@the-ai-company/cbio-node-runtime 1.55.1 → 1.56.0

package/README.md

@@ -58,7 +58,34 @@ const vault = await recoverVault(storage, {
 });
 ```
 
-### 3. Managed Agent Identities
+### 3. Owner Sessions for GUI Apps
+
+For long-running processes such as GUI apps, keep an `OwnerSession`, not a raw `VaultClient`.
+
+`createVaultClient(...)` creates an owner client for the current runtime. It is not intended to be cached across HMR, module reloads, or runtime swaps. `OwnerSession` gives you a stable SDK-managed handle and recreates owner clients on demand.
+
+```ts
+import { createOwnerSession, FsStorageProvider } from '@the-ai-company/cbio-node-runtime';
+
+const session = createOwnerSession(storage, {
+  vaultId: myVault.core.vaultId.value,
+  password: 'your-secure-password',
+});
+
+const createdAgent = await session.withClient((client) =>
+  client.ownerCreateAgent({ nickname: 'Background Worker' })
+);
+
+const ownerClient = await session.client();
+const agents = await ownerClient.ownerListAgents();
+
+// Invalidate the session when your app unloads or explicitly locks the vault.
+session.invalidate();
+```
+
+If you are writing a short-lived script, `recoverVault(...)` plus `createVaultClient(...)` is still fine.
+
+### 4. Managed Agent Identities
 
 You can generate and register agents directly within the vault. The vault holds the private keys for full custody.
 
@@ -106,14 +133,6 @@ await client.ownerGrantCapability({
   scope: 'https://api.example.com/*',
   methods: ['POST']
 });
-
-// 5. Setup client with automatic warmup (v1.48.4+)
-const client = createVaultClient({
-  vault,
-  ownerIdentity: { identityId: 'owner-1' }
-  // warmup: true is now DEFAULT (v1.48.4+)
-  // skipWarmup: true // Optional: pass this to disable automatic token generation
-});
 ```
 
 ### 6. Consuming Secrets (Agent)
@@ -203,7 +222,7 @@ if (result.status === 'PENDING') {
 }
 
 // OR: Use the Observer for real-time push (v1.48.4+)
-ownerClient.ownerOnPendingDispatch((req) => {
+client.ownerOnPendingDispatch((req) => {
   console.log("New discovery request:", req.requestId);
 });
 

package/dist/clients/owner/client.d.ts

@@ -1,7 +1,7 @@
 import { type CreatedIdentity } from "../../runtime/identity.js";
 import { type Clock } from "../../vault-core/index.js";
 import type { VaultService } from "../../vault-ingress/index.js";
-import type { VaultAuditQueryInput, OwnerDefineSecretTargetsInput, VaultExportSecretInput, VaultReadSecretPlaintextInput, VaultReadAgentPrivateKeyInput, VaultGrantCapabilityInput, VaultRegisterFlowInput, VaultImportAgentInput, VaultCreateAgentInput, OwnerAgentProvisionResult, OwnerStoreSecretInput, OwnerWriteSecretInput, VaultDeleteSecretInput, VaultUpdateAgentInput, VaultListAgentsInput, VaultListCapabilitiesInput, VaultListSecretsInput, VaultRevokeCapabilityInput, VaultIssueSessionTokenInput, VaultRevokeSessionTokenInput, VaultSubmitCapabilityRequestInput, VaultApproveCapabilityRequestInput, VaultApproveDispatchInput, OwnerSensitiveActionConfirmation, OwnerSensitiveActionContext } from "./contracts.js";
+import type { VaultAuditQueryInput, OwnerDefineSecretTargetsInput, VaultExportSecretInput, VaultReadSecretPlaintextInput, VaultReadAgentPrivateKeyInput, OwnerGrantCapabilityInput, VaultRegisterFlowInput, VaultImportAgentInput, VaultCreateAgentInput, OwnerAgentProvisionResult, OwnerStoreSecretInput, OwnerWriteSecretInput, VaultDeleteSecretInput, VaultUpdateAgentInput, VaultListAgentsInput, VaultListCapabilitiesInput, VaultListSecretsInput, VaultRevokeCapabilityInput, VaultIssueSessionTokenInput, VaultRevokeSessionTokenInput, VaultSubmitCapabilityRequestInput, VaultApproveCapabilityRequestInput, VaultApproveDispatchInput, OwnerSensitiveActionConfirmation, OwnerSensitiveActionContext } from "./contracts.js";
 export interface VaultIdentity {
     identityId: string;
 }
@@ -34,7 +34,7 @@ export interface VaultClient {
     /**
      * Grants a specific capability to an agent.
      */
-    ownerGrantCapability(input: VaultGrantCapabilityInput): Promise<import("../../vault-core/index.js").AgentCapability>;
+    ownerGrantCapability(input: OwnerGrantCapabilityInput): Promise<import("../../vault-core/index.js").AgentCapability>;
     /**
      * Reads the tamper-evident audit log for the vault.
      */

