@replicated/portal-components 0.0.14 → 0.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/components/metadata/registry.json +2 -2
  2. package/components/metadata/registry.md +2 -2
  3. package/dist/actions/index.d.mts +20 -16
  4. package/dist/actions/index.d.ts +20 -16
  5. package/dist/actions/index.js +31 -0
  6. package/dist/actions/index.js.map +1 -1
  7. package/dist/esm/actions/index.js +31 -1
  8. package/dist/esm/actions/index.js.map +1 -1
  9. package/dist/esm/helm-install-wizard.js.map +1 -1
  10. package/dist/esm/index.js +35 -11
  11. package/dist/esm/index.js.map +1 -1
  12. package/dist/esm/install-actions.js.map +1 -1
  13. package/dist/esm/license-details.js.map +1 -1
  14. package/dist/esm/linux-install-wizard.js.map +1 -1
  15. package/dist/esm/security-card.js +38 -30
  16. package/dist/esm/security-card.js.map +1 -1
  17. package/dist/esm/support-card.js.map +1 -1
  18. package/dist/esm/top-nav.js +3 -9
  19. package/dist/esm/top-nav.js.map +1 -1
  20. package/dist/esm/update-layout.js +3 -9
  21. package/dist/esm/update-layout.js.map +1 -1
  22. package/dist/esm/utils/index.js.map +1 -1
  23. package/dist/helm-install-wizard.js.map +1 -1
  24. package/dist/index.d.mts +2 -2
  25. package/dist/index.d.ts +2 -2
  26. package/dist/index.js +35 -10
  27. package/dist/index.js.map +1 -1
  28. package/dist/install-actions.js.map +1 -1
  29. package/dist/license-details.js.map +1 -1
  30. package/dist/linux-install-wizard.js.map +1 -1
  31. package/dist/security-card.d.mts +10 -5
  32. package/dist/security-card.d.ts +10 -5
  33. package/dist/security-card.js +38 -30
  34. package/dist/security-card.js.map +1 -1
  35. package/dist/support-card.js.map +1 -1
  36. package/dist/{top-nav-0mb1K_H0.d.mts → top-nav-IRIn66wS.d.mts} +2 -1
  37. package/dist/{top-nav-0mb1K_H0.d.ts → top-nav-IRIn66wS.d.ts} +2 -1
  38. package/dist/top-nav.d.mts +1 -1
  39. package/dist/top-nav.d.ts +1 -1
  40. package/dist/top-nav.js +3 -9
  41. package/dist/top-nav.js.map +1 -1
  42. package/dist/update-layout.js +3 -9
  43. package/dist/update-layout.js.map +1 -1
  44. package/dist/utils/index.js.map +1 -1
  45. package/package.json +2 -1
package/dist/esm/install-actions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/utils/api-client.ts","../../src/actions/index.ts","../../src/actions/install.ts","../../src/actions/instances.ts"],"names":["fetchInstances"],"mappings":";;;;;;;;;AAwCA,eAAsB,kBAAA,CACpB,GAAA,EACA,OAAA,GAA2B,EAAC,EACT;AACnB,EAAA,MAAM,EAAE,KAAA,EAAO,GAAG,YAAA,EAAa,GAAI,OAAA;AAGnC,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,YAAA,CAAa,OAAO,CAAA;AAChD,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAA;AAAA,EAChD;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,IAChC,GAAG,YAAA;AAAA,IACH;AAAA,GACD,CAAA;AAGD,EAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,IAAA,MAAM,SAAA,EAAU;AAAA,EAClB;AAGA,EAAA,IAAI,QAAA,CAAS,WAAW,GAAA,IAAO,QAAA,CAAS,WAAW,GAAA,IAAO,QAAA,CAAS,WAAW,GAAA,EAAK;AACjF,IAAA,MAAM,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAAA,EACzC;AAEA,EAAA,OAAO,QAAA;AACT;AA2BA,eAAe,SAAA,GAA4B;AACzC,EAAA,MAAM,EAAE,QAAA,EAAS,GAAI,MAAM,OAAO,iBAAiB,CAAA;AAGnD,EAAA,OAAO,SAAS,aAAa,CAAA;AAC/B;AAuBA,eAAe,kBAAkB,UAAA,EAAoC;AACnE,EAAA,MAAM,EAAE,QAAA,EAAS,GAAI,MAAM,OAAO,iBAAiB,CAAA;AAGnD,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAM,OAAO,cAAc,CAAA;AAC/C,IAAA,MAAM,WAAA,GAAc,MAAM,OAAA,EAAQ;AAClC,IAAA,MAAM,OAAA,GAAU,WAAA,CAAY,GAAA,CAAI,SAAS,CAAA;AACzC,IAAA,MAAM,IAAA,GAAO,WAAA,CAAY,GAAA,CAAI,MAAM,CAAA;AACnC,IAAA,MAAM,WAAW,WAAA,CAAY,GAAA,CAAI,eAAe,CAAA,IAAK,WAAA,CAAY,IAAI,kBAAkB,CAAA;AAEvF,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,SAAA,GAAY,OAAA;AAAA,IACd,CAAA,MAAA,IAAW,QAAQ,QAAA,EAAU;AAC3B,MAAA,MAAM,QAAA,GAAW,WAAA,CAAY,GAAA,CAAI,mBAAmB,CAAA,IAAK,OAAA;AACzD,MAAA,SAAA,GAAY,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,GAAG,QAAQ,CAAA,CAAA;AAAA,IAC9C;AAAA,EACF,SAAS,KAAA,EAAO;AAEd,IAAA,OAAA,CAAQ,KAAA,CAAM,sDAAsD,KAAK,CAAA;AAAA,EAC3E;AAGA,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB,EAAE,MAAM,MAAA,CAAO,UAAU,GAAG,CAAA;AAC/D,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,MAAA,CAAO,GAAA,CAAI,UAAU,SAAS,CAAA;AAAA,EAChC;AAEA,EAAA,OAAO,QAAA,CAAS,CAAA,OAAA,EAAU,MAAA,CAAO,QAAA,EAAU,CAAA,CAAE,CAAA;AAC/C;ACvIO,IAAM,eAAe,MAAc;AACxC,EAAA,OAAA,CAAQ,QAAQ,GAAA,CAAI,qBAAA,IAAyB,wBAAA,EAA0B,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC3F,CAAA;AA4aA,IAAM,0BAA0B,YAA6C;AAC3E,EAAA,MAAM,OAAA,GAAU,QAAQ,GAAA,CAAI,eAAA;AAE5B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,MAAM,mCAAmC,CAAA;AAAA,EACrD;AAEA,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,YAAA,EAAc,CAAA,4CAAA,EAA+C,kBAAA;AAAA,IAC1E;AAAA,GACD,CAAA,CAAA;AAED,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA;AAAA,MACN,6EAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,IAChC,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,gCAAA,EAAmC,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,SAAS,UAAU,CAAA,CAAA;AAAA,KAC3E;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,QAAA,CAAS,IAAA,EAAK;AAIpC,EAAA,MAAM,cAAA,GAAiB;AAAA,IACrB,MAAM,OAAA,CAAQ,OAAA;AAAA,IACd,OAAO,OAAA,CAAQ,OAAA;AAAA,IACf,cAAc,OAAA,CAAQ,YAAA;AAAA,IACtB,cAAc,OAAA,CAAQ,cAAA;AAAA,IACtB,SAAS,OAAA,CAAQ;AAAA,GACnB;AAGA,EAAA,MAAM,YAAA,GAAe,OAAO,IAAA,CAAK,IAAA,CAAK,UAAU,cAAc,CAAC,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA;AAElF,EAAA,OAAO;AAAA,IACL,YAAA;AAAA,IACA,aAAA,EAAe;AAAA;AAAA,GACjB;AACF,CAAA;AAOmC,MAAM,uBAAuB;AAEzD,IAAM,gBAAA,GAAmB,CAAC,KAAA,KAA2C;AAC1E,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAC7B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAAA,EACxC;AAEA,EAAA,MAAM,cAAA,GAAiB,MAAM,CAAC,CAAA;AAC9B,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,EAC/C;AAEA,EAAA,MAAM,SAAS,cAAA,CAAe,MAAA;AAAA,IAC5B,cAAA,CAAe,MAAA,GAAA,CAAW,CAAA,GAAK,cAAA,CAAe,SAAS,CAAA,IAAM,CAAA;AAAA,IAC7D;AAAA,GACF;AACA,EAAA,MAAM,UAAU,MAAA,CAAO,IAAA,CAAK,QAAQ,QAAQ,CAAA,CAAE,SAAS,OAAO,CAAA;AAC9D,EAAA,OAAO,IAAA,CAAK,MAAM,OAAO,CAAA;AAC3B,CAAA;AAKO,IAAM,sBAAA,GAAyB,CAAC,KAAA,KAA0B;AAC/D,EAAA,MAAM,OAAA,GAAU,iBAAiB,KAAK,CAAA;AACtC,EAAA,MAAM,UAAA,GAAa,OAAA,EAAS,WAAA,IAAe,OAAA,EAAS,UAAA;AACpD,EAAA,IAAI,OAAO,UAAA,KAAe,QAAA,IAAY,CAAC,UAAA,CAAW,MAAK,EAAG;AACxD,IAAA,MAAM,IAAI,MAAM,oDAAoD,CAAA;AAAA,EACtE;AACA,EAAA,OAAO,WAAW,IAAA,EAAK;AACzB,CAAA;;;ACzVA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM,EAAE,KAAA,EAAO,SAAA,EAAU,GAAI,KAAA;AAE7B,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,mCAAA,CAAqC,CAAA;AAClE,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,YAAA,EAAc,SAAS,CAAA;AAAA,EAC9C;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,8EAAA,EAAgF,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EAC9G;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,oCAAoC,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KAC3F;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,EAAA,MAAM,UAAU,QAAA,CAAS,IAAA;AAEzB,EAAA,OAAO;AAAA,IACL,eAAA,EAAiB,OAAA,EAAS,eAAA,IAAmB;AAAC,GAChD;AACF;AAUA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,WAAA;AAAA,IACA,YAAA;AAAA,IACA,gBAAA;AAAA,IACA,mBAAA;AAAA,IACA,WAAA,GAAc,KAAA;AAAA,IACd,SAAA;AAAA,IACA,sBAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAK,EAAG;AACzB,IAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,EAC7C;AAEA,EAAA,IAAI,CAAC,gBAAA,EAAkB,IAAA,EAAK,EAAG;AAC7B,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAE5B,EAAA,MAAM,QAAA,GAAW,GAAG,MAAM,CAAA,2DAAA,CAAA;AAE1B,EAAA,MAAM,IAAA,GAAgC;AAAA,IACpC,YAAA,EAAc,WAAA;AAAA,IACd,aAAA,EAAe,aAAa,IAAA,EAAK;AAAA,IACjC,kBAAA,EAAoB,iBAAiB,IAAA,EAAK;AAAA,IAC1C,oBAAA,EAAsB,mBAAA;AAAA,IACtB,aAAA,EAAe;AAAA,GACjB;AAGA,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAAA,EACpB;AACA,EAAA,IAAI,2BAA2B,MAAA,EAAW;AACxC,IAAA,IAAA,CAAK,wBAAA,GAA2B,sBAAA;AAAA,EAClC;AACA,EAAA,IAAI,oBAAA,EAAsB;AACxB,IAAA,IAAA,CAAK,qBAAA,GAAwB,oBAAA;AAAA,EAC/B;AACA,EAAA,IAAI,sBAAA,EAAwB;AAC1B,IAAA,IAAA,CAAK,uBAAA,GAA0B,sBAAA;AAAA,EACjC;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,uDAAuD,QAAQ,CAAA;AAAA,EAC/E;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,QAAA,EAAU;AAAA,IAClD,MAAA,EAAQ,MAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,kCAAkC,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KACzF;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,SAAS,IAAA,EAAK;AAC7B;AAMA,eAAsB,iBAAA,CACpB,OACA,OAAA,EACkC;AAClC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,gBAAA;AAAA,IACA,mBAAA,GAAsB,IAAA;AAAA,IACtB,uBAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,EAC9D;AAEA,EAAA,IAAI,CAAC,gBAAA,EAAkB,IAAA,EAAK,EAAG;AAC7B,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,mCAAA,EAAsC,gBAAA,CAAiB,IAAA,EAAM,CAAA,CAAE,CAAA;AAE5F,EAAA,IAAI,mBAAA,EAAqB;AACvB,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,qBAAA,EAAuB,MAAM,CAAA;AAAA,EACpD;AACA,EAAA,IAAI,uBAAA,EAAyB;AAC3B,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,yBAAA,EAA2B,uBAAuB,CAAA;AAAA,EACzE;AACA,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AAAA,EAC3C;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,6EAAA,EAA+E,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EAC7G;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,+BAA+B,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KACtF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,EAAA,OAAO,QAAA,CAAS,IAAA;AAClB;AAOA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,gBAAA;AAAA,IACA,WAAA;AAAA,IACA,SAAA;AAAA,IACA,sBAAA;AAAA,IACA,mBAAA;AAAA,IACA,oBAAA;AAAA,IACA,sBAAA;AAAA,IACA,WAAA;AAAA,IACA,gBAAA;AAAA,IACA,eAAA;AAAA,IACA,MAAA;AAAA,IACA,mBAAA,GAAsB,IAAA;AAAA,IACtB,uBAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,CAAC,gBAAA,EAAkB,IAAA,EAAK,EAAG;AAC7B,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,mCAAA,EAAsC,gBAAA,CAAiB,IAAA,EAAM,CAAA,CAAE,CAAA;AAE5F,EAAA,IAAI,mBAAA,EAAqB;AACvB,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,qBAAA,EAAuB,MAAM,CAAA;AAAA,EACpD;AACA,EAAA,IAAI,uBAAA,EAAyB;AAC3B,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,yBAAA,EAA2B,uBAAuB,CAAA;AAAA,EACzE;AACA,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AAAA,EAC3C;AAGA,EAAA,MAAM,OAAgC,EAAC;AAEvC,EAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,IAAA,IAAA,CAAK,YAAA,GAAe,WAAA;AAAA,EACtB;AACA,EAAA,IAAI,cAAc,MAAA,EAAW;AAC3B,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAAA,EACpB;AACA,EAAA,IAAI,2BAA2B,MAAA,EAAW;AACxC,IAAA,IAAA,CAAK,wBAAA,GAA2B,sBAAA;AAAA,EAClC;AACA,EAAA,IAAI,wBAAwB,MAAA,EAAW;AACrC,IAAA,IAAA,CAAK,oBAAA,GAAuB,mBAAA;AAAA,EAC9B;AACA,EAAA,IAAI,yBAAyB,MAAA,EAAW;AACtC,IAAA,IAAA,CAAK,qBAAA,GAAwB,oBAAA;AAAA,EAC/B;AACA,EAAA,IAAI,2BAA2B,MAAA,EAAW;AACxC,IAAA,IAAA,CAAK,uBAAA,GAA0B,sBAAA;AAAA,EACjC;AACA,EAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,IAAA,IAAA,CAAK,aAAA,GAAgB,WAAA;AAAA,EACvB;AACA,EAAA,IAAI,qBAAqB,MAAA,EAAW;AAClC,IAAA,IAAA,CAAK,kBAAA,GAAqB,gBAAA;AAAA,EAC5B;AACA,EAAA,IAAI,oBAAoB,MAAA,EAAW;AACjC,IAAA,IAAA,CAAK,iBAAA,GAAoB,eAAA;AAAA,EAC3B;AACA,EAAA,IAAI,WAAW,MAAA,EAAW;AACxB,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,qDAAA,EAAuD,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EACrF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,OAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,kCAAkC,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KACzF;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,SAAS,IAAA,EAAK;AAC7B;AAUO,SAAS,8BAA8B,QAAA,EAA8C;AAC1F,EAAA,OAAO,QAAA,CAAS,MAAA;AAAA,IACd,CAAC,OAAA,KAAY,OAAA,CAAQ,iBAAA,EAAmB,eAAA,EAAiB;AAAA,GAC3D;AACF;AAMO,SAAS,mBAAmB,QAAA,EAA8C;AAC/E,EAAA,OAAO,QAAA,CAAS,MAAA;AAAA,IACd,CAAC,OAAA,KAAY,OAAA,CAAQ,iBAAA,EAAmB,IAAA,EAAM;AAAA,GAChD;AACF;AAuCA,eAAsB,qBAAA,CACpB,OACA,OAAA,EACsC;AACtC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,gBAAA;AAAA,IACA,UAAA;AAAA,IACA,eAAA;AAAA,IACA,qBAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,EAClE;AAEA,EAAA,IAAI,CAAC,eAAA,EAAiB,IAAA,EAAK,EAAG;AAC5B,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,IAAI,qBAAA,KAA0B,MAAA,IAAa,qBAAA,KAA0B,IAAA,EAAM;AACzE,IAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,EACvD;AAGA,EAAA,MAAM,aAAa,gBAAA,IAAoB,UAAA;AACvC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,mDAAmD,CAAA;AAAA,EACrE;AAEA,EAAmB,uBAAuB,KAAK;AAC/C,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,WAAA,GAAc,IAAI,eAAA,EAAgB;AACxC,EAAA,WAAA,CAAY,GAAA,CAAI,iBAAA,EAAmB,eAAA,CAAgB,IAAA,EAAM,CAAA;AACzD,EAAA,WAAA,CAAY,GAAA,CAAI,uBAAA,EAAyB,qBAAA,CAAsB,QAAA,EAAU,CAAA;AAEzE,EAAA,IAAI,uBAAA,EAAyB,MAAK,EAAG;AACnC,IAAA,WAAA,CAAY,GAAA,CAAI,yBAAA,EAA2B,uBAAA,CAAwB,IAAA,EAAM,CAAA;AAAA,EAC3E;AAIA,EAAA,IAAI,CAAC,oBAAoB,UAAA,EAAY;AACnC,IAAA,WAAA,CAAY,GAAA,CAAI,eAAe,UAAU,CAAA;AAAA,EAC3C;AAEA,EAAA,MAAM,SAAS,gBAAA,IAAoB,aAAA;AAEnC,EAAA,MAAM,GAAA,GAAM,GAAG,MAAM,CAAA,mCAAA,EAAsC,MAAM,CAAA,qBAAA,EAAwB,WAAA,CAAY,UAAU,CAAA,CAAA;AAE/G,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,2DAA2D,GAAG,CAAA;AAAA,EAC9E;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,EAAK;AAAA,IAC7C,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,IAAI,YAAA,GAAe,qCAAA;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA;AACtC,MAAA,YAAA,GAAe,SAAA,CAAU,KAAA,IAAS,SAAA,CAAU,OAAA,IAAW,YAAA;AAAA,IACzD,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,EAC9B;AAEA,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,EAAA,OAAO;AAAA,IACL,YAAA,EAAc;AAAA,MACZ,MAAA,EAAQ,KAAK,MAAA,IAAU,OAAA;AAAA,MACvB,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,KAAA,EAAO,IAAA,CAAK,KAAA,IAAS;AAAC;AACxB,GACF;AACF;AA8BA,eAAsB,yBAAA,CACpB,OACA,OAAA,EAC0C;AAC1C,EAAA,MAAM,EAAE,OAAM,GAAI,KAAA;AAElB,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,MAAM,IAAA,EAAK,CAAE,WAAW,CAAA,EAAG;AAC1D,IAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AAAA,EACxE;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAI5B,EAAA,MAAM,WAAA,GAAc,IAAI,eAAA,EAAgB;AACxC,EAAA,WAAA,CAAY,GAAA,CAAI,UAAU,aAAa,CAAA;AACvC,EAAA,WAAA,CAAY,GAAA,CAAI,aAAa,GAAG,CAAA;AAChC,EAAA,WAAA,CAAY,GAAA,CAAI,YAAY,YAAY,CAAA;AACxC,EAAA,WAAA,CAAY,GAAA,CAAI,mBAAmB,MAAM,CAAA;AAEzC,EAAA,MAAM,WAAW,CAAA,EAAG,MAAM,CAAA,mCAAA,EAAsC,WAAA,CAAY,UAAU,CAAA,CAAA;AAEtF,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,qFAAqF,QAAQ,CAAA;AAAA,EAC7G;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,QAAA,EAAU;AAAA,IAClD,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,sCAAA,EAAyC,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,SAAS,UAAU,CAAA,CAAA;AAAA,KACjF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,EAAA,MAAM,UAAU,QAAA,CAAS,IAAA;AAGzB,EAAA,MAAM,YAAA,GAAe,OAAA,EAAS,eAAA,IAAmB,EAAC;AAElD,EAAA,MAAM,aAAA,GAAuC,YAAA,CAAa,GAAA,CAAI,CAAC,IAAA,MAAmC;AAAA,IAChG,EAAA,EAAI,MAAA,CAAO,IAAA,CAAK,EAAA,IAAM,EAAE,CAAA;AAAA,IACxB,IAAA,EAAM,MAAA,CAAO,IAAA,CAAK,aAAA,IAAiB,SAAS,CAAA;AAAA,IAC5C,MAAA,EAAQ,IAAA,CAAK,YAAA,KAAiB,MAAA,GAAS,MAAA,GAAkB,OAAA;AAAA,IACzD,SAAA,EAAW,MAAA,CAAO,IAAA,CAAK,6BAAA,IAAiC,SAAS,CAAA;AAAA,IACjE,SAAA,EAAW,OAAO,IAAA,CAAK,UAAA,IAAA,qBAAkB,IAAA,EAAK,EAAE,aAAa;AAAA,GAC/D,CAAE,CAAA;AAEF,EAAA,OAAO;AAAA,IACL;AAAA,GACF;AACF;;;AC3oBO,IAAM,4BAAA,GAA+B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAUpD,SAAS,iBAAiB,QAAA,EAA6B;AAC5D,EAAA,IAAI,CAAC,SAAS,WAAA,EAAa;AACzB,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,kBAAkB,IAAI,IAAA,CAAK,QAAA,CAAS,WAAW,EAAE,OAAA,EAAQ;AAC/D,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,4BAAA;AAC/B,EAAA,OAAO,eAAA,GAAkB,SAAA;AAC3B;AAKO,SAAS,8BAA8B,SAAA,EAG5C;AACA,EAAA,MAAM,eAAA,GAAkB,SAAA,CAAU,MAAA,CAAO,gBAAgB,CAAA;AACzD,EAAA,MAAM,iBAAA,GAAoB,UAAU,MAAA,CAAO,CAAC,aAAa,CAAC,gBAAA,CAAiB,QAAQ,CAAC,CAAA;AACpF,EAAA,OAAO,EAAE,iBAAiB,iBAAA,EAAkB;AAC9C;AAKO,SAAS,cAAA,CACd,UACA,cAAA,EACoC;AACpC,EAAA,MAAM,yBAAA,GACJ,CAAC,QAAA,CAAS,aAAA,IACV,CAAC,QAAA,CAAS,aAAA,IACV,CAAC,QAAA,CAAS,iBAAA;AACZ,EAAA,MAAM,+BAAA,GACJ,SAAS,QAAA,IAAY,yBAAA;AAGvB,EAAA,IAAI,SAAS,iBAAA,EAAmB;AAC9B,IAAA,OAAO,kBAAA;AAAA,EACT;AAGA,EAAA,IAAI,yBAAA,IAA6B,SAAS,eAAA,EAAiB;AACzD,IAAA,OAAO,MAAA;AAAA,EACT;AAIA,EAAA,IAAI,+BAAA,IAAmC,CAAC,QAAA,CAAS,eAAA,EAAiB;AAChE,IAAA,IAAI,cAAA,EAAgB;AAClB,MAAA,MAAM,wBAAwB,cAAA,CAAe,IAAA;AAAA,QAC3C,CAAC,MAAA,KAAW,MAAA,CAAO,WAAA,KAAgB,QAAA,CAAS;AAAA,OAC9C;AACA,MAAA,IAAI,qBAAA,EAAuB;AACzB,QAAA,IAAI,qBAAA,CAAsB,iBAAiB,MAAA,EAAQ;AACjD,UAAA,OAAO,MAAA;AAAA,QACT;AACA,QAAA,IAAI,qBAAA,CAAsB,iBAAiB,OAAA,EAAS;AAClD,UAAA,OAAO,kBAAA;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,kBAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,2BAAA,CACd,UACA,eAAA,EACQ;AACR,EAAA,IAAI,CAAC,eAAA,IAAmB,CAAC,KAAA,CAAM,OAAA,CAAQ,eAAe,CAAA,EAAG;AACvD,IAAA,OAAO,CAAA;AAAA,EACT;AAEA,EAAA,MAAM,uBAAA,GAA0B,SAAS,eAAA,IAAmB,CAAA;AAG5D,EAAA,MAAM,mBAAmB,eAAA,CAAgB,MAAA;AAAA,IACvC,CAAC,OAAA,KAAY,OAAA,CAAQ,SAAA,KAAc,QAAA,CAAS;AAAA,GAC9C;AAEA,EAAA,OAAO,gBAAA,CAAiB,MAAA;AAAA,IACtB,CAAC,OAAA,KAAY,OAAA,CAAQ,eAAA,GAAkB;AAAA,GACzC,CAAE,MAAA;AACJ;AAKO,SAAS,gBAAgB,QAAA,EAA4B;AAC1D,EAAA,MAAM,OAAA,GAAU,SAAS,IAAA,EAAM,IAAA,CAAK,CAAC,GAAA,KAAQ,GAAA,CAAI,QAAQ,MAAM,CAAA;AAC/D,EAAA,OAAO,SAAS,KAAA,IAAS,QAAA,CAAS,EAAA,CAAG,KAAA,CAAM,GAAG,CAAC,CAAA;AACjD;AAUA,eAAsBA,eAAAA,CACpB,OACA,OAAA,EAC+B;AAC/B,EAAA,MAAM,EAAE,OAAM,GAAI,KAAA;AAElB,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC3D;AAEA,EAAmB,uBAAuB,KAAK;AAC/C,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,4BAAA,CAA8B,CAAA;AAE3D,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,+CAAA,EAAiD,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EAC/E;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,6BAA6B,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KACpF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,QAAA,CAAS,IAAA,EAAK;AAEpC,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AACrB,EAAA,MAAM,YAAA,GAA2B,IAAA,EAAM,SAAA,IAAa,EAAC;AAGrD,EAAA,MAAM,SAAS,YAAA,CAAa,MAAA,CAAO,CAAC,QAAA,KAAa,CAAC,SAAS,QAAQ,CAAA;AACnE,EAAA,MAAM,SAAS,YAAA,CAAa,MAAA,CAAO,CAAC,QAAA,KAAa,SAAS,QAAQ,CAAA;AAElE,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,YAAA;AAAA,IACX,MAAA;AAAA,IACA;AAAA,GACF;AACF;AAqCA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,gBAAA;AAAA,IACA,YAAA;AAAA,IACA,SAAA;AAAA,IACA,eAAA;AAAA,IACA,UAAA;AAAA,IACA,eAAA;AAAA,IACA,SAAA,GAAY;AAAA,GACd,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,CAAC,gBAAA,EAAkB,IAAA,EAAK,EAAG;AAC7B,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAEA,EAAA,IAAI,CAAC,SAAA,EAAW,IAAA,EAAK,EAAG;AACtB,IAAA,MAAM,IAAI,MAAM,wBAAwB,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,mCAAA,CAAqC,CAAA;AAElE,EAAA,MAAM,IAAA,GAAgC;AAAA,IACpC,kBAAA,EAAoB,iBAAiB,IAAA,EAAK;AAAA,IAC1C,UAAA,EAAY,UAAU,IAAA,EAAK;AAAA,IAC3B,gBAAA,EAAkB,eAAA;AAAA,IAClB,UAAA,EAAY;AAAA,GACd;AAEA,EAAA,IAAI,YAAA,EAAc,MAAK,EAAG;AACxB,IAAA,IAAA,CAAK,aAAA,GAAgB,aAAa,IAAA,EAAK;AAAA,EACzC;AACA,EAAA,IAAI,UAAA,EAAY,MAAK,EAAG;AACtB,IAAA,IAAA,CAAK,WAAA,GAAc,WAAW,IAAA,EAAK;AAAA,EACrC;AACA,EAAA,IAAI,eAAA,EAAiB,MAAK,EAAG;AAC3B,IAAA,IAAA,CAAK,gBAAA,GAAmB,gBAAgB,IAAA,EAAK;AAAA,EAC/C;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,qDAAA,EAAuD,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EACrF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,MAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,IAAI,YAAA,GAAe,kCAAA;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA;AACtC,MAAA,YAAA,GAAe,SAAA,CAAU,KAAA,IAAS,SAAA,CAAU,OAAA,IAAW,YAAA;AAAA,IACzD,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,EAC9B;AAEA,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,EAAA,OAAO;AAAA,IACL,YAAY,IAAA,CAAK,WAAA;AAAA,IACjB,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,YAAY,IAAA,CAAK,WAAA;AAAA,IACjB,iBAAiB,IAAA,CAAK,kBAAA;AAAA,IACtB,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,UAAU,IAAA,CAAK,SAAA;AAAA,IACf,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,iBAAiB,IAAA,CAAK,gBAAA;AAAA,IACtB,YAAY,IAAA,CAAK,WAAA;AAAA,IACjB,iBAAiB,IAAA,CAAK;AAAA,GACxB;AACF;AAsBA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,UAAA;AAAA,IACA,gBAAA;AAAA,IACA,SAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY,IAAA,EAAK,EAAG;AACvB,IAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,EAC3C;AAEA,EAAA,IAAI,CAAC,SAAA,EAAW,IAAA,EAAK,EAAG;AACtB,IAAA,MAAM,IAAI,MAAM,wBAAwB,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,oCAAA,EAAuC,UAAA,CAAW,IAAA,EAAM,CAAA,CAAE,CAAA;AAEvF,EAAA,MAAM,IAAA,GAAgC;AAAA,IACpC,UAAA,EAAY,UAAU,IAAA,EAAK;AAAA,IAC3B,gBAAA,EAAkB;AAAA,GACpB;AAEA,EAAA,IAAI,gBAAA,EAAkB,MAAK,EAAG;AAC5B,IAAA,IAAA,CAAK,kBAAA,GAAqB,iBAAiB,IAAA,EAAK;AAAA,EAClD;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,qDAAA,EAAuD,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EACrF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,OAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,IAAI,YAAA,GAAe,kCAAA;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA;AACtC,MAAA,YAAA,GAAe,SAAA,CAAU,KAAA,IAAS,SAAA,CAAU,OAAA,IAAW,YAAA;AAAA,IACzD,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACzB;AAMA,eAAsB,gCAAA,CACpB,OACA,OAAA,EACiD;AACjD,EAAA,MAAM,EAAE,KAAA,EAAO,WAAA,EAAY,GAAI,KAAA;AAE/B,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,2DAA2D,CAAA;AAAA,EAC7E;AAEA,EAAA,IAAI,CAAC,WAAA,IAAe,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG;AAC5C,IAAA,OAAO,EAAE,cAAA,EAAgB,EAAC,EAAE;AAAA,EAC9B;AAEA,EAAmB,uBAAuB,KAAK;AAC/C,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,SAAqB,EAAC;AAC5B,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,WAAA,CAAY,MAAA,EAAQ,KAAK,EAAA,EAAI;AAC/C,IAAA,MAAA,CAAO,KAAK,WAAA,CAAY,KAAA,CAAM,CAAA,EAAG,CAAA,GAAI,EAAE,CAAC,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,oBAAsC,EAAC;AAE7C,EAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,IAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AAGxB,IAAA,MAAM,WAAA,GAAc,KAAA,CACjB,GAAA,CAAI,CAAC,EAAA,KAAO,CAAA,YAAA,EAAe,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAE,CAAA,CACnD,IAAA,CAAK,GAAG,CAAA;AAGX,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,MAAM,CAAA,mCAAA,EAAsC,WAAW,CAAA,CAAA;AAEtE,IAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,MAAA,OAAA,CAAQ,KAAA,CAAM,uDAAuD,GAAG,CAAA;AAAA,IAC1E;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,EAAK;AAAA,MAC7C,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA;AAAA,MACA,OAAA,EAAS;AAAA,QACP,MAAA,EAAQ;AAAA,OACV;AAAA,MACA,QAAQ,OAAA,EAAS;AAAA,KAClB,CAAA;AAED,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAE3B,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,mCAAmC,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,OAC1F;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AAErC,IAAA,MAAM,OAAA,GAA4B,QAAA,EAAU,IAAA,EAAM,eAAA,IAAmB,EAAC;AACtE,IAAA,iBAAA,CAAkB,IAAA,CAAK,GAAG,OAAO,CAAA;AAAA,EACnC;AAEA,EAAA,OAAO,EAAE,gBAAgB,iBAAA,EAAkB;AAC7C","file":"install-actions.js","sourcesContent":["/**\n * Centralized API client utility for handling authenticated requests\n * with automatic 401 detection, cookie deletion, and redirect.\n */\n\nexport interface ApiFetchOptions extends RequestInit {\n token?: string;\n}\n\nexport class UnauthorizedError extends Error {\n constructor(message = \"Unauthorized\") {\n super(message);\n this.name = \"UnauthorizedError\";\n }\n}\n\n/**\n * Helper to check if an error is a Next.js redirect error.\n * These errors should NOT be caught as they control navigation flow.\n */\nexport function isRedirectError(error: unknown): boolean {\n return (\n typeof error === \"object\" &&\n error !== null &&\n \"digest\" in error &&\n typeof (error as { digest?: unknown }).digest === \"string\" &&\n (error as { digest: string }).digest.startsWith(\"NEXT_REDIRECT\")\n );\n}\n\n/**\n * Fetch wrapper that automatically handles error responses by:\n * - 401: Redirecting to \"/\" with expired parameter\n * - 502, 503, 504: Redirecting to \"/error\" with status code\n * \n * This function should be used for all authenticated API calls in server actions.\n * \n * IMPORTANT: This must be called from a Server Action context, not directly from\n * a Server Component, because it modifies cookies.\n */\nexport async function authenticatedFetch(\n url: string,\n options: ApiFetchOptions = {}\n): Promise<Response> {\n const { token, ...fetchOptions } = options;\n\n // Add authorization header if token is provided\n const headers = new Headers(fetchOptions.headers);\n if (token) {\n headers.set(\"authorization\", `Bearer ${token}`);\n }\n\n const response = await fetch(url, {\n ...fetchOptions,\n headers\n });\n\n // Handle 401 Unauthorized\n if (response.status === 401) {\n await handle401();\n }\n\n // Handle server errors (502, 503, 504) by redirecting to error page\n if (response.status === 502 || response.status === 503 || response.status === 504) {\n await handleServerError(response.status);\n }\n\n return response;\n}\n\n/**\n * Handles 401 unauthorized responses by redirecting to the root path with a logout parameter.\n * \n * Note: We cannot delete cookies here because this is called during Server Component\n * render, not from a true Server Action invocation.\n * \n * The home page MUST check for the `?expired=1` parameter and delete the portal_session\n * cookie when present to avoid infinite loops. Example:\n * \n * ```typescript\n * // In your home page (app/page.tsx)\n * import { cookies } from \"next/headers\";\n * \n * export default async function Home({ searchParams }: { searchParams: { expired?: string } }) {\n * if (searchParams.expired === \"1\") {\n * const cookieStore = await cookies();\n * cookieStore.delete(\"portal_session\");\n * }\n * \n * const sessionStore = await cookies();\n * const session = sessionStore.get(\"portal_session\");\n * // ... rest of your logic\n * }\n * ```\n */\nasync function handle401(): Promise<never> {\n const { redirect } = await import(\"next/navigation\");\n \n // Redirect with expired parameter so the home page can delete the cookie\n return redirect(\"/?expired=1\");\n}\n\n/**\n * Handles server errors (502, 503, 504) by redirecting to the error page.\n * \n * The error page route should be created at `app/error/page.tsx` in the consuming\n * application and use the ErrorPage component. Example:\n * \n * ```typescript\n * // In your error page (app/error/page.tsx)\n * import { ErrorPage } from \"@replicated/portal-components/error-page\";\n * \n * export default function Error({ \n * searchParams \n * }: { \n * searchParams: { code?: string; source?: string } \n * }) {\n * const statusCode = searchParams.code ? parseInt(searchParams.code, 10) : undefined;\n * const sourceUrl = searchParams.source;\n * return <ErrorPage statusCode={statusCode} sourceUrl={sourceUrl} />;\n * }\n * ```\n */\nasync function handleServerError(statusCode: number): Promise<never> {\n const { redirect } = await import(\"next/navigation\");\n \n // Try to get the current URL from Next.js headers\n let sourceUrl: string | undefined;\n try {\n const { headers } = await import(\"next/headers\");\n const headersList = await headers();\n const referer = headersList.get(\"referer\");\n const host = headersList.get(\"host\");\n const pathname = headersList.get(\"x-invoke-path\") || headersList.get(\"x-forwarded-path\");\n \n if (referer) {\n sourceUrl = referer;\n } else if (host && pathname) {\n const protocol = headersList.get(\"x-forwarded-proto\") || \"https\";\n sourceUrl = `${protocol}://${host}${pathname}`;\n }\n } catch (error) {\n // If we can't get headers, continue without source URL\n console.debug(\"[portal-components] Could not determine source URL\", error);\n }\n \n // Redirect to error page with status code and source URL parameters\n const params = new URLSearchParams({ code: String(statusCode) });\n if (sourceUrl) {\n params.set(\"source\", sourceUrl);\n }\n \n return redirect(`/error?${params.toString()}`);\n}\n","/**\n * Light-weight type helpers for defining Server Actions that align with the\n * enterprise portal guardrails. The component library does not implement\n * specific actions, but it exports helpers so downstream portals can describe\n * their actions with consistent metadata.\n */\n\nimport { Buffer } from \"node:buffer\";\nimport { cache } from \"react\";\nimport { authenticatedFetch } from \"../utils/api-client\";\n\n// =============================================================================\n// Helper Functions\n// =============================================================================\n\n/**\n * Gets the base API origin from environment, with trailing slashes removed.\n */\nexport const getApiOrigin = (): string => {\n return (process.env.REPLICATED_APP_ORIGIN || \"https://replicated.app\").replace(/\\/+$/, \"\");\n};\n\n// =============================================================================\n// Types\n// =============================================================================\n\nexport type PortalActionVisibility = \"vendor\" | \"customer\";\n\nexport interface PortalActionContext {\n vendorId: string;\n licenseId: string;\n userId: string;\n signal?: AbortSignal;\n}\n\nexport interface PortalServerActionDefinition<Input, Output> {\n id: string;\n description: string;\n visibility: PortalActionVisibility;\n tags: string[];\n run: (input: Input, context?: PortalActionContext) => Promise<Output>;\n}\n\nexport const defineServerAction = <Input, Output>(\n definition: PortalServerActionDefinition<Input, Output>\n) => definition;\n\nexport interface CreateServiceAccountInput {\n token: string;\n name: string;\n}\n\nexport interface ServiceAccountData {\n id: string;\n customerId: string;\n token: string;\n accountName: string;\n isRevoked: boolean;\n createdAt: string;\n emailAddress: string;\n}\n\nexport interface CreateServiceAccountResult {\n service_account: ServiceAccountData;\n token: string;\n}\n\nexport const createServiceAccount = defineServerAction<\n CreateServiceAccountInput,\n CreateServiceAccountResult\n>({\n id: \"service-account/create\",\n description: \"Creates a service account for installing applications\",\n visibility: \"customer\",\n tags: [\"service-account\", \"install\"],\n async run({ token, name }) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Service account creation requires a session token\");\n }\n\n if (!name || typeof name !== \"string\" || !name.trim()) {\n throw new Error(\"Service account name is required\");\n }\n\n // NEW: Use Enterprise Portal API endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/service-accounts`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\n \"[portal-components] creating service account via %s (Enterprise Portal API)\",\n endpoint\n );\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/json\"\n },\n body: JSON.stringify({ account_name: name.trim() })\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Service account creation failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const data: CreateServiceAccountResult = await response.json();\n return data;\n }\n});\n\nexport interface InitiateLoginInput {\n email: string;\n}\n\nexport interface InitiateLoginResult {\n status: \"ok\" | \"saml_redirect\";\n requestedAt: string;\n message: string;\n /** If SAML redirect is required, this contains the info needed to redirect */\n saml?: {\n redirectRequired: true;\n customerId: string;\n email: string;\n appSlug: string;\n };\n}\n\n/**\n * Reference server action for initiating the passwordless login flow.\n * Real portals should replace the simulated delay with a call to their auth API.\n */\nexport const initiateLogin = defineServerAction<\n InitiateLoginInput,\n InitiateLoginResult\n>({\n id: \"auth/initiate-login\",\n description:\n \"Begins the passwordless login flow by dispatching a magic link email.\",\n visibility: \"customer\",\n tags: [\"auth\", \"login\", \"session\"],\n async run(input) {\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/magic-link`;\n const appSlug = process.env.PORTAL_APP_SLUG;\n if (!appSlug) {\n throw new Error(\"PORTAL_APP_SLUG is not configured\");\n }\n const portalOrigin =\n process.env.PORTAL_ORIGIN ?? \"https://enterprise.replicated.com\";\n const redirectUri = `${portalOrigin.replace(/\\/+$/, \"\")}/${appSlug}/login`;\n\n const response = await fetch(endpoint, {\n method: \"POST\",\n headers: {\n \"content-type\": \"application/json\"\n },\n body: JSON.stringify({\n app_slug: appSlug,\n email_address: input.email,\n redirect_uri: redirectUri\n })\n });\n\n if (!response.ok) {\n throw new Error(\n `Magic link request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n\n // Check if SAML redirect is required\n if (data.saml_redirect_required && data.saml_customer_id) {\n return {\n status: \"saml_redirect\",\n requestedAt: new Date().toISOString(),\n message: \"SAML authentication required\",\n saml: {\n redirectRequired: true,\n customerId: data.saml_customer_id,\n email: input.email,\n appSlug\n }\n };\n }\n\n return {\n status: \"ok\",\n requestedAt: new Date().toISOString(),\n message: `Magic link requested for ${input.email}`\n };\n }\n});\n\nexport interface VerifyMagicLinkInput {\n nonce: string;\n}\n\nexport interface VerifyMagicLinkResult {\n token: string;\n raw: unknown;\n}\n\nexport interface VerifyMagicLinkError {\n code: \"invalid_code\" | \"expired\" | \"unknown\";\n message: string;\n isExpired?: boolean;\n}\n\nexport const verifyMagicLink = defineServerAction<\n VerifyMagicLinkInput,\n VerifyMagicLinkResult\n>({\n id: \"auth/verify-magic-link\",\n description: \"Verifies the 12-digit code provided via email and returns a JWT.\",\n visibility: \"customer\",\n tags: [\"auth\", \"login\", \"verify\"],\n async run({ nonce }) {\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/magic-link/verify`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\n \"[portal-components] verifying magic link via %s\",\n endpoint\n );\n }\n\n const response = await fetch(endpoint, {\n method: \"POST\",\n headers: {\n \"content-type\": \"application/json\"\n },\n body: JSON.stringify({ nonce })\n });\n\n if (!response.ok) {\n if (response.status === 401) {\n // Check if the response indicates an expired link\n try {\n const errorBody = await response.json();\n if (errorBody?.is_expired === true) {\n const error: VerifyMagicLinkError = {\n code: \"expired\",\n message: \"Magic link has expired. A new link has been sent to your email.\",\n isExpired: true\n };\n throw error;\n }\n } catch (parseError) {\n // If we already threw an error, re-throw it\n if ((parseError as VerifyMagicLinkError)?.code === \"expired\") {\n throw parseError;\n }\n // Otherwise fall through to invalid_code\n }\n\n const error: VerifyMagicLinkError = {\n code: \"invalid_code\",\n message: \"Incorrect code, check your email and try again.\"\n };\n throw error;\n }\n const error: VerifyMagicLinkError = {\n code: \"unknown\",\n message: `Magic link verification failed (${response.status} ${response.statusText})`\n };\n throw error;\n }\n\n const payload = await response.json();\n const token = payload?.token ?? payload?.jwt ?? payload?.access_token;\n if (typeof token !