@studiometa/forge-mcp 0.3.0 → 0.4.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studiometa/forge-mcp",
-  "version": "0.3.0",
+  "version": "0.4.1",
   "description": "MCP server for Laravel Forge — Model Context Protocol integration for AI agents",
   "keywords": [
     "ai",
@@ -67,9 +67,9 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.26.0",
-    "@studiometa/forge-api": "0.3.0",
-    "@studiometa/forge-core": "0.3.0",
-    "h3": "^2.0.1-rc.14"
+    "@studiometa/forge-api": "0.4.1",
+    "@studiometa/forge-core": "0.4.1",
+    "h3": "2.0.1-rc.20"
   },
   "devDependencies": {
     "@vitest/coverage-v8": "^4.1.0-beta.4",

package/skills/SKILL.md

@@ -49,7 +49,7 @@ forge_write(resource, action, [parameters...])
 | `deployments`     | `list`                              | `deploy`, `update`             | site   |
 | `env`             | `get`                               | `update`                       | site   |
 | `nginx`           | `get`                               | `update`                       | site   |
-| `certificates`    | `list`, `get`                       | `create`, `delete`, `activate` | site   |
+| `certificates`    | `get`                               | `create`, `delete`, `activate` | domain |
 | `databases`       | `list`, `get`                       | `create`, `delete`             | server |
 | `database-users`  | `list`, `get`                       | `create`, `delete`             | server |
 | `daemons`         | `list`, `get`                       | `create`, `delete`, `restart`  | server |
@@ -70,7 +70,8 @@ forge_write(resource, action, [parameters...])
 
 - **global**: No parent ID needed (e.g. `servers`, `recipes`)
 - **server**: Requires `server_id` (e.g. `sites`, `databases`, `daemons`)
-- **site**: Requires `server_id` + `site_id` (e.g. `deployments`, `env`, `certificates`)
+- **site**: Requires `server_id` + `site_id` (e.g. `deployments`, `env`)
+- **domain**: Requires `server_id` + `site_id` + `domain_id` (e.g. `certificates`)
 
 ### Auto-Resolve: Names Instead of IDs
 
@@ -121,6 +122,7 @@ Use `action: "schema"` for a compact machine-readable spec:
 | `id`         | string  | Resource ID (for `get`, `delete`, `activate`, `restart`)                                                |
 | `server_id`  | string  | Server ID **or name** — numeric IDs are used as-is; names are auto-resolved via partial match           |
 | `site_id`    | string  | Site ID **or domain name** — auto-resolved via partial match; requires `server_id`                      |
+| `domain_id`  | string  | Domain record ID (for certificate operations)                                                           |
 | `query`      | string  | Search query for `resolve` action (partial, case-insensitive match against resource names/domains)      |
 | `compact`    | boolean | Compact output (default: true)                                                                          |
 | `content`    | string  | Content for env/nginx `update` and deployment script `update`                                           |
@@ -158,17 +160,17 @@ Use `action: "schema"` for a compact machine-readable spec:
 { "resource": "daemons", "action": "list", "server_id": "123" }
 ```
 
-### Manage SSL Certificates
+### Manage SSL Certificates (per-domain)
 
 ```json
-// List existing certs (forge)
-{ "resource": "certificates", "action": "list", "server_id": "123", "site_id": "456" }
+// Get certificate for a domain (forge)
+{ "resource": "certificates", "action": "get", "server_id": "123", "site_id": "456", "domain_id": "789" }
 
 // Request a new Let's Encrypt cert (forge_write)
-{ "resource": "certificates", "action": "create", "server_id": "123", "site_id": "456", "domain": "example.com", "type": "new" }
+{ "resource": "certificates", "action": "create", "server_id": "123", "site_id": "456", "domain_id": "789", "type": "letsencrypt" }
 
 // Activate it (forge_write)
-{ "resource": "certificates", "action": "activate", "server_id": "123", "site_id": "456", "id": "789" }
+{ "resource": "certificates", "action": "activate", "server_id": "123", "site_id": "456", "domain_id": "789" }
 ```
 
 ### Update Environment Variables
@@ -240,7 +242,7 @@ Use `action: "resolve"` to search resources by name before acting:
 //                           daemons, firewall_rules, scheduled_jobs
 { "resource": "servers", "action": "context", "id": "123" }
 
-// Site context (forge) — returns site + deployments (last 5), certificates,
+// Site context (forge) — returns site + deployments (last 5),
 //                          redirect_rules, security_rules
 { "resource": "sites", "action": "context", "server_id": "123", "id": "456" }
 
@@ -269,7 +271,7 @@ Use `action: "resolve"` to search resources by name before acting:
   "action": "run",
   "operations": [
     { "resource": "env",          "action": "get",  "server_id": "123", "site_id": "456" },
-    { "resource": "certificates", "action": "list", "server_id": "123", "site_id": "456" },
+    { "resource": "commands",     "action": "list", "server_id": "123", "site_id": "456" },
     { "resource": "deployments",  "action": "list", "server_id": "123", "site_id": "456" }
   ]
 }
@@ -295,11 +297,11 @@ Per-operation failures are isolated — a single error doesn't abort the rest.
