@studiometa/forge-mcp 0.4.2 → 0.4.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studiometa/forge-mcp",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "description": "MCP server for Laravel Forge — Model Context Protocol integration for AI agents",
   "keywords": [
     "ai",
@@ -59,21 +59,21 @@
   },
   "scripts": {
     "dev": "vite build --watch",
-    "build": "vite build && tsc --emitDeclarationOnly && node scripts/postbuild.js",
+    "build": "vite build && tsgo --emitDeclarationOnly && node scripts/postbuild.js",
     "test": "vitest run",
     "test:watch": "vitest",
     "test:ci": "vitest run --coverage",
-    "typecheck": "tsc --noEmit"
+    "typecheck": "tsgo -p tsconfig.typecheck.json --noEmit"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.26.0",
-    "@studiometa/forge-api": "0.4.2",
-    "@studiometa/forge-core": "0.4.2",
+    "@studiometa/forge-api": "0.4.3",
+    "@studiometa/forge-core": "0.4.3",
     "h3": "2.0.1-rc.20"
   },
   "devDependencies": {
+    "@typescript/native-preview": "^7.0.0-dev.20260409.1",
     "@vitest/coverage-v8": "^4.1.0-beta.4",
-    "typescript": "^5.7.3",
     "vite": "^8.0.0-beta.14",
     "vitest": "^4.1.0-beta.4"
   },

package/skills/SKILL.md

@@ -115,18 +115,19 @@ Use `action: "schema"` for a compact machine-readable spec:
 
 ## Common Parameters
 
-| Parameter    | Type    | Description                                                                                             |
-| ------------ | ------- | ------------------------------------------------------------------------------------------------------- |
-| `resource`   | string  | **Required**. Resource type (see table above)                                                           |
-| `action`     | string  | **Required**. Action to perform                                                                         |
-| `id`         | string  | Resource ID (for `get`, `delete`, `activate`, `restart`)                                                |
-| `server_id`  | string  | Server ID **or name** — numeric IDs are used as-is; names are auto-resolved via partial match           |
-| `site_id`    | string  | Site ID **or domain name** — auto-resolved via partial match; requires `server_id`                      |
-| `domain_id`  | string  | Domain record ID (for certificate operations)                                                           |
-| `query`      | string  | Search query for `resolve` action (partial, case-insensitive match against resource names/domains)      |
-| `compact`    | boolean | Compact output (default: true)                                                                          |
-| `content`    | string  | Content for env/nginx `update` and deployment script `update`                                           |
-| `operations` | array   | Array of operations for `batch` `run` (max 10). Each item needs `resource`, `action`, and extra params. |
+| Parameter          | Type    | Description                                                                                             |
+| ------------------ | ------- | ------------------------------------------------------------------------------------------------------- |
+| `resource`         | string  | **Required**. Resource type (see table above)                                                           |
+| `action`           | string  | **Required**. Action to perform                                                                         |
+| `organizationSlug` | string  | Organization slug — pass per-call to override configured value (auth/env/config)                        |
+| `id`               | string  | Resource ID (for `get`, `delete`, `activate`, `restart`)                                                |
+| `server_id`        | string  | Server ID **or name** — numeric IDs are used as-is; names are auto-resolved via partial match           |
+| `site_id`          | string  | Site ID **or domain name** — auto-resolved via partial match; requires `server_id`                      |
+| `domain_id`        | string  | Domain record ID (for certificate operations)                                                           |
+| `query`            | string  | Search query for `resolve` action (partial, case-insensitive match against resource names/domains)      |
+| `compact`          | boolean | Compact output (default: true)                                                                          |
+| `content`          | string  | Content for env/nginx `update` and deployment script `update`                                           |
+| `operations`       | array   | Array of operations for `batch` `run` (max 10). Each item needs `resource`, `action`, and extra params. |
 
 ## Common Workflows
 
@@ -295,6 +296,14 @@ Per-operation failures are isolated — a single error doesn't abort the rest.
