n/** `r4 agent create` provisions an agent and returns the one-time API secret. */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a new agent')\n .requiredOption('--name <name>', 'Agent name')\n .requiredOption('--domain-tenant-id <id>', 'Target domain tenant ID')\n .option('--budget-id <id>', 'Existing budget ID to assign')\n .option('--vault-id <id>', 'Optional vault ID to store credentials in')\n .option('--new-budget-name <name>', 'Create and assign a new per-agent budget')\n .option('--new-budget-description <text>', 'Description for the new per-agent budget')\n .option('--new-budget-target <amount>', 'Target amount for the new per-agent budget')\n .option(\n '--security-group-id <id>',\n 'Security group IDs (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .option(\n '--permission <grant>',\n 'Machine permission grant (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .action(\n withErrorHandler(\n async (\n options: {\n name: string\n domainTenantId: string\n budgetId?: string\n securityGroupId: string[]\n vaultId?: string\n permission: string[]\n newBudgetName?: string\n newBudgetDescription?: string\n newBudgetTarget?: string\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const body = buildCreateAgentBody(options)\n\n const spinner = ora('Creating agent...').start()\n const response = await client.createAgent(body)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Created agent \"${response.name}\"`)\n printDetail(\n [\n ['ID', response.id],\n ['Access Key', response.accessKey],\n ['Access Secret', response.accessSecret],\n ['Vault Item', response.vaultItemId],\n ],\n false,\n )\n },\n ),\n )\n}\n","import os from 'node:os'\n\nimport type {\n AgentCreatedResponse,\n AgentDetail,\n AgentListResponse,\n AgentTenantRolesResponse,\n AddDomainResponse,\n AssociateProjectVaultRequest,\n BillingReadinessResponse,\n BudgetSummary,\n CreateBudgetRequest,\n CreateAgentRequest,\n CreateSecurityGroupRequest,\n DomainStatus,\n MonitoringEntityCountsResponse,\n PermissionAssetType,\n ProjectAgentsResponse,\n JsonValue,\n ListMachineVaultItemsResponse,\n ListMachineSharedVaultItemsResponse,\n ListMachineVaultsResponse,\n MachineIdentityResponse,\n MachineVaultAttachmentDownloadTicketResponse,\n MachineVaultItemDetailResponse,\n MachineRequestMethod,\n MachineRequestResponse,\n SecurityGroupListResponse,\n SetPermissionsRequest,\n SubmitMachineFeedbackRequest,\n SubmitMachineFeedbackResponse,\n UpdateAgentRequest,\n UpdateAgentTenantRolesRequest,\n UpdateProjectAgentsRequest,\n ProjectListResponse,\n ProjectDetail,\n CreateProjectRequest,\n CreateProjectResponse,\n MachineAgentPublicKeyResponse,\n MachineWrappedKeyResponse,\n VerifyDomainResponse,\n VaultMutationResponse,\n} from '../types.js'\n\nconst AGENT_RUNTIME_HOSTNAME_HEADER = 'X-R4-Agent-Hostname'\n\n/**\n * Lightweight machine-API client for CLI commands that only need metadata or\n * direct machine endpoints without going through the zero-trust SDK runtime.\n */\nexport class CliClient {\n private apiKey: string\n private baseUrl: string\n\n constructor(apiKey: string, baseUrl: string) {\n this.apiKey = apiKey\n this.baseUrl = baseUrl.replace(/\\/$/, '')\n }\n\n private normalizeMachinePath(path: string): string {\n if (!path || /^\\w+:\\/\\//.test(path)) {\n throw new Error('Machine request path must be a relative machine API path.')\n }\n\n const normalizedPath = path.startsWith('/') ? path : `/${path}`\n return normalizedPath.startsWith('/api/v1/machine')\n ? normalizedPath\n : `/api/v1/machine${normalizedPath}`\n }\n\n /**\n * Make an authenticated request to the machine API.\n * Handles error responses consistently with the SDK pattern.\n */\n private async request<T>(method: string, path: string, body?: unknown): Promise<T> {\n const url = `${this.baseUrl}${path}`\n\n const response = await fetch(url, {\n method,\n headers: {\n 'X-API-Key': this.apiKey,\n 'Content-Type': 'application/json',\n },\n body: body ? JSON.stringify(body) : undefined,\n })\n\n if (!response.ok) {\n const errorBody = (await response.json().catch(() => ({}))) as Record<string, unknown>\n const error = errorBody?.error as Record<string, unknown> | undefined\n const errorMessage = error?.message || `HTTP ${response.status}: ${response.statusText}`\n const errorCode =\n typeof error?.code === 'string'\n ? ` [${error.code}]`\n : ''\n throw new Error(`R4 API Error${errorCode}: ${errorMessage}`)\n }\n\n if (response.status === 204) {\n return undefined as T\n }\n\n const responseText = await response.text()\n if (!responseText) {\n return undefined as T\n }\n\n try {\n return JSON.parse(responseText) as T\n } catch {\n return responseText as unknown as T\n }\n }\n\n /** Call any existing machine API route through the authenticated CLI client. */\n async requestMachine<T = MachineRequestResponse>(params: {\n method: MachineRequestMethod\n path: string\n body?: JsonValue\n }): Promise<T> {\n return this.request<T>(params.method, this.normalizeMachinePath(params.path), params.body)\n }\n\n /** Register or re-confirm the local agent runtime public key. */\n async registerAgentPublicKey(body: {\n publicKey: string\n previousEncryptionKeyId?: string\n rotationSignature?: string\n }): Promise<MachineAgentPublicKeyResponse> {\n const response = await fetch(`${this.baseUrl}/api/v1/machine/vault/public-key`, {\n method: 'POST',\n headers: {\n 'X-API-Key': this.apiKey,\n 'Content-Type': 'application/json',\n [AGENT_RUNTIME_HOSTNAME_HEADER]: os.hostname(),\n },\n body: JSON.stringify(body),\n })\n\n if (!response.ok) {\n const errorBody = (await response.json().catch(() => ({}))) as Record<string, unknown>\n const error = errorBody?.error as Record<string, unknown> | undefined\n const errorMessage = error?.message || `HTTP ${response.status}: ${response.statusText}`\n const errorCode =\n typeof error?.code === 'string'\n ? ` [${error.code}]`\n : ''\n throw new Error(`R4 API Error${errorCode}: ${errorMessage}`)\n }\n\n return response.json() as Promise<MachineAgentPublicKeyResponse>\n }\n\n /** Read the authenticated machine principal and resolved policy context. */\n async getMachineIdentity(): Promise<MachineIdentityResponse> {\n return this.request<MachineIdentityResponse>('GET', '/api/v1/machine/me')\n }\n\n /** List all visible vaults for the authenticated machine principal. */\n async listVaults(projectId?: string): Promise<ListMachineVaultsResponse> {\n const search = projectId ? `?projectId=${encodeURIComponent(projectId)}` : ''\n return this.request<ListMachineVaultsResponse>('GET', `/api/v1/machine/vault${search}`)\n }\n\n /** Create a checkpoint-signed machine vault from a prebuilt JSON payload. */\n async createVault(body: JsonValue): Promise<VaultMutationResponse> {\n return this.request<VaultMutationResponse>('POST', '/api/v1/machine/vault', body)\n }\n\n /** Retrieve the active wrapped DEK for the current agent on a vault. */\n async getAgentWrappedKey(vaultId: string): Promise<MachineWrappedKeyResponse> {\n return this.request<MachineWrappedKeyResponse>(\n 'GET',\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/wrapped-key`,\n )\n }\n\n /** List lightweight metadata for all items in a vault. */\n async listVaultItems(vaultId: string): Promise<ListMachineVaultItemsResponse> {\n return this.request<ListMachineVaultItemsResponse>(\n 'GET',\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/items`,\n )\n }\n\n /** List directly shared vault items whose parent vault is otherwise hidden. */\n async getSharedVaultItems(): Promise<ListMachineSharedVaultItemsResponse> {\n return this.request<ListMachineSharedVaultItemsResponse>(\n 'GET',\n '/api/v1/machine/vault/shared-items',\n )\n }\n\n /** Retrieve the full machine vault-item detail payload. */\n async getVaultItemDetail(\n vaultId: string,\n itemId: string,\n ): Promise<MachineVaultItemDetailResponse> {\n return this.request<MachineVaultItemDetailResponse>(\n 'GET',\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/items/${encodeURIComponent(itemId)}`,\n )\n }\n\n /** Retrieve a zero-trust download ticket for a vault attachment. */\n async getVaultAttachmentDownloadTicket(\n vaultId: string,\n assetId: string,\n ): Promise<MachineVaultAttachmentDownloadTicketResponse> {\n return this.request<MachineVaultAttachmentDownloadTicketResponse>(\n 'GET',\n `/api/v1/machine/attachments/${encodeURIComponent(vaultId)}/assets/${encodeURIComponent(assetId)}/download-ticket`,\n )\n }\n\n /** Create a checkpoint-signed vault item from a prebuilt JSON payload. */\n async createVaultItem(vaultId: string, body: JsonValue): Promise<VaultMutationResponse> {\n return this.request<VaultMutationResponse>(\n 'POST',\n `/api/v1/machine/vault/${encodeURIComponent(vaultId)}/items`,\n body,\n )\n }\n\n /** List all projects. GET /api/v1/machine/project */\n async listProjects(): Promise<ProjectListResponse> {\n return this.request<ProjectListResponse>('GET', '/api/v1/machine/project')\n }\n\n /** List visible budgets and their active windows. */\n async listBudgets(): Promise<BudgetSummary[]> {\n return this.request<BudgetSummary[]>('GET', '/api/v1/machine/budget')\n }\n\n /** Create a budget through the machine billing surface. */\n async createBudget(data: CreateBudgetRequest): Promise<void> {\n await this.request<void>('POST', '/api/v1/machine/budget', data)\n }\n\n /** Get project details. GET /api/v1/machine/project/:id */\n async getProject(id: string): Promise<ProjectDetail> {\n return this.request<ProjectDetail>('GET', `/api/v1/machine/project/${id}`)\n }\n\n /** Create a new project. POST /api/v1/machine/project */\n async createProject(data: CreateProjectRequest): Promise<CreateProjectResponse> {\n return this.request<CreateProjectResponse>('POST', '/api/v1/machine/project', data)\n }\n\n /** List all visible agents for the authenticated principal. */\n async listAgents(): Promise<AgentListResponse> {\n return this.request<AgentListResponse>('GET', '/api/v1/machine/agent')\n }\n\n /** Fetch a single agent by ID. */\n async getAgent(id: string): Promise<AgentDetail> {\n return this.request<AgentDetail>('GET', `/api/v1/machine/agent/${encodeURIComponent(id)}`)\n }\n\n /** Create a new agent and return the one-time API key secret. */\n async createAgent(data: CreateAgentRequest): Promise<AgentCreatedResponse> {\n return this.request<AgentCreatedResponse>('POST', '/api/v1/machine/agent', data)\n }\n\n /** Update mutable agent metadata such as budget and security-group memberships. */\n async updateAgent(id: string, data: UpdateAgentRequest): Promise<void> {\n await this.request<void>('PATCH', `/api/v1/machine/agent/${encodeURIComponent(id)}`, data)\n }\n\n /** Read the explicit and inherited tenant roles for an agent. */\n async getAgentTenantRoles(id: string): Promise<AgentTenantRolesResponse> {\n return this.request<AgentTenantRolesResponse>(\n 'GET',\n `/api/v1/machine/agent/${encodeURIComponent(id)}/tenant-roles`,\n )\n }\n\n /** Replace the explicit tenant roles on an agent. */\n async updateAgentTenantRoles(\n id: string,\n data: UpdateAgentTenantRolesRequest,\n ): Promise<void> {\n await this.request<void>(\n 'PATCH',\n `/api/v1/machine/agent/${encodeURIComponent(id)}/tenant-roles`,\n data,\n )\n }\n\n /** Create a tenant security group. */\n async createSecurityGroup(data: CreateSecurityGroupRequest): Promise<void> {\n await this.request<void>('POST', '/api/v1/machine/tenant-admin/create-security-group', data)\n }\n\n /** List visible security groups through the permissions surface. */\n async listSecurityGroups(): Promise<SecurityGroupListResponse> {\n return this.request<SecurityGroupListResponse>('GET', '/api/v1/machine/permissions/security-groups')\n }\n\n /** Replace permissions for an asset in one request. */\n async setPermissions(\n assetType: PermissionAssetType,\n id: string,\n data: SetPermissionsRequest,\n ): Promise<void> {\n await this.request<void>(\n 'POST',\n `/api/v1/machine/permissions/${assetType}/${encodeURIComponent(id)}/set-permissions`,\n data,\n )\n }\n\n /** Associate a vault with a project. */\n async associateProjectVault(data: AssociateProjectVaultRequest): Promise<void> {\n await this.request<void>('POST', '/api/v1/machine/project/associate-vault', data)\n }\n\n /** Read explicit project agent membership. */\n async getProjectAgents(id: string): Promise<ProjectAgentsResponse> {\n const agents = await this.request<ProjectAgentsResponse['agents']>(\n 'GET',\n `/api/v1/machine/project/project/${encodeURIComponent(id)}/agents`,\n )\n\n return { agents }\n }\n\n /** Replace explicit project agent membership. */\n async updateProjectAgents(id: string, data: UpdateProjectAgentsRequest): Promise<void> {\n await this.request<void>(\n 'PATCH',\n `/api/v1/machine/project/project/${encodeURIComponent(id)}/update-agents`,\n data,\n )\n }\n\n /** Submit structured product feedback from an AGENT-scoped key. */\n async submitFeedback(data: SubmitMachineFeedbackRequest): Promise<SubmitMachineFeedbackResponse> {\n return this.request<SubmitMachineFeedbackResponse>('POST', '/api/v1/machine/feedback', data)\n }\n\n /** List org domains visible to the current machine principal. */\n async listDomains(): Promise<DomainStatus[]> {\n return this.request<DomainStatus[]>('GET', '/api/v1/machine/domain/list')\n }\n\n /** Register a new external domain. */\n async addDomain(domain: string): Promise<AddDomainResponse> {\n return this.request<AddDomainResponse>('POST', '/api/v1/machine/domain/add', { domain })\n }\n\n /** Trigger domain verification. */\n async verifyDomain(id: string): Promise<VerifyDomainResponse> {\n return this.request<VerifyDomainResponse>(\n 'POST',\n `/api/v1/machine/domain/${encodeURIComponent(id)}/verify`,\n )\n }\n\n /** Read the org billing readiness summary. */\n async getBillingReadiness(): Promise<BillingReadinessResponse> {\n return this.request<BillingReadinessResponse>('GET', '/api/v1/machine/billing/readiness')\n }\n\n /** Read monitoring entity counts scoped to the current machine session. */\n async getMonitoringEntityCounts(): Promise<MonitoringEntityCountsResponse> {\n return this.request<MonitoringEntityCountsResponse>(\n 'GET',\n '/api/v1/machine/monitoring/entity-counts',\n )\n }\n}\n","/**\n * Collect repeated Commander option values while also accepting comma-separated\n * input for convenience in shell scripts.\n */\nexport function collectOptionValues(value: string, previous: string[] = []): string[] {\n const nextValues = value\n .split(',')\n .map((entry) => entry.trim())\n .filter(Boolean)\n\n return [...previous, ...nextValues]\n}\n","import chalk from 'chalk'\nimport Table from 'cli-table3'\n\n/**\n * Print data as a formatted table, or as JSON if --json flag is set.\n */\nexport function printTable(\n headers: string[],\n rows: string[][],\n jsonMode: boolean,\n jsonData?: unknown,\n): void {\n if (jsonMode) {\n console.log(JSON.stringify(jsonData ?? rows, null, 2))\n return\n }\n\n const table = new Table({\n head: headers.map((h) => chalk.cyan(h)),\n style: { head: [], border: [] },\n })\n for (const row of rows) {\n table.push(row)\n }\n console.log(table.toString())\n}\n\n/**\n * Print a key-value detail view.\n */\nexport function printDetail(\n entries: [string, string | null | undefined][],\n jsonMode: boolean,\n jsonData?: unknown,\n): void {\n if (jsonMode) {\n console.log(JSON.stringify(jsonData, null, 2))\n return\n }\n\n const maxLen = Math.max(...entries.map(([k]) => k.length))\n for (const [key, value] of entries) {\n const label = chalk.gray(key.padEnd(maxLen))\n const val = value ?? chalk.dim('(empty)')\n console.log(` ${label} ${val}`)\n }\n}\n\n/** Print a success message */\nexport function success(message: string): void {\n console.log(chalk.green('✓') + ' ' + message)\n}\n\n/** Print a warning */\nexport function warn(message: string): void {\n console.log(chalk.yellow('!') + ' ' + message)\n}\n\n/** Print an error message to stderr */\nexport function printError(message: string): void {\n console.error(chalk.red('✗') + ' ' + message)\n}\n","import { printError } from './output.js'\n\nfunction formatErrorMessage(message: string): string {\n if (\n message.includes('[wrapped_key_not_found]') ||\n message.includes('No wrapped key found for this agent and vault.')\n ) {\n return (\n `${message}\\n\\n` +\n 'Remediation:\\n' +\n ' - Make sure the vault or vault item is shared with this agent, one of its security groups, or one of its projects.\\n' +\n ' - If you just created or rotated the local runtime key, re-run `r4 agent init` and then re-wrap access for the agent.\\n' +\n ' - Run `r4 doctor` to see which visible vaults are missing wrapped keys.'\n )\n }\n\n if (message.includes('failed to register the local agent public key')) {\n return (\n `${message}\\n\\n` +\n 'Remediation:\\n' +\n ' - Use an AGENT-scoped API key.\\n' +\n ' - Point `--private-key-path` at the matching local PEM file, or run `r4 agent init` to generate and register one automatically.\\n' +\n ' - If you intentionally target a non-production environment, include `--dev` or set `R4_DEV=1`.'\n )\n }\n\n return message\n}\n\n/**\n * Wrap a command handler to catch errors and exit with proper codes.\n * Formats R4 API errors and auth errors with helpful messages.\n */\nexport function withErrorHandler<T extends unknown[]>(\n fn: (...args: T) => Promise<void>,\n): (...args: T) => Promise<void> {\n return async (...args: T) => {\n try {\n await fn(...args)\n } catch (err) {\n if (err instanceof Error) {\n printError(formatErrorMessage(err.message))\n } else {\n printError('An unexpected error occurred')\n }\n process.exit(1)\n }\n }\n}\n","import fs from 'node:fs'\nimport type {\n LegacyR4ConfigFile,\n MachinePrincipalType,\n R4ConfigFile,\n R4ProfileConfig,\n R4ProfileIdentityCache,\n} from '../types.js'\nimport {\n ensureSecureDirectory,\n getProfileDir,\n getR4HomeDir,\n writeSecureFile,\n} from './profile-paths.js'\n\nexport const DEFAULT_PROFILE_NAME = 'default'\n\nfunction emptyConfig(): R4ConfigFile {\n return {\n version: 3,\n currentProfile: DEFAULT_PROFILE_NAME,\n profiles: {\n [DEFAULT_PROFILE_NAME]: {},\n },\n }\n}\n\nfunction sanitizeIdentityCache(identity: unknown): R4ProfileIdentityCache | undefined {\n if (!identity || typeof identity !== 'object') {\n return undefined\n }\n\n const value = identity as Partial<R4ProfileIdentityCache>\n const nextIdentity: R4ProfileIdentityCache = {}\n\n if (typeof value.apiKeyId === 'string' && value.apiKeyId.trim()) {\n nextIdentity.apiKeyId = value.apiKeyId.trim()\n }\n if (typeof value.apiKeyName === 'string' && value.apiKeyName.trim()) {\n nextIdentity.apiKeyName = value.apiKeyName.trim()\n }\n if (\n value.apiKeyScope === 'ORG' ||\n value.apiKeyScope === 'TENANT' ||\n value.apiKeyScope === 'USER' ||\n value.apiKeyScope === 'AGENT'\n ) {\n nextIdentity.apiKeyScope = value.apiKeyScope\n }\n if (typeof value.policySummary === 'string' && value.policySummary.trim()) {\n nextIdentity.policySummary = value.policySummary.trim()\n }\n if (\n value.principalType === 'AGENT' ||\n value.principalType === 'ORG_USER' ||\n value.principalType === 'ACCOUNT' ||\n value.principalType === 'UNKNOWN'\n ) {\n nextIdentity.principalType = value.principalType as MachinePrincipalType\n }\n if (typeof value.principalId === 'string' && value.principalId.trim()) {\n nextIdentity.principalId = value.principalId.trim()\n }\n if (typeof value.principalLabel === 'string' && value.principalLabel.trim()) {\n nextIdentity.principalLabel = value.principalLabel.trim()\n }\n if (typeof value.orgId === 'string' && value.orgId.trim()) {\n nextIdentity.orgId = value.orgId.trim()\n }\n if (typeof value.orgName === 'string' && value.orgName.trim()) {\n nextIdentity.orgName = value.orgName.trim()\n }\n if (typeof value.tenantId === 'string' && value.tenantId.trim()) {\n nextIdentity.tenantId = value.tenantId.trim()\n }\n if (typeof value.tenantName === 'string' && value.tenantName.trim()) {\n nextIdentity.tenantName = value.tenantName.trim()\n }\n if (\n value.contextType === 'ORG' ||\n value.contextType === 'TENANT' ||\n value.contextType === 'WORKSPACE' ||\n value.contextType === 'USER' ||\n value.contextType === 'GLOBAL'\n ) {\n nextIdentity.contextType = value.contextType\n }\n if (\n value.contextId === null ||\n (typeof value.contextId === 'string' && value.contextId.trim())\n ) {\n nextIdentity.contextId = value.contextId ?? null\n }\n if (typeof value.lastResolvedAt === 'string' && value.lastResolvedAt.trim()) {\n nextIdentity.lastResolvedAt = value.lastResolvedAt.trim()\n }\n\n return Object.keys(nextIdentity).length > 0 ? nextIdentity : undefined\n}\n\nfunction sanitizeProfileConfig(profile: unknown): R4ProfileConfig {\n if (!profile || typeof profile !== 'object') {\n return {}\n }\n\n const value = profile as Partial<R4ProfileConfig>\n const nextProfile: R4ProfileConfig = {}\n\n if (typeof value.baseUrl === 'string' && value.baseUrl.trim()) {\n nextProfile.baseUrl = value.baseUrl.trim()\n }\n if (typeof value.dev === 'boolean') {\n nextProfile.dev = value.dev\n }\n if (typeof value.projectId === 'string' && value.projectId.trim()) {\n nextProfile.projectId = value.projectId.trim()\n }\n if (typeof value.privateKeyPath === 'string' && value.privateKeyPath.trim()) {\n nextProfile.privateKeyPath = value.privateKeyPath.trim()\n }\n if (typeof value.trustStorePath === 'string' && value.trustStorePath.trim()) {\n nextProfile.trustStorePath = value.trustStorePath.trim()\n }\n if (typeof value.agentId === 'string' && value.agentId.trim()) {\n nextProfile.agentId = value.agentId.trim()\n }\n if (typeof value.agentName === 'string' && value.agentName.trim()) {\n nextProfile.agentName = value.agentName.trim()\n }\n const identity = sanitizeIdentityCache(value.identity)\n if (identity) {\n nextProfile.identity = identity\n }\n\n return nextProfile\n}\n\nfunction hasLegacyTopLevelProfileFields(config: LegacyR4ConfigFile): boolean {\n return Boolean(\n config.baseUrl ||\n config.dev !== undefined ||\n config.projectId ||\n config.privateKeyPath ||\n config.trustStorePath ||\n config.agentId ||\n config.agentName ||\n config.identity,\n )\n}\n\nfunction normalizeConfig(raw: unknown): R4ConfigFile {\n if (!raw || typeof raw !== 'object') {\n return emptyConfig()\n }\n\n const parsed = raw as LegacyR4ConfigFile\n const nextConfig = emptyConfig()\n\n if (parsed.profiles && typeof parsed.profiles === 'object') {\n const entries = Object.entries(parsed.profiles)\n .filter(([name]) => typeof name === 'string' && name.trim().length > 0)\n .map(([name, profile]) => [name.trim(), sanitizeProfileConfig(profile)] as const)\n\n if (entries.length > 0) {\n nextConfig.profiles = Object.fromEntries(entries)\n }\n }\n\n if (hasLegacyTopLevelProfileFields(parsed)) {\n nextConfig.profiles[DEFAULT_PROFILE_NAME] = {\n ...nextConfig.profiles[DEFAULT_PROFILE_NAME],\n ...sanitizeProfileConfig(parsed),\n }\n }\n\n const configuredCurrentProfile =\n typeof parsed.currentProfile === 'string' && parsed.currentProfile.trim()\n ? parsed.currentProfile.trim()\n : DEFAULT_PROFILE_NAME\n\n nextConfig.currentProfile =\n nextConfig.profiles[configuredCurrentProfile] !== undefined\n ? configuredCurrentProfile\n : Object.keys(nextConfig.profiles)[0] ?? DEFAULT_PROFILE_NAME\n\n if (Object.keys(nextConfig.profiles).length === 0) {\n return emptyConfig()\n }\n\n return nextConfig\n}\n\n/**\n * Load the R4 config file from ~/.r4/config.json.\n * Returns an empty normalized config if the file does not exist or is invalid.\n */\nexport function loadConfig(): R4ConfigFile {\n try {\n const raw = fs.readFileSync(getConfigPath(), 'utf8')\n return normalizeConfig(JSON.parse(raw))\n } catch {\n return emptyConfig()\n }\n}\n\n/**\n * Save the R4 config file to ~/.r4/config.json.\n * Creates the ~/.r4 directory if it does not exist.\n */\nexport function saveConfig(config: R4ConfigFile): void {\n ensureSecureDirectory(getR4HomeDir())\n writeSecureFile(getConfigPath(), JSON.stringify(config, null, 2) + '\\n')\n}\n\n/**\n * Remove the R4 config file.\n */\nexport function clearConfig(): void {\n try {\n fs.unlinkSync(getConfigPath())\n } catch {\n // File doesn't exist, nothing to do\n }\n}\n\n/**\n * Get the path to the config file (for display purposes).\n */\nexport function getConfigPath(): string {\n return `${getR4HomeDir()}/config.json`\n}\n\n/** Returns the configured profile names in deterministic order. */\nexport function getProfileNames(config: R4ConfigFile): string[] {\n return Object.keys(config.profiles).sort()\n}\n\n/** Returns the currently selected profile name. */\nexport function getCurrentProfileName(config: R4ConfigFile): string {\n return config.currentProfile\n}\n\n/** Resolve the effective profile name from CLI, env, and persisted config. */\nexport function getSelectedProfileName(\n config: R4ConfigFile,\n profileOverride?: string,\n envProfile?: string,\n): string {\n const selectedProfile = profileOverride || envProfile || config.currentProfile\n return selectedProfile?.trim() || DEFAULT_PROFILE_NAME\n}\n\n/** Return the saved settings for a single profile. */\nexport function getProfileConfig(\n config: R4ConfigFile,\n profileName: string,\n): R4ProfileConfig {\n return config.profiles[profileName] ?? {}\n}\n\n/** Upsert a single named profile while keeping the rest of the config intact. */\nexport function updateProfile(\n config: R4ConfigFile,\n profileName: string,\n profile: R4ProfileConfig,\n): R4ConfigFile {\n return {\n ...config,\n profiles: {\n ...config.profiles,\n [profileName]: profile,\n },\n }\n}\n\n/** Select the active profile for future commands. */\nexport function setCurrentProfile(\n config: R4ConfigFile,\n profileName: string,\n): R4ConfigFile {\n return {\n ...config,\n currentProfile: profileName,\n }\n}\n\n/** Remove a profile and fall back to the next available profile when needed. */\nexport function removeProfile(\n config: R4ConfigFile,\n profileName: string,\n): R4ConfigFile {\n const remainingProfiles = Object.fromEntries(\n Object.entries(config.profiles).filter(([name]) => name !== profileName),\n )\n\n if (Object.keys(remainingProfiles).length === 0) {\n return emptyConfig()\n }\n\n return {\n version: 3,\n currentProfile:\n config.currentProfile === profileName\n ? (Object.keys(remainingProfiles).sort()[0] ?? DEFAULT_PROFILE_NAME)\n : config.currentProfile,\n profiles: remainingProfiles,\n }\n}\n\n/** Managed storage directory for a named profile. */\nexport function getManagedProfileDir(profileName: string): string {\n return getProfileDir(profileName)\n}\n\n/** Remove the managed profile directory when it is empty. */\nexport function clearManagedProfileDirectory(profileName: string): void {\n const profileDir = getProfileDir(profileName)\n fs.rmSync(profileDir, { recursive: true, force: true })\n}\n","import fs from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\n\n/**\n * Convert a profile name into a filesystem-safe filename fragment.\n */\nexport function sanitizeProfileName(profileName: string): string {\n const sanitized = profileName\n .trim()\n .toLowerCase()\n .replace(/[^a-z0-9._-]+/g, '-')\n .replace(/^-+|-+$/g, '')\n\n return sanitized || 'default'\n}\n\n/** Root CLI state directory under the user's home directory. */\nexport function getR4HomeDir(): string {\n return path.join(os.homedir(), '.r4')\n}\n\n/** Directory that contains managed per-profile state. */\nexport function getProfilesDir(): string {\n return path.join(getR4HomeDir(), 'profiles')\n}\n\n/** Managed directory for a single named profile. */\nexport function getProfileDir(profileName: string): string {\n return path.join(getProfilesDir(), sanitizeProfileName(profileName))\n}\n\n/** Managed credential file for a named profile. */\nexport function getProfileCredentialsPath(profileName: string): string {\n return path.join(getProfileDir(profileName), 'credentials.json')\n}\n\n/** Managed private-key path for a named profile. */\nexport function getManagedPrivateKeyPath(profileName: string): string {\n return path.join(getProfileDir(profileName), 'private-key.pem')\n}\n\n/** Managed trust-store path for a named profile. */\nexport function getManagedTrustStorePath(profileName: string): string {\n return path.join(getProfileDir(profileName), 'trust-store.json')\n}\n\n/** Ensure a directory exists with restricted owner-only permissions. */\nexport function ensureSecureDirectory(dirPath: string): void {\n fs.mkdirSync(dirPath, { recursive: true, mode: 0o700 })\n fs.chmodSync(dirPath, 0o700)\n}\n\n/** Write a file with owner-only permissions. */\nexport function writeSecureFile(filePath: string, contents: string): void {\n ensureSecureDirectory(path.dirname(filePath))\n fs.writeFileSync(filePath, contents, {\n encoding: 'utf8',\n mode: 0o600,\n })\n fs.chmodSync(filePath, 0o600)\n}\n\n/** Best-effort removal helper for managed profile files. */\nexport function removeFileIfExists(filePath: string): void {\n try {\n fs.unlinkSync(filePath)\n } catch {\n // Ignore missing files.\n }\n}\n","import fs from 'node:fs'\nimport {\n getProfileCredentialsPath,\n writeSecureFile,\n} from './profile-paths.js'\n\nexport interface StoredProfileCredentials {\n version: 1\n accessKey: string\n secretKey: string\n savedAt: string\n}\n\nexport interface ApiKeyParts {\n accessKey: string\n secretKey: string\n}\n\n/**\n * Join split machine credentials into the `{accessKey}.{secret}` format.\n */\nexport function buildApiKeyFromParts(\n accessKey?: string,\n secretKey?: string,\n): string | undefined {\n if (!accessKey || !secretKey) {\n return undefined\n }\n\n return `${accessKey}.${secretKey}`\n}\n\n/**\n * Split a combined API key into the access key and secret halves.\n */\nexport function splitApiKey(apiKey?: string): ApiKeyParts | undefined {\n if (!apiKey) {\n return undefined\n }\n\n const trimmed = apiKey.trim()\n const separatorIndex = trimmed.indexOf('.')\n if (separatorIndex <= 0 || separatorIndex === trimmed.length - 1) {\n return undefined\n }\n\n return {\n accessKey: trimmed.slice(0, separatorIndex),\n secretKey: trimmed.slice(separatorIndex + 1),\n }\n}\n\nfunction sanitizeStoredCredentials(raw: unknown): StoredProfileCredentials | null {\n if (!raw || typeof raw !== 'object') {\n return null\n }\n\n const value = raw as Partial<StoredProfileCredentials>\n if (\n typeof value.accessKey !== 'string' ||\n typeof value.secretKey !== 'string' ||\n !value.accessKey.trim() ||\n !value.secretKey.trim()\n ) {\n return null\n }\n\n return {\n version: 1,\n accessKey: value.accessKey.trim(),\n secretKey: value.secretKey.trim(),\n savedAt:\n typeof value.savedAt === 'string' && value.savedAt.trim()\n ? value.savedAt.trim()\n : new Date().toISOString(),\n }\n}\n\n/** Load stored split credentials for a saved profile. */\nexport function loadProfileCredentials(profileName: string): StoredProfileCredentials | null {\n try {\n const raw = fs.readFileSync(getProfileCredentialsPath(profileName), 'utf8')\n return sanitizeStoredCredentials(JSON.parse(raw))\n } catch {\n return null\n }\n}\n\n/** Persist split credentials for a saved profile. */\nexport function saveProfileCredentials(\n profileName: string,\n credentials: ApiKeyParts,\n): StoredProfileCredentials {\n const stored: StoredProfileCredentials = {\n version: 1,\n accessKey: credentials.accessKey.trim(),\n secretKey: credentials.secretKey.trim(),\n savedAt: new Date().toISOString(),\n }\n writeSecureFile(\n getProfileCredentialsPath(profileName),\n JSON.stringify(stored, null, 2) + '\\n',\n )\n return stored\n}\n\n/** Delete the managed credentials file for a named profile. */\nexport function clearProfileCredentials(profileName: string): void {\n try {\n fs.unlinkSync(getProfileCredentialsPath(profileName))\n } catch {\n // Nothing to do when the file is already absent.