@tangle-network/agent-app 0.12.0 → 0.14.0

package/dist/model-BHLN208Z.d.ts

@@ -0,0 +1,183 @@
+/**
+ * Design-canvas scene model — the product-agnostic document behind the visual
+ * asset editor. A document is an ordered list of pages; a page is an ordered
+ * list of elements (index order IS z-order, bottom→top); every element is a
+ * typed node with a closed attribute vocabulary. The whole document
+ * serializes as one JSON value and persists atomically with a revision
+ * counter (see ./store) — every canvas action is a durable operation against
+ * this schema, which is what makes the canvas automatable: agents and
+ * external data sources mutate the same document the editor renders.
+ *
+ * Units are CSS pixels throughout; `settings.dpi` carries the print
+ * conversion factor for bleed/trim-aware exports. Angles are degrees.
+ * Nothing here touches Konva, React, or a database.
+ */
+declare const SCENE_SCHEMA_VERSION = 1;
+interface SceneDocument {
+    schemaVersion: typeof SCENE_SCHEMA_VERSION;
+    title: string;
+    pages: ScenePage[];
+    settings: SceneSettings;
+    metadata: Record<string, unknown>;
+}
+interface SceneSettings {
+    /** Print conversion factor for mm↔px math at export; 96 = CSS default. */
+    dpi: number;
+}
+/** Per-side bleed extents in px, drawn OUTSIDE the page bounds. Trim = the
+ *  page rect itself; exports may include or exclude the bleed area. */
+interface PageBleed {
+    top: number;
+    right: number;
+    bottom: number;
+    left: number;
+}
+/** Saved ruler guides, in page coordinates. */
+interface PageGuides {
+    vertical: number[];
+    horizontal: number[];
+}
+interface ScenePage {
+    id: string;
+    name: string;
+    width: number;
+    height: number;
+    /** Page background fill (color string); elements paint over it. */
+    background: string;
+    bleed: PageBleed | null;
+    guides: PageGuides;
+    elements: SceneElement[];
+}
+/** Attributes every element carries. `x`/`y` are the element's top-left in
+ *  page coordinates (for `group`, children are relative to the group origin).
+ *  `slot` names a template binding point — `apply_data` targets it. */
+interface SceneElementBase {
+    id: string;
+    name: string;
+    x: number;
+    y: number;
+    /** Degrees, clockwise, about the element's top-left origin (Konva default). */
+    rotation: number;
+    /** 0..1 */
+    opacity: number;
+    locked: boolean;
+    visible: boolean;
+    slot?: string;
+}
+interface RectElement extends SceneElementBase {
+    kind: 'rect';
+    width: number;
+    height: number;
+    fill: string;
+    stroke?: string;
+    strokeWidth?: number;
+    cornerRadius?: number;
+}
+interface EllipseElement extends SceneElementBase {
+    kind: 'ellipse';
+    width: number;
+    height: number;
+    fill: string;
+    stroke?: string;
+    strokeWidth?: number;
+}
+interface LineElement extends SceneElementBase {
+    kind: 'line';
+    /** Flat [x0, y0, x1, y1, ...] relative to (x, y); ≥ 2 points. */
+    points: number[];
+    stroke: string;
+    strokeWidth: number;
+    dash?: number[];
+}
+interface TextElement extends SceneElementBase {
+    kind: 'text';
+    text: string;
+    /** Wrap width; height derives from content. */
+    width: number;
+    fontFamily: string;
+    fontSize: number;
+    fontStyle: 'normal' | 'bold' | 'italic' | 'bold italic';
+    fill: string;
+    align: 'left' | 'center' | 'right';
+    lineHeight: number;
+    letterSpacing: number;
+}
+interface ImageElement extends SceneElementBase {
+    kind: 'image';
+    width: number;
+    height: number;
+    /** http(s) or rooted /api/ path — same boundary rule as sequences media. */
+    src: string;
+    /** How the source maps into the frame; 'fill' stretches, 'cover' crops. */
+    fit: 'fill' | 'cover' | 'contain';
+}
+/** Video placed on a canvas renders and exports as its poster frame — motion
+ *  belongs to the sequences surface; this keeps video assets placeable in
+ *  static layouts (e.g. a thumbnail mock) without a playback engine. */
+interface VideoElement extends SceneElementBase {
+    kind: 'video';
+    width: number;
+    height: number;
+    src: string;
+    posterSrc?: string;
+}
+interface GroupElement extends SceneElementBase {
+    kind: 'group';
+    children: SceneElement[];
+}
+type SceneElement = RectElement | EllipseElement | LineElement | TextElement | ImageElement | VideoElement | GroupElement;
+type SceneElementKind = SceneElement['kind'];
+declare const SCENE_ELEMENT_KINDS: readonly SceneElementKind[];
+interface Bounds {
+    x: number;
+    y: number;
+    width: number;
+    height: number;
+}
+/** Unrotated local extent of an element (line/group derive from content). */
+declare function elementExtent(element: SceneElement): {
+    width: number;
+    height: number;
+};
+declare function estimateTextHeight(element: Pick<TextElement, 'text' | 'fontSize' | 'lineHeight'>): number;
+/** Axis-aligned bounding box in the parent's coordinate space, accounting for
+ *  rotation about the element's top-left origin. */
+declare function elementAabb(element: SceneElement): Bounds;
+declare function boundsIntersect(a: Bounds, b: Bounds): boolean;
+declare function requirePage(document: SceneDocument, pageId: string): ScenePage;
+/** Depth-first search across a page including group children. Returns the
+ *  element and the array that owns it (page.elements or a group's children),
+ *  so callers can splice in place. */
+declare function findElement(page: ScenePage, elementId: string): {
+    element: SceneElement;
+    owner: SceneElement[];
+    index: number;
+} | null;
+declare function requireElement(page: ScenePage, elementId: string): {
+    element: SceneElement;
+    owner: SceneElement[];
+    index: number;
+};
+/** All slot names declared across the document — the template's fillable
+ *  surface. Duplicate slot names are a validation error (see ./validate). */
+declare function collectSlots(document: SceneDocument): Map<string, {
+    pageId: string;
+    elementId: string;
+    kind: SceneElementKind;
+}>;
+interface NewPageOptions {
+    name?: string;
+    width?: number;
+    height?: number;
+    background?: string;
+}
+declare function createEmptyDocument(title: string, page?: NewPageOptions): SceneDocument;
+declare function createPage(options: NewPageOptions, id: string): ScenePage;
+declare function assertPositiveFinite(value: number, label: string): void;
+declare function assertFinite(value: number, label: string): void;
+declare function assertColor(value: string, label: string): void;
+/** Media boundary rule shared with sequences: remote http(s) or a rooted
+ *  /api/ path — never sandbox-local files or data: blobs. */
+declare function assertSceneMediaSrc(value: string, label: string): void;
+
+export { type Bounds as B, type EllipseElement as E, type GroupElement as G, type ImageElement as I, type LineElement as L, type NewPageOptions as N, type PageBleed as P, type RectElement as R, SCENE_ELEMENT_KINDS as S, type TextElement as T, type VideoElement as V, type PageGuides as a, SCENE_SCHEMA_VERSION as b, type SceneDocument as c, type SceneElement as d, type SceneElementBase as e, type SceneElementKind as f, type ScenePage as g, type SceneSettings as h, assertColor as i, assertFinite as j, assertPositiveFinite as k, assertSceneMediaSrc as l, boundsIntersect as m, collectSlots as n, createEmptyDocument as o, createPage as p, elementAabb as q, elementExtent as r, estimateTextHeight as s, findElement as t, requireElement as u, requirePage as v };