 
 ### Stdio Mode (Claude Desktop)
 
-Set `FORGE_API_TOKEN` environment variable, or use the `forge_configure` tool:
+Set environment variables `FORGE_API_TOKEN` and `FORGE_ORG`, or use the `forge_configure` tool:
 
 ```json
-// Configure interactively
-{ tool: "forge_configure", arguments: { api_token: "your-token" } }
+// Configure API token and organization
+{ tool: "forge_configure", arguments: { apiToken: "your-token", organizationSlug: "your-org" } }
 
 // Check current config
 { tool: "forge_get_config", arguments: {} }

package/dist/http-Cwp91mT-.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"http-Cwp91mT-.js","names":[],"sources":["../src/sessions.ts","../src/http.ts"],"sourcesContent":["/**\n * Session manager for multi-tenant Streamable HTTP transport.\n *\n * Each MCP client session gets its own transport + server pair.\n * Sessions are identified by UUID and tracked in a Map.\n *\n * Supports automatic TTL-based cleanup of idle sessions to prevent\n * memory leaks from abandoned clients.\n */\n\nimport type { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport type { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\n\n/**\n * A managed session: transport + MCP server pair.\n */\nexport interface ManagedSession {\n  transport: StreamableHTTPServerTransport;\n  server: Server;\n  createdAt: number;\n  lastActiveAt: number;\n}\n\nexport interface SessionManagerOptions {\n  /**\n   * Maximum idle time in milliseconds before a session is reaped.\n   * Default: 30 minutes. Set to 0 to disable automatic cleanup.\n   */\n  ttl?: number;\n\n  /**\n   * How often to check for expired sessions, in milliseconds.\n   * Default: 60 seconds.\n   */\n  sweepInterval?: number;\n}\n\nconst DEFAULT_TTL = 30 * 60 * 1000; // 30 minutes\nconst DEFAULT_SWEEP_INTERVAL = 60 * 1000; // 60 seconds\n\nexport class SessionManager {\n  private sessions = new Map<string, ManagedSession>();\n  private sweepTimer: ReturnType<typeof setInterval> | undefined;\n  private readonly ttl: number;\n\n  constructor(options?: SessionManagerOptions) {\n    this.ttl = options?.ttl ?? DEFAULT_TTL;\n\n    if (this.ttl > 0) {\n      const interval = options?.sweepInterval ?? DEFAULT_SWEEP_INTERVAL;\n      this.sweepTimer = setInterval(() => {\n        this.sweep();\n      }, interval);\n      // Don't keep the process alive just for the sweep timer\n      this.sweepTimer.unref();\n    }\n  }\n\n  /**\n   * Register a session after its ID has been assigned by the transport.\n   */\n  register(transport: StreamableHTTPServerTransport, server: Server): void {\n    const sessionId = transport.sessionId;\n    if (sessionId) {\n      const now = Date.now();\n      this.sessions.set(sessionId, {\n        transport,\n        server,\n        createdAt: now,\n        lastActiveAt: now,\n      });\n    }\n  }\n\n  /**\n   * Look up a session by its ID and refresh its activity timestamp.