== \"string\") {\n throw new Error(\"Magic link verification succeeded but no token returned\");\n }\n\n return { token, raw: payload };\n }\n});\n\nexport interface CustomBrandingResponse {\n brandingData: string;\n documentation: unknown;\n}\n\nexport interface PortalLicenseField {\n key: string;\n label: string;\n value: string | null;\n isSecret?: boolean;\n}\n\nexport interface PortalLicenseDetails {\n id?: string;\n status?: string;\n statusLabel?: string;\n environment?: string;\n expiresAt?: string | null;\n releaseChannels?: string[];\n installMethods?: string[];\n installNotes?: string;\n customerName?: string;\n customerId?: string;\n customerOrganization?: string;\n fields: PortalLicenseField[];\n}\n\nexport interface ListSupportBundlesInput {\n token: string;\n}\n\nexport interface SupportBundleInsight {\n level: string;\n primary: string;\n key?: string;\n detail?: string;\n}\n\nexport interface SupportBundleSummary {\n id: string;\n createdAt?: string;\n status?: string;\n size?: number;\n instanceId?: string;\n insights?: SupportBundleInsight[];\n metadata?: Record<string, unknown>;\n}\n\nexport interface ListSupportBundlesResult {\n bundles: SupportBundleSummary[];\n totalCount: number;\n raw: unknown;\n}\n\nexport interface DownloadSupportBundleInput {\n token: string;\n bundleId: string;\n}\n\nexport interface DownloadSupportBundleResult {\n signedUrl: string;\n}\n\nexport interface DeleteSupportBundleInput {\n token: string;\n bundleId: string;\n}\n\nexport interface DeleteSupportBundleResult {\n success: boolean;\n}\n\nexport interface UploadSupportBundleInput {\n token: string;\n appId: string;\n}\n\nexport interface UploadSupportBundleResult {\n uploadUrl: string;\n appId: string;\n}\n\nexport interface UploadSupportBundleCompleteInput {\n token: string;\n appId: string;\n fileContent: ArrayBuffer;\n contentLength: number;\n}\n\nexport interface UploadSupportBundleCompleteResult {\n bundleId: string;\n slug: string;\n}\n\nexport interface FetchLicenseDetailsInput {\n token: string;\n}\n\nexport interface FetchLicenseDetailsResult {\n license: PortalLicenseDetails;\n raw: unknown;\n}\n\nexport interface FetchInstallOptionsInput {\n token: string;\n}\n\nexport interface FetchInstallOptionsResult {\n showLinux: boolean;\n showHelm: boolean;\n}\n\nexport interface FetchLicenseSummaryInput {\n token: string;\n}\n\nexport interface FetchLicenseSummaryResult {\n type: string;\n expiresAt: string | null;\n}\n\nexport interface FetchCustomersInput {\n token: string;\n}\n\nexport interface Customer {\n id: string;\n name: string;\n licenseId: string;\n licenseType: string;\n expiresAt: string;\n isEnterprisePortalEnabled: boolean;\n}\n\nexport interface FetchCustomersResult {\n customers: Customer[];\n}\n\nexport interface SwitchCustomerInput {\n token: string;\n customerId: string;\n}\n\nexport interface SwitchCustomerResult {\n token: string;\n}\n\nexport interface ListReleasesInput {\n token: string;\n}\n\nexport interface ListReleasesResult {\n status: number;\n body: string | null;\n}\n\n/**\n * Internal implementation of fetchCustomBranding.\n * Wrapped with React's cache() to deduplicate calls within a single request.\n *\n * Updated to use the new Enterprise Portal API /enterprise-portal/public/branding endpoint\n * which returns clean, non-base64 encoded data.\n */\nconst fetchCustomBrandingImpl = async (): Promise<CustomBrandingResponse> => {\n const appSlug = process.env.PORTAL_APP_SLUG;\n\n if (!appSlug) {\n throw new Error(\"PORTAL_APP_SLUG is not configured\");\n }\n\n const url = `${getApiOrigin()}/enterprise-portal/public/branding?app_slug=${encodeURIComponent(\n appSlug\n )}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\n \"[portal-components] fetching custom branding via %s (Enterprise Portal API)\",\n url\n );\n }\n\n const response = await fetch(url, {\n headers: {\n accept: \"application/json\"\n }\n });\n\n if (!response.ok) {\n throw new Error(\n `Custom branding request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n\n // New Enterprise Portal API returns clean data, not base64 encoded\n // Map the new field names to the old structure for compatibility\n const brandingObject = {\n logo: payload.logoUrl,\n title: payload.appName,\n customColor1: payload.primaryColor,\n customColor2: payload.secondaryColor,\n favicon: payload.faviconUrl,\n };\n\n // Encode to base64 to maintain compatibility with existing decodeBranding function\n const brandingData = Buffer.from(JSON.stringify(brandingObject)).toString(\"base64\");\n\n return {\n brandingData,\n documentation: null // Documentation not included in new API's public endpoint\n };\n};\n\n/**\n * Fetches custom branding for the portal.\n * This function is cached per-request to avoid duplicate API calls when called\n * from multiple components (e.g., TopNav and page components).\n */\nexport const fetchCustomBranding = cache(fetchCustomBrandingImpl);\n\nexport const decodeJwtPayload = (token: string): Record<string, unknown> => {\n const parts = token.split(\".\");\n if (parts.length !== 3) {\n throw new Error(\"Invalid JWT received\");\n }\n\n const payloadSegment = parts[1];\n if (!payloadSegment) {\n throw new Error(\"JWT payload segment missing\");\n }\n\n const padded = payloadSegment.padEnd(\n payloadSegment.length + ((4 - (payloadSegment.length % 4)) % 4),\n \"=\"\n );\n const decoded = Buffer.from(padded, \"base64\").toString(\"utf-8\");\n return JSON.parse(decoded) as Record<string, unknown>;\n};\n\n/**\n * Extracts customer ID from JWT token. Throws if extraction fails.\n */\nexport const getCustomerIdFromToken = (token: string): string => {\n const payload = decodeJwtPayload(token);\n const customerId = payload?.customer_id || payload?.customerId;\n if (typeof customerId !== \"string\" || !customerId.trim()) {\n throw new Error(\"Unable to determine customer_id from session token\");\n }\n return customerId.trim();\n};\n\nconst resolveSupportBundlesEndpoint = () => {\n const fallback = `${getApiOrigin()}/v3/supportbundles`;\n const explicit = process.env.SUPPORT_BUNDLES_ENDPOINT;\n\n if (!explicit) {\n return new URL(fallback);\n }\n\n try {\n return new URL(explicit);\n } catch (error) {\n console.warn(\n `[portal-components] invalid SUPPORT_BUNDLES_ENDPOINT, using fallback`,\n error\n );\n return new URL(fallback);\n }\n};\n\nexport const listSupportBundles = defineServerAction<\n ListSupportBundlesInput,\n ListSupportBundlesResult\n>({\n id: \"support/list-bundles\",\n description:\n \"Fetches support bundles associated with the customer found in the portal session JWT.\",\n visibility: \"customer\",\n tags: [\"support\", \"bundles\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Support bundle listing requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = `${getApiOrigin()}/enterprise-portal/support-bundles`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching support bundles via %s (Enterprise Portal API)\", url);\n }\n\n const response = await authenticatedFetch(url, {\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (context?.signal?.aborted) {\n throw new Error(\"Support bundles request was aborted\");\n }\n\n if (!response.ok) {\n throw new Error(\n `Support bundles request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n // Extract from Enterprise Portal API envelope\n const raw = payload.data;\n\n const rawRecord =\n raw && typeof raw === \"object\" ? (raw as Record<string, unknown>) : undefined;\n\n const parseInsights = (raw: unknown): SupportBundleInsight[] | undefined => {\n if (!Array.isArray(raw)) return undefined;\n return raw\n .filter((i): i is Record<string, unknown> => i && typeof i === \"object\")\n .map((i) => ({\n level: String(i.level ?? \"\"),\n primary: String(i.primary ?? \"\"),\n key: typeof i.key === \"string\" ? i.key : undefined,\n detail: typeof i.detail === \"string\" ? i.detail : undefined\n }));\n };\n\n const bundles: SupportBundleSummary[] = Array.isArray(\n rawRecord?.supportBundles\n )\n ? (rawRecord?.supportBundles as unknown[]).map((item) => {\n if (!item || typeof item !== \"object\") {\n return {\n id: \"\",\n createdAt: undefined,\n status: undefined,\n size: undefined,\n instanceId: undefined,\n insights: undefined,\n metadata: undefined\n };\n }\n\n const record = item as Record<string, unknown>;\n return {\n id: String(record.id ?? \"\"),\n createdAt:\n typeof record.createdAt === \"string\"\n ? (record.createdAt as string)\n : undefined,\n status:\n typeof record.status === \"string\"\n ? (record.status as string)\n : undefined,\n size:\n typeof record.size === \"number\"\n ? record.size\n : undefined,\n instanceId:\n typeof record.instanceId === \"string\"\n ? record.instanceId\n : undefined,\n insights: parseInsights(record.insights),\n metadata: record\n };\n })\n : Array.isArray(raw)\n ? (raw as unknown[]).map((item) => {\n if (!item || typeof item !== \"object\") {\n return {\n id: \"\",\n createdAt: undefined,\n status: undefined,\n size: undefined,\n instanceId: undefined,\n insights: undefined,\n metadata: undefined\n };\n }\n const record = item as Record<string, unknown>;\n return {\n id: String(record.id ?? \"\"),\n createdAt:\n typeof record.createdAt === \"string\"\n ? (record.createdAt as string)\n : undefined,\n status:\n typeof record.status === \"string\"\n ? (record.status as string)\n : undefined,\n size:\n typeof record.size === \"number\"\n ? record.size\n : undefined,\n instanceId:\n typeof record.instanceId === \"string\"\n ? record.instanceId\n : undefined,\n insights: parseInsights(record.insights),\n metadata: record\n };\n })\n : [];\n\n const totalCount = (() => {\n if (rawRecord) {\n if (\n typeof rawRecord.totalCount === \"number\" &&\n Number.isFinite(rawRecord.totalCount)\n ) {\n return rawRecord.totalCount;\n }\n if (Array.isArray(rawRecord.supportBundles)) {\n return rawRecord.supportBundles.length;\n }\n }\n\n if (Array.isArray(raw)) {\n return raw.length;\n }\n\n return bundles.length;\n })();\n\n return {\n bundles,\n totalCount,\n raw\n };\n }\n});\n\nexport const downloadSupportBundle = defineServerAction<\n DownloadSupportBundleInput,\n DownloadSupportBundleResult\n>({\n id: \"support/download-bundle\",\n description: \"Gets a signed URL for downloading a support bundle.\",\n visibility: \"customer\",\n tags: [\"support\", \"bundles\", \"download\"],\n async run({ token, bundleId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Support bundle download requires a session token\");\n }\n\n if (!bundleId || typeof bundleId !== \"string\") {\n throw new Error(\"Support bundle download requires a bundle ID\");\n }\n\n // NOTE: customerId is still required in query params because this endpoint\n // delegates to v3 handler which validates customer_id\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/enterprise-portal/support-bundles/${encodeURIComponent(bundleId)}/download?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] getting support bundle download URL via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n throw new Error(\n `Support bundle download URL request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const data = await response.json();\n const signedUrl = data?.signedUrl;\n\n if (typeof signedUrl !== \"string\" || !signedUrl) {\n throw new Error(\"Support bundle download response missing signedUrl\");\n }\n\n return { signedUrl };\n }\n});\n\nexport const deleteSupportBundle = defineServerAction<\n DeleteSupportBundleInput,\n DeleteSupportBundleResult\n>({\n id: \"support/delete-bundle\",\n description: \"Deletes a support bundle.\",\n visibility: \"customer\",\n tags: [\"support\", \"bundles\", \"delete\"],\n async run({ token, bundleId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Support bundle deletion requires a session token\");\n }\n\n if (!bundleId || typeof bundleId !== \"string\") {\n throw new Error(\"Support bundle deletion requires a bundle ID\");\n }\n\n // NOTE: customerId is still required in query params because this endpoint\n // delegates to v3 handler which validates customer_id\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/enterprise-portal/support-bundles/${encodeURIComponent(bundleId)}?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] deleting support bundle via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"DELETE\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n if (response.status === 404) {\n throw new Error(\"Support bundle not found\");\n }\n throw new Error(\n `Support bundle deletion failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n return { success: true };\n }\n});\n\nexport const uploadSupportBundle = defineServerAction<\n UploadSupportBundleCompleteInput,\n UploadSupportBundleCompleteResult\n>({\n id: \"support/upload-bundle\",\n description: \"Uploads a support bundle to the server.\",\n visibility: \"customer\",\n tags: [\"support\", \"bundles\", \"upload\"],\n async run({ token, appId, fileContent, contentLength }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Support bundle upload requires a session token\");\n }\n\n if (!appId || typeof appId !== \"string\") {\n throw new Error(\"Support bundle upload requires an app ID\");\n }\n\n if (!fileContent || !(fileContent instanceof ArrayBuffer)) {\n throw new Error(\"Support bundle upload requires file content\");\n }\n\n const endpoint = `${getApiOrigin()}/enterprise-portal/support-bundles/upload/${encodeURIComponent(appId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] uploading support bundle via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/gzip\",\n \"content-length\": String(contentLength)\n },\n body: fileContent,\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n throw new Error(\n `Support bundle upload failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const data = await response.json();\n\n return {\n bundleId: data?.bundleId ?? data?.bundle_id ?? \"\",\n slug: data?.slug ?? \"\"\n };\n }\n});\n\n/**\n * Helper to get the upload endpoint URL for client-side uploads with progress tracking.\n * Use this when you need progress indication - call this to get the URL, then upload directly from client.\n */\nexport const getSupportBundleUploadUrl = (appId: string): string => {\n return `${getApiOrigin()}/enterprise-portal/support-bundles/upload/${encodeURIComponent(appId)}`;\n};\n\nexport const listReleases = defineServerAction<\n ListReleasesInput,\n ListReleasesResult\n>({\n id: \"releases/list\",\n description: \"Lists available releases for the authenticated customer.\",\n visibility: \"customer\",\n tags: [\"releases\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"List releases requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${getApiOrigin()}/enterprise-portal/releases`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching releases via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n const bodyText = await response\n .text()\n .catch((error) => {\n console.warn(\"[portal-components] listReleases read error\", error);\n return null;\n });\n\n if (!response.ok) {\n throw new Error(\n `List releases request failed (${response.status} ${response.statusText})`\n );\n }\n\n return {\n status: response.status,\n body: bodyText\n };\n }\n});\n\nconst asRecord = (value: unknown): Record<string, unknown> | undefined => {\n if (value && typeof value === \"object\") {\n return value as Record<string, unknown>;\n }\n return undefined;\n};\n\nconst getValue = (\n record: Record<string, unknown> | undefined,\n key: string\n) => (record ? record[key] : undefined);\n\nconst getString = (\n record: Record<string, unknown> | undefined,\n key: string\n): string | undefined => {\n const value = getValue(record, key);\n return typeof value === \"string\" ? value : undefined;\n};\n\nconst getBoolean = (\n record: Record<string, unknown> | undefined,\n key: string\n): boolean | undefined => {\n const value = getValue(record, key);\n if (typeof value === \"boolean\") {\n return value;\n }\n if (typeof value === \"number\") {\n return value === 1;\n }\n if (typeof value === \"string\") {\n const normalized = value.trim().toLowerCase();\n if ([\"true\", \"1\", \"yes\"].includes(normalized)) {\n return true;\n }\n if ([\"false\", \"0\", \"no\"].includes(normalized)) {\n return false;\n }\n }\n return undefined;\n};\n\nconst toDisplayValue = (value: unknown): string | null => {\n if (value === null || value === undefined) {\n return null;\n }\n if (typeof value === \"string\") {\n return value;\n }\n if (typeof value === \"number\" || typeof value === \"boolean\") {\n return String(value);\n }\n try {\n return JSON.stringify(value);\n } catch {\n return String(value);\n }\n};\n\nconst normalizeStringArray = (value: unknown): string[] | undefined => {\n if (Array.isArray(value)) {\n const normalized = value\n .map((item) =>\n typeof item === \"string\" ? item.trim() : \"\"\n )\n .filter((item) => item.length > 0);\n return normalized.length ? normalized : undefined;\n }\n\n if (typeof value === \"string\") {\n const normalized = value\n .split(\",\")\n .map((item) => item.trim())\n .filter((item) => item.length > 0);\n return normalized.length ? normalized : undefined;\n }\n\n return undefined;\n};\n\nconst normalizeLicenseFields = (input: unknown): PortalLicenseField[] => {\n if (!input) {\n return [];\n }\n\n if (Array.isArray(input)) {\n return input\n .map((field, index) => {\n if (!field || typeof field !== \"object\") {\n return null;\n }\n const candidate = field as Record<string, unknown>;\n const key =\n typeof candidate.key === \"string\" && candidate.key.trim().length\n ? candidate.key.trim()\n : typeof candidate.name === \"string\" && candidate.name.trim().length\n ? candidate.name.trim()\n : typeof candidate.label === \"string\" && candidate.label.trim().length\n ? candidate.label.trim()\n : `field-${index}`;\n const label =\n typeof candidate.label === \"string\" && candidate.label.trim().length\n ? candidate.label.trim()\n : typeof candidate.name === \"string\" && candidate.name.trim().length\n ? candidate.name.trim()\n : key;\n let value: unknown =\n candidate.value ?? candidate.data ?? candidate.content;\n if (\n (value === undefined || value === null) &&\n typeof candidate.text === \"string\"\n ) {\n value = candidate.text;\n }\n if (\n (value === undefined || value === null) &&\n typeof candidate.defaultValue === \"string\"\n ) {\n value = candidate.defaultValue;\n }\n const isSecret = Boolean(\n candidate.isSecret ?? candidate.secret ?? candidate.masked\n );\n const resolved = toDisplayValue(value);\n return {\n key,\n label,\n value: resolved,\n isSecret\n } as PortalLicenseField;\n })\n .filter((field): field is PortalLicenseField => Boolean(field));\n }\n\n if (typeof input === \"object\") {\n return Object.entries(input as Record<string, unknown>).map(\n ([key, value]) => {\n let resolvedValue: unknown = value;\n let isSecret = false;\n if (value && typeof value === \"object\") {\n const obj = value as Record<string, unknown>;\n if (\"value\" in obj) {\n resolvedValue = obj.value;\n }\n isSecret = Boolean(obj.isSecret ?? obj.secret ?? obj.masked);\n }\n const normalized = toDisplayValue(resolvedValue);\n return {\n key,\n label: key,\n value: normalized,\n isSecret\n };\n }\n );\n }\n\n return [];\n};\n\nconst extractChannelNames = (input: unknown): string[] | undefined => {\n if (!Array.isArray(input)) {\n return undefined;\n }\n const names = input\n .map((item) => {\n if (typeof item === \"string\") {\n return item.trim();\n }\n const record = asRecord(item);\n if (!record) {\n return null;\n }\n return (\n getString(record, \"name\") ??\n getString(record, \"channelName\") ??\n getString(record, \"channel\") ??\n getString(record, \"channelSlug\") ??\n getString(record, \"slug\") ??\n undefined\n );\n })\n .filter((name): name is string => Boolean(name && name.length));\n return names.length ? names : undefined;\n};\n\nconst normalizeEntitlementFields = (\n fieldsInput: unknown,\n valuesInput: unknown\n): PortalLicenseField[] => {\n const valuesMap = new Map<string, string | null>();\n const assignValue = (key: string | undefined, value: unknown) => {\n if (!key) {\n return;\n }\n valuesMap.set(key, toDisplayValue(value));\n };\n\n if (Array.isArray(valuesInput)) {\n valuesInput.forEach((item) => {\n const record = asRecord(item);\n if (!record) {\n if (typeof item === \"string\") {\n assignValue(item, item);\n }\n return;\n }\n const key =\n getString(record, \"name\") ??\n getString(record, \"field\") ??\n getString(record, \"title\") ??\n getString(record, \"label\") ??\n getString(record, \"slug\") ??\n (() => {\n const idValue = getValue(record, \"id\");\n if (typeof idValue === \"string\" || typeof idValue === \"number\") {\n return String(idValue);\n }\n return undefined;\n })();\n const value =\n getValue(record, \"value\") ??\n getValue(record, \"currentValue\") ??\n getValue(record, \"entitlementValue\") ??\n getValue(record, \"content\") ??\n getValue(record, \"data\") ??\n getValue(record, \"defaultVal\") ??\n getValue(record, \"defaultValue\");\n assignValue(key, value);\n });\n } else if (valuesInput && typeof valuesInput === \"object\") {\n Object.entries(valuesInput as Record<string, unknown>).forEach(\n ([key, value]) => assignValue(key, value)\n );\n }\n\n const normalized: PortalLicenseField[] = [];\n\n if (Array.isArray(fieldsInput)) {\n fieldsInput.forEach((item, index) => {\n const record = asRecord(item);\n if (!record) {\n return;\n }\n const baseKey =\n getString(record, \"name\") ??\n getString(record, \"field\") ??\n getString(record, \"slug\") ??\n `entitlement-${index}`;\n const key = `entitlement-${baseKey}`;\n const label =\n getString(record, \"title\") ??\n getString(record, \"label\") ??\n baseKey;\n const defaultValue =\n getString(record, \"defaultVal\") ??\n getString(record, \"default\") ??\n getString(record, \"defaultValue\");\n const value =\n valuesMap.get(baseKey) ??\n valuesMap.get(label) ??\n defaultValue ??\n null;\n const isSecret = Boolean(\n getBoolean(record, \"secret\") ??\n getBoolean(record, \"isSecret\") ??\n getBoolean(record, \"masked\")\n );\n normalized.push({\n key,\n label,\n value,\n isSecret\n });\n });\n }\n\n valuesMap.forEach((value, key) => {\n const normalizedKey = `entitlement-${key}`;\n if (!normalized.some((field) => field.key === normalizedKey)) {\n normalized.push({\n key: normalizedKey,\n label: key,\n value\n });\n }\n });\n\n return normalized;\n};\n\nconst normalizeLicensePayload = (payload: unknown): PortalLicenseDetails => {\n const payloadRecord = asRecord(payload);\n const rootRecord =\n asRecord(getValue(payloadRecord, \"license\")) ??\n asRecord(getValue(payloadRecord, \"data\")) ??\n payloadRecord ??\n ({} as Record<string, unknown>);\n const sourceRecord =\n asRecord(getValue(rootRecord, \"metadata\")) ?? rootRecord;\n\n const customer =\n asRecord(getValue(rootRecord, \"customer\")) ??\n asRecord(getValue(sourceRecord, \"customer\")) ??\n asRecord(getValue(payloadRecord, \"customer\")) ??\n ({} as Record<string, unknown>);\n\n let releaseChannels =\n normalizeStringArray(\n getValue(rootRecord, \"releaseChannels\") ??\n getValue(sourceRecord, \"releaseChannels\") ??\n getValue(sourceRecord, \"channels\") ??\n getValue(rootRecord, \"channels\") ??\n getValue(sourceRecord, \"channel\") ??\n getValue(rootRecord, \"channel\")\n ) ?? undefined;\n\n if (!releaseChannels) {\n releaseChannels =\n extractChannelNames(getValue(rootRecord, \"channels\")) ??\n extractChannelNames(getValue(sourceRecord, \"channels\")) ??\n undefined;\n }\n\n let installMethods =\n normalizeStringArray(\n getValue(rootRecord, \"installMethods\") ??\n getValue(sourceRecord, \"installMethods\") ??\n getValue(sourceRecord, \"install_options\") ??\n getValue(rootRecord, \"install_options\") ??\n getValue(sourceRecord, \"installOptions\")\n ) ?? undefined;\n\n if (!installMethods || installMethods.length === 0) {\n const resolved: string[] = [];\n const flag = (key: string) =>\n getBoolean(rootRecord, key) ?? getBoolean(sourceRecord, key) ?? false;\n\n if (flag(\"isKotsInstallEnabled\")) {\n resolved.push(\"Replicated KOTS\");\n }\n if (flag(\"isHelmInstallEnabled\")) {\n resolved.push(\"Helm\");\n }\n if (flag(\"isHelmAirgapEnabled\")) {\n resolved.push(\"Helm Airgap\");\n }\n if (\n flag(\"isEmbeddedClusterDownloadEnabled\") ||\n flag(\"isEmbeddedClusterMultiNodeEnabled\")\n ) {\n resolved.push(\"Embedded Cluster\");\n }\n if (flag(\"isKurlInstallEnabled\")) {\n resolved.push(\"kURL\");\n }\n if (flag(\"isGitopsSupported\")) {\n resolved.push(\"GitOps\");\n }\n if (resolved.length) {\n installMethods = Array.from(new Set(resolved));\n }\n }\n\n const expiresAtSource =\n getValue(sourceRecord, \"expiresAt\") ??\n getValue(sourceRecord, \"expireAt\") ??\n getValue(sourceRecord, \"expire_at\") ??\n getValue(sourceRecord, \"expiration\") ??\n getValue(sourceRecord, \"expirationDate\") ??\n getValue(sourceRecord, \"expires_on\") ??\n getValue(rootRecord, \"expiresAt\") ??\n getValue(rootRecord, \"expireAt\") ??\n getValue(rootRecord, \"expire_at\") ??\n getValue(rootRecord, \"expiration\");\n\n const expiresAt =\n typeof expiresAtSource === \"string\" && expiresAtSource.trim().length\n ? expiresAtSource\n : expiresAtSource === null\n ? null\n : undefined;\n\n const baseFields = normalizeLicenseFields(\n getValue(rootRecord, \"additionalFields\") ??\n getValue(sourceRecord, \"additionalFields\") ??\n getValue(sourceRecord, \"fields\") ??\n getValue(rootRecord, \"fields\") ??\n getValue(payloadRecord, \"fields\") ??\n getValue(payloadRecord, \"additional_fields\")\n );\n\n const entitlementFields = normalizeEntitlementFields(\n getValue(rootRecord, \"entitlementFields\") ??\n getValue(sourceRecord, \"entitlementFields\"),\n getValue(rootRecord, \"entitlementValues\") ??\n getValue(sourceRecord, \"entitlementValues\")\n );\n\n const fields = [\n ...baseFields,\n ...entitlementFields.filter(\n (field) => !baseFields.some((existing) => existing.key === field.key)\n )\n ];\n\n const statusFromSource =\n getString(sourceRecord, \"status\") ??\n getString(sourceRecord, \"state\");\n const statusLabelFromSource =\n getString(sourceRecord, \"statusLabel\") ??\n getString(sourceRecord, \"stateLabel\");\n const expiredFlag =\n getBoolean(sourceRecord, \"isExpired\") ??\n getBoolean(rootRecord, \"isExpired\");\n const derivedStatus =\n statusFromSource ??\n (typeof expiredFlag === \"boolean\"\n ? expiredFlag\n ? \"expired\"\n : \"active\"\n : undefined);\n const statusLabel =\n statusLabelFromSource ??\n (derivedStatus\n ? derivedStatus.charAt(0).toUpperCase() + derivedStatus.slice(1)\n : undefined);\n\n const licenseType =\n getString(sourceRecord, \"licenseType\") ??\n getString(rootRecord, \"licenseType\");\n\n const status = derivedStatus;\n\n const license: PortalLicenseDetails = {\n id:\n getString(rootRecord, \"id\") ??\n getString(sourceRecord, \"id\") ??\n getString(sourceRecord, \"licenseId\") ??\n getString(customer, \"licenseId\") ??\n undefined,\n status,\n statusLabel,\n environment:\n getString(sourceRecord, \"environment\") ??\n getString(sourceRecord, \"tier\") ??\n licenseType ??\n undefined,\n expiresAt: expiresAt ?? null,\n releaseChannels: releaseChannels ?? [\n getString(rootRecord, \"channelName\") ??\n getString(rootRecord, \"channel\") ??\n undefined\n ].filter((value): value is string => Boolean(value)),\n installMethods,\n installNotes: getString(sourceRecord, \"installNotes\"),\n customerName:\n getString(sourceRecord, \"customerName\") ??\n getString(customer, \"name\") ??\n undefined,\n customerId:\n getString(sourceRecord, \"customerId\") ??\n getString(customer, \"id\") ??\n getString(rootRecord, \"customerId\") ??\n undefined,\n customerOrganization:\n getString(customer, \"organization\") ??\n getString(sourceRecord, \"customerOrganization\") ??\n getString(rootRecord, \"customerOrganization\") ??\n undefined,\n fields\n };\n\n return license;\n};\n\nexport const fetchLicenseDetails = defineServerAction<\n FetchLicenseDetailsInput,\n FetchLicenseDetailsResult\n>({\n id: \"license/fetch-details\",\n description: \"Fetches the authenticated user's enterprise license details.\",\n visibility: \"customer\",\n tags: [\"license\", \"entitlements\"],\n async run({ token }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchLicenseDetails requires a non-empty token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${getApiOrigin()}/enterprise-portal/license`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching license via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `License request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n\n // Extract from Enterprise Portal API envelope\n const licenseData = payload.data;\n const license = normalizeLicensePayload(licenseData);\n\n return {\n license,\n raw: licenseData ?? null\n };\n }\n});\n\nexport const fetchInstallOptions = defineServerAction<\n FetchInstallOptionsInput,\n FetchInstallOptionsResult\n>({\n id: \"license/fetch-install-options\",\n description: \"Fetches install options based on license entitlements.\",\n visibility: \"customer\",\n tags: [\"license\", \"install\"],\n async run({ token }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchInstallOptions requires a non-empty token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${getApiOrigin()}/enterprise-portal/license`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching install options via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `License request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n const licenseData = envelope.data;\n\n // Check for embedded cluster (Linux) and Helm install flags\n const getBoolean = (obj: unknown, key: string): boolean => {\n if (obj && typeof obj === \"object\" && key in obj) {\n const val = (obj as Record<string, unknown>)[key];\n return val === true || val === \"true\";\n }\n return false;\n };\n\n const showLinux = getBoolean(licenseData, \"isEmbeddedClusterDownloadEnabled\");\n const showHelm = getBoolean(licenseData, \"isHelmInstallEnabled\");\n\n return {\n showLinux,\n showHelm\n };\n }\n});\n\nexport const fetchLicenseSummary = defineServerAction<\n FetchLicenseSummaryInput,\n FetchLicenseSummaryResult\n>({\n id: \"license/fetch-summary\",\n description: \"Fetches license summary for the license card.\",\n visibility: \"customer\",\n tags: [\"license\"],\n async run({ token }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchLicenseSummary requires a non-empty token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${getApiOrigin()}/enterprise-portal/license`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching license summary via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `License request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n const licenseData = envelope.data;\n const license = normalizeLicensePayload(licenseData);\n\n // Extract type and expiration\n const type = license.environment || \"Unknown\";\n const expiresAt = license.expiresAt || null;\n\n return {\n type,\n expiresAt\n };\n }\n});\n\nexport const fetchCustomers = defineServerAction<\n FetchCustomersInput,\n FetchCustomersResult\n>({\n id: \"auth/fetch-customers\",\n description: \"Fetches the list of customers/teams for the authenticated user.\",\n visibility: \"customer\",\n tags: [\"auth\", \"customers\"],\n async run({ token }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchCustomers requires a non-empty token\");\n }\n\n // NEW: Use Enterprise Portal API /user endpoint (returns customers + user profile)\n const endpoint = `${getApiOrigin()}/enterprise-portal/user`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching customers via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch customers request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n const userData = envelope.data;\n\n return {\n customers: userData?.customers || []\n };\n }\n});\n\nexport const switchCustomer = defineServerAction<\n SwitchCustomerInput,\n SwitchCustomerResult\n>({\n id: \"auth/switch-customer\",\n description: \"Switches the JWT to a different customer/team.\",\n visibility: \"customer\",\n tags: [\"auth\", \"customers\"],\n async run({ token, customerId }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"switchCustomer requires a non-empty token\");\n }\n \n if (typeof customerId !== \"string\" || customerId.trim().length === 0) {\n throw new Error(\"switchCustomer requires a non-empty customerId\");\n }\n\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/switch-team`;\n\n const requestBody = { customer_id: customerId };\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(requestBody),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n console.error('[portal-components] switchCustomer error response:', errorText);\n throw new Error(\n `Switch customer request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const payload = await response.json();\n\n // API returns 'jwt' field, not 'token'\n const newToken = payload.jwt || payload.token || token;\n \n return {\n token: newToken\n };\n }\n});\n\n// =============================================================================\n// Security Types\n// =============================================================================\n\nexport type SecurityInstallType = \"linux\" | \"helm\";\n\nexport interface SecurityScanSummary {\n critical: Record<string, string>;\n high: Record<string, string>;\n medium: Record<string, string>;\n low: Record<string, string>;\n}\n\nexport interface SecurityScanWrapper {\n input: string;\n digest?: string;\n last_scanned_at?: string;\n result: SecurityScanSummary;\n not_found?: boolean;\n}\n\nexport interface SecurityReleaseImage {\n image: string;\n sha: string;\n size: number;\n platforms: { os: string; architecture: string }[];\n security?: SecurityScanWrapper;\n}\n\nexport interface GetSecurityInfoInput {\n token: string;\n installType: SecurityInstallType;\n channelSequence: number;\n isAirgap?: boolean;\n}\n\nexport interface GetSecurityInfoResult {\n images: SecurityReleaseImage[];\n}\n\nexport interface SecurityInfoDiff {\n oldTags: string[];\n newTags: string[];\n oldVulns?: SecurityScanSummary;\n newVulns?: SecurityScanSummary;\n added?: SecurityScanSummary;\n removed?: SecurityScanSummary;\n}\n\nexport interface GetSecurityInfoDiffInput {\n token: string;\n installType: SecurityInstallType;\n fromChannelSequence: number;\n toChannelSequence: number;\n isAirgap?: boolean;\n}\n\nexport interface GetSecurityInfoDiffResult {\n from_channel_sequence: number;\n to_channel_sequence: number;\n images: Record<string, SecurityInfoDiff>;\n}\n\nexport interface UnifiedSbom {\n sbom: string;\n sbom_source: string;\n}\n\nexport interface SpdxCreationInfo {\n created: string;\n creators: string[];\n}\n\nexport interface SpdxDocument {\n SPDXID: string;\n spdxVersion: string;\n name: string;\n creationInfo?: SpdxCreationInfo;\n packages?: unknown[];\n files?: unknown[];\n}\n\nexport interface GetSecurityInfoSBOMInput {\n token: string;\n installType: SecurityInstallType;\n channelSequence: number;\n isAirgap?: boolean;\n unifiedSbom?: boolean;\n}\n\nexport interface GetSecurityInfoSBOMResult {\n sboms: {\n unified?: UnifiedSbom;\n };\n}\n\n// =============================================================================\n// Security Actions\n// =============================================================================\n\n/**\n * Fetches security scan (CVE) information for a specific release.