package/dist/sequences/index.d.ts

@@ -276,6 +276,10 @@ declare function findSequenceMcpTool(name: string): SequenceMcpToolDefinition |
  * execution failures (argument shape, validation, store throws) become
  * `isError` tool results carrying the thrown message verbatim so the model can
  * read WHY and retry; only protocol-level misuse becomes a JSON-RPC error.
+ *
+ * The envelope (JSON-RPC framing, initialize/ping/tools/list/tools/call,
+ * notification 202, -32601) lives in {@link createMcpToolHandler}; this module
+ * is a thin adapter wiring the sequences tool list + playhead env.
  */
 
 /** Newest first. The handler echoes the client's requested version when

package/dist/sequences/index.js

@@ -41,7 +41,7 @@ import {
   validateSetClipText,
   validateSplitClip,
   validateTrimClip
-} from "../chunk-3WAJWYKD.js";
+} from "../chunk-6UOE5CTA.js";
 import {
   MIN_SEQUENCE_CLIP_FRAMES,
   assertClipFitsSequence,
@@ -55,7 +55,7 @@ import {
   snapshotFrame,
   trackIntervals
 } from "../chunk-ZYBWGSAZ.js";
-import "../chunk-IJZJWKUK.js";
+import "../chunk-A76ZHWNF.js";
 export {
   DEFAULT_SEQUENCES_MCP_DESCRIPTION,
   MAX_CAPTION_BATCH,

package/dist/store-CUStmtdH.d.ts

@@ -0,0 +1,64 @@
+import { c as SceneDocument } from './model-BHLN208Z.js';
+
+/**
+ * Storage contract for design-canvas documents. Unlike sequences (row per
+ * clip), a scene document persists as ONE JSON value with a monotonic
+ * revision counter — saves are atomic and optimistic: a save carrying a
+ * stale `expectedRev` throws, the caller refetches and replays. That keeps
+ * concurrent editors (human + agent in the same document) from silently
+ * clobbering each other without needing row-level merge machinery.
+ *
+ * The product constructs one store per (workspace, document, actor) request
+ * scope — RBAC runs BEFORE construction; the store never re-checks identity.
+ * Every method throws on failure; the MCP dispatcher converts throws into
+ * structured tool errors.
+ */
+
+interface SceneDocumentRecord {
+    document: SceneDocument;
+    /** Monotonic revision; increments on every successful save. */
+    rev: number;
+}
+interface SceneDecision {
+    id: string;
+    kind: 'human_edit' | 'agent_edit' | 'agent_proposal' | 'export' | 'note';
+    instruction: string;
+    reasoningSummary: string | null;
+    metadata: Record<string, unknown>;
+    createdAt: Date;
+}
+interface NewSceneDecision {
+    kind: SceneDecision['kind'];
+    instruction: string;
+    reasoningSummary?: string | null;
+    metadata?: Record<string, unknown>;
+}
+type SceneExportFormat = 'png' | 'jpeg' | 'json';
+interface SceneExportRecord {
+    id: string;
+    format: SceneExportFormat;
+    status: 'queued' | 'processing' | 'completed' | 'failed';
+    resultUrl: string | null;
+    metadata: Record<string, unknown>;
+    createdAt: Date;
+}
+interface SceneStore {
+    /** Current document + revision. */
+    getDocument(): Promise<SceneDocumentRecord>;
+    /** Atomic full-document save. Throws when `expectedRev` is stale — the
+     *  caller must refetch, reapply, and retry; never merge silently. */
+    saveDocument(document: SceneDocument, expectedRev: number): Promise<SceneDocumentRecord>;
+    recordDecision(input: NewSceneDecision): Promise<SceneDecision>;
+    createExport(format: SceneExportFormat, metadata?: Record<string, unknown>): Promise<SceneExportRecord>;
+    listDecisions(limit?: number): Promise<SceneDecision[]>;
+    listExports(limit?: number): Promise<SceneExportRecord[]>;
+}
+/** Per-request scope a product binds at store construction; decision and
+ *  export rows attribute to the acting user — never trusted from tool args. */
+interface SceneStoreScope {
+    workspaceId: string;
+    documentId: string;
+    userId: string;
+}
+
+export type { NewSceneDecision as N, SceneDecision as S, SceneDocumentRecord as a, SceneExportFormat as b, SceneExportRecord as c, SceneStore as d, SceneStoreScope as e };

package/dist/tools/index.d.ts

@@ -1,7 +1,8 @@
 import { b as AppToolName, f as ToolHeaderNames } from '../mcp-CIupfjxV.js';
 export { A as APP_TOOL_NAMES, a as AppToolMcpServer, c as AuthenticateOptions, B as BuildHttpMcpServerOptions, d as BuildMcpServerOptions, D as DEFAULT_APP_TOOL_PATHS, e as DEFAULT_HEADER_NAMES, O as OpenAIFunctionTool, T as ToolAuthResult, g as authenticateToolRequest, h as buildAppToolMcpServer, i as buildAppToolOpenAITools, j as buildHttpMcpServer, k as isAppToolName, r as readToolArgs } from '../mcp-CIupfjxV.js';
-import { c as AppToolHandlers, f as AppToolTaxonomy, b as AppToolContext, e as AppToolProducedEvent, d as AppToolOutcome } from '../types-By4B3K37.js';
+import { f as AppToolTaxonomy, c as AppToolHandlers, b as AppToolContext, e as AppToolProducedEvent, d as AppToolOutcome } from '../types-By4B3K37.js';
 export { A as AddCitationArgs, a as AddCitationResult, R as RenderUiArgs, g as RenderUiResult, S as ScheduleFollowupArgs, h as ScheduleFollowupResult, i as SubmitProposalArgs, j as SubmitProposalResult } from '../types-By4B3K37.js';
+export { C as CreateMcpToolHandlerOptions, M as MCP_PROTOCOL_VERSIONS, a as McpProtocolVersion, b as McpServerInfo, c as McpToolDefinition, d as createMcpToolHandler } from '../mcp-rpc-DLw_r9PQ.js';
 