 
 ## Authentication
 
+### Organization Slug
+
+All API calls require an organization slug. You can provide it in three ways (in priority order):
+
+1. **Per-request**: Pass `organizationSlug` in each tool call (highest priority, allows switching orgs)
+2. **Environment variable**: Set `FORGE_ORG` env var
+3. **Configuration**: Use `forge_configure` tool (stdio) or enter during OAuth login (HTTP)
+
 ### Stdio Mode (Claude Desktop)
 
 Set environment variables `FORGE_API_TOKEN` and `FORGE_ORG`, or use the `forge_configure` tool:
@@ -307,6 +316,10 @@ Set environment variables `FORGE_API_TOKEN` and `FORGE_ORG`, or use the `forge_c
 { tool: "forge_get_config", arguments: {} }
 ```
 
+### HTTP Mode (OAuth)
+
+During OAuth authentication, you can optionally enter your organization slug in the login form. This value is stored in your access token and used for all subsequent requests unless overridden per-call.
+
 ### Getting Your API Token
 
 1. Log into [Laravel Forge](https://forge.laravel.com)

package/dist/http-Cz0dwlm8.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"http-Cz0dwlm8.js","names":[],"sources":["../src/sessions.ts","../src/http.ts"],"sourcesContent":["/* eslint-disable typescript-eslint/no-deprecated -- Using low-level Server type for session management */\n/**\n * Session manager for multi-tenant Streamable HTTP transport.\n *\n * Each MCP client session gets its own transport + server pair.\n * Sessions are identified by UUID and tracked in a Map.\n *\n * Supports automatic TTL-based cleanup of idle sessions to prevent\n * memory leaks from abandoned clients.\n */\n\n// Using low-level Server type for advanced transport handling\n// eslint-disable-next-line typescript-eslint/no-deprecated\nimport type { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport type { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\n\n/**\n * A managed session: transport + MCP server pair.\n */\nexport interface ManagedSession {\n  transport: StreamableHTTPServerTransport;\n  server: Server;\n  createdAt: number;\n  lastActiveAt: number;\n}\n\nexport interface SessionManagerOptions {\n  /**\n   * Maximum idle time in milliseconds before a session is reaped.\n   * Default: 30 minutes. Set to 0 to disable automatic cleanup.\n   */\n  ttl?: number;\n\n  /**\n   * How often to check for expired sessions, in milliseconds.\n   * Default: 60 seconds.\n   */\n  sweepInterval?: number;\n}\n\nconst DEFAULT_TTL = 30 * 60 * 1000; // 30 minutes\nconst DEFAULT_SWEEP_INTERVAL = 60 * 1000; // 60 seconds\n\nexport class SessionManager {\n  private sessions = new Map<string, ManagedSession>();\n  // eslint-disable-next-line typescript-eslint/no-redundant-type-constituents -- NodeJS.Timeout resolves correctly at runtime\n  private sweepTimer: ReturnType<typeof setInterval> | undefined;\n  private readonly ttl: number;\n\n  constructor(options?: SessionManagerOptions) {\n    this.ttl = options?.ttl ?? DEFAULT_TTL;\n\n    if (this.ttl > 0) {\n      const interval = options?.sweepInterval ?? DEFAULT_SWEEP_INTERVAL;\n      this.sweepTimer = setInterval(() => {\n        this.sweep();\n      }, interval);\n      // Don't keep the process alive just for the sweep timer\n      this.sweepTimer.unref();\n    }\n  }\n\n  /**\n   * Register a session after its ID has been assigned by the transport.