package/dist/clients/owner/client.js

@@ -46,6 +46,33 @@ class DefaultVaultClient {
             throw new OwnerClientError(OwnerClientErrorCode.SENSITIVE_ACTION_INVALID_PASSWORD, "invalid vault password");
         }
     }
+    _resolveGrantedCapability(input) {
+        if ("capability" in input) {
+            return {
+                requestedAt: input.requestedAt ?? input.capability.issuedAt,
+                capability: {
+                    vaultId: input.capability.vaultId,
+                    capabilityId: input.capability.capabilityId,
+                    agentId: input.capability.agentId,
+                    operation: input.capability.operation,
+                    secretAliases: input.capability.secretAliases,
+                    secretIds: input.capability.secretIds,
+                    customFlowId: input.capability.customFlowId,
+                    scope: input.capability.scope,
+                    methods: input.capability.methods,
+                    issuedAt: input.capability.issuedAt,
+                    expiresAt: input.capability.expiresAt,
+                    rateLimit: input.capability.rateLimit,
+                    skipAudit: input.capability.skipAudit,
+                    auditRequired: input.capability.auditRequired,
+                },
+            };
+        }
+        return {
+            requestedAt: input.requestedAt,
+            capability: input,
+        };
+    }
     async ownerStoreSecret(input) {
         const requestedAt = input.requestedAt ?? this._clock.nowIso();
         const requestId = createRequestIdValue("write_secret");
@@ -266,20 +293,27 @@ class DefaultVaultClient {
         };
     }
     async ownerGrantCapability(input) {
-        const requestedAt = input.requestedAt ?? this._clock.nowIso();
-        const capabilityId = createCapabilityIdValue();
+        const normalized = this._resolveGrantedCapability(input);
+        const requestedAt = normalized.requestedAt ?? this._clock.nowIso();
+        const capabilityId = normalized.capability.capabilityId ?? createCapabilityIdValue();
         const requestId = createRequestIdValue("register_capability");
+        const skipAudit = normalized.capability.skipAudit ?? (normalized.capability.auditRequired === undefined
+            ? undefined
+            : !normalized.capability.auditRequired);
         const capability = {
-            vaultId: this._vault.vaultId,
-            agentId: input.agentId,
+            vaultId: normalized.capability.vaultId ?? this._vault.vaultId,
+            agentId: normalized.capability.agentId,
             capabilityId,
-            operation: input.operation ?? "dispatch_http",
-            secretAliases: input.secretAliases ? [...input.secretAliases] : [],
-            scope: input.scope,
-            methods: [...input.methods],
-            rateLimit: input.rateLimit,
-            skipAudit: input.skipAudit,
-            issuedAt: requestedAt,
+            operation: normalized.capability.operation ?? "dispatch_http",
+            secretAliases: normalized.capability.secretAliases ? [...normalized.capability.secretAliases] : undefined,
+            secretIds: normalized.capability.secretIds ? [...normalized.capability.secretIds] : undefined,
+            customFlowId: normalized.capability.customFlowId,
+            scope: normalized.capability.scope,
+            methods: [...normalized.capability.methods],
+            expiresAt: normalized.capability.expiresAt,
+            rateLimit: normalized.capability.rateLimit,
+            skipAudit,
+            issuedAt: normalized.capability.issuedAt ?? requestedAt,
         };
         await this._vault.ownerRegisterCapability({
             vaultId: this._vault.vaultId,