 /** A correctable bad-input error a tool handler throws; the HTTP layer maps it
  *  to a 4xx with the code, the runtime layer to a failed tool_result. So the
@@ -65,6 +66,67 @@ declare function verifyExpiringCapabilityToken(subject: string, token: string, o
     now?: () => number;
 }): Promise<boolean>;
 
+/**
+ * Capability gating — compose an agent session's tool surface from a
+ * product-defined capability registry.
+ *
+ * Products that let users pick what an agent can do (a "Studio" agent with the
+ * full build toolset vs a clean "Assistant" with none) all need the same
+ * mechanics: a registry of named capabilities, each unlocking proposal types
+ * and/or named tool groups, resolved against the product's
+ * {@link AppToolTaxonomy} into the concrete tools to expose. The mechanics are
+ * generic and live here; the capability VOCABULARY (ids, labels, which
+ * proposal types, which tool groups) is the product's.
+ */
+
+/** One toggleable tool group in a product's capability registry. */
+interface ToolCapability {
+    id: string;
+    label: string;
+    description: string;
+    /** Proposal types this capability unlocks (intersected with the taxonomy,
+     *  so a capability can never widen the product's proposal surface). */
+    proposalTypes?: readonly string[];
+    /** Unlocks every taxonomy proposal type beyond the base set — the domain's
+     *  specialized long tail (risk_assessment, vuln_report, …). */
+    domainActions?: boolean;
+    /** Named product tool groups (e.g. 'sandbox', 'integrations') this
+     *  capability unlocks. The vocabulary is the product's; the resolver only
+     *  unions them. */
+    toolGroups?: readonly string[];
+}
+interface ResolveToolCapabilitiesOptions {
+    taxonomy: AppToolTaxonomy;
+    /** The product's full capability registry. */
+    capabilities: readonly ToolCapability[];
+    /** Enabled capability ids. `undefined` means full access (legacy callers
+     *  that don't send a capability set); an explicit `[]` means a pure chat
+     *  agent with no tools. Unknown ids are ignored. */
+    enabled: readonly string[] | undefined;
+    /** The shared base proposal types `domainActions` excludes. Defaults to
+     *  every type some capability names explicitly via `proposalTypes` — i.e.
+     *  "domain actions" are the taxonomy types no capability claims. */
+    baseProposalTypes?: readonly string[];
+}
+interface ResolvedToolCapabilities {
+    /** Proposal types to keep — feed to {@link restrictTaxonomy}. */
+    proposalTypes: string[];
+    /** Product tool groups to expose (deduped union across enabled caps). */
+    toolGroups: string[];
+}
+/**
+ * Resolve an enabled capability-id set against a taxonomy into the concrete
+ * tool surface. Fail-closed: only types present in the taxonomy survive, and
+ * an empty `enabled` set yields no tools at all.
+ */
+declare function resolveToolCapabilities(opts: ResolveToolCapabilitiesOptions): ResolvedToolCapabilities;
+/**
+ * Restrict a taxonomy to a subset of proposal types, intersecting the
+ * regulated subset too — the regulated label survives restriction, so a
+ * narrowed agent can never launder a regulated type into an unregulated one.
+ */
+declare function restrictTaxonomy(taxonomy: AppToolTaxonomy, allowed: readonly string[]): AppToolTaxonomy;
+
 interface DispatchOptions {
     handlers: AppToolHandlers;
     taxonomy: AppToolTaxonomy;
@@ -134,4 +196,4 @@ interface HandleToolRequestOptions extends DispatchOptions {
  */
 declare function handleAppToolRequest(request: Request, opts: HandleToolRequestOptions): Promise<Response>;
 
-export { AppToolContext, AppToolHandlers, AppToolName, AppToolOutcome, AppToolProducedEvent, type AppToolRuntimeExecutor, AppToolTaxonomy, type CapabilityTokenOptions, type DispatchOptions, type ExpiringCapabilityTokenOptions, type HandleToolRequestOptions, type RuntimeExecutorOptions, ToolHeaderNames, ToolInputError, createAppToolRuntimeExecutor, createCapabilityToken, createExpiringCapabilityToken, dispatchAppTool, handleAppToolRequest, outcomeStatus, verifyCapabilityToken, verifyExpiringCapabilityToken };
+export { AppToolContext, AppToolHandlers, AppToolName, AppToolOutcome, AppToolProducedEvent, type AppToolRuntimeExecutor, AppToolTaxonomy, type CapabilityTokenOptions, type DispatchOptions, type ExpiringCapabilityTokenOptions, type HandleToolRequestOptions, type ResolveToolCapabilitiesOptions, type ResolvedToolCapabilities, type RuntimeExecutorOptions, type ToolCapability, ToolHeaderNames, ToolInputError, createAppToolRuntimeExecutor, createCapabilityToken, createExpiringCapabilityToken, dispatchAppTool, handleAppToolRequest, outcomeStatus, resolveToolCapabilities, restrictTaxonomy, verifyCapabilityToken, verifyExpiringCapabilityToken };

package/dist/tools/index.js

@@ -2,17 +2,21 @@ import {
   createCapabilityToken,
   createExpiringCapabilityToken,
   handleAppToolRequest,
+  resolveToolCapabilities,
+  restrictTaxonomy,
   verifyCapabilityToken,
   verifyExpiringCapabilityToken
-} from "../chunk-CF5DZELC.js";
+} from "../chunk-SSX2A6XX.js";
 import {
   DEFAULT_APP_TOOL_PATHS,
   DEFAULT_HEADER_NAMES,
+  MCP_PROTOCOL_VERSIONS,
   authenticateToolRequest,
   buildAppToolMcpServer,
   buildHttpMcpServer,
+  createMcpToolHandler,
   readToolArgs
-} from "../chunk-IJZJWKUK.js";
+} from "../chunk-A76ZHWNF.js";
 import {
   APP_TOOL_NAMES,
   ToolInputError,
@@ -26,6 +30,7 @@ export {
   APP_TOOL_NAMES,
   DEFAULT_APP_TOOL_PATHS,
   DEFAULT_HEADER_NAMES,
+  MCP_PROTOCOL_VERSIONS,
   ToolInputError,
   authenticateToolRequest,
   buildAppToolMcpServer,
@@ -34,11 +39,14 @@ export {
   createAppToolRuntimeExecutor,
   createCapabilityToken,
   createExpiringCapabilityToken,
+  createMcpToolHandler,
   dispatchAppTool,
   handleAppToolRequest,
   isAppToolName,
   outcomeStatus,
   readToolArgs,
+  resolveToolCapabilities,
+  restrictTaxonomy,
   verifyCapabilityToken,
   verifyExpiringCapabilityToken
 };