\n }\n}\n","import crypto from 'node:crypto'\nimport fs from 'node:fs'\nimport path from 'node:path'\nimport {\n ensureSecureDirectory,\n getManagedPrivateKeyPath,\n sanitizeProfileName,\n writeSecureFile,\n} from './profile-paths.js'\n\nexport { sanitizeProfileName } from './profile-paths.js'\n\n/**\n * Default private-key path for a named profile.\n */\nexport function getDefaultPrivateKeyPath(profileName: string): string {\n return getManagedPrivateKeyPath(profileName)\n}\n\n/**\n * Resolve the best private-key path for the active profile.\n */\nexport function resolvePrivateKeyPath(params: {\n cliPath?: string\n envPath?: string\n profilePath?: string\n profileName: string\n allowDefaultIfMissing?: boolean\n}): {\n value?: string\n source: string | null\n} {\n if (params.cliPath) {\n return { value: params.cliPath, source: '--private-key-path flag' }\n }\n\n if (params.envPath) {\n return { value: params.envPath, source: 'R4_PRIVATE_KEY_PATH env var' }\n }\n\n if (params.profilePath) {\n return { value: params.profilePath, source: 'profile config' }\n }\n\n const defaultPath = getDefaultPrivateKeyPath(params.profileName)\n if (fs.existsSync(defaultPath) || params.allowDefaultIfMissing === true) {\n return { value: defaultPath, source: 'default profile key path' }\n }\n\n return { value: undefined, source: null }\n}\n\n/**\n * Load a PEM-encoded private key from disk.\n */\nexport function loadPrivateKey(privateKeyPath: string): string {\n return fs.readFileSync(path.resolve(privateKeyPath), 'utf8').trim()\n}\n\n/**\n * Derive the matching PEM-encoded public key from a PEM private key.\n */\nexport function derivePublicKey(privateKeyPem: string): string {\n return crypto.createPublicKey(privateKeyPem).export({\n type: 'spki',\n format: 'pem',\n }).toString()\n}\n\n/**\n * Ensure a local RSA private key exists on disk for the agent runtime.\n */\nexport function ensurePrivateKey(privateKeyPath: string): {\n privateKeyPem: string\n created: boolean\n} {\n const resolvedPath = path.resolve(privateKeyPath)\n\n if (fs.existsSync(resolvedPath)) {\n return {\n privateKeyPem: loadPrivateKey(resolvedPath),\n created: false,\n }\n }\n\n const keyPair = crypto.generateKeyPairSync('rsa', {\n modulusLength: 2048,\n publicKeyEncoding: {\n type: 'spki',\n format: 'pem',\n },\n privateKeyEncoding: {\n type: 'pkcs8',\n format: 'pem',\n },\n })\n\n ensureSecureDirectory(path.dirname(resolvedPath))\n writeSecureFile(resolvedPath, keyPair.privateKey.trim() + '\\n')\n\n return {\n privateKeyPem: keyPair.privateKey.trim(),\n created: true,\n }\n}\n","import type { GlobalOptions, R4ProfileConfig } from '../types.js'\n\nexport const R4_DEFAULT_API_BASE_URL = 'https://r4.dev'\nexport const R4_DEV_API_BASE_URL = 'https://dev.r4.dev'\n\ntype RuntimeModeSources = {\n cliBaseUrl?: string\n envBaseUrl?: string\n configBaseUrl?: string\n cliDev?: boolean\n envDev?: string\n configDev?: boolean\n}\n\nexport type ResolvedRuntimeMode = {\n baseUrl: string\n devMode: boolean\n}\n\nfunction normalizeBaseUrl(baseUrl: string): string {\n return baseUrl.replace(/\\/+$/, '')\n}\n\nfunction isTruthyEnvFlag(value?: string): boolean {\n if (!value) {\n return false\n }\n\n return ['1', 'true', 'yes', 'on'].includes(value.trim().toLowerCase())\n}\n\n/**\n * Resolve the effective API base URL and dev-mode state.\n * Any explicit base URL override wins over dev mode.\n */\nexport function resolveRuntimeMode(sources: RuntimeModeSources): ResolvedRuntimeMode {\n const explicitBaseUrl = sources.cliBaseUrl || sources.envBaseUrl || sources.configBaseUrl\n\n if (explicitBaseUrl) {\n return {\n baseUrl: explicitBaseUrl,\n devMode: normalizeBaseUrl(explicitBaseUrl) === R4_DEV_API_BASE_URL,\n }\n }\n\n const devMode =\n sources.cliDev === true ||\n isTruthyEnvFlag(sources.envDev) ||\n sources.configDev === true\n\n return {\n baseUrl: devMode ? R4_DEV_API_BASE_URL : R4_DEFAULT_API_BASE_URL,\n devMode,\n }\n}\n\n/**\n * Resolve the effective runtime mode from CLI flags, env vars, and config file.\n */\nexport function resolveRuntimeModeFromCli(\n opts: GlobalOptions,\n config: R4ProfileConfig,\n): ResolvedRuntimeMode {\n return resolveRuntimeMode({\n cliBaseUrl: opts.baseUrl,\n envBaseUrl: process.env.R4_BASE_URL,\n configBaseUrl: config.baseUrl,\n cliDev: opts.dev,\n envDev: process.env.R4_DEV,\n configDev: config.dev,\n })\n}\n\n/**\n * Apply runtime-related global options to a single persisted CLI profile.\n * Saving an explicit base URL clears saved dev mode, and saving dev mode\n * clears any saved base URL so the dev host actually takes effect.\n */\nexport function applyGlobalRuntimeOptionsToProfile(\n profile: R4ProfileConfig,\n opts: Pick<GlobalOptions, 'baseUrl' | 'dev' | 'projectId' | 'privateKeyPath' | 'trustStorePath'>,\n): R4ProfileConfig {\n const nextProfile: R4ProfileConfig = { ...profile }\n\n if (opts.baseUrl) {\n nextProfile.baseUrl = opts.baseUrl\n delete nextProfile.dev\n } else if (opts.dev === true) {\n nextProfile.dev = true\n delete nextProfile.baseUrl\n } else if (opts.dev === false) {\n delete nextProfile.dev\n delete nextProfile.baseUrl\n }\n\n if (opts.projectId) {\n nextProfile.projectId = opts.projectId\n }\n\n if (opts.privateKeyPath) {\n nextProfile.privateKeyPath = opts.privateKeyPath\n }\n\n if (opts.trustStorePath) {\n nextProfile.trustStorePath = opts.trustStorePath\n }\n\n return nextProfile\n}\n","import type { R4Config } from '@r4-sdk/node'\nimport type {\n GlobalOptions,\n R4ConfigFile,\n R4ProfileConfig,\n} from '../types.js'\nimport {\n getProfileConfig,\n getSelectedProfileName,\n loadConfig,\n} from './config.js'\nimport {\n buildApiKeyFromParts,\n loadProfileCredentials,\n} from './credentials-store.js'\nimport {\n resolvePrivateKeyPath,\n} from './private-key.js'\nimport { getManagedTrustStorePath } from './profile-paths.js'\nimport { resolveRuntimeModeFromCli } from './runtime-config.js'\n\nexport type ResolvedConnection = {\n apiKey?: string\n apiKeySource: string\n baseUrl: string\n dev: boolean\n projectId?: string\n privateKeyPath?: string\n privateKeySource: string | null\n trustStorePath?: string\n trustStoreSource: string | null\n profileName: string\n profile: R4ProfileConfig\n configFile: R4ConfigFile\n}\n\nfunction resolveApiKey(\n opts: GlobalOptions,\n profileName: string,\n): { value?: string; source: string; incompleteSplitEnv: boolean } {\n if (opts.apiKey) {\n return {\n value: opts.apiKey,\n source: '--api-key flag',\n incompleteSplitEnv: false,\n }\n }\n\n if (process.env.R4_API_KEY) {\n return {\n value: process.env.R4_API_KEY,\n source: 'R4_API_KEY env var',\n incompleteSplitEnv: false,\n }\n }\n\n const splitEnvApiKey = buildApiKeyFromParts(\n process.env.R4_ACCESS_KEY,\n process.env.R4_SECRET_KEY,\n )\n if (splitEnvApiKey) {\n return {\n value: splitEnvApiKey,\n source: 'R4_ACCESS_KEY + R4_SECRET_KEY env vars',\n incompleteSplitEnv: false,\n }\n }\n\n const storedCredentials = loadProfileCredentials(profileName)\n const storedApiKey = buildApiKeyFromParts(\n storedCredentials?.accessKey,\n storedCredentials?.secretKey,\n )\n if (storedApiKey) {\n return {\n value: storedApiKey,\n source: `profile \"${profileName}\" credentials file`,\n incompleteSplitEnv: false,\n }\n }\n\n return {\n value: undefined,\n source: 'none',\n incompleteSplitEnv: Boolean(process.env.R4_ACCESS_KEY || process.env.R4_SECRET_KEY),\n }\n}\n\nfunction resolveProjectId(\n opts: GlobalOptions,\n profile: R4ProfileConfig,\n): string | undefined {\n return opts.projectId || process.env.R4_PROJECT_ID || profile.projectId\n}\n\nfunction resolveTrustStorePath(\n opts: GlobalOptions,\n profile: R4ProfileConfig,\n profileName: string,\n): {\n value?: string\n source: string | null\n} {\n if (opts.trustStorePath) {\n return { value: opts.trustStorePath, source: '--trust-store-path flag' }\n }\n\n if (process.env.R4_TRUST_STORE_PATH) {\n return { value: process.env.R4_TRUST_STORE_PATH, source: 'R4_TRUST_STORE_PATH env var' }\n }\n\n if (profile.trustStorePath) {\n return { value: profile.trustStorePath, source: 'profile config' }\n }\n\n return {\n value: getManagedTrustStorePath(profileName),\n source: 'default managed profile trust store',\n }\n}\n\n/**\n * Resolve runtime settings from CLI flags, environment variables, and the\n * selected saved profile without requiring local decryption by default.\n */\nexport function resolveConnection(\n opts: GlobalOptions,\n params?: {\n requireApiKey?: boolean\n requirePrivateKey?: boolean\n },\n): ResolvedConnection {\n const configFile = loadConfig()\n const profileName = getSelectedProfileName(\n configFile,\n opts.profile,\n process.env.R4_PROFILE,\n )\n const profile = getProfileConfig(configFile, profileName)\n const runtimeMode = resolveRuntimeModeFromCli(opts, profile)\n\n const apiKey = resolveApiKey(opts, profileName)\n const privateKey = resolvePrivateKeyPath({\n cliPath: opts.privateKeyPath,\n envPath: process.env.R4_PRIVATE_KEY_PATH,\n profilePath: profile.privateKeyPath,\n profileName,\n })\n const trustStorePath = resolveTrustStorePath(opts, profile, profileName)\n\n if (params?.requireApiKey && !apiKey.value) {\n throw new Error(\n 'No API key found. Provide one via:\\n' +\n ' --api-key <key> CLI flag\\n' +\n ' R4_API_KEY environment variable\\n' +\n ' R4_ACCESS_KEY + R4_SECRET_KEY environment variables\\n' +\n ' r4 configure run the guided profile setup\\n' +\n ' r4 auth login save it to a profile\\n' +\n ' r4 agent init bootstrap the full first-run flow' +\n (apiKey.incompleteSplitEnv\n ? '\\n\\nBoth R4_ACCESS_KEY and R4_SECRET_KEY must be set together.'\n : ''),\n )\n }\n\n if (params?.requirePrivateKey && !privateKey.value) {\n throw new Error(\n 'No private key path found. Provide one via:\\n' +\n ' --private-key-path <path> CLI flag\\n' +\n ' R4_PRIVATE_KEY_PATH environment variable\\n' +\n ' profile config saved privateKeyPath\\n' +\n ` r4 configure generate a key at ${resolvePrivateKeyPath({\n profileName,\n allowDefaultIfMissing: true,\n }).value}`,\n )\n }\n\n return {\n apiKey: apiKey.value,\n apiKeySource: apiKey.source,\n baseUrl: runtimeMode.baseUrl,\n dev: runtimeMode.devMode,\n projectId: resolveProjectId(opts, profile),\n privateKeyPath: privateKey.value,\n privateKeySource: privateKey.source,\n trustStorePath: trustStorePath.value,\n trustStoreSource: trustStorePath.source,\n profileName,\n profile,\n configFile,\n }\n}\n\n/**\n * Resolve the SDK's zero-trust auth config for commands that decrypt locally.\n */\nexport function resolveAuth(opts: GlobalOptions): R4Config {\n const connection = resolveConnection(opts, {\n requireApiKey: true,\n requirePrivateKey: true,\n })\n\n return {\n apiKey: connection.apiKey!,\n projectId: connection.projectId,\n baseUrl: connection.baseUrl,\n dev: connection.dev,\n privateKeyPath: connection.privateKeyPath!,\n trustStorePath: connection.trustStorePath,\n }\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 agent get <id>` shows one agent including budget and security groups. */\nexport function getCommand(): Command {\n return new Command('get')\n .description('Get agent details')\n .argument('<id>', 'Agent ID')\n .action(\n withErrorHandler(async (id: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching agent...').start()\n const agent = await client.getAgent(id)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(agent, null, 2))\n return\n }\n\n console.log()\n console.log(chalk.bold(` ${agent.name}`))\n console.log()\n\n printDetail(\n [\n ['ID', agent.id],\n ['Tenant', agent.tenantName],\n ['Domain', agent.domainName],\n ['Domain Tenant ID', agent.domainTenantId],\n ['Budget', agent.budgetId],\n ['Public Key Ready', agent.isPublicKeyRegistered ? 'Yes' : 'No'],\n ['Created At', agent.createdAt],\n ['Updated At', agent.updatedAt],\n ['Archived At', agent.archivedAt],\n ],\n false,\n )\n\n if (agent.securityGroups.length > 0) {\n console.log()\n console.log(chalk.bold(' Security Groups'))\n console.log()\n printTable(\n ['ID', 'Name'],\n agent.securityGroups.map((group) => [group.id, group.name]),\n false,\n )\n }\n\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 agent get-tenant-roles <id>` reads explicit and inherited tenant roles. */\nexport function getTenantRolesCommand(): Command {\n return new Command('get-tenant-roles')\n .description('Get the tenant roles assigned to an agent')\n .argument('<id>', 'Agent ID')\n .action(\n withErrorHandler(async (id: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching agent tenant roles...').start()\n const response = await client.getAgentTenantRoles(id)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n console.log()\n printDetail(\n [\n ['Agent ID', id],\n ['Explicit Roles', response.roles.join(', ') || '(none)'],\n ['Inherited Roles', response.inheritedRoles.join(', ') || '(none)'],\n ],\n false,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { printDoctorReport } from '../doctor.js'\nimport { CliClient } from '../../lib/client.js'\nimport {\n getProfileConfig,\n getSelectedProfileName,\n loadConfig,\n} from '../../lib/config.js'\nimport { parseCredentialsFile } from '../../lib/credentials-file.js'\nimport {\n buildApiKeyFromParts,\n loadProfileCredentials,\n} from '../../lib/credentials-store.js'\nimport { doctorHasFailures, runDoctorChecks } from '../../lib/doctor.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success, warn } from '../../lib/output.js'\nimport {\n cacheProfileIdentity,\n saveProfileApiKey,\n saveProfileState,\n} from '../../lib/profile-manager.js'\nimport { promptText } from '../../lib/prompt.js'\nimport {\n derivePublicKey,\n ensurePrivateKey,\n resolvePrivateKeyPath,\n} from '../../lib/private-key.js'\nimport {\n resolveConnection,\n} from '../../lib/resolve-auth.js'\nimport {\n applyGlobalRuntimeOptionsToProfile,\n resolveRuntimeModeFromCli,\n} from '../../lib/runtime-config.js'\nimport type {\n GlobalOptions,\n ParsedCredentialBundle,\n R4ProfileConfig,\n} from '../../types.js'\n\nfunction getAgentId(bundle: {\n transparency?: {\n entries: Array<{ agentId: string }>\n } | null\n}): string | undefined {\n const entryCount = bundle.transparency?.entries.length ?? 0\n if (!bundle.transparency || entryCount === 0) {\n return undefined\n }\n\n return bundle.transparency.entries[entryCount - 1]?.agentId\n}\n\nfunction applyCredentialBundleToProfile(\n profile: R4ProfileConfig,\n bundle: ParsedCredentialBundle,\n globalOpts: GlobalOptions,\n privateKeyPath: string,\n): R4ProfileConfig {\n let nextProfile: R4ProfileConfig = { ...profile }\n\n if (!globalOpts.baseUrl && globalOpts.dev !== true) {\n if (bundle.baseUrl) {\n nextProfile.baseUrl = bundle.baseUrl\n delete nextProfile.dev\n } else if (bundle.dev === true) {\n nextProfile.dev = true\n delete nextProfile.baseUrl\n } else if (bundle.dev === false) {\n delete nextProfile.dev\n }\n }\n\n if (!globalOpts.projectId && bundle.projectId) {\n nextProfile.projectId = bundle.projectId\n }\n\n if (bundle.agentId) {\n nextProfile.agentId = bundle.agentId\n }\n\n if (bundle.agentName) {\n nextProfile.agentName = bundle.agentName\n }\n\n nextProfile.privateKeyPath = privateKeyPath\n\n nextProfile = applyGlobalRuntimeOptionsToProfile(nextProfile, globalOpts)\n return nextProfile\n}\n\n/** `r4 agent init` — bootstrap the local runtime in one shot. */\nexport function initCommand(): Command {\n return new Command('init')\n .description('Bootstrap local agent auth, key generation, public-key registration, and health checks')\n .option(\n '--credentials-file <path>',\n 'Read credentials from a CSV, .env, JSON, or plain-text handoff file',\n )\n .action(\n withErrorHandler(\n async (\n opts: {\n credentialsFile?: string\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const profileName = getSelectedProfileName(\n config,\n globalOpts.profile,\n process.env.R4_PROFILE,\n )\n const existingProfile = getProfileConfig(config, profileName)\n const bundle = opts.credentialsFile\n ? parseCredentialsFile(opts.credentialsFile)\n : {}\n const storedCredentials = loadProfileCredentials(profileName)\n\n let apiKey =\n globalOpts.apiKey ||\n process.env.R4_API_KEY ||\n buildApiKeyFromParts(\n process.env.R4_ACCESS_KEY,\n process.env.R4_SECRET_KEY,\n ) ||\n bundle.apiKey ||\n buildApiKeyFromParts(\n storedCredentials?.accessKey,\n storedCredentials?.secretKey,\n )\n\n if (!apiKey) {\n apiKey = await promptText('Enter your R4 API key', {\n hidden: true,\n })\n }\n\n if (!apiKey) {\n throw new Error('No API key provided.')\n }\n\n if (!apiKey.includes('.')) {\n warn('API key format is usually {accessKey}.{secret}')\n }\n\n if (globalOpts.baseUrl && globalOpts.dev) {\n warn('--base-url takes precedence over --dev and will be saved as the active runtime URL.')\n }\n\n const privateKeyPath =\n resolvePrivateKeyPath({\n cliPath: globalOpts.privateKeyPath,\n envPath: process.env.R4_PRIVATE_KEY_PATH,\n profilePath: existingProfile.privateKeyPath,\n profileName,\n allowDefaultIfMissing: true,\n }).value\n\n if (!privateKeyPath) {\n throw new Error('Unable to resolve a local private-key path for agent bootstrap.')\n }\n\n const keySpinner = ora('Ensuring a local RSA private key exists...').start()\n const { privateKeyPem, created } = ensurePrivateKey(privateKeyPath)\n keySpinner.stop()\n\n const publicKeyPem = derivePublicKey(privateKeyPem)\n const nextProfile = applyCredentialBundleToProfile(\n existingProfile,\n bundle,\n globalOpts,\n privateKeyPath,\n )\n\n const runtimeMode = resolveRuntimeModeFromCli(globalOpts, nextProfile)\n const client = new CliClient(apiKey, runtimeMode.baseUrl)\n\n const registerSpinner = ora('Registering the local public key...').start()\n const registration = await client.registerAgentPublicKey({\n publicKey: publicKeyPem,\n })\n registerSpinner.stop()\n\n const savedProfile: R4ProfileConfig = {\n ...nextProfile,\n agentId: getAgentId(registration) ?? nextProfile.agentId,\n }\n\n saveProfileApiKey(profileName, apiKey)\n saveProfileState(profileName, savedProfile)\n\n success(\n created\n ? `Generated a private key at ${privateKeyPath}`\n : `Reused the existing private key at ${privateKeyPath}`,\n )\n success(`Saved profile \"${profileName}\" to the local CLI config`)\n\n const doctorConnection = resolveConnection(\n { ...globalOpts, profile: profileName },\n { requireApiKey: true, requirePrivateKey: true },\n )\n const doctorSpinner = ora('Running health checks...').start()\n const report = await runDoctorChecks(doctorConnection)\n doctorSpinner.stop()\n\n printDoctorReport(report)\n\n try {\n const identity = await client.getMachineIdentity()\n cacheProfileIdentity(profileName, identity)\n } catch {\n // The health check already prints the useful failure context.\n }\n\n if (doctorHasFailures(report)) {\n throw new Error(\n 'Agent init saved your local profile, but the health check still has failures.',\n )\n }\n\n success(\n `Agent profile \"${profileName}\" is ready for ${runtimeMode.devMode ? 'dev' : 'prod'} use.`,\n )\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport ora from 'ora'\nimport {\n doctorHasFailures,\n runDoctorChecks,\n type DoctorCheckStatus,\n type DoctorReport,\n} from '../lib/doctor.js'\nimport { withErrorHandler } from '../lib/errors.js'\nimport { printDetail, printTable } from '../lib/output.js'\nimport { resolveConnection } from '../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../types.js'\n\nfunction renderStatus(status: DoctorCheckStatus): string {\n switch (status) {\n case 'pass':\n return chalk.green('PASS')\n case 'warn':\n return chalk.yellow('WARN')\n case 'fail':\n return chalk.red('FAIL')\n default:\n return chalk.gray('SKIP')\n }\n}\n\nexport function printDoctorReport(report: DoctorReport): void {\n console.log()\n console.log(chalk.bold(' R4 Doctor'))\n console.log()\n\n printDetail(\n [\n ['Profile', report.profileName],\n ['Base URL', report.baseUrl],\n ['Mode', report.dev ? 'dev' : 'prod'],\n ['Project ID', report.projectId || chalk.dim('(not set)')],\n ['API Key Scope', report.apiKeyScope || chalk.dim('(unknown)')],\n ['Organization', report.orgName || report.orgId || chalk.dim('(unknown)')],\n ['Tenant', report.tenantName || report.tenantId || chalk.dim('(not bound)')],\n ['Private Key', report.privateKeyPath || chalk.dim('(not set)')],\n ['Trust Store', report.trustStorePath || chalk.dim('(not set)')],\n ['Agent ID', report.agentId || report.agentName || chalk.dim('(unknown)')],\n ],\n false,\n )\n\n console.log()\n printTable(\n ['Check', 'Status', 'Detail'],\n report.checks.map((check) => [\n check.label,\n renderStatus(check.status),\n check.detail,\n ]),\n false,\n )\n\n if (report.vaults.length > 0) {\n console.log()\n console.log(chalk.bold(' Vaults'))\n console.log()\n printTable(\n ['Vault', 'Items', 'Wrapped Key', 'Detail'],\n report.vaults.map((vault) => [\n vault.name,\n String(vault.itemCount),\n vault.wrappedKeyStatus,\n vault.detail ?? '-',\n ]),\n false,\n )\n }\n\n if (report.warnings && report.warnings.length > 0) {\n console.log(chalk.yellow(' Warnings'))\n for (const warning of report.warnings) {\n console.log(chalk.yellow(` - ${warning}`))\n }\n console.log()\n }\n\n console.log()\n}\n\n/**\n * Shared doctor command used by both `r4 doctor` and `r4 auth diagnose`.\n */\nexport function doctorCommand(\n commandName = 'doctor',\n description = 'Verify CLI auth, runtime key registration, vault access, and zero-trust health',\n): Command {\n return new Command(commandName)\n .description(description)\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts)\n\n const spinner = ora('Running CLI health checks...').start()\n const report = await runDoctorChecks(connection)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(report, null, 2))\n if (doctorHasFailures(report)) {\n process.exitCode = 1\n }\n return\n }\n\n printDoctorReport(report)\n\n if (doctorHasFailures(report)) {\n process.exitCode = 1\n }\n }),\n )\n}\n","import R4 from '@r4-sdk/node'\nimport { CliClient } from './client.js'\nimport { derivePublicKey, loadPrivateKey } from './private-key.js'\nimport type {\n MachineIdentityResponse,\n MachineAgentPublicKeyResponse,\n MachineVaultSummary,\n} from '../types.js'\nimport type { ResolvedConnection } from './resolve-auth.js'\n\nexport type DoctorCheckStatus = 'pass' | 'warn' | 'fail' | 'skip'\n\nexport interface DoctorCheck {\n id: string\n label: string\n status: DoctorCheckStatus\n detail: string\n}\n\nexport interface DoctorVaultStatus {\n id: string\n name: string\n itemCount: number\n wrappedKeyStatus: 'present' | 'missing' | 'error' | 'skipped'\n detail?: string\n}\n\nexport interface DoctorReport {\n profileName: string\n baseUrl: string\n dev: boolean\n projectId?: string\n privateKeyPath?: string\n trustStorePath?: string\n apiKeyScope?: string\n orgId?: string\n orgName?: string\n tenantId?: string\n tenantName?: string\n agentId?: string\n agentName?: string\n warnings?: string[]\n remoteIdentityError?: string\n registration?: {\n encryptionKeyId: string\n fingerprint: string\n }\n envKeyCount?: number\n checks: DoctorCheck[]\n vaults: DoctorVaultStatus[]\n}\n\nfunction getAgentIdFromRegistration(\n registration?: MachineAgentPublicKeyResponse,\n): string | undefined {\n const entryCount = registration?.transparency?.entries.length ?? 0\n if (!registration?.transparency || entryCount === 0) {\n return undefined\n }\n\n return registration.transparency.entries[entryCount - 1]?.agentId\n}\n\nfunction toDetailList(vaults: MachineVaultSummary[]): string {\n if (vaults.length === 0) {\n return '0 visible vaults.'\n }\n\n const visibleNames = vaults.slice(0, 5).map((vault) => vault.name)\n const suffix = vaults.length > visibleNames.length ? ', ...' : ''\n return `${vaults.length} visible vault${vaults.length === 1 ? '' : 's'}: ${visibleNames.join(', ')}${suffix}`\n}\n\nfunction isWrappedKeyMissing(error: unknown): boolean {\n return (\n error instanceof Error &&\n (error.message.includes('[wrapped_key_not_found]') ||\n error.message.includes('No wrapped key found for this agent and vault.'))\n )\n}\n\nexport function doctorHasFailures(report: DoctorReport): boolean {\n return report.checks.some((check) => check.status === 'fail')\n}\n\n/**\n * Run the CLI doctor checks without mutating local config.\n */\nexport async function runDoctorChecks(\n connection: ResolvedConnection,\n): Promise<DoctorReport> {\n const report: DoctorReport = {\n profileName: connection.profileName,\n baseUrl: connection.baseUrl,\n dev: connection.dev,\n projectId: connection.projectId,\n privateKeyPath: connection.privateKeyPath,\n trustStorePath: connection.trustStorePath,\n agentName: connection.profile.agentName,\n checks: [],\n vaults: [],\n }\n\n report.checks.push({\n id: 'base-url',\n label: 'Base URL',\n status: 'pass',\n detail: `${connection.baseUrl}${connection.dev ? ' (dev mode)' : ''}`,\n })\n\n if (!connection.apiKey) {\n report.checks.push({\n id: 'api-key',\n label: 'API Key',\n status: 'fail',\n detail: 'No API key is configured for the active profile.',\n })\n report.checks.push({\n id: 'project-filter',\n label: 'Project Filter',\n status: 'pass',\n detail: connection.projectId\n ? `Filtering to project ${connection.projectId}.`\n : 'No project filter is set.',\n })\n return report\n }\n\n report.checks.push({\n id: 'api-key',\n label: 'API Key',\n status: 'pass',\n detail: `Loaded from ${connection.apiKeySource}.`,\n })\n\n report.checks.push({\n id: 'project-filter',\n label: 'Project Filter',\n status: 'pass',\n detail: connection.projectId\n ? `Filtering vault reads to project ${connection.projectId}.`\n : 'No project filter is set.',\n })\n\n const client = new CliClient(connection.apiKey, connection.baseUrl)\n let machineIdentity: MachineIdentityResponse | undefined\n let registration: MachineAgentPublicKeyResponse | undefined\n\n try {\n machineIdentity = await client.getMachineIdentity()\n report.apiKeyScope = machineIdentity.apiKey.scope\n report.orgId = machineIdentity.org.id\n report.orgName = machineIdentity.org.name ?? undefined\n report.tenantId = machineIdentity.tenant?.id ?? undefined\n report.tenantName = machineIdentity.tenant?.name ?? undefined\n report.agentId = machineIdentity.principal.agentId ?? connection.profile.agentId\n report.agentName = machineIdentity.agent?.name ?? connection.profile.agentName\n report.warnings = machineIdentity.warnings\n\n report.checks.push({\n id: 'machine-identity',\n label: 'Machine Identity',\n status: 'pass',\n detail: `${machineIdentity.apiKey.scope} key in ${machineIdentity.org.name || machineIdentity.org.id}${\n machineIdentity.tenant ? ` / ${machineIdentity.tenant.name || machineIdentity.tenant.id}` : ''\n } with policy \"${machineIdentity.apiKey.summary}\".`,\n })\n } catch (error) {\n report.remoteIdentityError = error instanceof Error ? error.message : String(error)\n report.checks.push({\n id: 'machine-identity',\n label: 'Machine Identity',\n status: 'warn',\n detail: `Could not read /machine/me. ${report.remoteIdentityError}`,\n })\n }\n\n if (!connection.privateKeyPath) {\n report.checks.push({\n id: 'private-key',\n label: 'Private Key',\n status: 'fail',\n detail: 'No local private-key path is configured, so zero-trust checks cannot run.',\n })\n report.checks.push({\n id: 'public-key',\n label: 'Public Key Registration',\n status: 'skip',\n detail: 'Skipped because no local private key is configured.',\n })\n report.checks.push({\n id: 'agent-identity',\n label: 'Agent Identity',\n status: 'skip',\n detail: 'Skipped because public-key registration could not run.',\n })\n } else {\n try {\n const privateKeyPem = loadPrivateKey(connection.privateKeyPath)\n const publicKeyPem = derivePublicKey(privateKeyPem)\n registration = await client.registerAgentPublicKey({ publicKey: publicKeyPem })\n report.agentId =\n report.agentId ??\n getAgentIdFromRegistration(registration) ??\n connection.profile.agentId\n report.registration = {\n encryptionKeyId: registration.encryptionKeyId,\n fingerprint: registration.fingerprint,\n }\n\n report.checks.push({\n id: 'private-key',\n label: 'Private Key',\n status: 'pass',\n detail: `Loaded ${connection.privateKeyPath}.`,\n })\n report.checks.push({\n id: 'public-key',\n label: 'Public Key Registration',\n status: 'pass',\n detail: `Registered encryption key ${registration.encryptionKeyId}.`,\n })\n report.checks.push({\n id: 'agent-identity',\n label: 'Agent Identity',\n status: report.agentId ? 'pass' : 'warn',\n detail: report.agentId\n ? `Agent ${report.agentId}${report.agentName ? ` (${report.agentName})` : ''}.`\n : 'The API returned no agent ID in the current registration proof.',\n })\n } catch (error) {\n report.checks.push({\n id: 'private-key',\n label: 'Private Key',\n status: 'pass',\n detail: `Configured at ${connection.privateKeyPath}.`,\n })\n report.checks.push({\n id: 'public-key',\n label: 'Public Key Registration',\n status: 'fail',\n detail: error instanceof Error ? error.message : String(error),\n })\n report.checks.push({\n id: 'agent-identity',\n label: 'Agent Identity',\n status: 'skip',\n detail: 'Skipped because public-key registration did not succeed.',\n })\n }\n }\n\n let vaults: MachineVaultSummary[] = []\n try {\n const response = await client.listVaults(connection.projectId)\n vaults = response.vaults\n report.checks.push({\n id: 'visible-vaults',\n label: 'Visible Vaults',\n status: 'pass',\n detail: toDetailList(vaults),\n })\n } catch (error) {\n report.checks.push({\n id: 'visible-vaults',\n label: 'Visible Vaults',\n status: 'fail',\n detail: error instanceof Error ? error.message : String(error),\n })\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'skip',\n detail: 'Skipped because visible vaults could not be listed.',\n })\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'skip',\n detail: 'Skipped because visible vaults could not be listed.',\n })\n return report\n }\n\n if (vaults.length === 0) {\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'skip',\n detail: 'No visible vaults means there were no wrapped keys to verify.',\n })\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'skip',\n detail: 'No visible vaults were returned, so no vault trust proof was exercised.',\n })\n return report\n }\n\n let missingWrappedKeys = 0\n let wrappedKeyErrors = 0\n\n for (const vault of vaults) {\n try {\n await client.getAgentWrappedKey(vault.id)\n report.vaults.push({\n id: vault.id,\n name: vault.name,\n itemCount: vault.itemCount,\n wrappedKeyStatus: 'present',\n })\n } catch (error) {\n if (isWrappedKeyMissing(error)) {\n missingWrappedKeys += 1\n report.vaults.push({\n id: vault.id,\n name: vault.name,\n itemCount: vault.itemCount,\n wrappedKeyStatus: 'missing',\n detail: error instanceof Error ? error.message : String(error),\n })\n continue\n }\n\n wrappedKeyErrors += 1\n report.vaults.push({\n id: vault.id,\n name: vault.name,\n itemCount: vault.itemCount,\n wrappedKeyStatus: 'error',\n detail: error instanceof Error ? error.message : String(error),\n })\n }\n }\n\n if (wrappedKeyErrors > 0) {\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'fail',\n detail: `${wrappedKeyErrors} vault read${wrappedKeyErrors === 1 ? '' : 's'} hit an unexpected wrapped-key error.