package/dist/clients/owner/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/clients/owner/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACzE,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,eAAe,EAAwB,MAAM,2BAA2B,CAAC;AAClG,OAAO,EAAE,WAAW,EAAc,MAAM,2BAA2B,CAAC;AAyIpE,MAAM,eAAe,GAAG,cAAc,CAAC;AAEvC,MAAM,kBAAkB;IAIH;IACA;IACA;IACA;IACA;IACA;IACA;IATF,WAAW,CAAS;IAErC,YACmB,MAAoB,EACpB,SAAyB,EACzB,OAAqB,EACrB,SAAgB,IAAI,WAAW,EAAE,EACjC,cAAuB,KAAK,EAC5B,iBAAoE,EACpE,wBAGc;QATd,WAAM,GAAN,MAAM,CAAc;QACpB,cAAS,GAAT,SAAS,CAAgB;QACzB,YAAO,GAAP,OAAO,CAAc;QACrB,WAAM,GAAN,MAAM,CAA2B;QACjC,gBAAW,GAAX,WAAW,CAAiB;QAC5B,sBAAiB,GAAjB,iBAAiB,CAAmD;QACpE,6BAAwB,GAAxB,wBAAwB,CAGV;QAE/B,IAAI,CAAC,WAAW,GAAG,SAAS,EAAE,UAAU,IAAI,eAAe,CAAC;IAC9D,CAAC;IAEO,KAAK,CAAC,uBAAuB,CACnC,YAA8C,EAC9C,OAAoC;QAEpC,MAAM,kBAAkB,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxD,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,kCAAkC,EACvD,4BAA4B,CAC7B,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC;gBAChD,QAAQ,EAAE,kBAAkB;gBAC5B,gBAAgB,EAAE,YAAY,CAAC,gBAAgB;aAChD,EAAE,OAAO,CAAC,CAAC;YACZ,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,yBAAyB,EAC9C,wCAAwC,CACzC,CAAC;YACJ,CAAC;YACD,OAAO;QACT,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,kCAAkC,EACvD,0FAA0F,CAC3F,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,iCAAiC,EACtD,wBAAwB,CACzB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;QAEvD,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc,EAAE,EAAE;YAClB,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,KAAoC;QACjE,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,uBAAuB,CAAC,CAAC;QAChE,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QAEjD,OAAO,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC;YAC1C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,cAAc;YACd,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACvD,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QAEjD,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc;YACd,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAA8B,EAAE;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;QAErD,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;YAChC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK;YACL,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAA6B;QACnD,MAAM,IAAI,CAAC,uBAAuB,CAAC;YACjC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;SACzC,EAAE;YACD,MAAM,EAAE,eAAe;YACvB,OAAO,EAAE,KAAK,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,eAAe,CAAC,CAAC;QAExD,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,KAAoC;QACjE,MAAM,IAAI,CAAC,uBAAuB,CAAC;YACjC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;SACzC,EAAE;YACD,MAAM,EAAE,uBAAuB;YAC/B,OAAO,EAAE,KAAK,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YACnD,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,oBAAoB,CAAC,uBAAuB,CAAC;YACxD,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;SACvD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,SAAS,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,KAAoC;QACjE,MAAM,IAAI,CAAC,uBAAuB,CAAC;YACjC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;SACzC,EAAE;YACD,MAAM,EAAE,wBAAwB;YAChC,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;YAC/C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS,EAAE,oBAAoB,CAAC,wBAAwB,CAAC;YACzD,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;YACtD,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;SACF,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO,CAAC,CAAC;QACxE,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,CAAC;YACvB,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,2BAA2B,EAChD,6BAA6B,CAC9B,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC,UAAU,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,kCAAkC,CAAC,KAQhD;QACC,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,yBAAyB,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG;YACpB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;SACzB,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC;YAC3C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,aAAa;YACb,WAAW;SACZ,CAAC,CAAC;QACH,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC;YAC1D,OAAO,EAAE,kBAAkB,EAAE;YAC7B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC;YACrD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC,CAAC;QACH,OAAO;YACL,KAAK,EAAE;gBACL,GAAG,KAAK;gBACR,UAAU,EAAE,SAAS;aACtB;YACD,YAAY;SACb,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC;YAC1D,OAAO,EAAE,kBAAkB,EAAE;YAC7B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC;YACrD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC,CAAC;QACH,OAAO;YACL,KAAK,EAAE;gBACL,GAAG,KAAK;gBACR,UAAU,EAAE,SAAS;aACtB;YACD,YAAY;SACb,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,uBAAuB,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC;YACzD,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,WAAW;SACZ,CAAC,CAAC;QACH,OAAO;YACL,GAAG,OAAO;YACV,UAAU,EAAE,SAAS;SACtB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,KAAgC;QACzD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,YAAY,GAAG,uBAAuB,EAAE,CAAC;QAC/C,MAAM,SAAS,GAAG,oBAAoB,CAAC,qBAAqB,CAAC,CAAC;QAE9D,MAAM,UAAU,GAAwD;YACtE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY;YACZ,SAAS,EAAG,KAAK,CAAC,SAAiB,IAAI,eAAe;YACtD,aAAa,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE;YAClE,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,OAAO,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC;YAC3B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,QAAQ,EAAE,WAAW;SACtB,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAC;YACxC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,UAAU;YACV,WAAW;SACZ,CAAC,CAAC;QACH,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAA6B;QACnD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;QACnC,MAAM,SAAS,GAAG,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;QAC/D,MAAM,IAAI,GAAG;YACX,MAAM;YACN,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;YAC5C,cAAc,EAAE,KAAK,CAAC,cAAc;SACrC,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAC;YACxC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,IAAI;YACJ,WAAW;SACZ,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,MAAM;YACN,OAAO,EAAE,IAAI,CAAC,WAAW;YACzB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;YAC5C,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,SAAS,EAAE,WAAW;SACvB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAA6B;QACnD,MAAM,IAAI,CAAC,uBAAuB,CAAC;YACjC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;SACzC,EAAE;YACD,MAAM,EAAE,eAAe;YACvB,OAAO,EAAE,KAAK,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,eAAe,CAAC,CAAC;QAExD,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YAClC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAA8B,EAAE;QACpD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;YAC/C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;SACF,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC5B,GAAG,KAAK;YACR,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,QAAoC,EAAE;QAChE,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;QAE5D,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAA+B,EAAE;QACtD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,KAAiC;QAC3D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;QAE5D,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;SACjC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,KAAkC;QAC7D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,qBAAqB,CAAC,CAAC;QAE9D,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC;YACxC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,KAAmC;QAC/D,OAAO,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAC;YACzC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,4BAA4B,CAAC,KAAwC;QACzE,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,CAAC;QAEpE,OAAO,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC;YAC9C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE;gBACL,SAAS,EAAG,KAAK,CAAC,SAAiB,IAAI,eAAe;gBACtD,aAAa,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE;gBAClE,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,OAAO,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC;gBAC3B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B;YACD,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,kCAAkC;QACtC,OAAO,IAAI,CAAC,MAAM,CAAC,kCAAkC,CAAC;YACpD,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,0BAA0B;QAC9B,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC;YAC5C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,0BAA0B;QAC9B,OAAO,IAAI,CAAC,MAAM,CAAC,+BAA+B,CAAC;YACjD,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,KAAgC;QACzD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC;YACtC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,6BAA6B,CAAC,KAAyC;QAC3E,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC;YAC/C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QACzC,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;YACrC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,4BAA4B,CAAC,SAAiB;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC;YAC9C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB,CAAC,QAAqF;QAC1G,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC;IAED,+BAA+B,CAAC,QAA8F;QAC5H,OAAO,IAAI,CAAC,MAAM,CAAC,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IAC/D,CAAC;CACF;AAED,SAAS,0BAA0B,CAAC,KAAc;IAChD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,CAAC;AACzE,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAsC;IAC/D,OAAO,YAAY,IAAI,KAAK,IAAI,WAAW,IAAI,KAAK,CAAC;AACvD,CAAC;AAED,SAAS,kBAAkB,CAAC,QAA0C,EAAE,MAAoB;IAC1F,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,QAAQ,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAiC;IAC7D,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC3B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU;KAC7C,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAiC;IACjE,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,mCAAmC,EACxD,mEAAmE,CACpE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,kBAAkB,CACnC,OAAO,CAAC,KAAK,EACb,oBAAoB,CAAC,OAAO,CAAC,EAC7B,kBAAkB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,EACzD,OAAO,CAAC,KAAK,IAAI,IAAI,WAAW,EAAE,EAClC,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,gBAAgB,EACxB,OAAO,CAAC,uBAAuB,CAChC,CAAC;IAEF,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACxB,6DAA6D;QAC7D,MAAM,CAAC,0BAA0B,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACzD,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/clients/owner/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACzE,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,eAAe,EAAwB,MAAM,2BAA2B,CAAC;AAClG,OAAO,EAAE,WAAW,EAAc,MAAM,2BAA2B,CAAC;AA0IpE,MAAM,eAAe,GAAG,cAAc,CAAC;AAEvC,MAAM,kBAAkB;IAIH;IACA;IACA;IACA;IACA;IACA;IACA;IATF,WAAW,CAAS;IAErC,YACmB,MAAoB,EACpB,SAAyB,EACzB,OAAqB,EACrB,SAAgB,IAAI,WAAW,EAAE,EACjC,cAAuB,KAAK,EAC5B,iBAAoE,EACpE,wBAGc;QATd,WAAM,GAAN,MAAM,CAAc;QACpB,cAAS,GAAT,SAAS,CAAgB;QACzB,YAAO,GAAP,OAAO,CAAc;QACrB,WAAM,GAAN,MAAM,CAA2B;QACjC,gBAAW,GAAX,WAAW,CAAiB;QAC5B,sBAAiB,GAAjB,iBAAiB,CAAmD;QACpE,6BAAwB,GAAxB,wBAAwB,CAGV;QAE/B,IAAI,CAAC,WAAW,GAAG,SAAS,EAAE,UAAU,IAAI,eAAe,CAAC;IAC9D,CAAC;IAEO,KAAK,CAAC,uBAAuB,CACnC,YAA8C,EAC9C,OAAoC;QAEpC,MAAM,kBAAkB,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxD,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,kCAAkC,EACvD,4BAA4B,CAC7B,