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@tangle-network/agent-app",
-  "version": "0.12.0",
+  "version": "0.14.0",
   "packageManager": "pnpm@10.33.4",
-  "description": "Application-shell framework for Tangle agent products: a bounded tool loop, the structured agent→app tool side channel, integration-hub client, per-workspace billing, and crypto — composed over the Tangle agent substrate through typed seams.",
+  "description": "Application-shell framework for Tangle agent products: a bounded tool loop, the structured agent\u2192app tool side channel, integration-hub client, per-workspace billing, and crypto \u2014 composed over the Tangle agent substrate through typed seams.",
   "keywords": [
     "tangle",
     "ai-agent",
@@ -166,6 +166,21 @@
       "types": "./dist/sequences-react/index.d.ts",
       "import": "./dist/sequences-react/index.js",
       "default": "./dist/sequences-react/index.js"
+    },
+    "./design-canvas": {
+      "types": "./dist/design-canvas/index.d.ts",
+      "import": "./dist/design-canvas/index.js",
+      "default": "./dist/design-canvas/index.js"
+    },
+    "./design-canvas/drizzle": {
+      "types": "./dist/design-canvas/drizzle.d.ts",
+      "import": "./dist/design-canvas/drizzle.js",
+      "default": "./dist/design-canvas/drizzle.js"
+    },
+    "./design-canvas-react": {
+      "types": "./dist/design-canvas-react/index.d.ts",
+      "import": "./dist/design-canvas-react/index.js",
+      "default": "./dist/design-canvas-react/index.js"
     }
   },
   "scripts": {
@@ -189,8 +204,10 @@
     "better-sqlite3": "^12.10.0",
     "drizzle-orm": "^0.45.2",
     "jsdom": "^29.1.1",
+    "konva": "^10.3.0",
     "react": "^19.0.0",
     "react-dom": "^19.2.7",
+    "react-konva": "^19.2.5",
     "tsup": "^8.0.0",
     "typescript": "^5.7.0",
     "vitest": "^3.0.0"
@@ -202,7 +219,9 @@
     "@tangle-network/agent-knowledge": ">=1.5.0",
     "@tangle-network/agent-runtime": ">=0.21.0",
     "drizzle-orm": ">=0.36",
-    "react": ">=18"
+    "react": ">=18",
+    "konva": ">=9",
+    "react-konva": ">=18"
   },
   "peerDependenciesMeta": {
     "@huggingface/transformers": {
@@ -219,6 +238,12 @@
     },
     "react": {
       "optional": true
+    },
+    "konva": {
+      "optional": true
+    },
+    "react-konva": {
+      "optional": true
     }
   },
   "dependencies": {