\n */\nexport const getSecurityInfo = defineServerAction<\n GetSecurityInfoInput,\n GetSecurityInfoResult\n>({\n id: \"security/get-info\",\n description: \"Fetches CVE security scan results for a specific release\",\n visibility: \"customer\",\n tags: [\"security\", \"cve\"],\n async run({ token, installType, channelSequence, isAirgap = false }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Security info request requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const params = new URLSearchParams({\n install_type: installType,\n channel_sequence: channelSequence.toString(),\n is_airgap: isAirgap.toString()\n });\n\n const url = `${getApiOrigin()}/enterprise-portal/security?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching security info via %s (Enterprise Portal API)\", url);\n }\n\n const response = await authenticatedFetch(url, {\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Security info request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n // Extract from Enterprise Portal API envelope\n return payload.data as GetSecurityInfoResult;\n }\n});\n\n/**\n * Fetches security diff between two releases (fixed/added CVEs).\n */\nexport const getSecurityInfoDiff = defineServerAction<\n GetSecurityInfoDiffInput,\n GetSecurityInfoDiffResult\n>({\n id: \"security/get-info-diff\",\n description: \"Fetches CVE diff between two releases showing fixed and added vulnerabilities\",\n visibility: \"customer\",\n tags: [\"security\", \"cve\", \"diff\"],\n async run({ token, installType, fromChannelSequence, toChannelSequence, isAirgap = false }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Security info diff request requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const params = new URLSearchParams({\n install_type: installType,\n from_channel_sequence: fromChannelSequence.toString(),\n to_channel_sequence: toChannelSequence.toString(),\n is_airgap: isAirgap.toString()\n });\n\n const url = `${getApiOrigin()}/enterprise-portal/security-diff?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching security info diff via %s\", url);\n }\n\n const response = await authenticatedFetch(url, {\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Security info diff request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n // Extract from Enterprise Portal API envelope\n return envelope.data as GetSecurityInfoDiffResult;\n }\n});\n\n/**\n * Fetches SBOM (Software Bill of Materials) for a specific release.\n */\nexport const getSecurityInfoSBOM = defineServerAction<\n GetSecurityInfoSBOMInput,\n GetSecurityInfoSBOMResult\n>({\n id: \"security/get-sbom\",\n description: \"Fetches Software Bill of Materials (SBOM) for a specific release\",\n visibility: \"customer\",\n tags: [\"security\", \"sbom\"],\n async run({ token, installType, channelSequence, isAirgap = false, unifiedSbom = true }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Security SBOM request requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const params = new URLSearchParams({\n install_type: installType,\n channel_sequence: channelSequence.toString(),\n is_airgap: isAirgap.toString(),\n unified_sbom: unifiedSbom.toString()\n });\n\n const url = `${getApiOrigin()}/enterprise-portal/security-sbom?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching security SBOM via %s\", url);\n }\n\n const response = await authenticatedFetch(url, {\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n // Handle 204 No Content response\n if (response.status === 204) {\n return { sboms: {} };\n }\n\n if (!response.ok) {\n throw new Error(\n `Security SBOM request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n // Extract from Enterprise Portal API envelope\n return envelope.data as GetSecurityInfoSBOMResult;\n }\n});\n\n// =============================================================================\n// Dashboard Types\n// =============================================================================\n\nexport interface FetchTeamStatsInput {\n token: string;\n}\n\nexport interface TeamUser {\n id: string;\n email: string;\n name?: string;\n createdAt?: string;\n}\n\nexport interface ServiceAccountSummary {\n id: string;\n accountName: string;\n customerId: string;\n isRevoked: boolean;\n createdAt: string;\n}\n\nexport interface FetchTeamStatsResult {\n userCount: number;\n serviceAccountCount: number;\n}\n\nexport interface FetchDashboardInstancesInput {\n token: string;\n}\n\nexport interface FetchDashboardInstancesResult {\n onlineActiveCount: number;\n airgapCount: number;\n onlineUpdates: number;\n airgapUpdates: number;\n // NEW: Additional data from composite endpoint\n license?: {\n type: string;\n expiresAt: string | null;\n isEmbeddedClusterDownloadEnabled: boolean;\n isHelmInstallEnabled: boolean;\n };\n teamStats?: {\n userCount: number;\n serviceAccountCount: number;\n supportBundleCount: number;\n };\n}\n\n// =============================================================================\n// Dashboard Actions\n// =============================================================================\n\n/**\n * NEW: Fetches all dashboard data using the composite Enterprise Portal API endpoint.\n * This replaces multiple v3 calls with a single call that returns:\n * - Instances\n * - Channel releases (for calculating updates)\n * - Notifications\n * - User/app/branding context\n */\nexport const fetchDashboardComposite = defineServerAction<\n FetchDashboardInstancesInput,\n FetchDashboardInstancesResult\n>({\n id: \"dashboard/fetch-composite\",\n description: \"Fetches all dashboard data from the composite Enterprise Portal API endpoint\",\n visibility: \"customer\",\n tags: [\"dashboard\", \"enterprise-portal-api\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Dashboard request requires a session token\");\n }\n\n const origin = getApiOrigin();\n const url = `${origin}/enterprise-portal/dashboard`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching dashboard via %s (Enterprise Portal API)\", url);\n }\n\n const response = await authenticatedFetch(url, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Dashboard request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n\n // Extract data from the Enterprise Portal API envelope\n const data = payload.data;\n const allInstances = data?.instances || [];\n const channelReleases = data?.channelReleases || [];\n const licenseData = data?.license || {};\n const teamStats = data?.teamStats || {};\n\n // Split into online and airgap\n const onlineInstances = allInstances.filter((i: { isAirgap?: boolean }) => !i.isAirgap);\n const airgapInstances = allInstances.filter((i: { isAirgap?: boolean }) => i.isAirgap);\n\n // Filter to active online instances (checked in within 24 hours)\n const twentyFourHoursAgo = Date.now() - 24 * 60 * 60 * 1000;\n const activeOnlineInstances = onlineInstances.filter((instance: { lastCheckin?: string }) => {\n const lastCheckin = instance.lastCheckin\n ? new Date(instance.lastCheckin).getTime()\n : 0;\n return lastCheckin > twentyFourHoursAgo;\n });\n\n const onlineActiveCount = activeOnlineInstances.length;\n const airgapCount = airgapInstances.length;\n\n // Calculate updates for active online instances\n const calculateUpdates = (instances: Array<{ channelId?: string; channelSequence?: number }>) => {\n if (!channelReleases.length) return 0;\n\n let numUpdates = 0;\n for (const instance of instances) {\n const instanceSequence = instance.channelSequence ?? 0;\n const matchingReleases = channelReleases.filter(\n (release: { channelId?: string; channelSequence?: number }) => release.channelId === instance.channelId\n );\n for (const release of matchingReleases) {\n if ((release.channelSequence ?? 0) > instanceSequence) {\n numUpdates++;\n }\n }\n }\n return numUpdates;\n };\n\n const onlineUpdates = calculateUpdates(activeOnlineInstances);\n const airgapUpdates = calculateUpdates(airgapInstances);\n\n // Store the composite data for other dashboard components to use\n // This allows us to eliminate the separate fetchTeamStats, fetchLicenseSummary, and fetchInstallOptions calls\n return {\n onlineActiveCount,\n airgapCount,\n onlineUpdates,\n airgapUpdates,\n // Additional data available from the composite endpoint\n license: licenseData,\n teamStats: teamStats\n };\n }\n});\n\n/**\n * Fetches team statistics including user count and service account count.\n * Used by the Team Settings dashboard card.\n */\nexport const fetchTeamStats = defineServerAction<\n FetchTeamStatsInput,\n FetchTeamStatsResult\n>({\n id: \"dashboard/fetch-team-stats\",\n description: \"Fetches user and service account counts for the dashboard\",\n visibility: \"customer\",\n tags: [\"dashboard\", \"team\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Team stats request requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // Fetch users count\n let userCount = 0;\n try {\n const usersUrl = `${origin}/v3/users?exclude_invites=false&customer_id=${encodeURIComponent(customerId)}`;\n \n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching team users via %s\", usersUrl);\n }\n\n const usersResponse = await authenticatedFetch(usersUrl, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (usersResponse.ok) {\n const usersData = await usersResponse.json();\n userCount = Array.isArray(usersData.users) ? usersData.users.length : 0;\n }\n } catch (error) {\n console.error(\"[portal-components] Error fetching users:\", error);\n }\n\n // Fetch service accounts count\n let serviceAccountCount = 0;\n try {\n const saUrl = `${origin}/v3/service-accounts?customer_id=${encodeURIComponent(customerId)}`;\n \n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching service accounts via %s\", saUrl);\n }\n\n const saResponse = await authenticatedFetch(saUrl, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (saResponse.ok) {\n const saData = await saResponse.json();\n serviceAccountCount = Array.isArray(saData.serviceAccounts) \n ? saData.serviceAccounts.length \n : 0;\n }\n } catch (error) {\n console.error(\"[portal-components] Error fetching service accounts:\", error);\n }\n\n return {\n userCount,\n serviceAccountCount\n };\n }\n});\n\n/**\n * Fetches instance counts and available updates for the dashboard.\n * Used by the Updates dashboard card.\n */\nexport const fetchDashboardInstances = defineServerAction<\n FetchDashboardInstancesInput,\n FetchDashboardInstancesResult\n>({\n id: \"dashboard/fetch-instances\",\n description: \"Fetches instance counts and update availability for the dashboard\",\n visibility: \"customer\",\n tags: [\"dashboard\", \"instances\", \"updates\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Dashboard instances request requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // Fetch instances\n const instancesUrl = `${origin}/v3/instances?customer_id=${encodeURIComponent(customerId)}`;\n \n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching instances via %s\", instancesUrl);\n }\n\n const instancesResponse = await authenticatedFetch(instancesUrl, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!instancesResponse.ok) {\n throw new Error(\n `Instances request failed (${instancesResponse.status} ${instancesResponse.statusText})`\n );\n }\n\n const instancesData = await instancesResponse.json();\n const allInstances = instancesData.instances || [];\n\n // Split into online and airgap\n const onlineInstances = allInstances.filter((i: { isAirgap?: boolean }) => !i.isAirgap);\n const airgapInstances = allInstances.filter((i: { isAirgap?: boolean }) => i.isAirgap);\n\n // Filter to active online instances (checked in within 24 hours)\n const twentyFourHoursAgo = Date.now() - 24 * 60 * 60 * 1000;\n const activeOnlineInstances = onlineInstances.filter((instance: { lastCheckin?: string }) => {\n const lastCheckin = instance.lastCheckin \n ? new Date(instance.lastCheckin).getTime() \n : 0;\n return lastCheckin > twentyFourHoursAgo;\n });\n\n const onlineActiveCount = activeOnlineInstances.length;\n const airgapCount = airgapInstances.length;\n\n // Fetch channel releases to calculate updates\n let channelReleases: Array<{ channelId: string; channelSequence: number }> = [];\n try {\n const releasesUrl = `${origin}/v3/channel-releases?customer_id=${encodeURIComponent(customerId)}`;\n \n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching channel releases via %s\", releasesUrl);\n }\n\n const releasesResponse = await authenticatedFetch(releasesUrl, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (releasesResponse.ok) {\n const releasesData = await releasesResponse.json();\n channelReleases = releasesData.channelReleases || [];\n }\n } catch (error) {\n console.error(\"[portal-components] Error fetching channel releases:\", error);\n }\n\n // Calculate updates for active online instances\n const calculateUpdates = (instances: Array<{ channelId?: string; channelSequence?: number }>) => {\n if (!channelReleases.length) return 0;\n \n let numUpdates = 0;\n for (const instance of instances) {\n const instanceSequence = instance.channelSequence ?? 0;\n const matchingReleases = channelReleases.filter(\n (release) => release.channelId === instance.channelId\n );\n for (const release of matchingReleases) {\n if (release.channelSequence > instanceSequence) {\n numUpdates++;\n }\n }\n }\n return numUpdates;\n };\n\n const onlineUpdates = calculateUpdates(activeOnlineInstances);\n const airgapUpdates = calculateUpdates(airgapInstances);\n\n return {\n onlineActiveCount,\n airgapCount,\n onlineUpdates,\n airgapUpdates\n };\n }\n});\n\n// =============================================================================\n// User Settings Types\n// =============================================================================\n\nexport interface FetchCurrentUserInput {\n token: string;\n}\n\nexport interface UserProfile {\n emailAddress: string;\n firstName: string;\n lastName: string;\n}\n\nexport interface FetchCurrentUserResult {\n user: UserProfile;\n}\n\nexport interface UpdateUserInput {\n token: string;\n firstName?: string;\n lastName?: string;\n}\n\nexport interface UpdateUserResult {\n success: boolean;\n}\n\nexport interface NotificationSetting {\n type: string;\n enabled: boolean;\n}\n\nexport interface FetchNotificationsInput {\n token: string;\n customerId: string;\n}\n\nexport interface FetchNotificationsResult {\n notifications: NotificationSetting[];\n}\n\nexport interface UpdateNotificationsInput {\n token: string;\n customerId: string;\n notifications: NotificationSetting[];\n}\n\nexport interface UpdateNotificationsResult {\n notifications: NotificationSetting[];\n}\n\n// =============================================================================\n// User Settings Actions\n// =============================================================================\n\n/**\n * Fetches the current user's profile information.\n */\nexport const fetchCurrentUser = defineServerAction<\n FetchCurrentUserInput,\n FetchCurrentUserResult\n>({\n id: \"user/fetch-current\",\n description: \"Fetches the current user's profile information\",\n visibility: \"customer\",\n tags: [\"user\", \"profile\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch current user requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/user/profile`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching current user via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch current user request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n user: {\n emailAddress: data.emailAddress || \"\",\n firstName: data.firstName || \"\",\n lastName: data.lastName || \"\"\n }\n };\n }\n});\n\n/**\n * Updates the current user's profile information.\n */\nexport const updateUser = defineServerAction<\n UpdateUserInput,\n UpdateUserResult\n>({\n id: \"user/update\",\n description: \"Updates the current user's first and/or last name\",\n visibility: \"customer\",\n tags: [\"user\", \"profile\"],\n async run({ token, firstName, lastName }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Update user requires a session token\");\n }\n\n if (!firstName && !lastName) {\n throw new Error(\"At least one of firstName or lastName must be provided\");\n }\n\n // NEW: Use Enterprise Portal API endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/user/profile`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating user via %s\", endpoint);\n }\n\n const body: { firstName?: string; lastName?: string } = {};\n if (firstName !== undefined) body.firstName = firstName;\n if (lastName !== undefined) body.lastName = lastName;\n\n const response = await authenticatedFetch(endpoint, {\n method: \"PUT\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n throw new Error(\n `Update user request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n return { success: true };\n }\n});\n\n/**\n * Fetches notification preferences for a specific customer/team.\n */\nexport const fetchNotifications = defineServerAction<\n FetchNotificationsInput,\n FetchNotificationsResult\n>({\n id: \"notifications/fetch\",\n description: \"Fetches notification preferences for a specific team\",\n visibility: \"customer\",\n tags: [\"notifications\", \"user\"],\n async run({ token, customerId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch notifications requires a session token\");\n }\n\n if (!customerId || typeof customerId !== \"string\") {\n throw new Error(\"Fetch notifications requires a valid customerId\");\n }\n\n // NOTE: customerId is still required in query params because this endpoint\n // delegates to v3 handler which validates customer_id\n const endpoint = `${getApiOrigin()}/enterprise-portal/user/notifications?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching notifications via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch notifications request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n notifications: data.notifications || []\n };\n }\n});\n\n/**\n * Updates notification preferences for a specific customer/team.\n */\nexport const updateNotifications = defineServerAction<\n UpdateNotificationsInput,\n UpdateNotificationsResult\n>({\n id: \"notifications/update\",\n description: \"Updates notification preferences for a specific team\",\n visibility: \"customer\",\n tags: [\"notifications\", \"user\"],\n async run({ token, customerId, notifications }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Update notifications requires a session token\");\n }\n\n if (!customerId || typeof customerId !== \"string\") {\n throw new Error(\"Update notifications requires a valid customerId\");\n }\n\n if (!Array.isArray(notifications)) {\n throw new Error(\"Update notifications requires a notifications array\");\n }\n\n // NOTE: customerId is still required in query params because this endpoint\n // delegates to v3 handler which validates customer_id\n const endpoint = `${getApiOrigin()}/enterprise-portal/user/notifications?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating notifications via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"PUT\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({ notifications }),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n throw new Error(\n `Update notifications request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const data = await response.json();\n \n return {\n notifications: data.notifications || []\n };\n }\n});\n\n// =============================================================================\n// Team Settings Types\n// =============================================================================\n\nexport interface TeamUser {\n id: string;\n emailAddress: string;\n firstAccessedAt?: string;\n lastAccessedAt?: string;\n viewCount?: number;\n pendingInvite: boolean;\n}\n\nexport interface FetchTeamUsersInput {\n token: string;\n limit?: number;\n offset?: number;\n}\n\nexport interface FetchTeamUsersResult {\n users: TeamUser[];\n total: number;\n}\n\nexport interface InviteUserInput {\n token: string;\n email: string;\n}\n\nexport interface InviteUserResult {\n success: boolean;\n}\n\nexport interface DeleteUserInput {\n token: string;\n id: string;\n isPendingInvite: boolean; // If true, delete invite; if false, delete user\n}\n\nexport interface DeleteUserResult {\n success: boolean;\n}\n\nexport interface ServiceAccount {\n id: string;\n customerId: string;\n accountName: string;\n emailAddress?: string;\n token: string;\n isRevoked: boolean;\n createdAt: string;\n lastUsedAt?: string;\n tokenRegeneratedAt?: string;\n}\n\nexport interface FetchServiceAccountsInput {\n token: string;\n limit?: number;\n offset?: number;\n includeRevoked?: boolean;\n}\n\nexport interface FetchServiceAccountsResult {\n serviceAccounts: ServiceAccount[];\n total: number;\n}\n\nexport interface RevokeServiceAccountInput {\n token: string;\n accountId: string;\n}\n\nexport interface RevokeServiceAccountResult {\n success: boolean;\n}\n\nexport interface RotateServiceAccountTokenInput {\n token: string;\n accountId: string;\n}\n\nexport interface RotateServiceAccountTokenResult {\n serviceAccount: ServiceAccount;\n helmLoginCommand: string;\n redeployHelm: string[];\n}\n\nexport interface Instance {\n id: string;\n serviceAccountId?: string;\n versionLabel?: string;\n channelId?: string;\n channelSequence?: number;\n lastCheckin?: string;\n isAirgap?: boolean;\n embeddedClusterVersion?: string;\n tags?: Array<{ key: string; value: string }>;\n}\n\nexport interface FetchInstancesInput {\n token: string;\n}\n\nexport interface FetchInstancesResult {\n instances: Instance[];\n}\n\nexport interface SAMLConfig {\n samlAllowed: boolean;\n samlEnabled: boolean;\n entityId: string;\n acsUrl: string;\n hasIdpMetadata: boolean;\n hasIdpCert: boolean;\n}\n\nexport interface FetchSamlConfigInput {\n token: string;\n}\n\nexport interface FetchSamlConfigResult {\n config: SAMLConfig;\n}\n\nexport interface UpdateSamlConfigInput {\n token: string;\n idpMetadataXml: string;\n idpPublicCert: string;\n}\n\nexport interface UpdateSamlConfigResult {\n success: boolean;\n}\n\nexport interface ToggleSamlEnabledInput {\n token: string;\n enabled: boolean;\n}\n\nexport interface ToggleSamlEnabledResult {\n success: boolean;\n samlEnabled: boolean;\n}\n\nexport interface DeprovisionSamlInput {\n token: string;\n}\n\nexport interface DeprovisionSamlResult {\n success: boolean;\n}\n\n// =============================================================================\n// Team Settings Actions\n// =============================================================================\n\n/**\n * Fetches the list of users for a team.\n */\nexport const fetchTeamUsers = defineServerAction<\n FetchTeamUsersInput,\n FetchTeamUsersResult\n>({\n id: \"team/fetch-users\",\n description: \"Fetches paginated list of team users and pending invites\",\n visibility: \"customer\",\n tags: [\"team\", \"users\"],\n async run({ token, limit = 25, offset = 0 }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch team users requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n // NEW: Use Enterprise Portal API endpoint\n // Note: v3 handler still requires customer_id in query params for validation\n const params = new URLSearchParams({\n customer_id: customerId,\n limit: limit.toString(),\n offset: offset.toString()\n });\n\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/users?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching team users via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch team users request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n users: data.users || [],\n total: data.total || 0\n };\n }\n});\n\n/**\n * Invites a user to the team.\n */\nexport const inviteUser = defineServerAction<\n InviteUserInput,\n InviteUserResult\n>({\n id: \"team/invite-user\",\n description: \"Sends an invitation email to join the team\",\n visibility: \"customer\",\n tags: [\"team\", \"users\", \"invite\"],\n async run({ token, email }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Invite user requires a session token\");\n }\n\n if (!email || typeof email !== \"string\") {\n throw new Error(\"Invite user requires an email address\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const params = new URLSearchParams({\n email_address: email\n });\n\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/invite?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] inviting user via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to invite user\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n/**\n * Removes a user or pending invite from the team by ID.\n */\nexport const deleteUser = defineServerAction<\n DeleteUserInput,\n DeleteUserResult\n>({\n id: \"team/delete-user\",\n description: \"Removes a user or pending invite from the team by ID\",\n visibility: \"customer\",\n tags: [\"team\", \"users\", \"delete\"],\n async run({ token, id, isPendingInvite }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Delete user requires a session token\");\n }\n\n if (!id || typeof id !== \"string\") {\n throw new Error(\"Delete user requires an ID\");\n }\n\n // Use different endpoints for users vs invites\n const resource = isPendingInvite ? \"invites\" : \"users\";\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/${resource}/${encodeURIComponent(id)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] deleting %s %s via %s\", resource, id, endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"DELETE\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = isPendingInvite ? \"Failed to delete invite\" : \"Failed to delete user\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n/**\n * Fetches the list of service accounts for a team.\n */\nexport const fetchServiceAccounts = defineServerAction<\n FetchServiceAccountsInput,\n FetchServiceAccountsResult\n>({\n id: \"team/fetch-service-accounts\",\n description: \"Fetches paginated list of service accounts\",\n visibility: \"customer\",\n tags: [\"team\", \"service-accounts\"],\n async run({ token, limit = 50, offset = 0, includeRevoked = false }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch service accounts requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const params = new URLSearchParams({\n customer_id: customerId,\n limit: limit.toString(),\n offset: offset.toString()\n });\n\n // Add filterRevoked parameter - API filters revoked when this param is present\n if (!includeRevoked) {\n params.set(\"filterRevoked\", \"false\");\n }\n\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/service-accounts?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching service accounts via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch service accounts request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n serviceAccounts: data.serviceAccounts || [],\n total: data.total || 0\n };\n }\n});\n\n/**\n * Revokes a service account.\n */\nexport const revokeServiceAccount = defineServerAction<\n RevokeServiceAccountInput,\n RevokeServiceAccountResult\n>({\n id: \"team/revoke-service-account\",\n description: \"Revokes a service account (soft delete)\",\n visibility: \"customer\",\n tags: [\"team\", \"service-accounts\", \"revoke\"],\n async run({ token, accountId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Revoke service account requires a session token\");\n }\n\n if (!accountId || typeof accountId !== \"string\") {\n throw new Error(\"Revoke service account requires an account ID\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/service-accounts/${encodeURIComponent(accountId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] revoking service account via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"DELETE\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to revoke service account\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n/**\n * Rotates a service account token.\n */\nexport const rotateServiceAccountToken = defineServerAction<\n RotateServiceAccountTokenInput,\n RotateServiceAccountTokenResult\n>({\n id: \"team/rotate-service-account-token\",\n description: \"Generates a new token for a service account\",\n visibility: \"customer\",\n tags: [\"team\", \"service-accounts\", \"rotate\"],\n async run({ token, accountId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Rotate service account token requires a session token\");\n }\n\n if (!accountId || typeof accountId !== \"string\") {\n throw new Error(\"Rotate service account token requires an account ID\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/service-accounts/${encodeURIComponent(accountId)}/rotate-token`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] rotating service account token via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to rotate service account token\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n const data = await response.json();\n \n return {\n serviceAccount: data.service_account,\n helmLoginCommand: data.helm_login_cmd || \"\",\n redeployHelm: data.redeploy_helm || []\n };\n }\n});\n\n/**\n * Fetches instances for the customer.\n */\nexport const fetchInstances = defineServerAction<\n FetchInstancesInput,\n FetchInstancesResult\n>({\n id: \"team/fetch-instances\",\n description: \"Fetches instances to determine service account usage\",\n visibility: \"customer\",\n tags: [\"team\", \"instances\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch instances requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/instances?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching instances via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch instances request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n instances: data.instances || []\n };\n }\n});\n\n/**\n * Fetches SAML configuration for the customer.\n */\nexport const fetchSamlConfig = defineServerAction<\n FetchSamlConfigInput,\n FetchSamlConfigResult\n>({\n id: \"team/fetch-saml-config\",\n description: \"Fetches SAML SSO configuration for the team\",\n visibility: \"customer\",\n tags: [\"team\", \"saml\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch SAML config requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/customer/saml/config?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching SAML config via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch SAML config request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n config: {\n samlAllowed: data.samlAllowed || false,\n samlEnabled: data.samlEnabled || false,\n entityId: data.entityId || \"\",\n acsUrl: data.acsUrl || \"\",\n hasIdpMetadata: data.hasIdpMetadata || false,\n hasIdpCert: data.hasIdpCert || false\n }\n };\n }\n});\n\n/**\n * Updates SAML configuration (uploads IdP metadata and certificate).\n */\nexport const updateSamlConfig = defineServerAction<\n UpdateSamlConfigInput,\n UpdateSamlConfigResult\n>({\n id: \"team/update-saml-config\",\n description: \"Uploads IdP metadata and certificate for SAML SSO\",\n visibility: \"customer\",\n tags: [\"team\", \"saml\", \"update\"],\n async run({ token, idpMetadataXml, idpPublicCert }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Update SAML config requires a session token\");\n }\n\n if (!idpMetadataXml || !idpPublicCert) {\n throw new Error(\"Both IdP metadata and certificate are required\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/customer/saml/config?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating SAML config via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"PUT\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({\n idpMetadataXml,\n idpPublicCert\n }),\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to update SAML configuration\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n/**\n * Toggles SAML authentication enabled/disabled.\n */\nexport const toggleSamlEnabled = defineServerAction<\n ToggleSamlEnabledInput,\n ToggleSamlEnabledResult\n>({\n id: \"team/toggle-saml-enabled\",\n description: \"Enables or disables SAML authentication\",\n visibility: \"customer\",\n tags: [\"team\", \"saml\", \"toggle\"],\n async run({ token, enabled }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Toggle SAML enabled requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/customer/saml/enable?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] toggling SAML enabled via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"PUT\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({ enabled }),\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to toggle SAML\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n const data = await response.json();\n \n return {\n success: true,\n samlEnabled: data.samlEnabled || enabled\n };\n }\n});\n\n/**\n * Removes SAML configuration (deprovisions SAML).\n */\nexport const deprovisionSaml = defineServerAction<\n DeprovisionSamlInput,\n DeprovisionSamlResult\n>({\n id: \"team/deprovision-saml\",\n description: \"Removes all SAML configuration\",\n visibility: \"customer\",\n tags: [\"team\", \"saml\", \"delete\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Deprovision SAML requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/customer/saml/config?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] deprovisioning SAML via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"DELETE\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to remove SAML configuration\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n// =============================================================================\n// Invite Accept/Refresh Actions\n// =============================================================================\n\nexport interface AcceptInviteInput {\n code: string;\n}\n\nexport interface AcceptInviteResult {\n token: string;\n}\n\nexport interface AcceptInviteError {\n code: \"invalid_code\" | \"expired\" | \"unknown\";\n message: string;\n}\n\n/**\n * Accepts a team invitation using the invite code from email.\n * Returns a JWT token on success that can be used to establish a session.\n */\nexport const acceptInvite = defineServerAction<\n AcceptInviteInput,\n AcceptInviteResult\n>({\n id: \"auth/accept-invite\",\n description: \"Accepts a team invitation and returns a session token\",\n visibility: \"customer\",\n tags: [\"auth\", \"invite\", \"join\"],\n async run({ code }) {\n if (!code || typeof code !== \"string\") {\n const error: AcceptInviteError = {\n code: \"invalid_code\",\n message: \"Invite code is required\"\n };\n throw error;\n }\n\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/invite/accept`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] accepting invite via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await fetch(endpoint, {\n method: \"POST\",\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({ code })\n });\n\n if (!response.ok) {\n if (response.status === 404) {\n const error: AcceptInviteError = {\n code: \"invalid_code\",\n message: \"Invalid or expired invite code. Please check your code and try again.