`,\n })\n } else if (missingWrappedKeys > 0) {\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'warn',\n detail: `${missingWrappedKeys} of ${vaults.length} visible vault${vaults.length === 1 ? '' : 's'} do not have wrapped keys for this agent.`,\n })\n } else {\n report.checks.push({\n id: 'wrapped-keys',\n label: 'Wrapped Keys',\n status: 'pass',\n detail: `Wrapped keys are present for all ${vaults.length} visible vault${vaults.length === 1 ? '' : 's'}.`,\n })\n }\n\n if (!connection.privateKeyPath) {\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'fail',\n detail: 'A local private key is required for end-to-end zero-trust verification.',\n })\n return report\n }\n\n try {\n const r4 = await R4.create({\n apiKey: connection.apiKey,\n baseUrl: connection.baseUrl,\n dev: connection.dev,\n projectId: connection.projectId,\n privateKeyPath: connection.privateKeyPath,\n trustStorePath: connection.trustStorePath,\n })\n report.envKeyCount = Object.keys(r4.env).length\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'pass',\n detail: `Verified trust/transparency checks and decrypted ${report.envKeyCount} env key${report.envKeyCount === 1 ? '' : 's'} locally.`,\n })\n } catch (error) {\n report.checks.push({\n id: 'zero-trust',\n label: 'Trust & Decryption',\n status: 'fail',\n detail: error instanceof Error ? error.message : String(error),\n })\n }\n\n return report\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\nimport type { ParsedCredentialBundle } from '../types.js'\n\nfunction normalizeFieldName(fieldName: string): string {\n return fieldName.trim().toLowerCase().replace(/[^a-z0-9]+/g, '')\n}\n\nfunction stripWrappingQuotes(value: string): string {\n const trimmed = value.trim()\n if (\n (trimmed.startsWith('\"') && trimmed.endsWith('\"')) ||\n (trimmed.startsWith(\"'\") && trimmed.endsWith(\"'\"))\n ) {\n return trimmed.slice(1, -1).trim()\n }\n return trimmed\n}\n\nfunction parseBooleanLike(value: string): boolean | undefined {\n const normalized = value.trim().toLowerCase()\n if (['1', 'true', 'yes', 'on', 'dev', 'development'].includes(normalized)) {\n return true\n }\n if (['0', 'false', 'no', 'off', 'prod', 'production'].includes(normalized)) {\n return false\n }\n return undefined\n}\n\nfunction applyField(\n bundle: ParsedCredentialBundle,\n fieldName: string,\n rawValue: string,\n): void {\n const value = stripWrappingQuotes(rawValue)\n if (!value) {\n return\n }\n\n const normalized = normalizeFieldName(fieldName)\n\n if (['apikey', 'r4apikey', 'machineapikey'].includes(normalized)) {\n bundle.apiKey = value\n return\n }\n\n if (['accesskey', 'r4accesskey', 'accesskeyid', 'access', 'keyid'].includes(normalized)) {\n bundle.accessKey = value\n return\n }\n\n if (['secretkey', 'r4secretkey', 'secret', 'accesssecret', 'secretaccesskey'].includes(normalized)) {\n bundle.secretKey = value\n return\n }\n\n if (['baseurl', 'r4baseurl', 'apiurl', 'apibaseurl', 'targetbaseurl', 'url'].includes(normalized)) {\n bundle.baseUrl = value\n return\n }\n\n if (['environment', 'env', 'targetenvironment'].includes(normalized)) {\n const dev = parseBooleanLike(value)\n if (dev !== undefined) {\n bundle.dev = dev\n }\n return\n }\n\n if (['projectid', 'r4projectid', 'project', 'projectscope', 'scopeprojectid'].includes(normalized)) {\n bundle.projectId = value\n return\n }\n\n if (['agentid', 'r4agentid', 'machineid'].includes(normalized)) {\n bundle.agentId = value\n return\n }\n\n if (['agentname', 'r4agentname', 'machinename'].includes(normalized)) {\n bundle.agentName = value\n }\n}\n\nfunction finalizeBundle(bundle: ParsedCredentialBundle): ParsedCredentialBundle {\n if (!bundle.apiKey && bundle.accessKey && bundle.secretKey) {\n bundle.apiKey = `${bundle.accessKey}.${bundle.secretKey}`\n }\n\n return bundle\n}\n\nfunction parseJsonContent(content: string): ParsedCredentialBundle {\n const parsed = JSON.parse(content) as Record<string, unknown>\n const bundle: ParsedCredentialBundle = {}\n\n const sources = [parsed]\n\n for (const key of ['credentials', 'profile']) {\n const nested = parsed[key]\n if (nested && typeof nested === 'object') {\n sources.push(nested as Record<string, unknown>)\n }\n }\n\n for (const source of sources) {\n for (const [key, value] of Object.entries(source)) {\n if (typeof value === 'string') {\n applyField(bundle, key, value)\n } else if (typeof value === 'boolean') {\n applyField(bundle, key, String(value))\n }\n }\n }\n\n return finalizeBundle(bundle)\n}\n\nfunction parseEnvContent(content: string): ParsedCredentialBundle {\n const bundle: ParsedCredentialBundle = {}\n for (const rawLine of content.split(/\\r?\\n/)) {\n const line = rawLine.trim()\n if (!line || line.startsWith('#')) {\n continue\n }\n\n const separatorIndex = line.indexOf('=')\n if (separatorIndex === -1) {\n continue\n }\n\n const key = line.slice(0, separatorIndex).trim()\n const value = line.slice(separatorIndex + 1).trim()\n applyField(bundle, key, value)\n }\n\n return finalizeBundle(bundle)\n}\n\nfunction splitCsvLine(line: string): string[] {\n const cells: string[] = []\n let current = ''\n let inQuotes = false\n\n for (let index = 0; index < line.length; index += 1) {\n const character = line[index]\n\n if (character === '\"') {\n const nextCharacter = line[index + 1]\n if (inQuotes && nextCharacter === '\"') {\n current += '\"'\n index += 1\n } else {\n inQuotes = !inQuotes\n }\n continue\n }\n\n if (character === ',' && !inQuotes) {\n cells.push(current.trim())\n current = ''\n continue\n }\n\n current += character\n }\n\n cells.push(current.trim())\n return cells\n}\n\nfunction parseHeaderlessCsvRow(values: string[]): ParsedCredentialBundle {\n const bundle: ParsedCredentialBundle = {}\n\n if (values.length >= 1) {\n bundle.accessKey = stripWrappingQuotes(values[0] ?? '')\n }\n if (values.length >= 2) {\n bundle.secretKey = stripWrappingQuotes(values[1] ?? '')\n }\n if (values.length >= 3) {\n const thirdValue = stripWrappingQuotes(values[2] ?? '')\n if (thirdValue.startsWith('http://') || thirdValue.startsWith('https://')) {\n bundle.baseUrl = thirdValue\n } else if (thirdValue) {\n bundle.projectId = thirdValue\n }\n }\n if (values.length >= 4) {\n const fourthValue = stripWrappingQuotes(values[3] ?? '')\n if (!bundle.projectId) {\n bundle.projectId = fourthValue\n } else if (!bundle.baseUrl) {\n bundle.baseUrl = fourthValue\n }\n }\n\n return finalizeBundle(bundle)\n}\n\nfunction parseCsvContent(content: string): ParsedCredentialBundle {\n const lines = content\n .split(/\\r?\\n/)\n .map((line) => line.trim())\n .filter((line) => line.length > 0)\n\n if (lines.length === 0) {\n return {}\n }\n\n const firstRow = splitCsvLine(lines[0] ?? '')\n const firstHeaders = firstRow.map(normalizeFieldName)\n const looksLikeHeader = firstHeaders.some((header) =>\n [\n 'apikey',\n 'accesskey',\n 'secretkey',\n 'baseurl',\n 'environment',\n 'projectid',\n 'agentid',\n 'agentname',\n ].includes(header),\n )\n\n if (!looksLikeHeader) {\n return parseHeaderlessCsvRow(firstRow)\n }\n\n const dataRow = lines.slice(1).find((line) => line.trim().length > 0)\n if (!dataRow) {\n return {}\n }\n\n const values = splitCsvLine(dataRow)\n const bundle: ParsedCredentialBundle = {}\n\n for (const [index, header] of firstRow.entries()) {\n applyField(bundle, header, values[index] ?? '')\n }\n\n return finalizeBundle(bundle)\n}\n\nfunction parsePlainTextContent(content: string): ParsedCredentialBundle {\n const trimmed = content.trim()\n if (!trimmed) {\n return {}\n }\n\n if (trimmed.includes('.') && !/\\s/.test(trimmed)) {\n return { apiKey: trimmed }\n }\n\n const commaValues = splitCsvLine(trimmed)\n if (commaValues.length >= 2) {\n return parseHeaderlessCsvRow(commaValues)\n }\n\n return {}\n}\n\n/**\n * Parse a credentials handoff file from disk.\n *\n * Supported formats:\n * - JSON objects\n * - .env / KEY=value files\n * - CSV with or without a header row\n * - Plain text API keys\n */\nexport function parseCredentialsFile(credentialsFilePath: string): ParsedCredentialBundle {\n const resolvedPath = path.resolve(credentialsFilePath)\n const content = fs.readFileSync(resolvedPath, 'utf8')\n const extension = path.extname(resolvedPath).toLowerCase()\n\n if (extension === '.json') {\n return parseJsonContent(content)\n }\n\n if (extension === '.env') {\n return parseEnvContent(content)\n }\n\n if (extension === '.csv') {\n return parseCsvContent(content)\n }\n\n if (content.includes('=') && !content.trim().startsWith('{')) {\n return parseEnvContent(content)\n }\n\n if (content.includes(',') || content.includes('\\n')) {\n const csvBundle = parseCsvContent(content)\n if (csvBundle.apiKey || csvBundle.accessKey || csvBundle.secretKey) {\n return csvBundle\n }\n }\n\n if (content.trim().startsWith('{')) {\n return parseJsonContent(content)\n }\n\n return parsePlainTextContent(content)\n}\n","import type {\n MachineIdentityResponse,\n MachinePrincipalType,\n R4ProfileConfig,\n R4ProfileIdentityCache,\n} from '../types.js'\n\nfunction getPrincipalType(identity: MachineIdentityResponse): MachinePrincipalType {\n if (identity.agent?.id || identity.principal.agentId) {\n return 'AGENT'\n }\n if (identity.principal.orgUserId) {\n return 'ORG_USER'\n }\n if (identity.principal.accountId) {\n return 'ACCOUNT'\n }\n return 'UNKNOWN'\n}\n\n/** Human-friendly principal label for display and cached identity snapshots. */\nexport function getPrincipalLabel(\n identity:\n | Pick<MachineIdentityResponse, 'agent' | 'principal' | 'apiKey'>\n | R4ProfileIdentityCache,\n): string {\n if ('principalLabel' in identity && identity.principalLabel) {\n return identity.principalLabel\n }\n\n if ('agent' in identity) {\n if (identity.agent?.name) {\n return identity.agent.name\n }\n if (identity.principal.agentId) {\n return identity.principal.agentId\n }\n if (identity.principal.orgUserId) {\n return `Org user ${identity.principal.orgUserId}`\n }\n if (identity.principal.accountId) {\n return `Account ${identity.principal.accountId}`\n }\n return identity.apiKey.name\n }\n\n if (identity.principalId) {\n return identity.principalId\n }\n\n return identity.apiKeyName || '(unknown)'\n}\n\n/** Convert a live machine identity response into profile-cached metadata. */\nexport function buildIdentityCache(\n identity: MachineIdentityResponse,\n): R4ProfileIdentityCache {\n const principalType = getPrincipalType(identity)\n const principalId =\n identity.agent?.id ||\n identity.principal.agentId ||\n identity.principal.orgUserId ||\n identity.principal.accountId ||\n undefined\n\n return {\n apiKeyId: identity.apiKey.id,\n apiKeyName: identity.apiKey.name,\n apiKeyScope: identity.apiKey.scope,\n policySummary: identity.apiKey.summary,\n principalType,\n principalId,\n principalLabel: getPrincipalLabel(identity),\n orgId: identity.org.id,\n orgName: identity.org.name || identity.org.id,\n tenantId: identity.tenant?.id,\n tenantName: identity.tenant?.name || identity.tenant?.id,\n contextType: identity.session.contextType,\n contextId: identity.session.contextId,\n lastResolvedAt: new Date().toISOString(),\n }\n}\n\n/** Update a saved profile with the latest live machine identity metadata. */\nexport function applyIdentityToProfile(\n profile: R4ProfileConfig,\n identity: MachineIdentityResponse,\n): R4ProfileConfig {\n const nextProfile: R4ProfileConfig = {\n ...profile,\n identity: buildIdentityCache(identity),\n }\n\n if (identity.agent?.id || identity.principal.agentId) {\n nextProfile.agentId = identity.agent?.id || identity.principal.agentId || undefined\n nextProfile.agentName = identity.agent?.name || nextProfile.agentName\n } else {\n delete nextProfile.agentId\n delete nextProfile.agentName\n }\n\n return nextProfile\n}\n","import {\n getProfileConfig,\n loadConfig,\n saveConfig,\n setCurrentProfile,\n updateProfile,\n} from './config.js'\nimport {\n saveProfileCredentials,\n splitApiKey,\n} from './credentials-store.js'\nimport { applyIdentityToProfile } from './profile-identity.js'\nimport type { MachineIdentityResponse, R4ProfileConfig } from '../types.js'\n\n/**\n * Persist a profile update and keep that profile selected as current.\n */\nexport function saveProfileState(\n profileName: string,\n profile: R4ProfileConfig,\n): R4ProfileConfig {\n const nextProfile = { ...profile }\n const config = loadConfig()\n saveConfig(\n setCurrentProfile(updateProfile(config, profileName, nextProfile), profileName),\n )\n return nextProfile\n}\n\n/**\n * Persist split credentials for a profile when a combined API key is available.\n */\nexport function saveProfileApiKey(profileName: string, apiKey: string): void {\n const parts = splitApiKey(apiKey)\n if (parts) {\n saveProfileCredentials(profileName, parts)\n return\n }\n\n throw new Error('API key format must be {accessKey}.{secret}.')\n}\n\n/**\n * Update the cached identity metadata for a profile after a live machine lookup.\n */\nexport function cacheProfileIdentity(\n profileName: string,\n identity: MachineIdentityResponse,\n): R4ProfileConfig {\n const config = loadConfig()\n const currentProfile = getProfileConfig(config, profileName)\n const nextProfile = applyIdentityToProfile(currentProfile, identity)\n saveConfig(updateProfile(config, profileName, nextProfile))\n return nextProfile\n}\n","import readline from 'node:readline'\nimport { Writable } from 'node:stream'\n\ntype PromptTextOptions = {\n defaultValue?: string\n hidden?: boolean\n required?: boolean\n}\n\ntype PromptChoiceOption<T extends string> = {\n label: string\n value: T\n description?: string\n}\n\nclass MutableOutput extends Writable {\n muted = false\n\n _write(chunk: Buffer | string, _encoding: BufferEncoding, callback: () => void): void {\n if (!this.muted) {\n process.stdout.write(chunk)\n }\n callback()\n }\n}\n\n/** Ask a free-form terminal question. */\nexport async function promptText(\n question: string,\n options: PromptTextOptions = {},\n): Promise<string> {\n const output = new MutableOutput()\n const promptSuffix = options.defaultValue ? ` [${options.defaultValue}]` : ''\n const label = `${question}${promptSuffix}: `\n\n return new Promise((resolve) => {\n const rl = readline.createInterface({\n input: process.stdin,\n output,\n terminal: true,\n })\n\n const handleAnswer = (rawAnswer: string) => {\n const answer = rawAnswer.trim() || options.defaultValue || ''\n if (options.required !== false && !answer) {\n rl.close()\n void promptText(question, options).then(resolve)\n return\n }\n\n rl.close()\n resolve(answer)\n }\n\n if (options.hidden) {\n process.stdout.write(label)\n output.muted = true\n rl.question('', (answer) => {\n output.muted = false\n process.stdout.write('\\n')\n handleAnswer(answer)\n })\n return\n }\n\n rl.question(label, handleAnswer)\n })\n}\n\n/** Ask a yes/no terminal question with a default answer. */\nexport async function promptYesNo(\n question: string,\n defaultValue: boolean,\n): Promise<boolean> {\n const defaultLabel = defaultValue ? 'Y/n' : 'y/N'\n const answer = (\n await promptText(`${question} (${defaultLabel})`, {\n defaultValue: defaultValue ? 'y' : 'n',\n })\n )\n .trim()\n .toLowerCase()\n\n return ['y', 'yes'].includes(answer)\n}\n\n/** Ask the user to select one of a small set of options. */\nexport async function promptChoice<T extends string>(\n question: string,\n options: PromptChoiceOption<T>[],\n defaultValue?: T,\n): Promise<T> {\n console.log()\n console.log(` ${question}`)\n options.forEach((option, index) => {\n const detail = option.description ? ` ${option.description}` : ''\n console.log(` ${index + 1}. ${option.label}${detail}`)\n })\n\n const defaultIndex =\n defaultValue !== undefined\n ? Math.max(\n options.findIndex((option) => option.value === defaultValue),\n 0,\n ) + 1\n : 1\n\n while (true) {\n const answer = await promptText('Select an option', {\n defaultValue: String(defaultIndex),\n })\n const numericIndex = Number.parseInt(answer, 10)\n const selectedByNumber =\n Number.isInteger(numericIndex) && numericIndex >= 1 && numericIndex <= options.length\n ? options[numericIndex - 1]\n : undefined\n if (selectedByNumber) {\n return selectedByNumber.value\n }\n\n const selectedByValue = options.find((option) => option.value === answer)\n if (selectedByValue) {\n return selectedByValue.value\n }\n }\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 agent list` renders visible agents with budget and readiness metadata. */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List visible agents')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching agents...').start()\n const response = await client.listAgents()\n spinner.stop()\n\n const rows = response.agents.map((agent) => [\n agent.id,\n agent.name,\n agent.tenantName,\n agent.domainName,\n agent.budgetId || '-',\n agent.isPublicKeyRegistered ? 'Yes' : 'No',\n agent.securityGroups.map((group) => group.name).join(', ') || '-',\n ])\n\n console.log()\n printTable(\n ['ID', 'Name', 'Tenant', 'Domain', 'Budget', 'Key Ready', 'Security Groups'],\n rows,\n !!globalOpts.json,\n response.agents,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 agent set-tenant-roles <id>` replaces the explicit tenant roles on an agent. */\nexport function setTenantRolesCommand(): Command {\n return new Command('set-tenant-roles')\n .description('Replace the explicit tenant roles on an agent')\n .argument('<id>', 'Agent ID')\n .option(\n '--role <role>',\n 'Tenant role (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .option('--clear', 'Remove all explicit tenant roles')\n .action(\n withErrorHandler(\n async (\n id: string,\n options: { role: string[]; clear?: boolean },\n cmd: Command,\n ) => {\n if (!options.clear && options.role.length === 0) {\n throw new Error('Provide at least one --role or use --clear.')\n }\n\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Updating agent tenant roles...').start()\n await client.updateAgentTenantRoles(id, {\n roles: options.clear ? [] : options.role,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ id, roles: options.clear ? [] : options.role }, null, 2))\n return\n }\n\n success(`Updated tenant roles for agent ${id}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions, UpdateAgentRequest } from '../../types.js'\n\nfunction buildUpdateAgentBody(options: {\n name?: string\n budgetId?: string\n clearBudget?: boolean\n securityGroupId: string[]\n clearSecurityGroups?: boolean\n}): UpdateAgentRequest {\n if (options.clearBudget && options.budgetId) {\n throw new Error('Use either --budget-id or --clear-budget, not both.')\n }\n\n if (options.clearSecurityGroups && options.securityGroupId.length > 0) {\n throw new Error('Use either --security-group-id or --clear-security-groups, not both.')\n }\n\n const body: UpdateAgentRequest = {}\n\n if (options.name) {\n body.name = options.name\n }\n\n if (options.clearBudget) {\n body.budgetId = null\n } else if (options.budgetId) {\n body.budgetId = options.budgetId\n }\n\n if (options.clearSecurityGroups) {\n body.securityGroupIds = []\n } else if (options.securityGroupId.length > 0) {\n body.securityGroupIds = options.securityGroupId\n }\n\n if (Object.keys(body).length === 0) {\n throw new Error('No update fields provided.')\n }\n\n return body\n}\n\n/** `r4 agent update <id>` patches mutable agent metadata. */\nexport function updateCommand(): Command {\n return new Command('update')\n .description('Update an existing agent')\n .argument('<id>', 'Agent ID')\n .option('--name <name>', 'New agent name')\n .option('--budget-id <id>', 'Budget ID to assign')\n .option('--clear-budget', 'Remove the assigned budget')\n .option(\n '--security-group-id <id>',\n 'Security group IDs (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .option('--clear-security-groups', 'Remove all security-group memberships')\n .action(\n withErrorHandler(\n async (\n id: string,\n options: {\n name?: string\n budgetId?: string\n clearBudget?: boolean\n securityGroupId: string[]\n clearSecurityGroups?: boolean\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const body = buildUpdateAgentBody(options)\n\n const spinner = ora('Updating agent...').start()\n await client.updateAgent(id, body)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ id, updated: true }, null, 2))\n return\n }\n\n success(`Updated agent ${id}`)\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { createCommand } from './create.js'\nimport { getCommand } from './get.js'\nimport { getTenantRolesCommand } from './get-tenant-roles.js'\nimport { initCommand } from './init.js'\nimport { listCommand } from './list.js'\nimport { setTenantRolesCommand } from './set-tenant-roles.js'\nimport { updateCommand } from './update.js'\n\n/** Register agent bootstrap commands on the CLI program. */\nexport function registerAgentCommands(program: Command): void {\n const agent = program.command('agent').description('Bootstrap and manage local agent runtime setup')\n\n agent.addCommand(listCommand())\n agent.addCommand(getCommand())\n agent.addCommand(createCommand())\n agent.addCommand(updateCommand())\n agent.addCommand(getTenantRolesCommand())\n agent.addCommand(setTenantRolesCommand())\n agent.addCommand(initCommand())\n}\n","import { doctorCommand } from '../doctor.js'\n\n/** `r4 auth diagnose` — alias for the root doctor command. */\nexport function diagnoseCommand() {\n return doctorCommand(\n 'diagnose',\n 'Verify auth, public-key registration, vault access, and zero-trust health',\n )\n}\n","import { Command } from 'commander'\nimport {\n getConfigPath,\n getProfileConfig,\n getSelectedProfileName,\n loadConfig,\n} from '../../lib/config.js'\nimport { parseCredentialsFile } from '../../lib/credentials-file.js'\nimport {\n buildApiKeyFromParts,\n loadProfileCredentials,\n} from '../../lib/credentials-store.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success, warn } from '../../lib/output.js'\nimport { saveProfileApiKey, saveProfileState } from '../../lib/profile-manager.js'\nimport { promptText } from '../../lib/prompt.js'\nimport { applyGlobalRuntimeOptionsToProfile } from '../../lib/runtime-config.js'\nimport type { GlobalOptions, ParsedCredentialBundle, R4ProfileConfig } from '../../types.js'\n\nfunction applyCredentialBundleToProfile(\n profile: R4ProfileConfig,\n bundle: ParsedCredentialBundle,\n globalOpts: GlobalOptions,\n): R4ProfileConfig {\n let nextProfile = { ...profile }\n\n if (!globalOpts.baseUrl && globalOpts.dev !== true) {\n if (bundle.baseUrl) {\n nextProfile.baseUrl = bundle.baseUrl\n delete nextProfile.dev\n } else if (bundle.dev === true) {\n nextProfile.dev = true\n delete nextProfile.baseUrl\n } else if (bundle.dev === false) {\n delete nextProfile.dev\n }\n }\n\n if (!globalOpts.projectId && bundle.projectId) {\n nextProfile.projectId = bundle.projectId\n }\n\n if (bundle.agentId) {\n nextProfile.agentId = bundle.agentId\n }\n\n if (bundle.agentName) {\n nextProfile.agentName = bundle.agentName\n }\n\n return applyGlobalRuntimeOptionsToProfile(nextProfile, globalOpts)\n}\n\n/** `r4 auth login` — save auth/runtime settings to a named CLI profile. */\nexport function loginCommand(): Command {\n return new Command('login')\n .description('Save your API key and runtime settings to the active CLI profile')\n .option(\n '--credentials-file <path>',\n 'Read credentials from a CSV, .env, JSON, or plain-text handoff file',\n )\n .addHelpText(\n 'after',\n `\nFirst run:\n r4 agent init --credentials-file ./agent-creds.csv --dev\n\nThat bootstrap flow can read the credentials bundle, generate a local RSA key if\nneeded, register the public key with the machine API, save the profile, and run\n\\`r4 doctor\\`.\n\nManual save-only flow:\n r4 auth login --profile loom-dev --credentials-file ./agent-creds.csv --dev\n r4 doctor --profile loom-dev\n`,\n )\n .action(\n withErrorHandler(\n async (\n opts: {\n credentialsFile?: string\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const profileName = getSelectedProfileName(\n config,\n globalOpts.profile,\n process.env.R4_PROFILE,\n )\n const existingProfile = getProfileConfig(config, profileName)\n const bundle = opts.credentialsFile\n ? parseCredentialsFile(opts.credentialsFile)\n : {}\n const storedCredentials = loadProfileCredentials(profileName)\n\n let apiKey =\n globalOpts.apiKey ||\n process.env.R4_API_KEY ||\n buildApiKeyFromParts(\n process.env.R4_ACCESS_KEY,\n process.env.R4_SECRET_KEY,\n ) ||\n bundle.apiKey ||\n buildApiKeyFromParts(\n storedCredentials?.accessKey,\n storedCredentials?.secretKey,\n )\n\n if (!apiKey) {\n apiKey = await promptText('Enter your R4 API key', {\n hidden: true,\n })\n }\n\n if (!apiKey) {\n throw new Error('No API key provided.')\n }\n\n if (!apiKey.includes('.')) {\n warn('API key format is usually {accessKey}.{secret}')\n }\n\n if (globalOpts.baseUrl && globalOpts.dev) {\n warn('--base-url takes precedence over --dev and will be saved as the active runtime URL.')\n }\n\n const nextProfile = applyCredentialBundleToProfile(\n existingProfile,\n bundle,\n globalOpts,\n )\n\n saveProfileApiKey(profileName, apiKey)\n saveProfileState(profileName, nextProfile)\n success(`Saved profile \"${profileName}\" to ${getConfigPath()}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport {\n clearManagedProfileDirectory,\n clearConfig,\n getConfigPath,\n getProfileNames,\n getSelectedProfileName,\n loadConfig,\n removeProfile,\n saveConfig,\n} from '../../lib/config.js'\nimport { clearProfileCredentials } from '../../lib/credentials-store.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 auth logout` — remove saved credentials from the active profile. */\nexport function logoutCommand(): Command {\n return new Command('logout')\n .description('Remove saved credentials from the active profile')\n .option('--all', 'Remove every saved profile and delete the config file')\n .action(\n withErrorHandler(async (opts: { all?: boolean }, cmd: Command) => {\n if (opts.all) {\n const config = loadConfig()\n for (const profileName of getProfileNames(config)) {\n clearProfileCredentials(profileName)\n clearManagedProfileDirectory(profileName)\n }\n clearConfig()\n success(`Removed all saved profiles from ${getConfigPath()}`)\n return\n }\n\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const profileName = getSelectedProfileName(\n config,\n globalOpts.profile,\n process.env.R4_PROFILE,\n )\n\n if (!config.profiles[profileName]) {\n throw new Error(`Profile \"${profileName}\" does not exist.`)\n }\n\n if (Object.keys(config.profiles).length === 1) {\n clearConfig()\n } else {\n const nextConfig = removeProfile(config, profileName)\n saveConfig(nextConfig)\n }\n clearProfileCredentials(profileName)\n clearManagedProfileDirectory(profileName)\n\n success(`Removed profile \"${profileName}\" from ${getConfigPath()}`)\n }),\n )\n}\n","import { Command } from 'commander'\nimport { getProfileCredentialsPath } from '../../lib/profile-paths.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { warn, success } from '../../lib/output.js'\nimport { getDefaultPrivateKeyPath } from '../../lib/private-key.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { registerAgentProfile } from '../../lib/register-agent.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 auth register-agent` bootstraps a public agent directly into a CLI profile. */\nexport function registerAgentCommand(): Command {\n return new Command('register-agent')\n .description('Register a brand-new public agent and save it to the selected CLI profile')\n .requiredOption('--name <name>', 'Agent name to register')\n .option('--org-name <name>', 'Organization name to create alongside the agent')\n .option(\n '--permission <grant>',\n 'Optional machine permission grant (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .action(\n withErrorHandler(\n async (\n options: {\n name: string\n orgName?: string\n permission: string[]\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts)\n const privateKeyPath =\n connection.privateKeyPath || getDefaultPrivateKeyPath(connection.profileName)\n const result = await registerAgentProfile({\n profileName: connection.profileName,\n profile: connection.profile,\n agentName: options.name,\n orgName: options.orgName,\n baseUrl: connection.baseUrl,\n privateKeyPath,\n runtimeOptions: {\n baseUrl: globalOpts.baseUrl,\n dev: globalOpts.dev,\n projectId: globalOpts.projectId,\n },\n permissionGrants: options.permission.length > 0 ? options.permission : undefined,\n })\n\n if (globalOpts.json) {\n console.log(\n JSON.stringify(\n {\n ...result.registration,\n profileName: connection.profileName,\n privateKeyPath: result.privateKeyPath,\n trustStorePath: result.trustStorePath,\n },\n null,\n 2,\n ),\n )\n return\n }\n\n success(\n `Registered agent \"${options.name}\" into profile \"${connection.profileName}\"`,\n )\n success(`Credentials: ${getProfileCredentialsPath(connection.profileName)}`)\n success(`Private key: ${result.privateKeyPath}`)\n success(`Trust store: ${result.trustStorePath}`)\n\n if (result.createdPrivateKey) {\n success('Generated a new managed private key for this profile')\n }\n\n if (result.identityError) {\n warn(`Saved the profile, but the live identity check failed: ${result.identityError}`)\n }\n },\n ),\n )\n}\n","import crypto from 'node:crypto'\n\ntype AgentChallengeResponse = {\n nonce: string\n task: string\n signature: string\n expiresAt: number\n}\n\ntype RegisterAgentBody = {\n name: string\n orgName?: string\n nonce: string\n answer: string\n signature: string\n expiresAt: number\n publicKey?: string\n permissionGrants?: string[]\n}\n\nexport type RegisterAgentResponse = {\n agentId: string\n orgId: string\n tenantId: string\n domainId: string\n domainTenantId: string\n domain: string\n apiKey: string\n accessKey: string\n accessSecret: string\n permissionGrants: string[]\n effectivePermissions: string[]\n initialPublicKeyRegistered: boolean\n encryptionKeyId: string | null\n}\n\n/**\n * Thin client for unauthenticated auth bootstrap flows used by `r4 configure`.\n */\nexport class PublicAuthClient {\n private readonly baseUrl: string\n\n constructor(baseUrl: string) {\n this.baseUrl = baseUrl.replace(/\\/$/, '')\n }\n\n private async request<T>(path: string, body?: unknown): Promise<T> {\n const response = await fetch(`${this.baseUrl}${path}`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'X-Requested-With': 'R4Client',\n },\n body: body ? JSON.stringify(body) : undefined,\n })\n\n if (!response.ok) {\n const errorBody = (await response.json().catch(() => ({}))) as Record<string, unknown>\n const error = errorBody?.error as Record<string, unknown> | undefined\n const errorMessage = error?.message || `HTTP ${response.status}: ${response.statusText}`\n throw new Error(String(errorMessage))\n }\n\n return response.json() as Promise<T>\n }\n\n /** Fetch the current agent bootstrap challenge. */\n async getAgentChallenge(): Promise<AgentChallengeResponse> {\n return this.request<AgentChallengeResponse>('/api/v1/auth/auth/agent-challenge')\n }\n\n /** Register a new agent-only runtime and receive its first machine credentials. */\n async registerAgent(body: RegisterAgentBody): Promise<RegisterAgentResponse> {\n return this.request<RegisterAgentResponse>('/api/v1/auth/auth/register-agent', body)\n }\n}\n\n/** Solve the auth bootstrap proof-of-work challenge expected by the auth API. */\nexport function solveAgentChallenge(nonce: string): string {\n return crypto.createHash('sha256').update(nonce).digest('hex')\n}\n","import { CliClient } from './client.js'\nimport { saveProfileCredentials } from './credentials-store.js'\nimport { cacheProfileIdentity, saveProfileState } from './profile-manager.js'\nimport { PublicAuthClient, solveAgentChallenge } from './public-auth-client.js'\nimport { derivePublicKey, ensurePrivateKey } from './private-key.js'\nimport { getManagedTrustStorePath } from './profile-paths.js'\nimport { applyGlobalRuntimeOptionsToProfile } from './runtime-config.js'\nimport type { GlobalOptions, R4ProfileConfig, RegisterAgentResponse } from '../types.js'\n\nexport interface RegisterAgentProfileParams {\n profileName: string\n profile: R4ProfileConfig\n agentName: string\n orgName?: string\n baseUrl: string\n privateKeyPath: string\n runtimeOptions: Pick<GlobalOptions, 'baseUrl' | 'dev' | 'projectId'>\n permissionGrants?: string[]\n}\n\nexport interface RegisterAgentProfileResult {\n registration: RegisterAgentResponse\n privateKeyPath: string\n trustStorePath: string\n createdPrivateKey: boolean\n identityError?: string\n}\n\n/**\n * Bootstrap a brand-new public agent registration into a managed CLI profile.