\n   */\n  get(sessionId: string): ManagedSession | undefined {\n    const session = this.sessions.get(sessionId);\n    if (session) {\n      session.lastActiveAt = Date.now();\n    }\n    return session;\n  }\n\n  /**\n   * Remove a session and close its transport + server.\n   */\n  async remove(sessionId: string): Promise<void> {\n    const session = this.sessions.get(sessionId);\n    if (session) {\n      this.sessions.delete(sessionId);\n      await session.transport.close();\n      await session.server.close();\n    }\n  }\n\n  /**\n   * Get the number of active sessions.\n   */\n  get size(): number {\n    return this.sessions.size;\n  }\n\n  /**\n   * Sweep expired sessions. Called automatically by the sweep timer.\n   * Returns the number of sessions reaped.\n   */\n  sweep(): number {\n    if (this.ttl <= 0) return 0;\n\n    const now = Date.now();\n    const expired: string[] = [];\n\n    for (const [id, session] of this.sessions) {\n      if (now - session.lastActiveAt > this.ttl) {\n        expired.push(id);\n      }\n    }\n\n    for (const id of expired) {\n      // Fire-and-forget cleanup — don't block the sweep\n      /* v8 ignore start */\n      this.remove(id).catch(() => {});\n      /* v8 ignore stop */\n    }\n\n    return expired.length;\n  }\n\n  /**\n   * Close all sessions, stop the sweep timer, and clean up.\n   */\n  async closeAll(): Promise<void> {\n    if (this.sweepTimer) {\n      clearInterval(this.sweepTimer);\n      this.sweepTimer = undefined;\n    }\n\n    const promises: Promise<void>[] = [];\n    for (const [, session] of this.sessions) {\n      promises.push(session.transport.close());\n      promises.push(session.server.close());\n    }\n    await Promise.all(promises);\n    this.sessions.clear();\n  }\n}\n","/**\n * Streamable HTTP transport for Forge MCP Server\n *\n * Implements the official MCP Streamable HTTP transport specification (2025-03-26)\n * using the SDK's StreamableHTTPServerTransport.\n *\n * Architecture:\n * - Stateful mode with per-session transport+server pairs (multi-tenant)\n * - Auth via Bearer token → authInfo.token → handler extra.authInfo\n * - Session manager (injected) maps session IDs to transport+server instances\n * - Health/status endpoints handled by h3, MCP endpoint by the SDK transport\n */\n\nimport { randomUUID } from \"node:crypto\";\nimport type { IncomingMessage, ServerResponse } from \"node:http\";\n\nimport { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\nimport { CallToolRequestSchema, ListToolsRequestSchema } from \"@modelcontextprotocol/sdk/types.js\";\nimport { createApp, defineEventHandler, type H3 } from \"h3\";\n\nimport { parseAuthHeader } from \"./auth.ts\";\nimport { executeToolWithCredentials } from \"./handlers/index.ts\";\nimport { INSTRUCTIONS } from \"./instructions.ts\";\nimport {\n  oauthMetadataHandler,\n  protectedResourceHandler,\n  registerHandler,\n  authorizeGetHandler,\n  authorizePostHandler,\n  tokenHandler,\n} from \"./oauth.ts\";\nimport { SessionManager } from \"./sessions.ts\";\nimport { getTools } from \"./tools.ts\";\nimport { VERSION } from \"./version.ts\";\n\nexport { SessionManager } from \"./sessions.ts\";\n\n/**\n * Options for the HTTP MCP server.