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC;gBAChD,QAAQ,EAAE,kBAAkB;gBAC5B,gBAAgB,EAAE,YAAY,CAAC,gBAAgB;aAChD,EAAE,OAAO,CAAC,CAAC;YACZ,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,yBAAyB,EAC9C,wCAAwC,CACzC,CAAC;YACJ,CAAC;YACD,OAAO;QACT,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,kCAAkC,EACvD,0FAA0F,CAC3F,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,iCAAiC,EACtD,wBAAwB,CACzB,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,yBAAyB,CAAC,KAAgC;QAsBhE,IAAI,YAAY,IAAI,KAAK,EAAE,CAAC;YAC1B,OAAO;gBACL,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,UAAU,CAAC,QAAQ;gBAC3D,UAAU,EAAE;oBACV,OAAO,EAAE,KAAK,CAAC,UAAU,CAAC,OAAO;oBACjC,YAAY,EAAE,KAAK,CAAC,UAAU,CAAC,YAAY;oBAC3C,OAAO,EAAE,KAAK,CAAC,UAAU,CAAC,OAAO;oBACjC,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,SAAS;oBACrC,aAAa,EAAE,KAAK,CAAC,UAAU,CAAC,aAAa;oBAC7C,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,SAAS;oBACrC,YAAY,EAAE,KAAK,CAAC,UAAU,CAAC,YAAY;oBAC3C,KAAK,EAAE,KAAK,CAAC,UAAU,CAAC,KAAK;oBAC7B,OAAO,EAAE,KAAK,CAAC,UAAU,CAAC,OAAO;oBACjC,QAAQ,EAAE,KAAK,CAAC,UAAU,CAAC,QAAQ;oBACnC,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,SAAS;oBACrC,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,SAAS;oBACrC,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,SAAS;oBACrC,aAAa,EAAE,KAAK,CAAC,UAAU,CAAC,aAAa;iBAC9C;aACF,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,UAAU,EAAE,KAAK;SAClB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;QAEvD,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc,EAAE,EAAE;YAClB,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,KAAoC;QACjE,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,uBAAuB,CAAC,CAAC;QAChE,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QAEjD,OAAO,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC;YAC1C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,cAAc;YACd,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACvD,MAAM,cAAc,GAAG,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;QAEjD,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc;YACd,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAA8B,EAAE;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;QAErD,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;YAChC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK;YACL,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAA6B;QACnD,MAAM,IAAI,CAAC,uBAAuB,CAAC;YACjC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;SACzC,EAAE;YACD,MAAM,EAAE,eAAe;YACvB,OAAO,EAAE,KAAK,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,eAAe,CAAC,CAAC;QAExD,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,KAAoC;QACjE,MAAM,IAAI,CAAC,uBAAuB,CAAC;YACjC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;SACzC,EAAE;YACD,MAAM,EAAE,uBAAuB;YAC/B,OAAO,EAAE,KAAK,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YACnD,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,oBAAoB,CAAC,uBAAuB,CAAC;YACxD,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;SACvD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,SAAS,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,KAAoC;QACjE,MAAM,IAAI,CAAC,uBAAuB,CAAC;YACjC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;SACzC,EAAE;YACD,MAAM,EAAE,wBAAwB;YAChC,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;YAC/C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS,EAAE,oBAAoB,CAAC,wBAAwB,CAAC;YACzD,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;YACtD,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;SACF,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO,CAAC,CAAC;QACxE,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,CAAC;YACvB,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,2BAA2B,EAChD,6BAA6B,CAC9B,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC,UAAU,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,kCAAkC,CAAC,KAQhD;QACC,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,yBAAyB,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG;YACpB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;SACzB,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC;YAC3C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,aAAa;YACb,WAAW;SACZ,CAAC,CAAC;QACH,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC;YAC1D,OAAO,EAAE,kBAAkB,EAAE;YAC7B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC;YACrD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC,CAAC;QACH,OAAO;YACL,KAAK,EAAE;gBACL,GAAG,KAAK;gBACR,UAAU,EAAE,SAAS;aACtB;YACD,YAAY;SACb,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC;YAC1D,OAAO,EAAE,kBAAkB,EAAE;YAC7B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC;YACrD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC,CAAC;QACH,OAAO;YACL,KAAK,EAAE;gBACL,GAAG,KAAK;gBACR,UAAU,EAAE,SAAS;aACtB;YACD,YAAY;SACb,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAA4B;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,uBAAuB,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC;YACzD,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,WAAW;SACZ,CAAC,CAAC;QACH,OAAO;YACL,GAAG,OAAO;YACV,UAAU,EAAE,SAAS;SACtB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,KAAgC;QACzD,MAAM,UAAU,GAAG,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,WAAW,GAAG,UAAU,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnE,MAAM,YAAY,GAAG,UAAU,CAAC,UAAU,CAAC,YAAY,IAAI,uBAAuB,EAAE,CAAC;QACrF,MAAM,SAAS,GAAG,oBAAoB,CAAC,qBAAqB,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,IAAI,CACnD,UAAU,CAAC,UAAU,CAAC,aAAa,KAAK,SAAS;YAC/C,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,aAAa,CACzC,CAAC;QAEF,MAAM,UAAU,GAAwD;YACtE,OAAO,EAAE,UAAU,CAAC,UAAU,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO;YAC7D,OAAO,EAAE,UAAU,CAAC,UAAU,CAAC,OAAO;YACtC,YAAY;YACZ,SAAS,EAAG,UAAU,CAAC,UAAU,CAAC,SAAiB,IAAI,eAAe;YACtE,aAAa,EAAE,UAAU,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS;YACzG,SAAS,EAAE,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;YAC7F,YAAY,EAAE,UAAU,CAAC,UAAU,CAAC,YAAY;YAChD,KAAK,EAAE,UAAU,CAAC,UAAU,CAAC,KAAK;YAClC,OAAO,EAAE,CAAC,GAAG,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC;YAC3C,SAAS,EAAE,UAAU,CAAC,UAAU,CAAC,SAAS;YAC1C,SAAS,EAAE,UAAU,CAAC,UAAU,CAAC,SAAS;YAC1C,SAAS;YACT,QAAQ,EAAE,UAAU,CAAC,UAAU,CAAC,QAAQ,IAAI,WAAW;SACxD,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAC;YACxC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,UAAU;YACV,WAAW;SACZ,CAAC,CAAC;QACH,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAA6B;QACnD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;QACnC,MAAM,SAAS,GAAG,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;QAC/D,MAAM,IAAI,GAAG;YACX,MAAM;YACN,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;YAC5C,cAAc,EAAE,KAAK,CAAC,cAAc;SACrC,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAC;YACxC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,IAAI;YACJ,WAAW;SACZ,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,MAAM;YACN,OAAO,EAAE,IAAI,CAAC,WAAW;YACzB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;YAC5C,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,SAAS,EAAE,WAAW;SACvB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAA6B;QACnD,MAAM,IAAI,CAAC,uBAAuB,CAAC;YACjC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;SACzC,EAAE;YACD,MAAM,EAAE,eAAe;YACvB,OAAO,EAAE,KAAK,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,eAAe,CAAC,CAAC;QAExD,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YAClC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAA8B,EAAE;QACpD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;YAC/C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;SACF,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC5B,GAAG,KAAK;YACR,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,QAAoC,EAAE;QAChE,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;QAE5D,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAA+B,EAAE;QACtD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,KAAiC;QAC3D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;QAE5D,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;SACjC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,KAAkC;QAC7D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,qBAAqB,CAAC,CAAC;QAE9D,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC;YACxC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,KAAmC;QAC/D,OAAO,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAC;YACzC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,EAAE,EAAE,IAAI,CAAC,WAAW;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,4BAA4B,CAAC,KAAwC;QACzE,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,CAAC;QAEpE,OAAO,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC;YAC9C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE;gBACL,SAAS,EAAG,KAAK,CAAC,SAAiB,IAAI,eAAe;gBACtD,aAAa,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE;gBAClE,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,OAAO,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC;gBAC3B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B;YACD,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,kCAAkC;QACtC,OAAO,IAAI,CAAC,MAAM,CAAC,kCAAkC,CAAC;YACpD,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,0BAA0B;QAC9B,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC;YAC5C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,0BAA0B;QAC9B,OAAO,IAAI,CAAC,MAAM,CAAC,+BAA+B,CAAC;YACjD,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,KAAgC;QACzD,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC;YACtC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,6BAA6B,CAAC,KAAyC;QAC3E,OAAO,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC;YAC/C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QACzC,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;YACrC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,4BAA4B,CAAC,SAAiB;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC;YAC9C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS;YACT,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB,CAAC,QAAqF;QAC1G,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC;IAED,+BAA+B,CAAC,QAA8F;QAC5H,OAAO,IAAI,CAAC,MAAM,CAAC,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IAC/D,CAAC;CACF;AAED,SAAS,0BAA0B,CAAC,KAAc;IAChD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,CAAC;AACzE,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAsC;IAC/D,OAAO,YAAY,IAAI,KAAK,IAAI,WAAW,IAAI,KAAK,CAAC;AACvD,CAAC;AAED,SAAS,kBAAkB,CAAC,QAA0C,EAAE,MAAoB;IAC1F,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,QAAQ,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAiC;IAC7D,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC3B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU;KAC7C,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAiC;IACjE,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,gBAAgB,CACxB,oBAAoB,CAAC,mCAAmC,EACxD,mEAAmE,CACpE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,kBAAkB,CACnC,OAAO,CAAC,KAAK,EACb,oBAAoB,CAAC,OAAO,CAAC,EAC7B,kBAAkB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,EACzD,OAAO,CAAC,KAAK,IAAI,IAAI,WAAW,EAAE,EAClC,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,gBAAgB,EACxB,OAAO,CAAC,uBAAuB,CAChC,CAAC;IAEF,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACxB,6DAA6D;QAC7D,MAAM,CAAC,0BAA0B,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACzD,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/clients/owner/contracts.d.ts