\n *\n * Logic steps:\n * 1. Ensure the local profile key exists and derive the matching public key.\n * 2. Solve the public bootstrap challenge and request the initial AGENT API key.\n * 3. Persist the split credentials plus non-secret profile metadata.\n * 4. Best-effort cache the resolved machine identity for later profile inspection.\n */\nexport async function registerAgentProfile(\n params: RegisterAgentProfileParams,\n): Promise<RegisterAgentProfileResult> {\n const privateKey = ensurePrivateKey(params.privateKeyPath)\n const trustStorePath = getManagedTrustStorePath(params.profileName)\n const authClient = new PublicAuthClient(params.baseUrl)\n const challenge = await authClient.getAgentChallenge()\n const registration = await authClient.registerAgent({\n name: params.agentName,\n orgName: params.orgName || params.agentName,\n nonce: challenge.nonce,\n answer: solveAgentChallenge(challenge.nonce),\n signature: challenge.signature,\n expiresAt: challenge.expiresAt,\n publicKey: derivePublicKey(privateKey.privateKeyPem),\n permissionGrants: params.permissionGrants,\n })\n\n saveProfileCredentials(params.profileName, {\n accessKey: registration.accessKey,\n secretKey: registration.accessSecret,\n })\n\n saveProfileState(\n params.profileName,\n applyGlobalRuntimeOptionsToProfile(\n {\n ...params.profile,\n privateKeyPath: params.privateKeyPath,\n trustStorePath,\n agentId: registration.agentId,\n agentName: params.agentName,\n },\n params.runtimeOptions,\n ),\n )\n\n let identityError: string | undefined\n\n try {\n const identity = await new CliClient(registration.apiKey, params.baseUrl).getMachineIdentity()\n cacheProfileIdentity(params.profileName, identity)\n } catch (error) {\n identityError = error instanceof Error ? error.message : String(error)\n }\n\n return {\n registration,\n privateKeyPath: params.privateKeyPath,\n trustStorePath,\n createdPrivateKey: privateKey.created,\n identityError,\n }\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport { getConfigPath } from '../../lib/config.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { getProfileCredentialsPath } from '../../lib/profile-paths.js'\nimport type { GlobalOptions } from '../../types.js'\n\nfunction maskKey(key: string): string {\n if (key.length <= 8) {\n return key\n }\n return `${key.substring(0, 8)}...`\n}\n\n/** `r4 auth status` — show the currently resolved auth state. */\nexport function statusCommand(): Command {\n return new Command('status')\n .description('Show current authentication and profile status')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts)\n\n if (globalOpts.json) {\n console.log(\n JSON.stringify(\n {\n authenticated: Boolean(connection.apiKey),\n profile: connection.profileName,\n source: connection.apiKeySource,\n apiKey: connection.apiKey ? maskKey(connection.apiKey) : null,\n credentialsPath: getProfileCredentialsPath(connection.profileName),\n agentId: connection.profile.agentId || null,\n agentName: connection.profile.agentName || null,\n cachedIdentity: connection.profile.identity || null,\n baseUrl: connection.baseUrl,\n devMode: connection.dev,\n projectId: connection.projectId || null,\n privateKeyPath: connection.privateKeyPath || null,\n trustStorePath: connection.trustStorePath || null,\n configPath: getConfigPath(),\n },\n null,\n 2,\n ),\n )\n return\n }\n\n console.log()\n\n if (!connection.apiKey) {\n console.log(chalk.bold(' Not authenticated'))\n console.log()\n console.log(` Active profile: ${chalk.cyan(connection.profileName)}`)\n console.log(\n ' Run ' +\n chalk.cyan('r4 configure') +\n ', ' +\n chalk.cyan('r4 auth login') +\n ', or ' +\n chalk.cyan('r4 agent init') +\n ' to save credentials.',\n )\n console.log()\n return\n }\n\n console.log(chalk.bold(' Authenticated'))\n console.log()\n printDetail(\n [\n ['Profile', connection.profileName],\n ['Source', connection.apiKeySource],\n ['Credentials File', getProfileCredentialsPath(connection.profileName)],\n ['API Key', maskKey(connection.apiKey)],\n [\n 'Principal',\n connection.profile.identity?.principalLabel ||\n connection.profile.agentName ||\n connection.profile.agentId ||\n chalk.dim('(unknown)'),\n ],\n [\n 'Scope',\n connection.profile.identity?.apiKeyScope || chalk.dim('(not cached yet)'),\n ],\n ['Mode', connection.dev ? 'dev' : 'prod'],\n ['Base URL', connection.baseUrl],\n ['Project ID', connection.projectId || chalk.dim('(not set)')],\n ['Private Key', connection.privateKeyPath || chalk.dim('(not set)')],\n ['Trust Store', connection.trustStorePath || chalk.dim('(not set)')],\n ['Config File', getConfigPath()],\n ],\n false,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport { renderProfileReport } from '../profile/show.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { collectProfileReport } from '../../lib/profile-report.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 auth whoami` — show the currently selected profile identity. */\nexport function whoamiCommand(): Command {\n return new Command('whoami')\n .description('Show the current profile, agent identity, and runtime target')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const report = await collectProfileReport(globalOpts)\n renderProfileReport(\n report,\n !!globalOpts.json,\n report.authenticated ? ' Current Identity' : ' Current Profile',\n )\n }),\n )\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport {\n collectProfileReport,\n getReportPrincipalLabel,\n type ProfileReport,\n} from '../../lib/profile-report.js'\nimport type { GlobalOptions } from '../../types.js'\n\nfunction buildJsonPayload(report: ProfileReport): Record<string, unknown> {\n return {\n authenticated: report.authenticated,\n profile: report.profileName,\n credentialSource: report.credentialSource,\n credentialsPath: report.credentialsPath,\n baseUrl: report.baseUrl,\n devMode: report.devMode,\n projectId: report.projectId,\n privateKeyPath: report.privateKeyPath,\n privateKeySource: report.privateKeySource,\n trustStorePath: report.trustStorePath,\n trustStoreSource: report.trustStoreSource,\n profileDir: report.profileDir,\n configPath: report.configPath,\n liveIdentity: report.liveIdentity,\n cachedIdentity: report.cachedIdentity ?? null,\n remoteIdentityError: report.remoteIdentityError,\n }\n}\n\nexport function renderProfileReport(\n report: ProfileReport,\n jsonMode: boolean,\n heading = ' Current Profile',\n): void {\n const liveIdentity = report.liveIdentity\n const cachedIdentity = report.cachedIdentity\n const scope = liveIdentity?.apiKey.scope || cachedIdentity?.apiKeyScope || chalk.dim('(unknown)')\n const apiKeyName =\n liveIdentity?.apiKey.name || cachedIdentity?.apiKeyName || chalk.dim('(unknown)')\n const principalType =\n liveIdentity\n ? liveIdentity.agent?.id || liveIdentity.principal.agentId\n ? 'AGENT'\n : liveIdentity.principal.orgUserId\n ? 'ORG_USER'\n : liveIdentity.principal.accountId\n ? 'ACCOUNT'\n : 'UNKNOWN'\n : cachedIdentity?.principalType || chalk.dim('(unknown)')\n const orgLabel =\n liveIdentity?.org.name ||\n liveIdentity?.org.id ||\n cachedIdentity?.orgName ||\n cachedIdentity?.orgId ||\n chalk.dim('(unknown)')\n const tenantLabel =\n liveIdentity?.tenant?.name ||\n liveIdentity?.tenant?.id ||\n cachedIdentity?.tenantName ||\n cachedIdentity?.tenantId ||\n chalk.dim('(not bound)')\n const contextType =\n liveIdentity?.session.contextType || cachedIdentity?.contextType || chalk.dim('(unknown)')\n const policy =\n liveIdentity?.apiKey.summary || cachedIdentity?.policySummary || chalk.dim('(unknown)')\n const identitySource = liveIdentity\n ? 'live'\n : cachedIdentity\n ? 'cached'\n : 'none'\n\n console.log()\n console.log(chalk.bold(heading))\n console.log()\n printDetail(\n [\n ['Profile', report.profileName],\n ['Authenticated', report.authenticated ? 'yes' : 'no'],\n ['Credential Source', report.credentialSource],\n ['Credentials File', report.credentialsPath],\n ['API Key Name', apiKeyName],\n ['API Key Scope', scope],\n ['Principal Type', principalType],\n ['Principal', getReportPrincipalLabel(report) || chalk.dim('(unknown)')],\n ['Organization', orgLabel],\n ['Tenant', tenantLabel],\n ['Session Context', contextType],\n ['Policy', policy],\n ['Identity Source', identitySource],\n ['Base URL', report.baseUrl],\n ['Mode', report.devMode ? 'dev' : 'prod'],\n ['Project ID', report.projectId || chalk.dim('(not set)')],\n ['Private Key', report.privateKeyPath || chalk.dim('(not set)')],\n ['Trust Store', report.trustStorePath || chalk.dim('(not set)')],\n ['Profile Dir', report.profileDir],\n ['Config File', report.configPath],\n ['Remote Identity', report.remoteIdentityError || 'ok'],\n ],\n jsonMode,\n buildJsonPayload(report),\n )\n console.log()\n}\n\n/** `r4 profile show` — show the active profile, identity, and managed paths. */\nexport function showCommand(): Command {\n return new Command('show')\n .alias('info')\n .description('Show the current profile, identity, and managed storage paths')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const report = await collectProfileReport(globalOpts)\n renderProfileReport(report, !!globalOpts.json)\n }),\n )\n}\n","import { getConfigPath, getManagedProfileDir } from './config.js'\nimport { getProfileCredentialsPath } from './profile-paths.js'\nimport { CliClient } from './client.js'\nimport { cacheProfileIdentity } from './profile-manager.js'\nimport { resolveConnection } from './resolve-auth.js'\nimport { getPrincipalLabel } from './profile-identity.js'\nimport type {\n GlobalOptions,\n MachineIdentityResponse,\n R4ProfileIdentityCache,\n} from '../types.js'\n\nexport interface ProfileReport {\n authenticated: boolean\n profileName: string\n credentialSource: string\n credentialsPath: string\n baseUrl: string\n devMode: boolean\n projectId: string | null\n privateKeyPath: string | null\n privateKeySource: string | null\n trustStorePath: string | null\n trustStoreSource: string | null\n configPath: string\n profileDir: string\n liveIdentity: MachineIdentityResponse | null\n cachedIdentity: R4ProfileIdentityCache | undefined\n remoteIdentityError: string | null\n}\n\n/** Gather local profile state plus an optional live machine identity lookup. */\nexport async function collectProfileReport(\n globalOpts: GlobalOptions,\n): Promise<ProfileReport> {\n const connection = resolveConnection(globalOpts)\n let liveIdentity: MachineIdentityResponse | null = null\n let remoteIdentityError: string | null = null\n let cachedIdentity = connection.profile.identity\n\n if (connection.apiKey) {\n try {\n liveIdentity = await new CliClient(\n connection.apiKey,\n connection.baseUrl,\n ).getMachineIdentity()\n cachedIdentity = cacheProfileIdentity(connection.profileName, liveIdentity).identity\n } catch (error) {\n remoteIdentityError = error instanceof Error ? error.message : String(error)\n }\n }\n\n return {\n authenticated: Boolean(connection.apiKey),\n profileName: connection.profileName,\n credentialSource: connection.apiKeySource,\n credentialsPath: getProfileCredentialsPath(connection.profileName),\n baseUrl: connection.baseUrl,\n devMode: connection.dev,\n projectId: connection.projectId || null,\n privateKeyPath: connection.privateKeyPath || null,\n privateKeySource: connection.privateKeySource,\n trustStorePath: connection.trustStorePath || null,\n trustStoreSource: connection.trustStoreSource,\n configPath: getConfigPath(),\n profileDir: getManagedProfileDir(connection.profileName),\n liveIdentity,\n cachedIdentity,\n remoteIdentityError,\n }\n}\n\n/** Best available principal label from live or cached identity data. */\nexport function getReportPrincipalLabel(report: ProfileReport): string | null {\n if (report.liveIdentity) {\n return getPrincipalLabel(report.liveIdentity)\n }\n if (report.cachedIdentity) {\n return getPrincipalLabel(report.cachedIdentity)\n }\n return null\n}\n","import type { Command } from 'commander'\nimport { diagnoseCommand } from './diagnose.js'\nimport { loginCommand } from './login.js'\nimport { logoutCommand } from './logout.js'\nimport { registerAgentCommand } from './register-agent.js'\nimport { statusCommand } from './status.js'\nimport { whoamiCommand } from './whoami.js'\n\n/** Register auth subcommands on the CLI program */\nexport function registerAuthCommands(program: Command): void {\n const auth = program.command('auth').description('Manage API key authentication')\n\n auth.addCommand(loginCommand())\n auth.addCommand(logoutCommand())\n auth.addCommand(registerAgentCommand())\n auth.addCommand(statusCommand())\n auth.addCommand(whoamiCommand())\n auth.addCommand(diagnoseCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 billing readiness` reads whether the org is ready for paid operations. */\nexport function readinessCommand(): Command {\n return new Command('readiness')\n .description('Show billing readiness for paid operations')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Checking billing readiness...').start()\n const readiness = await client.getBillingReadiness()\n spinner.stop()\n\n printDetail(\n [\n ['Has Verified Domain', readiness.hasVerifiedDomain ? 'Yes' : 'No'],\n ['Has Credit', readiness.hasCredit ? 'Yes' : 'No'],\n ['Ready', readiness.ready ? 'Yes' : 'No'],\n ],\n !!globalOpts.json,\n readiness,\n )\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { readinessCommand } from './readiness.js'\n\n/** Register billing subcommands on the CLI program. */\nexport function registerBillingCommands(program: Command): void {\n const billing = program.command('billing').description('Inspect billing readiness')\n\n billing.addCommand(readinessCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { CreateBudgetRequest, GlobalOptions } from '../../types.js'\n\nfunction parseBudgetBody(options: { body?: string; bodyFile?: string }): CreateBudgetRequest {\n const parsed = parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n })\n\n if (!parsed || Array.isArray(parsed) || typeof parsed !== 'object') {\n throw new Error('Provide a budget request object with --body or --body-file.')\n }\n\n return parsed as CreateBudgetRequest\n}\n\n/** `r4 budget create` creates a budget from a JSON payload. */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a budget from a JSON payload')\n .option('--body <json>', 'Inline budget create JSON')\n .option('--body-file <path>', 'Read the budget create JSON from a file')\n .action(\n withErrorHandler(\n async (\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const body = parseBudgetBody(options)\n\n const spinner = ora('Creating budget...').start()\n await client.createBudget(body)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ created: true, name: body.name }, null, 2))\n return\n }\n\n success(`Created budget \"${body.name}\"`)\n },\n ),\n )\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\nimport type { JsonValue } from '../types.js'\n\n/**\n * Parse JSON from an inline CLI flag or a file path, with source-aware errors.\n */\nexport function parseJsonInput(params: {\n body?: string\n bodyFile?: string\n bodyFlagName?: string\n bodyFileFlagName?: string\n}): JsonValue | undefined {\n const bodyFlagName = params.bodyFlagName ?? '--body'\n const bodyFileFlagName = params.bodyFileFlagName ?? '--body-file'\n\n if (params.body && params.bodyFile) {\n throw new Error(`Use either ${bodyFlagName} or ${bodyFileFlagName}, not both.`)\n }\n\n if (!params.body && !params.bodyFile) {\n return undefined\n }\n\n const rawInput = params.bodyFile\n ? fs.readFileSync(path.resolve(params.bodyFile), 'utf8')\n : params.body!\n const sourceLabel = params.bodyFile\n ? `${bodyFileFlagName} ${params.bodyFile}`\n : bodyFlagName\n\n try {\n return JSON.parse(rawInput) as JsonValue\n } catch (error) {\n throw new Error(\n `Failed to parse ${sourceLabel} as JSON. ${\n error instanceof Error ? error.message : String(error)\n }`,\n )\n }\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { BudgetSummary, GlobalOptions } from '../../types.js'\n\nfunction formatBudgetWindow(budget: BudgetSummary): string {\n const start = new Date(budget.startDate).toISOString().slice(0, 10)\n const end = new Date(budget.endDate).toISOString().slice(0, 10)\n return `${start} -> ${end}`\n}\n\nfunction formatBudgetSubject(budget: BudgetSummary): string {\n switch (budget.subjectType) {\n case 'TENANT':\n return `TENANT:${budget.tenantSubjectId ?? '-'}`\n case 'USER':\n return `USER:${budget.userSubjectId ?? '-'}`\n case 'AGENT':\n return `AGENT:${budget.agentSubjectId ?? '-'}`\n default:\n return 'ORG'\n }\n}\n\n/** `r4 budget list` shows visible budgets and their active windows. */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List visible budgets and their active windows')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching budgets...').start()\n const budgets = await client.listBudgets()\n spinner.stop()\n\n const rows = budgets.map((budget) => [\n budget.id,\n budget.name,\n formatBudgetSubject(budget),\n String(budget.target),\n formatBudgetWindow(budget),\n String(budget.limits.length),\n ])\n\n console.log()\n printTable(\n ['ID', 'Name', 'Subject', 'Target', 'Window', 'Limits'],\n rows,\n !!globalOpts.json,\n budgets,\n )\n console.log()\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { createCommand } from './create.js'\nimport { listCommand } from './list.js'\n\n/** Register budget subcommands on the CLI program. */\nexport function registerBudgetCommands(program: Command): void {\n const budget = program.command('budget').description('Inspect and manage budgets')\n\n budget.addCommand(listCommand())\n budget.addCommand(createCommand())\n}\n","import { Command } from 'commander'\nimport fs from 'node:fs'\nimport { CliClient } from '../lib/client.js'\nimport {\n getConfigPath,\n getManagedProfileDir,\n getProfileConfig,\n getSelectedProfileName,\n loadConfig,\n} from '../lib/config.js'\nimport { saveProfileCredentials } from '../lib/credentials-store.js'\nimport { withErrorHandler } from '../lib/errors.js'\nimport { success, warn } from '../lib/output.js'\nimport { cacheProfileIdentity, saveProfileState } from '../lib/profile-manager.js'\nimport { promptChoice, promptText } from '../lib/prompt.js'\nimport {\n getDefaultPrivateKeyPath,\n loadPrivateKey,\n derivePublicKey,\n ensurePrivateKey,\n} from '../lib/private-key.js'\nimport { getProfileCredentialsPath, getManagedTrustStorePath } from '../lib/profile-paths.js'\nimport {\n R4_DEFAULT_API_BASE_URL,\n R4_DEV_API_BASE_URL,\n applyGlobalRuntimeOptionsToProfile,\n} from '../lib/runtime-config.js'\nimport { registerAgentProfile } from '../lib/register-agent.js'\nimport type { GlobalOptions, R4ProfileConfig } from '../types.js'\n\ntype ConfigureMode = 'manual' | 'bootstrap'\ntype RuntimeTarget = 'prod' | 'dev' | 'custom'\ntype PrivateKeyMode = 'generate' | 'existing'\n\nasync function promptRuntimeTarget(existingProfile: R4ProfileConfig): Promise<{\n baseUrl?: string\n dev?: boolean\n projectId?: string\n}> {\n const defaultTarget: RuntimeTarget = existingProfile.baseUrl\n ? 'custom'\n : existingProfile.dev\n ? 'dev'\n : 'prod'\n\n const runtimeTarget = await promptChoice<RuntimeTarget>(\n 'Which R4 environment should this profile use?',\n [\n { label: 'Production', value: 'prod', description: `(${R4_DEFAULT_API_BASE_URL})` },\n { label: 'Development', value: 'dev', description: `(${R4_DEV_API_BASE_URL})` },\n { label: 'Custom URL', value: 'custom' },\n ],\n defaultTarget,\n )\n\n const runtimeOptions: {\n baseUrl?: string\n dev?: boolean\n projectId?: string\n } = {}\n\n if (runtimeTarget === 'custom') {\n runtimeOptions.baseUrl = await promptText('Base URL', {\n defaultValue: existingProfile.baseUrl || R4_DEFAULT_API_BASE_URL,\n })\n } else if (runtimeTarget === 'dev') {\n runtimeOptions.dev = true\n } else {\n runtimeOptions.dev = false\n }\n\n const projectId = await promptText('Project ID (optional)', {\n defaultValue: existingProfile.projectId,\n required: false,\n })\n if (projectId) {\n runtimeOptions.projectId = projectId\n }\n\n return runtimeOptions\n}\n\nasync function resolvePrivateKeyMaterial(\n profileName: string,\n existingProfile: R4ProfileConfig,\n): Promise<{\n privateKeyPath: string\n publicKeyPem: string\n created: boolean\n}> {\n const managedPrivateKeyPath = getDefaultPrivateKeyPath(profileName)\n const defaultMode: PrivateKeyMode =\n existingProfile.privateKeyPath || fs.existsSync(managedPrivateKeyPath)\n ? 'existing'\n : 'generate'\n\n const privateKeyMode = await promptChoice<PrivateKeyMode>(\n 'How should this profile handle its local private key?',\n [\n {\n label: 'Generate a managed key',\n value: 'generate',\n description: `(store at ${managedPrivateKeyPath})`,\n },\n {\n label: 'Use an existing PEM file',\n value: 'existing',\n },\n ],\n defaultMode,\n )\n\n if (privateKeyMode === 'generate') {\n const { privateKeyPem, created } = ensurePrivateKey(managedPrivateKeyPath)\n return {\n privateKeyPath: managedPrivateKeyPath,\n publicKeyPem: derivePublicKey(privateKeyPem),\n created,\n }\n }\n\n const privateKeyPath = await promptText('Existing private-key path', {\n defaultValue: existingProfile.privateKeyPath || managedPrivateKeyPath,\n })\n const privateKeyPem = loadPrivateKey(privateKeyPath)\n return {\n privateKeyPath,\n publicKeyPem: derivePublicKey(privateKeyPem),\n created: false,\n }\n}\n\nasync function configureManualProfile(\n profileName: string,\n existingProfile: R4ProfileConfig,\n): Promise<void> {\n const runtimeOptions = await promptRuntimeTarget(existingProfile)\n const privateKey = await resolvePrivateKeyMaterial(profileName, existingProfile)\n const accessKey = await promptText('API access key')\n const secretKey = await promptText('API secret', {\n hidden: true,\n })\n\n saveProfileCredentials(profileName, { accessKey, secretKey })\n\n const nextProfile = applyGlobalRuntimeOptionsToProfile(\n {\n ...existingProfile,\n privateKeyPath: privateKey.privateKeyPath,\n trustStorePath: getManagedTrustStorePath(profileName),\n },\n runtimeOptions,\n )\n saveProfileState(profileName, nextProfile)\n\n const baseUrl =\n runtimeOptions.baseUrl ||\n (runtimeOptions.dev ? R4_DEV_API_BASE_URL : R4_DEFAULT_API_BASE_URL)\n\n try {\n const identity = await new CliClient(\n `${accessKey}.${secretKey}`,\n baseUrl,\n ).getMachineIdentity()\n cacheProfileIdentity(profileName, identity)\n } catch (error) {\n warn(\n `Saved the profile, but the live identity check failed: ${\n error instanceof Error ? error.message : String(error)\n }`,\n )\n }\n\n success(`Saved profile \"${profileName}\" to ${getConfigPath()}`)\n success(`Credentials: ${getProfileCredentialsPath(profileName)}`)\n success(`Private key: ${privateKey.privateKeyPath}`)\n success(`Trust store: ${getManagedTrustStorePath(profileName)}`)\n}\n\nasync function configureBootstrapProfile(\n profileName: string,\n existingProfile: R4ProfileConfig,\n): Promise<void> {\n const runtimeOptions = await promptRuntimeTarget(existingProfile)\n const privateKey = await resolvePrivateKeyMaterial(profileName, existingProfile)\n const agentName = await promptText('Agent name', {\n defaultValue: existingProfile.agentName || profileName,\n })\n const orgName = await promptText('Organization name (optional)', {\n defaultValue: agentName,\n required: false,\n })\n\n const baseUrl =\n runtimeOptions.baseUrl ||\n (runtimeOptions.dev ? R4_DEV_API_BASE_URL : R4_DEFAULT_API_BASE_URL)\n const result = await registerAgentProfile({\n profileName,\n profile: existingProfile,\n agentName,\n orgName: orgName || agentName,\n baseUrl,\n privateKeyPath: privateKey.privateKeyPath,\n runtimeOptions,\n })\n\n if (result.identityError) {\n warn(\n `Created the profile, but the live identity check failed: ${\n result.identityError\n }`,\n )\n }\n\n success(`Bootstrapped agent \"${agentName}\" into profile \"${profileName}\"`)\n success(`Credentials: ${getProfileCredentialsPath(profileName)}`)\n success(`Private key: ${result.privateKeyPath}`)\n success(`Trust store: ${result.trustStorePath}`)\n}\n\n/** `r4 configure` — guided profile setup for machine credentials and key material. */\nexport function configureCommand(): Command {\n return new Command('configure')\n .description('Guided setup for an R4 CLI profile')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const initialProfileName = getSelectedProfileName(\n config,\n globalOpts.profile,\n process.env.R4_PROFILE,\n )\n const profileName = await promptText('Profile name', {\n defaultValue: initialProfileName,\n })\n const existingProfile = getProfileConfig(config, profileName)\n\n console.log()\n console.log(` Managed profile directory: ${getManagedProfileDir(profileName)}`)\n\n const mode = await promptChoice<ConfigureMode>(\n 'How do you want to set up this profile?',\n [\n {\n label: 'Use existing API credentials',\n value: 'manual',\n description: '(enter an access key, secret, and private key)',\n },\n {\n label: 'Create a new agent runtime',\n value: 'bootstrap',\n description: '(bootstrap a new agent-only org and API key)',\n },\n ],\n 'manual',\n )\n\n console.log()\n if (mode === 'manual') {\n await configureManualProfile(profileName, existingProfile)\n } else {\n await configureBootstrapProfile(profileName, existingProfile)\n }\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 domain add` registers a new external domain. */\nexport function addCommand(): Command {\n return new Command('add')\n .description('Register a new external domain')\n .argument('<domain>', 'Domain name')\n .action(\n withErrorHandler(async (domain: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora(`Registering domain ${domain}...`).start()\n const response = await client.addDomain(domain)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Registered domain ${domain}`)\n printDetail(\n [\n ['Domain ID', response.domainId],\n ['Domain Tenant', response.domainTenantId],\n ['TXT Host', response.txtRecordHost],\n ['TXT Value', response.verificationTxtRecord],\n ['Instructions', response.instructions],\n ],\n false,\n )\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 domain list` lists visible org domains. */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List visible external domains')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching domains...').start()\n const domains = await client.listDomains()\n spinner.stop()\n\n const rows = domains.map((domain) => [\n domain.id,\n domain.domain,\n domain.verified ? 'Yes' : 'No',\n domain.state,\n domain.verificationTxtValue ?? '-',\n ])\n\n console.log()\n printTable(\n ['ID', 'Domain', 'Verified', 'State', 'TXT Value'],\n rows,\n !!globalOpts.json,\n domains,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 domain verify` triggers domain TXT verification. */\nexport function verifyCommand(): Command {\n return new Command('verify')\n .description('Trigger verification for a domain')\n .argument('<id>', 'Domain ID')\n .action(\n withErrorHandler(async (id: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora(`Verifying domain ${id}...`).start()\n const response = await client.verifyDomain(id)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Verification finished for ${id}`)\n printDetail(\n [\n ['Verified', response.verified ? 'Yes' : 'No'],\n ['Error', response.error ?? '-'],\n ],\n false,\n )\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { addCommand } from './add.js'\nimport { listCommand } from './list.js'\nimport { verifyCommand } from './verify.js'\n\n/** Register domain subcommands on the CLI program. */\nexport function registerDomainCommands(program: Command): void {\n const domain = program.command('domain').description('Manage external domains')\n\n domain.addCommand(listCommand())\n domain.addCommand(addCommand())\n domain.addCommand(verifyCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail, success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { FeedbackSurface, GlobalOptions } from '../../types.js'\n\nconst FEEDBACK_SURFACES = new Set<FeedbackSurface>(['CLI', 'SDK', 'MCP', 'MACHINE_API', 'OTHER'])\n\nfunction normalizeFeedbackSurface(surface: string): FeedbackSurface {\n const normalized = surface.trim().toUpperCase() as FeedbackSurface\n\n if (!FEEDBACK_SURFACES.has(normalized)) {\n throw new Error(\n `Unsupported feedback surface \"${surface}\". Use one of: ${[...FEEDBACK_SURFACES].join(', ')}.`,\n )\n }\n\n return normalized\n}\n\n/** `r4 feedback submit` sends structured product feedback from an AGENT key. */\nexport function submitCommand(): Command {\n return new Command('submit')\n .description('Submit structured feedback about a missing capability')\n .requiredOption('--surface <surface>', 'Feedback surface: CLI, SDK, MCP, MACHINE_API, OTHER')\n .requiredOption('--summary <summary>', 'Short summary of the blocker')\n .requiredOption('--details <details>', 'Longer description of the blocker')\n .option('--desired-outcome <text>', 'What the product should ideally support')\n .action(\n withErrorHandler(\n async (\n options: {\n surface: string\n summary: string\n details: string\n desiredOutcome?: string\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Submitting feedback...').start()\n const response = await client.submitFeedback({\n surface: normalizeFeedbackSurface(options.surface),\n summary: options.summary,\n details: options.details,\n desiredOutcome: options.desiredOutcome,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success('Submitted feedback')\n printDetail(\n [\n ['Feedback ID', response.id],\n ['Submitted At', response.submittedAt],\n ['Notification Sent', response.notified ? 'Yes' : 'No'],\n ],\n false,\n )\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { submitCommand } from './submit.js'\n\n/** Register feedback subcommands on the CLI program. */\nexport function registerFeedbackCommands(program: Command): void {\n const feedback = program.command('feedback').description('Submit structured product feedback')\n\n feedback.addCommand(submitCommand())\n}\n","import { Command } from 'commander'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { CliClient } from '../../lib/client.