\n   */\n  register(transport: StreamableHTTPServerTransport, server: Server): void {\n    const sessionId = transport.sessionId;\n    if (sessionId) {\n      const now = Date.now();\n      this.sessions.set(sessionId, {\n        transport,\n        server,\n        createdAt: now,\n        lastActiveAt: now,\n      });\n    }\n  }\n\n  /**\n   * Look up a session by its ID and refresh its activity timestamp.\n   */\n  get(sessionId: string): ManagedSession | undefined {\n    const session = this.sessions.get(sessionId);\n    if (session) {\n      session.lastActiveAt = Date.now();\n    }\n    return session;\n  }\n\n  /**\n   * Remove a session and close its transport + server.\n   */\n  async remove(sessionId: string): Promise<void> {\n    const session = this.sessions.get(sessionId);\n    if (session) {\n      this.sessions.delete(sessionId);\n      await session.transport.close();\n      await session.server.close();\n    }\n  }\n\n  /**\n   * Get the number of active sessions.\n   */\n  get size(): number {\n    return this.sessions.size;\n  }\n\n  /**\n   * Sweep expired sessions. Called automatically by the sweep timer.\n   * Returns the number of sessions reaped.\n   */\n  sweep(): number {\n    if (this.ttl <= 0) return 0;\n\n    const now = Date.now();\n    const expired: string[] = [];\n\n    for (const [id, session] of this.sessions) {\n      if (now - session.lastActiveAt > this.ttl) {\n        expired.push(id);\n      }\n    }\n\n    for (const id of expired) {\n      // Fire-and-forget cleanup — don't block the sweep\n      /* v8 ignore start */\n      this.remove(id).catch(() => {});\n      /* v8 ignore stop */\n    }\n\n    return expired.length;\n  }\n\n  /**\n   * Close all sessions, stop the sweep timer, and clean up.\n   */\n  async closeAll(): Promise<void> {\n    if (this.sweepTimer) {\n      clearInterval(this.sweepTimer);\n      this.sweepTimer = undefined;\n    }\n\n    const promises: Promise<void>[] = [];\n    for (const [, session] of this.sessions) {\n      promises.push(session.transport.close());\n      promises.push(session.server.close());\n    }\n    await Promise.all(promises);\n    this.sessions.clear();\n  }\n}\n","/* eslint-disable typescript-eslint/no-deprecated -- Using low-level Server for StreamableHTTPServerTransport */\n/**\n * Streamable HTTP transport for Forge MCP Server\n *\n * Implements the official MCP Streamable HTTP transport specification (2025-03-26)\n * using the SDK's StreamableHTTPServerTransport.