@@ -76,16 +76,27 @@ export interface VaultGrantCapabilityInput {
     agentId: string;
     operation?: string;
     secretAliases?: readonly string[];
+    secretIds?: readonly string[];
+    customFlowId?: string;
     scope: string;
     methods: readonly string[];
+    expiresAt?: string;
     expiresIn?: number;
     rateLimit?: {
         maxRequests: number;
         windowMs: number;
     };
     skipAudit?: boolean;
+    auditRequired?: boolean;
+    requestedAt?: string;
+}
+export interface VaultGrantCapabilityRequest {
+    capability: import("../../vault-core/index.js").AgentCapability & {
+        auditRequired?: boolean;
+    };
     requestedAt?: string;
 }
+export type OwnerGrantCapabilityInput = VaultGrantCapabilityInput | VaultGrantCapabilityRequest;
 export interface VaultApproveDispatchInput {
     requestId: string;
     permanent?: boolean;
@@ -166,7 +177,7 @@ export interface VaultClient {
     ownerExportSecret(input: VaultExportSecretInput): Promise<import("../../vault-core/index.js").OwnerSecretExport>;
     ownerReadSecretPlaintext(input: VaultReadSecretPlaintextInput): Promise<string>;
     ownerReadAgentPrivateKey(input: VaultReadAgentPrivateKeyInput): Promise<string>;
-    ownerGrantCapability(input: VaultGrantCapabilityInput): Promise<import("../../vault-core/index.js").AgentCapability>;
+    ownerGrantCapability(input: OwnerGrantCapabilityInput): Promise<import("../../vault-core/index.js").AgentCapability>;
     ownerReadAudit(query?: VaultAuditQueryInput): Promise<readonly import("../../vault-core/index.js").AuditEntry[]>;
     ownerImportAgent(input: VaultImportAgentInput): Promise<OwnerAgentProvisionResult>;
     ownerCreateAgent(input: VaultCreateAgentInput): Promise<OwnerAgentProvisionResult>;