\n */\nexport interface HttpServerOptions {\n  /** When true, forge_write tool is not registered and write operations are rejected. */\n  readOnly?: boolean;\n}\n\n/**\n * Create a configured MCP Server instance for HTTP transport.\n *\n * Unlike stdio, HTTP mode does NOT include forge_configure/forge_get_config\n * because credentials come from the Authorization header per-request.\n */\nexport function createMcpServer(options?: HttpServerOptions): Server {\n  const readOnly = options?.readOnly ?? false;\n  const tools = getTools({ readOnly });\n\n  const server = new Server(\n    {\n      name: \"forge-mcp\",\n      version: VERSION,\n    },\n    {\n      capabilities: {\n        tools: {},\n      },\n      instructions: INSTRUCTIONS,\n    },\n  );\n\n  server.setRequestHandler(ListToolsRequestSchema, async () => {\n    return { tools };\n  });\n\n  server.setRequestHandler(CallToolRequestSchema, async (request, extra) => {\n    const { name, arguments: args } = request.params;\n    const token = extra.authInfo?.token;\n\n    /* v8 ignore start */\n    if (!token) {\n      return {\n        content: [\n          {\n            type: \"text\" as const,\n            text: \"Error: Authentication required. No token found in request.\",\n          },\n        ],\n        structuredContent: {\n          success: false,\n          error: \"Authentication required. No token found in request.\",\n        },\n        isError: true,\n      };\n    }\n    /* v8 ignore stop */\n\n    // Reject write operations in read-only mode\n    if (readOnly && name === \"forge_write\") {\n      return {\n        content: [\n          {\n            type: \"text\" as const,\n            text: \"Error: Server is running in read-only mode. Write operations are disabled.\",\n          },\n        ],\n        structuredContent: {\n          success: false,\n          error: \"Server is running in read-only mode. Write operations are disabled.\",\n        },\n        isError: true,\n      };\n    }\n\n    try {\n      const result = await executeToolWithCredentials(\n        name,\n        /* v8 ignore next */ (args as Record<string, unknown>) ?? {},\n        { apiToken: token },\n      );\n      return result as unknown as Record<string, unknown>;\n    } catch (error) {\n      /* v8 ignore start */\n      const message = error instanceof Error ? error.message : String(error);\n      /* v8 ignore stop */\n      return {\n        content: [{ type: \"text\" as const, text: `Error: ${message}` }],\n        structuredContent: { success: false, error: message },\n        isError: true,\n      };\n    }\n  });\n\n  return server;\n}\n\n/**\n * Handle an MCP request using the Streamable HTTP transport.