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport type { GlobalOptions, MachineRequestMethod } from '../../types.js'\n\nconst MACHINE_REQUEST_METHODS = new Set<MachineRequestMethod>(['GET', 'POST', 'PUT', 'PATCH', 'DELETE'])\n\nfunction normalizeMethod(method: string): MachineRequestMethod {\n const normalizedMethod = method.trim().toUpperCase()\n\n if (!MACHINE_REQUEST_METHODS.has(normalizedMethod as MachineRequestMethod)) {\n throw new Error(`Unsupported method \"${method}\". Use GET, POST, PUT, PATCH, or DELETE.`)\n }\n\n return normalizedMethod as MachineRequestMethod\n}\n\n/** `r4 machine request` sends an authenticated request to any machine API route. */\nexport function requestCommand(): Command {\n return new Command('request')\n .description('Call an arbitrary machine API route')\n .argument('<method>', 'HTTP method (GET, POST, PUT, PATCH, DELETE)')\n .argument('<path>', 'Machine path like /webhook or /api/v1/machine/webhook')\n .option('--body <json>', 'Optional JSON request body')\n .option('--body-file <path>', 'Read the JSON request body from a file')\n .action(\n withErrorHandler(\n async (\n method: string,\n path: string,\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n const client = new CliClient(config.apiKey, config.baseUrl)\n const result = await client.requestMachine({\n method: normalizeMethod(method),\n path,\n body: parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n }),\n })\n\n if (result == null) {\n return\n }\n\n if (typeof result === 'string') {\n console.log(result)\n return\n }\n\n console.log(JSON.stringify(result, null, globalOpts.json ? 0 : 2))\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { requestCommand } from './request.js'\n\n/** Register generic machine-API passthrough commands on the CLI program. */\nexport function registerMachineCommands(program: Command): void {\n const machine = program.command('machine').description('Call the headless machine API directly')\n\n machine.addCommand(requestCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printDetail } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 monitoring entity-counts` shows the scoped machine entity counters. */\nexport function entityCountsCommand(): Command {\n return new Command('entity-counts')\n .description('Show visible machine entity counts')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching monitoring entity counts...').start()\n const counts = await client.getMonitoringEntityCounts()\n spinner.stop()\n\n printDetail(\n [\n ['Tenants', String(counts.tenants)],\n ['Users', String(counts.users)],\n ['Security Groups', String(counts.securityGroups)],\n ['Vaults', String(counts.vaults)],\n ['Vault Items', String(counts.vaultItems)],\n ['Domains', String(counts.domains)],\n ['Integrations', String(counts.integrations)],\n ['Agents', String(counts.agents)],\n ['Projects', String(counts.projects)],\n ['API Keys', String(counts.apiKeys)],\n ],\n !!globalOpts.json,\n counts,\n )\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { entityCountsCommand } from './entity-counts.js'\n\n/** Register monitoring subcommands on the CLI program. */\nexport function registerMonitoringCommands(program: Command): void {\n const monitoring = program.command('monitoring').description('Inspect machine monitoring summaries')\n\n monitoring.addCommand(entityCountsCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 permissions security-groups` lists visible security groups. */\nexport function securityGroupsCommand(): Command {\n return new Command('security-groups')\n .description('List visible security groups from the permissions surface')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching security groups...').start()\n const response = await client.listSecurityGroups()\n spinner.stop()\n\n const rows = response.securityGroups.map((group) => [\n group.id,\n group.name,\n group.tenantName,\n group.isDefault ? 'Yes' : 'No',\n group.roles.join(', ') || '-',\n String(group.numberOfMembers),\n ])\n\n console.log()\n printTable(\n ['ID', 'Name', 'Tenant', 'Default', 'Roles', 'Members'],\n rows,\n !!globalOpts.json,\n response.securityGroups,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type {\n GlobalOptions,\n PermissionAssetType,\n SetPermissionsRequest,\n} from '../../types.js'\n\nconst PERMISSION_ASSET_TYPES = new Set<PermissionAssetType>([\n 'VAULT',\n 'VAULT_ITEM',\n 'PROJECT',\n 'LICENSE_INSTANCE',\n 'ENCRYPTION_KEY',\n 'TOKEN_PROVIDER',\n])\n\nfunction normalizePermissionAssetType(assetType: string): PermissionAssetType {\n const normalized = assetType.trim().toUpperCase() as PermissionAssetType\n\n if (!PERMISSION_ASSET_TYPES.has(normalized)) {\n throw new Error(\n `Unsupported asset type \"${assetType}\". Use one of: ${[...PERMISSION_ASSET_TYPES].join(', ')}.`,\n )\n }\n\n return normalized\n}\n\nfunction parsePermissionsBody(options: {\n body?: string\n bodyFile?: string\n}): SetPermissionsRequest {\n const parsed = parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n })\n\n if (!parsed) {\n throw new Error('Provide permission data with --body or --body-file.')\n }\n\n if (Array.isArray(parsed)) {\n return { permissions: parsed as SetPermissionsRequest['permissions'] }\n }\n\n if (typeof parsed === 'object' && parsed !== null && Array.isArray(parsed.permissions)) {\n return parsed as unknown as SetPermissionsRequest\n }\n\n throw new Error('Permission data must be either an array of permissions or an object with a permissions array.')\n}\n\n/** `r4 permissions set` replaces permissions on an asset with structured input. */\nexport function setCommand(): Command {\n return new Command('set')\n .description('Replace permissions for an asset')\n .argument('<assetType>', 'Asset type: PROJECT, VAULT, VAULT_ITEM, LICENSE_INSTANCE, ENCRYPTION_KEY, TOKEN_PROVIDER')\n .argument('<id>', 'Asset ID')\n .option('--body <json>', 'Inline permissions JSON')\n .option('--body-file <path>', 'Read the permissions JSON from a file')\n .action(\n withErrorHandler(\n async (\n assetType: string,\n id: string,\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const body = parsePermissionsBody(options)\n\n const spinner = ora('Updating permissions...').start()\n await client.setPermissions(normalizePermissionAssetType(assetType), id, body)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ assetType: assetType.toUpperCase(), id, updated: true }, null, 2))\n return\n }\n\n success(`Updated permissions for ${assetType.toUpperCase()} ${id}`)\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { securityGroupsCommand } from './security-groups.js'\nimport { setCommand } from './set.js'\n\n/** Register permissions subcommands on the CLI program. */\nexport function registerPermissionsCommands(program: Command): void {\n const permissions = program.command('permissions').description('Manage asset permissions')\n\n permissions.addCommand(securityGroupsCommand())\n permissions.addCommand(setCommand())\n}\n","import { Command } from 'commander'\nimport { getCurrentProfileName, getProfileNames, loadConfig } from '../../lib/config.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 profile list` — show saved CLI profiles. */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List saved CLI profiles')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = loadConfig()\n const currentProfile = getCurrentProfileName(config)\n const rows = getProfileNames(config).map((profileName) => {\n const profile = config.profiles[profileName] ?? {}\n return [\n profileName,\n profileName === currentProfile ? 'yes' : '',\n profile.identity?.apiKeyScope || '-',\n profile.identity?.principalLabel || profile.agentName || profile.agentId || '-',\n profile.baseUrl || (profile.dev ? 'https://dev.r4.dev' : '(default)'),\n profile.projectId || '-',\n ]\n })\n\n console.log()\n printTable(\n ['Name', 'Current', 'Scope', 'Principal', 'Base URL', 'Project ID'],\n rows,\n !!globalOpts.json,\n rows.map(([name, current, scope, principal, baseUrl, projectId]) => ({\n name,\n current: current === 'yes',\n scope: scope === '-' ? null : scope,\n principal: principal === '-' ? null : principal,\n baseUrl,\n projectId: projectId === '-' ? null : projectId,\n })),\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport {\n getProfileConfig,\n loadConfig,\n saveConfig,\n setCurrentProfile,\n} from '../../lib/config.js'\nimport { success } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\n\n/** `r4 profile use <name>` — switch the active CLI profile. */\nexport function useCommand(): Command {\n return new Command('use')\n .description('Switch the active CLI profile')\n .argument('<name>', 'Profile name')\n .action(\n withErrorHandler(async (profileName: string) => {\n const config = loadConfig()\n const profile = getProfileConfig(config, profileName)\n\n if (Object.keys(profile).length === 0 && !config.profiles[profileName]) {\n throw new Error(`Profile \"${profileName}\" does not exist.`)\n }\n\n saveConfig(setCurrentProfile(config, profileName))\n success(`Now using profile \"${profileName}\"`)\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { listCommand } from './list.js'\nimport { showCommand } from './show.js'\nimport { useCommand } from './use.js'\n\n/** Register CLI profile commands. */\nexport function registerProfileCommands(program: Command): void {\n const profile = program.command('profile').description('Manage saved CLI profiles')\n\n profile.addCommand(listCommand())\n profile.addCommand(showCommand())\n profile.addCommand(useCommand())\n}\n","import { Command } from 'commander'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { collectProfileReport } from '../../lib/profile-report.js'\nimport { renderProfileReport } from '../profile/show.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 space info` — concise alias for the current runtime/profile identity view. */\nexport function infoCommand(): Command {\n return new Command('info')\n .description('Show the current runtime identity and profile context')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const report = await collectProfileReport(globalOpts)\n renderProfileReport(report, !!globalOpts.json, ' Current Runtime')\n }),\n )\n}\n","import type { Command } from 'commander'\nimport { infoCommand } from './info.js'\n\n/** Register runtime-context inspection commands. */\nexport function registerSpaceCommands(program: Command): void {\n const space = program.command('space').description('Inspect the active runtime context')\n space.addCommand(infoCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions, JsonValue } from '../../types.js'\n\nfunction parseVaultBody(options: { body?: string; bodyFile?: string }): JsonValue {\n const parsed = parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n })\n\n if (!parsed || Array.isArray(parsed) || typeof parsed !== 'object') {\n throw new Error('Provide a vault create request object with --body or --body-file.')\n }\n\n return parsed\n}\n\n/** `r4 vault create` wraps the checkpoint-signed machine vault create route. */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a checkpoint-signed vault from a JSON payload')\n .option('--body <json>', 'Inline vault create JSON')\n .option('--body-file <path>', 'Read the vault create JSON from a file')\n .action(\n withErrorHandler(\n async (\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Creating vault...').start()\n const response = await client.createVault(parseVaultBody(options))\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Created vault ${response.id}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { parseJsonInput } from '../../lib/json-input.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions, JsonValue } from '../../types.js'\n\nfunction parseVaultItemBody(options: { body?: string; bodyFile?: string }): JsonValue {\n const parsed = parseJsonInput({\n body: options.body,\n bodyFile: options.bodyFile,\n })\n\n if (!parsed || Array.isArray(parsed) || typeof parsed !== 'object') {\n throw new Error('Provide a vault item create request object with --body or --body-file.')\n }\n\n return parsed\n}\n\n/** `r4 vault create-item` wraps the checkpoint-signed machine vault-item create route. */\nexport function createItemCommand(): Command {\n return new Command('create-item')\n .description('Create a checkpoint-signed vault item from a JSON payload')\n .argument('<vaultId>', 'Vault ID')\n .option('--body <json>', 'Inline vault item create JSON')\n .option('--body-file <path>', 'Read the vault item create JSON from a file')\n .action(\n withErrorHandler(\n async (\n vaultId: string,\n options: { body?: string; bodyFile?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora(`Creating vault item in ${vaultId}...`).start()\n const response = await client.createVaultItem(vaultId, parseVaultItemBody(options))\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Created vault item ${response.id} in vault ${vaultId}`)\n },\n ),\n )\n}\n","import path from 'node:path'\nimport { Command } from 'commander'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/node'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 vault download-asset` — download and locally decrypt a vault attachment. */\nexport function downloadAssetCommand(): Command {\n return new Command('download-asset')\n .description('Download and locally decrypt a vault attachment by vault ID and asset ID')\n .argument('<vaultId>', 'Vault ID that owns the attachment')\n .argument('<assetId>', 'Attachment asset ID to download')\n .option(\n '--output <path>',\n 'Destination file path (defaults to ./${assetId}.bin when omitted)',\n )\n .action(\n withErrorHandler(\n async (\n vaultId: string,\n assetId: string,\n opts: { output?: string },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n const sdk = new R4(config)\n const outputPath = path.resolve(opts.output ?? `${assetId}.bin`)\n\n const spinner = ora('Downloading and decrypting attachment...').start()\n const result = await sdk.downloadVaultAttachment({\n vaultId,\n assetId,\n outputPath,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(\n JSON.stringify(\n {\n assetId: result.assetId,\n vaultId: result.vaultId,\n outputPath: result.outputPath,\n plaintextSize: result.checkpoint.plaintextSize,\n plaintextSha256: result.checkpoint.plaintextSha256,\n ciphertextSize: result.checkpoint.ciphertextSize,\n ciphertextSha256: result.checkpoint.ciphertextSha256,\n },\n null,\n 2,\n ),\n )\n return\n }\n\n success(`Saved decrypted attachment to ${outputPath}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/node'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * r4 vault list — List all locally decrypted environment variables as a table.\n */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List all locally decrypted environment variables')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n\n const spinner = ora('Fetching environment variables...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n const keys = Object.keys(env).sort()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(env, null, 2))\n return\n }\n\n if (keys.length === 0) {\n console.log('\\n No environment variables found.\\n')\n return\n }\n\n const rows = keys.map((key) => [key, env[key]])\n\n console.log()\n printTable(['Key', 'Value'], rows, false)\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport { renderVaultMetadataRows } from './items.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 vault list-items` — list vault metadata without local decryption. */\nexport function listItemsCommand(): Command {\n return new Command('list-items')\n .description('List vault item metadata only, without requiring local decryption')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n await renderVaultMetadataRows(globalOpts)\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/node'\nimport { CliClient } from '../../lib/client.js'\nimport { resolveAuth, resolveConnection } from '../../lib/resolve-auth.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * Represents a vault item derived from environment variable keys.\n * Groups related fields that share the same item name prefix.\n */\ninterface VaultItem {\n name: string\n fields: { name: string; key: string }[]\n}\n\ninterface MetadataRow {\n vaultId: string\n vaultName: string\n itemId: string\n itemName: string\n type: string | null\n fieldCount: number | null\n groupName: string | null\n websites: string[]\n}\n\nconst DIRECT_ITEM_SHARE_VAULT_LABEL = '[Direct Item Share]'\n\n/**\n * Derive vault items from a flat env map.\n *\n * Env keys follow the pattern: ITEM_NAME_FIELD_NAME (SCREAMING_SNAKE_CASE).\n * Since we only have the flat map, we group by common prefix heuristic:\n * - Each unique env key is treated as a single-field item\n * - The full key is the item name\n *\n * This provides a useful overview of all available secrets.\n */\nfunction deriveItems(env: Record<string, string>): VaultItem[] {\n const keys = Object.keys(env).sort()\n return keys.map((key) => ({\n name: key,\n fields: [{ name: key, key }],\n }))\n}\n\n/**\n * Load item metadata directly from the machine API without decrypting values.\n */\nexport async function loadVaultMetadataRows(\n globalOpts: GlobalOptions,\n): Promise<MetadataRow[]> {\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n const [{ vaults }, sharedItemsResponse] = await Promise.all([\n client.listVaults(connection.projectId),\n connection.projectId ? Promise.resolve(null) : client.getSharedVaultItems(),\n ])\n const rowsByItemId = new Map<string, MetadataRow>()\n\n for (const vault of vaults) {\n const response = await client.listVaultItems(vault.id)\n const groupNames = Object.fromEntries(\n response.vaultItemGroups.map((group) => [group.id, group.name] as const),\n )\n\n for (const item of response.items) {\n rowsByItemId.set(item.id, {\n vaultId: vault.id,\n vaultName: vault.name,\n itemId: item.id,\n itemName: item.name,\n type: item.type,\n fieldCount: item.fieldCount,\n groupName: item.groupId ? (groupNames[item.groupId] ?? item.groupId) : null,\n websites: item.websites,\n })\n }\n }\n\n if (sharedItemsResponse) {\n const groupNames = Object.fromEntries(\n sharedItemsResponse.vaultItemGroups.map((group) => [group.id, group.name] as const),\n )\n\n for (const item of sharedItemsResponse.vaultItems) {\n if (rowsByItemId.has(item.id)) {\n continue\n }\n\n rowsByItemId.set(item.id, {\n vaultId: item.vaultId,\n vaultName: DIRECT_ITEM_SHARE_VAULT_LABEL,\n itemId: item.id,\n itemName: item.name,\n type: item.type,\n fieldCount: item.fieldCount ?? null,\n groupName: item.groupId ? (groupNames[item.groupId] ?? item.groupId) : null,\n websites: item.websites,\n })\n }\n }\n\n return [...rowsByItemId.values()].sort((left, right) => {\n const vaultCompare = left.vaultName.localeCompare(right.vaultName)\n return vaultCompare !== 0\n ? vaultCompare\n : left.itemName.localeCompare(right.itemName)\n })\n}\n\n/**\n * Render metadata-only vault items for commands that do not need decryption.\n */\nexport async function renderVaultMetadataRows(\n globalOpts: GlobalOptions,\n): Promise<void> {\n const spinner = ora('Fetching vault item metadata...').start()\n const rows = await loadVaultMetadataRows(globalOpts)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(rows, null, 2))\n return\n }\n\n if (rows.length === 0) {\n console.log('\\n No vault items found.\\n')\n return\n }\n\n console.log()\n printTable(\n ['Vault', 'Item', 'Type', 'Fields', 'Group', 'Websites'],\n rows.map((row) => [\n row.vaultName,\n row.itemName,\n row.type || '-',\n row.fieldCount === null ? '-' : String(row.fieldCount),\n row.groupName || '-',\n row.websites.join(', ') || '-',\n ]),\n false,\n )\n console.log()\n}\n\n/**\n * r4 vault items — List all vault items with their field names and types.\n * Uses the zero-trust SDK env map and groups keys heuristically by item prefix.\n */\nexport function itemsCommand(): Command {\n return new Command('items')\n .description('List vault items from the decrypted env map, or use --metadata-only for raw machine metadata')\n .option('--metadata-only', 'List item metadata without local decryption')\n .action(\n withErrorHandler(async (opts: { metadataOnly?: boolean }, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n\n if (opts.metadataOnly) {\n await renderVaultMetadataRows(globalOpts)\n return\n }\n\n const config = resolveAuth(globalOpts)\n\n const spinner = ora('Fetching vault items...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n const items = deriveItems(env)\n\n if (globalOpts.json) {\n console.log(JSON.stringify(items, null, 2))\n return\n }\n\n if (items.length === 0) {\n console.log('\\n No vault items found.\\n')\n return\n }\n\n const rows = items.map((item) => [\n item.name,\n 'secret',\n item.fields.map((f) => f.name).join(', '),\n ])\n\n console.log()\n printTable(['Name', 'Type', 'Fields'], rows, false)\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { printTable } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 vault list-vaults` — list visible vault metadata without decryption. */\nexport function listVaultsCommand(): Command {\n return new Command('list-vaults')\n .description('List visible vaults without requiring local decryption')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching visible vaults...').start()\n const response = await client.listVaults(connection.projectId)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response.vaults, null, 2))\n return\n }\n\n if (response.vaults.length === 0) {\n console.log('\\n No visible vaults found.\\n')\n return\n }\n\n console.log()\n printTable(\n ['ID', 'Name', 'Classification', 'Items', 'Created At'],\n response.vaults.map((vault) => [\n vault.id,\n vault.name,\n vault.dataClassification || '-',\n String(vault.itemCount),\n vault.createdAt,\n ]),\n false,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/node'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * r4 vault get <KEY> — Get a specific locally decrypted environment variable value.\n * Outputs the raw value, perfect for piping: r4 vault get PRODUCTION_DB_PASSWORD | pbcopy\n */\nexport function getCommand(): Command {\n return new Command('get')\n .description('Get a specific locally decrypted environment variable value')\n .argument('<key>', 'Environment variable key (SCREAMING_SNAKE_CASE)')\n .action(\n withErrorHandler(\n async (keyArg: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n\n const spinner = ora('Fetching environment variables...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n const key = keyArg.toUpperCase()\n const value = env[key]\n\n if (value === undefined) {\n const available = Object.keys(env).sort().join(', ') || '(none)'\n throw new Error(`Key \"${key}\" not found. Available keys: ${available}`)\n }\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ key, value }, null, 2))\n return\n }\n\n // Raw output — perfect for piping: r4 vault get PRODUCTION_DB_PASSWORD | pbcopy\n process.stdout.write(value)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/node'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * r4 vault search <query> — Search vault items by name (case-insensitive).\n * Matches locally decrypted env variable keys that contain the search query.\n * Useful for finding secrets when you know part of the name.\n */\nexport function searchCommand(): Command {\n return new Command('search')\n .description('Search vault items by name')\n .argument('<query>', 'Search query (case-insensitive match against key names)')\n .action(\n withErrorHandler(\n async (query: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n\n const spinner = ora('Searching vault items...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n const lowerQuery = query.toLowerCase()\n\n const matches = Object.keys(env)\n .filter((key) => key.toLowerCase().includes(lowerQuery))\n .sort()\n\n if (globalOpts.json) {\n const result = matches.map((key) => ({ key, value: env[key] }))\n console.log(JSON.stringify(result, null, 2))\n return\n }\n\n if (matches.length === 0) {\n console.log(`\\n No items matching \"${query}\" found.\\n`)\n return\n }\n\n const rows = matches.map((key) => [key, env[key]])\n\n console.log()\n printTable(['Key', 'Value'], rows, false)\n console.log()\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { createCommand } from './create.js'\nimport { createItemCommand } from './create-item.js'\nimport { downloadAssetCommand } from './download-asset.js'\nimport { listCommand } from './list.js'\nimport { listItemsCommand } from './list-items.js'\nimport { listVaultsCommand } from './list-vaults.js'\nimport { getCommand } from './get.js'\nimport { itemsCommand } from './items.js'\nimport { searchCommand } from './search.js'\n\n/** Register vault subcommands on the CLI program */\nexport function registerVaultCommands(program: Command): void {\n const vault = program.command('vault').description('Manage vault secrets')\n\n vault.addCommand(createCommand())\n vault.addCommand(createItemCommand())\n vault.addCommand(downloadAssetCommand())\n vault.addCommand(listCommand())\n vault.addCommand(listVaultsCommand())\n vault.addCommand(listItemsCommand())\n vault.addCommand(getCommand())\n vault.addCommand(itemsCommand())\n vault.addCommand(searchCommand())\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 project add-vault` associates a vault to a project. */\nexport function addVaultCommand(): Command {\n return new Command('add-vault')\n .description('Associate a vault with a project')\n .argument('<projectId>', 'Project ID')\n .argument('<vaultId>', 'Vault ID')\n .action(\n withErrorHandler(\n async (\n projectId: string,\n vaultId: string,\n _opts: unknown,\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Associating vault with project...').start()\n await client.associateProjectVault({\n projectId,\n vaultId,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ projectId, vaultId }, null, 2))\n return\n }\n\n success(`Associated vault ${vaultId} with project ${projectId}`)\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** r4 project list — List all projects as a table */\nexport function listCommand(): Command {\n return new Command('list')\n .description('List all projects')\n .action(\n withErrorHandler(async (_opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching projects...').start()\n const response = await client.listProjects()\n spinner.stop()\n\n const rows = response.projects.map((p) => [\n p.id,\n p.name,\n p.externalId || '-',\n String(p.vaultsCount),\n String(p.licensesCount),\n String(p.licenseGroupsCount),\n ])\n\n console.log()\n printTable(\n ['ID', 'Name', 'External ID', 'Vaults', 'Licenses', 'License Groups'],\n rows,\n !!globalOpts.json,\n response.projects,\n )\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport chalk from 'chalk'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { printDetail, printTable } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** r4 project get <id> — Show project details with associated resources */\nexport function getCommand(): Command {\n return new Command('get')\n .description('Get project details')\n .argument('<id>', 'Project ID')\n .action(\n withErrorHandler(async (id: string, _opts: unknown, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Fetching project...').start()\n const project = await client.getProject(id)\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(project, null, 2))\n return\n }\n\n console.log()\n console.log(chalk.bold(` ${project.name}`))\n console.log()\n\n printDetail(\n [\n ['ID', project.id],\n ['External ID', project.externalId],\n ['Description', project.description],\n ['Created At', project.createdAt],\n ['Vaults', String(project.vaultsCount)],\n ['Licenses', String(project.licensesCount)],\n ['License Groups', String(project.licenseGroupsCount)],\n ],\n false,\n )\n\n if (project.vaults.length > 0) {\n console.log()\n console.log(chalk.bold(' Vaults'))\n console.log()\n printTable(\n ['ID', 'Name', 'Encrypted'],\n project.vaults.map((v) => [v.id, v.name, v.isEncrypted ? 'Yes' : 'No']),\n false,\n )\n }\n\n if (project.licenses.length > 0) {\n console.log()\n console.log(chalk.bold(' Licenses'))\n console.log()\n printTable(\n ['ID', 'Name', 'Type'],\n project.licenses.map((l) => [l.id, l.name || '-', l.type]),\n false,\n )\n }\n\n if (project.licenseGroups.length > 0) {\n console.log()\n console.log(chalk.bold(' License Groups'))\n console.log()\n printTable(\n ['ID', 'Name'],\n project.licenseGroups.map((lg) => [lg.id, lg.name]),\n false,\n )\n }\n\n console.log()\n }),\n )\n}\n","import { Command } from 'commander'\nimport readline from 'node:readline'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport { success } from '../../lib/output.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** Prompt the user for input via stdin */\nfunction prompt(question: string): Promise<string> {\n const rl = readline.createInterface({ input: process.stdin, output: process.stdout })\n return new Promise((resolve) => {\n rl.question(question, (answer) => {\n rl.close()\n resolve(answer.trim())\n })\n })\n}\n\n/** r4 project create — Create a new project */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a new project')\n .option('--name <name>', 'Project name')\n .option('--description <description>', 'Project description')\n .option('--external-id <externalId>', 'External identifier')\n .action(\n withErrorHandler(async (opts: { name?: string; description?: string; externalId?: string }, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n let name = opts.name\n if (!name) {\n name = await prompt('Project name: ')\n }\n if (!name) {\n throw new Error('Project name is required.')\n }\n\n const spinner = ora('Creating project...').start()\n const response = await client.createProject({\n name,\n description: opts.description,\n externalId: opts.externalId,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify(response, null, 2))\n return\n }\n\n success(`Project created with ID: ${response.id}`)\n }),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 project set-agents` replaces explicit project agent membership. */\nexport function setAgentsCommand(): Command {\n return new Command('set-agents')\n .description('Replace the explicit agent membership for a project')\n .argument('<projectId>', 'Project ID')\n .option(\n '--agent-id <id>',\n 'Agent ID to keep on the project (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .action(\n withErrorHandler(\n async (\n projectId: string,\n options: { agentId: string[] },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Updating project agents...').start()\n await client.updateProjectAgents(projectId, {\n agentIds: options.agentId,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(JSON.stringify({ projectId, agentIds: options.agentId }, null, 2))\n return\n }\n\n success(`Updated agent membership for project ${projectId}`)\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { addVaultCommand } from './add-vault.js'\nimport { listCommand } from './list.js'\nimport { getCommand } from './get.js'\nimport { createCommand } from './create.js'\nimport { setAgentsCommand } from './set-agents.js'\n\n/** Register project subcommands on the CLI program */\nexport function registerProjectCommands(program: Command): void {\n const project = program.command('project').description('Manage projects')\n\n project.addCommand(listCommand())\n project.addCommand(getCommand())\n project.addCommand(createCommand())\n project.addCommand(addVaultCommand())\n project.addCommand(setAgentsCommand())\n}\n","import { Command } from 'commander'\nimport { spawn } from 'node:child_process'\nimport ora from 'ora'\nimport R4 from '@r4-sdk/node'\nimport { resolveAuth } from '../../lib/resolve-auth.