package/dist/clients/owner/index.d.ts

@@ -1,4 +1,4 @@
 export { createVaultClient } from "./client.js";
 export { OwnerClientError, OwnerClientErrorCode } from "../../errors.js";
 export type { VaultClient, CreateVaultClientOptions, VaultIdentity, VaultSigner, } from "./client.js";
-export type { VaultAuditQueryInput, OwnerDefineSecretTargetsInput, VaultExportSecretInput, VaultReadSecretPlaintextInput, VaultReadAgentPrivateKeyInput, OwnerSensitiveActionConfirmation, OwnerSensitiveActionContext, VaultGrantCapabilityInput, VaultRegisterFlowInput, VaultImportAgentInput, VaultCreateAgentInput, OwnerAgentProvisionResult, OwnerSecretTargetBinding, OwnerStoreSecretInput, OwnerWriteSecretInput, VaultDeleteSecretInput, VaultUpdateAgentInput, VaultListAgentsInput, VaultListCapabilitiesInput, VaultListSecretsInput, VaultRevokeCapabilityInput, VaultIssueSessionTokenInput, VaultRevokeSessionTokenInput, VaultSubmitCapabilityRequestInput, VaultApproveCapabilityRequestInput, VaultApproveDispatchInput, } from "./contracts.js";
+export type { VaultAuditQueryInput, OwnerDefineSecretTargetsInput, VaultExportSecretInput, VaultReadSecretPlaintextInput, VaultReadAgentPrivateKeyInput, OwnerSensitiveActionConfirmation, OwnerSensitiveActionContext, VaultGrantCapabilityInput, VaultGrantCapabilityRequest, OwnerGrantCapabilityInput, VaultRegisterFlowInput, VaultImportAgentInput, VaultCreateAgentInput, OwnerAgentProvisionResult, OwnerSecretTargetBinding, OwnerStoreSecretInput, OwnerWriteSecretInput, VaultDeleteSecretInput, VaultUpdateAgentInput, VaultListAgentsInput, VaultListCapabilitiesInput, VaultListSecretsInput, VaultRevokeCapabilityInput, VaultIssueSessionTokenInput, VaultRevokeSessionTokenInput, VaultSubmitCapabilityRequestInput, VaultApproveCapabilityRequestInput, VaultApproveDispatchInput, } from "./contracts.js";