package/dist/chunk-CF5DZELC.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/tools/capability.ts","../src/tools/http.ts"],"sourcesContent":["/**\n * Per-user capability token — the sandbox→app auth primitive behind the\n * `verifyToken` seam in {@link authenticateToolRequest}.\n *\n * An app-agent runs inside the sandbox and reaches the host app back over HTTP\n * (the app tools, the integration-invoke bridge). The route must act AS the\n * connecting user without trusting any model-supplied identity, so the turn\n * mints a short HMAC token bound to the user id and bakes it into the per-turn\n * MCP server header; the route verifies it to recover the user.\n *\n * `HMAC-SHA256(secret, \"user:<userId>\")`, base64url, with an app-chosen prefix.\n * The token encodes no scopes — the hub's policy engine authorizes per action.\n * Fail-closed: with no secret, no token is minted (the caller MUST omit the MCP\n * server rather than fake an authorized call). WebCrypto only — runs on\n * Workers, Node, and the browser with no Node `crypto` dependency.\n */\n\nexport interface CapabilityTokenOptions {\n  /** Shared HMAC secret. When absent, mint returns undefined / verify returns false. */\n  secret?: string\n  /** Token prefix (namespaces the credential; lets verify reject foreign tokens\n   *  cheaply). Default `cap_`. */\n  prefix?: string\n}\n\n/** Mint a capability token for `userId`, or `undefined` when no secret is\n *  configured (fail-closed — the caller omits the MCP server rather than fake it). */\nexport async function createCapabilityToken(userId: string, opts: CapabilityTokenOptions): Promise<string | undefined> {\n  const secret = opts.secret?.trim()\n  if (!secret) return undefined\n  const prefix = opts.prefix ?? 'cap_'\n  return `${prefix}${await sign(userId, secret)}`\n}\n\n/** Verify a capability token against `userId`. Returns false (never throws) for\n *  an unconfigured secret, a wrong prefix, a malformed token, or a mismatch. */\nexport async function verifyCapabilityToken(userId: string, token: string, opts: CapabilityTokenOptions): Promise<boolean> {\n  const secret = opts.secret?.trim()\n  const prefix = opts.prefix ?? 'cap_'\n  if (!secret || !token.startsWith(prefix)) return false\n  const expected = `${prefix}${await sign(userId, secret)}`\n  return timingSafeEqual(token, expected)\n}\n\nexport interface ExpiringCapabilityTokenOptions extends CapabilityTokenOptions {\n  /** Token lifetime. Expired tokens verify false regardless of signature. */\n  expiresInMs: number\n  /** Clock injection for tests; defaults to Date.now. */\n  now?: () => number\n}\n\n/**\n * Mint an EXPIRING capability token: `<prefix><base64url(payload)>.<sig>` where\n * the payload carries `{ sub, exp, n }` (subject, epoch-ms expiry, random\n * nonce) and the signature is HMAC-SHA256 over the encoded payload. Use this\n * for user-initiated scoped channels (e.g. a per-sequence MCP endpoint) where\n * a captured token must not stay valid past its window; the bare\n * {@link createCapabilityToken} remains for turn-scoped tool bridges whose\n * mint+verify happen inside one request cycle. Fail-closed like the bare\n * variant: no secret → no token.\n */\nexport async function createExpiringCapabilityToken(subject: string, opts: ExpiringCapabilityTokenOptions): Promise<string | undefined> {\n  const secret = opts.secret?.trim()\n  if (!secret) return undefined\n  if (!Number.isFinite(opts.expiresInMs) || opts.expiresInMs <= 0) throw new Error('expiresInMs must be a positive number')\n  const prefix = opts.prefix ?? 'cap_'\n  const now = opts.now ?? Date.now\n  const payload = base64urlText(JSON.stringify({ sub: subject, exp: now() + opts.expiresInMs, n: crypto.randomUUID() }))\n  return `${prefix}${payload}.${await signText(payload, secret)}`\n}\n\n/** Verify an expiring token against `subject`: prefix, payload integrity,\n *  subject match, and expiry all checked; returns false (never throws) on any\n *  failure including a malformed payload. */\nexport async function verifyExpiringCapabilityToken(subject: string, token: string, opts: CapabilityTokenOptions & { now?: () => number }): Promise<boolean> {\n  const secret = opts.secret?.trim()\n  const prefix = opts.prefix ?? 'cap_'\n  if (!secret || !token.startsWith(prefix)) return false\n  const body = token.slice(prefix.length)\n  const dot = body.lastIndexOf('.')\n  if (dot <= 0 || dot === body.length - 1) return false\n  const payload = body.slice(0, dot)\n  const sig = body.slice(dot + 1)\n  if (!timingSafeEqual(sig, await signText(payload, secret))) return false\n  let parsed: { sub?: unknown; exp?: unknown }\n  try {\n    parsed = JSON.parse(textFromBase64url(payload)) as { sub?: unknown; exp?: unknown }\n  } catch {\n    return false\n  }\n  if (parsed.sub !== subject) return false\n  if (typeof parsed.exp !== 'number') return false\n  const now = opts.now ?? Date.now\n  return parsed.exp > now()\n}\n\nasync function sign(userId: string, secret: string): Promise<string> {\n  return signText(`user:${userId}`, secret)\n}\n\nasync function signText(message: string, secret: string): Promise<string> {\n  const enc = new TextEncoder()\n  const key = await crypto.subtle.importKey('raw', enc.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign'])\n  const sig = await crypto.subtle.sign('HMAC', key, enc.encode(message))\n  return base64url(new Uint8Array(sig))\n}\n\nfunction base64urlText(text: string): string {\n  return base64url(new TextEncoder().encode(text))\n}\n\nfunction textFromBase64url(value: string): string {\n  const b64 = value.replace(/-/g, '+').replace(/_/g, '/')\n  const bin = atob(b64)\n  const bytes = new Uint8Array(bin.length)\n  for (let i = 0; i < bin.length; i++) bytes[i] = bin.charCodeAt(i)\n  return new TextDecoder().decode(bytes)\n}\n\nfunction base64url(bytes: Uint8Array): string {\n  let s = ''\n  for (let i = 0; i < bytes.length; i++) s += String.fromCharCode(bytes[i]!)\n  return btoa(s).