\"\n };\n throw error;\n }\n\n let errorMessage = \"Failed to accept invitation\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n\n const error: AcceptInviteError = {\n code: \"unknown\",\n message: errorMessage\n };\n throw error;\n }\n\n const payload = await response.json();\n const token = payload?.jwt ?? payload?.token;\n\n if (typeof token !== \"string\") {\n throw new Error(\"Invite accepted but no token returned\");\n }\n\n return { token };\n }\n});\n\nexport interface RefreshInviteInput {\n code: string;\n}\n\nexport interface RefreshInviteResult {\n success: boolean;\n}\n\n/**\n * Refreshes an expired invite by generating a new code and resending the email.\n * The original code is used to identify the invite to refresh.\n */\nexport const refreshInvite = defineServerAction<\n RefreshInviteInput,\n RefreshInviteResult\n>({\n id: \"auth/refresh-invite\",\n description: \"Refreshes an expired invite and resends the invitation email\",\n visibility: \"customer\",\n tags: [\"auth\", \"invite\", \"refresh\"],\n async run({ code }) {\n if (!code || typeof code !== \"string\") {\n throw new Error(\"Invite code is required\");\n }\n\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/invite/refresh`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] refreshing invite via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await fetch(endpoint, {\n method: \"POST\",\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({ code })\n });\n\n // The API returns 200 even for non-existent codes to prevent code enumeration\n if (!response.ok) {\n let errorMessage = \"Failed to refresh invitation\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n","/**\n * Install-related server actions for the Linux and Helm installation wizards.\n * \n * These actions handle the complete installation flow including:\n * - Fetching available releases (channel releases)\n * - Creating/updating/fetching install options\n * - Generating installation instructions\n */\n\nimport { authenticatedFetch } from \"../utils/api-client\";\nimport { getApiOrigin, getCustomerIdFromToken } from \"./index\";\nimport type { PortalActionContext } from \"./index\";\n\n// =============================================================================\n// Types - Channel Releases\n// =============================================================================\n\nexport interface EmbeddedClusterInstallationType {\n version?: string;\n}\n\nexport interface HelmInstallationType {\n version?: string;\n}\n\nexport interface InstallationTypes {\n embeddedCluster?: EmbeddedClusterInstallationType;\n helm?: HelmInstallationType;\n}\n\nexport interface ChannelRelease {\n channelId: string;\n channelName: string;\n channelSlug: string;\n channelSequence: number;\n releaseSequence: number;\n versionLabel: string;\n releaseNotes?: string;\n createdAt: string;\n isRequired?: boolean;\n installationTypes?: InstallationTypes;\n}\n\nexport interface FetchChannelReleasesInput {\n token: string;\n channelId?: string;\n}\n\nexport interface FetchChannelReleasesResult {\n channelReleases: ChannelRelease[];\n}\n\n// =============================================================================\n// Types - Install Options\n// =============================================================================\n\nexport type NetworkAvailability = \"online\" | \"proxy\" | \"airgap\";\nexport type InstallType = \"linux\" | \"helm\";\nexport type RegistryAvailability = \"online\" | \"partial\" | \"offline\";\nexport type KubernetesDistribution = \"vanilla\" | \"openshift\" | \"rancher\" | \"aks\" | \"eks\" | \"gke\";\nexport type InstallStatus = \"in_progress\" | \"completed\" | \"discarded\";\n\nexport interface InstallStep {\n step_number: number;\n step_name: string;\n title: string;\n description?: string;\n commands: string[];\n /** If true, this step can be marked as completed (shows checkmark UI) */\n maybe_completed?: boolean;\n}\n\nexport interface InstallInstructions {\n format: \"basic\" | \"mdx\";\n install_type: string;\n title: string;\n steps?: InstallStep[];\n mdx_template?: string;\n context?: Record<string, unknown>;\n renderer_version?: number;\n}\n\nexport interface InstallOptions {\n id: string;\n customer_id: string;\n install_type: InstallType;\n instance_name: string;\n instance_id?: string;\n service_account_id?: string;\n service_account_email_address?: string;\n license_id?: string;\n started_at: string;\n completed_at?: string;\n network_availability?: NetworkAvailability;\n is_multi_node?: boolean;\n channel_id?: string;\n channel_release_sequence?: number;\n registry_availability?: RegistryAvailability;\n kubernetes_distribution?: KubernetesDistribution;\n admin_console_url?: string;\n status?: InstallStatus;\n}\n\nexport interface CreateInstallOptionsInput {\n token: string;\n installType: InstallType;\n instanceName: string;\n serviceAccountId: string;\n networkAvailability: NetworkAvailability;\n isMultiNode?: boolean;\n channelId?: string;\n channelReleaseSequence?: number;\n // Helm-specific\n registryAvailability?: RegistryAvailability;\n kubernetesDistribution?: KubernetesDistribution;\n}\n\nexport interface CreateInstallOptionsResult {\n install_options: InstallOptions;\n instructions?: InstallInstructions;\n}\n\nexport interface GetInstallOptionsInput {\n token: string;\n installOptionsId: string;\n includeInstructions?: boolean;\n privateRegistryHostname?: string;\n proxyUrl?: string;\n}\n\nexport interface GetInstallOptionsResult {\n id: string;\n customer_id: string;\n install_type: InstallType;\n instance_name: string;\n instance_id?: string;\n service_account_id?: string;\n service_account_email_address?: string;\n started_at: string;\n completed_at?: string;\n network_availability?: NetworkAvailability;\n is_multi_node?: boolean;\n channel_id?: string;\n channel_release_sequence?: number;\n registry_availability?: RegistryAvailability;\n kubernetes_distribution?: KubernetesDistribution;\n admin_console_url?: string;\n status?: InstallStatus;\n instructions?: InstallInstructions;\n /** Timestamp when assets were downloaded (for progress tracking) */\n assets_downloaded_at?: string;\n /** Timestamp when registry authentication was completed (for Helm progress tracking) */\n registry_authenticated_at?: string;\n /** Timestamp when images were pulled (for Helm progress tracking) */\n images_pulled_at?: string;\n /** Timestamp when installation was completed (for progress tracking) */\n installation_completed_at?: string;\n}\n\nexport interface UpdateInstallOptionsInput {\n token: string;\n installOptionsId: string;\n installType?: InstallType;\n channelId?: string;\n channelReleaseSequence?: number;\n networkAvailability?: NetworkAvailability;\n registryAvailability?: RegistryAvailability;\n kubernetesDistribution?: KubernetesDistribution;\n isMultiNode?: boolean;\n serviceAccountId?: string;\n adminConsoleUrl?: string | null;\n status?: InstallStatus;\n includeInstructions?: boolean;\n privateRegistryHostname?: string;\n proxyUrl?: string;\n}\n\nexport interface UpdateInstallOptionsResult {\n install_options: InstallOptions;\n instructions?: InstallInstructions;\n}\n\n// =============================================================================\n// Actions - Channel Releases\n// =============================================================================\n\n/**\n * Fetches available channel releases for the customer.\n * These are filtered to show only releases that have embedded cluster installers.\n */\nexport async function fetchChannelReleases(\n input: FetchChannelReleasesInput,\n context?: PortalActionContext\n): Promise<FetchChannelReleasesResult> {\n const { token, channelId } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"fetchChannelReleases requires a session token\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/channel-releases`);\n if (channelId) {\n url.searchParams.set(\"channel_id\", channelId);\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching channel releases via %s (Enterprise Portal API)\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Channel releases request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const envelope = await response.json();\n const payload = envelope.data;\n\n return {\n channelReleases: payload?.channelReleases || []\n };\n}\n\n// =============================================================================\n// Actions - Install Options\n// =============================================================================\n\n/**\n * Creates a new install options record to track an installation attempt.\n * This is called after creating a service account and before showing install commands.\n */\nexport async function createInstallOptions(\n input: CreateInstallOptionsInput,\n context?: PortalActionContext\n): Promise<CreateInstallOptionsResult> {\n const {\n token,\n installType,\n instanceName,\n serviceAccountId,\n networkAvailability,\n isMultiNode = false,\n channelId,\n channelReleaseSequence,\n registryAvailability,\n kubernetesDistribution\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"createInstallOptions requires a session token\");\n }\n\n if (!instanceName?.trim()) {\n throw new Error(\"Instance name is required\");\n }\n\n if (!serviceAccountId?.trim()) {\n throw new Error(\"Service account ID is required\");\n }\n\n const origin = getApiOrigin();\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${origin}/enterprise-portal/install-options?includeInstructions=true`;\n\n const body: Record<string, unknown> = {\n install_type: installType,\n instance_name: instanceName.trim(),\n service_account_id: serviceAccountId.trim(),\n network_availability: networkAvailability,\n is_multi_node: isMultiNode\n };\n\n // Add optional fields\n if (channelId) {\n body.channel_id = channelId;\n }\n if (channelReleaseSequence !== undefined) {\n body.channel_release_sequence = channelReleaseSequence;\n }\n if (registryAvailability) {\n body.registry_availability = registryAvailability;\n }\n if (kubernetesDistribution) {\n body.kubernetes_distribution = kubernetesDistribution;\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] creating install options via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Create install options failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n return await response.json();\n}\n\n/**\n * Fetches existing install options by ID.\n * Can optionally include generated installation instructions.\n */\nexport async function getInstallOptions(\n input: GetInstallOptionsInput,\n context?: PortalActionContext\n): Promise<GetInstallOptionsResult> {\n const {\n token,\n installOptionsId,\n includeInstructions = true,\n privateRegistryHostname,\n proxyUrl\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"getInstallOptions requires a session token\");\n }\n\n if (!installOptionsId?.trim()) {\n throw new Error(\"Install options ID is required\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/install-options/${installOptionsId.trim()}`);\n\n if (includeInstructions) {\n url.searchParams.set(\"includeInstructions\", \"true\");\n }\n if (privateRegistryHostname) {\n url.searchParams.set(\"privateRegistryHostname\", privateRegistryHostname);\n }\n if (proxyUrl) {\n url.searchParams.set(\"proxyUrl\", proxyUrl);\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching install options via %s (Enterprise Portal API)\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Get install options failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const envelope = await response.json();\n return envelope.data;\n}\n\n/**\n * Updates existing install options.\n * Typically called when user selects a different version or changes settings.\n * Returns updated options with regenerated installation instructions.\n */\nexport async function updateInstallOptions(\n input: UpdateInstallOptionsInput,\n context?: PortalActionContext\n): Promise<UpdateInstallOptionsResult> {\n const {\n token,\n installOptionsId,\n installType,\n channelId,\n channelReleaseSequence,\n networkAvailability,\n registryAvailability,\n kubernetesDistribution,\n isMultiNode,\n serviceAccountId,\n adminConsoleUrl,\n status,\n includeInstructions = true,\n privateRegistryHostname,\n proxyUrl\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"updateInstallOptions requires a session token\");\n }\n\n if (!installOptionsId?.trim()) {\n throw new Error(\"Install options ID is required\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/install-options/${installOptionsId.trim()}`);\n\n if (includeInstructions) {\n url.searchParams.set(\"includeInstructions\", \"true\");\n }\n if (privateRegistryHostname) {\n url.searchParams.set(\"privateRegistryHostname\", privateRegistryHostname);\n }\n if (proxyUrl) {\n url.searchParams.set(\"proxyUrl\", proxyUrl);\n }\n\n // Build body with only provided fields\n const body: Record<string, unknown> = {};\n\n if (installType !== undefined) {\n body.install_type = installType;\n }\n if (channelId !== undefined) {\n body.channel_id = channelId;\n }\n if (channelReleaseSequence !== undefined) {\n body.channel_release_sequence = channelReleaseSequence;\n }\n if (networkAvailability !== undefined) {\n body.network_availability = networkAvailability;\n }\n if (registryAvailability !== undefined) {\n body.registry_availability = registryAvailability;\n }\n if (kubernetesDistribution !== undefined) {\n body.kubernetes_distribution = kubernetesDistribution;\n }\n if (isMultiNode !== undefined) {\n body.is_multi_node = isMultiNode;\n }\n if (serviceAccountId !== undefined) {\n body.service_account_id = serviceAccountId;\n }\n if (adminConsoleUrl !== undefined) {\n body.admin_console_url = adminConsoleUrl;\n }\n if (status !== undefined) {\n body.status = status;\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating install options via %s\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"PATCH\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Update install options failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n return await response.json();\n}\n\n// =============================================================================\n// Helper - Filter Releases with Embedded Cluster Support\n// =============================================================================\n\n/**\n * Filters channel releases to only include those with embedded cluster installers.\n * Use this when populating the version dropdown for Linux installs.\n */\nexport function filterEmbeddedClusterReleases(releases: ChannelRelease[]): ChannelRelease[] {\n return releases.filter(\n (release) => release.installationTypes?.embeddedCluster?.version\n );\n}\n\n/**\n * Filters channel releases to only include those with Helm chart support.\n * Use this when populating the version dropdown for Helm installs.\n */\nexport function filterHelmReleases(releases: ChannelRelease[]): ChannelRelease[] {\n return releases.filter(\n (release) => release.installationTypes?.helm?.version\n );\n}\n\n// =============================================================================\n// Types - Update Instructions\n// =============================================================================\n\nexport interface GetUpdateInstructionsInput {\n token: string;\n /** Install options ID (if known) */\n installOptionsId?: string;\n /** Instance ID (used if installOptionsId is not available) */\n instanceId?: string;\n /** Target channel ID for the update */\n targetChannelId: string;\n /** Target channel sequence for the update */\n targetChannelSequence: number;\n /** Private registry hostname (for airgap with private registry) */\n privateRegistryHostname?: string;\n}\n\nexport interface UpdateInstructions {\n format: string;\n install_type: string;\n title: string;\n steps: InstallStep[];\n}\n\nexport interface GetUpdateInstructionsResult {\n instructions: UpdateInstructions;\n}\n\n// =============================================================================\n// Actions - Update Instructions\n// =============================================================================\n\n/**\n * Fetches update instructions for an instance.\n * Returns step-by-step commands for updating to a target version.\n */\nexport async function getUpdateInstructions(\n input: GetUpdateInstructionsInput,\n context?: PortalActionContext\n): Promise<GetUpdateInstructionsResult> {\n const {\n token,\n installOptionsId,\n instanceId,\n targetChannelId,\n targetChannelSequence,\n privateRegistryHostname\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"getUpdateInstructions requires a session token\");\n }\n\n if (!targetChannelId?.trim()) {\n throw new Error(\"Target channel ID is required\");\n }\n\n if (targetChannelSequence === undefined || targetChannelSequence === null) {\n throw new Error(\"Target channel sequence is required\");\n }\n\n // Need either installOptionsId or instanceId\n const identifier = installOptionsId || instanceId;\n if (!identifier) {\n throw new Error(\"Either installOptionsId or instanceId is required\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // Build query params\n const queryParams = new URLSearchParams();\n queryParams.set(\"targetChannelId\", targetChannelId.trim());\n queryParams.set(\"targetChannelSequence\", targetChannelSequence.toString());\n \n if (privateRegistryHostname?.trim()) {\n queryParams.set(\"privateRegistryHostname\", privateRegistryHostname.trim());\n }\n \n // When using instance_id, we still need a path parameter for the route\n // but it will be ignored by the backend in favor of the instance_id query param\n if (!installOptionsId && instanceId) {\n queryParams.set(\"instance_id\", instanceId);\n }\n\n const pathId = installOptionsId || \"placeholder\";\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = `${origin}/enterprise-portal/install-options/${pathId}/update-instructions?${queryParams.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching update instructions via %s\", url);\n }\n\n const response = await authenticatedFetch(url, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n let errorMessage = \"Failed to fetch update instructions\";\n try {\n const errorData = JSON.parse(errorText);\n errorMessage = errorData.error || errorData.message || errorMessage;\n } catch {\n // Use default message\n }\n throw new Error(errorMessage);\n }\n\n const data = await response.json();\n\n return {\n instructions: {\n format: data.format || \"steps\",\n install_type: data.install_type,\n title: data.title,\n steps: data.steps || []\n }\n };\n}\n\n// =============================================================================\n// Types - Pending Installations\n// =============================================================================\n\nexport interface FetchPendingInstallationsInput {\n token: string;\n}\n\nexport interface PendingInstallation {\n id: string;\n name: string;\n method: \"helm\" | \"linux\";\n startedBy: string;\n startedAt: string;\n}\n\nexport interface FetchPendingInstallationsResult {\n installations: PendingInstallation[];\n}\n\n// =============================================================================\n// Fetch Pending Installations\n// =============================================================================\n\n/**\n * Fetches pending (in-progress) installations for the current user.\n * Returns up to 5 most recent installations, ordered by creation date descending.\n */\nexport async function fetchPendingInstallations(\n input: FetchPendingInstallationsInput,\n context?: PortalActionContext\n): Promise<FetchPendingInstallationsResult> {\n const { token } = input;\n \n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchPendingInstallations requires a non-empty token\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n // This endpoint returns 200 with empty array instead of 404 when no results\n const queryParams = new URLSearchParams();\n queryParams.set(\"status\", \"in_progress\");\n queryParams.set(\"page_size\", \"5\");\n queryParams.set(\"order_by\", \"created_at\");\n queryParams.set(\"order_direction\", \"desc\");\n\n const endpoint = `${origin}/enterprise-portal/install-options?${queryParams.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching pending installations via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Pending installations request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n const payload = envelope.data;\n\n // Parse the response - expecting {install_options: [...]}\n const installArray = payload?.install_options || [];\n\n const installations: PendingInstallation[] = installArray.map((item: Record<string, unknown>) => ({\n id: String(item.id || \"\"),\n name: String(item.instance_name || \"Unknown\"),\n method: item.install_type === \"helm\" ? \"helm\" as const : \"linux\" as const,\n startedBy: String(item.service_account_email_address || \"Unknown\"),\n startedAt: String(item.started_at || new Date().toISOString())\n }));\n\n return {\n installations\n };\n}\n\n","/**\n * Instance-related server actions for the Update page.\n * \n * These actions handle fetching and managing instances including:\n * - Listing all instances (online and airgap)\n * - Fetching install options for instances\n * - Calculating update availability\n */\n\nimport { authenticatedFetch } from \"../utils/api-client\";\nimport { getApiOrigin, getCustomerIdFromToken } from \"./index\";\nimport type { PortalActionContext } from \"./index\";\nimport type { ChannelRelease, InstallOptions } from \"./install\";\nexport type { InstallOptions } from \"./install\";\n\n// =============================================================================\n// Types - Instance\n// =============================================================================\n\nexport type ResourceStatus = \"ready\" | \"updating\" | \"unknown\" | \"missing\" | \"unavailable\" | \"degraded\";\n\nexport interface ResourceState {\n kind: string;\n name: string;\n namespace: string;\n state: ResourceStatus;\n}\n\nexport interface InstanceTag {\n key: string;\n value: string;\n origin?: string;\n}\n\nexport interface Instance {\n id: string;\n firstCheckin: string;\n firstReadyAt?: string;\n lastCheckin: string;\n isAirgap: boolean;\n appStatus?: string;\n resourceStates?: ResourceState[];\n versionLabel?: string;\n channelId?: string;\n channelSequence?: number;\n serviceAccountId?: string;\n embeddedClusterId?: string;\n kotsInstallId?: string;\n kurlInstallId?: string;\n k8sVersion?: string;\n k8sDistribution?: string;\n tags?: InstanceTag[];\n}\n\nexport interface FetchInstancesInput {\n token: string;\n}\n\nexport interface FetchInstancesResult {\n instances: Instance[];\n online: Instance[];\n airgap: Instance[];\n}\n\n// =============================================================================\n// Types - Install Options by Instance\n// =============================================================================\n\nexport interface FetchInstallOptionsByInstanceIdsInput {\n token: string;\n instanceIds: string[];\n}\n\nexport interface FetchInstallOptionsByInstanceIdsResult {\n installOptions: InstallOptions[];\n}\n\n// =============================================================================\n// Constants\n// =============================================================================\n\n/** 24 hours in milliseconds - threshold for active vs inactive instances */\nexport const ACTIVE_INSTANCE_THRESHOLD_MS = 24 * 60 * 60 * 1000;\n\n// =============================================================================\n// Helper Functions\n// =============================================================================\n\n/**\n * Determines if an instance is active based on last check-in time.\n * Active = last check-in within the last 24 hours.\n */\nexport function isInstanceActive(instance: Instance): boolean {\n if (!instance.lastCheckin) {\n return false;\n }\n const lastCheckinTime = new Date(instance.lastCheckin).getTime();\n const threshold = Date.now() - ACTIVE_INSTANCE_THRESHOLD_MS;\n return lastCheckinTime > threshold;\n}\n\n/**\n * Filters instances into active and inactive lists.\n */\nexport function filterActiveInactiveInstances(instances: Instance[]): {\n activeInstances: Instance[];\n inactiveInstances: Instance[];\n} {\n const activeInstances = instances.filter(isInstanceActive);\n const inactiveInstances = instances.filter((instance) => !isInstanceActive(instance));\n return { activeInstances, inactiveInstances };\n}\n\n/**\n * Gets the install type for an instance based on instance data and install options.\n */\nexport function getInstallType(\n instance: Instance,\n installOptions?: InstallOptions[]\n): \"helm\" | \"embedded cluster\" | null {\n const instanceHasNoInstallTypes =\n !instance.kotsInstallId &&\n !instance.kurlInstallId &&\n !instance.embeddedClusterId;\n const isManuallyCreatedAirgapInstance =\n instance.isAirgap && instanceHasNoInstallTypes;\n\n // Check for embedded cluster first - explicitly set\n if (instance.embeddedClusterId) {\n return \"embedded cluster\";\n }\n\n // Check for helm install with k8s info\n if (instanceHasNoInstallTypes && instance.k8sDistribution) {\n return \"helm\";\n }\n\n // Default fallback for ambiguous cases (manually created airgap without k8s info):\n // Check install options first, then assume embedded cluster\n if (isManuallyCreatedAirgapInstance && !instance.k8sDistribution) {\n if (installOptions) {\n const matchingInstallOption = installOptions.find(\n (option) => option.instance_id === instance.id\n );\n if (matchingInstallOption) {\n if (matchingInstallOption.install_type === \"helm\") {\n return \"helm\";\n }\n if (matchingInstallOption.install_type === \"linux\") {\n return \"embedded cluster\";\n }\n }\n }\n // Final fallback: assume embedded cluster\n return \"embedded cluster\";\n }\n\n return null;\n}\n\n/**\n * Calculates the number of available updates for an instance.\n */\nexport function calculateUpdatesForInstance(\n instance: Instance,\n channelReleases: ChannelRelease[]\n): number {\n if (!channelReleases || !Array.isArray(channelReleases)) {\n return 0;\n }\n\n const instanceChannelSequence = instance.channelSequence ?? 0;\n\n // Filter to matching channel and count releases with higher sequence\n const matchingReleases = channelReleases.filter(\n (release) => release.channelId === instance.channelId\n );\n\n return matchingReleases.filter(\n (release) => release.channelSequence > instanceChannelSequence\n ).length;\n}\n\n/**\n * Gets the instance name from tags or returns truncated ID.\n */\nexport function getInstanceName(instance: Instance): string {\n const nameTag = instance.tags?.find((tag) => tag.key === \"name\");\n return nameTag?.value || instance.id.slice(0, 7);\n}\n\n// =============================================================================\n// Actions\n// =============================================================================\n\n/**\n * Fetches all instances for the customer.\n * Returns instances split into online and airgap categories.\n */\nexport async function fetchInstances(\n input: FetchInstancesInput,\n context?: PortalActionContext\n): Promise<FetchInstancesResult> {\n const { token } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"fetchInstances requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/instances`);\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching instances via %s\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Instances request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const payload = await response.json();\n // Extract from Enterprise Portal API envelope\n const data = payload.data;\n const allInstances: Instance[] = data?.instances || [];\n\n // Split into online and airgap\n const online = allInstances.filter((instance) => !instance.isAirgap);\n const airgap = allInstances.filter((instance) => instance.isAirgap);\n\n return {\n instances: allInstances,\n online,\n airgap\n };\n}\n\n// =============================================================================\n// Types - Create Air Gap Instance\n// =============================================================================\n\nexport type AirgapInstanceStatus = \"unavailable\" | \"missing\";\n\nexport interface CreateAirgapInstanceInput {\n token: string;\n serviceAccountId: string;\n instanceName?: string;\n channelId: string;\n channelSequence: number;\n k8sVersion?: string;\n k8sDistribution?: string;\n appStatus?: AirgapInstanceStatus;\n}\n\nexport interface CreateAirgapInstanceResult {\n instanceId: string;\n licenseId: string;\n createdAt: string;\n lastActive: string;\n appFirstReadyAt: string | null;\n appStatus: string;\n isAirgap: boolean;\n channelId?: string;\n channelSequence?: number;\n k8sVersion?: string;\n k8sDistribution?: string;\n}\n\n/**\n * Creates an air gap instance record manually.\n * This is used when customers want to track air gap instances that can't check in.\n */\nexport async function createAirgapInstance(\n input: CreateAirgapInstanceInput,\n context?: PortalActionContext\n): Promise<CreateAirgapInstanceResult> {\n const {\n token,\n serviceAccountId,\n instanceName,\n channelId,\n channelSequence,\n k8sVersion,\n k8sDistribution,\n appStatus = \"missing\"\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"createAirgapInstance requires a session token\");\n }\n\n if (!serviceAccountId?.trim()) {\n throw new Error(\"Service account ID is required\");\n }\n\n if (!channelId?.trim()) {\n throw new Error(\"Channel ID is required\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/instances/airgap`);\n\n const body: Record<string, unknown> = {\n service_account_id: serviceAccountId.trim(),\n channel_id: channelId.trim(),\n channel_sequence: channelSequence,\n app_status: appStatus\n };\n\n if (instanceName?.trim()) {\n body.instance_name = instanceName.trim();\n }\n if (k8sVersion?.trim()) {\n body.k8s_version = k8sVersion.trim();\n }\n if (k8sDistribution?.trim()) {\n body.k8s_distribution = k8sDistribution.trim();\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] creating airgap instance via %s\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n let errorMessage = \"Failed to create airgap instance\";\n try {\n const errorData = JSON.parse(errorText);\n errorMessage = errorData.error || errorData.message || errorMessage;\n } catch {\n // Use default message\n }\n throw new Error(errorMessage);\n }\n\n const data = await response.json();\n \n return {\n instanceId: data.instance_id,\n licenseId: data.license_id,\n createdAt: data.created_at,\n lastActive: data.last_active,\n appFirstReadyAt: data.app_first_ready_at,\n appStatus: data.app_status,\n isAirgap: data.is_airgap,\n channelId: data.channel_id,\n channelSequence: data.channel_sequence,\n k8sVersion: data.k8s_version,\n k8sDistribution: data.k8s_distribution\n };\n}\n\n// =============================================================================\n// Types - Update Air Gap Instance\n// =============================================================================\n\nexport interface UpdateAirgapInstanceInput {\n token: string;\n instanceId: string;\n serviceAccountId?: string;\n channelId: string;\n channelSequence: number;\n}\n\nexport interface UpdateAirgapInstanceResult {\n success: boolean;\n}\n\n/**\n * Updates an air gap instance record (mark update complete).\n * This is called after completing an air gap update to update the instance version.\n */\nexport async function updateAirgapInstance(\n input: UpdateAirgapInstanceInput,\n context?: PortalActionContext\n): Promise<UpdateAirgapInstanceResult> {\n const {\n token,\n instanceId,\n serviceAccountId,\n channelId,\n channelSequence\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"updateAirgapInstance requires a session token\");\n }\n\n if (!instanceId?.trim()) {\n throw new Error(\"Instance ID is required\");\n }\n\n if (!channelId?.trim()) {\n throw new Error(\"Channel ID is required\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/instances/airgap/${instanceId.trim()}`);\n\n const body: Record<string, unknown> = {\n channel_id: channelId.trim(),\n channel_sequence: channelSequence\n };\n\n if (serviceAccountId?.trim()) {\n body.service_account_id = serviceAccountId.trim();\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating airgap instance via %s\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"PATCH\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n let errorMessage = \"Failed to update airgap instance\";\n try {\n const errorData = JSON.parse(errorText);\n errorMessage = errorData.error || errorData.message || errorMessage;\n } catch {\n // Use default message\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n}\n\n/**\n * Fetches install options for a batch of instance IDs.\n * Handles chunking automatically if more than 50 IDs are provided.\n */\nexport async function fetchInstallOptionsByInstanceIds(\n input: FetchInstallOptionsByInstanceIdsInput,\n context?: PortalActionContext\n): Promise<FetchInstallOptionsByInstanceIdsResult> {\n const { token, instanceIds } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"fetchInstallOptionsByInstanceIds requires a session token\");\n }\n\n if (!instanceIds || instanceIds.length === 0) {\n return { installOptions: [] };\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // Chunk instance IDs into groups of 50 (API limit)\n const chunks: string[][] = [];\n for (let i = 0; i < instanceIds.length; i += 50) {\n chunks.push(instanceIds.slice(i, i + 50));\n }\n\n const allInstallOptions: InstallOptions[] = [];\n\n for (const chunk of chunks) {\n if (chunk.length === 0) continue;\n\n // Build query string with multiple instance_id params\n const queryParams = chunk\n .map((id) => `instance_id=${encodeURIComponent(id)}`)\n .join(\"&\");\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = `${origin}/enterprise-portal/install-options?${queryParams}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching install options via %s\", url);\n }\n\n const response = await authenticatedFetch(url, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (response.status === 404) {\n // No install options found for this chunk - continue\n continue;\n }\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Install options request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const envelope = await response.json();\n // Extract from Enterprise Portal API envelope\n const options: InstallOptions[] = envelope?.data?.install_options || [];\n allInstallOptions.push(...options);\n }\n\n return { installOptions: allInstallOptions };\n}\n\n"]}
1