\n *\n * Routes requests based on whether they have a session ID:\n * - No session ID + initialize request → create new session\n * - Has session ID → route to existing session's transport\n *\n * @param req - Node.js IncomingMessage\n * @param res - Node.js ServerResponse\n * @param sessions - Session manager instance (injected)\n * @param options - Server options (read-only mode, etc.)\n */\nexport async function handleMcpRequest(\n  req: IncomingMessage,\n  res: ServerResponse,\n  sessions: SessionManager,\n  options?: HttpServerOptions,\n): Promise<void> {\n  // Extract and validate auth\n  const authHeader = req.headers.authorization;\n  const credentials = parseAuthHeader(authHeader);\n\n  if (!credentials) {\n    // Build resource_metadata URL for the WWW-Authenticate header (RFC 9728)\n    const host = req.headers.host || \"localhost:3000\";\n    const protocol = (req.headers[\"x-forwarded-proto\"] as string) || \"http\";\n    const resourceMetadataUrl = `${protocol}://${host}/.well-known/oauth-protected-resource`;\n\n    res.writeHead(401, {\n      \"Content-Type\": \"application/json\",\n      \"WWW-Authenticate\": `Bearer resource_metadata=\"${resourceMetadataUrl}\"`,\n    });\n    res.end(\n      JSON.stringify({\n        jsonrpc: \"2.0\",\n        error: {\n          code: -32001,\n          message: \"Authentication required. Provide a Bearer token with your Forge API token.\",\n        },\n        id: null,\n      }),\n    );\n    return;\n  }\n\n  // Inject auth info for the SDK transport\n  const authenticatedReq = req as IncomingMessage & {\n    auth?: { token: string; clientId: string; scopes: string[] };\n  };\n  authenticatedReq.auth = {\n    token: credentials.apiToken,\n    clientId: \"forge-http-client\",\n    scopes: [],\n  };\n\n  const sessionId = req.headers[\"mcp-session-id\"] as string | undefined;\n\n  if (sessionId) {\n    // Existing session — route to its transport\n    const session = sessions.get(sessionId);\n    if (!session) {\n      res.writeHead(404, { \"Content-Type\": \"application/json\" });\n      res.end(\n        JSON.stringify({\n          jsonrpc: \"2.0\",\n          error: {\n            code: -32000,\n            message: \"Session not found. The session may have expired or been terminated.\",\n          },\n          id: null,\n        }),\n      );\n      return;\n    }\n\n    await session.transport.handleRequest(authenticatedReq, res);\n    return;\n  }\n\n  // No session ID — this should be an initialize request.\n  // Create a new transport + server pair.