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n\n/** Length-independent-leak-free compare for two same-charset strings. */\nfunction timingSafeEqual(a: string, b: string): boolean {\n  if (a.length !== b.length) return false\n  let diff = 0\n  for (let i = 0; i < a.length; i++) diff |= a.charCodeAt(i) ^ b.charCodeAt(i)\n  return diff === 0\n}\n","import { authenticateToolRequest, type ToolHeaderNames } from './auth'\nimport { dispatchAppTool, outcomeStatus, type DispatchOptions } from './dispatch'\nimport type { AppToolName } from './openai'\n\nexport interface HandleToolRequestOptions extends DispatchOptions {\n  /** Which app tool this route serves. */\n  tool: AppToolName\n  /** Verify the bearer capability token belongs to the header user. */\n  verifyToken: (userId: string, bearer: string) => Promise<boolean>\n  headerNames?: ToolHeaderNames\n  /** Optional success-message builder for a friendlier tool result. */\n  message?: (result: unknown) => string\n}\n\n/**\n * Handle one app-tool HTTP request end to end — the sandbox MCP path. The\n * agent's per-turn HTTP MCP server POSTs here; this authenticates (header user\n * + capability token), reads the args (MCP-alias tolerant), dispatches to the\n * product handler, and returns a JSON Response. A product's route file becomes\n * a one-liner: `export const action = ({ request }) => handleAppToolRequest(request, cfg)`.\n */\nexport async function handleAppToolRequest(request: Request, opts: HandleToolRequestOptions): Promise<Response> {\n  if (request.method !== 'POST') return Response.json({ error: 'Method not allowed' }, { status: 405 })\n\n  const auth = await authenticateToolRequest(request, { verifyToken: opts.verifyToken, headerNames: opts.headerNames })\n  if (!auth.ok) return auth.response\n\n  let body: { args?: Record<string, unknown>; arguments?: Record<string, unknown> } & Record<string, unknown>\n  try {\n    body = (await request.json()) as typeof body\n  } catch {\n    return Response.json({ error: 'Invalid JSON' }, { status: 400 })\n  }\n  const args = (body.args ?? body.arguments ?? body) as Record<string, unknown>\n\n  const outcome = await dispatchAppTool(opts.tool, args, auth.ctx, opts)\n  if (!outcome.ok) {\n    return Response.json({ error: outcome.code, message: outcome.message }, { status: outcomeStatus(outcome) })\n  }\n  const payload = outcome.result as Record<string, unknown>\n  return Response.json({ ok: true, ...payload, ...(opts.message ? { message: opts.message(outcome.result) } : {}) })\n}\n"],"mappings":";;;;;;;;;AA2BA,eAAsB,sBAAsB,QAAgB,MAA2D;AACrH,QAAM,SAAS,KAAK,QAAQ,KAAK;AACjC,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,SAAS,KAAK,UAAU;AAC9B,SAAO,GAAG,MAAM,GAAG,MAAM,KAAK,QAAQ,MAAM,CAAC;AAC/C;AAIA,eAAsB,sBAAsB,QAAgB,OAAe,MAAgD;AACzH,QAAM,SAAS,KAAK,QAAQ,KAAK;AACjC,QAAM,SAAS,KAAK,UAAU;AAC9B,MAAI,CAAC,UAAU,CAAC,MAAM,WAAW,MAAM,EAAG,QAAO;AACjD,QAAM,WAAW,GAAG,MAAM,GAAG,MAAM,KAAK,QAAQ,MAAM,CAAC;AACvD,SAAO,gBAAgB,OAAO,QAAQ;AACxC;AAmBA,eAAsB,8BAA8B,SAAiB,MAAmE;AACtI,QAAM,SAAS,KAAK,QAAQ,KAAK;AACjC,MAAI,CAAC,OAAQ,QAAO;AACpB,MAAI,CAAC,OAAO,SAAS,KAAK,WAAW,KAAK,KAAK,eAAe,EAAG,OAAM,IAAI,MAAM,uCAAuC;AACxH,QAAM,SAAS,KAAK,UAAU;AAC9B,QAAM,MAAM,KAAK,OAAO,KAAK;AAC7B,QAAM,UAAU,cAAc,KAAK,UAAU,EAAE,KAAK,SAAS,KAAK,IAAI,IAAI,KAAK,aAAa,GAAG,OAAO,WAAW,EAAE,CAAC,CAAC;AACrH,SAAO,GAAG,MAAM,GAAG,OAAO,IAAI,MAAM,SAAS,SAAS,MAAM,CAAC;AAC/D;AAKA,eAAsB,8BAA8B,SAAiB,OAAe,MAAyE;AAC3J,QAAM,SAAS,KAAK,QAAQ,KAAK;AACjC,QAAM,SAAS,KAAK,UAAU;AAC9B,MAAI,CAAC,UAAU,CAAC,MAAM,WAAW,MAAM,EAAG,QAAO;AACjD,QAAM,OAAO,MAAM,MAAM,OAAO,MAAM;AACtC,QAAM,MAAM,KAAK,YAAY,GAAG;AAChC,MAAI,OAAO,KAAK,QAAQ,KAAK,SAAS,EAAG,QAAO;AAChD,QAAM,UAAU,KAAK,MAAM,GAAG,GAAG;AACjC,QAAM,MAAM,KAAK,MAAM,MAAM,CAAC;AAC9B,MAAI,CAAC,gBAAgB,KAAK,MAAM,SAAS,SAAS,MAAM,CAAC,EAAG,QAAO;AACnE,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,kBAAkB,OAAO,CAAC;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACA,MAAI,OAAO,QAAQ,QAAS,QAAO;AACnC,MAAI,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC3C,QAAM,MAAM,KAAK,OAAO,KAAK;AAC7B,SAAO,OAAO,MAAM,IAAI;AAC1B;AAEA,eAAe,KAAK,QAAgB,QAAiC;AACnE,SAAO,SAAS,QAAQ,MAAM,IAAI,MAAM;AAC1C;AAEA,eAAe,SAAS,SAAiB,QAAiC;AACxE,QAAM,MAAM,IAAI,YAAY;AAC5B,QAAM,MAAM,MAAM,OAAO,OAAO,UAAU,OAAO,IAAI,OAAO,MAAM,GAAG,EAAE,MAAM,QAAQ,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;AACvH,QAAM,MAAM,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK,IAAI,OAAO,OAAO,CAAC;AACrE,SAAO,UAAU,IAAI,WAAW,GAAG,CAAC;AACtC;AAEA,SAAS,cAAc,MAAsB;AAC3C,SAAO,UAAU,IAAI,YAAY,EAAE,OAAO,IAAI,CAAC;AACjD;AAEA,SAAS,kBAAkB,OAAuB;AAChD,QAAM,MAAM,MAAM,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACtD,QAAM,MAAM,KAAK,GAAG;AACpB,QAAM,QAAQ,IAAI,WAAW,IAAI,MAAM;AACvC,WAAS,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,OAAM,CAAC,IAAI,IAAI,WAAW,CAAC;AAChE,SAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AACvC;AAEA,SAAS,UAAU,OAA2B;AAC5C,MAAI,IAAI;AACR,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,IAAK,MAAK,OAAO,aAAa,MAAM,CAAC,CAAE;AACzE,SAAO,KAAK,CAAC,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAC1E;AAGA,SAAS,gBAAgB,GAAW,GAAoB;AACtD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,MAAI,OAAO;AACX,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,SAAQ,EAAE,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC;AAC3E,SAAO,SAAS;AAClB;;;AC9GA,eAAsB,qBAAqB,SAAkB,MAAmD;AAC9G,MAAI,QAAQ,WAAW,OAAQ,QAAO,SAAS,KAAK,EAAE,OAAO,qBAAqB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAEpG,QAAM,OAAO,MAAM,wBAAwB,SAAS,EAAE,aAAa,KAAK,aAAa,aAAa,KAAK,YAAY,CAAC;AACpH,MAAI,CAAC,KAAK,GAAI,QAAO,KAAK;AAE1B,MAAI;AACJ,MAAI;AACF,WAAQ,MAAM,QAAQ,KAAK;AAAA,EAC7B,QAAQ;AACN,WAAO,SAAS,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACjE;AACA,QAAM,OAAQ,KAAK,QAAQ,KAAK,aAAa;AAE7C,QAAM,UAAU,MAAM,gBAAgB,KAAK,MAAM,MAAM,KAAK,KAAK,IAAI;AACrE,MAAI,CAAC,QAAQ,IAAI;AACf,WAAO,SAAS,KAAK,EAAE,OAAO,QAAQ,MAAM,SAAS,QAAQ,QAAQ,GAAG,EAAE,QAAQ,cAAc,OAAO,EAAE,CAAC;AAAA,EAC5G;AACA,QAAM,UAAU,QAAQ;AACxB,SAAO,SAAS,KAAK,EAAE,IAAI,MAAM,GAAG,SAAS,GAAI,KAAK,UAAU,EAAE,SAAS,KAAK,QAAQ,QAAQ,MAAM,EAAE,IAAI,CAAC,EAAG,CAAC;AACnH;","names":[]}