\n *\n * Architecture:\n * - Stateful mode with per-session transport+server pairs (multi-tenant)\n * - Auth via Bearer token → authInfo.token → handler extra.authInfo\n * - Session manager (injected) maps session IDs to transport+server instances\n * - Health/status endpoints handled by h3, MCP endpoint by the SDK transport\n */\n\nimport { randomUUID } from \"node:crypto\";\nimport type { IncomingMessage, ServerResponse } from \"node:http\";\n\n// Using low-level Server for advanced transport handling (StreamableHTTPServerTransport)\n// eslint-disable-next-line typescript-eslint/no-deprecated\nimport { Server } from \"@modelcontextprotocol/sdk/server/index.js\";\nimport { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\nimport {\n  CallToolRequestSchema,\n  ListToolsRequestSchema,\n  type CallToolResult,\n} from \"@modelcontextprotocol/sdk/types.js\";\nimport { H3, defineEventHandler } from \"h3\";\n\nimport { parseAuthHeader } from \"./auth.ts\";\nimport { executeToolWithCredentials } from \"./handlers/index.ts\";\nimport { INSTRUCTIONS } from \"./instructions.ts\";\nimport {\n  oauthMetadataHandler,\n  protectedResourceHandler,\n  registerHandler,\n  authorizeGetHandler,\n  authorizePostHandler,\n  tokenHandler,\n} from \"./oauth.ts\";\nimport { SessionManager } from \"./sessions.ts\";\nimport { getTools } from \"./tools.ts\";\nimport { VERSION } from \"./version.ts\";\n\nexport { SessionManager } from \"./sessions.ts\";\n\n/**\n * Options for the HTTP MCP server.\n */\nexport interface HttpServerOptions {\n  /** When true, forge_write tool is not registered and write operations are rejected. */\n  readOnly?: boolean;\n}\n\n/**\n * Create a configured MCP Server instance for HTTP transport.\n *\n * Unlike stdio, HTTP mode does NOT include forge_configure/forge_get_config\n * because credentials come from the Authorization header per-request.\n */\nexport function createMcpServer(options?: HttpServerOptions): Server {\n  const readOnly = options?.readOnly ?? false;\n  const tools = getTools({ readOnly });\n\n  const server = new Server(\n    {\n      name: \"forge-mcp\",\n      version: VERSION,\n    },\n    {\n      capabilities: {\n        tools: {},\n      },\n      instructions: INSTRUCTIONS,\n    },\n  );\n\n  server.setRequestHandler(ListToolsRequestSchema, async () => {\n    return { tools };\n  });\n\n  server.setRequestHandler(CallToolRequestSchema, async (request, extra) => {\n    const { name, arguments: args } = request.params;\n    const token = extra.authInfo?.token;\n\n    /* v8 ignore start */\n    if (!token) {\n      return {\n        content: [\n          {\n            type: \"text\" as const,\n            text: \"Error: Authentication required. No token found in request.\",\n          },\n        ],\n        structuredContent: {\n          success: false,\n          error: \"Authentication required. No token found in request.\",\n        },\n        isError: true,\n      };\n    }\n    /* v8 ignore stop */\n\n    // Reject write operations in read-only mode\n    if (readOnly && name === \"forge_write\") {\n      return {\n        content: [\n          {\n            type: \"text\" as const,\n            text: \"Error: Server is running in read-only mode. Write operations are disabled.\",\n          },\n        ],\n        structuredContent: {\n          success: false,\n          error: \"Server is running in read-only mode. Write operations are disabled.