+ {"version":3,"sources":["../../src/utils/api-client.ts","../../src/actions/index.ts","../../src/actions/install.ts","../../src/actions/instances.ts"],"names":["fetchInstances"],"mappings":";;;;;;;;;AAwCA,eAAsB,kBAAA,CACpB,GAAA,EACA,OAAA,GAA2B,EAAC,EACT;AACnB,EAAA,MAAM,EAAE,KAAA,EAAO,GAAG,YAAA,EAAa,GAAI,OAAA;AAGnC,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,YAAA,CAAa,OAAO,CAAA;AAChD,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAA;AAAA,EAChD;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,IAChC,GAAG,YAAA;AAAA,IACH;AAAA,GACD,CAAA;AAGD,EAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,IAAA,MAAM,SAAA,EAAU;AAAA,EAClB;AAGA,EAAA,IAAI,QAAA,CAAS,WAAW,GAAA,IAAO,QAAA,CAAS,WAAW,GAAA,IAAO,QAAA,CAAS,WAAW,GAAA,EAAK;AACjF,IAAA,MAAM,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAAA,EACzC;AAEA,EAAA,OAAO,QAAA;AACT;AA2BA,eAAe,SAAA,GAA4B;AACzC,EAAA,MAAM,EAAE,QAAA,EAAS,GAAI,MAAM,OAAO,iBAAiB,CAAA;AAGnD,EAAA,OAAO,SAAS,aAAa,CAAA;AAC/B;AAuBA,eAAe,kBAAkB,UAAA,EAAoC;AACnE,EAAA,MAAM,EAAE,QAAA,EAAS,GAAI,MAAM,OAAO,iBAAiB,CAAA;AAGnD,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAM,OAAO,cAAc,CAAA;AAC/C,IAAA,MAAM,WAAA,GAAc,MAAM,OAAA,EAAQ;AAClC,IAAA,MAAM,OAAA,GAAU,WAAA,CAAY,GAAA,CAAI,SAAS,CAAA;AACzC,IAAA,MAAM,IAAA,GAAO,WAAA,CAAY,GAAA,CAAI,MAAM,CAAA;AACnC,IAAA,MAAM,WAAW,WAAA,CAAY,GAAA,CAAI,eAAe,CAAA,IAAK,WAAA,CAAY,IAAI,kBAAkB,CAAA;AAEvF,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,SAAA,GAAY,OAAA;AAAA,IACd,CAAA,MAAA,IAAW,QAAQ,QAAA,EAAU;AAC3B,MAAA,MAAM,QAAA,GAAW,WAAA,CAAY,GAAA,CAAI,mBAAmB,CAAA,IAAK,OAAA;AACzD,MAAA,SAAA,GAAY,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,GAAG,QAAQ,CAAA,CAAA;AAAA,IAC9C;AAAA,EACF,SAAS,KAAA,EAAO;AAEd,IAAA,OAAA,CAAQ,KAAA,CAAM,sDAAsD,KAAK,CAAA;AAAA,EAC3E;AAGA,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB,EAAE,MAAM,MAAA,CAAO,UAAU,GAAG,CAAA;AAC/D,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,MAAA,CAAO,GAAA,CAAI,UAAU,SAAS,CAAA;AAAA,EAChC;AAEA,EAAA,OAAO,QAAA,CAAS,CAAA,OAAA,EAAU,MAAA,CAAO,QAAA,EAAU,CAAA,CAAE,CAAA;AAC/C;ACvIO,IAAM,eAAe,MAAc;AACxC,EAAA,OAAA,CAAQ,QAAQ,GAAA,CAAI,qBAAA,IAAyB,wBAAA,EAA0B,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC3F,CAAA;AA4aA,IAAM,0BAA0B,YAA6C;AAC3E,EAAA,MAAM,OAAA,GAAU,QAAQ,GAAA,CAAI,eAAA;AAE5B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,MAAM,mCAAmC,CAAA;AAAA,EACrD;AAEA,EAAA,MAAM,GAAA,GAAM,CAAA,EAAG,YAAA,EAAc,CAAA,4CAAA,EAA+C,kBAAA;AAAA,IAC1E;AAAA,GACD,CAAA,CAAA;AAED,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA;AAAA,MACN,6EAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,IAChC,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,gCAAA,EAAmC,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,SAAS,UAAU,CAAA,CAAA;AAAA,KAC3E;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,QAAA,CAAS,IAAA,EAAK;AAIpC,EAAA,MAAM,cAAA,GAAiB;AAAA,IACrB,MAAM,OAAA,CAAQ,OAAA;AAAA,IACd,OAAO,OAAA,CAAQ,OAAA;AAAA,IACf,cAAc,OAAA,CAAQ,YAAA;AAAA,IACtB,cAAc,OAAA,CAAQ,cAAA;AAAA,IACtB,SAAS,OAAA,CAAQ;AAAA,GACnB;AAGA,EAAA,MAAM,YAAA,GAAe,OAAO,IAAA,CAAK,IAAA,CAAK,UAAU,cAAc,CAAC,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA;AAElF,EAAA,OAAO;AAAA,IACL,YAAA;AAAA,IACA,aAAA,EAAe;AAAA;AAAA,GACjB;AACF,CAAA;AAOmC,MAAM,uBAAuB;AAEzD,IAAM,gBAAA,GAAmB,CAAC,KAAA,KAA2C;AAC1E,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAC7B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAAA,EACxC;AAEA,EAAA,MAAM,cAAA,GAAiB,MAAM,CAAC,CAAA;AAC9B,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,EAC/C;AAEA,EAAA,MAAM,SAAS,cAAA,CAAe,MAAA;AAAA,IAC5B,cAAA,CAAe,MAAA,GAAA,CAAW,CAAA,GAAK,cAAA,CAAe,SAAS,CAAA,IAAM,CAAA;AAAA,IAC7D;AAAA,GACF;AACA,EAAA,MAAM,UAAU,MAAA,CAAO,IAAA,CAAK,QAAQ,QAAQ,CAAA,CAAE,SAAS,OAAO,CAAA;AAC9D,EAAA,OAAO,IAAA,CAAK,MAAM,OAAO,CAAA;AAC3B,CAAA;AAKO,IAAM,sBAAA,GAAyB,CAAC,KAAA,KAA0B;AAC/D,EAAA,MAAM,OAAA,GAAU,iBAAiB,KAAK,CAAA;AACtC,EAAA,MAAM,UAAA,GAAa,OAAA,EAAS,WAAA,IAAe,OAAA,EAAS,UAAA;AACpD,EAAA,IAAI,OAAO,UAAA,KAAe,QAAA,IAAY,CAAC,UAAA,CAAW,MAAK,EAAG;AACxD,IAAA,MAAM,IAAI,MAAM,oDAAoD,CAAA;AAAA,EACtE;AACA,EAAA,OAAO,WAAW,IAAA,EAAK;AACzB,CAAA;;;ACzVA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM,EAAE,KAAA,EAAO,SAAA,EAAU,GAAI,KAAA;AAE7B,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,mCAAA,CAAqC,CAAA;AAClE,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,YAAA,EAAc,SAAS,CAAA;AAAA,EAC9C;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,8EAAA,EAAgF,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EAC9G;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,oCAAoC,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KAC3F;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,EAAA,MAAM,UAAU,QAAA,CAAS,IAAA;AAEzB,EAAA,OAAO;AAAA,IACL,eAAA,EAAiB,OAAA,EAAS,eAAA,IAAmB;AAAC,GAChD;AACF;AAUA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,WAAA;AAAA,IACA,YAAA;AAAA,IACA,gBAAA;AAAA,IACA,mBAAA;AAAA,IACA,WAAA,GAAc,KAAA;AAAA,IACd,SAAA;AAAA,IACA,sBAAA;AAAA,IACA,oBAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAK,EAAG;AACzB,IAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,EAC7C;AAEA,EAAA,IAAI,CAAC,gBAAA,EAAkB,IAAA,EAAK,EAAG;AAC7B,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAE5B,EAAA,MAAM,QAAA,GAAW,GAAG,MAAM,CAAA,2DAAA,CAAA;AAE1B,EAAA,MAAM,IAAA,GAAgC;AAAA,IACpC,YAAA,EAAc,WAAA;AAAA,IACd,aAAA,EAAe,aAAa,IAAA,EAAK;AAAA,IACjC,kBAAA,EAAoB,iBAAiB,IAAA,EAAK;AAAA,IAC1C,oBAAA,EAAsB,mBAAA;AAAA,IACtB,aAAA,EAAe;AAAA,GACjB;AAGA,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAAA,EACpB;AACA,EAAA,IAAI,2BAA2B,MAAA,EAAW;AACxC,IAAA,IAAA,CAAK,wBAAA,GAA2B,sBAAA;AAAA,EAClC;AACA,EAAA,IAAI,oBAAA,EAAsB;AACxB,IAAA,IAAA,CAAK,qBAAA,GAAwB,oBAAA;AAAA,EAC/B;AACA,EAAA,IAAI,sBAAA,EAAwB;AAC1B,IAAA,IAAA,CAAK,uBAAA,GAA0B,sBAAA;AAAA,EACjC;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,uDAAuD,QAAQ,CAAA;AAAA,EAC/E;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,QAAA,EAAU;AAAA,IAClD,MAAA,EAAQ,MAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,kCAAkC,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KACzF;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,SAAS,IAAA,EAAK;AAC7B;AAMA,eAAsB,iBAAA,CACpB,OACA,OAAA,EACkC;AAClC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,gBAAA;AAAA,IACA,mBAAA,GAAsB,IAAA;AAAA,IACtB,uBAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,EAC9D;AAEA,EAAA,IAAI,CAAC,gBAAA,EAAkB,IAAA,EAAK,EAAG;AAC7B,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,mCAAA,EAAsC,gBAAA,CAAiB,IAAA,EAAM,CAAA,CAAE,CAAA;AAE5F,EAAA,IAAI,mBAAA,EAAqB;AACvB,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,qBAAA,EAAuB,MAAM,CAAA;AAAA,EACpD;AACA,EAAA,IAAI,uBAAA,EAAyB;AAC3B,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,yBAAA,EAA2B,uBAAuB,CAAA;AAAA,EACzE;AACA,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AAAA,EAC3C;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,6EAAA,EAA+E,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EAC7G;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,+BAA+B,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KACtF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,EAAA,OAAO,QAAA,CAAS,IAAA;AAClB;AAOA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,gBAAA;AAAA,IACA,WAAA;AAAA,IACA,SAAA;AAAA,IACA,sBAAA;AAAA,IACA,mBAAA;AAAA,IACA,oBAAA;AAAA,IACA,sBAAA;AAAA,IACA,WAAA;AAAA,IACA,gBAAA;AAAA,IACA,eAAA;AAAA,IACA,MAAA;AAAA,IACA,mBAAA,GAAsB,IAAA;AAAA,IACtB,uBAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,CAAC,gBAAA,EAAkB,IAAA,EAAK,EAAG;AAC7B,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,mCAAA,EAAsC,gBAAA,CAAiB,IAAA,EAAM,CAAA,CAAE,CAAA;AAE5F,EAAA,IAAI,mBAAA,EAAqB;AACvB,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,qBAAA,EAAuB,MAAM,CAAA;AAAA,EACpD;AACA,EAAA,IAAI,uBAAA,EAAyB;AAC3B,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,yBAAA,EAA2B,uBAAuB,CAAA;AAAA,EACzE;AACA,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AAAA,EAC3C;AAGA,EAAA,MAAM,OAAgC,EAAC;AAEvC,EAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,IAAA,IAAA,CAAK,YAAA,GAAe,WAAA;AAAA,EACtB;AACA,EAAA,IAAI,cAAc,MAAA,EAAW;AAC3B,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAAA,EACpB;AACA,EAAA,IAAI,2BAA2B,MAAA,EAAW;AACxC,IAAA,IAAA,CAAK,wBAAA,GAA2B,sBAAA;AAAA,EAClC;AACA,EAAA,IAAI,wBAAwB,MAAA,EAAW;AACrC,IAAA,IAAA,CAAK,oBAAA,GAAuB,mBAAA;AAAA,EAC9B;AACA,EAAA,IAAI,yBAAyB,MAAA,EAAW;AACtC,IAAA,IAAA,CAAK,qBAAA,GAAwB,oBAAA;AAAA,EAC/B;AACA,EAAA,IAAI,2BAA2B,MAAA,EAAW;AACxC,IAAA,IAAA,CAAK,uBAAA,GAA0B,sBAAA;AAAA,EACjC;AACA,EAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,IAAA,IAAA,CAAK,aAAA,GAAgB,WAAA;AAAA,EACvB;AACA,EAAA,IAAI,qBAAqB,MAAA,EAAW;AAClC,IAAA,IAAA,CAAK,kBAAA,GAAqB,gBAAA;AAAA,EAC5B;AACA,EAAA,IAAI,oBAAoB,MAAA,EAAW;AACjC,IAAA,IAAA,CAAK,iBAAA,GAAoB,eAAA;AAAA,EAC3B;AACA,EAAA,IAAI,WAAW,MAAA,EAAW;AACxB,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,qDAAA,EAAuD,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EACrF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,OAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,kCAAkC,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KACzF;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,SAAS,IAAA,EAAK;AAC7B;AAUO,SAAS,8BAA8B,QAAA,EAA8C;AAC1F,EAAA,OAAO,QAAA,CAAS,MAAA;AAAA,IACd,CAAC,OAAA,KAAY,OAAA,CAAQ,iBAAA,EAAmB,eAAA,EAAiB;AAAA,GAC3D;AACF;AAMO,SAAS,mBAAmB,QAAA,EAA8C;AAC/E,EAAA,OAAO,QAAA,CAAS,MAAA;AAAA,IACd,CAAC,OAAA,KAAY,OAAA,CAAQ,iBAAA,EAAmB,IAAA,EAAM;AAAA,GAChD;AACF;AAuCA,eAAsB,qBAAA,CACpB,OACA,OAAA,EACsC;AACtC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,gBAAA;AAAA,IACA,UAAA;AAAA,IACA,eAAA;AAAA,IACA,qBAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,EAClE;AAEA,EAAA,IAAI,CAAC,eAAA,EAAiB,IAAA,EAAK,EAAG;AAC5B,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACjD;AAEA,EAAA,IAAI,qBAAA,KAA0B,MAAA,IAAa,qBAAA,KAA0B,IAAA,EAAM;AACzE,IAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,EACvD;AAGA,EAAA,MAAM,aAAa,gBAAA,IAAoB,UAAA;AACvC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,mDAAmD,CAAA;AAAA,EACrE;AAEA,EAAmB,uBAAuB,KAAK;AAC/C,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,WAAA,GAAc,IAAI,eAAA,EAAgB;AACxC,EAAA,WAAA,CAAY,GAAA,CAAI,iBAAA,EAAmB,eAAA,CAAgB,IAAA,EAAM,CAAA;AACzD,EAAA,WAAA,CAAY,GAAA,CAAI,uBAAA,EAAyB,qBAAA,CAAsB,QAAA,EAAU,CAAA;AAEzE,EAAA,IAAI,uBAAA,EAAyB,MAAK,EAAG;AACnC,IAAA,WAAA,CAAY,GAAA,CAAI,yBAAA,EAA2B,uBAAA,CAAwB,IAAA,EAAM,CAAA;AAAA,EAC3E;AAIA,EAAA,IAAI,CAAC,oBAAoB,UAAA,EAAY;AACnC,IAAA,WAAA,CAAY,GAAA,CAAI,eAAe,UAAU,CAAA;AAAA,EAC3C;AAEA,EAAA,MAAM,SAAS,gBAAA,IAAoB,aAAA;AAEnC,EAAA,MAAM,GAAA,GAAM,GAAG,MAAM,CAAA,mCAAA,EAAsC,MAAM,CAAA,qBAAA,EAAwB,WAAA,CAAY,UAAU,CAAA,CAAA;AAE/G,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,2DAA2D,GAAG,CAAA;AAAA,EAC9E;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,EAAK;AAAA,IAC7C,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,IAAI,YAAA,GAAe,qCAAA;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA;AACtC,MAAA,YAAA,GAAe,SAAA,CAAU,KAAA,IAAS,SAAA,CAAU,OAAA,IAAW,YAAA;AAAA,IACzD,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,EAC9B;AAEA,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,EAAA,OAAO;AAAA,IACL,YAAA,EAAc;AAAA,MACZ,MAAA,EAAQ,KAAK,MAAA,IAAU,OAAA;AAAA,MACvB,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,KAAA,EAAO,IAAA,CAAK,KAAA,IAAS;AAAC;AACxB,GACF;AACF;AA8BA,eAAsB,yBAAA,CACpB,OACA,OAAA,EAC0C;AAC1C,EAAA,MAAM,EAAE,OAAM,GAAI,KAAA;AAElB,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,MAAM,IAAA,EAAK,CAAE,WAAW,CAAA,EAAG;AAC1D,IAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AAAA,EACxE;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAI5B,EAAA,MAAM,WAAA,GAAc,IAAI,eAAA,EAAgB;AACxC,EAAA,WAAA,CAAY,GAAA,CAAI,UAAU,aAAa,CAAA;AACvC,EAAA,WAAA,CAAY,GAAA,CAAI,aAAa,GAAG,CAAA;AAChC,EAAA,WAAA,CAAY,GAAA,CAAI,YAAY,YAAY,CAAA;AACxC,EAAA,WAAA,CAAY,GAAA,CAAI,mBAAmB,MAAM,CAAA;AAEzC,EAAA,MAAM,WAAW,CAAA,EAAG,MAAM,CAAA,mCAAA,EAAsC,WAAA,CAAY,UAAU,CAAA,CAAA;AAEtF,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,qFAAqF,QAAQ,CAAA;AAAA,EAC7G;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,QAAA,EAAU;AAAA,IAClD,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,sCAAA,EAAyC,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,SAAS,UAAU,CAAA,CAAA;AAAA,KACjF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,EAAA,MAAM,UAAU,QAAA,CAAS,IAAA;AAGzB,EAAA,MAAM,YAAA,GAAe,OAAA,EAAS,eAAA,IAAmB,EAAC;AAElD,EAAA,MAAM,aAAA,GAAuC,YAAA,CAAa,GAAA,CAAI,CAAC,IAAA,MAAmC;AAAA,IAChG,EAAA,EAAI,MAAA,CAAO,IAAA,CAAK,EAAA,IAAM,EAAE,CAAA;AAAA,IACxB,IAAA,EAAM,MAAA,CAAO,IAAA,CAAK,aAAA,IAAiB,SAAS,CAAA;AAAA,IAC5C,MAAA,EAAQ,IAAA,CAAK,YAAA,KAAiB,MAAA,GAAS,MAAA,GAAkB,OAAA;AAAA,IACzD,SAAA,EAAW,MAAA,CAAO,IAAA,CAAK,6BAAA,IAAiC,SAAS,CAAA;AAAA,IACjE,SAAA,EAAW,OAAO,IAAA,CAAK,UAAA,IAAA,qBAAkB,IAAA,EAAK,EAAE,aAAa;AAAA,GAC/D,CAAE,CAAA;AAEF,EAAA,OAAO;AAAA,IACL;AAAA,GACF;AACF;;;AC3oBO,IAAM,4BAAA,GAA+B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAUpD,SAAS,iBAAiB,QAAA,EAA6B;AAC5D,EAAA,IAAI,CAAC,SAAS,WAAA,EAAa;AACzB,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,kBAAkB,IAAI,IAAA,CAAK,QAAA,CAAS,WAAW,EAAE,OAAA,EAAQ;AAC/D,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,4BAAA;AAC/B,EAAA,OAAO,eAAA,GAAkB,SAAA;AAC3B;AAKO,SAAS,8BAA8B,SAAA,EAG5C;AACA,EAAA,MAAM,eAAA,GAAkB,SAAA,CAAU,MAAA,CAAO,gBAAgB,CAAA;AACzD,EAAA,MAAM,iBAAA,GAAoB,UAAU,MAAA,CAAO,CAAC,aAAa,CAAC,gBAAA,CAAiB,QAAQ,CAAC,CAAA;AACpF,EAAA,OAAO,EAAE,iBAAiB,iBAAA,EAAkB;AAC9C;AAKO,SAAS,cAAA,CACd,UACA,cAAA,EACoC;AACpC,EAAA,MAAM,yBAAA,GACJ,CAAC,QAAA,CAAS,aAAA,IACV,CAAC,QAAA,CAAS,aAAA,IACV,CAAC,QAAA,CAAS,iBAAA;AACZ,EAAA,MAAM,+BAAA,GACJ,SAAS,QAAA,IAAY,yBAAA;AAGvB,EAAA,IAAI,SAAS,iBAAA,EAAmB;AAC9B,IAAA,OAAO,kBAAA;AAAA,EACT;AAGA,EAAA,IAAI,yBAAA,IAA6B,SAAS,eAAA,EAAiB;AACzD,IAAA,OAAO,MAAA;AAAA,EACT;AAIA,EAAA,IAAI,+BAAA,IAAmC,CAAC,QAAA,CAAS,eAAA,EAAiB;AAChE,IAAA,IAAI,cAAA,EAAgB;AAClB,MAAA,MAAM,wBAAwB,cAAA,CAAe,IAAA;AAAA,QAC3C,CAAC,MAAA,KAAW,MAAA,CAAO,WAAA,KAAgB,QAAA,CAAS;AAAA,OAC9C;AACA,MAAA,IAAI,qBAAA,EAAuB;AACzB,QAAA,IAAI,qBAAA,CAAsB,iBAAiB,MAAA,EAAQ;AACjD,UAAA,OAAO,MAAA;AAAA,QACT;AACA,QAAA,IAAI,qBAAA,CAAsB,iBAAiB,OAAA,EAAS;AAClD,UAAA,OAAO,kBAAA;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,kBAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,2BAAA,CACd,UACA,eAAA,EACQ;AACR,EAAA,IAAI,CAAC,eAAA,IAAmB,CAAC,KAAA,CAAM,OAAA,CAAQ,eAAe,CAAA,EAAG;AACvD,IAAA,OAAO,CAAA;AAAA,EACT;AAEA,EAAA,MAAM,uBAAA,GAA0B,SAAS,eAAA,IAAmB,CAAA;AAG5D,EAAA,MAAM,mBAAmB,eAAA,CAAgB,MAAA;AAAA,IACvC,CAAC,OAAA,KAAY,OAAA,CAAQ,SAAA,KAAc,QAAA,CAAS;AAAA,GAC9C;AAEA,EAAA,OAAO,gBAAA,CAAiB,MAAA;AAAA,IACtB,CAAC,OAAA,KAAY,OAAA,CAAQ,eAAA,GAAkB;AAAA,GACzC,CAAE,MAAA;AACJ;AAKO,SAAS,gBAAgB,QAAA,EAA4B;AAC1D,EAAA,MAAM,OAAA,GAAU,SAAS,IAAA,EAAM,IAAA,CAAK,CAAC,GAAA,KAAQ,GAAA,CAAI,QAAQ,MAAM,CAAA;AAC/D,EAAA,OAAO,SAAS,KAAA,IAAS,QAAA,CAAS,EAAA,CAAG,KAAA,CAAM,GAAG,CAAC,CAAA;AACjD;AAUA,eAAsBA,eAAAA,CACpB,OACA,OAAA,EAC+B;AAC/B,EAAA,MAAM,EAAE,OAAM,GAAI,KAAA;AAElB,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC3D;AAEA,EAAmB,uBAAuB,KAAK;AAC/C,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,4BAAA,CAA8B,CAAA;AAE3D,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,+CAAA,EAAiD,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EAC/E;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,KAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,6BAA6B,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,KACpF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,QAAA,CAAS,IAAA,EAAK;AAEpC,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AACrB,EAAA,MAAM,YAAA,GAA2B,IAAA,EAAM,SAAA,IAAa,EAAC;AAGrD,EAAA,MAAM,SAAS,YAAA,CAAa,MAAA,CAAO,CAAC,QAAA,KAAa,CAAC,SAAS,QAAQ,CAAA;AACnE,EAAA,MAAM,SAAS,YAAA,CAAa,MAAA,CAAO,CAAC,QAAA,KAAa,SAAS,QAAQ,CAAA;AAElE,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,YAAA;AAAA,IACX,MAAA;AAAA,IACA;AAAA,GACF;AACF;AAqCA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,gBAAA;AAAA,IACA,YAAA;AAAA,IACA,SAAA;AAAA,IACA,eAAA;AAAA,IACA,UAAA;AAAA,IACA,eAAA;AAAA,IACA,SAAA,GAAY;AAAA,GACd,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,CAAC,gBAAA,EAAkB,IAAA,EAAK,EAAG;AAC7B,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAEA,EAAA,IAAI,CAAC,SAAA,EAAW,IAAA,EAAK,EAAG;AACtB,IAAA,MAAM,IAAI,MAAM,wBAAwB,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,mCAAA,CAAqC,CAAA;AAElE,EAAA,MAAM,IAAA,GAAgC;AAAA,IACpC,kBAAA,EAAoB,iBAAiB,IAAA,EAAK;AAAA,IAC1C,UAAA,EAAY,UAAU,IAAA,EAAK;AAAA,IAC3B,gBAAA,EAAkB,eAAA;AAAA,IAClB,UAAA,EAAY;AAAA,GACd;AAEA,EAAA,IAAI,YAAA,EAAc,MAAK,EAAG;AACxB,IAAA,IAAA,CAAK,aAAA,GAAgB,aAAa,IAAA,EAAK;AAAA,EACzC;AACA,EAAA,IAAI,UAAA,EAAY,MAAK,EAAG;AACtB,IAAA,IAAA,CAAK,WAAA,GAAc,WAAW,IAAA,EAAK;AAAA,EACrC;AACA,EAAA,IAAI,eAAA,EAAiB,MAAK,EAAG;AAC3B,IAAA,IAAA,CAAK,gBAAA,GAAmB,gBAAgB,IAAA,EAAK;AAAA,EAC/C;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,qDAAA,EAAuD,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EACrF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,MAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,IAAI,YAAA,GAAe,kCAAA;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA;AACtC,MAAA,YAAA,GAAe,SAAA,CAAU,KAAA,IAAS,SAAA,CAAU,OAAA,IAAW,YAAA;AAAA,IACzD,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,EAC9B;AAEA,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,EAAA,OAAO;AAAA,IACL,YAAY,IAAA,CAAK,WAAA;AAAA,IACjB,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,YAAY,IAAA,CAAK,WAAA;AAAA,IACjB,iBAAiB,IAAA,CAAK,kBAAA;AAAA,IACtB,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,UAAU,IAAA,CAAK,SAAA;AAAA,IACf,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,iBAAiB,IAAA,CAAK,gBAAA;AAAA,IACtB,YAAY,IAAA,CAAK,WAAA;AAAA,IACjB,iBAAiB,IAAA,CAAK;AAAA,GACxB;AACF;AAsBA,eAAsB,oBAAA,CACpB,OACA,OAAA,EACqC;AACrC,EAAA,MAAM;AAAA,IACJ,KAAA;AAAA,IACA,UAAA;AAAA,IACA,gBAAA;AAAA,IACA,SAAA;AAAA,IACA;AAAA,GACF,GAAI,KAAA;AAEJ,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY,IAAA,EAAK,EAAG;AACvB,IAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,EAC3C;AAEA,EAAA,IAAI,CAAC,SAAA,EAAW,IAAA,EAAK,EAAG;AACtB,IAAA,MAAM,IAAI,MAAM,wBAAwB,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,MAAM,CAAA,oCAAA,EAAuC,UAAA,CAAW,IAAA,EAAM,CAAA,CAAE,CAAA;AAEvF,EAAA,MAAM,IAAA,GAAgC;AAAA,IACpC,UAAA,EAAY,UAAU,IAAA,EAAK;AAAA,IAC3B,gBAAA,EAAkB;AAAA,GACpB;AAEA,EAAA,IAAI,gBAAA,EAAkB,MAAK,EAAG;AAC5B,IAAA,IAAA,CAAK,kBAAA,GAAqB,iBAAiB,IAAA,EAAK;AAAA,EAClD;AAEA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,KAAA,CAAM,qDAAA,EAAuD,GAAA,CAAI,QAAA,EAAU,CAAA;AAAA,EACrF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,CAAI,UAAS,EAAG;AAAA,IACxD,MAAA,EAAQ,OAAA;AAAA,IACR,KAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACzB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,IAAA,IAAI,YAAA,GAAe,kCAAA;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA;AACtC,MAAA,YAAA,GAAe,SAAA,CAAU,KAAA,IAAS,SAAA,CAAU,OAAA,IAAW,YAAA;AAAA,IACzD,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACzB;AAMA,eAAsB,gCAAA,CACpB,OACA,OAAA,EACiD;AACjD,EAAA,MAAM,EAAE,KAAA,EAAO,WAAA,EAAY,GAAI,KAAA;AAE/B,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,2DAA2D,CAAA;AAAA,EAC7E;AAEA,EAAA,IAAI,CAAC,WAAA,IAAe,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG;AAC5C,IAAA,OAAO,EAAE,cAAA,EAAgB,EAAC,EAAE;AAAA,EAC9B;AAEA,EAAmB,uBAAuB,KAAK;AAC/C,EAAA,MAAM,SAAS,YAAA,EAAa;AAG5B,EAAA,MAAM,SAAqB,EAAC;AAC5B,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,WAAA,CAAY,MAAA,EAAQ,KAAK,EAAA,EAAI;AAC/C,IAAA,MAAA,CAAO,KAAK,WAAA,CAAY,KAAA,CAAM,CAAA,EAAG,CAAA,GAAI,EAAE,CAAC,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,oBAAsC,EAAC;AAE7C,EAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,IAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AAGxB,IAAA,MAAM,WAAA,GAAc,KAAA,CACjB,GAAA,CAAI,CAAC,EAAA,KAAO,CAAA,YAAA,EAAe,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAE,CAAA,CACnD,IAAA,CAAK,GAAG,CAAA;AAGX,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,MAAM,CAAA,mCAAA,EAAsC,WAAW,CAAA,CAAA;AAEtE,IAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,MAAA,OAAA,CAAQ,KAAA,CAAM,uDAAuD,GAAG,CAAA;AAAA,IAC1E;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,kBAAA,CAAmB,GAAA,EAAK;AAAA,MAC7C,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA;AAAA,MACA,OAAA,EAAS;AAAA,QACP,MAAA,EAAQ;AAAA,OACV;AAAA,MACA,QAAQ,OAAA,EAAS;AAAA,KAClB,CAAA;AAED,IAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAE3B,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACtC,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,mCAAmC,QAAA,CAAS,MAAM,IAAI,QAAA,CAAS,UAAU,MAAM,SAAS,CAAA;AAAA,OAC1F;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AAErC,IAAA,MAAM,OAAA,GAA4B,QAAA,EAAU,IAAA,EAAM,eAAA,IAAmB,EAAC;AACtE,IAAA,iBAAA,CAAkB,IAAA,CAAK,GAAG,OAAO,CAAA;AAAA,EACnC;AAEA,EAAA,OAAO,EAAE,gBAAgB,iBAAA,EAAkB;AAC7C","file":"install-actions.js","sourcesContent":["/**\n * Centralized API client utility for handling authenticated requests\n * with automatic 401 detection, cookie deletion, and redirect.\n */\n\nexport interface ApiFetchOptions extends RequestInit {\n token?: string;\n}\n\nexport class UnauthorizedError extends Error {\n constructor(message = \"Unauthorized\") {\n super(message);\n this.name = \"UnauthorizedError\";\n }\n}\n\n/**\n * Helper to check if an error is a Next.js redirect error.\n * These errors should NOT be caught as they control navigation flow.\n */\nexport function isRedirectError(error: unknown): boolean {\n return (\n typeof error === \"object\" &&\n error !== null &&\n \"digest\" in error &&\n typeof (error as { digest?: unknown }).digest === \"string\" &&\n (error as { digest: string }).digest.startsWith(\"NEXT_REDIRECT\")\n );\n}\n\n/**\n * Fetch wrapper that automatically handles error responses by:\n * - 401: Redirecting to \"/\" with expired parameter\n * - 502, 503, 504: Redirecting to \"/error\" with status code\n * \n * This function should be used for all authenticated API calls in server actions.\n * \n * IMPORTANT: This must be called from a Server Action context, not directly from\n * a Server Component, because it modifies cookies.\n */\nexport async function authenticatedFetch(\n url: string,\n options: ApiFetchOptions = {}\n): Promise<Response> {\n const { token, ...fetchOptions } = options;\n\n // Add authorization header if token is provided\n const headers = new Headers(fetchOptions.headers);\n if (token) {\n headers.set(\"authorization\", `Bearer ${token}`);\n }\n\n const response = await fetch(url, {\n ...fetchOptions,\n headers\n });\n\n // Handle 401 Unauthorized\n if (response.status === 401) {\n await handle401();\n }\n\n // Handle server errors (502, 503, 504) by redirecting to error page\n if (response.status === 502 || response.status === 503 || response.status === 504) {\n await handleServerError(response.status);\n }\n\n return response;\n}\n\n/**\n * Handles 401 unauthorized responses by redirecting to the root path with a logout parameter.\n * \n * Note: We cannot delete cookies here because this is called during Server Component\n * render, not from a true Server Action invocation.\n * \n * The home page MUST check for the `?expired=1` parameter and delete the portal_session\n * cookie when present to avoid infinite loops. Example:\n * \n * ```typescript\n * // In your home page (app/page.tsx)\n * import { cookies } from \"next/headers\";\n * \n * export default async function Home({ searchParams }: { searchParams: { expired?: string } }) {\n * if (searchParams.expired === \"1\") {\n * const cookieStore = await cookies();\n * cookieStore.delete(\"portal_session\");\n * }\n * \n * const sessionStore = await cookies();\n * const session = sessionStore.get(\"portal_session\");\n * // ... rest of your logic\n * }\n * ```\n */\nasync function handle401(): Promise<never> {\n const { redirect } = await import(\"next/navigation\");\n \n // Redirect with expired parameter so the home page can delete the cookie\n return redirect(\"/?expired=1\");\n}\n\n/**\n * Handles server errors (502, 503, 504) by redirecting to the error page.\n * \n * The error page route should be created at `app/error/page.tsx` in the consuming\n * application and use the ErrorPage component. Example:\n * \n * ```typescript\n * // In your error page (app/error/page.tsx)\n * import { ErrorPage } from \"@replicated/portal-components/error-page\";\n * \n * export default function Error({ \n * searchParams \n * }: { \n * searchParams: { code?: string; source?: string } \n * }) {\n * const statusCode = searchParams.code ? parseInt(searchParams.code, 10) : undefined;\n * const sourceUrl = searchParams.source;\n * return <ErrorPage statusCode={statusCode} sourceUrl={sourceUrl} />;\n * }\n * ```\n */\nasync function handleServerError(statusCode: number): Promise<never> {\n const { redirect } = await import(\"next/navigation\");\n \n // Try to get the current URL from Next.js headers\n let sourceUrl: string | undefined;\n try {\n const { headers } = await import(\"next/headers\");\n const headersList = await headers();\n const referer = headersList.get(\"referer\");\n const host = headersList.get(\"host\");\n const pathname = headersList.get(\"x-invoke-path\") || headersList.get(\"x-forwarded-path\");\n \n if (referer) {\n sourceUrl = referer;\n } else if (host && pathname) {\n const protocol = headersList.get(\"x-forwarded-proto\") || \"https\";\n sourceUrl = `${protocol}://${host}${pathname}`;\n }\n } catch (error) {\n // If we can't get headers, continue without source URL\n console.debug(\"[portal-components] Could not determine source URL\", error);\n }\n \n // Redirect to error page with status code and source URL parameters\n const params = new URLSearchParams({ code: String(statusCode) });\n if (sourceUrl) {\n params.set(\"source\", sourceUrl);\n }\n \n return redirect(`/error?${params.toString()}`);\n}\n","/**\n * Light-weight type helpers for defining Server Actions that align with the\n * enterprise portal guardrails. The component library does not implement\n * specific actions, but it exports helpers so downstream portals can describe\n * their actions with consistent metadata.\n */\n\nimport { Buffer } from \"node:buffer\";\nimport { cache } from \"react\";\nimport { authenticatedFetch } from \"../utils/api-client\";\n\n// =============================================================================\n// Helper Functions\n// =============================================================================\n\n/**\n * Gets the base API origin from environment, with trailing slashes removed.\n */\nexport const getApiOrigin = (): string => {\n return (process.env.REPLICATED_APP_ORIGIN || \"https://replicated.app\").replace(/\\/+$/, \"\");\n};\n\n// =============================================================================\n// Types\n// =============================================================================\n\nexport type PortalActionVisibility = \"vendor\" | \"customer\";\n\nexport interface PortalActionContext {\n vendorId: string;\n licenseId: string;\n userId: string;\n signal?: AbortSignal;\n}\n\nexport interface PortalServerActionDefinition<Input, Output> {\n id: string;\n description: string;\n visibility: PortalActionVisibility;\n tags: string[];\n run: (input: Input, context?: PortalActionContext) => Promise<Output>;\n}\n\nexport const defineServerAction = <Input, Output>(\n definition: PortalServerActionDefinition<Input, Output>\n) => definition;\n\nexport interface CreateServiceAccountInput {\n token: string;\n name: string;\n}\n\nexport interface ServiceAccountData {\n id: string;\n customerId: string;\n token: string;\n accountName: string;\n isRevoked: boolean;\n createdAt: string;\n emailAddress: string;\n}\n\nexport interface CreateServiceAccountResult {\n service_account: ServiceAccountData;\n token: string;\n}\n\nexport const createServiceAccount = defineServerAction<\n CreateServiceAccountInput,\n CreateServiceAccountResult\n>({\n id: \"service-account/create\",\n description: \"Creates a service account for installing applications\",\n visibility: \"customer\",\n tags: [\"service-account\", \"install\"],\n async run({ token, name }) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Service account creation requires a session token\");\n }\n\n if (!name || typeof name !== \"string\" || !name.trim()) {\n throw new Error(\"Service account name is required\");\n }\n\n // NEW: Use Enterprise Portal API endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/service-accounts`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\n \"[portal-components] creating service account via %s (Enterprise Portal API)\",\n endpoint\n );\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/json\"\n },\n body: JSON.stringify({ account_name: name.trim() })\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Service account creation failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const data: CreateServiceAccountResult = await response.json();\n return data;\n }\n});\n\nexport interface InitiateLoginInput {\n email: string;\n}\n\nexport interface InitiateLoginResult {\n status: \"ok\" | \"saml_redirect\";\n requestedAt: string;\n message: string;\n /** If SAML redirect is required, this contains the info needed to redirect */\n saml?: {\n redirectRequired: true;\n customerId: string;\n email: string;\n appSlug: string;\n };\n}\n\n/**\n * Reference server action for initiating the passwordless login flow.\n * Real portals should replace the simulated delay with a call to their auth API.\n */\nexport const initiateLogin = defineServerAction<\n InitiateLoginInput,\n InitiateLoginResult\n>({\n id: \"auth/initiate-login\",\n description:\n \"Begins the passwordless login flow by dispatching a magic link email.\",\n visibility: \"customer\",\n tags: [\"auth\", \"login\", \"session\"],\n async run(input) {\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/magic-link`;\n const appSlug = process.env.PORTAL_APP_SLUG;\n if (!appSlug) {\n throw new Error(\"PORTAL_APP_SLUG is not configured\");\n }\n const portalOrigin =\n process.env.PORTAL_ORIGIN ?? \"https://enterprise.replicated.com\";\n const redirectUri = `${portalOrigin.replace(/\\/+$/, \"\")}/${appSlug}/login`;\n\n const response = await fetch(endpoint, {\n method: \"POST\",\n headers: {\n \"content-type\": \"application/json\"\n },\n body: JSON.stringify({\n app_slug: appSlug,\n email_address: input.email,\n redirect_uri: redirectUri\n })\n });\n\n if (!response.ok) {\n throw new Error(\n `Magic link request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n\n // Check if SAML redirect is required\n if (data.saml_redirect_required && data.saml_customer_id) {\n return {\n status: \"saml_redirect\",\n requestedAt: new Date().toISOString(),\n message: \"SAML authentication required\",\n saml: {\n redirectRequired: true,\n customerId: data.saml_customer_id,\n email: input.email,\n appSlug\n }\n };\n }\n\n return {\n status: \"ok\",\n requestedAt: new Date().toISOString(),\n message: `Magic link requested for ${input.email}`\n };\n }\n});\n\nexport interface VerifyMagicLinkInput {\n nonce: string;\n}\n\nexport interface VerifyMagicLinkResult {\n token: string;\n raw: unknown;\n}\n\nexport interface VerifyMagicLinkError {\n code: \"invalid_code\" | \"expired\" | \"unknown\";\n message: string;\n isExpired?: boolean;\n}\n\nexport const verifyMagicLink = defineServerAction<\n VerifyMagicLinkInput,\n VerifyMagicLinkResult\n>({\n id: \"auth/verify-magic-link\",\n description: \"Verifies the 12-digit code provided via email and returns a JWT.\",\n visibility: \"customer\",\n tags: [\"auth\", \"login\", \"verify\"],\n async run({ nonce }) {\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/magic-link/verify`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\n \"[portal-components] verifying magic link via %s\",\n endpoint\n );\n }\n\n const response = await fetch(endpoint, {\n method: \"POST\",\n headers: {\n \"content-type\": \"application/json\"\n },\n body: JSON.stringify({ nonce })\n });\n\n if (!response.ok) {\n if (response.status === 401) {\n // Check if the response indicates an expired link\n try {\n const errorBody = await response.json();\n if (errorBody?.is_expired === true) {\n const error: VerifyMagicLinkError = {\n code: \"expired\",\n message: \"Magic link has expired. A new link has been sent to your email.\",\n isExpired: true\n };\n throw error;\n }\n } catch (parseError) {\n // If we already threw an error, re-throw it\n if ((parseError as VerifyMagicLinkError)?.code === \"expired\") {\n throw parseError;\n }\n // Otherwise fall through to invalid_code\n }\n\n const error: VerifyMagicLinkError = {\n code: \"invalid_code\",\n message: \"Incorrect code, check your email and try again.\"\n };\n throw error;\n }\n const error: VerifyMagicLinkError = {\n code: \"unknown\",\n message: `Magic link verification failed (${response.status} ${response.statusText})`\n };\n throw error;\n }\n\n const payload = await response.json();\n const token = payload?.token ?? payload?.jwt ?? payload?.access_token;\n if (typeof token !== \"string\") {\n throw new Error(\"Magic link verification succeeded but no token returned\");\n }\n\n return { token, raw: payload };\n }\n});\n\nexport interface CustomBrandingResponse {\n brandingData: string;\n documentation: unknown;\n}\n\nexport interface PortalLicenseField {\n key: string;\n label: string;\n value: string | null;\n isSecret?: boolean;\n}\n\nexport interface PortalLicenseDetails {\n id?: string;\n status?: string;\n statusLabel?: string;\n environment?: string;\n expiresAt?: string | null;\n releaseChannels?: string[];\n installMethods?: string[];\n installNotes?: string;\n customerName?: string;\n customerId?: string;\n customerOrganization?: string;\n fields: PortalLicenseField[];\n}\n\nexport interface ListSupportBundlesInput {\n token: string;\n}\n\nexport interface SupportBundleInsight {\n level: string;\n primary: string;\n key?: string;\n detail?: string;\n}\n\nexport interface SupportBundleSummary {\n id: string;\n createdAt?: string;\n status?: string;\n size?: number;\n instanceId?: string;\n insights?: SupportBundleInsight[];\n metadata?: Record<string, unknown>;\n}\n\nexport interface ListSupportBundlesResult {\n bundles: SupportBundleSummary[];\n totalCount: number;\n raw: unknown;\n}\n\nexport interface DownloadSupportBundleInput {\n token: string;\n bundleId: string;\n}\n\nexport interface DownloadSupportBundleResult {\n signedUrl: string;\n}\n\nexport interface DeleteSupportBundleInput {\n token: string;\n bundleId: string;\n}\n\nexport interface DeleteSupportBundleResult {\n success: boolean;\n}\n\nexport interface UploadSupportBundleInput {\n token: string;\n appId: string;\n}\n\nexport interface UploadSupportBundleResult {\n uploadUrl: string;\n appId: string;\n}\n\nexport interface UploadSupportBundleCompleteInput {\n token: string;\n appId: string;\n fileContent: ArrayBuffer;\n contentLength: number;\n}\n\nexport interface UploadSupportBundleCompleteResult {\n bundleId: string;\n slug: string;\n}\n\nexport interface FetchLicenseDetailsInput {\n token: string;\n}\n\nexport interface FetchLicenseDetailsResult {\n license: PortalLicenseDetails;\n raw: unknown;\n}\n\nexport interface FetchInstallOptionsInput {\n token: string;\n}\n\nexport interface FetchInstallOptionsResult {\n showLinux: boolean;\n showHelm: boolean;\n}\n\nexport interface FetchLicenseSummaryInput {\n token: string;\n}\n\nexport interface FetchLicenseSummaryResult {\n type: string;\n expiresAt: string | null;\n}\n\nexport interface FetchCustomersInput {\n token: string;\n}\n\nexport interface Customer {\n id: string;\n name: string;\n licenseId: string;\n licenseType: string;\n expiresAt: string;\n isEnterprisePortalEnabled: boolean;\n}\n\nexport interface FetchCustomersResult {\n customers: Customer[];\n}\n\nexport interface SwitchCustomerInput {\n token: string;\n customerId: string;\n}\n\nexport interface SwitchCustomerResult {\n token: string;\n}\n\nexport interface ListReleasesInput {\n token: string;\n}\n\nexport interface ListReleasesResult {\n status: number;\n body: string | null;\n}\n\n/**\n * Internal implementation of fetchCustomBranding.