package/dist/chunk-IJZJWKUK.js

@@ -1,77 +0,0 @@
-// src/tools/auth.ts
-var DEFAULT_HEADER_NAMES = {
-  userId: "X-Agent-App-User-Id",
-  workspaceId: "X-Agent-App-Workspace-Id",
-  threadId: "X-Agent-App-Thread-Id"
-};
-async function authenticateToolRequest(request, opts) {
-  const h = opts.headerNames ?? DEFAULT_HEADER_NAMES;
-  const userId = request.headers.get(h.userId)?.trim();
-  const workspaceId = request.headers.get(h.workspaceId)?.trim();
-  const threadId = request.headers.get(h.threadId)?.trim() || null;
-  const bearer = request.headers.get("authorization")?.match(/^Bearer\s+(.+)$/i)?.[1];
-  if (!userId || !bearer) {
-    return { ok: false, response: Response.json({ error: "Missing capability credentials" }, { status: 401 }) };
-  }
-  if (!await opts.verifyToken(userId, bearer)) {
-    return { ok: false, response: Response.json({ error: "Invalid capability token" }, { status: 401 }) };
-  }
-  if (!workspaceId) {
-    return { ok: false, response: Response.json({ error: "Missing workspace context" }, { status: 400 }) };
-  }
-  return { ok: true, ctx: { userId, workspaceId, threadId } };
-}
-async function readToolArgs(request) {
-  let body;
-  try {
-    body = await request.json();
-  } catch {
-    return null;
-  }
-  return body.args ?? body.arguments ?? body;
-}
-
-// src/tools/mcp.ts
-var DEFAULT_APP_TOOL_PATHS = {
-  submit_proposal: "/api/tools/propose",
-  schedule_followup: "/api/tools/followup",
-  render_ui: "/api/tools/render-ui",
-  add_citation: "/api/tools/citation"
-};
-function buildHttpMcpServer(opts) {
-  const base = opts.baseUrl.replace(/\/+$/, "");
-  const h = opts.headerNames ?? DEFAULT_HEADER_NAMES;
-  return {
-    transport: "http",
-    url: `${base}${opts.path}`,
-    headers: {
-      Authorization: `Bearer ${opts.token}`,
-      [h.userId]: opts.ctx.userId,
-      ...opts.ctx.workspaceId ? { [h.workspaceId]: opts.ctx.workspaceId } : {},
-      ...opts.ctx.threadId ? { [h.threadId]: opts.ctx.threadId } : {},
-      "Content-Type": "application/json"
-    },
-    enabled: true,
-    metadata: { description: opts.description }
-  };
-}
-function buildAppToolMcpServer(opts) {
-  return buildHttpMcpServer({
-    path: opts.paths?.[opts.tool] ?? DEFAULT_APP_TOOL_PATHS[opts.tool],
-    baseUrl: opts.baseUrl,
-    token: opts.token,
-    ctx: opts.ctx,
-    description: opts.description,
-    headerNames: opts.headerNames
-  });
-}
-
-export {
-  DEFAULT_HEADER_NAMES,
-  authenticateToolRequest,
-  readToolArgs,
-  DEFAULT_APP_TOOL_PATHS,
-  buildHttpMcpServer,
-  buildAppToolMcpServer
-};
-//# sourceMappingURL=chunk-IJZJWKUK.js.map