\n  const transport = new StreamableHTTPServerTransport({\n    sessionIdGenerator: () => randomUUID(),\n  });\n\n  const server = createMcpServer(options);\n  await server.connect(transport);\n\n  // Set up cleanup on close\n  transport.onclose = () => {\n    const sid = transport.sessionId;\n    /* v8 ignore start */\n    if (sid) {\n      sessions.remove(sid).catch(() => {\n        // Ignore cleanup errors\n      });\n    }\n    /* v8 ignore stop */\n  };\n\n  // Handle the request (this will set transport.sessionId during initialize)\n  await transport.handleRequest(authenticatedReq, res);\n\n  // After handling, register the session if the transport got a session ID\n  /* v8 ignore start */\n  if (transport.sessionId) {\n    sessions.register(transport, server);\n  } else {\n    // No session was created (e.g., invalid request) — clean up\n    await transport.close();\n    await server.close();\n  }\n  /* v8 ignore stop */\n}\n\n/**\n * Create a request handler bound to a SessionManager instance.\n * Convenience factory for server.ts.\n */\nexport function createMcpRequestHandler(\n  sessions: SessionManager,\n  options?: HttpServerOptions,\n): (req: IncomingMessage, res: ServerResponse) => Promise<void> {\n  /* v8 ignore start */\n  return (req, res) => handleMcpRequest(req, res, sessions, options);\n  /* v8 ignore stop */\n}\n\n/**\n * Create h3 app for health check, service info, and OAuth endpoints.\n * The MCP endpoint is handled separately by handleMcpRequest.\n */\nexport function createHealthApp(): H3 {\n  const app = createApp();\n\n  // Service info & health\n  app.get(\n    \"/\",\n    defineEventHandler(() => {\n      return { status: \"ok\", service: \"forge-mcp\", version: VERSION };\n    }),\n  );\n\n  app.get(\n    \"/health\",\n    defineEventHandler(() => {\n      return { status: \"ok\" };\n    }),\n  );\n\n  // OAuth 2.1 endpoints\n  app.get(\"/.well-known/oauth-authorization-server\", oauthMetadataHandler);\n  app.get(\"/.well-known/oauth-protected-resource\", protectedResourceHandler);\n  app.post(\"/register\", registerHandler);\n  app.get(\"/authorize\", authorizeGetHandler);\n  app.post(\"/authorize\", authorizePostHandler);\n  app.post(\"/token\", tokenHandler);\n\n  return app;\n}\n"],"mappings":";;;;;;;;AAqCA,IAAM,cAAc,OAAU;AAC9B,IAAM,yBAAyB,KAAK;AAEpC,IAAa,iBAAb,MAA4B;CAC1B,2BAAmB,IAAI,KAA6B;CACpD;CACA;CAEA,YAAY,SAAiC;AAC3C,OAAK,MAAM,SAAS,OAAO;AAE3B,MAAI,KAAK,MAAM,GAAG;GAChB,MAAM,WAAW,SAAS,iBAAiB;AAC3C,QAAK,aAAa,kBAAkB;AAClC,SAAK,OAAO;MACX,SAAS;AAEZ,QAAK,WAAW,OAAO;;;;;;CAO3B,SAAS,WAA0C,QAAsB;EACvE,MAAM,YAAY,UAAU;AAC5B,MAAI,WAAW;GACb,MAAM,MAAM,KAAK,KAAK;AACtB,QAAK,SAAS,IAAI,WAAW;IAC3B;IACA;IACA,WAAW;IACX,cAAc;IACf,CAAC;;;;;;CAON,IAAI,WAA+C;EACjD,MAAM,UAAU,KAAK,SAAS,IAAI,UAAU;AAC5C,MAAI,QACF,SAAQ,eAAe,KAAK,KAAK;AAEnC,SAAO;;;;;CAMT,MAAM,OAAO,WAAkC;EAC7C,MAAM,UAAU,KAAK,SAAS,IAAI,UAAU;AAC5C,MAAI,SAAS;AACX,QAAK,SAAS,OAAO,UAAU;AAC/B,SAAM,QAAQ,UAAU,OAAO;AAC/B,SAAM,QAAQ,OAAO,OAAO;;;;;;CAOhC,IAAI,OAAe;AACjB,SAAO,KAAK,SAAS;;;;;;CAOvB,QAAgB;AACd,MAAI,KAAK,OAAO,EAAG,QAAO;EAE1B,MAAM,MAAM,KAAK,KAAK;EACtB,MAAM,UAAoB,EAAE;AAE5B,OAAK,MAAM,CAAC,IAAI,YAAY,KAAK,SAC/B,KAAI,MAAM,QAAQ,eAAe,KAAK,IACpC,SAAQ,KAAK,GAAG;AAIpB,OAAK,MAAM,MAAM;;AAGf,OAAK,OAAO,GAAG,CAAC,YAAY,GAAG;AAIjC,SAAO,QAAQ;;;;;CAMjB,MAAM,WAA0B;AAC9B,MAAI,KAAK,YAAY;AACnB,iBAAc,KAAK,WAAW;AAC9B,QAAK,aAAa,KAAA;;EAGpB,MAAM,WAA4B,EAAE;AACpC,OAAK,MAAM,GAAG,YAAY,KAAK,UAAU;AACvC,YAAS,KAAK,QAAQ,UAAU,OAAO,CAAC;AACxC,YAAS,KAAK,QAAQ,OAAO,OAAO,CAAC;;AAEvC,QAAM,QAAQ,IAAI,SAAS;AAC3B,OAAK,SAAS,OAAO;;;;;;;;;;;;;;;;;;;;;AC7FzB,SAAgB,gBAAgB,SAAqC;CACnE,MAAM,WAAW,SAAS,YAAY;CACtC,MAAM,QAAQ,SAAS,EAAE,UAAU,CAAC;CAEpC,MAAM,SAAS,IAAI,OACjB;EACE,MAAM;EACN,SAAS;EACV,EACD;EACE,cAAc,EACZ,OAAO,EAAE,EACV;EACD,cAAc;EACf,CACF;AAED,QAAO,kBAAkB,wBAAwB,YAAY;AAC3D,SAAO,EAAE,OAAO;GAChB;AAEF,QAAO,kBAAkB,uBAAuB,OAAO,SAAS,UAAU;EACxE,MAAM,EAAE,MAAM,WAAW,SAAS,QAAQ;EAC1C,MAAM,QAAQ,MAAM,UAAU;;AAG9B,MAAI,CAAC,MACH,QAAO;GACL,SAAS,CACP;IACE,MAAM;IACN,MAAM;IACP,CACF;GACD,mBAAmB;IACjB,SAAS;IACT,OAAO;IACR;GACD,SAAS;GACV;;AAKH,MAAI,YAAY,SAAS,cACvB,QAAO;GACL,SAAS,CACP;IACE,MAAM;IACN,MAAM;IACP,CACF;GACD,mBAAmB;IACjB,SAAS;IACT,OAAO;IACR;GACD,SAAS;GACV;AAGH,MAAI;AAMF,UALe,MAAM;IACnB;;IACsB,QAAoC,EAAE;IAC5D,EAAE,UAAU,OAAO;IACpB;WAEM,OAAO;;GAEd,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;AAEtE,UAAO;IACL,SAAS,CAAC;KAAE,MAAM;KAAiB,MAAM,UAAU;KAAW,CAAC;IAC/D,mBAAmB;KAAE,SAAS;KAAO,OAAO;KAAS;IACrD,SAAS;IACV;;GAEH;AAEF,QAAO;;;;;;;;;;;;;;AAeT,eAAsB,iBACpB,KACA,KACA,UACA,SACe;CAEf,MAAM,aAAa,IAAI,QAAQ;CAC/B,MAAM,cAAc,gBAAgB,WAAW;AAE/C,KAAI,CAAC,aAAa;EAEhB,MAAM,OAAO,IAAI,QAAQ,QAAQ;EAEjC,MAAM,sBAAsB,GADV,IAAI,QAAQ,wBAAmC,OACzB,KAAK,KAAK;AAElD,MAAI,UAAU,KAAK;GACjB,gBAAgB;GAChB,oBAAoB,6BAA6B,oBAAoB;GACtE,CAAC;AACF,MAAI,IACF,KAAK,UAAU;GACb,SAAS;GACT,OAAO;IACL,MAAM;IACN,SAAS;IACV;GACD,IAAI;GACL,CAAC,CACH;AACD;;CAIF,MAAM,mBAAmB;AAGzB,kBAAiB,OAAO;EACtB,OAAO,YAAY;EACnB,UAAU;EACV,QAAQ,EAAE;EACX;CAED,MAAM,YAAY,IAAI,QAAQ;AAE9B,KAAI,WAAW;EAEb,MAAM,UAAU,SAAS,IAAI,UAAU;AACvC,MAAI,CAAC,SAAS;AACZ,OAAI,UAAU,KAAK,EAAE,gBAAgB,oBAAoB,CAAC;AAC1D,OAAI,IACF,KAAK,UAAU;IACb,SAAS;IACT,OAAO;KACL,MAAM;KACN,SAAS;KACV;IACD,IAAI;IACL,CAAC,CACH;AACD;;AAGF,QAAM,QAAQ,UAAU,cAAc,kBAAkB,IAAI;AAC5D;;CAKF,MAAM,YAAY,IAAI,8BAA8B,EAClD,0BAA0B,YAAY,EACvC,CAAC;CAEF,MAAM,SAAS,gBAAgB,QAAQ;AACvC,OAAM,OAAO,QAAQ,UAAU;AAG/B,WAAU,gBAAgB;EACxB,MAAM,MAAM,UAAU;;AAEtB,MAAI,IACF,UAAS,OAAO,IAAI,CAAC,YAAY,GAE/B;;;AAMN,OAAM,UAAU,cAAc,kBAAkB,IAAI;;AAIpD,KAAI,UAAU,UACZ,UAAS,SAAS,WAAW,OAAO;MAC/B;AAEL,QAAM,UAAU,OAAO;AACvB,QAAM,OAAO,OAAO;;;;;;;;AASxB,SAAgB,wBACd,UACA,SAC8D;;AAE9D,SAAQ,KAAK,QAAQ,iBAAiB,KAAK,KAAK,UAAU,QAAQ;;;;;;;AAQpE,SAAgB,kBAAsB;CACpC,MAAM,MAAM,WAAW;AAGvB,KAAI,IACF,KACA,yBAAyB;AACvB,SAAO;GAAE,QAAQ;GAAM,SAAS;GAAa,SAAS;GAAS;GAC/D,CACH;AAED,KAAI,IACF,WACA,yBAAyB;AACvB,SAAO,EAAE,QAAQ,MAAM;GACvB,CACH;AAGD,KAAI,IAAI,2CAA2C,qBAAqB;AACxE,KAAI,IAAI,yCAAyC,yBAAyB;AAC1E,KAAI,KAAK,aAAa,gBAAgB;AACtC,KAAI,IAAI,cAAc,oBAAoB;AAC1C,KAAI,KAAK,cAAc,qBAAqB;AAC5C,KAAI,KAAK,UAAU,aAAa;AAEhC,QAAO"}