\n * Wrapped with React's cache() to deduplicate calls within a single request.\n *\n * Updated to use the new Enterprise Portal API /enterprise-portal/public/branding endpoint\n * which returns clean, non-base64 encoded data.\n */\nconst fetchCustomBrandingImpl = async (): Promise<CustomBrandingResponse> => {\n const appSlug = process.env.PORTAL_APP_SLUG;\n\n if (!appSlug) {\n throw new Error(\"PORTAL_APP_SLUG is not configured\");\n }\n\n const url = `${getApiOrigin()}/enterprise-portal/public/branding?app_slug=${encodeURIComponent(\n appSlug\n )}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\n \"[portal-components] fetching custom branding via %s (Enterprise Portal API)\",\n url\n );\n }\n\n const response = await fetch(url, {\n headers: {\n accept: \"application/json\"\n }\n });\n\n if (!response.ok) {\n throw new Error(\n `Custom branding request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n\n // New Enterprise Portal API returns clean data, not base64 encoded\n // Map the new field names to the old structure for compatibility\n const brandingObject = {\n logo: payload.logoUrl,\n title: payload.appName,\n customColor1: payload.primaryColor,\n customColor2: payload.secondaryColor,\n favicon: payload.faviconUrl,\n };\n\n // Encode to base64 to maintain compatibility with existing decodeBranding function\n const brandingData = Buffer.from(JSON.stringify(brandingObject)).toString(\"base64\");\n\n return {\n brandingData,\n documentation: null // Documentation not included in new API's public endpoint\n };\n};\n\n/**\n * Fetches custom branding for the portal.\n * This function is cached per-request to avoid duplicate API calls when called\n * from multiple components (e.g., TopNav and page components).\n */\nexport const fetchCustomBranding = cache(fetchCustomBrandingImpl);\n\nexport const decodeJwtPayload = (token: string): Record<string, unknown> => {\n const parts = token.split(\".\");\n if (parts.length !== 3) {\n throw new Error(\"Invalid JWT received\");\n }\n\n const payloadSegment = parts[1];\n if (!payloadSegment) {\n throw new Error(\"JWT payload segment missing\");\n }\n\n const padded = payloadSegment.padEnd(\n payloadSegment.length + ((4 - (payloadSegment.length % 4)) % 4),\n \"=\"\n );\n const decoded = Buffer.from(padded, \"base64\").toString(\"utf-8\");\n return JSON.parse(decoded) as Record<string, unknown>;\n};\n\n/**\n * Extracts customer ID from JWT token. Throws if extraction fails.\n */\nexport const getCustomerIdFromToken = (token: string): string => {\n const payload = decodeJwtPayload(token);\n const customerId = payload?.customer_id || payload?.customerId;\n if (typeof customerId !== \"string\" || !customerId.trim()) {\n throw new Error(\"Unable to determine customer_id from session token\");\n }\n return customerId.trim();\n};\n\nconst resolveSupportBundlesEndpoint = () => {\n const fallback = `${getApiOrigin()}/v3/supportbundles`;\n const explicit = process.env.SUPPORT_BUNDLES_ENDPOINT;\n\n if (!explicit) {\n return new URL(fallback);\n }\n\n try {\n return new URL(explicit);\n } catch (error) {\n console.warn(\n `[portal-components] invalid SUPPORT_BUNDLES_ENDPOINT, using fallback`,\n error\n );\n return new URL(fallback);\n }\n};\n\nexport const listSupportBundles = defineServerAction<\n ListSupportBundlesInput,\n ListSupportBundlesResult\n>({\n id: \"support/list-bundles\",\n description:\n \"Fetches support bundles associated with the customer found in the portal session JWT.\",\n visibility: \"customer\",\n tags: [\"support\", \"bundles\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Support bundle listing requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = `${getApiOrigin()}/enterprise-portal/support-bundles`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching support bundles via %s (Enterprise Portal API)\", url);\n }\n\n const response = await authenticatedFetch(url, {\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (context?.signal?.aborted) {\n throw new Error(\"Support bundles request was aborted\");\n }\n\n if (!response.ok) {\n throw new Error(\n `Support bundles request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n // Extract from Enterprise Portal API envelope\n const raw = payload.data;\n\n const rawRecord =\n raw && typeof raw === \"object\" ? (raw as Record<string, unknown>) : undefined;\n\n const parseInsights = (raw: unknown): SupportBundleInsight[] | undefined => {\n if (!Array.isArray(raw)) return undefined;\n return raw\n .filter((i): i is Record<string, unknown> => i && typeof i === \"object\")\n .map((i) => ({\n level: String(i.level ?? \"\"),\n primary: String(i.primary ?? \"\"),\n key: typeof i.key === \"string\" ? i.key : undefined,\n detail: typeof i.detail === \"string\" ? i.detail : undefined\n }));\n };\n\n const bundles: SupportBundleSummary[] = Array.isArray(\n rawRecord?.supportBundles\n )\n ? (rawRecord?.supportBundles as unknown[]).map((item) => {\n if (!item || typeof item !== \"object\") {\n return {\n id: \"\",\n createdAt: undefined,\n status: undefined,\n size: undefined,\n instanceId: undefined,\n insights: undefined,\n metadata: undefined\n };\n }\n\n const record = item as Record<string, unknown>;\n return {\n id: String(record.id ?? \"\"),\n createdAt:\n typeof record.createdAt === \"string\"\n ? (record.createdAt as string)\n : undefined,\n status:\n typeof record.status === \"string\"\n ? (record.status as string)\n : undefined,\n size:\n typeof record.size === \"number\"\n ? record.size\n : undefined,\n instanceId:\n typeof record.instanceId === \"string\"\n ? record.instanceId\n : undefined,\n insights: parseInsights(record.insights),\n metadata: record\n };\n })\n : Array.isArray(raw)\n ? (raw as unknown[]).map((item) => {\n if (!item || typeof item !== \"object\") {\n return {\n id: \"\",\n createdAt: undefined,\n status: undefined,\n size: undefined,\n instanceId: undefined,\n insights: undefined,\n metadata: undefined\n };\n }\n const record = item as Record<string, unknown>;\n return {\n id: String(record.id ?? \"\"),\n createdAt:\n typeof record.createdAt === \"string\"\n ? (record.createdAt as string)\n : undefined,\n status:\n typeof record.status === \"string\"\n ? (record.status as string)\n : undefined,\n size:\n typeof record.size === \"number\"\n ? record.size\n : undefined,\n instanceId:\n typeof record.instanceId === \"string\"\n ? record.instanceId\n : undefined,\n insights: parseInsights(record.insights),\n metadata: record\n };\n })\n : [];\n\n const totalCount = (() => {\n if (rawRecord) {\n if (\n typeof rawRecord.totalCount === \"number\" &&\n Number.isFinite(rawRecord.totalCount)\n ) {\n return rawRecord.totalCount;\n }\n if (Array.isArray(rawRecord.supportBundles)) {\n return rawRecord.supportBundles.length;\n }\n }\n\n if (Array.isArray(raw)) {\n return raw.length;\n }\n\n return bundles.length;\n })();\n\n return {\n bundles,\n totalCount,\n raw\n };\n }\n});\n\nexport const downloadSupportBundle = defineServerAction<\n DownloadSupportBundleInput,\n DownloadSupportBundleResult\n>({\n id: \"support/download-bundle\",\n description: \"Gets a signed URL for downloading a support bundle.\",\n visibility: \"customer\",\n tags: [\"support\", \"bundles\", \"download\"],\n async run({ token, bundleId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Support bundle download requires a session token\");\n }\n\n if (!bundleId || typeof bundleId !== \"string\") {\n throw new Error(\"Support bundle download requires a bundle ID\");\n }\n\n // NOTE: customerId is still required in query params because this endpoint\n // delegates to v3 handler which validates customer_id\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/enterprise-portal/support-bundles/${encodeURIComponent(bundleId)}/download?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] getting support bundle download URL via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n throw new Error(\n `Support bundle download URL request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const data = await response.json();\n const signedUrl = data?.signedUrl;\n\n if (typeof signedUrl !== \"string\" || !signedUrl) {\n throw new Error(\"Support bundle download response missing signedUrl\");\n }\n\n return { signedUrl };\n }\n});\n\nexport const deleteSupportBundle = defineServerAction<\n DeleteSupportBundleInput,\n DeleteSupportBundleResult\n>({\n id: \"support/delete-bundle\",\n description: \"Deletes a support bundle.\",\n visibility: \"customer\",\n tags: [\"support\", \"bundles\", \"delete\"],\n async run({ token, bundleId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Support bundle deletion requires a session token\");\n }\n\n if (!bundleId || typeof bundleId !== \"string\") {\n throw new Error(\"Support bundle deletion requires a bundle ID\");\n }\n\n // NOTE: customerId is still required in query params because this endpoint\n // delegates to v3 handler which validates customer_id\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/enterprise-portal/support-bundles/${encodeURIComponent(bundleId)}?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] deleting support bundle via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"DELETE\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n if (response.status === 404) {\n throw new Error(\"Support bundle not found\");\n }\n throw new Error(\n `Support bundle deletion failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n return { success: true };\n }\n});\n\nexport const uploadSupportBundle = defineServerAction<\n UploadSupportBundleCompleteInput,\n UploadSupportBundleCompleteResult\n>({\n id: \"support/upload-bundle\",\n description: \"Uploads a support bundle to the server.\",\n visibility: \"customer\",\n tags: [\"support\", \"bundles\", \"upload\"],\n async run({ token, appId, fileContent, contentLength }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Support bundle upload requires a session token\");\n }\n\n if (!appId || typeof appId !== \"string\") {\n throw new Error(\"Support bundle upload requires an app ID\");\n }\n\n if (!fileContent || !(fileContent instanceof ArrayBuffer)) {\n throw new Error(\"Support bundle upload requires file content\");\n }\n\n const endpoint = `${getApiOrigin()}/enterprise-portal/support-bundles/upload/${encodeURIComponent(appId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] uploading support bundle via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/gzip\",\n \"content-length\": String(contentLength)\n },\n body: fileContent,\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n throw new Error(\n `Support bundle upload failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const data = await response.json();\n\n return {\n bundleId: data?.bundleId ?? data?.bundle_id ?? \"\",\n slug: data?.slug ?? \"\"\n };\n }\n});\n\n/**\n * Helper to get the upload endpoint URL for client-side uploads with progress tracking.\n * Use this when you need progress indication - call this to get the URL, then upload directly from client.\n */\nexport const getSupportBundleUploadUrl = (appId: string): string => {\n return `${getApiOrigin()}/enterprise-portal/support-bundles/upload/${encodeURIComponent(appId)}`;\n};\n\nexport const listReleases = defineServerAction<\n ListReleasesInput,\n ListReleasesResult\n>({\n id: \"releases/list\",\n description: \"Lists available releases for the authenticated customer.\",\n visibility: \"customer\",\n tags: [\"releases\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"List releases requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${getApiOrigin()}/enterprise-portal/releases`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching releases via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n const bodyText = await response\n .text()\n .catch((error) => {\n console.warn(\"[portal-components] listReleases read error\", error);\n return null;\n });\n\n if (!response.ok) {\n throw new Error(\n `List releases request failed (${response.status} ${response.statusText})`\n );\n }\n\n return {\n status: response.status,\n body: bodyText\n };\n }\n});\n\nconst asRecord = (value: unknown): Record<string, unknown> | undefined => {\n if (value && typeof value === \"object\") {\n return value as Record<string, unknown>;\n }\n return undefined;\n};\n\nconst getValue = (\n record: Record<string, unknown> | undefined,\n key: string\n) => (record ? record[key] : undefined);\n\nconst getString = (\n record: Record<string, unknown> | undefined,\n key: string\n): string | undefined => {\n const value = getValue(record, key);\n return typeof value === \"string\" ? value : undefined;\n};\n\nconst getBoolean = (\n record: Record<string, unknown> | undefined,\n key: string\n): boolean | undefined => {\n const value = getValue(record, key);\n if (typeof value === \"boolean\") {\n return value;\n }\n if (typeof value === \"number\") {\n return value === 1;\n }\n if (typeof value === \"string\") {\n const normalized = value.trim().toLowerCase();\n if ([\"true\", \"1\", \"yes\"].includes(normalized)) {\n return true;\n }\n if ([\"false\", \"0\", \"no\"].includes(normalized)) {\n return false;\n }\n }\n return undefined;\n};\n\nconst toDisplayValue = (value: unknown): string | null => {\n if (value === null || value === undefined) {\n return null;\n }\n if (typeof value === \"string\") {\n return value;\n }\n if (typeof value === \"number\" || typeof value === \"boolean\") {\n return String(value);\n }\n try {\n return JSON.stringify(value);\n } catch {\n return String(value);\n }\n};\n\nconst normalizeStringArray = (value: unknown): string[] | undefined => {\n if (Array.isArray(value)) {\n const normalized = value\n .map((item) =>\n typeof item === \"string\" ? item.trim() : \"\"\n )\n .filter((item) => item.length > 0);\n return normalized.length ? normalized : undefined;\n }\n\n if (typeof value === \"string\") {\n const normalized = value\n .split(\",\")\n .map((item) => item.trim())\n .filter((item) => item.length > 0);\n return normalized.length ? normalized : undefined;\n }\n\n return undefined;\n};\n\nconst normalizeLicenseFields = (input: unknown): PortalLicenseField[] => {\n if (!input) {\n return [];\n }\n\n if (Array.isArray(input)) {\n return input\n .map((field, index) => {\n if (!field || typeof field !== \"object\") {\n return null;\n }\n const candidate = field as Record<string, unknown>;\n const key =\n typeof candidate.key === \"string\" && candidate.key.trim().length\n ? candidate.key.trim()\n : typeof candidate.name === \"string\" && candidate.name.trim().length\n ? candidate.name.trim()\n : typeof candidate.label === \"string\" && candidate.label.trim().length\n ? candidate.label.trim()\n : `field-${index}`;\n const label =\n typeof candidate.label === \"string\" && candidate.label.trim().length\n ? candidate.label.trim()\n : typeof candidate.name === \"string\" && candidate.name.trim().length\n ? candidate.name.trim()\n : key;\n let value: unknown =\n candidate.value ?? candidate.data ?? candidate.content;\n if (\n (value === undefined || value === null) &&\n typeof candidate.text === \"string\"\n ) {\n value = candidate.text;\n }\n if (\n (value === undefined || value === null) &&\n typeof candidate.defaultValue === \"string\"\n ) {\n value = candidate.defaultValue;\n }\n const isSecret = Boolean(\n candidate.isSecret ?? candidate.secret ?? candidate.masked\n );\n const resolved = toDisplayValue(value);\n return {\n key,\n label,\n value: resolved,\n isSecret\n } as PortalLicenseField;\n })\n .filter((field): field is PortalLicenseField => Boolean(field));\n }\n\n if (typeof input === \"object\") {\n return Object.entries(input as Record<string, unknown>).map(\n ([key, value]) => {\n let resolvedValue: unknown = value;\n let isSecret = false;\n if (value && typeof value === \"object\") {\n const obj = value as Record<string, unknown>;\n if (\"value\" in obj) {\n resolvedValue = obj.value;\n }\n isSecret = Boolean(obj.isSecret ?? obj.secret ?? obj.masked);\n }\n const normalized = toDisplayValue(resolvedValue);\n return {\n key,\n label: key,\n value: normalized,\n isSecret\n };\n }\n );\n }\n\n return [];\n};\n\nconst extractChannelNames = (input: unknown): string[] | undefined => {\n if (!Array.isArray(input)) {\n return undefined;\n }\n const names = input\n .map((item) => {\n if (typeof item === \"string\") {\n return item.trim();\n }\n const record = asRecord(item);\n if (!record) {\n return null;\n }\n return (\n getString(record, \"name\") ??\n getString(record, \"channelName\") ??\n getString(record, \"channel\") ??\n getString(record, \"channelSlug\") ??\n getString(record, \"slug\") ??\n undefined\n );\n })\n .filter((name): name is string => Boolean(name && name.length));\n return names.length ? names : undefined;\n};\n\nconst normalizeEntitlementFields = (\n fieldsInput: unknown,\n valuesInput: unknown\n): PortalLicenseField[] => {\n const valuesMap = new Map<string, string | null>();\n const assignValue = (key: string | undefined, value: unknown) => {\n if (!key) {\n return;\n }\n valuesMap.set(key, toDisplayValue(value));\n };\n\n if (Array.isArray(valuesInput)) {\n valuesInput.forEach((item) => {\n const record = asRecord(item);\n if (!record) {\n if (typeof item === \"string\") {\n assignValue(item, item);\n }\n return;\n }\n const key =\n getString(record, \"name\") ??\n getString(record, \"field\") ??\n getString(record, \"title\") ??\n getString(record, \"label\") ??\n getString(record, \"slug\") ??\n (() => {\n const idValue = getValue(record, \"id\");\n if (typeof idValue === \"string\" || typeof idValue === \"number\") {\n return String(idValue);\n }\n return undefined;\n })();\n const value =\n getValue(record, \"value\") ??\n getValue(record, \"currentValue\") ??\n getValue(record, \"entitlementValue\") ??\n getValue(record, \"content\") ??\n getValue(record, \"data\") ??\n getValue(record, \"defaultVal\") ??\n getValue(record, \"defaultValue\");\n assignValue(key, value);\n });\n } else if (valuesInput && typeof valuesInput === \"object\") {\n Object.entries(valuesInput as Record<string, unknown>).forEach(\n ([key, value]) => assignValue(key, value)\n );\n }\n\n const normalized: PortalLicenseField[] = [];\n\n if (Array.isArray(fieldsInput)) {\n fieldsInput.forEach((item, index) => {\n const record = asRecord(item);\n if (!record) {\n return;\n }\n const baseKey =\n getString(record, \"name\") ??\n getString(record, \"field\") ??\n getString(record, \"slug\") ??\n `entitlement-${index}`;\n const key = `entitlement-${baseKey}`;\n const label =\n getString(record, \"title\") ??\n getString(record, \"label\") ??\n baseKey;\n const defaultValue =\n getString(record, \"defaultVal\") ??\n getString(record, \"default\") ??\n getString(record, \"defaultValue\");\n const value =\n valuesMap.get(baseKey) ??\n valuesMap.get(label) ??\n defaultValue ??\n null;\n const isSecret = Boolean(\n getBoolean(record, \"secret\") ??\n getBoolean(record, \"isSecret\") ??\n getBoolean(record, \"masked\")\n );\n normalized.push({\n key,\n label,\n value,\n isSecret\n });\n });\n }\n\n valuesMap.forEach((value, key) => {\n const normalizedKey = `entitlement-${key}`;\n if (!normalized.some((field) => field.key === normalizedKey)) {\n normalized.push({\n key: normalizedKey,\n label: key,\n value\n });\n }\n });\n\n return normalized;\n};\n\nconst normalizeLicensePayload = (payload: unknown): PortalLicenseDetails => {\n const payloadRecord = asRecord(payload);\n const rootRecord =\n asRecord(getValue(payloadRecord, \"license\")) ??\n asRecord(getValue(payloadRecord, \"data\")) ??\n payloadRecord ??\n ({} as Record<string, unknown>);\n const sourceRecord =\n asRecord(getValue(rootRecord, \"metadata\")) ?? rootRecord;\n\n const customer =\n asRecord(getValue(rootRecord, \"customer\")) ??\n asRecord(getValue(sourceRecord, \"customer\")) ??\n asRecord(getValue(payloadRecord, \"customer\")) ??\n ({} as Record<string, unknown>);\n\n let releaseChannels =\n normalizeStringArray(\n getValue(rootRecord, \"releaseChannels\") ??\n getValue(sourceRecord, \"releaseChannels\") ??\n getValue(sourceRecord, \"channels\") ??\n getValue(rootRecord, \"channels\") ??\n getValue(sourceRecord, \"channel\") ??\n getValue(rootRecord, \"channel\")\n ) ?? undefined;\n\n if (!releaseChannels) {\n releaseChannels =\n extractChannelNames(getValue(rootRecord, \"channels\")) ??\n extractChannelNames(getValue(sourceRecord, \"channels\")) ??\n undefined;\n }\n\n let installMethods =\n normalizeStringArray(\n getValue(rootRecord, \"installMethods\") ??\n getValue(sourceRecord, \"installMethods\") ??\n getValue(sourceRecord, \"install_options\") ??\n getValue(rootRecord, \"install_options\") ??\n getValue(sourceRecord, \"installOptions\")\n ) ?? undefined;\n\n if (!installMethods || installMethods.length === 0) {\n const resolved: string[] = [];\n const flag = (key: string) =>\n getBoolean(rootRecord, key) ?? getBoolean(sourceRecord, key) ?? false;\n\n if (flag(\"isKotsInstallEnabled\")) {\n resolved.push(\"Replicated KOTS\");\n }\n if (flag(\"isHelmInstallEnabled\")) {\n resolved.push(\"Helm\");\n }\n if (flag(\"isHelmAirgapEnabled\")) {\n resolved.push(\"Helm Airgap\");\n }\n if (\n flag(\"isEmbeddedClusterDownloadEnabled\") ||\n flag(\"isEmbeddedClusterMultiNodeEnabled\")\n ) {\n resolved.push(\"Embedded Cluster\");\n }\n if (flag(\"isKurlInstallEnabled\")) {\n resolved.push(\"kURL\");\n }\n if (flag(\"isGitopsSupported\")) {\n resolved.push(\"GitOps\");\n }\n if (resolved.length) {\n installMethods = Array.from(new Set(resolved));\n }\n }\n\n const expiresAtSource =\n getValue(sourceRecord, \"expiresAt\") ??\n getValue(sourceRecord, \"expireAt\") ??\n getValue(sourceRecord, \"expire_at\") ??\n getValue(sourceRecord, \"expiration\") ??\n getValue(sourceRecord, \"expirationDate\") ??\n getValue(sourceRecord, \"expires_on\") ??\n getValue(rootRecord, \"expiresAt\") ??\n getValue(rootRecord, \"expireAt\") ??\n getValue(rootRecord, \"expire_at\") ??\n getValue(rootRecord, \"expiration\");\n\n const expiresAt =\n typeof expiresAtSource === \"string\" && expiresAtSource.trim().length\n ? expiresAtSource\n : expiresAtSource === null\n ? null\n : undefined;\n\n const baseFields = normalizeLicenseFields(\n getValue(rootRecord, \"additionalFields\") ??\n getValue(sourceRecord, \"additionalFields\") ??\n getValue(sourceRecord, \"fields\") ??\n getValue(rootRecord, \"fields\") ??\n getValue(payloadRecord, \"fields\") ??\n getValue(payloadRecord, \"additional_fields\")\n );\n\n const entitlementFields = normalizeEntitlementFields(\n getValue(rootRecord, \"entitlementFields\") ??\n getValue(sourceRecord, \"entitlementFields\"),\n getValue(rootRecord, \"entitlementValues\") ??\n getValue(sourceRecord, \"entitlementValues\")\n );\n\n const fields = [\n ...baseFields,\n ...entitlementFields.filter(\n (field) => !baseFields.some((existing) => existing.key === field.key)\n )\n ];\n\n const statusFromSource =\n getString(sourceRecord, \"status\") ??\n getString(sourceRecord, \"state\");\n const statusLabelFromSource =\n getString(sourceRecord, \"statusLabel\") ??\n getString(sourceRecord, \"stateLabel\");\n const expiredFlag =\n getBoolean(sourceRecord, \"isExpired\") ??\n getBoolean(rootRecord, \"isExpired\");\n const derivedStatus =\n statusFromSource ??\n (typeof expiredFlag === \"boolean\"\n ? expiredFlag\n ? \"expired\"\n : \"active\"\n : undefined);\n const statusLabel =\n statusLabelFromSource ??\n (derivedStatus\n ? derivedStatus.charAt(0).toUpperCase() + derivedStatus.slice(1)\n : undefined);\n\n const licenseType =\n getString(sourceRecord, \"licenseType\") ??\n getString(rootRecord, \"licenseType\");\n\n const status = derivedStatus;\n\n const license: PortalLicenseDetails = {\n id:\n getString(rootRecord, \"id\") ??\n getString(sourceRecord, \"id\") ??\n getString(sourceRecord, \"licenseId\") ??\n getString(customer, \"licenseId\") ??\n undefined,\n status,\n statusLabel,\n environment:\n getString(sourceRecord, \"environment\") ??\n getString(sourceRecord, \"tier\") ??\n licenseType ??\n undefined,\n expiresAt: expiresAt ?? null,\n releaseChannels: releaseChannels ?? [\n getString(rootRecord, \"channelName\") ??\n getString(rootRecord, \"channel\") ??\n undefined\n ].filter((value): value is string => Boolean(value)),\n installMethods,\n installNotes: getString(sourceRecord, \"installNotes\"),\n customerName:\n getString(sourceRecord, \"customerName\") ??\n getString(customer, \"name\") ??\n undefined,\n customerId:\n getString(sourceRecord, \"customerId\") ??\n getString(customer, \"id\") ??\n getString(rootRecord, \"customerId\") ??\n undefined,\n customerOrganization:\n getString(customer, \"organization\") ??\n getString(sourceRecord, \"customerOrganization\") ??\n getString(rootRecord, \"customerOrganization\") ??\n undefined,\n fields\n };\n\n return license;\n};\n\nexport const fetchLicenseDetails = defineServerAction<\n FetchLicenseDetailsInput,\n FetchLicenseDetailsResult\n>({\n id: \"license/fetch-details\",\n description: \"Fetches the authenticated user's enterprise license details.\",\n visibility: \"customer\",\n tags: [\"license\", \"entitlements\"],\n async run({ token }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchLicenseDetails requires a non-empty token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${getApiOrigin()}/enterprise-portal/license`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching license via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `License request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n\n // Extract from Enterprise Portal API envelope\n const licenseData = payload.data;\n const license = normalizeLicensePayload(licenseData);\n\n return {\n license,\n raw: licenseData ?? null\n };\n }\n});\n\nexport const fetchInstallOptions = defineServerAction<\n FetchInstallOptionsInput,\n FetchInstallOptionsResult\n>({\n id: \"license/fetch-install-options\",\n description: \"Fetches install options based on license entitlements.\",\n visibility: \"customer\",\n tags: [\"license\", \"install\"],\n async run({ token }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchInstallOptions requires a non-empty token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${getApiOrigin()}/enterprise-portal/license`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching install options via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `License request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n const licenseData = envelope.data;\n\n // Check for embedded cluster (Linux) and Helm install flags\n const getBoolean = (obj: unknown, key: string): boolean => {\n if (obj && typeof obj === \"object\" && key in obj) {\n const val = (obj as Record<string, unknown>)[key];\n return val === true || val === \"true\";\n }\n return false;\n };\n\n const showLinux = getBoolean(licenseData, \"isEmbeddedClusterDownloadEnabled\");\n const showHelm = getBoolean(licenseData, \"isHelmInstallEnabled\");\n\n return {\n showLinux,\n showHelm\n };\n }\n});\n\nexport const fetchLicenseSummary = defineServerAction<\n FetchLicenseSummaryInput,\n FetchLicenseSummaryResult\n>({\n id: \"license/fetch-summary\",\n description: \"Fetches license summary for the license card.\",\n visibility: \"customer\",\n tags: [\"license\"],\n async run({ token }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchLicenseSummary requires a non-empty token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${getApiOrigin()}/enterprise-portal/license`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching license summary via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `License request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n const licenseData = envelope.data;\n const license = normalizeLicensePayload(licenseData);\n\n // Extract type and expiration\n const type = license.environment || \"Unknown\";\n const expiresAt = license.expiresAt || null;\n\n return {\n type,\n expiresAt\n };\n }\n});\n\nexport const fetchCustomers = defineServerAction<\n FetchCustomersInput,\n FetchCustomersResult\n>({\n id: \"auth/fetch-customers\",\n description: \"Fetches the list of customers/teams for the authenticated user.\",\n visibility: \"customer\",\n tags: [\"auth\", \"customers\"],\n async run({ token }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchCustomers requires a non-empty token\");\n }\n\n // NEW: Use Enterprise Portal API /user endpoint (returns customers + user profile)\n const endpoint = `${getApiOrigin()}/enterprise-portal/user`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching customers via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch customers request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n const userData = envelope.data;\n\n return {\n customers: userData?.customers || []\n };\n }\n});\n\nexport const switchCustomer = defineServerAction<\n SwitchCustomerInput,\n SwitchCustomerResult\n>({\n id: \"auth/switch-customer\",\n description: \"Switches the JWT to a different customer/team.\",\n visibility: \"customer\",\n tags: [\"auth\", \"customers\"],\n async run({ token, customerId }, context) {\n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"switchCustomer requires a non-empty token\");\n }\n \n if (typeof customerId !== \"string\" || customerId.trim().length === 0) {\n throw new Error(\"switchCustomer requires a non-empty customerId\");\n }\n\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/switch-team`;\n\n const requestBody = { customer_id: customerId };\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(requestBody),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n console.error('[portal-components] switchCustomer error response:', errorText);\n throw new Error(\n `Switch customer request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const payload = await response.json();\n\n // API returns 'jwt' field, not 'token'\n const newToken = payload.jwt || payload.token || token;\n \n return {\n token: newToken\n };\n }\n});\n\n// =============================================================================\n// Security Types\n// =============================================================================\n\nexport type SecurityInstallType = \"linux\" | \"helm\";\n\nexport interface SecurityScanSummary {\n critical: Record<string, string>;\n high: Record<string, string>;\n medium: Record<string, string>;\n low: Record<string, string>;\n}\n\nexport interface SecurityScanWrapper {\n input: string;\n digest?: string;\n last_scanned_at?: string;\n result: SecurityScanSummary;\n not_found?: boolean;\n}\n\nexport interface SecurityReleaseImage {\n image: string;\n sha: string;\n size: number;\n platforms: { os: string; architecture: string }[];\n security?: SecurityScanWrapper;\n}\n\nexport interface GetSecurityInfoInput {\n token: string;\n installType: SecurityInstallType;\n channelSequence: number;\n isAirgap?: boolean;\n}\n\nexport interface GetSecurityInfoResult {\n images: SecurityReleaseImage[];\n}\n\nexport interface SecurityInfoDiff {\n oldTags: string[];\n newTags: string[];\n oldVulns?: SecurityScanSummary;\n newVulns?: SecurityScanSummary;\n added?: SecurityScanSummary;\n removed?: SecurityScanSummary;\n}\n\nexport interface GetSecurityInfoDiffInput {\n token: string;\n installType: SecurityInstallType;\n fromChannelSequence: number;\n toChannelSequence: number;\n isAirgap?: boolean;\n}\n\nexport interface GetSecurityInfoDiffResult {\n from_channel_sequence: number;\n to_channel_sequence: number;\n images: Record<string, SecurityInfoDiff>;\n}\n\nexport interface SBOMMetadata {\n name: string;\n spdxVersion: string;\n packageCount: number;\n fileCount: number;\n created?: string;\n creator?: string;\n source?: string;\n}\n\nexport interface GetSecurityInfoSBOMInput {\n token: string;\n installType: SecurityInstallType;\n channelSequence: number;\n isAirgap?: boolean;\n unifiedSbom?: boolean;\n}\n\nexport interface GetSecurityInfoSBOMResult {\n sboms: {\n unified?: SBOMMetadata;\n };\n}\n\nexport interface DownloadSBOMInput {\n token: string;\n installType: SecurityInstallType;\n channelSequence: number;\n isAirgap?: boolean;\n}\n\n// =============================================================================\n// Security Actions\n// =============================================================================\n\n/**\n * Fetches security scan (CVE) information for a specific release.\n */\nexport const getSecurityInfo = defineServerAction<\n GetSecurityInfoInput,\n GetSecurityInfoResult\n>({\n id: \"security/get-info\",\n description: \"Fetches CVE security scan results for a specific release\",\n visibility: \"customer\",\n tags: [\"security\", \"cve\"],\n async run({ token, installType, channelSequence, isAirgap = false }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Security info request requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const params = new URLSearchParams({\n install_type: installType,\n channel_sequence: channelSequence.toString(),\n is_airgap: isAirgap.toString()\n });\n\n const url = `${getApiOrigin()}/enterprise-portal/security?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching security info via %s (Enterprise Portal API)\", url);\n }\n\n const response = await authenticatedFetch(url, {\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Security info request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n // Extract from Enterprise Portal API envelope\n return payload.data as GetSecurityInfoResult;\n }\n});\n\n/**\n * Fetches security diff between two releases (fixed/added CVEs).\n */\nexport const getSecurityInfoDiff = defineServerAction<\n GetSecurityInfoDiffInput,\n GetSecurityInfoDiffResult\n>({\n id: \"security/get-info-diff\",\n description: \"Fetches CVE diff between two releases showing fixed and added vulnerabilities\",\n visibility: \"customer\",\n tags: [\"security\", \"cve\", \"diff\"],\n async run({ token, installType, fromChannelSequence, toChannelSequence, isAirgap = false }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Security info diff request requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const params = new URLSearchParams({\n install_type: installType,\n from_channel_sequence: fromChannelSequence.toString(),\n to_channel_sequence: toChannelSequence.toString(),\n is_airgap: isAirgap.toString()\n });\n\n const url = `${getApiOrigin()}/enterprise-portal/security-diff?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching security info diff via %s\", url);\n }\n\n const response = await authenticatedFetch(url, {\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Security info diff request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n // Extract from Enterprise Portal API envelope\n return envelope.data as GetSecurityInfoDiffResult;\n }\n});\n\n/**\n * Fetches SBOM (Software Bill of Materials) for a specific release.