\",\n        },\n        isError: true,\n      };\n    }\n\n    try {\n      const result = await executeToolWithCredentials(name, /* v8 ignore next */ args ?? {}, {\n        apiToken: token,\n        organizationSlug:\n          typeof args?.organizationSlug === \"string\" ? args.organizationSlug : undefined,\n      });\n      return result as CallToolResult;\n    } catch (error) {\n      /* v8 ignore start */\n      const message = error instanceof Error ? error.message : String(error);\n      /* v8 ignore stop */\n      return {\n        content: [{ type: \"text\" as const, text: `Error: ${message}` }],\n        structuredContent: { success: false, error: message },\n        isError: true,\n      };\n    }\n  });\n\n  return server;\n}\n\n/**\n * Handle an MCP request using the Streamable HTTP transport.\n *\n * Routes requests based on whether they have a session ID:\n * - No session ID + initialize request → create new session\n * - Has session ID → route to existing session's transport\n *\n * @param req - Node.js IncomingMessage\n * @param res - Node.js ServerResponse\n * @param sessions - Session manager instance (injected)\n * @param options - Server options (read-only mode, etc.)\n */\nexport async function handleMcpRequest(\n  req: IncomingMessage,\n  res: ServerResponse,\n  sessions: SessionManager,\n  options?: HttpServerOptions,\n): Promise<void> {\n  // Extract and validate auth\n  const authHeader = req.headers.authorization;\n  const credentials = parseAuthHeader(authHeader);\n\n  if (!credentials) {\n    // Build resource_metadata URL for the WWW-Authenticate header (RFC 9728)\n    const host = req.headers.host || \"localhost:3000\";\n    const proto = req.headers[\"x-forwarded-proto\"];\n    const protocol = (typeof proto === \"string\" ? proto : undefined) || \"http\";\n    const resourceMetadataUrl = `${protocol}://${host}/.well-known/oauth-protected-resource`;\n\n    res.writeHead(401, {\n      \"Content-Type\": \"application/json\",\n      \"WWW-Authenticate\": `Bearer resource_metadata=\"${resourceMetadataUrl}\"`,\n    });\n    res.end(\n      JSON.stringify({\n        jsonrpc: \"2.0\",\n        error: {\n          code: -32001,\n          message: \"Authentication required. Provide a Bearer token with your Forge API token.\",\n        },\n        id: null,\n      }),\n    );\n    return;\n  }\n\n  // Inject auth info for the SDK transport (MCP SDK expects auth on request)\n  Object.assign(req, {\n    auth: {\n      token: credentials.apiToken,\n      clientId: \"forge-http-client\",\n      scopes: [],\n    },\n  });\n\n  const sessionHeader = req.headers[\"mcp-session-id\"];\n  const sessionId = typeof sessionHeader === \"string\" ? sessionHeader : undefined;\n\n  if (sessionId) {\n    // Existing session — route to its transport\n    const session = sessions.get(sessionId);\n    if (!session) {\n      res.writeHead(404, { \"Content-Type\": \"application/json\" });\n      res.end(\n        JSON.stringify({\n          jsonrpc: \"2.0\",\n          error: {\n            code: -32000,\n            message: \"Session not found. The session may have expired or been terminated.\",\n          },\n          id: null,\n        }),\n      );\n      return;\n    }\n\n    await session.transport.handleRequest(req, res);\n    return;\n  }\n\n  // No session ID — this should be an initialize request.