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/**\n * r4 run <command...> — Run a command with vault secrets injected as environment variables.\n *\n * Env var naming: SCREAMING_SNAKE_CASE keys built from locally decrypted vault items.\n *\n * Examples:\n * r4 run --project-id abc123 node deploy.js\n * r4 run --prefix R4 -- docker compose up\n */\nexport function registerRunCommand(program: Command): void {\n program\n .command('run')\n .description('Run a command with vault secrets injected as environment variables')\n .argument('<command...>', 'Command and arguments to execute')\n .option('--prefix <prefix>', 'Add prefix to all injected env var names')\n .action(\n withErrorHandler(\n async (commandParts: string[], opts: { prefix?: string }, cmd: Command) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const config = resolveAuth(globalOpts)\n\n // 1. Fetch and locally decrypt env vars via the R4 SDK\n const spinner = ora('Loading vault secrets...').start()\n const r4 = await R4.create(config)\n spinner.stop()\n\n const env = r4.env\n\n // 2. Build environment variable map (optionally with prefix)\n const secretEnv: Record<string, string> = {}\n\n for (const key of Object.keys(env)) {\n const envName = opts.prefix\n ? `${opts.prefix.toUpperCase()}_${key}`\n : key\n secretEnv[envName] = env[key]\n }\n\n // 3. Spawn the child process with merged environment\n const [command, ...args] = commandParts\n const child = spawn(command, args, {\n stdio: 'inherit',\n env: { ...process.env, ...secretEnv },\n shell: true,\n })\n\n // 4. Forward the child's exit code\n child.on('close', (code) => {\n process.exit(code ?? 1)\n })\n\n child.on('error', (err) => {\n throw new Error(`Failed to execute command \"${command}\": ${err.message}`)\n })\n },\n ),\n )\n}\n","import { Command } from 'commander'\nimport ora from 'ora'\nimport { CliClient } from '../../lib/client.js'\nimport { collectOptionValues } from '../../lib/command-options.js'\nimport { withErrorHandler } from '../../lib/errors.js'\nimport { success } from '../../lib/output.js'\nimport { resolveConnection } from '../../lib/resolve-auth.js'\nimport type { GlobalOptions } from '../../types.js'\n\n/** `r4 security-group create` provisions a tenant security group. */\nexport function createCommand(): Command {\n return new Command('create')\n .description('Create a tenant security group')\n .requiredOption('--name <name>', 'Security group name')\n .requiredOption('--tenant-id <id>', 'Tenant ID')\n .option('--parent-id <id>', 'Optional parent security group ID')\n .option(\n '--role <role>',\n 'Tenant role to grant through this group (repeat or use comma-separated values)',\n collectOptionValues,\n [],\n )\n .action(\n withErrorHandler(\n async (\n options: {\n name: string\n tenantId: string\n parentId?: string\n role: string[]\n },\n cmd: Command,\n ) => {\n const globalOpts = cmd.optsWithGlobals<GlobalOptions>()\n const connection = resolveConnection(globalOpts, { requireApiKey: true })\n const client = new CliClient(connection.apiKey!, connection.baseUrl)\n\n const spinner = ora('Creating security group...').start()\n await client.createSecurityGroup({\n name: options.name,\n parentId: options.parentId ?? null,\n tenantId: options.tenantId,\n roles: options.role,\n })\n spinner.stop()\n\n if (globalOpts.json) {\n console.log(\n JSON.stringify(\n {\n name: options.name,\n tenantId: options.tenantId,\n parentId: options.parentId ?? null,\n roles: options.role,\n },\n null,\n 2,\n ),\n )\n return\n }\n\n success(`Created security group \"${options.name}\"`)\n },\n ),\n )\n}\n","import type { Command } from 'commander'\nimport { createCommand } from './create.js'\n\n/** Register security-group subcommands on the CLI program. */\nexport function registerSecurityGroupCommands(program: Command): void {\n const securityGroup = program\n .command('security-group')\n .description('Manage tenant security groups')\n\n securityGroup.addCommand(createCommand())\n}\n"],"mappings":";;;AAAA,SAAS,WAAAA,iBAAe;;;ACAxB,SAAS,eAAe;AACxB,OAAO,SAAS;;;ACDhB,OAAO,QAAQ;AA4Cf,IAAM,gCAAgC;AAM/B,IAAM,YAAN,MAAgB;AAAA,EACb;AAAA,EACA;AAAA,EAER,YAAY,QAAgB,SAAiB;AAC3C,SAAK,SAAS;AACd,SAAK,UAAU,QAAQ,QAAQ,OAAO,EAAE;AAAA,EAC1C;AAAA,EAEQ,qBAAqBC,OAAsB;AACjD,QAAI,CAACA,SAAQ,YAAY,KAAKA,KAAI,GAAG;AACnC,YAAM,IAAI,MAAM,2DAA2D;AAAA,IAC7E;AAEA,UAAM,iBAAiBA,MAAK,WAAW,GAAG,IAAIA,QAAO,IAAIA,KAAI;AAC7D,WAAO,eAAe,WAAW,iBAAiB,IAC9C,iBACA,kBAAkB,cAAc;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,QAAW,QAAgBA,OAAc,MAA4B;AACjF,UAAM,MAAM,GAAG,KAAK,OAAO,GAAGA,KAAI;AAElC,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC;AAAA,MACA,SAAS;AAAA,QACP,aAAa,KAAK;AAAA,QAClB,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,YAAa,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACzD,YAAM,QAAQ,WAAW;AACzB,YAAM,eAAe,OAAO,WAAW,QAAQ,SAAS,MAAM,KAAK,SAAS,UAAU;AACtF,YAAM,YACJ,OAAO,OAAO,SAAS,WACnB,KAAK,MAAM,IAAI,MACf;AACN,YAAM,IAAI,MAAM,eAAe,SAAS,KAAK,YAAY,EAAE;AAAA,IAC7D;AAEA,QAAI,SAAS,WAAW,KAAK;AAC3B,aAAO;AAAA,IACT;AAEA,UAAM,eAAe,MAAM,SAAS,KAAK;AACzC,QAAI,CAAC,cAAc;AACjB,aAAO;AAAA,IACT;AAEA,QAAI;AACF,aAAO,KAAK,MAAM,YAAY;AAAA,IAChC,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,eAA2C,QAIlC;AACb,WAAO,KAAK,QAAW,OAAO,QAAQ,KAAK,qBAAqB,OAAO,IAAI,GAAG,OAAO,IAAI;AAAA,EAC3F;AAAA;AAAA,EAGA,MAAM,uBAAuB,MAIc;AACzC,UAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,oCAAoC;AAAA,MAC9E,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,aAAa,KAAK;AAAA,QAClB,gBAAgB;AAAA,QAChB,CAAC,6BAA6B,GAAG,GAAG,SAAS;AAAA,MAC/C;AAAA,MACA,MAAM,KAAK,UAAU,IAAI;AAAA,IAC3B,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,YAAa,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACzD,YAAM,QAAQ,WAAW;AACzB,YAAM,eAAe,OAAO,WAAW,QAAQ,SAAS,MAAM,KAAK,SAAS,UAAU;AACtF,YAAM,YACJ,OAAO,OAAO,SAAS,WACnB,KAAK,MAAM,IAAI,MACf;AACN,YAAM,IAAI,MAAM,eAAe,SAAS,KAAK,YAAY,EAAE;AAAA,IAC7D;AAEA,WAAO,SAAS,KAAK;AAAA,EACvB;AAAA;AAAA,EAGA,MAAM,qBAAuD;AAC3D,WAAO,KAAK,QAAiC,OAAO,oBAAoB;AAAA,EAC1E;AAAA;AAAA,EAGA,MAAM,WAAW,WAAwD;AACvE,UAAM,SAAS,YAAY,cAAc,mBAAmB,SAAS,CAAC,KAAK;AAC3E,WAAO,KAAK,QAAmC,OAAO,wBAAwB,MAAM,EAAE;AAAA,EACxF;AAAA;AAAA,EAGA,MAAM,YAAY,MAAiD;AACjE,WAAO,KAAK,QAA+B,QAAQ,yBAAyB,IAAI;AAAA,EAClF;AAAA;AAAA,EAGA,MAAM,mBAAmB,SAAqD;AAC5E,WAAO,KAAK;AAAA,MACV;AAAA,MACA,yBAAyB,mBAAmB,OAAO,CAAC;AAAA,IACtD;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,eAAe,SAAyD;AAC5E,WAAO,KAAK;AAAA,MACV;AAAA,MACA,yBAAyB,mBAAmB,OAAO,CAAC;AAAA,IACtD;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,sBAAoE;AACxE,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,mBACJ,SACA,QACyC;AACzC,WAAO,KAAK;AAAA,MACV;AAAA,MACA,yBAAyB,mBAAmB,OAAO,CAAC,UAAU,mBAAmB,MAAM,CAAC;AAAA,IAC1F;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,iCACJ,SACA,SACuD;AACvD,WAAO,KAAK;AAAA,MACV;AAAA,MACA,+BAA+B,mBAAmB,OAAO,CAAC,WAAW,mBAAmB,OAAO,CAAC;AAAA,IAClG;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,gBAAgB,SAAiB,MAAiD;AACtF,WAAO,KAAK;AAAA,MACV;AAAA,MACA,yBAAyB,mBAAmB,OAAO,CAAC;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,eAA6C;AACjD,WAAO,KAAK,QAA6B,OAAO,yBAAyB;AAAA,EAC3E;AAAA;AAAA,EAGA,MAAM,cAAwC;AAC5C,WAAO,KAAK,QAAyB,OAAO,wBAAwB;AAAA,EACtE;AAAA;AAAA,EAGA,MAAM,aAAa,MAA0C;AAC3D,UAAM,KAAK,QAAc,QAAQ,0BAA0B,IAAI;AAAA,EACjE;AAAA;AAAA,EAGA,MAAM,WAAW,IAAoC;AACnD,WAAO,KAAK,QAAuB,OAAO,2BAA2B,EAAE,EAAE;AAAA,EAC3E;AAAA;AAAA,EAGA,MAAM,cAAc,MAA4D;AAC9E,WAAO,KAAK,QAA+B,QAAQ,2BAA2B,IAAI;AAAA,EACpF;AAAA;AAAA,EAGA,MAAM,aAAyC;AAC7C,WAAO,KAAK,QAA2B,OAAO,uBAAuB;AAAA,EACvE;AAAA;AAAA,EAGA,MAAM,SAAS,IAAkC;AAC/C,WAAO,KAAK,QAAqB,OAAO,yBAAyB,mBAAmB,EAAE,CAAC,EAAE;AAAA,EAC3F;AAAA;AAAA,EAGA,MAAM,YAAY,MAAyD;AACzE,WAAO,KAAK,QAA8B,QAAQ,yBAAyB,IAAI;AAAA,EACjF;AAAA;AAAA,EAGA,MAAM,YAAY,IAAY,MAAyC;AACrE,UAAM,KAAK,QAAc,SAAS,yBAAyB,mBAAmB,EAAE,CAAC,IAAI,IAAI;AAAA,EAC3F;AAAA;AAAA,EAGA,MAAM,oBAAoB,IAA+C;AACvE,WAAO,KAAK;AAAA,MACV;AAAA,MACA,yBAAyB,mBAAmB,EAAE,CAAC;AAAA,IACjD;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,uBACJ,IACA,MACe;AACf,UAAM,KAAK;AAAA,MACT;AAAA,MACA,yBAAyB,mBAAmB,EAAE,CAAC;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,oBAAoB,MAAiD;AACzE,UAAM,KAAK,QAAc,QAAQ,sDAAsD,IAAI;AAAA,EAC7F;AAAA;AAAA,EAGA,MAAM,qBAAyD;AAC7D,WAAO,KAAK,QAAmC,OAAO,6CAA6C;AAAA,EACrG;AAAA;AAAA,EAGA,MAAM,eACJ,WACA,IACA,MACe;AACf,UAAM,KAAK;AAAA,MACT;AAAA,MACA,+BAA+B,SAAS,IAAI,mBAAmB,EAAE,CAAC;AAAA,MAClE;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,sBAAsB,MAAmD;AAC7E,UAAM,KAAK,QAAc,QAAQ,2CAA2C,IAAI;AAAA,EAClF;AAAA;AAAA,EAGA,MAAM,iBAAiB,IAA4C;AACjE,UAAM,SAAS,MAAM,KAAK;AAAA,MACxB;AAAA,MACA,mCAAmC,mBAAmB,EAAE,CAAC;AAAA,IAC3D;AAEA,WAAO,EAAE,OAAO;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,oBAAoB,IAAY,MAAiD;AACrF,UAAM,KAAK;AAAA,MACT;AAAA,MACA,mCAAmC,mBAAmB,EAAE,CAAC;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,eAAe,MAA4E;AAC/F,WAAO,KAAK,QAAuC,QAAQ,4BAA4B,IAAI;AAAA,EAC7F;AAAA;AAAA,EAGA,MAAM,cAAuC;AAC3C,WAAO,KAAK,QAAwB,OAAO,6BAA6B;AAAA,EAC1E;AAAA;AAAA,EAGA,MAAM,UAAU,QAA4C;AAC1D,WAAO,KAAK,QAA2B,QAAQ,8BAA8B,EAAE,OAAO,CAAC;AAAA,EACzF;AAAA;AAAA,EAGA,MAAM,aAAa,IAA2C;AAC5D,WAAO,KAAK;AAAA,MACV;AAAA,MACA,0BAA0B,mBAAmB,EAAE,CAAC;AAAA,IAClD;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,sBAAyD;AAC7D,WAAO,KAAK,QAAkC,OAAO,mCAAmC;AAAA,EAC1F;AAAA;AAAA,EAGA,MAAM,4BAAqE;AACzE,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;;;AC9WO,SAAS,oBAAoB,OAAe,WAAqB,CAAC,GAAa;AACpF,QAAM,aAAa,MAChB,MAAM,GAAG,EACT,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAC3B,OAAO,OAAO;AAEjB,SAAO,CAAC,GAAG,UAAU,GAAG,UAAU;AACpC;;;ACXA,OAAO,WAAW;AAClB,OAAO,WAAW;AAKX,SAAS,WACd,SACA,MACA,UACA,UACM;AACN,MAAI,UAAU;AACZ,YAAQ,IAAI,KAAK,UAAU,YAAY,MAAM,MAAM,CAAC,CAAC;AACrD;AAAA,EACF;AAEA,QAAM,QAAQ,IAAI,MAAM;AAAA,IACtB,MAAM,QAAQ,IAAI,CAAC,MAAM,MAAM,KAAK,CAAC,CAAC;AAAA,IACtC,OAAO,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,EAAE;AAAA,EAChC,CAAC;AACD,aAAW,OAAO,MAAM;AACtB,UAAM,KAAK,GAAG;AAAA,EAChB;AACA,UAAQ,IAAI,MAAM,SAAS,CAAC;AAC9B;AAKO,SAAS,YACd,SACA,UACA,UACM;AACN,MAAI,UAAU;AACZ,YAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,EACF;AAEA,QAAM,SAAS,KAAK,IAAI,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC;AACzD,aAAW,CAAC,KAAK,KAAK,KAAK,SAAS;AAClC,UAAM,QAAQ,MAAM,KAAK,IAAI,OAAO,MAAM,CAAC;AAC3C,UAAM,MAAM,SAAS,MAAM,IAAI,SAAS;AACxC,YAAQ,IAAI,KAAK,KAAK,KAAK,GAAG,EAAE;AAAA,EAClC;AACF;AAGO,SAAS,QAAQ,SAAuB;AAC7C,UAAQ,IAAI,MAAM,MAAM,QAAG,IAAI,MAAM,OAAO;AAC9C;AAGO,SAAS,KAAK,SAAuB;AAC1C,UAAQ,IAAI,MAAM,OAAO,GAAG,IAAI,MAAM,OAAO;AAC/C;AAGO,SAAS,WAAW,SAAuB;AAChD,UAAQ,MAAM,MAAM,IAAI,QAAG,IAAI,MAAM,OAAO;AAC9C;;;AC3DA,SAAS,mBAAmB,SAAyB;AACnD,MACE,QAAQ,SAAS,yBAAyB,KAC1C,QAAQ,SAAS,gDAAgD,GACjE;AACA,WACE,GAAG,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMd;AAEA,MAAI,QAAQ,SAAS,+CAA+C,GAAG;AACrE,WACE,GAAG,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMd;AAEA,SAAO;AACT;AAMO,SAAS,iBACd,IAC+B;AAC/B,SAAO,UAAU,SAAY;AAC3B,QAAI;AACF,YAAM,GAAG,GAAG,IAAI;AAAA,IAClB,SAAS,KAAK;AACZ,UAAI,eAAe,OAAO;AACxB,mBAAW,mBAAmB,IAAI,OAAO,CAAC;AAAA,MAC5C,OAAO;AACL,mBAAW,8BAA8B;AAAA,MAC3C;AACA,cAAQ,KAAK,CAAC;AAAA,IAChB;AAAA,EACF;AACF;;;AChDA,OAAOC,SAAQ;;;ACAf,OAAO,QAAQ;AACf,OAAOC,SAAQ;AACf,OAAO,UAAU;AAKV,SAAS,oBAAoB,aAA6B;AAC/D,QAAM,YAAY,YACf,KAAK,EACL,YAAY,EACZ,QAAQ,kBAAkB,GAAG,EAC7B,QAAQ,YAAY,EAAE;AAEzB,SAAO,aAAa;AACtB;AAGO,SAAS,eAAuB;AACrC,SAAO,KAAK,KAAKA,IAAG,QAAQ,GAAG,KAAK;AACtC;AAGO,SAAS,iBAAyB;AACvC,SAAO,KAAK,KAAK,aAAa,GAAG,UAAU;AAC7C;AAGO,SAAS,cAAc,aAA6B;AACzD,SAAO,KAAK,KAAK,eAAe,GAAG,oBAAoB,WAAW,CAAC;AACrE;AAGO,SAAS,0BAA0B,aAA6B;AACrE,SAAO,KAAK,KAAK,cAAc,WAAW,GAAG,kBAAkB;AACjE;AAGO,SAAS,yBAAyB,aAA6B;AACpE,SAAO,KAAK,KAAK,cAAc,WAAW,GAAG,iBAAiB;AAChE;AAGO,SAAS,yBAAyB,aAA6B;AACpE,SAAO,KAAK,KAAK,cAAc,WAAW,GAAG,kBAAkB;AACjE;AAGO,SAAS,sBAAsB,SAAuB;AAC3D,KAAG,UAAU,SAAS,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACtD,KAAG,UAAU,SAAS,GAAK;AAC7B;AAGO,SAAS,gBAAgB,UAAkB,UAAwB;AACxE,wBAAsB,KAAK,QAAQ,QAAQ,CAAC;AAC5C,KAAG,cAAc,UAAU,UAAU;AAAA,IACnC,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AACD,KAAG,UAAU,UAAU,GAAK;AAC9B;;;AD9CO,IAAM,uBAAuB;AAEpC,SAAS,cAA4B;AACnC,SAAO;AAAA,IACL,SAAS;AAAA,IACT,gBAAgB;AAAA,IAChB,UAAU;AAAA,MACR,CAAC,oBAAoB,GAAG,CAAC;AAAA,IAC3B;AAAA,EACF;AACF;AAEA,SAAS,sBAAsB,UAAuD;AACpF,MAAI,CAAC,YAAY,OAAO,aAAa,UAAU;AAC7C,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ;AACd,QAAM,eAAuC,CAAC;AAE9C,MAAI,OAAO,MAAM,aAAa,YAAY,MAAM,SAAS,KAAK,GAAG;AAC/D,iBAAa,WAAW,MAAM,SAAS,KAAK;AAAA,EAC9C;AACA,MAAI,OAAO,MAAM,eAAe,YAAY,MAAM,WAAW,KAAK,GAAG;AACnE,iBAAa,aAAa,MAAM,WAAW,KAAK;AAAA,EAClD;AACA,MACE,MAAM,gBAAgB,SACtB,MAAM,gBAAgB,YACtB,MAAM,gBAAgB,UACtB,MAAM,gBAAgB,SACtB;AACA,iBAAa,cAAc,MAAM;AAAA,EACnC;AACA,MAAI,OAAO,MAAM,kBAAkB,YAAY,MAAM,cAAc,KAAK,GAAG;AACzE,iBAAa,gBAAgB,MAAM,cAAc,KAAK;AAAA,EACxD;AACA,MACE,MAAM,kBAAkB,WACxB,MAAM,kBAAkB,cACxB,MAAM,kBAAkB,aACxB,MAAM,kBAAkB,WACxB;AACA,iBAAa,gBAAgB,MAAM;AAAA,EACrC;AACA,MAAI,OAAO,MAAM,gBAAgB,YAAY,MAAM,YAAY,KAAK,GAAG;AACrE,iBAAa,cAAc,MAAM,YAAY,KAAK;AAAA,EACpD;AACA,MAAI,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,GAAG;AAC3E,iBAAa,iBAAiB,MAAM,eAAe,KAAK;AAAA,EAC1D;AACA,MAAI,OAAO,MAAM,UAAU,YAAY,MAAM,MAAM,KAAK,GAAG;AACzD,iBAAa,QAAQ,MAAM,MAAM,KAAK;AAAA,EACxC;AACA,MAAI,OAAO,MAAM,YAAY,YAAY,MAAM,QAAQ,KAAK,GAAG;AAC7D,iBAAa,UAAU,MAAM,QAAQ,KAAK;AAAA,EAC5C;AACA,MAAI,OAAO,MAAM,aAAa,YAAY,MAAM,SAAS,KAAK,GAAG;AAC/D,iBAAa,WAAW,MAAM,SAAS,KAAK;AAAA,EAC9C;AACA,MAAI,OAAO,MAAM,eAAe,YAAY,MAAM,WAAW,KAAK,GAAG;AACnE,iBAAa,aAAa,MAAM,WAAW,KAAK;AAAA,EAClD;AACA,MACE,MAAM,gBAAgB,SACtB,MAAM,gBAAgB,YACtB,MAAM,gBAAgB,eACtB,MAAM,gBAAgB,UACtB,MAAM,gBAAgB,UACtB;AACA,iBAAa,cAAc,MAAM;AAAA,EACnC;AACA,MACE,MAAM,cAAc,QACnB,OAAO,MAAM,cAAc,YAAY,MAAM,UAAU,KAAK,GAC7D;AACA,iBAAa,YAAY,MAAM,aAAa;AAAA,EAC9C;AACA,MAAI,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,GAAG;AAC3E,iBAAa,iBAAiB,MAAM,eAAe,KAAK;AAAA,EAC1D;AAEA,SAAO,OAAO,KAAK,YAAY,EAAE,SAAS,IAAI,eAAe;AAC/D;AAEA,SAAS,sBAAsB,SAAmC;AAChE,MAAI,CAAC,WAAW,OAAO,YAAY,UAAU;AAC3C,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,QAAQ;AACd,QAAM,cAA+B,CAAC;AAEtC,MAAI,OAAO,MAAM,YAAY,YAAY,MAAM,QAAQ,KAAK,GAAG;AAC7D,gBAAY,UAAU,MAAM,QAAQ,KAAK;AAAA,EAC3C;AACA,MAAI,OAAO,MAAM,QAAQ,WAAW;AAClC,gBAAY,MAAM,MAAM;AAAA,EAC1B;AACA,MAAI,OAAO,MAAM,cAAc,YAAY,MAAM,UAAU,KAAK,GAAG;AACjE,gBAAY,YAAY,MAAM,UAAU,KAAK;AAAA,EAC/C;AACA,MAAI,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,GAAG;AAC3E,gBAAY,iBAAiB,MAAM,eAAe,KAAK;AAAA,EACzD;AACA,MAAI,OAAO,MAAM,mBAAmB,YAAY,MAAM,eAAe,KAAK,GAAG;AAC3E,gBAAY,iBAAiB,MAAM,eAAe,KAAK;AAAA,EACzD;AACA,MAAI,OAAO,MAAM,YAAY,YAAY,MAAM,QAAQ,KAAK,GAAG;AAC7D,gBAAY,UAAU,MAAM,QAAQ,KAAK;AAAA,EAC3C;AACA,MAAI,OAAO,MAAM,cAAc,YAAY,MAAM,UAAU,KAAK,GAAG;AACjE,gBAAY,YAAY,MAAM,UAAU,KAAK;AAAA,EAC/C;AACA,QAAM,WAAW,sBAAsB,MAAM,QAAQ;AACrD,MAAI,UAAU;AACZ,gBAAY,WAAW;AAAA,EACzB;AAEA,SAAO;AACT;AAEA,SAAS,+BAA+B,QAAqC;AAC3E,SAAO;AAAA,IACL,OAAO,WACL,OAAO,QAAQ,UACf,OAAO,aACP,OAAO,kBACP,OAAO,kBACP,OAAO,WACP,OAAO,aACP,OAAO;AAAA,EACX;AACF;AAEA,SAAS,gBAAgB,KAA4B;AACnD,MAAI,CAAC,OAAO,OAAO,QAAQ,UAAU;AACnC,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAAS;AACf,QAAM,aAAa,YAAY;AAE/B,MAAI,OAAO,YAAY,OAAO,OAAO,aAAa,UAAU;AAC1D,UAAM,UAAU,OAAO,QAAQ,OAAO,QAAQ,EAC3C,OAAO,CAAC,CAAC,IAAI,MAAM,OAAO,SAAS,YAAY,KAAK,KAAK,EAAE,SAAS,CAAC,EACrE,IAAI,CAAC,CAAC,MAAM,OAAO,MAAM,CAAC,KAAK,KAAK,GAAG,sBAAsB,OAAO,CAAC,CAAU;AAElF,QAAI,QAAQ,SAAS,GAAG;AACtB,iBAAW,WAAW,OAAO,YAAY,OAAO;AAAA,IAClD;AAAA,EACF;AAEA,MAAI,+BAA+B,MAAM,GAAG;AAC1C,eAAW,SAAS,oBAAoB,IAAI;AAAA,MAC1C,GAAG,WAAW,SAAS,oBAAoB;AAAA,MAC3C,GAAG,sBAAsB,MAAM;AAAA,IACjC;AAAA,EACF;AAEA,QAAM,2BACJ,OAAO,OAAO,mBAAmB,YAAY,OAAO,eAAe,KAAK,IACpE,OAAO,eAAe,KAAK,IAC3B;AAEN,aAAW,iBACT,WAAW,SAAS,wBAAwB,MAAM,SAC9C,2BACA,OAAO,KAAK,WAAW,QAAQ,EAAE,CAAC,KAAK;AAE7C,MAAI,OAAO,KAAK,WAAW,QAAQ,EAAE,WAAW,GAAG;AACjD,WAAO,YAAY;AAAA,EACrB;AAEA,SAAO;AACT;AAMO,SAAS,aAA2B;AACzC,MAAI;AACF,UAAM,MAAMC,IAAG,aAAa,cAAc,GAAG,MAAM;AACnD,WAAO,gBAAgB,KAAK,MAAM,GAAG,CAAC;AAAA,EACxC,QAAQ;AACN,WAAO,YAAY;AAAA,EACrB;AACF;AAMO,SAAS,WAAW,QAA4B;AACrD,wBAAsB,aAAa,CAAC;AACpC,kBAAgB,cAAc,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,IAAI,IAAI;AACzE;AAKO,SAAS,cAAoB;AAClC,MAAI;AACF,IAAAA,IAAG,WAAW,cAAc,CAAC;AAAA,EAC/B,QAAQ;AAAA,EAER;AACF;AAKO,SAAS,gBAAwB;AACtC,SAAO,GAAG,aAAa,CAAC;AAC1B;AAGO,SAAS,gBAAgB,QAAgC;AAC9D,SAAO,OAAO,KAAK,OAAO,QAAQ,EAAE,KAAK;AAC3C;AAGO,SAAS,sBAAsB,QAA8B;AAClE,SAAO,OAAO;AAChB;AAGO,SAAS,uBACd,QACA,iBACA,YACQ;AACR,QAAM,kBAAkB,mBAAmB,cAAc,OAAO;AAChE,SAAO,iBAAiB,KAAK,KAAK;AACpC;AAGO,SAAS,iBACd,QACA,aACiB;AACjB,SAAO,OAAO,SAAS,WAAW,KAAK,CAAC;AAC1C;AAGO,SAAS,cACd,QACA,aACA,SACc;AACd,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,MACR,GAAG,OAAO;AAAA,MACV,CAAC,WAAW,GAAG;AAAA,IACjB;AAAA,EACF;AACF;AAGO,SAAS,kBACd,QACA,aACc;AACd,SAAO;AAAA,IACL,GAAG;AAAA,IACH,gBAAgB;AAAA,EAClB;AACF;AAGO,SAAS,cACd,QACA,aACc;AACd,QAAM,oBAAoB,OAAO;AAAA,IAC/B,OAAO,QAAQ,OAAO,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,MAAM,SAAS,WAAW;AAAA,EACzE;AAEA,MAAI,OAAO,KAAK,iBAAiB,EAAE,WAAW,GAAG;AAC/C,WAAO,YAAY;AAAA,EACrB;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,gBACE,OAAO,mBAAmB,cACrB,OAAO,KAAK,iBAAiB,EAAE,KAAK,EAAE,CAAC,KAAK,uBAC7C,OAAO;AAAA,IACb,UAAU;AAAA,EACZ;AACF;AAGO,SAAS,qBAAqB,aAA6B;AAChE,SAAO,cAAc,WAAW;AAClC;AAGO,SAAS,6BAA6B,aAA2B;AACtE,QAAM,aAAa,cAAc,WAAW;AAC5C,EAAAA,IAAG,OAAO,YAAY,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AACxD;;;AE9TA,OAAOC,SAAQ;AAqBR,SAAS,qBACd,WACA,WACoB;AACpB,MAAI,CAAC,aAAa,CAAC,WAAW;AAC5B,WAAO;AAAA,EACT;AAEA,SAAO,GAAG,SAAS,IAAI,SAAS;AAClC;AAKO,SAAS,YAAY,QAA0C;AACpE,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,OAAO,KAAK;AAC5B,QAAM,iBAAiB,QAAQ,QAAQ,GAAG;AAC1C,MAAI,kBAAkB,KAAK,mBAAmB,QAAQ,SAAS,GAAG;AAChE,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,WAAW,QAAQ,MAAM,GAAG,cAAc;AAAA,IAC1C,WAAW,QAAQ,MAAM,iBAAiB,CAAC;AAAA,EAC7C;AACF;AAEA,SAAS,0BAA0B,KAA+C;AAChF,MAAI,CAAC,OAAO,OAAO,QAAQ,UAAU;AACnC,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ;AACd,MACE,OAAO,MAAM,cAAc,YAC3B,OAAO,MAAM,cAAc,YAC3B,CAAC,MAAM,UAAU,KAAK,KACtB,CAAC,MAAM,UAAU,KAAK,GACtB;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,WAAW,MAAM,UAAU,KAAK;AAAA,IAChC,WAAW,MAAM,UAAU,KAAK;AAAA,IAChC,SACE,OAAO,MAAM,YAAY,YAAY,MAAM,QAAQ,KAAK,IACpD,MAAM,QAAQ,KAAK,KACnB,oBAAI,KAAK,GAAE,YAAY;AAAA,EAC/B;AACF;AAGO,SAAS,uBAAuB,aAAsD;AAC3F,MAAI;AACF,UAAM,MAAMC,IAAG,aAAa,0BAA0B,WAAW,GAAG,MAAM;AAC1E,WAAO,0BAA0B,KAAK,MAAM,GAAG,CAAC;AAAA,EAClD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGO,SAAS,uBACd,aACA,aAC0B;AAC1B,QAAM,SAAmC;AAAA,IACvC,SAAS;AAAA,IACT,WAAW,YAAY,UAAU,KAAK;AAAA,IACtC,WAAW,YAAY,UAAU,KAAK;AAAA,IACtC,UAAS,oBAAI,KAAK,GAAE,YAAY;AAAA,EAClC;AACA;AAAA,IACE,0BAA0B,WAAW;AAAA,IACrC,KAAK,UAAU,QAAQ,MAAM,CAAC,IAAI;AAAA,EACpC;AACA,SAAO;AACT;AAGO,SAAS,wBAAwB,aAA2B;AACjE,MAAI;AACF,IAAAA,IAAG,WAAW,0BAA0B,WAAW,CAAC;AAAA,EACtD,QAAQ;AAAA,EAER;AACF;;;ACjHA,OAAO,YAAY;AACnB,OAAOC,SAAQ;AACf,OAAOC,WAAU;AAaV,SAAS,yBAAyB,aAA6B;AACpE,SAAO,yBAAyB,WAAW;AAC7C;AAKO,SAAS,sBAAsB,QASpC;AACA,MAAI,OAAO,SAAS;AAClB,WAAO,EAAE,OAAO,OAAO,SAAS,QAAQ,0BAA0B;AAAA,EACpE;AAEA,MAAI,OAAO,SAAS;AAClB,WAAO,EAAE,OAAO,OAAO,SAAS,QAAQ,8BAA8B;AAAA,EACxE;AAEA,MAAI,OAAO,aAAa;AACtB,WAAO,EAAE,OAAO,OAAO,aAAa,QAAQ,iBAAiB;AAAA,EAC/D;AAEA,QAAM,cAAc,yBAAyB,OAAO,WAAW;AAC/D,MAAIC,IAAG,WAAW,WAAW,KAAK,OAAO,0BAA0B,MAAM;AACvE,WAAO,EAAE,OAAO,aAAa,QAAQ,2BAA2B;AAAA,EAClE;AAEA,SAAO,EAAE,OAAO,QAAW,QAAQ,KAAK;AAC1C;AAKO,SAAS,eAAe,gBAAgC;AAC7D,SAAOA,IAAG,aAAaC,MAAK,QAAQ,cAAc,GAAG,MAAM,EAAE,KAAK;AACpE;AAKO,SAAS,gBAAgB,eAA+B;AAC7D,SAAO,OAAO,gBAAgB,aAAa,EAAE,OAAO;AAAA,IAClD,MAAM;AAAA,IACN,QAAQ;AAAA,EACV,CAAC,EAAE,SAAS;AACd;AAKO,SAAS,iBAAiB,gBAG/B;AACA,QAAM,eAAeA,MAAK,QAAQ,cAAc;AAEhD,MAAID,IAAG,WAAW,YAAY,GAAG;AAC/B,WAAO;AAAA,MACL,eAAe,eAAe,YAAY;AAAA,MAC1C,SAAS;AAAA,IACX;AAAA,EACF;AAEA,QAAM,UAAU,OAAO,oBAAoB,OAAO;AAAA,IAChD,eAAe;AAAA,IACf,mBAAmB;AAAA,MACjB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,IACA,oBAAoB;AAAA,MAClB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,EACF,CAAC;AAED,wBAAsBC,MAAK,QAAQ,YAAY,CAAC;AAChD,kBAAgB,cAAc,QAAQ,WAAW,KAAK,IAAI,IAAI;AAE9D,SAAO;AAAA,IACL,eAAe,QAAQ,WAAW,KAAK;AAAA,IACvC,SAAS;AAAA,EACX;AACF;;;ACtGO,IAAM,0BAA0B;AAChC,IAAM,sBAAsB;AAgBnC,SAAS,iBAAiB,SAAyB;AACjD,SAAO,QAAQ,QAAQ,QAAQ,EAAE;AACnC;AAEA,SAAS,gBAAgB,OAAyB;AAChD,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO,CAAC,KAAK,QAAQ,OAAO,IAAI,EAAE,SAAS,MAAM,KAAK,EAAE,YAAY,CAAC;AACvE;AAMO,SAAS,mBAAmB,SAAkD;AACnF,QAAM,kBAAkB,QAAQ,cAAc,QAAQ,cAAc,QAAQ;AAE5E,MAAI,iBAAiB;AACnB,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,iBAAiB,eAAe,MAAM;AAAA,IACjD;AAAA,EACF;AAEA,QAAM,UACJ,QAAQ,WAAW,QACnB,gBAAgB,QAAQ,MAAM,KAC9B,QAAQ,cAAc;AAExB,SAAO;AAAA,IACL,SAAS,UAAU,sBAAsB;AAAA,IACzC;AAAA,EACF;AACF;AAKO,SAAS,0BACd,MACA,QACqB;AACrB,SAAO,mBAAmB;AAAA,IACxB,YAAY,KAAK;AAAA,IACjB,YAAY,QAAQ,IAAI;AAAA,IACxB,eAAe,OAAO;AAAA,IACtB,QAAQ,KAAK;AAAA,IACb,QAAQ,QAAQ,IAAI;AAAA,IACpB,WAAW,OAAO;AAAA,EACpB,CAAC;AACH;AAOO,SAAS,mCACd,SACA,MACiB;AACjB,QAAM,cAA+B,EAAE,GAAG,QAAQ;AAElD,MAAI,KAAK,SAAS;AAChB,gBAAY,UAAU,KAAK;AAC3B,WAAO,YAAY;AAAA,EACrB,WAAW,KAAK,QAAQ,MAAM;AAC5B,gBAAY,MAAM;AAClB,WAAO,YAAY;AAAA,EACrB,WAAW,KAAK,QAAQ,OAAO;AAC7B,WAAO,YAAY;AACnB,WAAO,YAAY;AAAA,EACrB;AAEA,MAAI,KAAK,WAAW;AAClB,gBAAY,YAAY,KAAK;AAAA,EAC/B;AAEA,MAAI,KAAK,gBAAgB;AACvB,gBAAY,iBAAiB,KAAK;AAAA,EACpC;AAEA,MAAI,KAAK,gBAAgB;AACvB,gBAAY,iBAAiB,KAAK;AAAA,EACpC;AAEA,SAAO;AACT;;;ACxEA,SAAS,cACP,MACA,aACiE;AACjE,MAAI,KAAK,QAAQ;AACf,WAAO;AAAA,MACL,OAAO,KAAK;AAAA,MACZ,QAAQ;AAAA,MACR,oBAAoB;AAAA,IACtB;AAAA,EACF;AAEA,MAAI,QAAQ,IAAI,YAAY;AAC1B,WAAO;AAAA,MACL,OAAO,QAAQ,IAAI;AAAA,MACnB,QAAQ;AAAA,MACR,oBAAoB;AAAA,IACtB;AAAA,EACF;AAEA,QAAM,iBAAiB;AAAA,IACrB,QAAQ,IAAI;AAAA,IACZ,QAAQ,IAAI;AAAA,EACd;AACA,MAAI,gBAAgB;AAClB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,oBAAoB;AAAA,IACtB;AAAA,EACF;AAEA,QAAM,oBAAoB,uBAAuB,WAAW;AAC5D,QAAM,eAAe;AAAA,IACnB,mBAAmB;AAAA,IACnB,mBAAmB;AAAA,EACrB;AACA,MAAI,cAAc;AAChB,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,YAAY,WAAW;AAAA,MAC/B,oBAAoB;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,oBAAoB,QAAQ,QAAQ,IAAI,iBAAiB,QAAQ,IAAI,aAAa;AAAA,EACpF;AACF;AAEA,SAAS,iBACP,MACA,SACoB;AACpB,SAAO,KAAK,aAAa,QAAQ,IAAI,iBAAiB,QAAQ;AAChE;AAEA,SAAS,sBACP,MACA,SACA,aAIA;AACA,MAAI,KAAK,gBAAgB;AACvB,WAAO,EAAE,OAAO,KAAK,gBAAgB,QAAQ,0BAA0B;AAAA,EACzE;AAEA,MAAI,QAAQ,IAAI,qBAAqB;AACnC,WAAO,EAAE,OAAO,QAAQ,IAAI,qBAAqB,QAAQ,8BAA8B;AAAA,EACzF;AAEA,MAAI,QAAQ,gBAAgB;AAC1B,WAAO,EAAE,OAAO,QAAQ,gBAAgB,QAAQ,iBAAiB;AAAA,EACnE;AAEA,SAAO;AAAA,IACL,OAAO,yBAAyB,WAAW;AAAA,IAC3C,QAAQ;AAAA,EACV;AACF;AAMO,SAAS,kBACd,MACA,QAIoB;AACpB,QAAM,aAAa,WAAW;AAC9B,QAAM,cAAc;AAAA,IAClB;AAAA,IACA,KAAK;AAAA,IACL,QAAQ,IAAI;AAAA,EACd;AACA,QAAM,UAAU,iBAAiB,YAAY,WAAW;AACxD,QAAM,cAAc,0BAA0B,MAAM,OAAO;AAE3D,QAAM,SAAS,cAAc,MAAM,WAAW;AAC9C,QAAM,aAAa,sBAAsB;AAAA,IACvC,SAAS,KAAK;AAAA,IACd,SAAS,QAAQ,IAAI;AAAA,IACrB,aAAa,QAAQ;AAAA,IACrB;AAAA,EACF,CAAC;AACD,QAAM,iBAAiB,sBAAsB,MAAM,SAAS,WAAW;AAEvE,MAAI,QAAQ,iBAAiB,CAAC,OAAO,OAAO;AAC1C,UAAM,IAAI;AAAA,MACN,4WAOC,OAAO,qBACJ,mEACA;AAAA,IACR;AAAA,EACF;AAEA,MAAI,QAAQ,qBAAqB,CAAC,WAAW,OAAO;AAClD,UAAM,IAAI;AAAA,MACN;AAAA;AAAA;AAAA;AAAA,kDAImD,sBAAsB;AAAA,QACvE;AAAA,QACA,uBAAuB;AAAA,MACzB,CAAC,EAAE,KAAK;AAAA,IACZ;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ,OAAO;AAAA,IACf,cAAc,OAAO;AAAA,IACrB,SAAS,YAAY;AAAA,IACrB,KAAK,YAAY;AAAA,IACjB,WAAW,iBAAiB,MAAM,OAAO;AAAA,IACzC,gBAAgB,WAAW;AAAA,IAC3B,kBAAkB,WAAW;AAAA,IAC7B,gBAAgB,eAAe;AAAA,IAC/B,kBAAkB,eAAe;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAKO,SAAS,YAAY,MAA+B;AACzD,QAAM,aAAa,kBAAkB,MAAM;AAAA,IACzC,eAAe;AAAA,IACf,mBAAmB;AAAA,EACrB,CAAC;AAED,SAAO;AAAA,IACL,QAAQ,WAAW;AAAA,IACnB,WAAW,WAAW;AAAA,IACtB,SAAS,WAAW;AAAA,IACpB,KAAK,WAAW;AAAA,IAChB,gBAAgB,WAAW;AAAA,IAC3B,gBAAgB,WAAW;AAAA,EAC7B;AACF;;;AV1MA,SAAS,qBAAqB,SAUP;AACrB,MAAI,QAAQ,mBAAmB,CAAC,QAAQ,eAAe;AACrD,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC7E;AAEA,MAAI,QAAQ,iBAAiB,CAAC,QAAQ,iBAAiB;AACrD,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC7E;AAEA,SAAO;AAAA,IACL,MAAM,QAAQ;AAAA,IACd,gBAAgB,QAAQ;AAAA,IACxB,UAAU,QAAQ;AAAA,IAClB,kBAAkB,QAAQ;AAAA,IAC1B,SAAS,QAAQ;AAAA,IACjB,aAAa,QAAQ,WAAW,SAAS,IAAI,QAAQ,aAAa;AAAA,IAClE,WAAW,QAAQ,gBACf;AAAA,MACE,MAAM,QAAQ;AAAA,MACd,aAAa,QAAQ;AAAA,MACrB,QAAQ,OAAO,QAAQ,eAAe;AAAA,IACxC,IACA;AAAA,EACN;AACF;AAGO,SAAS,gBAAyB;AACvC,SAAO,IAAI,QAAQ,QAAQ,EACxB,YAAY,oBAAoB,EAChC,eAAe,iBAAiB,YAAY,EAC5C,eAAe,2BAA2B,yBAAyB,EACnE,OAAO,oBAAoB,8BAA8B,EACzD,OAAO,mBAAmB,2CAA2C,EACrE,OAAO,4BAA4B,0CAA0C,EAC7E,OAAO,mCAAmC,0CAA0C,EACpF,OAAO,gCAAgC,4CAA4C,EACnF;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,MACE,OACE,SAWA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,cAAM,OAAO,qBAAqB,OAAO;AAEzC,cAAM,UAAU,IAAI,mBAAmB,EAAE,MAAM;AAC/C,cAAM,WAAW,MAAM,OAAO,YAAY,IAAI;AAC9C,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,QACF;AAEA,gBAAQ,kBAAkB,SAAS,IAAI,GAAG;AAC1C;AAAA,UACE;AAAA,YACE,CAAC,MAAM,SAAS,EAAE;AAAA,YAClB,CAAC,cAAc,SAAS,SAAS;AAAA,YACjC,CAAC,iBAAiB,SAAS,YAAY;AAAA,YACvC,CAAC,cAAc,SAAS,WAAW;AAAA,UACrC;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACJ;;;AW/GA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,YAAW;AAClB,OAAOC,UAAS;AAQT,SAAS,aAAsB;AACpC,SAAO,IAAIC,SAAQ,KAAK,EACrB,YAAY,mBAAmB,EAC/B,SAAS,QAAQ,UAAU,EAC3B;AAAA,IACC,iBAAiB,OAAO,IAAY,OAAgB,QAAiB;AACnE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,KAAI,mBAAmB,EAAE,MAAM;AAC/C,YAAM,QAAQ,MAAM,OAAO,SAAS,EAAE;AACtC,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAC1C;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ,cAAQ,IAAIC,OAAM,KAAK,KAAK,MAAM,IAAI,EAAE,CAAC;AACzC,cAAQ,IAAI;AAEZ;AAAA,QACE;AAAA,UACE,CAAC,MAAM,MAAM,EAAE;AAAA,UACf,CAAC,UAAU,MAAM,UAAU;AAAA,UAC3B,CAAC,UAAU,MAAM,UAAU;AAAA,UAC3B,CAAC,oBAAoB,MAAM,cAAc;AAAA,UACzC,CAAC,UAAU,MAAM,QAAQ;AAAA,UACzB,CAAC,oBAAoB,MAAM,wBAAwB,QAAQ,IAAI;AAAA,UAC/D,CAAC,cAAc,MAAM,SAAS;AAAA,UAC9B,CAAC,cAAc,MAAM,SAAS;AAAA,UAC9B,CAAC,eAAe,MAAM,UAAU;AAAA,QAClC;AAAA,QACA;AAAA,MACF;AAEA,UAAI,MAAM,eAAe,SAAS,GAAG;AACnC,gBAAQ,IAAI;AACZ,gBAAQ,IAAIA,OAAM,KAAK,mBAAmB,CAAC;AAC3C,gBAAQ,IAAI;AACZ;AAAA,UACE,CAAC,MAAM,MAAM;AAAA,UACb,MAAM,eAAe,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,IAAI,CAAC;AAAA,UAC1D;AAAA,QACF;AAAA,MACF;AAEA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC9DA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;AAQT,SAAS,wBAAiC;AAC/C,SAAO,IAAIC,SAAQ,kBAAkB,EAClC,YAAY,2CAA2C,EACvD,SAAS,QAAQ,UAAU,EAC3B;AAAA,IACC,iBAAiB,OAAO,IAAY,OAAgB,QAAiB;AACnE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,KAAI,gCAAgC,EAAE,MAAM;AAC5D,YAAM,WAAW,MAAM,OAAO,oBAAoB,EAAE;AACpD,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ;AAAA,QACE;AAAA,UACE,CAAC,YAAY,EAAE;AAAA,UACf,CAAC,kBAAkB,SAAS,MAAM,KAAK,IAAI,KAAK,QAAQ;AAAA,UACxD,CAAC,mBAAmB,SAAS,eAAe,KAAK,IAAI,KAAK,QAAQ;AAAA,QACpE;AAAA,QACA;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACxCA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;;;ACDhB,SAAS,WAAAC,gBAAe;AACxB,OAAOC,YAAW;AAClB,OAAOC,UAAS;;;ACFhB,OAAO,QAAQ;AAoDf,SAAS,2BACP,cACoB;AACpB,QAAM,aAAa,cAAc,cAAc,QAAQ,UAAU;AACjE,MAAI,CAAC,cAAc,gBAAgB,eAAe,GAAG;AACnD,WAAO;AAAA,EACT;AAEA,SAAO,aAAa,aAAa,QAAQ,aAAa,CAAC,GAAG;AAC5D;AAEA,SAAS,aAAa,QAAuC;AAC3D,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO;AAAA,EACT;AAEA,QAAM,eAAe,OAAO,MAAM,GAAG,CAAC,EAAE,IAAI,CAAC,UAAU,MAAM,IAAI;AACjE,QAAM,SAAS,OAAO,SAAS,aAAa,SAAS,UAAU;AAC/D,SAAO,GAAG,OAAO,MAAM,iBAAiB,OAAO,WAAW,IAAI,KAAK,GAAG,KAAK,aAAa,KAAK,IAAI,CAAC,GAAG,MAAM;AAC7G;AAEA,SAAS,oBAAoB,OAAyB;AACpD,SACE,iBAAiB,UAChB,MAAM,QAAQ,SAAS,yBAAyB,KAC/C,MAAM,QAAQ,SAAS,gDAAgD;AAE7E;AAEO,SAAS,kBAAkB,QAA+B;AAC/D,SAAO,OAAO,OAAO,KAAK,CAAC,UAAU,MAAM,WAAW,MAAM;AAC9D;AAKA,eAAsB,gBACpB,YACuB;AACvB,QAAM,SAAuB;AAAA,IAC3B,aAAa,WAAW;AAAA,IACxB,SAAS,WAAW;AAAA,IACpB,KAAK,WAAW;AAAA,IAChB,WAAW,WAAW;AAAA,IACtB,gBAAgB,WAAW;AAAA,IAC3B,gBAAgB,WAAW;AAAA,IAC3B,WAAW,WAAW,QAAQ;AAAA,IAC9B,QAAQ,CAAC;AAAA,IACT,QAAQ,CAAC;AAAA,EACX;AAEA,SAAO,OAAO,KAAK;AAAA,IACjB,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ,GAAG,WAAW,OAAO,GAAG,WAAW,MAAM,gBAAgB,EAAE;AAAA,EACrE,CAAC;AAED,MAAI,CAAC,WAAW,QAAQ;AACtB,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,WAAW,YACf,wBAAwB,WAAW,SAAS,MAC5C;AAAA,IACN,CAAC;AACD,WAAO;AAAA,EACT;AAEA,SAAO,OAAO,KAAK;AAAA,IACjB,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ,eAAe,WAAW,YAAY;AAAA,EAChD,CAAC;AAED,SAAO,OAAO,KAAK;AAAA,IACjB,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ,WAAW,YACf,oCAAoC,WAAW,SAAS,MACxD;AAAA,EACN,CAAC;AAED,QAAM,SAAS,IAAI,UAAU,WAAW,QAAQ,WAAW,OAAO;AAClE,MAAI;AACJ,MAAI;AAEJ,MAAI;AACF,sBAAkB,MAAM,OAAO,mBAAmB;AAClD,WAAO,cAAc,gBAAgB,OAAO;AAC5C,WAAO,QAAQ,gBAAgB,IAAI;AACnC,WAAO,UAAU,gBAAgB,IAAI,QAAQ;AAC7C,WAAO,WAAW,gBAAgB,QAAQ,MAAM;AAChD,WAAO,aAAa,gBAAgB,QAAQ,QAAQ;AACpD,WAAO,UAAU,gBAAgB,UAAU,WAAW,WAAW,QAAQ;AACzE,WAAO,YAAY,gBAAgB,OAAO,QAAQ,WAAW,QAAQ;AACrE,WAAO,WAAW,gBAAgB;AAElC,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,GAAG,gBAAgB,OAAO,KAAK,WAAW,gBAAgB,IAAI,QAAQ,gBAAgB,IAAI,EAAE,GAClG,gBAAgB,SAAS,MAAM,gBAAgB,OAAO,QAAQ,gBAAgB,OAAO,EAAE,KAAK,EAC9F,iBAAiB,gBAAgB,OAAO,OAAO;AAAA,IACjD,CAAC;AAAA,EACH,SAAS,OAAO;AACd,WAAO,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAClF,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,+BAA+B,OAAO,mBAAmB;AAAA,IACnE,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,WAAW,gBAAgB;AAC9B,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AAAA,EACH,OAAO;AACL,QAAI;AACF,YAAM,gBAAgB,eAAe,WAAW,cAAc;AAC9D,YAAM,eAAe,gBAAgB,aAAa;AAClD,qBAAe,MAAM,OAAO,uBAAuB,EAAE,WAAW,aAAa,CAAC;AAC9E,aAAO,UACL,OAAO,WACP,2BAA2B,YAAY,KACvC,WAAW,QAAQ;AACrB,aAAO,eAAe;AAAA,QACpB,iBAAiB,aAAa;AAAA,QAC9B,aAAa,aAAa;AAAA,MAC5B;AAEA,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ,UAAU,WAAW,cAAc;AAAA,MAC7C,CAAC;AACD,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ,6BAA6B,aAAa,eAAe;AAAA,MACnE,CAAC;AACD,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ,OAAO,UAAU,SAAS;AAAA,QAClC,QAAQ,OAAO,UACX,SAAS,OAAO,OAAO,GAAG,OAAO,YAAY,KAAK,OAAO,SAAS,MAAM,EAAE,MAC1E;AAAA,MACN,CAAC;AAAA,IACH,SAAS,OAAO;AACd,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ,iBAAiB,WAAW,cAAc;AAAA,MACpD,CAAC;AACD,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,MAC/D,CAAC;AACD,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,SAAgC,CAAC;AACrC,MAAI;AACF,UAAM,WAAW,MAAM,OAAO,WAAW,WAAW,SAAS;AAC7D,aAAS,SAAS;AAClB,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,aAAa,MAAM;AAAA,IAC7B,CAAC;AAAA,EACH,SAAS,OAAO;AACd,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAC/D,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO;AAAA,EACT;AAEA,MAAI,qBAAqB;AACzB,MAAI,mBAAmB;AAEvB,aAAW,SAAS,QAAQ;AAC1B,QAAI;AACF,YAAM,OAAO,mBAAmB,MAAM,EAAE;AACxC,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI,MAAM;AAAA,QACV,MAAM,MAAM;AAAA,QACZ,WAAW,MAAM;AAAA,QACjB,kBAAkB;AAAA,MACpB,CAAC;AAAA,IACH,SAAS,OAAO;AACd,UAAI,oBAAoB,KAAK,GAAG;AAC9B,8BAAsB;AACtB,eAAO,OAAO,KAAK;AAAA,UACjB,IAAI,MAAM;AAAA,UACV,MAAM,MAAM;AAAA,UACZ,WAAW,MAAM;AAAA,UACjB,kBAAkB;AAAA,UAClB,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAC/D,CAAC;AACD;AAAA,MACF;AAEA,0BAAoB;AACpB,aAAO,OAAO,KAAK;AAAA,QACjB,IAAI,MAAM;AAAA,QACV,MAAM,MAAM;AAAA,QACZ,WAAW,MAAM;AAAA,QACjB,kBAAkB;AAAA,QAClB,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,MAC/D,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,mBAAmB,GAAG;AACxB,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,GAAG,gBAAgB,cAAc,qBAAqB,IAAI,KAAK,GAAG;AAAA,IAC5E,CAAC;AAAA,EACH,WAAW,qBAAqB,GAAG;AACjC,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,GAAG,kBAAkB,OAAO,OAAO,MAAM,iBAAiB,OAAO,WAAW,IAAI,KAAK,GAAG;AAAA,IAClG,CAAC;AAAA,EACH,OAAO;AACL,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,oCAAoC,OAAO,MAAM,iBAAiB,OAAO,WAAW,IAAI,KAAK,GAAG;AAAA,IAC1G,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,WAAW,gBAAgB;AAC9B,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AACD,