\n */\nexport const getSecurityInfoSBOM = defineServerAction<\n GetSecurityInfoSBOMInput,\n GetSecurityInfoSBOMResult\n>({\n id: \"security/get-sbom\",\n description: \"Fetches Software Bill of Materials (SBOM) for a specific release\",\n visibility: \"customer\",\n tags: [\"security\", \"sbom\"],\n async run({ token, installType, channelSequence, isAirgap = false, unifiedSbom = true }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Security SBOM request requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const params = new URLSearchParams({\n install_type: installType,\n channel_sequence: channelSequence.toString(),\n is_airgap: isAirgap.toString(),\n unified_sbom: unifiedSbom.toString()\n });\n\n const url = `${getApiOrigin()}/enterprise-portal/security-sbom?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching security SBOM via %s\", url);\n }\n\n const response = await authenticatedFetch(url, {\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n // Handle 204 No Content response\n if (response.status === 204) {\n return { sboms: {} };\n }\n\n if (!response.ok) {\n throw new Error(\n `Security SBOM request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n // Extract from Enterprise Portal API envelope\n return envelope.data as GetSecurityInfoSBOMResult;\n }\n});\n\n/**\n * Downloads the full SBOM file for a specific release.\n * Returns a download URL that can be used to fetch the SBOM.\n */\nexport const downloadSecuritySBOM = defineServerAction<\n DownloadSBOMInput,\n string\n>({\n id: \"security/download-sbom\",\n description: \"Downloads the full SBOM file for a specific release\",\n visibility: \"customer\",\n tags: [\"security\", \"sbom\", \"download\"],\n async run({ token, installType, channelSequence, isAirgap = false }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Security SBOM download requires a session token\");\n }\n\n const params = new URLSearchParams({\n install_type: installType,\n channel_sequence: channelSequence.toString(),\n is_airgap: isAirgap.toString()\n });\n\n const url = `${getApiOrigin()}/enterprise-portal/security-sbom/download?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] downloading security SBOM via %s\", url);\n }\n\n const response = await authenticatedFetch(url, {\n token,\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Security SBOM download failed (${response.status} ${response.statusText})`\n );\n }\n\n // Return the SBOM content directly as a string\n // The client will create the blob URL in the browser context\n return await response.text();\n }\n});\n\n// =============================================================================\n// Dashboard Types\n// =============================================================================\n\nexport interface FetchTeamStatsInput {\n token: string;\n}\n\nexport interface TeamUser {\n id: string;\n email: string;\n name?: string;\n createdAt?: string;\n}\n\nexport interface ServiceAccountSummary {\n id: string;\n accountName: string;\n customerId: string;\n isRevoked: boolean;\n createdAt: string;\n}\n\nexport interface FetchTeamStatsResult {\n userCount: number;\n serviceAccountCount: number;\n}\n\nexport interface FetchDashboardInstancesInput {\n token: string;\n}\n\nexport interface FetchDashboardInstancesResult {\n onlineActiveCount: number;\n airgapCount: number;\n onlineUpdates: number;\n airgapUpdates: number;\n // NEW: Additional data from composite endpoint\n license?: {\n type: string;\n expiresAt: string | null;\n isEmbeddedClusterDownloadEnabled: boolean;\n isHelmInstallEnabled: boolean;\n };\n teamStats?: {\n userCount: number;\n serviceAccountCount: number;\n supportBundleCount: number;\n };\n}\n\n// =============================================================================\n// Dashboard Actions\n// =============================================================================\n\n/**\n * NEW: Fetches all dashboard data using the composite Enterprise Portal API endpoint.\n * This replaces multiple v3 calls with a single call that returns:\n * - Instances\n * - Channel releases (for calculating updates)\n * - Notifications\n * - User/app/branding context\n */\nexport const fetchDashboardComposite = defineServerAction<\n FetchDashboardInstancesInput,\n FetchDashboardInstancesResult\n>({\n id: \"dashboard/fetch-composite\",\n description: \"Fetches all dashboard data from the composite Enterprise Portal API endpoint\",\n visibility: \"customer\",\n tags: [\"dashboard\", \"enterprise-portal-api\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Dashboard request requires a session token\");\n }\n\n const origin = getApiOrigin();\n const url = `${origin}/enterprise-portal/dashboard`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching dashboard via %s (Enterprise Portal API)\", url);\n }\n\n const response = await authenticatedFetch(url, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Dashboard request failed (${response.status} ${response.statusText})`\n );\n }\n\n const payload = await response.json();\n\n // Extract data from the Enterprise Portal API envelope\n const data = payload.data;\n const allInstances = data?.instances || [];\n const channelReleases = data?.channelReleases || [];\n const licenseData = data?.license || {};\n const teamStats = data?.teamStats || {};\n\n // Split into online and airgap\n const onlineInstances = allInstances.filter((i: { isAirgap?: boolean }) => !i.isAirgap);\n const airgapInstances = allInstances.filter((i: { isAirgap?: boolean }) => i.isAirgap);\n\n // Filter to active online instances (checked in within 24 hours)\n const twentyFourHoursAgo = Date.now() - 24 * 60 * 60 * 1000;\n const activeOnlineInstances = onlineInstances.filter((instance: { lastCheckin?: string }) => {\n const lastCheckin = instance.lastCheckin\n ? new Date(instance.lastCheckin).getTime()\n : 0;\n return lastCheckin > twentyFourHoursAgo;\n });\n\n const onlineActiveCount = activeOnlineInstances.length;\n const airgapCount = airgapInstances.length;\n\n // Calculate updates for active online instances\n const calculateUpdates = (instances: Array<{ channelId?: string; channelSequence?: number }>) => {\n if (!channelReleases.length) return 0;\n\n let numUpdates = 0;\n for (const instance of instances) {\n const instanceSequence = instance.channelSequence ?? 0;\n const matchingReleases = channelReleases.filter(\n (release: { channelId?: string; channelSequence?: number }) => release.channelId === instance.channelId\n );\n for (const release of matchingReleases) {\n if ((release.channelSequence ?? 0) > instanceSequence) {\n numUpdates++;\n }\n }\n }\n return numUpdates;\n };\n\n const onlineUpdates = calculateUpdates(activeOnlineInstances);\n const airgapUpdates = calculateUpdates(airgapInstances);\n\n // Store the composite data for other dashboard components to use\n // This allows us to eliminate the separate fetchTeamStats, fetchLicenseSummary, and fetchInstallOptions calls\n return {\n onlineActiveCount,\n airgapCount,\n onlineUpdates,\n airgapUpdates,\n // Additional data available from the composite endpoint\n license: licenseData,\n teamStats: teamStats\n };\n }\n});\n\n/**\n * Fetches team statistics including user count and service account count.\n * Used by the Team Settings dashboard card.\n */\nexport const fetchTeamStats = defineServerAction<\n FetchTeamStatsInput,\n FetchTeamStatsResult\n>({\n id: \"dashboard/fetch-team-stats\",\n description: \"Fetches user and service account counts for the dashboard\",\n visibility: \"customer\",\n tags: [\"dashboard\", \"team\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Team stats request requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // Fetch users count\n let userCount = 0;\n try {\n const usersUrl = `${origin}/v3/users?exclude_invites=false&customer_id=${encodeURIComponent(customerId)}`;\n \n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching team users via %s\", usersUrl);\n }\n\n const usersResponse = await authenticatedFetch(usersUrl, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (usersResponse.ok) {\n const usersData = await usersResponse.json();\n userCount = Array.isArray(usersData.users) ? usersData.users.length : 0;\n }\n } catch (error) {\n console.error(\"[portal-components] Error fetching users:\", error);\n }\n\n // Fetch service accounts count\n let serviceAccountCount = 0;\n try {\n const saUrl = `${origin}/v3/service-accounts?customer_id=${encodeURIComponent(customerId)}`;\n \n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching service accounts via %s\", saUrl);\n }\n\n const saResponse = await authenticatedFetch(saUrl, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (saResponse.ok) {\n const saData = await saResponse.json();\n serviceAccountCount = Array.isArray(saData.serviceAccounts) \n ? saData.serviceAccounts.length \n : 0;\n }\n } catch (error) {\n console.error(\"[portal-components] Error fetching service accounts:\", error);\n }\n\n return {\n userCount,\n serviceAccountCount\n };\n }\n});\n\n/**\n * Fetches instance counts and available updates for the dashboard.\n * Used by the Updates dashboard card.\n */\nexport const fetchDashboardInstances = defineServerAction<\n FetchDashboardInstancesInput,\n FetchDashboardInstancesResult\n>({\n id: \"dashboard/fetch-instances\",\n description: \"Fetches instance counts and update availability for the dashboard\",\n visibility: \"customer\",\n tags: [\"dashboard\", \"instances\", \"updates\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Dashboard instances request requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // Fetch instances\n const instancesUrl = `${origin}/v3/instances?customer_id=${encodeURIComponent(customerId)}`;\n \n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching instances via %s\", instancesUrl);\n }\n\n const instancesResponse = await authenticatedFetch(instancesUrl, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!instancesResponse.ok) {\n throw new Error(\n `Instances request failed (${instancesResponse.status} ${instancesResponse.statusText})`\n );\n }\n\n const instancesData = await instancesResponse.json();\n const allInstances = instancesData.instances || [];\n\n // Split into online and airgap\n const onlineInstances = allInstances.filter((i: { isAirgap?: boolean }) => !i.isAirgap);\n const airgapInstances = allInstances.filter((i: { isAirgap?: boolean }) => i.isAirgap);\n\n // Filter to active online instances (checked in within 24 hours)\n const twentyFourHoursAgo = Date.now() - 24 * 60 * 60 * 1000;\n const activeOnlineInstances = onlineInstances.filter((instance: { lastCheckin?: string }) => {\n const lastCheckin = instance.lastCheckin \n ? new Date(instance.lastCheckin).getTime() \n : 0;\n return lastCheckin > twentyFourHoursAgo;\n });\n\n const onlineActiveCount = activeOnlineInstances.length;\n const airgapCount = airgapInstances.length;\n\n // Fetch channel releases to calculate updates\n let channelReleases: Array<{ channelId: string; channelSequence: number }> = [];\n try {\n const releasesUrl = `${origin}/v3/channel-releases?customer_id=${encodeURIComponent(customerId)}`;\n \n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching channel releases via %s\", releasesUrl);\n }\n\n const releasesResponse = await authenticatedFetch(releasesUrl, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (releasesResponse.ok) {\n const releasesData = await releasesResponse.json();\n channelReleases = releasesData.channelReleases || [];\n }\n } catch (error) {\n console.error(\"[portal-components] Error fetching channel releases:\", error);\n }\n\n // Calculate updates for active online instances\n const calculateUpdates = (instances: Array<{ channelId?: string; channelSequence?: number }>) => {\n if (!channelReleases.length) return 0;\n \n let numUpdates = 0;\n for (const instance of instances) {\n const instanceSequence = instance.channelSequence ?? 0;\n const matchingReleases = channelReleases.filter(\n (release) => release.channelId === instance.channelId\n );\n for (const release of matchingReleases) {\n if (release.channelSequence > instanceSequence) {\n numUpdates++;\n }\n }\n }\n return numUpdates;\n };\n\n const onlineUpdates = calculateUpdates(activeOnlineInstances);\n const airgapUpdates = calculateUpdates(airgapInstances);\n\n return {\n onlineActiveCount,\n airgapCount,\n onlineUpdates,\n airgapUpdates\n };\n }\n});\n\n// =============================================================================\n// User Settings Types\n// =============================================================================\n\nexport interface FetchCurrentUserInput {\n token: string;\n}\n\nexport interface UserProfile {\n emailAddress: string;\n firstName: string;\n lastName: string;\n}\n\nexport interface FetchCurrentUserResult {\n user: UserProfile;\n}\n\nexport interface UpdateUserInput {\n token: string;\n firstName?: string;\n lastName?: string;\n}\n\nexport interface UpdateUserResult {\n success: boolean;\n}\n\nexport interface NotificationSetting {\n type: string;\n enabled: boolean;\n}\n\nexport interface FetchNotificationsInput {\n token: string;\n customerId: string;\n}\n\nexport interface FetchNotificationsResult {\n notifications: NotificationSetting[];\n}\n\nexport interface UpdateNotificationsInput {\n token: string;\n customerId: string;\n notifications: NotificationSetting[];\n}\n\nexport interface UpdateNotificationsResult {\n notifications: NotificationSetting[];\n}\n\n// =============================================================================\n// User Settings Actions\n// =============================================================================\n\n/**\n * Fetches the current user's profile information.\n */\nexport const fetchCurrentUser = defineServerAction<\n FetchCurrentUserInput,\n FetchCurrentUserResult\n>({\n id: \"user/fetch-current\",\n description: \"Fetches the current user's profile information\",\n visibility: \"customer\",\n tags: [\"user\", \"profile\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch current user requires a session token\");\n }\n\n // NEW: Use Enterprise Portal API endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/user/profile`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching current user via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch current user request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n user: {\n emailAddress: data.emailAddress || \"\",\n firstName: data.firstName || \"\",\n lastName: data.lastName || \"\"\n }\n };\n }\n});\n\n/**\n * Updates the current user's profile information.\n */\nexport const updateUser = defineServerAction<\n UpdateUserInput,\n UpdateUserResult\n>({\n id: \"user/update\",\n description: \"Updates the current user's first and/or last name\",\n visibility: \"customer\",\n tags: [\"user\", \"profile\"],\n async run({ token, firstName, lastName }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Update user requires a session token\");\n }\n\n if (!firstName && !lastName) {\n throw new Error(\"At least one of firstName or lastName must be provided\");\n }\n\n // NEW: Use Enterprise Portal API endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/user/profile`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating user via %s\", endpoint);\n }\n\n const body: { firstName?: string; lastName?: string } = {};\n if (firstName !== undefined) body.firstName = firstName;\n if (lastName !== undefined) body.lastName = lastName;\n\n const response = await authenticatedFetch(endpoint, {\n method: \"PUT\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n throw new Error(\n `Update user request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n return { success: true };\n }\n});\n\n/**\n * Fetches notification preferences for a specific customer/team.\n */\nexport const fetchNotifications = defineServerAction<\n FetchNotificationsInput,\n FetchNotificationsResult\n>({\n id: \"notifications/fetch\",\n description: \"Fetches notification preferences for a specific team\",\n visibility: \"customer\",\n tags: [\"notifications\", \"user\"],\n async run({ token, customerId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch notifications requires a session token\");\n }\n\n if (!customerId || typeof customerId !== \"string\") {\n throw new Error(\"Fetch notifications requires a valid customerId\");\n }\n\n // NOTE: customerId is still required in query params because this endpoint\n // delegates to v3 handler which validates customer_id\n const endpoint = `${getApiOrigin()}/enterprise-portal/user/notifications?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching notifications via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch notifications request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n notifications: data.notifications || []\n };\n }\n});\n\n/**\n * Updates notification preferences for a specific customer/team.\n */\nexport const updateNotifications = defineServerAction<\n UpdateNotificationsInput,\n UpdateNotificationsResult\n>({\n id: \"notifications/update\",\n description: \"Updates notification preferences for a specific team\",\n visibility: \"customer\",\n tags: [\"notifications\", \"user\"],\n async run({ token, customerId, notifications }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Update notifications requires a session token\");\n }\n\n if (!customerId || typeof customerId !== \"string\") {\n throw new Error(\"Update notifications requires a valid customerId\");\n }\n\n if (!Array.isArray(notifications)) {\n throw new Error(\"Update notifications requires a notifications array\");\n }\n\n // NOTE: customerId is still required in query params because this endpoint\n // delegates to v3 handler which validates customer_id\n const endpoint = `${getApiOrigin()}/enterprise-portal/user/notifications?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating notifications via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"PUT\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({ notifications }),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => \"\");\n throw new Error(\n `Update notifications request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const data = await response.json();\n \n return {\n notifications: data.notifications || []\n };\n }\n});\n\n// =============================================================================\n// Team Settings Types\n// =============================================================================\n\nexport interface TeamUser {\n id: string;\n emailAddress: string;\n firstAccessedAt?: string;\n lastAccessedAt?: string;\n viewCount?: number;\n pendingInvite: boolean;\n}\n\nexport interface FetchTeamUsersInput {\n token: string;\n limit?: number;\n offset?: number;\n}\n\nexport interface FetchTeamUsersResult {\n users: TeamUser[];\n total: number;\n}\n\nexport interface InviteUserInput {\n token: string;\n email: string;\n}\n\nexport interface InviteUserResult {\n success: boolean;\n}\n\nexport interface DeleteUserInput {\n token: string;\n id: string;\n isPendingInvite: boolean; // If true, delete invite; if false, delete user\n}\n\nexport interface DeleteUserResult {\n success: boolean;\n}\n\nexport interface ServiceAccount {\n id: string;\n customerId: string;\n accountName: string;\n emailAddress?: string;\n token: string;\n isRevoked: boolean;\n createdAt: string;\n lastUsedAt?: string;\n tokenRegeneratedAt?: string;\n}\n\nexport interface FetchServiceAccountsInput {\n token: string;\n limit?: number;\n offset?: number;\n includeRevoked?: boolean;\n}\n\nexport interface FetchServiceAccountsResult {\n serviceAccounts: ServiceAccount[];\n total: number;\n}\n\nexport interface RevokeServiceAccountInput {\n token: string;\n accountId: string;\n}\n\nexport interface RevokeServiceAccountResult {\n success: boolean;\n}\n\nexport interface RotateServiceAccountTokenInput {\n token: string;\n accountId: string;\n}\n\nexport interface RotateServiceAccountTokenResult {\n serviceAccount: ServiceAccount;\n helmLoginCommand: string;\n redeployHelm: string[];\n}\n\nexport interface Instance {\n id: string;\n serviceAccountId?: string;\n versionLabel?: string;\n channelId?: string;\n channelSequence?: number;\n lastCheckin?: string;\n isAirgap?: boolean;\n embeddedClusterVersion?: string;\n tags?: Array<{ key: string; value: string }>;\n}\n\nexport interface FetchInstancesInput {\n token: string;\n}\n\nexport interface FetchInstancesResult {\n instances: Instance[];\n}\n\nexport interface SAMLConfig {\n samlAllowed: boolean;\n samlEnabled: boolean;\n entityId: string;\n acsUrl: string;\n hasIdpMetadata: boolean;\n hasIdpCert: boolean;\n}\n\nexport interface FetchSamlConfigInput {\n token: string;\n}\n\nexport interface FetchSamlConfigResult {\n config: SAMLConfig;\n}\n\nexport interface UpdateSamlConfigInput {\n token: string;\n idpMetadataXml: string;\n idpPublicCert: string;\n}\n\nexport interface UpdateSamlConfigResult {\n success: boolean;\n}\n\nexport interface ToggleSamlEnabledInput {\n token: string;\n enabled: boolean;\n}\n\nexport interface ToggleSamlEnabledResult {\n success: boolean;\n samlEnabled: boolean;\n}\n\nexport interface DeprovisionSamlInput {\n token: string;\n}\n\nexport interface DeprovisionSamlResult {\n success: boolean;\n}\n\n// =============================================================================\n// Team Settings Actions\n// =============================================================================\n\n/**\n * Fetches the list of users for a team.\n */\nexport const fetchTeamUsers = defineServerAction<\n FetchTeamUsersInput,\n FetchTeamUsersResult\n>({\n id: \"team/fetch-users\",\n description: \"Fetches paginated list of team users and pending invites\",\n visibility: \"customer\",\n tags: [\"team\", \"users\"],\n async run({ token, limit = 25, offset = 0 }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch team users requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n // NEW: Use Enterprise Portal API endpoint\n // Note: v3 handler still requires customer_id in query params for validation\n const params = new URLSearchParams({\n customer_id: customerId,\n limit: limit.toString(),\n offset: offset.toString()\n });\n\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/users?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching team users via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch team users request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n users: data.users || [],\n total: data.total || 0\n };\n }\n});\n\n/**\n * Invites a user to the team.\n */\nexport const inviteUser = defineServerAction<\n InviteUserInput,\n InviteUserResult\n>({\n id: \"team/invite-user\",\n description: \"Sends an invitation email to join the team\",\n visibility: \"customer\",\n tags: [\"team\", \"users\", \"invite\"],\n async run({ token, email }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Invite user requires a session token\");\n }\n\n if (!email || typeof email !== \"string\") {\n throw new Error(\"Invite user requires an email address\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const params = new URLSearchParams({\n email_address: email\n });\n\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/invite?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] inviting user via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to invite user\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n/**\n * Removes a user or pending invite from the team by ID.\n */\nexport const deleteUser = defineServerAction<\n DeleteUserInput,\n DeleteUserResult\n>({\n id: \"team/delete-user\",\n description: \"Removes a user or pending invite from the team by ID\",\n visibility: \"customer\",\n tags: [\"team\", \"users\", \"delete\"],\n async run({ token, id, isPendingInvite }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Delete user requires a session token\");\n }\n\n if (!id || typeof id !== \"string\") {\n throw new Error(\"Delete user requires an ID\");\n }\n\n // Use different endpoints for users vs invites\n const resource = isPendingInvite ? \"invites\" : \"users\";\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/${resource}/${encodeURIComponent(id)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] deleting %s %s via %s\", resource, id, endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"DELETE\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = isPendingInvite ? \"Failed to delete invite\" : \"Failed to delete user\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n/**\n * Fetches the list of service accounts for a team.\n */\nexport const fetchServiceAccounts = defineServerAction<\n FetchServiceAccountsInput,\n FetchServiceAccountsResult\n>({\n id: \"team/fetch-service-accounts\",\n description: \"Fetches paginated list of service accounts\",\n visibility: \"customer\",\n tags: [\"team\", \"service-accounts\"],\n async run({ token, limit = 50, offset = 0, includeRevoked = false }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch service accounts requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const params = new URLSearchParams({\n customer_id: customerId,\n limit: limit.toString(),\n offset: offset.toString()\n });\n\n // Add filterRevoked parameter - API filters revoked when this param is present\n if (!includeRevoked) {\n params.set(\"filterRevoked\", \"false\");\n }\n\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/service-accounts?${params.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching service accounts via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch service accounts request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n serviceAccounts: data.serviceAccounts || [],\n total: data.total || 0\n };\n }\n});\n\n/**\n * Revokes a service account.\n */\nexport const revokeServiceAccount = defineServerAction<\n RevokeServiceAccountInput,\n RevokeServiceAccountResult\n>({\n id: \"team/revoke-service-account\",\n description: \"Revokes a service account (soft delete)\",\n visibility: \"customer\",\n tags: [\"team\", \"service-accounts\", \"revoke\"],\n async run({ token, accountId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Revoke service account requires a session token\");\n }\n\n if (!accountId || typeof accountId !== \"string\") {\n throw new Error(\"Revoke service account requires an account ID\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/service-accounts/${encodeURIComponent(accountId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] revoking service account via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"DELETE\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to revoke service account\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n/**\n * Rotates a service account token.\n */\nexport const rotateServiceAccountToken = defineServerAction<\n RotateServiceAccountTokenInput,\n RotateServiceAccountTokenResult\n>({\n id: \"team/rotate-service-account-token\",\n description: \"Generates a new token for a service account\",\n visibility: \"customer\",\n tags: [\"team\", \"service-accounts\", \"rotate\"],\n async run({ token, accountId }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Rotate service account token requires a session token\");\n }\n\n if (!accountId || typeof accountId !== \"string\") {\n throw new Error(\"Rotate service account token requires an account ID\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/enterprise-portal/team/service-accounts/${encodeURIComponent(accountId)}/rotate-token`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] rotating service account token via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to rotate service account token\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n const data = await response.json();\n \n return {\n serviceAccount: data.service_account,\n helmLoginCommand: data.helm_login_cmd || \"\",\n redeployHelm: data.redeploy_helm || []\n };\n }\n});\n\n/**\n * Fetches instances for the customer.\n */\nexport const fetchInstances = defineServerAction<\n FetchInstancesInput,\n FetchInstancesResult\n>({\n id: \"team/fetch-instances\",\n description: \"Fetches instances to determine service account usage\",\n visibility: \"customer\",\n tags: [\"team\", \"instances\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch instances requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/instances?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching instances via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch instances request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n instances: data.instances || []\n };\n }\n});\n\n/**\n * Fetches SAML configuration for the customer.\n */\nexport const fetchSamlConfig = defineServerAction<\n FetchSamlConfigInput,\n FetchSamlConfigResult\n>({\n id: \"team/fetch-saml-config\",\n description: \"Fetches SAML SSO configuration for the team\",\n visibility: \"customer\",\n tags: [\"team\", \"saml\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Fetch SAML config requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/customer/saml/config?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching SAML config via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Fetch SAML config request failed (${response.status} ${response.statusText})`\n );\n }\n\n const data = await response.json();\n \n return {\n config: {\n samlAllowed: data.samlAllowed || false,\n samlEnabled: data.samlEnabled || false,\n entityId: data.entityId || \"\",\n acsUrl: data.acsUrl || \"\",\n hasIdpMetadata: data.hasIdpMetadata || false,\n hasIdpCert: data.hasIdpCert || false\n }\n };\n }\n});\n\n/**\n * Updates SAML configuration (uploads IdP metadata and certificate).\n */\nexport const updateSamlConfig = defineServerAction<\n UpdateSamlConfigInput,\n UpdateSamlConfigResult\n>({\n id: \"team/update-saml-config\",\n description: \"Uploads IdP metadata and certificate for SAML SSO\",\n visibility: \"customer\",\n tags: [\"team\", \"saml\", \"update\"],\n async run({ token, idpMetadataXml, idpPublicCert }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Update SAML config requires a session token\");\n }\n\n if (!idpMetadataXml || !idpPublicCert) {\n throw new Error(\"Both IdP metadata and certificate are required\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/customer/saml/config?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating SAML config via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"PUT\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({\n idpMetadataXml,\n idpPublicCert\n }),\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to update SAML configuration\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n/**\n * Toggles SAML authentication enabled/disabled.\n */\nexport const toggleSamlEnabled = defineServerAction<\n ToggleSamlEnabledInput,\n ToggleSamlEnabledResult\n>({\n id: \"team/toggle-saml-enabled\",\n description: \"Enables or disables SAML authentication\",\n visibility: \"customer\",\n tags: [\"team\", \"saml\", \"toggle\"],\n async run({ token, enabled }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Toggle SAML enabled requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/customer/saml/enable?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] toggling SAML enabled via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"PUT\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({ enabled }),\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to toggle SAML\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n const data = await response.json();\n \n return {\n success: true,\n samlEnabled: data.samlEnabled || enabled\n };\n }\n});\n\n/**\n * Removes SAML configuration (deprovisions SAML).\n */\nexport const deprovisionSaml = defineServerAction<\n DeprovisionSamlInput,\n DeprovisionSamlResult\n>({\n id: \"team/deprovision-saml\",\n description: \"Removes all SAML configuration\",\n visibility: \"customer\",\n tags: [\"team\", \"saml\", \"delete\"],\n async run({ token }, context) {\n if (!token || typeof token !== \"string\") {\n throw new Error(\"Deprovision SAML requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const endpoint = `${getApiOrigin()}/v3/customer/saml/config?customer_id=${encodeURIComponent(customerId)}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] deprovisioning SAML via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"DELETE\",\n token,\n headers: { accept: \"application/json\" },\n signal: context?.signal\n });\n\n if (!response.ok) {\n let errorMessage = \"Failed to remove SAML configuration\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n\n// =============================================================================\n// Invite Accept/Refresh Actions\n// =============================================================================\n\nexport interface AcceptInviteInput {\n code: string;\n}\n\nexport interface AcceptInviteResult {\n token: string;\n}\n\nexport interface AcceptInviteError {\n code: \"invalid_code\" | \"expired\" | \"unknown\";\n message: string;\n}\n\n/**\n * Accepts a team invitation using the invite code from email.\n * Returns a JWT token on success that can be used to establish a session.\n */\nexport const acceptInvite = defineServerAction<\n AcceptInviteInput,\n AcceptInviteResult\n>({\n id: \"auth/accept-invite\",\n description: \"Accepts a team invitation and returns a session token\",\n visibility: \"customer\",\n tags: [\"auth\", \"invite\", \"join\"],\n async run({ code }) {\n if (!code || typeof code !== \"string\") {\n const error: AcceptInviteError = {\n code: \"invalid_code\",\n message: \"Invite code is required\"\n };\n throw error;\n }\n\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/invite/accept`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] accepting invite via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await fetch(endpoint, {\n method: \"POST\",\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({ code })\n });\n\n if (!response.ok) {\n if (response.status === 404) {\n const error: AcceptInviteError = {\n code: \"invalid_code\",\n message: \"Invalid or expired invite code. Please check your code and try again.\"\n };\n throw error;\n }\n\n let errorMessage = \"Failed to accept invitation\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n\n const error: AcceptInviteError = {\n code: \"unknown\",\n message: errorMessage\n };\n throw error;\n }\n\n const payload = await response.json();\n const token = payload?.jwt ?? payload?.token;\n\n if (typeof token !== \"string\") {\n throw new Error(\"Invite accepted but no token returned\");\n }\n\n return { token };\n }\n});\n\nexport interface RefreshInviteInput {\n code: string;\n}\n\nexport interface RefreshInviteResult {\n success: boolean;\n}\n\n/**\n * Refreshes an expired invite by generating a new code and resending the email.