package/dist/chunk-IJZJWKUK.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/tools/auth.ts","../src/tools/mcp.ts"],"sourcesContent":["import type { AppToolContext } from './types'\n\n/**\n * Header names carrying the server-set per-turn context + the capability token.\n * Defaults are product-neutral (`X-Agent-App-*`); a product that already ships\n * a header convention (e.g. `X-Acme-User-Id`) passes its own.\n */\nexport interface ToolHeaderNames {\n  userId: string\n  workspaceId: string\n  threadId: string\n}\n\nexport const DEFAULT_HEADER_NAMES: ToolHeaderNames = {\n  userId: 'X-Agent-App-User-Id',\n  workspaceId: 'X-Agent-App-Workspace-Id',\n  threadId: 'X-Agent-App-Thread-Id',\n}\n\nexport interface AuthenticateOptions {\n  /** Verify the bearer capability token belongs to `userId`. The product's\n   *  HMAC/JWT impl — the seam that keeps token crypto out of this package. */\n  verifyToken: (userId: string, bearer: string) => Promise<boolean>\n  headerNames?: ToolHeaderNames\n}\n\nexport type ToolAuthResult =\n  | { ok: true; ctx: AppToolContext }\n  | { ok: false; response: Response }\n\n/**\n * Recover + verify the trusted context for a tool request. The user comes from\n * a server-set header and the bearer token MUST verify against THAT user; the\n * workspace comes from a header too — never from tool args — so the model can\n * neither forge identity nor target another workspace. Fail-closed: any missing\n * credential or a token minted for another user yields a 401/400 Response.\n */\nexport async function authenticateToolRequest(request: Request, opts: AuthenticateOptions): Promise<ToolAuthResult> {\n  const h = opts.headerNames ?? DEFAULT_HEADER_NAMES\n  const userId = request.headers.get(h.userId)?.trim()\n  const workspaceId = request.headers.get(h.workspaceId)?.trim()\n  const threadId = request.headers.get(h.threadId)?.trim() || null\n  const bearer = request.headers.get('authorization')?.match(/^Bearer\\s+(.+)$/i)?.[1]\n\n  if (!userId || !bearer) {\n    return { ok: false, response: Response.json({ error: 'Missing capability credentials' }, { status: 401 }) }\n  }\n  if (!(await opts.verifyToken(userId, bearer))) {\n    return { ok: false, response: Response.json({ error: 'Invalid capability token' }, { status: 401 }) }\n  }\n  if (!workspaceId) {\n    return { ok: false, response: Response.json({ error: 'Missing workspace context' }, { status: 400 }) }\n  }\n  return { ok: true, ctx: { userId, workspaceId, threadId } }\n}\n\n/** Read a tool's argument object from the request body, tolerant of MCP host\n *  aliases (`args` / `arguments`) or a bare body. Returns null on non-JSON. */\nexport async function readToolArgs<T>(request: Request): Promise<T | null> {\n  let body: { args?: T; arguments?: T }\n  try {\n    body = (await request.json()) as typeof body\n  } catch {\n    return null\n  }\n  return (body.args ?? body.arguments ?? (body as T)) as T\n}\n","import type { AppToolContext } from './types'\nimport type { AppToolName } from './openai'\nimport type { ToolHeaderNames } from './auth'\nimport { DEFAULT_HEADER_NAMES } from './auth'\n\n/** Default route path each app tool is served at. A product mounts its routes\n *  at these paths (or supplies its own via {@link BuildMcpServerOptions.paths}). */\nexport const DEFAULT_APP_TOOL_PATHS: Record<AppToolName, string> = {\n  submit_proposal: '/api/tools/propose',\n  schedule_followup: '/api/tools/followup',\n  render_ui: '/api/tools/render-ui',\n  add_citation: '/api/tools/citation',\n}\n\n/** The portable MCP server entry the sandbox SDK accepts (transport + url +\n *  headers). Matches `AgentProfileMcpServer` structurally without importing the\n *  sandbox SDK — products spread it into their profile's `mcp` map. */\nexport interface AppToolMcpServer {\n  transport: 'http'\n  url: string\n  headers: Record<string, string>\n  enabled: true\n  metadata: { description: string }\n}\n\nexport interface BuildHttpMcpServerOptions {\n  /** Route path on the app the sandbox POSTs to (e.g. `/api/tools/propose`). */\n  path: string\n  /** App base URL the sandbox reaches back to (no trailing slash required). */\n  baseUrl: string\n  /** Per-user capability token, baked into the Authorization header. */\n  token: string\n  ctx: AppToolContext\n  /** Tool description the model sees. */\n  description: string\n  headerNames?: ToolHeaderNames\n}\n\n/**\n * Build ONE HTTP MCP server entry — the generic agent→app bridge. The\n * capability token + the user/workspace/thread ids ride in server-set headers\n * (never tool args), so the model can't forge identity or target another\n * workspace. Workspace/thread headers are omitted when their `ctx` value is\n * empty/null (e.g. an integration-invoke bridge that's user-scoped only). Used\n * directly for non-app-tool bridges (integration_invoke) and via\n * {@link buildAppToolMcpServer} for the four app tools.\n */\nexport function buildHttpMcpServer(opts: BuildHttpMcpServerOptions): AppToolMcpServer {\n  const base = opts.baseUrl.replace(/\\/+$/, '')\n  const h = opts.headerNames ?? DEFAULT_HEADER_NAMES\n  return {\n    transport: 'http',\n    url: `${base}${opts.path}`,\n    headers: {\n      Authorization: `Bearer ${opts.token}`,\n      [h.userId]: opts.ctx.userId,\n      ...(opts.ctx.workspaceId ? { [h.workspaceId]: opts.ctx.workspaceId } : {}),\n      ...(opts.ctx.threadId ? { [h.threadId]: opts.ctx.threadId } : {}),\n      'Content-Type': 'application/json',\n    },\n    enabled: true,\n    metadata: { description: opts.description },\n  }\n}\n\nexport interface BuildMcpServerOptions {\n  tool: AppToolName\n  baseUrl: string\n  token: string\n  ctx: AppToolContext\n  description: string\n  headerNames?: ToolHeaderNames\n  paths?: Partial<Record<AppToolName, string>>\n}\n\n/** Build one of the four app-tool MCP servers — a thin wrapper over\n *  {@link buildHttpMcpServer} that maps the tool name to its route path. */\nexport function buildAppToolMcpServer(opts: BuildMcpServerOptions): AppToolMcpServer {\n  return buildHttpMcpServer({\n    path: opts.paths?.[opts.tool] ?? DEFAULT_APP_TOOL_PATHS[opts.tool],\n    baseUrl: opts.baseUrl,\n    token: opts.token,\n    ctx: opts.ctx,\n    description: opts.description,\n    headerNames: opts.headerNames,\n  })\n}\n"],"mappings":";AAaO,IAAM,uBAAwC;AAAA,EACnD,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,UAAU;AACZ;AAoBA,eAAsB,wBAAwB,SAAkB,MAAoD;AAClH,QAAM,IAAI,KAAK,eAAe;AAC9B,QAAM,SAAS,QAAQ,QAAQ,IAAI,EAAE,MAAM,GAAG,KAAK;AACnD,QAAM,cAAc,QAAQ,QAAQ,IAAI,EAAE,WAAW,GAAG,KAAK;AAC7D,QAAM,WAAW,QAAQ,QAAQ,IAAI,EAAE,QAAQ,GAAG,KAAK,KAAK;AAC5D,QAAM,SAAS,QAAQ,QAAQ,IAAI,eAAe,GAAG,MAAM,kBAAkB,IAAI,CAAC;AAElF,MAAI,CAAC,UAAU,CAAC,QAAQ;AACtB,WAAO,EAAE,IAAI,OAAO,UAAU,SAAS,KAAK,EAAE,OAAO,iCAAiC,GAAG,EAAE,QAAQ,IAAI,CAAC,EAAE;AAAA,EAC5G;AACA,MAAI,CAAE,MAAM,KAAK,YAAY,QAAQ,MAAM,GAAI;AAC7C,WAAO,EAAE,IAAI,OAAO,UAAU,SAAS,KAAK,EAAE,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC,EAAE;AAAA,EACtG;AACA,MAAI,CAAC,aAAa;AAChB,WAAO,EAAE,IAAI,OAAO,UAAU,SAAS,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC,EAAE;AAAA,EACvG;AACA,SAAO,EAAE,IAAI,MAAM,KAAK,EAAE,QAAQ,aAAa,SAAS,EAAE;AAC5D;AAIA,eAAsB,aAAgB,SAAqC;AACzE,MAAI;AACJ,MAAI;AACF,WAAQ,MAAM,QAAQ,KAAK;AAAA,EAC7B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,SAAQ,KAAK,QAAQ,KAAK,aAAc;AAC1C;;;AC3DO,IAAM,yBAAsD;AAAA,EACjE,iBAAiB;AAAA,EACjB,mBAAmB;AAAA,EACnB,WAAW;AAAA,EACX,cAAc;AAChB;AAmCO,SAAS,mBAAmB,MAAmD;AACpF,QAAM,OAAO,KAAK,QAAQ,QAAQ,QAAQ,EAAE;AAC5C,QAAM,IAAI,KAAK,eAAe;AAC9B,SAAO;AAAA,IACL,WAAW;AAAA,IACX,KAAK,GAAG,IAAI,GAAG,KAAK,IAAI;AAAA,IACxB,SAAS;AAAA,MACP,eAAe,UAAU,KAAK,KAAK;AAAA,MACnC,CAAC,EAAE,MAAM,GAAG,KAAK,IAAI;AAAA,MACrB,GAAI,KAAK,IAAI,cAAc,EAAE,CAAC,EAAE,WAAW,GAAG,KAAK,IAAI,YAAY,IAAI,CAAC;AAAA,MACxE,GAAI,KAAK,IAAI,WAAW,EAAE,CAAC,EAAE,QAAQ,GAAG,KAAK,IAAI,SAAS,IAAI,CAAC;AAAA,MAC/D,gBAAgB;AAAA,IAClB;AAAA,IACA,SAAS;AAAA,IACT,UAAU,EAAE,aAAa,KAAK,YAAY;AAAA,EAC5C;AACF;AAcO,SAAS,sBAAsB,MAA+C;AACnF,SAAO,mBAAmB;AAAA,IACxB,MAAM,KAAK,QAAQ,KAAK,IAAI,KAAK,uBAAuB,KAAK,IAAI;AAAA,IACjE,SAAS,KAAK;AAAA,IACd,OAAO,KAAK;AAAA,IACZ,KAAK,KAAK;AAAA,IACV,aAAa,KAAK;AAAA,IAClB,aAAa,KAAK;AAAA,EACpB,CAAC;AACH;","names":[]}