package/dist/runtime/index.d.ts

@@ -12,8 +12,9 @@ export { createIdentity, restoreIdentity, type CreateIdentityOptions, type Resto
 export { readVaultProfile, writeVaultProfile, type VaultProfile, } from "./vault-metadata.js";
 export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
 export { createVault, recoverVault, listVaults, updateVaultMetadata, type CreateVaultOptions, type CreatedVault, type RecoverVaultOptions, type RecoveredVault, type VaultObject, type VaultMetadata, } from "./bootstrap.js";
+export { createOwnerSession, type OwnerSession, type CreateOwnerSessionOptions, } from "./owner-session.js";
 export { createVaultCore, VaultCore, VaultCoreError, createVaultCoreDependencies, type VaultCoreDependenciesOptions, type DefaultPolicyEngineOptions, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, type InitializeVaultCustodyOptions, type InitializedVaultCustody, type CreatePersistentVaultCoreDependenciesOptions, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, } from "../vault-core/index.js";
-export { createVaultClient, type VaultClient, type CreateVaultClientOptions, type VaultIdentity, type VaultSigner, type VaultAuditQueryInput, type OwnerDefineSecretTargetsInput, type VaultExportSecretInput, type VaultReadSecretPlaintextInput, type VaultReadAgentPrivateKeyInput, type OwnerSensitiveActionConfirmation, type OwnerSensitiveActionContext, type VaultGrantCapabilityInput, type VaultRegisterFlowInput, type VaultImportAgentInput, type VaultCreateAgentInput, type OwnerAgentProvisionResult, type OwnerSecretTargetBinding, type OwnerStoreSecretInput, type OwnerWriteSecretInput, type VaultDeleteSecretInput, type VaultUpdateAgentInput, type VaultListAgentsInput, type VaultListCapabilitiesInput, type VaultListSecretsInput, type VaultRevokeCapabilityInput, type VaultIssueSessionTokenInput, type VaultRevokeSessionTokenInput, type VaultSubmitCapabilityRequestInput, type VaultApproveCapabilityRequestInput, type VaultApproveDispatchInput, } from "../clients/owner/index.js";
+export { createVaultClient, type VaultClient, type CreateVaultClientOptions, type VaultIdentity, type VaultSigner, type VaultAuditQueryInput, type OwnerDefineSecretTargetsInput, type VaultExportSecretInput, type VaultReadSecretPlaintextInput, type VaultReadAgentPrivateKeyInput, type OwnerSensitiveActionConfirmation, type OwnerSensitiveActionContext, type VaultGrantCapabilityInput, type VaultGrantCapabilityRequest, type OwnerGrantCapabilityInput, type VaultRegisterFlowInput, type VaultImportAgentInput, type VaultCreateAgentInput, type OwnerAgentProvisionResult, type OwnerSecretTargetBinding, type OwnerStoreSecretInput, type OwnerWriteSecretInput, type VaultDeleteSecretInput, type VaultUpdateAgentInput, type VaultListAgentsInput, type VaultListCapabilitiesInput, type VaultListSecretsInput, type VaultRevokeCapabilityInput, type VaultIssueSessionTokenInput, type VaultRevokeSessionTokenInput, type VaultSubmitCapabilityRequestInput, type VaultApproveCapabilityRequestInput, type VaultApproveDispatchInput, } from "../clients/owner/index.js";
 export { createAgentClient, type AgentClient, type CreateAgentClientOptions, type AgentIdentity, type AgentCapabilityEnvelope, type AgentDispatchIntent, type AgentDispatchTransport, type AgentSigner, type AgentSubmitCapabilityRequestInput, type AgentVisibleSecretRecord, } from "../clients/agent/index.js";
 export { createVaultService, wrapVaultCoreAsVaultService, createOwnerHttpFlowBoundary, createStandardAcquireBoundary, createStandardDispatchBoundary, AgentDispatchHttpTransport, handleVaultHttpDispatch, handleVaultAgentControlHttp, } from "../vault-ingress/index.js";
 export { LocalVaultTransport } from "../vault-ingress/defaults.js";
@@ -36,6 +37,7 @@ export interface CbioRuntime {
     listVaults: typeof import("./bootstrap.js").listVaults;
     createVault: typeof import("./bootstrap.js").createVault;
     recoverVault: typeof import("./bootstrap.js").recoverVault;
+    createOwnerSession: typeof import("./owner-session.js").createOwnerSession;
     deriveVaultWorkingKeyFromPassword: typeof import("../protocol/crypto.js").deriveVaultWorkingKeyFromPassword;
     createVaultClient: typeof import("../clients/owner/index.js").createVaultClient;
     createAgentClient: typeof import("../clients/agent/index.js").createAgentClient;