\n * The original code is used to identify the invite to refresh.\n */\nexport const refreshInvite = defineServerAction<\n RefreshInviteInput,\n RefreshInviteResult\n>({\n id: \"auth/refresh-invite\",\n description: \"Refreshes an expired invite and resends the invitation email\",\n visibility: \"customer\",\n tags: [\"auth\", \"invite\", \"refresh\"],\n async run({ code }) {\n if (!code || typeof code !== \"string\") {\n throw new Error(\"Invite code is required\");\n }\n\n // NEW: Use Enterprise Portal API auth endpoint\n const endpoint = `${getApiOrigin()}/enterprise-portal/auth/invite/refresh`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] refreshing invite via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await fetch(endpoint, {\n method: \"POST\",\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify({ code })\n });\n\n // The API returns 200 even for non-existent codes to prevent code enumeration\n if (!response.ok) {\n let errorMessage = \"Failed to refresh invitation\";\n try {\n const data = await response.json();\n errorMessage = data.message || data.error || errorMessage;\n } catch {\n // Ignore JSON parse errors\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n }\n});\n","/**\n * Install-related server actions for the Linux and Helm installation wizards.\n * \n * These actions handle the complete installation flow including:\n * - Fetching available releases (channel releases)\n * - Creating/updating/fetching install options\n * - Generating installation instructions\n */\n\nimport { authenticatedFetch } from \"../utils/api-client\";\nimport { getApiOrigin, getCustomerIdFromToken } from \"./index\";\nimport type { PortalActionContext } from \"./index\";\n\n// =============================================================================\n// Types - Channel Releases\n// =============================================================================\n\nexport interface EmbeddedClusterInstallationType {\n version?: string;\n}\n\nexport interface HelmInstallationType {\n version?: string;\n}\n\nexport interface InstallationTypes {\n embeddedCluster?: EmbeddedClusterInstallationType;\n helm?: HelmInstallationType;\n}\n\nexport interface ChannelRelease {\n channelId: string;\n channelName: string;\n channelSlug: string;\n channelSequence: number;\n releaseSequence: number;\n versionLabel: string;\n releaseNotes?: string;\n createdAt: string;\n isRequired?: boolean;\n installationTypes?: InstallationTypes;\n}\n\nexport interface FetchChannelReleasesInput {\n token: string;\n channelId?: string;\n}\n\nexport interface FetchChannelReleasesResult {\n channelReleases: ChannelRelease[];\n}\n\n// =============================================================================\n// Types - Install Options\n// =============================================================================\n\nexport type NetworkAvailability = \"online\" | \"proxy\" | \"airgap\";\nexport type InstallType = \"linux\" | \"helm\";\nexport type RegistryAvailability = \"online\" | \"partial\" | \"offline\";\nexport type KubernetesDistribution = \"vanilla\" | \"openshift\" | \"rancher\" | \"aks\" | \"eks\" | \"gke\";\nexport type InstallStatus = \"in_progress\" | \"completed\" | \"discarded\";\n\nexport interface InstallStep {\n step_number: number;\n step_name: string;\n title: string;\n description?: string;\n commands: string[];\n /** If true, this step can be marked as completed (shows checkmark UI) */\n maybe_completed?: boolean;\n}\n\nexport interface InstallInstructions {\n format: \"basic\" | \"mdx\";\n install_type: string;\n title: string;\n steps?: InstallStep[];\n mdx_template?: string;\n context?: Record<string, unknown>;\n renderer_version?: number;\n}\n\nexport interface InstallOptions {\n id: string;\n customer_id: string;\n install_type: InstallType;\n instance_name: string;\n instance_id?: string;\n service_account_id?: string;\n service_account_email_address?: string;\n license_id?: string;\n started_at: string;\n completed_at?: string;\n network_availability?: NetworkAvailability;\n is_multi_node?: boolean;\n channel_id?: string;\n channel_release_sequence?: number;\n registry_availability?: RegistryAvailability;\n kubernetes_distribution?: KubernetesDistribution;\n admin_console_url?: string;\n status?: InstallStatus;\n}\n\nexport interface CreateInstallOptionsInput {\n token: string;\n installType: InstallType;\n instanceName: string;\n serviceAccountId: string;\n networkAvailability: NetworkAvailability;\n isMultiNode?: boolean;\n channelId?: string;\n channelReleaseSequence?: number;\n // Helm-specific\n registryAvailability?: RegistryAvailability;\n kubernetesDistribution?: KubernetesDistribution;\n}\n\nexport interface CreateInstallOptionsResult {\n install_options: InstallOptions;\n instructions?: InstallInstructions;\n}\n\nexport interface GetInstallOptionsInput {\n token: string;\n installOptionsId: string;\n includeInstructions?: boolean;\n privateRegistryHostname?: string;\n proxyUrl?: string;\n}\n\nexport interface GetInstallOptionsResult {\n id: string;\n customer_id: string;\n install_type: InstallType;\n instance_name: string;\n instance_id?: string;\n service_account_id?: string;\n service_account_email_address?: string;\n started_at: string;\n completed_at?: string;\n network_availability?: NetworkAvailability;\n is_multi_node?: boolean;\n channel_id?: string;\n channel_release_sequence?: number;\n registry_availability?: RegistryAvailability;\n kubernetes_distribution?: KubernetesDistribution;\n admin_console_url?: string;\n status?: InstallStatus;\n instructions?: InstallInstructions;\n /** Timestamp when assets were downloaded (for progress tracking) */\n assets_downloaded_at?: string;\n /** Timestamp when registry authentication was completed (for Helm progress tracking) */\n registry_authenticated_at?: string;\n /** Timestamp when images were pulled (for Helm progress tracking) */\n images_pulled_at?: string;\n /** Timestamp when installation was completed (for progress tracking) */\n installation_completed_at?: string;\n}\n\nexport interface UpdateInstallOptionsInput {\n token: string;\n installOptionsId: string;\n installType?: InstallType;\n channelId?: string;\n channelReleaseSequence?: number;\n networkAvailability?: NetworkAvailability;\n registryAvailability?: RegistryAvailability;\n kubernetesDistribution?: KubernetesDistribution;\n isMultiNode?: boolean;\n serviceAccountId?: string;\n adminConsoleUrl?: string | null;\n status?: InstallStatus;\n includeInstructions?: boolean;\n privateRegistryHostname?: string;\n proxyUrl?: string;\n}\n\nexport interface UpdateInstallOptionsResult {\n install_options: InstallOptions;\n instructions?: InstallInstructions;\n}\n\n// =============================================================================\n// Actions - Channel Releases\n// =============================================================================\n\n/**\n * Fetches available channel releases for the customer.\n * These are filtered to show only releases that have embedded cluster installers.\n */\nexport async function fetchChannelReleases(\n input: FetchChannelReleasesInput,\n context?: PortalActionContext\n): Promise<FetchChannelReleasesResult> {\n const { token, channelId } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"fetchChannelReleases requires a session token\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/channel-releases`);\n if (channelId) {\n url.searchParams.set(\"channel_id\", channelId);\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching channel releases via %s (Enterprise Portal API)\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Channel releases request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const envelope = await response.json();\n const payload = envelope.data;\n\n return {\n channelReleases: payload?.channelReleases || []\n };\n}\n\n// =============================================================================\n// Actions - Install Options\n// =============================================================================\n\n/**\n * Creates a new install options record to track an installation attempt.\n * This is called after creating a service account and before showing install commands.\n */\nexport async function createInstallOptions(\n input: CreateInstallOptionsInput,\n context?: PortalActionContext\n): Promise<CreateInstallOptionsResult> {\n const {\n token,\n installType,\n instanceName,\n serviceAccountId,\n networkAvailability,\n isMultiNode = false,\n channelId,\n channelReleaseSequence,\n registryAvailability,\n kubernetesDistribution\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"createInstallOptions requires a session token\");\n }\n\n if (!instanceName?.trim()) {\n throw new Error(\"Instance name is required\");\n }\n\n if (!serviceAccountId?.trim()) {\n throw new Error(\"Service account ID is required\");\n }\n\n const origin = getApiOrigin();\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const endpoint = `${origin}/enterprise-portal/install-options?includeInstructions=true`;\n\n const body: Record<string, unknown> = {\n install_type: installType,\n instance_name: instanceName.trim(),\n service_account_id: serviceAccountId.trim(),\n network_availability: networkAvailability,\n is_multi_node: isMultiNode\n };\n\n // Add optional fields\n if (channelId) {\n body.channel_id = channelId;\n }\n if (channelReleaseSequence !== undefined) {\n body.channel_release_sequence = channelReleaseSequence;\n }\n if (registryAvailability) {\n body.registry_availability = registryAvailability;\n }\n if (kubernetesDistribution) {\n body.kubernetes_distribution = kubernetesDistribution;\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] creating install options via %s\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Create install options failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n return await response.json();\n}\n\n/**\n * Fetches existing install options by ID.\n * Can optionally include generated installation instructions.\n */\nexport async function getInstallOptions(\n input: GetInstallOptionsInput,\n context?: PortalActionContext\n): Promise<GetInstallOptionsResult> {\n const {\n token,\n installOptionsId,\n includeInstructions = true,\n privateRegistryHostname,\n proxyUrl\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"getInstallOptions requires a session token\");\n }\n\n if (!installOptionsId?.trim()) {\n throw new Error(\"Install options ID is required\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/install-options/${installOptionsId.trim()}`);\n\n if (includeInstructions) {\n url.searchParams.set(\"includeInstructions\", \"true\");\n }\n if (privateRegistryHostname) {\n url.searchParams.set(\"privateRegistryHostname\", privateRegistryHostname);\n }\n if (proxyUrl) {\n url.searchParams.set(\"proxyUrl\", proxyUrl);\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching install options via %s (Enterprise Portal API)\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Get install options failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const envelope = await response.json();\n return envelope.data;\n}\n\n/**\n * Updates existing install options.\n * Typically called when user selects a different version or changes settings.\n * Returns updated options with regenerated installation instructions.\n */\nexport async function updateInstallOptions(\n input: UpdateInstallOptionsInput,\n context?: PortalActionContext\n): Promise<UpdateInstallOptionsResult> {\n const {\n token,\n installOptionsId,\n installType,\n channelId,\n channelReleaseSequence,\n networkAvailability,\n registryAvailability,\n kubernetesDistribution,\n isMultiNode,\n serviceAccountId,\n adminConsoleUrl,\n status,\n includeInstructions = true,\n privateRegistryHostname,\n proxyUrl\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"updateInstallOptions requires a session token\");\n }\n\n if (!installOptionsId?.trim()) {\n throw new Error(\"Install options ID is required\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/install-options/${installOptionsId.trim()}`);\n\n if (includeInstructions) {\n url.searchParams.set(\"includeInstructions\", \"true\");\n }\n if (privateRegistryHostname) {\n url.searchParams.set(\"privateRegistryHostname\", privateRegistryHostname);\n }\n if (proxyUrl) {\n url.searchParams.set(\"proxyUrl\", proxyUrl);\n }\n\n // Build body with only provided fields\n const body: Record<string, unknown> = {};\n\n if (installType !== undefined) {\n body.install_type = installType;\n }\n if (channelId !== undefined) {\n body.channel_id = channelId;\n }\n if (channelReleaseSequence !== undefined) {\n body.channel_release_sequence = channelReleaseSequence;\n }\n if (networkAvailability !== undefined) {\n body.network_availability = networkAvailability;\n }\n if (registryAvailability !== undefined) {\n body.registry_availability = registryAvailability;\n }\n if (kubernetesDistribution !== undefined) {\n body.kubernetes_distribution = kubernetesDistribution;\n }\n if (isMultiNode !== undefined) {\n body.is_multi_node = isMultiNode;\n }\n if (serviceAccountId !== undefined) {\n body.service_account_id = serviceAccountId;\n }\n if (adminConsoleUrl !== undefined) {\n body.admin_console_url = adminConsoleUrl;\n }\n if (status !== undefined) {\n body.status = status;\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating install options via %s\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"PATCH\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Update install options failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n return await response.json();\n}\n\n// =============================================================================\n// Helper - Filter Releases with Embedded Cluster Support\n// =============================================================================\n\n/**\n * Filters channel releases to only include those with embedded cluster installers.\n * Use this when populating the version dropdown for Linux installs.\n */\nexport function filterEmbeddedClusterReleases(releases: ChannelRelease[]): ChannelRelease[] {\n return releases.filter(\n (release) => release.installationTypes?.embeddedCluster?.version\n );\n}\n\n/**\n * Filters channel releases to only include those with Helm chart support.\n * Use this when populating the version dropdown for Helm installs.\n */\nexport function filterHelmReleases(releases: ChannelRelease[]): ChannelRelease[] {\n return releases.filter(\n (release) => release.installationTypes?.helm?.version\n );\n}\n\n// =============================================================================\n// Types - Update Instructions\n// =============================================================================\n\nexport interface GetUpdateInstructionsInput {\n token: string;\n /** Install options ID (if known) */\n installOptionsId?: string;\n /** Instance ID (used if installOptionsId is not available) */\n instanceId?: string;\n /** Target channel ID for the update */\n targetChannelId: string;\n /** Target channel sequence for the update */\n targetChannelSequence: number;\n /** Private registry hostname (for airgap with private registry) */\n privateRegistryHostname?: string;\n}\n\nexport interface UpdateInstructions {\n format: string;\n install_type: string;\n title: string;\n steps: InstallStep[];\n}\n\nexport interface GetUpdateInstructionsResult {\n instructions: UpdateInstructions;\n}\n\n// =============================================================================\n// Actions - Update Instructions\n// =============================================================================\n\n/**\n * Fetches update instructions for an instance.\n * Returns step-by-step commands for updating to a target version.\n */\nexport async function getUpdateInstructions(\n input: GetUpdateInstructionsInput,\n context?: PortalActionContext\n): Promise<GetUpdateInstructionsResult> {\n const {\n token,\n installOptionsId,\n instanceId,\n targetChannelId,\n targetChannelSequence,\n privateRegistryHostname\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"getUpdateInstructions requires a session token\");\n }\n\n if (!targetChannelId?.trim()) {\n throw new Error(\"Target channel ID is required\");\n }\n\n if (targetChannelSequence === undefined || targetChannelSequence === null) {\n throw new Error(\"Target channel sequence is required\");\n }\n\n // Need either installOptionsId or instanceId\n const identifier = installOptionsId || instanceId;\n if (!identifier) {\n throw new Error(\"Either installOptionsId or instanceId is required\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // Build query params\n const queryParams = new URLSearchParams();\n queryParams.set(\"targetChannelId\", targetChannelId.trim());\n queryParams.set(\"targetChannelSequence\", targetChannelSequence.toString());\n \n if (privateRegistryHostname?.trim()) {\n queryParams.set(\"privateRegistryHostname\", privateRegistryHostname.trim());\n }\n \n // When using instance_id, we still need a path parameter for the route\n // but it will be ignored by the backend in favor of the instance_id query param\n if (!installOptionsId && instanceId) {\n queryParams.set(\"instance_id\", instanceId);\n }\n\n const pathId = installOptionsId || \"placeholder\";\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = `${origin}/enterprise-portal/install-options/${pathId}/update-instructions?${queryParams.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching update instructions via %s\", url);\n }\n\n const response = await authenticatedFetch(url, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n let errorMessage = \"Failed to fetch update instructions\";\n try {\n const errorData = JSON.parse(errorText);\n errorMessage = errorData.error || errorData.message || errorMessage;\n } catch {\n // Use default message\n }\n throw new Error(errorMessage);\n }\n\n const data = await response.json();\n\n return {\n instructions: {\n format: data.format || \"steps\",\n install_type: data.install_type,\n title: data.title,\n steps: data.steps || []\n }\n };\n}\n\n// =============================================================================\n// Types - Pending Installations\n// =============================================================================\n\nexport interface FetchPendingInstallationsInput {\n token: string;\n}\n\nexport interface PendingInstallation {\n id: string;\n name: string;\n method: \"helm\" | \"linux\";\n startedBy: string;\n startedAt: string;\n}\n\nexport interface FetchPendingInstallationsResult {\n installations: PendingInstallation[];\n}\n\n// =============================================================================\n// Fetch Pending Installations\n// =============================================================================\n\n/**\n * Fetches pending (in-progress) installations for the current user.\n * Returns up to 5 most recent installations, ordered by creation date descending.\n */\nexport async function fetchPendingInstallations(\n input: FetchPendingInstallationsInput,\n context?: PortalActionContext\n): Promise<FetchPendingInstallationsResult> {\n const { token } = input;\n \n if (typeof token !== \"string\" || token.trim().length === 0) {\n throw new Error(\"fetchPendingInstallations requires a non-empty token\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n // This endpoint returns 200 with empty array instead of 404 when no results\n const queryParams = new URLSearchParams();\n queryParams.set(\"status\", \"in_progress\");\n queryParams.set(\"page_size\", \"5\");\n queryParams.set(\"order_by\", \"created_at\");\n queryParams.set(\"order_direction\", \"desc\");\n\n const endpoint = `${origin}/enterprise-portal/install-options?${queryParams.toString()}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching pending installations via %s (Enterprise Portal API)\", endpoint);\n }\n\n const response = await authenticatedFetch(endpoint, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n throw new Error(\n `Pending installations request failed (${response.status} ${response.statusText})`\n );\n }\n\n const envelope = await response.json();\n const payload = envelope.data;\n\n // Parse the response - expecting {install_options: [...]}\n const installArray = payload?.install_options || [];\n\n const installations: PendingInstallation[] = installArray.map((item: Record<string, unknown>) => ({\n id: String(item.id || \"\"),\n name: String(item.instance_name || \"Unknown\"),\n method: item.install_type === \"helm\" ? \"helm\" as const : \"linux\" as const,\n startedBy: String(item.service_account_email_address || \"Unknown\"),\n startedAt: String(item.started_at || new Date().toISOString())\n }));\n\n return {\n installations\n };\n}\n\n","/**\n * Instance-related server actions for the Update page.\n * \n * These actions handle fetching and managing instances including:\n * - Listing all instances (online and airgap)\n * - Fetching install options for instances\n * - Calculating update availability\n */\n\nimport { authenticatedFetch } from \"../utils/api-client\";\nimport { getApiOrigin, getCustomerIdFromToken } from \"./index\";\nimport type { PortalActionContext } from \"./index\";\nimport type { ChannelRelease, InstallOptions } from \"./install\";\nexport type { InstallOptions } from \"./install\";\n\n// =============================================================================\n// Types - Instance\n// =============================================================================\n\nexport type ResourceStatus = \"ready\" | \"updating\" | \"unknown\" | \"missing\" | \"unavailable\" | \"degraded\";\n\nexport interface ResourceState {\n kind: string;\n name: string;\n namespace: string;\n state: ResourceStatus;\n}\n\nexport interface InstanceTag {\n key: string;\n value: string;\n origin?: string;\n}\n\nexport interface Instance {\n id: string;\n firstCheckin: string;\n firstReadyAt?: string;\n lastCheckin: string;\n isAirgap: boolean;\n appStatus?: string;\n resourceStates?: ResourceState[];\n versionLabel?: string;\n channelId?: string;\n channelSequence?: number;\n serviceAccountId?: string;\n embeddedClusterId?: string;\n kotsInstallId?: string;\n kurlInstallId?: string;\n k8sVersion?: string;\n k8sDistribution?: string;\n tags?: InstanceTag[];\n}\n\nexport interface FetchInstancesInput {\n token: string;\n}\n\nexport interface FetchInstancesResult {\n instances: Instance[];\n online: Instance[];\n airgap: Instance[];\n}\n\n// =============================================================================\n// Types - Install Options by Instance\n// =============================================================================\n\nexport interface FetchInstallOptionsByInstanceIdsInput {\n token: string;\n instanceIds: string[];\n}\n\nexport interface FetchInstallOptionsByInstanceIdsResult {\n installOptions: InstallOptions[];\n}\n\n// =============================================================================\n// Constants\n// =============================================================================\n\n/** 24 hours in milliseconds - threshold for active vs inactive instances */\nexport const ACTIVE_INSTANCE_THRESHOLD_MS = 24 * 60 * 60 * 1000;\n\n// =============================================================================\n// Helper Functions\n// =============================================================================\n\n/**\n * Determines if an instance is active based on last check-in time.\n * Active = last check-in within the last 24 hours.\n */\nexport function isInstanceActive(instance: Instance): boolean {\n if (!instance.lastCheckin) {\n return false;\n }\n const lastCheckinTime = new Date(instance.lastCheckin).getTime();\n const threshold = Date.now() - ACTIVE_INSTANCE_THRESHOLD_MS;\n return lastCheckinTime > threshold;\n}\n\n/**\n * Filters instances into active and inactive lists.\n */\nexport function filterActiveInactiveInstances(instances: Instance[]): {\n activeInstances: Instance[];\n inactiveInstances: Instance[];\n} {\n const activeInstances = instances.filter(isInstanceActive);\n const inactiveInstances = instances.filter((instance) => !isInstanceActive(instance));\n return { activeInstances, inactiveInstances };\n}\n\n/**\n * Gets the install type for an instance based on instance data and install options.\n */\nexport function getInstallType(\n instance: Instance,\n installOptions?: InstallOptions[]\n): \"helm\" | \"embedded cluster\" | null {\n const instanceHasNoInstallTypes =\n !instance.kotsInstallId &&\n !instance.kurlInstallId &&\n !instance.embeddedClusterId;\n const isManuallyCreatedAirgapInstance =\n instance.isAirgap && instanceHasNoInstallTypes;\n\n // Check for embedded cluster first - explicitly set\n if (instance.embeddedClusterId) {\n return \"embedded cluster\";\n }\n\n // Check for helm install with k8s info\n if (instanceHasNoInstallTypes && instance.k8sDistribution) {\n return \"helm\";\n }\n\n // Default fallback for ambiguous cases (manually created airgap without k8s info):\n // Check install options first, then assume embedded cluster\n if (isManuallyCreatedAirgapInstance && !instance.k8sDistribution) {\n if (installOptions) {\n const matchingInstallOption = installOptions.find(\n (option) => option.instance_id === instance.id\n );\n if (matchingInstallOption) {\n if (matchingInstallOption.install_type === \"helm\") {\n return \"helm\";\n }\n if (matchingInstallOption.install_type === \"linux\") {\n return \"embedded cluster\";\n }\n }\n }\n // Final fallback: assume embedded cluster\n return \"embedded cluster\";\n }\n\n return null;\n}\n\n/**\n * Calculates the number of available updates for an instance.\n */\nexport function calculateUpdatesForInstance(\n instance: Instance,\n channelReleases: ChannelRelease[]\n): number {\n if (!channelReleases || !Array.isArray(channelReleases)) {\n return 0;\n }\n\n const instanceChannelSequence = instance.channelSequence ?? 0;\n\n // Filter to matching channel and count releases with higher sequence\n const matchingReleases = channelReleases.filter(\n (release) => release.channelId === instance.channelId\n );\n\n return matchingReleases.filter(\n (release) => release.channelSequence > instanceChannelSequence\n ).length;\n}\n\n/**\n * Gets the instance name from tags or returns truncated ID.\n */\nexport function getInstanceName(instance: Instance): string {\n const nameTag = instance.tags?.find((tag) => tag.key === \"name\");\n return nameTag?.value || instance.id.slice(0, 7);\n}\n\n// =============================================================================\n// Actions\n// =============================================================================\n\n/**\n * Fetches all instances for the customer.\n * Returns instances split into online and airgap categories.\n */\nexport async function fetchInstances(\n input: FetchInstancesInput,\n context?: PortalActionContext\n): Promise<FetchInstancesResult> {\n const { token } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"fetchInstances requires a session token\");\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/instances`);\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching instances via %s\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Instances request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const payload = await response.json();\n // Extract from Enterprise Portal API envelope\n const data = payload.data;\n const allInstances: Instance[] = data?.instances || [];\n\n // Split into online and airgap\n const online = allInstances.filter((instance) => !instance.isAirgap);\n const airgap = allInstances.filter((instance) => instance.isAirgap);\n\n return {\n instances: allInstances,\n online,\n airgap\n };\n}\n\n// =============================================================================\n// Types - Create Air Gap Instance\n// =============================================================================\n\nexport type AirgapInstanceStatus = \"unavailable\" | \"missing\";\n\nexport interface CreateAirgapInstanceInput {\n token: string;\n serviceAccountId: string;\n instanceName?: string;\n channelId: string;\n channelSequence: number;\n k8sVersion?: string;\n k8sDistribution?: string;\n appStatus?: AirgapInstanceStatus;\n}\n\nexport interface CreateAirgapInstanceResult {\n instanceId: string;\n licenseId: string;\n createdAt: string;\n lastActive: string;\n appFirstReadyAt: string | null;\n appStatus: string;\n isAirgap: boolean;\n channelId?: string;\n channelSequence?: number;\n k8sVersion?: string;\n k8sDistribution?: string;\n}\n\n/**\n * Creates an air gap instance record manually.\n * This is used when customers want to track air gap instances that can't check in.\n */\nexport async function createAirgapInstance(\n input: CreateAirgapInstanceInput,\n context?: PortalActionContext\n): Promise<CreateAirgapInstanceResult> {\n const {\n token,\n serviceAccountId,\n instanceName,\n channelId,\n channelSequence,\n k8sVersion,\n k8sDistribution,\n appStatus = \"missing\"\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"createAirgapInstance requires a session token\");\n }\n\n if (!serviceAccountId?.trim()) {\n throw new Error(\"Service account ID is required\");\n }\n\n if (!channelId?.trim()) {\n throw new Error(\"Channel ID is required\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/instances/airgap`);\n\n const body: Record<string, unknown> = {\n service_account_id: serviceAccountId.trim(),\n channel_id: channelId.trim(),\n channel_sequence: channelSequence,\n app_status: appStatus\n };\n\n if (instanceName?.trim()) {\n body.instance_name = instanceName.trim();\n }\n if (k8sVersion?.trim()) {\n body.k8s_version = k8sVersion.trim();\n }\n if (k8sDistribution?.trim()) {\n body.k8s_distribution = k8sDistribution.trim();\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] creating airgap instance via %s\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"POST\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n let errorMessage = \"Failed to create airgap instance\";\n try {\n const errorData = JSON.parse(errorText);\n errorMessage = errorData.error || errorData.message || errorMessage;\n } catch {\n // Use default message\n }\n throw new Error(errorMessage);\n }\n\n const data = await response.json();\n \n return {\n instanceId: data.instance_id,\n licenseId: data.license_id,\n createdAt: data.created_at,\n lastActive: data.last_active,\n appFirstReadyAt: data.app_first_ready_at,\n appStatus: data.app_status,\n isAirgap: data.is_airgap,\n channelId: data.channel_id,\n channelSequence: data.channel_sequence,\n k8sVersion: data.k8s_version,\n k8sDistribution: data.k8s_distribution\n };\n}\n\n// =============================================================================\n// Types - Update Air Gap Instance\n// =============================================================================\n\nexport interface UpdateAirgapInstanceInput {\n token: string;\n instanceId: string;\n serviceAccountId?: string;\n channelId: string;\n channelSequence: number;\n}\n\nexport interface UpdateAirgapInstanceResult {\n success: boolean;\n}\n\n/**\n * Updates an air gap instance record (mark update complete).\n * This is called after completing an air gap update to update the instance version.\n */\nexport async function updateAirgapInstance(\n input: UpdateAirgapInstanceInput,\n context?: PortalActionContext\n): Promise<UpdateAirgapInstanceResult> {\n const {\n token,\n instanceId,\n serviceAccountId,\n channelId,\n channelSequence\n } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"updateAirgapInstance requires a session token\");\n }\n\n if (!instanceId?.trim()) {\n throw new Error(\"Instance ID is required\");\n }\n\n if (!channelId?.trim()) {\n throw new Error(\"Channel ID is required\");\n }\n\n const origin = getApiOrigin();\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = new URL(`${origin}/enterprise-portal/instances/airgap/${instanceId.trim()}`);\n\n const body: Record<string, unknown> = {\n channel_id: channelId.trim(),\n channel_sequence: channelSequence\n };\n\n if (serviceAccountId?.trim()) {\n body.service_account_id = serviceAccountId.trim();\n }\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] updating airgap instance via %s\", url.toString());\n }\n\n const response = await authenticatedFetch(url.toString(), {\n method: \"PATCH\",\n token,\n headers: {\n \"content-type\": \"application/json\",\n accept: \"application/json\"\n },\n body: JSON.stringify(body),\n signal: context?.signal\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n let errorMessage = \"Failed to update airgap instance\";\n try {\n const errorData = JSON.parse(errorText);\n errorMessage = errorData.error || errorData.message || errorMessage;\n } catch {\n // Use default message\n }\n throw new Error(errorMessage);\n }\n\n return { success: true };\n}\n\n/**\n * Fetches install options for a batch of instance IDs.\n * Handles chunking automatically if more than 50 IDs are provided.\n */\nexport async function fetchInstallOptionsByInstanceIds(\n input: FetchInstallOptionsByInstanceIdsInput,\n context?: PortalActionContext\n): Promise<FetchInstallOptionsByInstanceIdsResult> {\n const { token, instanceIds } = input;\n\n if (!token || typeof token !== \"string\") {\n throw new Error(\"fetchInstallOptionsByInstanceIds requires a session token\");\n }\n\n if (!instanceIds || instanceIds.length === 0) {\n return { installOptions: [] };\n }\n\n const customerId = getCustomerIdFromToken(token);\n const origin = getApiOrigin();\n\n // Chunk instance IDs into groups of 50 (API limit)\n const chunks: string[][] = [];\n for (let i = 0; i < instanceIds.length; i += 50) {\n chunks.push(instanceIds.slice(i, i + 50));\n }\n\n const allInstallOptions: InstallOptions[] = [];\n\n for (const chunk of chunks) {\n if (chunk.length === 0) continue;\n\n // Build query string with multiple instance_id params\n const queryParams = chunk\n .map((id) => `instance_id=${encodeURIComponent(id)}`)\n .join(\"&\");\n\n // NEW: Use Enterprise Portal API endpoint (no customer_id needed)\n const url = `${origin}/enterprise-portal/install-options?${queryParams}`;\n\n if (process.env.NODE_ENV !== \"production\") {\n console.debug(\"[portal-components] fetching install options via %s\", url);\n }\n\n const response = await authenticatedFetch(url, {\n method: \"GET\",\n token,\n headers: {\n accept: \"application/json\"\n },\n signal: context?.signal\n });\n\n if (response.status === 404) {\n // No install options found for this chunk - continue\n continue;\n }\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(\n `Install options request failed (${response.status} ${response.statusText}): ${errorText}`\n );\n }\n\n const envelope = await response.json();\n // Extract from Enterprise Portal API envelope\n const options: InstallOptions[] = envelope?.data?.install_options || [];\n allInstallOptions.push(...options);\n }\n\n return { installOptions: allInstallOptions };\n}\n\n"]}