\n  // Create a new transport + server pair.\n  const transport = new StreamableHTTPServerTransport({\n    sessionIdGenerator: () => randomUUID(),\n  });\n\n  const server = createMcpServer(options);\n  await server.connect(transport);\n\n  // Set up cleanup on close\n  // eslint-disable-next-line unicorn/prefer-add-event-listener -- MCP SDK uses property assignment\n  transport.onclose = () => {\n    const sid = transport.sessionId;\n    /* v8 ignore start */\n    if (sid) {\n      sessions.remove(sid).catch(() => {\n        // Ignore cleanup errors\n      });\n    }\n    /* v8 ignore stop */\n  };\n\n  // Handle the request (this will set transport.sessionId during initialize)\n  await transport.handleRequest(req, res);\n\n  // After handling, register the session if the transport got a session ID\n  /* v8 ignore start */\n  if (transport.sessionId) {\n    sessions.register(transport, server);\n  } else {\n    // No session was created (e.g., invalid request) — clean up\n    await transport.close();\n    await server.close();\n  }\n  /* v8 ignore stop */\n}\n\n/**\n * Create a request handler bound to a SessionManager instance.\n * Convenience factory for server.ts.\n */\nexport function createMcpRequestHandler(\n  sessions: SessionManager,\n  options?: HttpServerOptions,\n): (req: IncomingMessage, res: ServerResponse) => Promise<void> {\n  /* v8 ignore start */\n  return (req, res) => handleMcpRequest(req, res, sessions, options);\n  /* v8 ignore stop */\n}\n\n/**\n * Create h3 app for health check, service info, and OAuth endpoints.\n * The MCP endpoint is handled separately by handleMcpRequest.\n */\nexport function createHealthApp(): H3 {\n  const app = new H3();\n\n  // Service info & health\n  app.get(\n    \"/\",\n    defineEventHandler(() => {\n      return { status: \"ok\", service: \"forge-mcp\", version: VERSION };\n    }),\n  );\n\n  app.get(\n    \"/health\",\n    defineEventHandler(() => {\n      return { status: \"ok\" };\n    }),\n  );\n\n  // OAuth 2.1 endpoints\n  app.get(\"/.well-known/oauth-authorization-server\", oauthMetadataHandler);\n  app.get(\"/.well-known/oauth-protected-resource\", protectedResourceHandler);\n  app.post(\"/register\", registerHandler);\n  app.get(\"/authorize\", authorizeGetHandler);\n  app.post(\"/authorize\", authorizePostHandler);\n  app.post(\"/token\", tokenHandler);\n\n  return app;\n}\n"],"mappings":";;;;;;;;AAwCA,IAAM,cAAc,OAAU;AAC9B,IAAM,yBAAyB,KAAK;AAEpC,IAAa,iBAAb,MAA4B;CAC1B,2BAAmB,IAAI,KAA6B;CAEpD;CACA;CAEA,YAAY,SAAiC;AAC3C,OAAK,MAAM,SAAS,OAAO;AAE3B,MAAI,KAAK,MAAM,GAAG;GAChB,MAAM,WAAW,SAAS,iBAAiB;AAC3C,QAAK,aAAa,kBAAkB;AAClC,SAAK,OAAO;MACX,SAAS;AAEZ,QAAK,WAAW,OAAO;;;;;;CAO3B,SAAS,WAA0C,QAAsB;EACvE,MAAM,YAAY,UAAU;AAC5B,MAAI,WAAW;GACb,MAAM,MAAM,KAAK,KAAK;AACtB,QAAK,SAAS,IAAI,WAAW;IAC3B;IACA;IACA,WAAW;IACX,cAAc;IACf,CAAC;;;;;;CAON,IAAI,WAA+C;EACjD,MAAM,UAAU,KAAK,SAAS,IAAI,UAAU;AAC5C,MAAI,QACF,SAAQ,eAAe,KAAK,KAAK;AAEnC,SAAO;;;;;CAMT,MAAM,OAAO,WAAkC;EAC7C,MAAM,UAAU,KAAK,SAAS,IAAI,UAAU;AAC5C,MAAI,SAAS;AACX,QAAK,SAAS,OAAO,UAAU;AAC/B,SAAM,QAAQ,UAAU,OAAO;AAC/B,SAAM,QAAQ,OAAO,OAAO;;;;;;CAOhC,IAAI,OAAe;AACjB,SAAO,KAAK,SAAS;;;;;;CAOvB,QAAgB;AACd,MAAI,KAAK,OAAO,EAAG,QAAO;EAE1B,MAAM,MAAM,KAAK,KAAK;EACtB,MAAM,UAAoB,EAAE;AAE5B,OAAK,MAAM,CAAC,IAAI,YAAY,KAAK,SAC/B,KAAI,MAAM,QAAQ,eAAe,KAAK,IACpC,SAAQ,KAAK,GAAG;AAIpB,OAAK,MAAM,MAAM;;AAGf,OAAK,OAAO,GAAG,CAAC,YAAY,GAAG;AAIjC,SAAO,QAAQ;;;;;CAMjB,MAAM,WAA0B;AAC9B,MAAI,KAAK,YAAY;AACnB,iBAAc,KAAK,WAAW;AAC9B,QAAK,aAAa,KAAA;;EAGpB,MAAM,WAA4B,EAAE;AACpC,OAAK,MAAM,GAAG,YAAY,KAAK,UAAU;AACvC,YAAS,KAAK,QAAQ,UAAU,OAAO,CAAC;AACxC,YAAS,KAAK,QAAQ,OAAO,OAAO,CAAC;;AAEvC,QAAM,QAAQ,IAAI,SAAS;AAC3B,OAAK,SAAS,OAAO;;;;;;;;;;;;;;;;;;;;;AC1FzB,SAAgB,gBAAgB,SAAqC;CACnE,MAAM,WAAW,SAAS,YAAY;CACtC,MAAM,QAAQ,SAAS,EAAE,UAAU,CAAC;CAEpC,MAAM,SAAS,IAAI,OACjB;EACE,MAAM;EACN,SAAS;EACV,EACD;EACE,cAAc,EACZ,OAAO,EAAE,EACV;EACD,cAAc;EACf,CACF;AAED,QAAO,kBAAkB,wBAAwB,YAAY;AAC3D,SAAO,EAAE,OAAO;GAChB;AAEF,QAAO,kBAAkB,uBAAuB,OAAO,SAAS,UAAU;EACxE,MAAM,EAAE,MAAM,WAAW,SAAS,QAAQ;EAC1C,MAAM,QAAQ,MAAM,UAAU;;AAG9B,MAAI,CAAC,MACH,QAAO;GACL,SAAS,CACP;IACE,MAAM;IACN,MAAM;IACP,CACF;GACD,mBAAmB;IACjB,SAAS;IACT,OAAO;IACR;GACD,SAAS;GACV;;AAKH,MAAI,YAAY,SAAS,cACvB,QAAO;GACL,SAAS,CACP;IACE,MAAM;IACN,MAAM;IACP,CACF;GACD,mBAAmB;IACjB,SAAS;IACT,OAAO;IACR;GACD,SAAS;GACV;AAGH,MAAI;AAMF,UALe,MAAM;IAA2B;;IAA2B,QAAQ,EAAE;IAAE;KACrF,UAAU;KACV,kBACE,OAAO,MAAM,qBAAqB,WAAW,KAAK,mBAAmB,KAAA;KACxE;IAAC;WAEK,OAAO;;GAEd,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;AAEtE,UAAO;IACL,SAAS,CAAC;KAAE,MAAM;KAAiB,MAAM,UAAU;KAAW,CAAC;IAC/D,mBAAmB;KAAE,SAAS;KAAO,OAAO;KAAS;IACrD,SAAS;IACV;;GAEH;AAEF,QAAO;;;;;;;;;;;;;;AAeT,eAAsB,iBACpB,KACA,KACA,UACA,SACe;CAEf,MAAM,aAAa,IAAI,QAAQ;CAC/B,MAAM,cAAc,gBAAgB,WAAW;AAE/C,KAAI,CAAC,aAAa;EAEhB,MAAM,OAAO,IAAI,QAAQ,QAAQ;EACjC,MAAM,QAAQ,IAAI,QAAQ;EAE1B,MAAM,sBAAsB,IADV,OAAO,UAAU,WAAW,QAAQ,KAAA,MAAc,OAC5B,KAAK,KAAK;AAElD,MAAI,UAAU,KAAK;GACjB,gBAAgB;GAChB,oBAAoB,6BAA6B,oBAAoB;GACtE,CAAC;AACF,MAAI,IACF,KAAK,UAAU;GACb,SAAS;GACT,OAAO;IACL,MAAM;IACN,SAAS;IACV;GACD,IAAI;GACL,CAAC,CACH;AACD;;AAIF,QAAO,OAAO,KAAK,EACjB,MAAM;EACJ,OAAO,YAAY;EACnB,UAAU;EACV,QAAQ,EAAE;EACX,EACF,CAAC;CAEF,MAAM,gBAAgB,IAAI,QAAQ;CAClC,MAAM,YAAY,OAAO,kBAAkB,WAAW,gBAAgB,KAAA;AAEtE,KAAI,WAAW;EAEb,MAAM,UAAU,SAAS,IAAI,UAAU;AACvC,MAAI,CAAC,SAAS;AACZ,OAAI,UAAU,KAAK,EAAE,gBAAgB,oBAAoB,CAAC;AAC1D,OAAI,IACF,KAAK,UAAU;IACb,SAAS;IACT,OAAO;KACL,MAAM;KACN,SAAS;KACV;IACD,IAAI;IACL,CAAC,CACH;AACD;;AAGF,QAAM,QAAQ,UAAU,cAAc,KAAK,IAAI;AAC/C;;CAKF,MAAM,YAAY,IAAI,8BAA8B,EAClD,0BAA0B,YAAY,EACvC,CAAC;CAEF,MAAM,SAAS,gBAAgB,QAAQ;AACvC,OAAM,OAAO,QAAQ,UAAU;AAI/B,WAAU,gBAAgB;EACxB,MAAM,MAAM,UAAU;;AAEtB,MAAI,IACF,UAAS,OAAO,IAAI,CAAC,YAAY,GAE/B;;;AAMN,OAAM,UAAU,cAAc,KAAK,IAAI;;AAIvC,KAAI,UAAU,UACZ,UAAS,SAAS,WAAW,OAAO;MAC/B;AAEL,QAAM,UAAU,OAAO;AACvB,QAAM,OAAO,OAAO;;;;;;;;AASxB,SAAgB,wBACd,UACA,SAC8D;;AAE9D,SAAQ,KAAK,QAAQ,iBAAiB,KAAK,KAAK,UAAU,QAAQ;;;;;;;AAQpE,SAAgB,kBAAsB;CACpC,MAAM,MAAM,IAAI,IAAI;AAGpB,KAAI,IACF,KACA,yBAAyB;AACvB,SAAO;GAAE,QAAQ;GAAM,SAAS;GAAa,SAAS;GAAS;GAC/D,CACH;AAED,KAAI,IACF,WACA,yBAAyB;AACvB,SAAO,EAAE,QAAQ,MAAM;GACvB,CACH;AAGD,KAAI,IAAI,2CAA2C,qBAAqB;AACxE,KAAI,IAAI,yCAAyC,yBAAyB;AAC1E,KAAI,KAAK,aAAa,gBAAgB;AACtC,KAAI,IAAI,cAAc,oBAAoB;AAC1C,KAAI,KAAK,cAAc,qBAAqB;AAC5C,KAAI,KAAK,UAAU,aAAa;AAEhC,QAAO"}