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,KAAK,MAAM,GAAG,OAAO;AAAA,MACzB,QAAQ,WAAW;AAAA,MACnB,SAAS,WAAW;AAAA,MACpB,KAAK,WAAW;AAAA,MAChB,WAAW,WAAW;AAAA,MACtB,gBAAgB,WAAW;AAAA,MAC3B,gBAAgB,WAAW;AAAA,IAC7B,CAAC;AACD,WAAO,cAAc,OAAO,KAAK,GAAG,GAAG,EAAE;AACzC,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,oDAAoD,OAAO,WAAW,WAAW,OAAO,gBAAgB,IAAI,KAAK,GAAG;AAAA,IAC9H,CAAC;AAAA,EACH,SAAS,OAAO;AACd,WAAO,OAAO,KAAK;AAAA,MACjB,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAC/D,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AD7XA,SAAS,aAAa,QAAmC;AACvD,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAOC,OAAM,MAAM,MAAM;AAAA,IAC3B,KAAK;AACH,aAAOA,OAAM,OAAO,MAAM;AAAA,IAC5B,KAAK;AACH,aAAOA,OAAM,IAAI,MAAM;AAAA,IACzB;AACE,aAAOA,OAAM,KAAK,MAAM;AAAA,EAC5B;AACF;AAEO,SAAS,kBAAkB,QAA4B;AAC5D,UAAQ,IAAI;AACZ,UAAQ,IAAIA,OAAM,KAAK,aAAa,CAAC;AACrC,UAAQ,IAAI;AAEZ;AAAA,IACE;AAAA,MACE,CAAC,WAAW,OAAO,WAAW;AAAA,MAC9B,CAAC,YAAY,OAAO,OAAO;AAAA,MAC3B,CAAC,QAAQ,OAAO,MAAM,QAAQ,MAAM;AAAA,MACpC,CAAC,cAAc,OAAO,aAAaA,OAAM,IAAI,WAAW,CAAC;AAAA,MACzD,CAAC,iBAAiB,OAAO,eAAeA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC9D,CAAC,gBAAgB,OAAO,WAAW,OAAO,SAASA,OAAM,IAAI,WAAW,CAAC;AAAA,MACzE,CAAC,UAAU,OAAO,cAAc,OAAO,YAAYA,OAAM,IAAI,aAAa,CAAC;AAAA,MAC3E,CAAC,eAAe,OAAO,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC/D,CAAC,eAAe,OAAO,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC/D,CAAC,YAAY,OAAO,WAAW,OAAO,aAAaA,OAAM,IAAI,WAAW,CAAC;AAAA,IAC3E;AAAA,IACA;AAAA,EACF;AAEA,UAAQ,IAAI;AACZ;AAAA,IACE,CAAC,SAAS,UAAU,QAAQ;AAAA,IAC5B,OAAO,OAAO,IAAI,CAAC,UAAU;AAAA,MAC3B,MAAM;AAAA,MACN,aAAa,MAAM,MAAM;AAAA,MACzB,MAAM;AAAA,IACR,CAAC;AAAA,IACD;AAAA,EACF;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,YAAQ,IAAI;AACZ,YAAQ,IAAIA,OAAM,KAAK,UAAU,CAAC;AAClC,YAAQ,IAAI;AACZ;AAAA,MACE,CAAC,SAAS,SAAS,eAAe,QAAQ;AAAA,MAC1C,OAAO,OAAO,IAAI,CAAC,UAAU;AAAA,QAC3B,MAAM;AAAA,QACN,OAAO,MAAM,SAAS;AAAA,QACtB,MAAM;AAAA,QACN,MAAM,UAAU;AAAA,MAClB,CAAC;AAAA,MACD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,YAAY,OAAO,SAAS,SAAS,GAAG;AACjD,YAAQ,IAAIA,OAAM,OAAO,YAAY,CAAC;AACtC,eAAW,WAAW,OAAO,UAAU;AACrC,cAAQ,IAAIA,OAAM,OAAO,OAAO,OAAO,EAAE,CAAC;AAAA,IAC5C;AACA,YAAQ,IAAI;AAAA,EACd;AAEA,UAAQ,IAAI;AACd;AAKO,SAAS,cACd,cAAc,UACd,cAAc,kFACL;AACT,SAAO,IAAIC,SAAQ,WAAW,EAC3B,YAAY,WAAW,EACvB;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,UAAU;AAE/C,YAAM,UAAUC,KAAI,8BAA8B,EAAE,MAAM;AAC1D,YAAM,SAAS,MAAM,gBAAgB,UAAU;AAC/C,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAC3C,YAAI,kBAAkB,MAAM,GAAG;AAC7B,kBAAQ,WAAW;AAAA,QACrB;AACA;AAAA,MACF;AAEA,wBAAkB,MAAM;AAExB,UAAI,kBAAkB,MAAM,GAAG;AAC7B,gBAAQ,WAAW;AAAA,MACrB;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AEvHA,OAAOC,SAAQ;AACf,OAAOC,WAAU;AAGjB,SAAS,mBAAmB,WAA2B;AACrD,SAAO,UAAU,KAAK,EAAE,YAAY,EAAE,QAAQ,eAAe,EAAE;AACjE;AAEA,SAAS,oBAAoB,OAAuB;AAClD,QAAM,UAAU,MAAM,KAAK;AAC3B,MACG,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,KAC/C,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,GAChD;AACA,WAAO,QAAQ,MAAM,GAAG,EAAE,EAAE,KAAK;AAAA,EACnC;AACA,SAAO;AACT;AAEA,SAAS,iBAAiB,OAAoC;AAC5D,QAAM,aAAa,MAAM,KAAK,EAAE,YAAY;AAC5C,MAAI,CAAC,KAAK,QAAQ,OAAO,MAAM,OAAO,aAAa,EAAE,SAAS,UAAU,GAAG;AACzE,WAAO;AAAA,EACT;AACA,MAAI,CAAC,KAAK,SAAS,MAAM,OAAO,QAAQ,YAAY,EAAE,SAAS,UAAU,GAAG;AAC1E,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,WACP,QACA,WACA,UACM;AACN,QAAM,QAAQ,oBAAoB,QAAQ;AAC1C,MAAI,CAAC,OAAO;AACV;AAAA,EACF;AAEA,QAAM,aAAa,mBAAmB,SAAS;AAE/C,MAAI,CAAC,UAAU,YAAY,eAAe,EAAE,SAAS,UAAU,GAAG;AAChE,WAAO,SAAS;AAChB;AAAA,EACF;AAEA,MAAI,CAAC,aAAa,eAAe,eAAe,UAAU,OAAO,EAAE,SAAS,UAAU,GAAG;AACvF,WAAO,YAAY;AACnB;AAAA,EACF;AAEA,MAAI,CAAC,aAAa,eAAe,UAAU,gBAAgB,iBAAiB,EAAE,SAAS,UAAU,GAAG;AAClG,WAAO,YAAY;AACnB;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,aAAa,UAAU,cAAc,iBAAiB,KAAK,EAAE,SAAS,UAAU,GAAG;AACjG,WAAO,UAAU;AACjB;AAAA,EACF;AAEA,MAAI,CAAC,eAAe,OAAO,mBAAmB,EAAE,SAAS,UAAU,GAAG;AACpE,UAAM,MAAM,iBAAiB,KAAK;AAClC,QAAI,QAAQ,QAAW;AACrB,aAAO,MAAM;AAAA,IACf;AACA;AAAA,EACF;AAEA,MAAI,CAAC,aAAa,eAAe,WAAW,gBAAgB,gBAAgB,EAAE,SAAS,UAAU,GAAG;AAClG,WAAO,YAAY;AACnB;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,aAAa,WAAW,EAAE,SAAS,UAAU,GAAG;AAC9D,WAAO,UAAU;AACjB;AAAA,EACF;AAEA,MAAI,CAAC,aAAa,eAAe,aAAa,EAAE,SAAS,UAAU,GAAG;AACpE,WAAO,YAAY;AAAA,EACrB;AACF;AAEA,SAAS,eAAe,QAAwD;AAC9E,MAAI,CAAC,OAAO,UAAU,OAAO,aAAa,OAAO,WAAW;AAC1D,WAAO,SAAS,GAAG,OAAO,SAAS,IAAI,OAAO,SAAS;AAAA,EACzD;AAEA,SAAO;AACT;AAEA,SAAS,iBAAiB,SAAyC;AACjE,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,QAAM,SAAiC,CAAC;AAExC,QAAM,UAAU,CAAC,MAAM;AAEvB,aAAW,OAAO,CAAC,eAAe,SAAS,GAAG;AAC5C,UAAM,SAAS,OAAO,GAAG;AACzB,QAAI,UAAU,OAAO,WAAW,UAAU;AACxC,cAAQ,KAAK,MAAiC;AAAA,IAChD;AAAA,EACF;AAEA,aAAW,UAAU,SAAS;AAC5B,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,UAAI,OAAO,UAAU,UAAU;AAC7B,mBAAW,QAAQ,KAAK,KAAK;AAAA,MAC/B,WAAW,OAAO,UAAU,WAAW;AACrC,mBAAW,QAAQ,KAAK,OAAO,KAAK,CAAC;AAAA,MACvC;AAAA,IACF;AAAA,EACF;AAEA,SAAO,eAAe,MAAM;AAC9B;AAEA,SAAS,gBAAgB,SAAyC;AAChE,QAAM,SAAiC,CAAC;AACxC,aAAW,WAAW,QAAQ,MAAM,OAAO,GAAG;AAC5C,UAAM,OAAO,QAAQ,KAAK;AAC1B,QAAI,CAAC,QAAQ,KAAK,WAAW,GAAG,GAAG;AACjC;AAAA,IACF;AAEA,UAAM,iBAAiB,KAAK,QAAQ,GAAG;AACvC,QAAI,mBAAmB,IAAI;AACzB;AAAA,IACF;AAEA,UAAM,MAAM,KAAK,MAAM,GAAG,cAAc,EAAE,KAAK;AAC/C,UAAM,QAAQ,KAAK,MAAM,iBAAiB,CAAC,EAAE,KAAK;AAClD,eAAW,QAAQ,KAAK,KAAK;AAAA,EAC/B;AAEA,SAAO,eAAe,MAAM;AAC9B;AAEA,SAAS,aAAa,MAAwB;AAC5C,QAAM,QAAkB,CAAC;AACzB,MAAI,UAAU;AACd,MAAI,WAAW;AAEf,WAAS,QAAQ,GAAG,QAAQ,KAAK,QAAQ,SAAS,GAAG;AACnD,UAAM,YAAY,KAAK,KAAK;AAE5B,QAAI,cAAc,KAAK;AACrB,YAAM,gBAAgB,KAAK,QAAQ,CAAC;AACpC,UAAI,YAAY,kBAAkB,KAAK;AACrC,mBAAW;AACX,iBAAS;AAAA,MACX,OAAO;AACL,mBAAW,CAAC;AAAA,MACd;AACA;AAAA,IACF;AAEA,QAAI,cAAc,OAAO,CAAC,UAAU;AAClC,YAAM,KAAK,QAAQ,KAAK,CAAC;AACzB,gBAAU;AACV;AAAA,IACF;AAEA,eAAW;AAAA,EACb;AAEA,QAAM,KAAK,QAAQ,KAAK,CAAC;AACzB,SAAO;AACT;AAEA,SAAS,sBAAsB,QAA0C;AACvE,QAAM,SAAiC,CAAC;AAExC,MAAI,OAAO,UAAU,GAAG;AACtB,WAAO,YAAY,oBAAoB,OAAO,CAAC,KAAK,EAAE;AAAA,EACxD;AACA,MAAI,OAAO,UAAU,GAAG;AACtB,WAAO,YAAY,oBAAoB,OAAO,CAAC,KAAK,EAAE;AAAA,EACxD;AACA,MAAI,OAAO,UAAU,GAAG;AACtB,UAAM,aAAa,oBAAoB,OAAO,CAAC,KAAK,EAAE;AACtD,QAAI,WAAW,WAAW,SAAS,KAAK,WAAW,WAAW,UAAU,GAAG;AACzE,aAAO,UAAU;AAAA,IACnB,WAAW,YAAY;AACrB,aAAO,YAAY;AAAA,IACrB;AAAA,EACF;AACA,MAAI,OAAO,UAAU,GAAG;AACtB,UAAM,cAAc,oBAAoB,OAAO,CAAC,KAAK,EAAE;AACvD,QAAI,CAAC,OAAO,WAAW;AACrB,aAAO,YAAY;AAAA,IACrB,WAAW,CAAC,OAAO,SAAS;AAC1B,aAAO,UAAU;AAAA,IACnB;AAAA,EACF;AAEA,SAAO,eAAe,MAAM;AAC9B;AAEA,SAAS,gBAAgB,SAAyC;AAChE,QAAM,QAAQ,QACX,MAAM,OAAO,EACb,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC;AAEnC,MAAI,MAAM,WAAW,GAAG;AACtB,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,WAAW,aAAa,MAAM,CAAC,KAAK,EAAE;AAC5C,QAAM,eAAe,SAAS,IAAI,kBAAkB;AACpD,QAAM,kBAAkB,aAAa;AAAA,IAAK,CAAC,WACzC;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,EAAE,SAAS,MAAM;AAAA,EACnB;AAEA,MAAI,CAAC,iBAAiB;AACpB,WAAO,sBAAsB,QAAQ;AAAA,EACvC;AAEA,QAAM,UAAU,MAAM,MAAM,CAAC,EAAE,KAAK,CAAC,SAAS,KAAK,KAAK,EAAE,SAAS,CAAC;AACpE,MAAI,CAAC,SAAS;AACZ,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,SAAS,aAAa,OAAO;AACnC,QAAM,SAAiC,CAAC;AAExC,aAAW,CAAC,OAAO,MAAM,KAAK,SAAS,QAAQ,GAAG;AAChD,eAAW,QAAQ,QAAQ,OAAO,KAAK,KAAK,EAAE;AAAA,EAChD;AAEA,SAAO,eAAe,MAAM;AAC9B;AAEA,SAAS,sBAAsB,SAAyC;AACtE,QAAM,UAAU,QAAQ,KAAK;AAC7B,MAAI,CAAC,SAAS;AACZ,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,QAAQ,SAAS,GAAG,KAAK,CAAC,KAAK,KAAK,OAAO,GAAG;AAChD,WAAO,EAAE,QAAQ,QAAQ;AAAA,EAC3B;AAEA,QAAM,cAAc,aAAa,OAAO;AACxC,MAAI,YAAY,UAAU,GAAG;AAC3B,WAAO,sBAAsB,WAAW;AAAA,EAC1C;AAEA,SAAO,CAAC;AACV;AAWO,SAAS,qBAAqB,qBAAqD;AACxF,QAAM,eAAeA,MAAK,QAAQ,mBAAmB;AACrD,QAAM,UAAUD,IAAG,aAAa,cAAc,MAAM;AACpD,QAAM,YAAYC,MAAK,QAAQ,YAAY,EAAE,YAAY;AAEzD,MAAI,cAAc,SAAS;AACzB,WAAO,iBAAiB,OAAO;AAAA,EACjC;AAEA,MAAI,cAAc,QAAQ;AACxB,WAAO,gBAAgB,OAAO;AAAA,EAChC;AAEA,MAAI,cAAc,QAAQ;AACxB,WAAO,gBAAgB,OAAO;AAAA,EAChC;AAEA,MAAI,QAAQ,SAAS,GAAG,KAAK,CAAC,QAAQ,KAAK,EAAE,WAAW,GAAG,GAAG;AAC5D,WAAO,gBAAgB,OAAO;AAAA,EAChC;AAEA,MAAI,QAAQ,SAAS,GAAG,KAAK,QAAQ,SAAS,IAAI,GAAG;AACnD,UAAM,YAAY,gBAAgB,OAAO;AACzC,QAAI,UAAU,UAAU,UAAU,aAAa,UAAU,WAAW;AAClE,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,QAAQ,KAAK,EAAE,WAAW,GAAG,GAAG;AAClC,WAAO,iBAAiB,OAAO;AAAA,EACjC;AAEA,SAAO,sBAAsB,OAAO;AACtC;;;AC1SA,SAAS,iBAAiB,UAAyD;AACjF,MAAI,SAAS,OAAO,MAAM,SAAS,UAAU,SAAS;AACpD,WAAO;AAAA,EACT;AACA,MAAI,SAAS,UAAU,WAAW;AAChC,WAAO;AAAA,EACT;AACA,MAAI,SAAS,UAAU,WAAW;AAChC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAGO,SAAS,kBACd,UAGQ;AACR,MAAI,oBAAoB,YAAY,SAAS,gBAAgB;AAC3D,WAAO,SAAS;AAAA,EAClB;AAEA,MAAI,WAAW,UAAU;AACvB,QAAI,SAAS,OAAO,MAAM;AACxB,aAAO,SAAS,MAAM;AAAA,IACxB;AACA,QAAI,SAAS,UAAU,SAAS;AAC9B,aAAO,SAAS,UAAU;AAAA,IAC5B;AACA,QAAI,SAAS,UAAU,WAAW;AAChC,aAAO,YAAY,SAAS,UAAU,SAAS;AAAA,IACjD;AACA,QAAI,SAAS,UAAU,WAAW;AAChC,aAAO,WAAW,SAAS,UAAU,SAAS;AAAA,IAChD;AACA,WAAO,SAAS,OAAO;AAAA,EACzB;AAEA,MAAI,SAAS,aAAa;AACxB,WAAO,SAAS;AAAA,EAClB;AAEA,SAAO,SAAS,cAAc;AAChC;AAGO,SAAS,mBACd,UACwB;AACxB,QAAM,gBAAgB,iBAAiB,QAAQ;AAC/C,QAAM,cACJ,SAAS,OAAO,MAChB,SAAS,UAAU,WACnB,SAAS,UAAU,aACnB,SAAS,UAAU,aACnB;AAEF,SAAO;AAAA,IACL,UAAU,SAAS,OAAO;AAAA,IAC1B,YAAY,SAAS,OAAO;AAAA,IAC5B,aAAa,SAAS,OAAO;AAAA,IAC7B,eAAe,SAAS,OAAO;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,gBAAgB,kBAAkB,QAAQ;AAAA,IAC1C,OAAO,SAAS,IAAI;AAAA,IACpB,SAAS,SAAS,IAAI,QAAQ,SAAS,IAAI;AAAA,IAC3C,UAAU,SAAS,QAAQ;AAAA,IAC3B,YAAY,SAAS,QAAQ,QAAQ,SAAS,QAAQ;AAAA,IACtD,aAAa,SAAS,QAAQ;AAAA,IAC9B,WAAW,SAAS,QAAQ;AAAA,IAC5B,iBAAgB,oBAAI,KAAK,GAAE,YAAY;AAAA,EACzC;AACF;AAGO,SAAS,uBACd,SACA,UACiB;AACjB,QAAM,cAA+B;AAAA,IACnC,GAAG;AAAA,IACH,UAAU,mBAAmB,QAAQ;AAAA,EACvC;AAEA,MAAI,SAAS,OAAO,MAAM,SAAS,UAAU,SAAS;AACpD,gBAAY,UAAU,SAAS,OAAO,MAAM,SAAS,UAAU,WAAW;AAC1E,gBAAY,YAAY,SAAS,OAAO,QAAQ,YAAY;AAAA,EAC9D,OAAO;AACL,WAAO,YAAY;AACnB,WAAO,YAAY;AAAA,EACrB;AAEA,SAAO;AACT;;;ACrFO,SAAS,iBACd,aACA,SACiB;AACjB,QAAM,cAAc,EAAE,GAAG,QAAQ;AACjC,QAAM,SAAS,WAAW;AAC1B;AAAA,IACE,kBAAkB,cAAc,QAAQ,aAAa,WAAW,GAAG,WAAW;AAAA,EAChF;AACA,SAAO;AACT;AAKO,SAAS,kBAAkB,aAAqB,QAAsB;AAC3E,QAAM,QAAQ,YAAY,MAAM;AAChC,MAAI,OAAO;AACT,2BAAuB,aAAa,KAAK;AACzC;AAAA,EACF;AAEA,QAAM,IAAI,MAAM,8CAA8C;AAChE;AAKO,SAAS,qBACd,aACA,UACiB;AACjB,QAAM,SAAS,WAAW;AAC1B,QAAM,iBAAiB,iBAAiB,QAAQ,WAAW;AAC3D,QAAM,cAAc,uBAAuB,gBAAgB,QAAQ;AACnE,aAAW,cAAc,QAAQ,aAAa,WAAW,CAAC;AAC1D,SAAO;AACT;;;ACtDA,OAAO,cAAc;AACrB,SAAS,gBAAgB;AAczB,IAAM,gBAAN,cAA4B,SAAS;AAAA,EACnC,QAAQ;AAAA,EAER,OAAO,OAAwB,WAA2B,UAA4B;AACpF,QAAI,CAAC,KAAK,OAAO;AACf,cAAQ,OAAO,MAAM,KAAK;AAAA,IAC5B;AACA,aAAS;AAAA,EACX;AACF;AAGA,eAAsB,WACpB,UACA,UAA6B,CAAC,GACb;AACjB,QAAM,SAAS,IAAI,cAAc;AACjC,QAAM,eAAe,QAAQ,eAAe,KAAK,QAAQ,YAAY,MAAM;AAC3E,QAAM,QAAQ,GAAG,QAAQ,GAAG,YAAY;AAExC,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,UAAM,KAAK,SAAS,gBAAgB;AAAA,MAClC,OAAO,QAAQ;AAAA,MACf;AAAA,MACA,UAAU;AAAA,IACZ,CAAC;AAED,UAAM,eAAe,CAAC,cAAsB;AAC1C,YAAM,SAAS,UAAU,KAAK,KAAK,QAAQ,gBAAgB;AAC3D,UAAI,QAAQ,aAAa,SAAS,CAAC,QAAQ;AACzC,WAAG,MAAM;AACT,aAAK,WAAW,UAAU,OAAO,EAAE,KAAK,OAAO;AAC/C;AAAA,MACF;AAEA,SAAG,MAAM;AACT,cAAQ,MAAM;AAAA,IAChB;AAEA,QAAI,QAAQ,QAAQ;AAClB,cAAQ,OAAO,MAAM,KAAK;AAC1B,aAAO,QAAQ;AACf,SAAG,SAAS,IAAI,CAAC,WAAW;AAC1B,eAAO,QAAQ;AACf,gBAAQ,OAAO,MAAM,IAAI;AACzB,qBAAa,MAAM;AAAA,MACrB,CAAC;AACD;AAAA,IACF;AAEA,OAAG,SAAS,OAAO,YAAY;AAAA,EACjC,CAAC;AACH;AAoBA,eAAsB,aACpB,UACA,SACA,cACY;AACZ,UAAQ,IAAI;AACZ,UAAQ,IAAI,KAAK,QAAQ,EAAE;AAC3B,UAAQ,QAAQ,CAAC,QAAQ,UAAU;AACjC,UAAM,SAAS,OAAO,cAAc,IAAI,OAAO,WAAW,KAAK;AAC/D,YAAQ,IAAI,KAAK,QAAQ,CAAC,KAAK,OAAO,KAAK,GAAG,MAAM,EAAE;AAAA,EACxD,CAAC;AAED,QAAM,eACJ,iBAAiB,SACb,KAAK;AAAA,IACH,QAAQ,UAAU,CAAC,WAAW,OAAO,UAAU,YAAY;AAAA,IAC3D;AAAA,EACF,IAAI,IACJ;AAEN,SAAO,MAAM;AACX,UAAM,SAAS,MAAM,WAAW,oBAAoB;AAAA,MAClD,cAAc,OAAO,YAAY;AAAA,IACnC,CAAC;AACD,UAAM,eAAe,OAAO,SAAS,QAAQ,EAAE;AAC/C,UAAM,mBACJ,OAAO,UAAU,YAAY,KAAK,gBAAgB,KAAK,gBAAgB,QAAQ,SAC3E,QAAQ,eAAe,CAAC,IACxB;AACN,QAAI,kBAAkB;AACpB,aAAO,iBAAiB;AAAA,IAC1B;AAEA,UAAM,kBAAkB,QAAQ,KAAK,CAAC,WAAW,OAAO,UAAU,MAAM;AACxE,QAAI,iBAAiB;AACnB,aAAO,gBAAgB;AAAA,IACzB;AAAA,EACF;AACF;;;ANpFA,SAAS,WAAW,QAIG;AACrB,QAAM,aAAa,OAAO,cAAc,QAAQ,UAAU;AAC1D,MAAI,CAAC,OAAO,gBAAgB,eAAe,GAAG;AAC5C,WAAO;AAAA,EACT;AAEA,SAAO,OAAO,aAAa,QAAQ,aAAa,CAAC,GAAG;AACtD;AAEA,SAAS,+BACP,SACA,QACA,YACA,gBACiB;AACjB,MAAI,cAA+B,EAAE,GAAG,QAAQ;AAEhD,MAAI,CAAC,WAAW,WAAW,WAAW,QAAQ,MAAM;AAClD,QAAI,OAAO,SAAS;AAClB,kBAAY,UAAU,OAAO;AAC7B,aAAO,YAAY;AAAA,IACrB,WAAW,OAAO,QAAQ,MAAM;AAC9B,kBAAY,MAAM;AAClB,aAAO,YAAY;AAAA,IACrB,WAAW,OAAO,QAAQ,OAAO;AAC/B,aAAO,YAAY;AAAA,IACrB;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,aAAa,OAAO,WAAW;AAC7C,gBAAY,YAAY,OAAO;AAAA,EACjC;AAEA,MAAI,OAAO,SAAS;AAClB,gBAAY,UAAU,OAAO;AAAA,EAC/B;AAEA,MAAI,OAAO,WAAW;AACpB,gBAAY,YAAY,OAAO;AAAA,EACjC;AAEA,cAAY,iBAAiB;AAE7B,gBAAc,mCAAmC,aAAa,UAAU;AACxE,SAAO;AACT;AAGO,SAAS,cAAuB;AACrC,SAAO,IAAIC,SAAQ,MAAM,EACtB,YAAY,wFAAwF,EACpG;AAAA,IACC;AAAA,IACA;AAAA,EACF,EACC;AAAA,IACC;AAAA,MACE,OACE,MAGA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,WAAW;AAC1B,cAAM,cAAc;AAAA,UAClB;AAAA,UACA,WAAW;AAAA,UACX,QAAQ,IAAI;AAAA,QACd;AACA,cAAM,kBAAkB,iBAAiB,QAAQ,WAAW;AAC5D,cAAM,SAAS,KAAK,kBAChB,qBAAqB,KAAK,eAAe,IACzC,CAAC;AACL,cAAM,oBAAoB,uBAAuB,WAAW;AAE5D,YAAI,SACF,WAAW,UACX,QAAQ,IAAI,cACZ;AAAA,UACE,QAAQ,IAAI;AAAA,UACZ,QAAQ,IAAI;AAAA,QACd,KACA,OAAO,UACP;AAAA,UACE,mBAAmB;AAAA,UACnB,mBAAmB;AAAA,QACrB;AAEF,YAAI,CAAC,QAAQ;AACX,mBAAS,MAAM,WAAW,yBAAyB;AAAA,YACjD,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAEA,YAAI,CAAC,QAAQ;AACX,gBAAM,IAAI,MAAM,sBAAsB;AAAA,QACxC;AAEA,YAAI,CAAC,OAAO,SAAS,GAAG,GAAG;AACzB,eAAK,gDAAgD;AAAA,QACvD;AAEA,YAAI,WAAW,WAAW,WAAW,KAAK;AACxC,eAAK,qFAAqF;AAAA,QAC5F;AAEA,cAAM,iBACJ,sBAAsB;AAAA,UACpB,SAAS,WAAW;AAAA,UACpB,SAAS,QAAQ,IAAI;AAAA,UACrB,aAAa,gBAAgB;AAAA,UAC7B;AAAA,UACA,uBAAuB;AAAA,QACzB,CAAC,EAAE;AAEL,YAAI,CAAC,gBAAgB;AACnB,gBAAM,IAAI,MAAM,iEAAiE;AAAA,QACnF;AAEA,cAAM,aAAaC,KAAI,4CAA4C,EAAE,MAAM;AAC3E,cAAM,EAAE,eAAe,QAAQ,IAAI,iBAAiB,cAAc;AAClE,mBAAW,KAAK;AAEhB,cAAM,eAAe,gBAAgB,aAAa;AAClD,cAAM,cAAc;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAEA,cAAM,cAAc,0BAA0B,YAAY,WAAW;AACrE,cAAM,SAAS,IAAI,UAAU,QAAQ,YAAY,OAAO;AAExD,cAAM,kBAAkBA,KAAI,qCAAqC,EAAE,MAAM;AACzE,cAAM,eAAe,MAAM,OAAO,uBAAuB;AAAA,UACvD,WAAW;AAAA,QACb,CAAC;AACD,wBAAgB,KAAK;AAErB,cAAM,eAAgC;AAAA,UACpC,GAAG;AAAA,UACH,SAAS,WAAW,YAAY,KAAK,YAAY;AAAA,QACnD;AAEA,0BAAkB,aAAa,MAAM;AACrC,yBAAiB,aAAa,YAAY;AAE1C;AAAA,UACE,UACI,8BAA8B,cAAc,KAC5C,sCAAsC,cAAc;AAAA,QAC1D;AACA,gBAAQ,kBAAkB,WAAW,2BAA2B;AAEhE,cAAM,mBAAmB;AAAA,UACvB,EAAE,GAAG,YAAY,SAAS,YAAY;AAAA,UACtC,EAAE,eAAe,MAAM,mBAAmB,KAAK;AAAA,QACjD;AACA,cAAM,gBAAgBA,KAAI,0BAA0B,EAAE,MAAM;AAC5D,cAAM,SAAS,MAAM,gBAAgB,gBAAgB;AACrD,sBAAc,KAAK;AAEnB,0BAAkB,MAAM;AAExB,YAAI;AACF,gBAAM,WAAW,MAAM,OAAO,mBAAmB;AACjD,+BAAqB,aAAa,QAAQ;AAAA,QAC5C,QAAQ;AAAA,QAER;AAEA,YAAI,kBAAkB,MAAM,GAAG;AAC7B,gBAAM,IAAI;AAAA,YACR;AAAA,UACF;AAAA,QACF;AAEA;AAAA,UACE,kBAAkB,WAAW,kBAAkB,YAAY,UAAU,QAAQ,MAAM;AAAA,QACrF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACJ;;;AOtOA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;AAQT,SAAS,cAAuB;AACrC,SAAO,IAAIC,SAAQ,MAAM,EACtB,YAAY,qBAAqB,EACjC;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,KAAI,oBAAoB,EAAE,MAAM;AAChD,YAAM,WAAW,MAAM,OAAO,WAAW;AACzC,cAAQ,KAAK;AAEb,YAAM,OAAO,SAAS,OAAO,IAAI,CAAC,UAAU;AAAA,QAC1C,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM,YAAY;AAAA,QAClB,MAAM,wBAAwB,QAAQ;AAAA,QACtC,MAAM,eAAe,IAAI,CAAC,UAAU,MAAM,IAAI,EAAE,KAAK,IAAI,KAAK;AAAA,MAChE,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,UAAU,UAAU,UAAU,aAAa,iBAAiB;AAAA,QAC3E;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,SAAS;AAAA,MACX;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC1CA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;AAST,SAAS,wBAAiC;AAC/C,SAAO,IAAIC,SAAQ,kBAAkB,EAClC,YAAY,+CAA+C,EAC3D,SAAS,QAAQ,UAAU,EAC3B;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC,OAAO,WAAW,kCAAkC,EACpD;AAAA,IACC;AAAA,MACE,OACE,IACA,SACA,QACG;AACH,YAAI,CAAC,QAAQ,SAAS,QAAQ,KAAK,WAAW,GAAG;AAC/C,gBAAM,IAAI,MAAM,6CAA6C;AAAA,QAC/D;AAEA,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,KAAI,gCAAgC,EAAE,MAAM;AAC5D,cAAM,OAAO,uBAAuB,IAAI;AAAA,UACtC,OAAO,QAAQ,QAAQ,CAAC,IAAI,QAAQ;AAAA,QACtC,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,IAAI,OAAO,QAAQ,QAAQ,CAAC,IAAI,QAAQ,KAAK,GAAG,MAAM,CAAC,CAAC;AACrF;AAAA,QACF;AAEA,gBAAQ,kCAAkC,EAAE,EAAE;AAAA,MAChD;AAAA,IACF;AAAA,EACF;AACJ;;;ACnDA,SAAS,WAAAC,gBAAe;AACxB,OAAOC,UAAS;AAQhB,SAAS,qBAAqB,SAMP;AACrB,MAAI,QAAQ,eAAe,QAAQ,UAAU;AAC3C,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,MAAI,QAAQ,uBAAuB,QAAQ,gBAAgB,SAAS,GAAG;AACrE,UAAM,IAAI,MAAM,sEAAsE;AAAA,EACxF;AAEA,QAAM,OAA2B,CAAC;AAElC,MAAI,QAAQ,MAAM;AAChB,SAAK,OAAO,QAAQ;AAAA,EACtB;AAEA,MAAI,QAAQ,aAAa;AACvB,SAAK,WAAW;AAAA,EAClB,WAAW,QAAQ,UAAU;AAC3B,SAAK,WAAW,QAAQ;AAAA,EAC1B;AAEA,MAAI,QAAQ,qBAAqB;AAC/B,SAAK,mBAAmB,CAAC;AAAA,EAC3B,WAAW,QAAQ,gBAAgB,SAAS,GAAG;AAC7C,SAAK,mBAAmB,QAAQ;AAAA,EAClC;AAEA,MAAI,OAAO,KAAK,IAAI,EAAE,WAAW,GAAG;AAClC,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC9C;AAEA,SAAO;AACT;AAGO,SAAS,gBAAyB;AACvC,SAAO,IAAIC,SAAQ,QAAQ,EACxB,YAAY,0BAA0B,EACtC,SAAS,QAAQ,UAAU,EAC3B,OAAO,iBAAiB,gBAAgB,EACxC,OAAO,oBAAoB,qBAAqB,EAChD,OAAO,kBAAkB,4BAA4B,EACrD;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC,OAAO,2BAA2B,uCAAuC,EACzE;AAAA,IACC;AAAA,MACE,OACE,IACA,SAOA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,cAAM,OAAO,qBAAqB,OAAO;AAEzC,cAAM,UAAUC,KAAI,mBAAmB,EAAE,MAAM;AAC/C,cAAM,OAAO,YAAY,IAAI,IAAI;AACjC,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,IAAI,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAC1D;AAAA,QACF;AAEA,gBAAQ,iBAAiB,EAAE,EAAE;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AACJ;;;ACrFO,SAAS,sBAAsBC,UAAwB;AAC5D,QAAM,QAAQA,SAAQ,QAAQ,OAAO,EAAE,YAAY,gDAAgD;AAEnG,QAAM,WAAW,YAAY,CAAC;AAC9B,QAAM,WAAW,WAAW,CAAC;AAC7B,QAAM,WAAW,cAAc,CAAC;AAChC,QAAM,WAAW,cAAc,CAAC;AAChC,QAAM,WAAW,sBAAsB,CAAC;AACxC,QAAM,WAAW,sBAAsB,CAAC;AACxC,QAAM,WAAW,YAAY,CAAC;AAChC;;;ACjBO,SAAS,kBAAkB;AAChC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;;;ACRA,SAAS,WAAAC,gBAAe;AAmBxB,SAASC,gCACP,SACA,QACA,YACiB;AACjB,MAAI,cAAc,EAAE,GAAG,QAAQ;AAE/B,MAAI,CAAC,WAAW,WAAW,WAAW,QAAQ,MAAM;AAClD,QAAI,OAAO,SAAS;AAClB,kBAAY,UAAU,OAAO;AAC7B,aAAO,YAAY;AAAA,IACrB,WAAW,OAAO,QAAQ,MAAM;AAC9B,kBAAY,MAAM;AAClB,aAAO,YAAY;AAAA,IACrB,WAAW,OAAO,QAAQ,OAAO;AAC/B,aAAO,YAAY;AAAA,IACrB;AAAA,EACF;AAEA,MAAI,CAAC,WAAW,aAAa,OAAO,WAAW;AAC7C,gBAAY,YAAY,OAAO;AAAA,EACjC;AAEA,MAAI,OAAO,SAAS;AAClB,gBAAY,UAAU,OAAO;AAAA,EAC/B;AAEA,MAAI,OAAO,WAAW;AACpB,gBAAY,YAAY,OAAO;AAAA,EACjC;AAEA,SAAO,mCAAmC,aAAa,UAAU;AACnE;AAGO,SAAS,eAAwB;AACtC,SAAO,IAAIC,SAAQ,OAAO,EACvB,YAAY,kEAAkE,EAC9E;AAAA,IACC;AAAA,IACA;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYF,EACC;AAAA,IACC;AAAA,MACE,OACE,MAGA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,WAAW;AAC1B,cAAM,cAAc;AAAA,UAClB;AAAA,UACA,WAAW;AAAA,UACX,QAAQ,IAAI;AAAA,QACd;AACA,cAAM,kBAAkB,iBAAiB,QAAQ,WAAW;AAC5D,cAAM,SAAS,KAAK,kBAChB,qBAAqB,KAAK,eAAe,IACzC,CAAC;AACL,cAAM,oBAAoB,uBAAuB,WAAW;AAE5D,YAAI,SACF,WAAW,UACX,QAAQ,IAAI,cACZ;AAAA,UACE,QAAQ,IAAI;AAAA,UACZ,QAAQ,IAAI;AAAA,QACd,KACA,OAAO,UACP;AAAA,UACE,mBAAmB;AAAA,UACnB,mBAAmB;AAAA,QACrB;AAEF,YAAI,CAAC,QAAQ;AACX,mBAAS,MAAM,WAAW,yBAAyB;AAAA,YACjD,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAEA,YAAI,CAAC,QAAQ;AACX,gBAAM,IAAI,MAAM,sBAAsB;AAAA,QACxC;AAEA,YAAI,CAAC,OAAO,SAAS,GAAG,GAAG;AACzB,eAAK,gDAAgD;AAAA,QACvD;AAEA,YAAI,WAAW,WAAW,WAAW,KAAK;AACxC,eAAK,qFAAqF;AAAA,QAC5F;AAEA,cAAM,cAAcD;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAEA,0BAAkB,aAAa,MAAM;AACrC,yBAAiB,aAAa,WAAW;AACzC,gBAAQ,kBAAkB,WAAW,QAAQ,cAAc,CAAC,EAAE;AAAA,MAChE;AAAA,IACF;AAAA,EACF;AACJ;;;AC5IA,SAAS,WAAAE,iBAAe;AAiBjB,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,kDAAkD,EAC9D,OAAO,SAAS,uDAAuD,EACvE;AAAA,IACC,iBAAiB,OAAO,MAAyB,QAAiB;AAChE,UAAI,KAAK,KAAK;AACZ,cAAMC,UAAS,WAAW;AAC1B,mBAAWC,gBAAe,gBAAgBD,OAAM,GAAG;AACjD,kCAAwBC,YAAW;AACnC,uCAA6BA,YAAW;AAAA,QAC1C;AACA,oBAAY;AACZ,gBAAQ,mCAAmC,cAAc,CAAC,EAAE;AAC5D;AAAA,MACF;AAEA,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,WAAW;AAC1B,YAAM,cAAc;AAAA,QAClB;AAAA,QACA,WAAW;AAAA,QACX,QAAQ,IAAI;AAAA,MACd;AAEA,UAAI,CAAC,OAAO,SAAS,WAAW,GAAG;AACjC,cAAM,IAAI,MAAM,YAAY,WAAW,mBAAmB;AAAA,MAC5D;AAEA,UAAI,OAAO,KAAK,OAAO,QAAQ,EAAE,WAAW,GAAG;AAC7C,oBAAY;AAAA,MACd,OAAO;AACL,cAAM,aAAa,cAAc,QAAQ,WAAW;AACpD,mBAAW,UAAU;AAAA,MACvB;AACA,8BAAwB,WAAW;AACnC,mCAA6B,WAAW;AAExC,cAAQ,oBAAoB,WAAW,UAAU,cAAc,CAAC,EAAE;AAAA,IACpE,CAAC;AAAA,EACH;AACJ;;;AC1DA,SAAS,WAAAC,iBAAe;;;ACAxB,OAAOC,aAAY;AAuCZ,IAAM,mBAAN,MAAuB;AAAA,EACX;AAAA,EAEjB,YAAY,SAAiB;AAC3B,SAAK,UAAU,QAAQ,QAAQ,OAAO,EAAE;AAAA,EAC1C;AAAA,EAEA,MAAc,QAAWC,OAAc,MAA4B;AACjE,UAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,GAAGA,KAAI,IAAI;AAAA,MACrD,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,oBAAoB;AAAA,MACtB;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,YAAa,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACzD,YAAM,QAAQ,WAAW;AACzB,YAAM,eAAe,OAAO,WAAW,QAAQ,SAAS,MAAM,KAAK,SAAS,UAAU;AACtF,YAAM,IAAI,MAAM,OAAO,YAAY,CAAC;AAAA,IACtC;AAEA,WAAO,SAAS,KAAK;AAAA,EACvB;AAAA;AAAA,EAGA,MAAM,oBAAqD;AACzD,WAAO,KAAK,QAAgC,mCAAmC;AAAA,EACjF;AAAA;AAAA,EAGA,MAAM,cAAc,MAAyD;AAC3E,WAAO,KAAK,QAA+B,oCAAoC,IAAI;AAAA,EACrF;AACF;AAGO,SAAS,oBAAoB,OAAuB;AACzD,SAAOD,QAAO,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AAC/D;;;AC3CA,eAAsB,qBACpB,QACqC;AACrC,QAAM,aAAa,iBAAiB,OAAO,cAAc;AACzD,QAAM,iBAAiB,yBAAyB,OAAO,WAAW;AAClE,QAAM,aAAa,IAAI,iBAAiB,OAAO,OAAO;AACtD,QAAM,YAAY,MAAM,WAAW,kBAAkB;AACrD,QAAM,eAAe,MAAM,WAAW,cAAc;AAAA,IAClD,MAAM,OAAO;AAAA,IACb,SAAS,OAAO,WAAW,OAAO;AAAA,IAClC,OAAO,UAAU;AAAA,IACjB,QAAQ,oBAAoB,UAAU,KAAK;AAAA,IAC3C,WAAW,UAAU;AAAA,IACrB,WAAW,UAAU;AAAA,IACrB,WAAW,gBAAgB,WAAW,aAAa;AAAA,IACnD,kBAAkB,OAAO;AAAA,EAC3B,CAAC;AAED,yBAAuB,OAAO,aAAa;AAAA,IACzC,WAAW,aAAa;AAAA,IACxB,WAAW,aAAa;AAAA,EAC1B,CAAC;AAED;AAAA,IACE,OAAO;AAAA,IACP;AAAA,MACE;AAAA,QACE,GAAG,OAAO;AAAA,QACV,gBAAgB,OAAO;AAAA,QACvB;AAAA,QACA,SAAS,aAAa;AAAA,QACtB,WAAW,OAAO;AAAA,MACpB;AAAA,MACA,OAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI;AAEJ,MAAI;AACF,UAAM,WAAW,MAAM,IAAI,UAAU,aAAa,QAAQ,OAAO,OAAO,EAAE,mBAAmB;AAC7F,yBAAqB,OAAO,aAAa,QAAQ;AAAA,EACnD,SAAS,OAAO;AACd,oBAAgB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,EACvE;AAEA,SAAO;AAAA,IACL;AAAA,IACA,gBAAgB,OAAO;AAAA,IACvB;AAAA,IACA,mBAAmB,WAAW;AAAA,IAC9B;AAAA,EACF;AACF;;;AF/EO,SAAS,uBAAgC;AAC9C,SAAO,IAAIE,UAAQ,gBAAgB,EAChC,YAAY,2EAA2E,EACvF,eAAe,iBAAiB,wBAAwB,EACxD,OAAO,qBAAqB,iDAAiD,EAC7E;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,MACE,OACE,SAKA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,UAAU;AAC/C,cAAM,iBACJ,WAAW,kBAAkB,yBAAyB,WAAW,WAAW;AAC9E,cAAM,SAAS,MAAM,qBAAqB;AAAA,UACxC,aAAa,WAAW;AAAA,UACxB,SAAS,WAAW;AAAA,UACpB,WAAW,QAAQ;AAAA,UACnB,SAAS,QAAQ;AAAA,UACjB,SAAS,WAAW;AAAA,UACpB;AAAA,UACA,gBAAgB;AAAA,YACd,SAAS,WAAW;AAAA,YACpB,KAAK,WAAW;AAAA,YAChB,WAAW,WAAW;AAAA,UACxB;AAAA,UACA,kBAAkB,QAAQ,WAAW,SAAS,IAAI,QAAQ,aAAa;AAAA,QACzE,CAAC;AAED,YAAI,WAAW,MAAM;AACnB,kBAAQ;AAAA,YACN,KAAK;AAAA,cACH;AAAA,gBACE,GAAG,OAAO;AAAA,gBACV,aAAa,WAAW;AAAA,gBACxB,gBAAgB,OAAO;AAAA,gBACvB,gBAAgB,OAAO;AAAA,cACzB;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAAA,UACF;AACA;AAAA,QACF;AAEA;AAAA,UACE,qBAAqB,QAAQ,IAAI,mBAAmB,WAAW,WAAW;AAAA,QAC5E;AACA,gBAAQ,gBAAgB,0BAA0B,WAAW,WAAW,CAAC,EAAE;AAC3E,gBAAQ,gBAAgB,OAAO,cAAc,EAAE;AAC/C,gBAAQ,gBAAgB,OAAO,cAAc,EAAE;AAE/C,YAAI,OAAO,mBAAmB;AAC5B,kBAAQ,sDAAsD;AAAA,QAChE;AAEA,YAAI,OAAO,eAAe;AACxB,eAAK,0DAA0D,OAAO,aAAa,EAAE;AAAA,QACvF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACJ;;;AGpFA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,YAAW;AAQlB,SAAS,QAAQ,KAAqB;AACpC,MAAI,IAAI,UAAU,GAAG;AACnB,WAAO;AAAA,EACT;AACA,SAAO,GAAG,IAAI,UAAU,GAAG,CAAC,CAAC;AAC/B;AAGO,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,gDAAgD,EAC5D;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,UAAU;AAE/C,UAAI,WAAW,MAAM;AACnB,gBAAQ;AAAA,UACN,KAAK;AAAA,YACH;AAAA,cACE,eAAe,QAAQ,WAAW,MAAM;AAAA,cACxC,SAAS,WAAW;AAAA,cACpB,QAAQ,WAAW;AAAA,cACnB,QAAQ,WAAW,SAAS,QAAQ,WAAW,MAAM,IAAI;AAAA,cACzD,iBAAiB,0BAA0B,WAAW,WAAW;AAAA,cACjE,SAAS,WAAW,QAAQ,WAAW;AAAA,cACvC,WAAW,WAAW,QAAQ,aAAa;AAAA,cAC3C,gBAAgB,WAAW,QAAQ,YAAY;AAAA,cAC/C,SAAS,WAAW;AAAA,cACpB,SAAS,WAAW;AAAA,cACpB,WAAW,WAAW,aAAa;AAAA,cACnC,gBAAgB,WAAW,kBAAkB;AAAA,cAC7C,gBAAgB,WAAW,kBAAkB;AAAA,cAC7C,YAAY,cAAc;AAAA,YAC5B;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AACA;AAAA,MACF;AAEA,cAAQ,IAAI;AAEZ,UAAI,CAAC,WAAW,QAAQ;AACtB,gBAAQ,IAAIC,OAAM,KAAK,qBAAqB,CAAC;AAC7C,gBAAQ,IAAI;AACZ,gBAAQ,IAAI,qBAAqBA,OAAM,KAAK,WAAW,WAAW,CAAC,EAAE;AACrE,gBAAQ;AAAA,UACN,WACEA,OAAM,KAAK,cAAc,IACzB,OACAA,OAAM,KAAK,eAAe,IAC1B,UACAA,OAAM,KAAK,eAAe,IAC1B;AAAA,QACJ;AACA,gBAAQ,IAAI;AACZ;AAAA,MACF;AAEA,cAAQ,IAAIA,OAAM,KAAK,iBAAiB,CAAC;AACzC,cAAQ,IAAI;AACZ;AAAA,QACE;AAAA,UACE,CAAC,WAAW,WAAW,WAAW;AAAA,UAClC,CAAC,UAAU,WAAW,YAAY;AAAA,UAClC,CAAC,oBAAoB,0BAA0B,WAAW,WAAW,CAAC;AAAA,UACtE,CAAC,WAAW,QAAQ,WAAW,MAAM,CAAC;AAAA,UACtC;AAAA,YACE;AAAA,YACA,WAAW,QAAQ,UAAU,kBAC3B,WAAW,QAAQ,aACnB,WAAW,QAAQ,WACnBA,OAAM,IAAI,WAAW;AAAA,UACzB;AAAA,UACA;AAAA,YACE;AAAA,YACA,WAAW,QAAQ,UAAU,eAAeA,OAAM,IAAI,kBAAkB;AAAA,UAC1E;AAAA,UACA,CAAC,QAAQ,WAAW,MAAM,QAAQ,MAAM;AAAA,UACxC,CAAC,YAAY,WAAW,OAAO;AAAA,UAC/B,CAAC,cAAc,WAAW,aAAaA,OAAM,IAAI,WAAW,CAAC;AAAA,UAC7D,CAAC,eAAe,WAAW,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,UACnE,CAAC,eAAe,WAAW,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,UACnE,CAAC,eAAe,cAAc,CAAC;AAAA,QACjC;AAAA,QACA;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACrGA,SAAS,WAAAC,iBAAe;;;ACAxB,SAAS,WAAAC,iBAAe;AACxB,OAAOC,YAAW;;;AC+BlB,eAAsB,qBACpB,YACwB;AACxB,QAAM,aAAa,kBAAkB,UAAU;AAC/C,MAAI,eAA+C;AACnD,MAAI,sBAAqC;AACzC,MAAI,iBAAiB,WAAW,QAAQ;AAExC,MAAI,WAAW,QAAQ;AACrB,QAAI;AACF,qBAAe,MAAM,IAAI;AAAA,QACvB,WAAW;AAAA,QACX,WAAW;AAAA,MACb,EAAE,mBAAmB;AACrB,uBAAiB,qBAAqB,WAAW,aAAa,YAAY,EAAE;AAAA,IAC9E,SAAS,OAAO;AACd,4BAAsB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAC7E;AAAA,EACF;AAEA,SAAO;AAAA,IACL,eAAe,QAAQ,WAAW,MAAM;AAAA,IACxC,aAAa,WAAW;AAAA,IACxB,kBAAkB,WAAW;AAAA,IAC7B,iBAAiB,0BAA0B,WAAW,WAAW;AAAA,IACjE,SAAS,WAAW;AAAA,IACpB,SAAS,WAAW;AAAA,IACpB,WAAW,WAAW,aAAa;AAAA,IACnC,gBAAgB,WAAW,kBAAkB;AAAA,IAC7C,kBAAkB,WAAW;AAAA,IAC7B,gBAAgB,WAAW,kBAAkB;AAAA,IAC7C,kBAAkB,WAAW;AAAA,IAC7B,YAAY,cAAc;AAAA,IAC1B,YAAY,qBAAqB,WAAW,WAAW;AAAA,IACvD;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAGO,SAAS,wBAAwB,QAAsC;AAC5E,MAAI,OAAO,cAAc;AACvB,WAAO,kBAAkB,OAAO,YAAY;AAAA,EAC9C;AACA,MAAI,OAAO,gBAAgB;AACzB,WAAO,kBAAkB,OAAO,cAAc;AAAA,EAChD;AACA,SAAO;AACT;;;ADtEA,SAAS,iBAAiB,QAAgD;AACxE,SAAO;AAAA,IACL,eAAe,OAAO;AAAA,IACtB,SAAS,OAAO;AAAA,IAChB,kBAAkB,OAAO;AAAA,IACzB,iBAAiB,OAAO;AAAA,IACxB,SAAS,OAAO;AAAA,IAChB,SAAS,OAAO;AAAA,IAChB,WAAW,OAAO;AAAA,IAClB,gBAAgB,OAAO;AAAA,IACvB,kBAAkB,OAAO;AAAA,IACzB,gBAAgB,OAAO;AAAA,IACvB,kBAAkB,OAAO;AAAA,IACzB,YAAY,OAAO;AAAA,IACnB,YAAY,OAAO;AAAA,IACnB,cAAc,OAAO;AAAA,IACrB,gBAAgB,OAAO,kBAAkB;AAAA,IACzC,qBAAqB,OAAO;AAAA,EAC9B;AACF;AAEO,SAAS,oBACd,QACA,UACA,UAAU,qBACJ;AACN,QAAM,eAAe,OAAO;AAC5B,QAAM,iBAAiB,OAAO;AAC9B,QAAM,QAAQ,cAAc,OAAO,SAAS,gBAAgB,eAAeC,OAAM,IAAI,WAAW;AAChG,QAAM,aACJ,cAAc,OAAO,QAAQ,gBAAgB,cAAcA,OAAM,IAAI,WAAW;AAClF,QAAM,gBACJ,eACI,aAAa,OAAO,MAAM,aAAa,UAAU,UAC/C,UACA,aAAa,UAAU,YACrB,aACA,aAAa,UAAU,YACrB,YACA,YACN,gBAAgB,iBAAiBA,OAAM,IAAI,WAAW;AAC5D,QAAM,WACJ,cAAc,IAAI,QAClB,cAAc,IAAI,MAClB,gBAAgB,WAChB,gBAAgB,SAChBA,OAAM,IAAI,WAAW;AACvB,QAAM,cACJ,cAAc,QAAQ,QACtB,cAAc,QAAQ,MACtB,gBAAgB,cAChB,gBAAgB,YAChBA,OAAM,IAAI,aAAa;AACzB,QAAM,cACJ,cAAc,QAAQ,eAAe,gBAAgB,eAAeA,OAAM,IAAI,WAAW;AAC3F,QAAM,SACJ,cAAc,OAAO,WAAW,gBAAgB,iBAAiBA,OAAM,IAAI,WAAW;AACxF,QAAM,iBAAiB,eACnB,SACA,iBACE,WACA;AAEN,UAAQ,IAAI;AACZ,UAAQ,IAAIA,OAAM,KAAK,OAAO,CAAC;AAC/B,UAAQ,IAAI;AACZ;AAAA,IACE;AAAA,MACE,CAAC,WAAW,OAAO,WAAW;AAAA,MAC9B,CAAC,iBAAiB,OAAO,gBAAgB,QAAQ,IAAI;AAAA,MACrD,CAAC,qBAAqB,OAAO,gBAAgB;AAAA,MAC7C,CAAC,oBAAoB,OAAO,eAAe;AAAA,MAC3C,CAAC,gBAAgB,UAAU;AAAA,MAC3B,CAAC,iBAAiB,KAAK;AAAA,MACvB,CAAC,kBAAkB,aAAa;AAAA,MAChC,CAAC,aAAa,wBAAwB,MAAM,KAAKA,OAAM,IAAI,WAAW,CAAC;AAAA,MACvE,CAAC,gBAAgB,QAAQ;AAAA,MACzB,CAAC,UAAU,WAAW;AAAA,MACtB,CAAC,mBAAmB,WAAW;AAAA,MAC/B,CAAC,UAAU,MAAM;AAAA,MACjB,CAAC,mBAAmB,cAAc;AAAA,MAClC,CAAC,YAAY,OAAO,OAAO;AAAA,MAC3B,CAAC,QAAQ,OAAO,UAAU,QAAQ,MAAM;AAAA,MACxC,CAAC,cAAc,OAAO,aAAaA,OAAM,IAAI,WAAW,CAAC;AAAA,MACzD,CAAC,eAAe,OAAO,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC/D,CAAC,eAAe,OAAO,kBAAkBA,OAAM,IAAI,WAAW,CAAC;AAAA,MAC/D,CAAC,eAAe,OAAO,UAAU;AAAA,MACjC,CAAC,eAAe,OAAO,UAAU;AAAA,MACjC,CAAC,mBAAmB,OAAO,uBAAuB,IAAI;AAAA,IACxD;AAAA,IACA;AAAA,IACA,iBAAiB,MAAM;AAAA,EACzB;AACA,UAAQ,IAAI;AACd;AAGO,SAAS,cAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,MAAM,MAAM,EACZ,YAAY,+DAA+D,EAC3E;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,MAAM,qBAAqB,UAAU;AACpD,0BAAoB,QAAQ,CAAC,CAAC,WAAW,IAAI;AAAA,IAC/C,CAAC;AAAA,EACH;AACJ;;;ADhHO,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,8DAA8D,EAC1E;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,MAAM,qBAAqB,UAAU;AACpD;AAAA,QACE;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,OAAO,gBAAgB,uBAAuB;AAAA,MAChD;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AGZO,SAAS,qBAAqBC,UAAwB;AAC3D,QAAM,OAAOA,SAAQ,QAAQ,MAAM,EAAE,YAAY,+BAA+B;AAEhF,OAAK,WAAW,aAAa,CAAC;AAC9B,OAAK,WAAW,cAAc,CAAC;AAC/B,OAAK,WAAW,qBAAqB,CAAC;AACtC,OAAK,WAAW,cAAc,CAAC;AAC/B,OAAK,WAAW,cAAc,CAAC;AAC/B,OAAK,WAAW,gBAAgB,CAAC;AACnC;;;AClBA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,UAAS;AAQT,SAAS,mBAA4B;AAC1C,SAAO,IAAIC,UAAQ,WAAW,EAC3B,YAAY,4CAA4C,EACxD;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,KAAI,+BAA+B,EAAE,MAAM;AAC3D,YAAM,YAAY,MAAM,OAAO,oBAAoB;AACnD,cAAQ,KAAK;AAEb;AAAA,QACE;AAAA,UACE,CAAC,uBAAuB,UAAU,oBAAoB,QAAQ,IAAI;AAAA,UAClE,CAAC,cAAc,UAAU,YAAY,QAAQ,IAAI;AAAA,UACjD,CAAC,SAAS,UAAU,QAAQ,QAAQ,IAAI;AAAA,QAC1C;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AC7BO,SAAS,wBAAwBC,UAAwB;AAC9D,QAAM,UAAUA,SAAQ,QAAQ,SAAS,EAAE,YAAY,2BAA2B;AAElF,UAAQ,WAAW,iBAAiB,CAAC;AACvC;;;ACRA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;;;ACDhB,OAAOC,SAAQ;AACf,OAAOC,WAAU;AAMV,SAAS,eAAe,QAKL;AACxB,QAAM,eAAe,OAAO,gBAAgB;AAC5C,QAAM,mBAAmB,OAAO,oBAAoB;AAEpD,MAAI,OAAO,QAAQ,OAAO,UAAU;AAClC,UAAM,IAAI,MAAM,cAAc,YAAY,OAAO,gBAAgB,aAAa;AAAA,EAChF;AAEA,MAAI,CAAC,OAAO,QAAQ,CAAC,OAAO,UAAU;AACpC,WAAO;AAAA,EACT;AAEA,QAAM,WAAW,OAAO,WACpBD,IAAG,aAAaC,MAAK,QAAQ,OAAO,QAAQ,GAAG,MAAM,IACrD,OAAO;AACX,QAAM,cAAc,OAAO,WACvB,GAAG,gBAAgB,IAAI,OAAO,QAAQ,KACtC;AAEJ,MAAI;AACF,WAAO,KAAK,MAAM,QAAQ;AAAA,EAC5B,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,mBAAmB,WAAW,aAC5B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CACvD;AAAA,IACF;AAAA,EACF;AACF;;;AD/BA,SAAS,gBAAgB,SAAoE;AAC3F,QAAM,SAAS,eAAe;AAAA,IAC5B,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,EACpB,CAAC;AAED,MAAI,CAAC,UAAU,MAAM,QAAQ,MAAM,KAAK,OAAO,WAAW,UAAU;AAClE,UAAM,IAAI,MAAM,6DAA6D;AAAA,EAC/E;AAEA,SAAO;AACT;AAGO,SAASC,iBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,qCAAqC,EACjD,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,sBAAsB,yCAAyC,EACtE;AAAA,IACC;AAAA,MACE,OACE,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,cAAM,OAAO,gBAAgB,OAAO;AAEpC,cAAM,UAAUC,MAAI,oBAAoB,EAAE,MAAM;AAChD,cAAM,OAAO,aAAa,IAAI;AAC9B,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,SAAS,MAAM,MAAM,KAAK,KAAK,GAAG,MAAM,CAAC,CAAC;AACvE;AAAA,QACF;AAEA,gBAAQ,mBAAmB,KAAK,IAAI,GAAG;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACJ;;;AEpDA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAOhB,SAAS,mBAAmB,QAA+B;AACzD,QAAM,QAAQ,IAAI,KAAK,OAAO,SAAS,EAAE,YAAY,EAAE,MAAM,GAAG,EAAE;AAClE,QAAM,MAAM,IAAI,KAAK,OAAO,OAAO,EAAE,YAAY,EAAE,MAAM,GAAG,EAAE;AAC9D,SAAO,GAAG,KAAK,OAAO,GAAG;AAC3B;AAEA,SAAS,oBAAoB,QAA+B;AAC1D,UAAQ,OAAO,aAAa;AAAA,IAC1B,KAAK;AACH,aAAO,UAAU,OAAO,mBAAmB,GAAG;AAAA,IAChD,KAAK;AACH,aAAO,QAAQ,OAAO,iBAAiB,GAAG;AAAA,IAC5C,KAAK;AACH,aAAO,SAAS,OAAO,kBAAkB,GAAG;AAAA,IAC9C;AACE,aAAO;AAAA,EACX;AACF;AAGO,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,+CAA+C,EAC3D;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,qBAAqB,EAAE,MAAM;AACjD,YAAM,UAAU,MAAM,OAAO,YAAY;AACzC,cAAQ,KAAK;AAEb,YAAM,OAAO,QAAQ,IAAI,CAAC,WAAW;AAAA,QACnC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,oBAAoB,MAAM;AAAA,QAC1B,OAAO,OAAO,MAAM;AAAA,QACpB,mBAAmB,MAAM;AAAA,QACzB,OAAO,OAAO,OAAO,MAAM;AAAA,MAC7B,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,WAAW,UAAU,UAAU,QAAQ;AAAA,QACtD;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACvDO,SAAS,uBAAuBC,UAAwB;AAC7D,QAAM,SAASA,SAAQ,QAAQ,QAAQ,EAAE,YAAY,4BAA4B;AAEjF,SAAO,WAAWC,aAAY,CAAC;AAC/B,SAAO,WAAWC,eAAc,CAAC;AACnC;;;ACVA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,SAAQ;AAiCf,eAAe,oBAAoB,iBAIhC;AACD,QAAM,gBAA+B,gBAAgB,UACjD,WACA,gBAAgB,MACd,QACA;AAEN,QAAM,gBAAgB,MAAM;AAAA,IAC1B;AAAA,IACA;AAAA,MACE,EAAE,OAAO,cAAc,OAAO,QAAQ,aAAa,IAAI,uBAAuB,IAAI;AAAA,MAClF,EAAE,OAAO,eAAe,OAAO,OAAO,aAAa,IAAI,mBAAmB,IAAI;AAAA,MAC9E,EAAE,OAAO,cAAc,OAAO,SAAS;AAAA,IACzC;AAAA,IACA;AAAA,EACF;AAEA,QAAM,iBAIF,CAAC;AAEL,MAAI,kBAAkB,UAAU;AAC9B,mBAAe,UAAU,MAAM,WAAW,YAAY;AAAA,MACpD,cAAc,gBAAgB,WAAW;AAAA,IAC3C,CAAC;AAAA,EACH,WAAW,kBAAkB,OAAO;AAClC,mBAAe,MAAM;AAAA,EACvB,OAAO;AACL,mBAAe,MAAM;AAAA,EACvB;AAEA,QAAM,YAAY,MAAM,WAAW,yBAAyB;AAAA,IAC1D,cAAc,gBAAgB;AAAA,IAC9B,UAAU;AAAA,EACZ,CAAC;AACD,MAAI,WAAW;AACb,mBAAe,YAAY;AAAA,EAC7B;AAEA,SAAO;AACT;AAEA,eAAe,0BACb,aACA,iBAKC;AACD,QAAM,wBAAwB,yBAAyB,WAAW;AAClE,QAAM,cACJ,gBAAgB,kBAAkBC,IAAG,WAAW,qBAAqB,IACjE,aACA;AAEN,QAAM,iBAAiB,MAAM;AAAA,IAC3B;AAAA,IACA;AAAA,MACE;AAAA,QACE,OAAO;AAAA,QACP,OAAO;AAAA,QACP,aAAa,aAAa,qBAAqB;AAAA,MACjD;AAAA,MACA;AAAA,QACE,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA;AAAA,EACF;AAEA,MAAI,mBAAmB,YAAY;AACjC,UAAM,EAAE,eAAAC,gBAAe,QAAQ,IAAI,iBAAiB,qBAAqB;AACzE,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,cAAc,gBAAgBA,cAAa;AAAA,MAC3C;AAAA,IACF;AAAA,EACF;AAEA,QAAM,iBAAiB,MAAM,WAAW,6BAA6B;AAAA,IACnE,cAAc,gBAAgB,kBAAkB;AAAA,EAClD,CAAC;AACD,QAAM,gBAAgB,eAAe,cAAc;AACnD,SAAO;AAAA,IACL;AAAA,IACA,cAAc,gBAAgB,aAAa;AAAA,IAC3C,SAAS;AAAA,EACX;AACF;AAEA,eAAe,uBACb,aACA,iBACe;AACf,QAAM,iBAAiB,MAAM,oBAAoB,eAAe;AAChE,QAAM,aAAa,MAAM,0BAA0B,aAAa,eAAe;AAC/E,QAAM,YAAY,MAAM,WAAW,gBAAgB;AACnD,QAAM,YAAY,MAAM,WAAW,cAAc;AAAA,IAC/C,QAAQ;AAAA,EACV,CAAC;AAED,yBAAuB,aAAa,EAAE,WAAW,UAAU,CAAC;AAE5D,QAAM,cAAc;AAAA,IAClB;AAAA,MACE,GAAG;AAAA,MACH,gBAAgB,WAAW;AAAA,MAC3B,gBAAgB,yBAAyB,WAAW;AAAA,IACtD;AAAA,IACA;AAAA,EACF;AACA,mBAAiB,aAAa,WAAW;AAEzC,QAAM,UACJ,eAAe,YACd,eAAe,MAAM,sBAAsB;AAE9C,MAAI;AACF,UAAM,WAAW,MAAM,IAAI;AAAA,MACzB,GAAG,SAAS,IAAI,SAAS;AAAA,MACzB;AAAA,IACF,EAAE,mBAAmB;AACrB,yBAAqB,aAAa,QAAQ;AAAA,EAC5C,SAAS,OAAO;AACd;AAAA,MACE,0DACE,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CACvD;AAAA,IACF;AAAA,EACF;AAEA,UAAQ,kBAAkB,WAAW,QAAQ,cAAc,CAAC,EAAE;AAC9D,UAAQ,gBAAgB,0BAA0B,WAAW,CAAC,EAAE;AAChE,UAAQ,gBAAgB,WAAW,cAAc,EAAE;AACnD,UAAQ,gBAAgB,yBAAyB,WAAW,CAAC,EAAE;AACjE;AAEA,eAAe,0BACb,aACA,iBACe;AACf,QAAM,iBAAiB,MAAM,oBAAoB,eAAe;AAChE,QAAM,aAAa,MAAM,0BAA0B,aAAa,eAAe;AAC/E,QAAM,YAAY,MAAM,WAAW,cAAc;AAAA,IAC/C,cAAc,gBAAgB,aAAa;AAAA,EAC7C,CAAC;AACD,QAAM,UAAU,MAAM,WAAW,gCAAgC;AAAA,IAC/D,cAAc;AAAA,IACd,UAAU;AAAA,EACZ,CAAC;AAED,QAAM,UACJ,eAAe,YACd,eAAe,MAAM,sBAAsB;AAC9C,QAAM,SAAS,MAAM,qBAAqB;AAAA,IACxC;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS,WAAW;AAAA,IACpB;AAAA,IACA,gBAAgB,WAAW;AAAA,IAC3B;AAAA,EACF,CAAC;AAED,MAAI,OAAO,eAAe;AACxB;AAAA,MACE,4DACE,OAAO,aACT;AAAA,IACF;AAAA,EACF;AAEA,UAAQ,uBAAuB,SAAS,mBAAmB,WAAW,GAAG;AACzE,UAAQ,gBAAgB,0BAA0B,WAAW,CAAC,EAAE;AAChE,UAAQ,gBAAgB,OAAO,cAAc,EAAE;AAC/C,UAAQ,gBAAgB,OAAO,cAAc,EAAE;AACjD;AAGO,SAAS,mBAA4B;AAC1C,SAAO,IAAIC,UAAQ,WAAW,EAC3B,YAAY,oCAAoC,EAChD;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,WAAW;AAC1B,YAAM,qBAAqB;AAAA,QACzB;AAAA,QACA,WAAW;AAAA,QACX,QAAQ,IAAI;AAAA,MACd;AACA,YAAM,cAAc,MAAM,WAAW,gBAAgB;AAAA,QACnD,cAAc;AAAA,MAChB,CAAC;AACD,YAAM,kBAAkB,iBAAiB,QAAQ,WAAW;AAE5D,cAAQ,IAAI;AACZ,cAAQ,IAAI,gCAAgC,qBAAqB,WAAW,CAAC,EAAE;AAE/E,YAAM,OAAO,MAAM;AAAA,QACjB;AAAA,QACA;AAAA,UACE;AAAA,YACE,OAAO;AAAA,YACP,OAAO;AAAA,YACP,aAAa;AAAA,UACf;AAAA,UACA;AAAA,YACE,OAAO;AAAA,YACP,OAAO;AAAA,YACP,aAAa;AAAA,UACf;AAAA,QACF;AAAA,QACA;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ,UAAI,SAAS,UAAU;AACrB,cAAM,uBAAuB,aAAa,eAAe;AAAA,MAC3D,OAAO;AACL,cAAM,0BAA0B,aAAa,eAAe;AAAA,MAC9D;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AC1QA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,aAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,gCAAgC,EAC5C,SAAS,YAAY,aAAa,EAClC;AAAA,IACC,iBAAiB,OAAO,QAAgB,OAAgB,QAAiB;AACvE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,sBAAsB,MAAM,KAAK,EAAE,MAAM;AAC7D,YAAM,WAAW,MAAM,OAAO,UAAU,MAAM;AAC9C,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,MACF;AAEA,cAAQ,qBAAqB,MAAM,EAAE;AACrC;AAAA,QACE;AAAA,UACE,CAAC,aAAa,SAAS,QAAQ;AAAA,UAC/B,CAAC,iBAAiB,SAAS,cAAc;AAAA,UACzC,CAAC,YAAY,SAAS,aAAa;AAAA,UACnC,CAAC,aAAa,SAAS,qBAAqB;AAAA,UAC5C,CAAC,gBAAgB,SAAS,YAAY;AAAA,QACxC;AAAA,QACA;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;ACzCA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,+BAA+B,EAC3C;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,qBAAqB,EAAE,MAAM;AACjD,YAAM,UAAU,MAAM,OAAO,YAAY;AACzC,cAAQ,KAAK;AAEb,YAAM,OAAO,QAAQ,IAAI,CAAC,WAAW;AAAA,QACnC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,OAAO,WAAW,QAAQ;AAAA,QAC1B,OAAO;AAAA,QACP,OAAO,wBAAwB;AAAA,MACjC,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,UAAU,YAAY,SAAS,WAAW;AAAA,QACjD;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACxCA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,mCAAmC,EAC/C,SAAS,QAAQ,WAAW,EAC5B;AAAA,IACC,iBAAiB,OAAO,IAAY,OAAgB,QAAiB;AACnE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,oBAAoB,EAAE,KAAK,EAAE,MAAM;AACvD,YAAM,WAAW,MAAM,OAAO,aAAa,EAAE;AAC7C,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,MACF;AAEA,cAAQ,6BAA6B,EAAE,EAAE;AACzC;AAAA,QACE;AAAA,UACE,CAAC,YAAY,SAAS,WAAW,QAAQ,IAAI;AAAA,UAC7C,CAAC,SAAS,SAAS,SAAS,GAAG;AAAA,QACjC;AAAA,QACA;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;AChCO,SAAS,uBAAuBC,UAAwB;AAC7D,QAAM,SAASA,SAAQ,QAAQ,QAAQ,EAAE,YAAY,yBAAyB;AAE9E,SAAO,WAAWC,aAAY,CAAC;AAC/B,SAAO,WAAW,WAAW,CAAC;AAC9B,SAAO,WAAW,cAAc,CAAC;AACnC;;;ACZA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAOhB,IAAM,oBAAoB,oBAAI,IAAqB,CAAC,OAAO,OAAO,OAAO,eAAe,OAAO,CAAC;AAEhG,SAAS,yBAAyB,SAAkC;AAClE,QAAM,aAAa,QAAQ,KAAK,EAAE,YAAY;AAE9C,MAAI,CAAC,kBAAkB,IAAI,UAAU,GAAG;AACtC,UAAM,IAAI;AAAA,MACR,iCAAiC,OAAO,kBAAkB,CAAC,GAAG,iBAAiB,EAAE,KAAK,IAAI,CAAC;AAAA,IAC7F;AAAA,EACF;AAEA,SAAO;AACT;AAGO,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,uDAAuD,EACnE,eAAe,uBAAuB,qDAAqD,EAC3F,eAAe,uBAAuB,8BAA8B,EACpE,eAAe,uBAAuB,mCAAmC,EACzE,OAAO,4BAA4B,yCAAyC,EAC5E;AAAA,IACC;AAAA,MACE,OACE,SAMA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,wBAAwB,EAAE,MAAM;AACpD,cAAM,WAAW,MAAM,OAAO,eAAe;AAAA,UAC3C,SAAS,yBAAyB,QAAQ,OAAO;AAAA,UACjD,SAAS,QAAQ;AAAA,UACjB,SAAS,QAAQ;AAAA,UACjB,gBAAgB,QAAQ;AAAA,QAC1B,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,QACF;AAEA,gBAAQ,oBAAoB;AAC5B;AAAA,UACE;AAAA,YACE,CAAC,eAAe,SAAS,EAAE;AAAA,YAC3B,CAAC,gBAAgB,SAAS,WAAW;AAAA,YACrC,CAAC,qBAAqB,SAAS,WAAW,QAAQ,IAAI;AAAA,UACxD;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACJ;;;ACnEO,SAAS,yBAAyBC,UAAwB;AAC/D,QAAM,WAAWA,SAAQ,QAAQ,UAAU,EAAE,YAAY,oCAAoC;AAE7F,WAAS,WAAW,cAAc,CAAC;AACrC;;;ACRA,SAAS,WAAAC,iBAAe;AAOxB,IAAM,0BAA0B,oBAAI,IAA0B,CAAC,OAAO,QAAQ,OAAO,SAAS,QAAQ,CAAC;AAEvG,SAAS,gBAAgB,QAAsC;AAC7D,QAAM,mBAAmB,OAAO,KAAK,EAAE,YAAY;AAEnD,MAAI,CAAC,wBAAwB,IAAI,gBAAwC,GAAG;AAC1E,UAAM,IAAI,MAAM,uBAAuB,MAAM,0CAA0C;AAAA,EACzF;AAEA,SAAO;AACT;AAGO,SAAS,iBAA0B;AACxC,SAAO,IAAIC,UAAQ,SAAS,EACzB,YAAY,qCAAqC,EACjD,SAAS,YAAY,6CAA6C,EAClE,SAAS,UAAU,uDAAuD,EAC1E,OAAO,iBAAiB,4BAA4B,EACpD,OAAO,sBAAsB,wCAAwC,EACrE;AAAA,IACC;AAAA,MACE,OACE,QACAC,OACA,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,YAAY,UAAU;AACrC,cAAM,SAAS,IAAI,UAAU,OAAO,QAAQ,OAAO,OAAO;AAC1D,cAAM,SAAS,MAAM,OAAO,eAAe;AAAA,UACzC,QAAQ,gBAAgB,MAAM;AAAA,UAC9B,MAAAA;AAAA,UACA,MAAM,eAAe;AAAA,YACnB,MAAM,QAAQ;AAAA,YACd,UAAU,QAAQ;AAAA,UACpB,CAAC;AAAA,QACH,CAAC;AAED,YAAI,UAAU,MAAM;AAClB;AAAA,QACF;AAEA,YAAI,OAAO,WAAW,UAAU;AAC9B,kBAAQ,IAAI,MAAM;AAClB;AAAA,QACF;AAEA,gBAAQ,IAAI,KAAK,UAAU,QAAQ,MAAM,WAAW,OAAO,IAAI,CAAC,CAAC;AAAA,MACnE;AAAA,IACF;AAAA,EACF;AACJ;;;ACxDO,SAAS,wBAAwBC,UAAwB;AAC9D,QAAM,UAAUA,SAAQ,QAAQ,SAAS,EAAE,YAAY,wCAAwC;AAE/F,UAAQ,WAAW,eAAe,CAAC;AACrC;;;ACRA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,sBAA+B;AAC7C,SAAO,IAAIC,UAAQ,eAAe,EAC/B,YAAY,oCAAoC,EAChD;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,sCAAsC,EAAE,MAAM;AAClE,YAAM,SAAS,MAAM,OAAO,0BAA0B;AACtD,cAAQ,KAAK;AAEb;AAAA,QACE;AAAA,UACE,CAAC,WAAW,OAAO,OAAO,OAAO,CAAC;AAAA,UAClC,CAAC,SAAS,OAAO,OAAO,KAAK,CAAC;AAAA,UAC9B,CAAC,mBAAmB,OAAO,OAAO,cAAc,CAAC;AAAA,UACjD,CAAC,UAAU,OAAO,OAAO,MAAM,CAAC;AAAA,UAChC,CAAC,eAAe,OAAO,OAAO,UAAU,CAAC;AAAA,UACzC,CAAC,WAAW,OAAO,OAAO,OAAO,CAAC;AAAA,UAClC,CAAC,gBAAgB,OAAO,OAAO,YAAY,CAAC;AAAA,UAC5C,CAAC,UAAU,OAAO,OAAO,MAAM,CAAC;AAAA,UAChC,CAAC,YAAY,OAAO,OAAO,QAAQ,CAAC;AAAA,UACpC,CAAC,YAAY,OAAO,OAAO,OAAO,CAAC;AAAA,QACrC;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACJ;;;ACpCO,SAAS,2BAA2BC,UAAwB;AACjE,QAAM,aAAaA,SAAQ,QAAQ,YAAY,EAAE,YAAY,sCAAsC;AAEnG,aAAW,WAAW,oBAAoB,CAAC;AAC7C;;;ACRA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,wBAAiC;AAC/C,SAAO,IAAIC,UAAQ,iBAAiB,EACjC,YAAY,2DAA2D,EACvE;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,6BAA6B,EAAE,MAAM;AACzD,YAAM,WAAW,MAAM,OAAO,mBAAmB;AACjD,cAAQ,KAAK;AAEb,YAAM,OAAO,SAAS,eAAe,IAAI,CAAC,UAAU;AAAA,QAClD,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM;AAAA,QACN,MAAM,YAAY,QAAQ;AAAA,QAC1B,MAAM,MAAM,KAAK,IAAI,KAAK;AAAA,QAC1B,OAAO,MAAM,eAAe;AAAA,MAC9B,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,UAAU,WAAW,SAAS,SAAS;AAAA,QACtD;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,SAAS;AAAA,MACX;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACzCA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAYhB,IAAM,yBAAyB,oBAAI,IAAyB;AAAA,EAC1D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,SAAS,6BAA6B,WAAwC;AAC5E,QAAM,aAAa,UAAU,KAAK,EAAE,YAAY;AAEhD,MAAI,CAAC,uBAAuB,IAAI,UAAU,GAAG;AAC3C,UAAM,IAAI;AAAA,MACR,2BAA2B,SAAS,kBAAkB,CAAC,GAAG,sBAAsB,EAAE,KAAK,IAAI,CAAC;AAAA,IAC9F;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,qBAAqB,SAGJ;AACxB,QAAM,SAAS,eAAe;AAAA,IAC5B,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,EACpB,CAAC;AAED,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,MAAI,MAAM,QAAQ,MAAM,GAAG;AACzB,WAAO,EAAE,aAAa,OAA+C;AAAA,EACvE;AAEA,MAAI,OAAO,WAAW,YAAY,WAAW,QAAQ,MAAM,QAAQ,OAAO,WAAW,GAAG;AACtF,WAAO;AAAA,EACT;AAEA,QAAM,IAAI,MAAM,+FAA+F;AACjH;AAGO,SAAS,aAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,kCAAkC,EAC9C,SAAS,eAAe,0FAA0F,EAClH,SAAS,QAAQ,UAAU,EAC3B,OAAO,iBAAiB,yBAAyB,EACjD,OAAO,sBAAsB,uCAAuC,EACpE;AAAA,IACC;AAAA,MACE,OACE,WACA,IACA,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,cAAM,OAAO,qBAAqB,OAAO;AAEzC,cAAM,UAAUC,MAAI,yBAAyB,EAAE,MAAM;AACrD,cAAM,OAAO,eAAe,6BAA6B,SAAS,GAAG,IAAI,IAAI;AAC7E,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,WAAW,UAAU,YAAY,GAAG,IAAI,SAAS,KAAK,GAAG,MAAM,CAAC,CAAC;AAC9F;AAAA,QACF;AAEA,gBAAQ,2BAA2B,UAAU,YAAY,CAAC,IAAI,EAAE,EAAE;AAAA,MACpE;AAAA,IACF;AAAA,EACF;AACJ;;;ACvFO,SAAS,4BAA4BC,UAAwB;AAClE,QAAM,cAAcA,SAAQ,QAAQ,aAAa,EAAE,YAAY,0BAA0B;AAEzF,cAAY,WAAW,sBAAsB,CAAC;AAC9C,cAAY,WAAW,WAAW,CAAC;AACrC;;;ACVA,SAAS,WAAAC,iBAAe;AAOjB,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,yBAAyB,EACrC;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,WAAW;AAC1B,YAAM,iBAAiB,sBAAsB,MAAM;AACnD,YAAM,OAAO,gBAAgB,MAAM,EAAE,IAAI,CAAC,gBAAgB;AACxD,cAAM,UAAU,OAAO,SAAS,WAAW,KAAK,CAAC;AACjD,eAAO;AAAA,UACL;AAAA,UACA,gBAAgB,iBAAiB,QAAQ;AAAA,UACzC,QAAQ,UAAU,eAAe;AAAA,UACjC,QAAQ,UAAU,kBAAkB,QAAQ,aAAa,QAAQ,WAAW;AAAA,UAC5E,QAAQ,YAAY,QAAQ,MAAM,uBAAuB;AAAA,UACzD,QAAQ,aAAa;AAAA,QACvB;AAAA,MACF,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,QAAQ,WAAW,SAAS,aAAa,YAAY,YAAY;AAAA,QAClE;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,KAAK,IAAI,CAAC,CAAC,MAAM,SAAS,OAAO,WAAW,SAAS,SAAS,OAAO;AAAA,UACnE;AAAA,UACA,SAAS,YAAY;AAAA,UACrB,OAAO,UAAU,MAAM,OAAO;AAAA,UAC9B,WAAW,cAAc,MAAM,OAAO;AAAA,UACtC;AAAA,UACA,WAAW,cAAc,MAAM,OAAO;AAAA,QACxC,EAAE;AAAA,MACJ;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC5CA,SAAS,WAAAC,iBAAe;AAWjB,SAAS,aAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,+BAA+B,EAC3C,SAAS,UAAU,cAAc,EACjC;AAAA,IACC,iBAAiB,OAAO,gBAAwB;AAC9C,YAAM,SAAS,WAAW;AAC1B,YAAM,UAAU,iBAAiB,QAAQ,WAAW;AAEpD,UAAI,OAAO,KAAK,OAAO,EAAE,WAAW,KAAK,CAAC,OAAO,SAAS,WAAW,GAAG;AACtE,cAAM,IAAI,MAAM,YAAY,WAAW,mBAAmB;AAAA,MAC5D;AAEA,iBAAW,kBAAkB,QAAQ,WAAW,CAAC;AACjD,cAAQ,sBAAsB,WAAW,GAAG;AAAA,IAC9C,CAAC;AAAA,EACH;AACJ;;;ACtBO,SAAS,wBAAwBC,UAAwB;AAC9D,QAAM,UAAUA,SAAQ,QAAQ,SAAS,EAAE,YAAY,2BAA2B;AAElF,UAAQ,WAAWC,aAAY,CAAC;AAChC,UAAQ,WAAW,YAAY,CAAC;AAChC,UAAQ,WAAW,WAAW,CAAC;AACjC;;;ACZA,SAAS,WAAAC,iBAAe;AAOjB,SAAS,cAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,uDAAuD,EACnE;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,MAAM,qBAAqB,UAAU;AACpD,0BAAoB,QAAQ,CAAC,CAAC,WAAW,MAAM,mBAAmB;AAAA,IACpE,CAAC;AAAA,EACH;AACJ;;;ACbO,SAAS,sBAAsBC,UAAwB;AAC5D,QAAM,QAAQA,SAAQ,QAAQ,OAAO,EAAE,YAAY,oCAAoC;AACvF,QAAM,WAAW,YAAY,CAAC;AAChC;;;ACPA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQhB,SAAS,eAAe,SAA0D;AAChF,QAAM,SAAS,eAAe;AAAA,IAC5B,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,EACpB,CAAC;AAED,MAAI,CAAC,UAAU,MAAM,QAAQ,MAAM,KAAK,OAAO,WAAW,UAAU;AAClE,UAAM,IAAI,MAAM,mEAAmE;AAAA,EACrF;AAEA,SAAO;AACT;AAGO,SAASC,iBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,sDAAsD,EAClE,OAAO,iBAAiB,0BAA0B,EAClD,OAAO,sBAAsB,wCAAwC,EACrE;AAAA,IACC;AAAA,MACE,OACE,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,mBAAmB,EAAE,MAAM;AAC/C,cAAM,WAAW,MAAM,OAAO,YAAY,eAAe,OAAO,CAAC;AACjE,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,QACF;AAEA,gBAAQ,iBAAiB,SAAS,EAAE,EAAE;AAAA,MACxC;AAAA,IACF;AAAA,EACF;AACJ;;;ACnDA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQhB,SAAS,mBAAmB,SAA0D;AACpF,QAAM,SAAS,eAAe;AAAA,IAC5B,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,EACpB,CAAC;AAED,MAAI,CAAC,UAAU,MAAM,QAAQ,MAAM,KAAK,OAAO,WAAW,UAAU;AAClE,UAAM,IAAI,MAAM,wEAAwE;AAAA,EAC1F;AAEA,SAAO;AACT;AAGO,SAAS,oBAA6B;AAC3C,SAAO,IAAIC,UAAQ,aAAa,EAC7B,YAAY,2DAA2D,EACvE,SAAS,aAAa,UAAU,EAChC,OAAO,iBAAiB,+BAA+B,EACvD,OAAO,sBAAsB,6CAA6C,EAC1E;AAAA,IACC;AAAA,MACE,OACE,SACA,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,0BAA0B,OAAO,KAAK,EAAE,MAAM;AAClE,cAAM,WAAW,MAAM,OAAO,gBAAgB,SAAS,mBAAmB,OAAO,CAAC;AAClF,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,QACF;AAEA,gBAAQ,sBAAsB,SAAS,EAAE,aAAa,OAAO,EAAE;AAAA,MACjE;AAAA,IACF;AAAA,EACF;AACJ;;;ACrDA,OAAOC,WAAU;AACjB,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AAOR,SAAS,uBAAgC;AAC9C,SAAO,IAAIC,UAAQ,gBAAgB,EAChC,YAAY,0EAA0E,EACtF,SAAS,aAAa,mCAAmC,EACzD,SAAS,aAAa,iCAAiC,EACvD;AAAA,IACC;AAAA,IACA;AAAA,EACF,EACC;AAAA,IACC;AAAA,MACE,OACE,SACA,SACA,MACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,YAAY,UAAU;AACrC,cAAM,MAAM,IAAIC,IAAG,MAAM;AACzB,cAAM,aAAaC,MAAK,QAAQ,KAAK,UAAU,GAAG,OAAO,MAAM;AAE/D,cAAM,UAAUC,MAAI,0CAA0C,EAAE,MAAM;AACtE,cAAM,SAAS,MAAM,IAAI,wBAAwB;AAAA,UAC/C;AAAA,UACA;AAAA,UACA;AAAA,QACF,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ;AAAA,YACN,KAAK;AAAA,cACH;AAAA,gBACE,SAAS,OAAO;AAAA,gBAChB,SAAS,OAAO;AAAA,gBAChB,YAAY,OAAO;AAAA,gBACnB,eAAe,OAAO,WAAW;AAAA,gBACjC,iBAAiB,OAAO,WAAW;AAAA,gBACnC,gBAAgB,OAAO,WAAW;AAAA,gBAClC,kBAAkB,OAAO,WAAW;AAAA,cACtC;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAAA,UACF;AACA;AAAA,QACF;AAEA,gBAAQ,iCAAiC,UAAU,EAAE;AAAA,MACvD;AAAA,IACF;AAAA,EACF;AACJ;;;AC/DA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AASR,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,kDAAkD,EAC9D;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,SAAS,YAAY,UAAU;AAErC,YAAM,UAAUC,MAAI,mCAAmC,EAAE,MAAM;AAC/D,YAAM,KAAK,MAAMC,IAAG,OAAO,MAAM;AACjC,cAAQ,KAAK;AAEb,YAAM,MAAM,GAAG;AACf,YAAM,OAAO,OAAO,KAAK,GAAG,EAAE,KAAK;AAEnC,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,KAAK,MAAM,CAAC,CAAC;AACxC;AAAA,MACF;AAEA,UAAI,KAAK,WAAW,GAAG;AACrB,gBAAQ,IAAI,uCAAuC;AACnD;AAAA,MACF;AAEA,YAAM,OAAO,KAAK,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC;AAE9C,cAAQ,IAAI;AACZ,iBAAW,CAAC,OAAO,OAAO,GAAG,MAAM,KAAK;AACxC,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC3CA,SAAS,WAAAC,iBAAe;;;ACAxB,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AA2Bf,IAAM,gCAAgC;AAYtC,SAAS,YAAY,KAA0C;AAC7D,QAAM,OAAO,OAAO,KAAK,GAAG,EAAE,KAAK;AACnC,SAAO,KAAK,IAAI,CAAC,SAAS;AAAA,IACxB,MAAM;AAAA,IACN,QAAQ,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;AAAA,EAC7B,EAAE;AACJ;AAKA,eAAsB,sBACpB,YACwB;AACxB,QAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,QAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AACnE,QAAM,CAAC,EAAE,OAAO,GAAG,mBAAmB,IAAI,MAAM,QAAQ,IAAI;AAAA,IAC1D,OAAO,WAAW,WAAW,SAAS;AAAA,IACtC,WAAW,YAAY,QAAQ,QAAQ,IAAI,IAAI,OAAO,oBAAoB;AAAA,EAC5E,CAAC;AACD,QAAM,eAAe,oBAAI,IAAyB;AAElD,aAAW,SAAS,QAAQ;AAC1B,UAAM,WAAW,MAAM,OAAO,eAAe,MAAM,EAAE;AACrD,UAAM,aAAa,OAAO;AAAA,MACxB,SAAS,gBAAgB,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,IAAI,CAAU;AAAA,IACzE;AAEA,eAAW,QAAQ,SAAS,OAAO;AACjC,mBAAa,IAAI,KAAK,IAAI;AAAA,QACxB,SAAS,MAAM;AAAA,QACf,WAAW,MAAM;AAAA,QACjB,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,MAAM,KAAK;AAAA,QACX,YAAY,KAAK;AAAA,QACjB,WAAW,KAAK,UAAW,WAAW,KAAK,OAAO,KAAK,KAAK,UAAW;AAAA,QACvE,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,qBAAqB;AACvB,UAAM,aAAa,OAAO;AAAA,MACxB,oBAAoB,gBAAgB,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,IAAI,CAAU;AAAA,IACpF;AAEA,eAAW,QAAQ,oBAAoB,YAAY;AACjD,UAAI,aAAa,IAAI,KAAK,EAAE,GAAG;AAC7B;AAAA,MACF;AAEA,mBAAa,IAAI,KAAK,IAAI;AAAA,QACxB,SAAS,KAAK;AAAA,QACd,WAAW;AAAA,QACX,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,MAAM,KAAK;AAAA,QACX,YAAY,KAAK,cAAc;AAAA,QAC/B,WAAW,KAAK,UAAW,WAAW,KAAK,OAAO,KAAK,KAAK,UAAW;AAAA,QACvE,UAAU,KAAK;AAAA,MACjB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO,CAAC,GAAG,aAAa,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,UAAU;AACtD,UAAM,eAAe,KAAK,UAAU,cAAc,MAAM,SAAS;AACjE,WAAO,iBAAiB,IACpB,eACA,KAAK,SAAS,cAAc,MAAM,QAAQ;AAAA,EAChD,CAAC;AACH;AAKA,eAAsB,wBACpB,YACe;AACf,QAAM,UAAUC,MAAI,iCAAiC,EAAE,MAAM;AAC7D,QAAM,OAAO,MAAM,sBAAsB,UAAU;AACnD,UAAQ,KAAK;AAEb,MAAI,WAAW,MAAM;AACnB,YAAQ,IAAI,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACzC;AAAA,EACF;AAEA,MAAI,KAAK,WAAW,GAAG;AACrB,YAAQ,IAAI,6BAA6B;AACzC;AAAA,EACF;AAEA,UAAQ,IAAI;AACZ;AAAA,IACE,CAAC,SAAS,QAAQ,QAAQ,UAAU,SAAS,UAAU;AAAA,IACvD,KAAK,IAAI,CAAC,QAAQ;AAAA,MAChB,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI,QAAQ;AAAA,MACZ,IAAI,eAAe,OAAO,MAAM,OAAO,IAAI,UAAU;AAAA,MACrD,IAAI,aAAa;AAAA,MACjB,IAAI,SAAS,KAAK,IAAI,KAAK;AAAA,IAC7B,CAAC;AAAA,IACD;AAAA,EACF;AACA,UAAQ,IAAI;AACd;AAMO,SAAS,eAAwB;AACtC,SAAO,IAAIC,UAAQ,OAAO,EACvB,YAAY,8FAA8F,EAC1G,OAAO,mBAAmB,6CAA6C,EACvE;AAAA,IACC,iBAAiB,OAAO,MAAkC,QAAiB;AACzE,YAAM,aAAa,IAAI,gBAA+B;AAEtD,UAAI,KAAK,cAAc;AACrB,cAAM,wBAAwB,UAAU;AACxC;AAAA,MACF;AAEA,YAAM,SAAS,YAAY,UAAU;AAErC,YAAM,UAAUD,MAAI,yBAAyB,EAAE,MAAM;AACrD,YAAM,KAAK,MAAME,IAAG,OAAO,MAAM;AACjC,cAAQ,KAAK;AAEb,YAAM,MAAM,GAAG;AACf,YAAM,QAAQ,YAAY,GAAG;AAE7B,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAC1C;AAAA,MACF;AAEA,UAAI,MAAM,WAAW,GAAG;AACtB,gBAAQ,IAAI,6BAA6B;AACzC;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,IAAI,CAAC,SAAS;AAAA,QAC/B,KAAK;AAAA,QACL;AAAA,QACA,KAAK,OAAO,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,IAAI;AAAA,MAC1C,CAAC;AAED,cAAQ,IAAI;AACZ,iBAAW,CAAC,QAAQ,QAAQ,QAAQ,GAAG,MAAM,KAAK;AAClD,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AD/LO,SAAS,mBAA4B;AAC1C,SAAO,IAAIC,UAAQ,YAAY,EAC5B,YAAY,mEAAmE,EAC/E;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,wBAAwB,UAAU;AAAA,IAC1C,CAAC;AAAA,EACH;AACJ;;;AEfA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,oBAA6B;AAC3C,SAAO,IAAIC,UAAQ,aAAa,EAC7B,YAAY,wDAAwD,EACpE;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,4BAA4B,EAAE,MAAM;AACxD,YAAM,WAAW,MAAM,OAAO,WAAW,WAAW,SAAS;AAC7D,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,SAAS,QAAQ,MAAM,CAAC,CAAC;AACpD;AAAA,MACF;AAEA,UAAI,SAAS,OAAO,WAAW,GAAG;AAChC,gBAAQ,IAAI,gCAAgC;AAC5C;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,kBAAkB,SAAS,YAAY;AAAA,QACtD,SAAS,OAAO,IAAI,CAAC,UAAU;AAAA,UAC7B,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM,sBAAsB;AAAA,UAC5B,OAAO,MAAM,SAAS;AAAA,UACtB,MAAM;AAAA,QACR,CAAC;AAAA,QACD;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AC/CA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AASR,SAASC,cAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,6DAA6D,EACzE,SAAS,SAAS,iDAAiD,EACnE;AAAA,IACC;AAAA,MACE,OAAO,QAAgB,OAAgB,QAAiB;AACtD,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,YAAY,UAAU;AAErC,cAAM,UAAUC,MAAI,mCAAmC,EAAE,MAAM;AAC/D,cAAM,KAAK,MAAMC,IAAG,OAAO,MAAM;AACjC,gBAAQ,KAAK;AAEb,cAAM,MAAM,GAAG;AACf,cAAM,MAAM,OAAO,YAAY;AAC/B,cAAM,QAAQ,IAAI,GAAG;AAErB,YAAI,UAAU,QAAW;AACvB,gBAAM,YAAY,OAAO,KAAK,GAAG,EAAE,KAAK,EAAE,KAAK,IAAI,KAAK;AACxD,gBAAM,IAAI,MAAM,QAAQ,GAAG,gCAAgC,SAAS,EAAE;AAAA,QACxE;AAEA,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,KAAK,MAAM,GAAG,MAAM,CAAC,CAAC;AACnD;AAAA,QACF;AAGA,gBAAQ,OAAO,MAAM,KAAK;AAAA,MAC5B;AAAA,IACF;AAAA,EACF;AACJ;;;AC5CA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AAWR,SAAS,gBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,4BAA4B,EACxC,SAAS,WAAW,yDAAyD,EAC7E;AAAA,IACC;AAAA,MACE,OAAO,OAAe,OAAgB,QAAiB;AACrD,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,YAAY,UAAU;AAErC,cAAM,UAAUC,MAAI,0BAA0B,EAAE,MAAM;AACtD,cAAM,KAAK,MAAMC,IAAG,OAAO,MAAM;AACjC,gBAAQ,KAAK;AAEb,cAAM,MAAM,GAAG;AACf,cAAM,aAAa,MAAM,YAAY;AAErC,cAAM,UAAU,OAAO,KAAK,GAAG,EAC5B,OAAO,CAAC,QAAQ,IAAI,YAAY,EAAE,SAAS,UAAU,CAAC,EACtD,KAAK;AAER,YAAI,WAAW,MAAM;AACnB,gBAAM,SAAS,QAAQ,IAAI,CAAC,SAAS,EAAE,KAAK,OAAO,IAAI,GAAG,EAAE,EAAE;AAC9D,kBAAQ,IAAI,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAC3C;AAAA,QACF;AAEA,YAAI,QAAQ,WAAW,GAAG;AACxB,kBAAQ,IAAI;AAAA,uBAA0B,KAAK;AAAA,CAAY;AACvD;AAAA,QACF;AAEA,cAAM,OAAO,QAAQ,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC;AAEjD,gBAAQ,IAAI;AACZ,mBAAW,CAAC,OAAO,OAAO,GAAG,MAAM,KAAK;AACxC,gBAAQ,IAAI;AAAA,MACd;AAAA,IACF;AAAA,EACF;AACJ;;;ACzCO,SAAS,sBAAsBC,UAAwB;AAC5D,QAAM,QAAQA,SAAQ,QAAQ,OAAO,EAAE,YAAY,sBAAsB;AAEzE,QAAM,WAAWC,eAAc,CAAC;AAChC,QAAM,WAAW,kBAAkB,CAAC;AACpC,QAAM,WAAW,qBAAqB,CAAC;AACvC,QAAM,WAAWC,aAAY,CAAC;AAC9B,QAAM,WAAW,kBAAkB,CAAC;AACpC,QAAM,WAAW,iBAAiB,CAAC;AACnC,QAAM,WAAWC,YAAW,CAAC;AAC7B,QAAM,WAAW,aAAa,CAAC;AAC/B,QAAM,WAAW,cAAc,CAAC;AAClC;;;ACxBA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAAS,kBAA2B;AACzC,SAAO,IAAIC,UAAQ,WAAW,EAC3B,YAAY,kCAAkC,EAC9C,SAAS,eAAe,YAAY,EACpC,SAAS,aAAa,UAAU,EAChC;AAAA,IACC;AAAA,MACE,OACE,WACA,SACA,OACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,mCAAmC,EAAE,MAAM;AAC/D,cAAM,OAAO,sBAAsB;AAAA,UACjC;AAAA,UACA;AAAA,QACF,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,WAAW,QAAQ,GAAG,MAAM,CAAC,CAAC;AAC3D;AAAA,QACF;AAEA,gBAAQ,oBAAoB,OAAO,iBAAiB,SAAS,EAAE;AAAA,MACjE;AAAA,IACF;AAAA,EACF;AACJ;;;AC1CA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAQT,SAASC,eAAuB;AACrC,SAAO,IAAIC,UAAQ,MAAM,EACtB,YAAY,mBAAmB,EAC/B;AAAA,IACC,iBAAiB,OAAO,OAAgB,QAAiB;AACvD,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,sBAAsB,EAAE,MAAM;AAClD,YAAM,WAAW,MAAM,OAAO,aAAa;AAC3C,cAAQ,KAAK;AAEb,YAAM,OAAO,SAAS,SAAS,IAAI,CAAC,MAAM;AAAA,QACxC,EAAE;AAAA,QACF,EAAE;AAAA,QACF,EAAE,cAAc;AAAA,QAChB,OAAO,EAAE,WAAW;AAAA,QACpB,OAAO,EAAE,aAAa;AAAA,QACtB,OAAO,EAAE,kBAAkB;AAAA,MAC7B,CAAC;AAED,cAAQ,IAAI;AACZ;AAAA,QACE,CAAC,MAAM,QAAQ,eAAe,UAAU,YAAY,gBAAgB;AAAA,QACpE;AAAA,QACA,CAAC,CAAC,WAAW;AAAA,QACb,SAAS;AAAA,MACX;AACA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;ACzCA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,YAAW;AAClB,OAAOC,WAAS;AAQT,SAASC,cAAsB;AACpC,SAAO,IAAIC,UAAQ,KAAK,EACrB,YAAY,qBAAqB,EACjC,SAAS,QAAQ,YAAY,EAC7B;AAAA,IACC,iBAAiB,OAAO,IAAY,OAAgB,QAAiB;AACnE,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,YAAM,UAAUC,MAAI,qBAAqB,EAAE,MAAM;AACjD,YAAM,UAAU,MAAM,OAAO,WAAW,EAAE;AAC1C,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAC5C;AAAA,MACF;AAEA,cAAQ,IAAI;AACZ,cAAQ,IAAIC,OAAM,KAAK,KAAK,QAAQ,IAAI,EAAE,CAAC;AAC3C,cAAQ,IAAI;AAEZ;AAAA,QACE;AAAA,UACE,CAAC,MAAM,QAAQ,EAAE;AAAA,UACjB,CAAC,eAAe,QAAQ,UAAU;AAAA,UAClC,CAAC,eAAe,QAAQ,WAAW;AAAA,UACnC,CAAC,cAAc,QAAQ,SAAS;AAAA,UAChC,CAAC,UAAU,OAAO,QAAQ,WAAW,CAAC;AAAA,UACtC,CAAC,YAAY,OAAO,QAAQ,aAAa,CAAC;AAAA,UAC1C,CAAC,kBAAkB,OAAO,QAAQ,kBAAkB,CAAC;AAAA,QACvD;AAAA,QACA;AAAA,MACF;AAEA,UAAI,QAAQ,OAAO,SAAS,GAAG;AAC7B,gBAAQ,IAAI;AACZ,gBAAQ,IAAIA,OAAM,KAAK,UAAU,CAAC;AAClC,gBAAQ,IAAI;AACZ;AAAA,UACE,CAAC,MAAM,QAAQ,WAAW;AAAA,UAC1B,QAAQ,OAAO,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,QAAQ,IAAI,CAAC;AAAA,UACtE;AAAA,QACF;AAAA,MACF;AAEA,UAAI,QAAQ,SAAS,SAAS,GAAG;AAC/B,gBAAQ,IAAI;AACZ,gBAAQ,IAAIA,OAAM,KAAK,YAAY,CAAC;AACpC,gBAAQ,IAAI;AACZ;AAAA,UACE,CAAC,MAAM,QAAQ,MAAM;AAAA,UACrB,QAAQ,SAAS,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,QAAQ,KAAK,EAAE,IAAI,CAAC;AAAA,UACzD;AAAA,QACF;AAAA,MACF;AAEA,UAAI,QAAQ,cAAc,SAAS,GAAG;AACpC,gBAAQ,IAAI;AACZ,gBAAQ,IAAIA,OAAM,KAAK,kBAAkB,CAAC;AAC1C,gBAAQ,IAAI;AACZ;AAAA,UACE,CAAC,MAAM,MAAM;AAAA,UACb,QAAQ,cAAc,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAAA,UAClD;AAAA,QACF;AAAA,MACF;AAEA,cAAQ,IAAI;AAAA,IACd,CAAC;AAAA,EACH;AACJ;;;AClFA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,eAAc;AACrB,OAAOC,WAAS;AAQhB,SAAS,OAAO,UAAmC;AACjD,QAAM,KAAKC,UAAS,gBAAgB,EAAE,OAAO,QAAQ,OAAO,QAAQ,QAAQ,OAAO,CAAC;AACpF,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,UAAU,CAAC,WAAW;AAChC,SAAG,MAAM;AACT,cAAQ,OAAO,KAAK,CAAC;AAAA,IACvB,CAAC;AAAA,EACH,CAAC;AACH;AAGO,SAASC,iBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,sBAAsB,EAClC,OAAO,iBAAiB,cAAc,EACtC,OAAO,+BAA+B,qBAAqB,EAC3D,OAAO,8BAA8B,qBAAqB,EAC1D;AAAA,IACC,iBAAiB,OAAO,MAAoE,QAAiB;AAC3G,YAAM,aAAa,IAAI,gBAA+B;AACtD,YAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,YAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,UAAI,OAAO,KAAK;AAChB,UAAI,CAAC,MAAM;AACT,eAAO,MAAM,OAAO,gBAAgB;AAAA,MACtC;AACA,UAAI,CAAC,MAAM;AACT,cAAM,IAAI,MAAM,2BAA2B;AAAA,MAC7C;AAEA,YAAM,UAAUC,MAAI,qBAAqB,EAAE,MAAM;AACjD,YAAM,WAAW,MAAM,OAAO,cAAc;AAAA,QAC1C;AAAA,QACA,aAAa,KAAK;AAAA,QAClB,YAAY,KAAK;AAAA,MACnB,CAAC;AACD,cAAQ,KAAK;AAEb,UAAI,WAAW,MAAM;AACnB,gBAAQ,IAAI,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAC7C;AAAA,MACF;AAEA,cAAQ,4BAA4B,SAAS,EAAE,EAAE;AAAA,IACnD,CAAC;AAAA,EACH;AACJ;;;ACzDA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAST,SAAS,mBAA4B;AAC1C,SAAO,IAAIC,UAAQ,YAAY,EAC5B,YAAY,qDAAqD,EACjE,SAAS,eAAe,YAAY,EACpC;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,MACE,OACE,WACA,SACA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,4BAA4B,EAAE,MAAM;AACxD,cAAM,OAAO,oBAAoB,WAAW;AAAA,UAC1C,UAAU,QAAQ;AAAA,QACpB,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,KAAK,UAAU,EAAE,WAAW,UAAU,QAAQ,QAAQ,GAAG,MAAM,CAAC,CAAC;AAC7E;AAAA,QACF;AAEA,gBAAQ,wCAAwC,SAAS,EAAE;AAAA,MAC7D;AAAA,IACF;AAAA,EACF;AACJ;;;ACtCO,SAAS,wBAAwBC,UAAwB;AAC9D,QAAM,UAAUA,SAAQ,QAAQ,SAAS,EAAE,YAAY,iBAAiB;AAExE,UAAQ,WAAWC,aAAY,CAAC;AAChC,UAAQ,WAAWC,YAAW,CAAC;AAC/B,UAAQ,WAAWC,eAAc,CAAC;AAClC,UAAQ,WAAW,gBAAgB,CAAC;AACpC,UAAQ,WAAW,iBAAiB,CAAC;AACvC;;;ACfA,SAAS,aAAa;AACtB,OAAOC,WAAS;AAChB,OAAOC,SAAQ;AAcR,SAAS,mBAAmBC,UAAwB;AACzD,EAAAA,SACG,QAAQ,KAAK,EACb,YAAY,oEAAoE,EAChF,SAAS,gBAAgB,kCAAkC,EAC3D,OAAO,qBAAqB,0CAA0C,EACtE;AAAA,IACC;AAAA,MACE,OAAO,cAAwB,MAA2B,QAAiB;AACzE,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,SAAS,YAAY,UAAU;AAGrC,cAAM,UAAUC,MAAI,0BAA0B,EAAE,MAAM;AACtD,cAAM,KAAK,MAAMC,IAAG,OAAO,MAAM;AACjC,gBAAQ,KAAK;AAEb,cAAM,MAAM,GAAG;AAGf,cAAM,YAAoC,CAAC;AAE3C,mBAAW,OAAO,OAAO,KAAK,GAAG,GAAG;AAClC,gBAAM,UAAU,KAAK,SACjB,GAAG,KAAK,OAAO,YAAY,CAAC,IAAI,GAAG,KACnC;AACJ,oBAAU,OAAO,IAAI,IAAI,GAAG;AAAA,QAC9B;AAGA,cAAM,CAAC,SAAS,GAAG,IAAI,IAAI;AAC3B,cAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACjC,OAAO;AAAA,UACP,KAAK,EAAE,GAAG,QAAQ,KAAK,GAAG,UAAU;AAAA,UACpC,OAAO;AAAA,QACT,CAAC;AAGD,cAAM,GAAG,SAAS,CAAC,SAAS;AAC1B,kBAAQ,KAAK,QAAQ,CAAC;AAAA,QACxB,CAAC;AAED,cAAM,GAAG,SAAS,CAAC,QAAQ;AACzB,gBAAM,IAAI,MAAM,8BAA8B,OAAO,MAAM,IAAI,OAAO,EAAE;AAAA,QAC1E,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACJ;;;ACjEA,SAAS,WAAAC,iBAAe;AACxB,OAAOC,WAAS;AAST,SAASC,iBAAyB;AACvC,SAAO,IAAIC,UAAQ,QAAQ,EACxB,YAAY,gCAAgC,EAC5C,eAAe,iBAAiB,qBAAqB,EACrD,eAAe,oBAAoB,WAAW,EAC9C,OAAO,oBAAoB,mCAAmC,EAC9D;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,IACA,CAAC;AAAA,EACH,EACC;AAAA,IACC;AAAA,MACE,OACE,SAMA,QACG;AACH,cAAM,aAAa,IAAI,gBAA+B;AACtD,cAAM,aAAa,kBAAkB,YAAY,EAAE,eAAe,KAAK,CAAC;AACxE,cAAM,SAAS,IAAI,UAAU,WAAW,QAAS,WAAW,OAAO;AAEnE,cAAM,UAAUC,MAAI,4BAA4B,EAAE,MAAM;AACxD,cAAM,OAAO,oBAAoB;AAAA,UAC/B,MAAM,QAAQ;AAAA,UACd,UAAU,QAAQ,YAAY;AAAA,UAC9B,UAAU,QAAQ;AAAA,UAClB,OAAO,QAAQ;AAAA,QACjB,CAAC;AACD,gBAAQ,KAAK;AAEb,YAAI,WAAW,MAAM;AACnB,kBAAQ;AAAA,YACN,KAAK;AAAA,cACH;AAAA,gBACE,MAAM,QAAQ;AAAA,gBACd,UAAU,QAAQ;AAAA,gBAClB,UAAU,QAAQ,YAAY;AAAA,gBAC9B,OAAO,QAAQ;AAAA,cACjB;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAAA,UACF;AACA;AAAA,QACF;AAEA,gBAAQ,2BAA2B,QAAQ,IAAI,GAAG;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AACJ;;;AC9DO,SAAS,8BAA8BC,UAAwB;AACpE,QAAM,gBAAgBA,SACnB,QAAQ,gBAAgB,EACxB,YAAY,+BAA+B;AAE9C,gBAAc,WAAWC,eAAc,CAAC;AAC1C;;;A/EkBA,IAAM,UAAU,IAAIC,UAAQ;AAE5B,QACG,KAAK,IAAI,EACT,YAAY,sEAAiE,EAC7E,QAAQ,OAAO,EACf,OAAO,mBAAmB,wDAAwD,EAClF,OAAO,oBAAoB,uEAAuE,EAClG,OAAO,qBAAqB,8EAA8E,EAC1G,OAAO,SAAS,oEAAoE,EACpF,OAAO,oBAAoB,wCAAwC,EACnE,OAAO,6BAA6B,2FAA2F,EAC/H,OAAO,6BAA6B,mGAAmG,EACvI,OAAO,UAAU,2CAA2C,KAAK;AAEpE,sBAAsB,OAAO;AAC7B,qBAAqB,OAAO;AAC5B,wBAAwB,OAAO;AAC/B,uBAAuB,OAAO;AAC9B,QAAQ,WAAW,iBAAiB,CAAC;AACrC,uBAAuB,OAAO;AAC9B,yBAAyB,OAAO;AAChC,wBAAwB,OAAO;AAC/B,2BAA2B,OAAO;AAClC,4BAA4B,OAAO;AACnC,wBAAwB,OAAO;AAC/B,8BAA8B,OAAO;AACrC,sBAAsB,OAAO;AAC7B,sBAAsB,OAAO;AAC7B,wBAAwB,OAAO;AAC/B,mBAAmB,OAAO;AAC1B,QAAQ,WAAW,cAAc,CAAC;AAElC,QAAQ,MAAM;","names":["Command","path","fs","os","fs","fs","fs","fs","path","fs","path","Command","chalk","ora","Command","ora","chalk","Command","ora","Command","ora","Command","ora","Command","chalk","ora","chalk","Command","ora","fs","path","Command","ora","Command","ora","Command","ora","Command","ora","Command","ora","Command","ora","Command","ora","program","Command","applyCredentialBundleToProfile","Command","Command","Command","config","profileName","Command","crypto","path","Command","Command","chalk","Command","chalk","Command","Command","chalk","chalk","Command","Command","program","Command","ora","Command","ora","program","Command","ora","fs","path","createCommand","Command","ora","Command","ora","listCommand","Command","ora","program","listCommand","createCommand","Command","fs","fs","privateKeyPem","Command","Command","ora","Command","ora","Command","ora","listCommand","Command","ora","Command","ora","Command","ora","program","listCommand","Command","ora","Command","ora","program","Command","Command","path","program","Command","ora","Command","ora","program","Command","ora","Command","ora","Command","ora","Command","ora","program","Command","listCommand","Command","Command","Command","program","listCommand","Command","Command","program","Command","ora","createCommand","Command","ora","Command","ora","Command","ora","path","Command","ora","R4","Command","R4","path","ora","Command","ora","R4","listCommand","Command","ora","R4","Command","Command","ora","R4","ora","Command","R4","Command","Command","ora","Command","ora","Command","ora","R4","getCommand","Command","ora","R4","Command","ora","R4","Command","ora","R4","program","createCommand","listCommand","getCommand","Command","ora","Command","ora","Command","ora","listCommand","Command","ora","Command","chalk","ora","getCommand","Command","ora","chalk","Command","readline","ora","readline","createCommand","Command","ora","Command","ora","Command","ora","program","listCommand","getCommand","createCommand","ora","R4","program","ora","R4","Command","ora","createCommand","Command","ora","program","createCommand","Command"]}