package/dist/runtime/index.js

@@ -11,6 +11,7 @@ export { createIdentity, restoreIdentity, } from "./identity.js";
 export { readVaultProfile, writeVaultProfile, } from "./vault-metadata.js";
 export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-storage.js";
 export { createVault, recoverVault, listVaults, updateVaultMetadata, } from "./bootstrap.js";
+export { createOwnerSession, } from "./owner-session.js";
 export { createVaultCore, VaultCore, VaultCoreError, createVaultCoreDependencies, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultCapabilityRegistry, PersistentVaultCapabilityRevocationRegistry, PersistentVaultCustomHttpFlowRegistry, PersistentVaultRateLimitStore, PersistentVaultReplayGuard, PersistentVaultSecretCustody, PersistentVaultSecretRepository, } from "../vault-core/index.js";
 export { createVaultClient, } from "../clients/owner/index.js";
 export { createAgentClient, } from "../clients/agent/index.js";

package/dist/runtime/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,EAAE,eAAe,EAAE,WAAW,EAAe,iCAAiC,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,WAAW,EACX,YAAY,EACZ,UAAU,EACV,mBAAmB,GAOpB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,eAAe,EACf,SAAS,EACT,cAAc,EACd,2BAA2B,EAG3B,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,GAChC,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GA+BlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAUlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,0BAA0B,EAC1B,uBAAuB,EACvB,2BAA2B,GAC5B,MAAM,2BAA2B,CAAC;AACnC;;;GAGG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,EAAE,eAAe,EAAE,WAAW,EAAe,iCAAiC,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,WAAW,EACX,YAAY,EACZ,UAAU,EACV,mBAAmB,GAOpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,kBAAkB,GAGnB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,SAAS,EACT,cAAc,EACd,2BAA2B,EAG3B,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,iCAAiC,EACjC,2CAA2C,EAC3C,qCAAqC,EACrC,6BAA6B,EAC7B,0BAA0B,EAC1B,4BAA4B,EAC5B,+BAA+B,GAChC,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GAiClB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAUlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,EAC9B,0BAA0B,EAC1B,uBAAuB,EACvB,2BAA2B,GAC5B,MAAM,2BAA2B,CAAC;AACnC;;;GAGG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC"}

package/dist/runtime/owner-session.d.ts

@@ -0,0 +1,26 @@
+import type { Clock } from "../vault-core/index.js";
+import type { VaultClient, VaultIdentity, VaultSigner } from "../clients/owner/client.js";
+import type { OwnerSensitiveActionConfirmation, OwnerSensitiveActionContext } from "../clients/owner/contracts.js";
+import type { IStorageProvider } from "../storage/provider.js";
+import type { CreatedIdentity } from "./identity.js";
+import { type RecoverVaultOptions, type RecoveredVault } from "./bootstrap.js";
+export interface OwnerSession {
+    readonly vaultId: string;
+    readonly storage: IStorageProvider;
+    readonly nickname?: string;
+    isValid(): boolean;
+    invalidate(): void;
+    refresh(): Promise<RecoveredVault>;
+    vault(): Promise<RecoveredVault>;
+    client(): Promise<VaultClient>;
+    withClient<T>(callback: (client: VaultClient, vault: RecoveredVault) => Promise<T> | T): Promise<T>;
+}
+export interface CreateOwnerSessionOptions extends RecoverVaultOptions {
+    ownerIdentity?: CreatedIdentity | VaultIdentity;
+    signer?: VaultSigner;
+    clock?: Clock;
+    skipWarmup?: boolean;
+    sensitiveActionVerifier?: (confirmation: OwnerSensitiveActionConfirmation, context: OwnerSensitiveActionContext) => Promise<boolean> | boolean;
+}
+export declare function createOwnerSession(storage: IStorageProvider | string, options: CreateOwnerSessionOptions): OwnerSession;
+export declare function createOwnerSession(options: CreateOwnerSessionOptions): OwnerSession;

package/dist/runtime/owner-session.js

@@ -0,0 +1,89 @@
+import { createVaultClient } from "../clients/owner/client.js";
+import { FsStorageProvider } from "../storage/fs.js";
+import { recoverVault } from "./bootstrap.js";
+import { createWorkspaceStorage } from "./workspace-storage.js";
+class DefaultOwnerSession {
+    storage;
+    _options;
+    _invalidated = false;
+    _cachedVaultPromise;
+    _nickname;
+    constructor(storage, _options) {
+        this.storage = storage;
+        this._options = _options;
+    }
+    get vaultId() {
+        return this._options.vaultId;
+    }
+    get nickname() {
+        return this._nickname;
+    }
+    isValid() {
+        return !this._invalidated;
+    }
+    invalidate() {
+        this._invalidated = true;
+        this._cachedVaultPromise = undefined;
+    }
+    async refresh() {
+        this._assertValid();
+        this._cachedVaultPromise = undefined;
+        return this.vault();
+    }
+    async vault() {
+        this._assertValid();
+        if (!this._cachedVaultPromise) {
+            this._cachedVaultPromise = recoverVault(this.storage, this._options).then((vault) => {
+                this._nickname = vault.nickname;
+                return vault;
+            });
+        }
+        return this._cachedVaultPromise;
+    }
+    async client() {
+        const vault = await this.vault();
+        this._assertValid();
+        return this._createClient(vault);
+    }
+    async withClient(callback) {
+        const vault = await this.vault();
+        this._assertValid();
+        return callback(this._createClient(vault), vault);
+    }
+    _assertValid() {
+        if (this._invalidated) {
+            throw new Error(`OwnerSession for vault '${this._options.vaultId}' has been invalidated`);
+        }
+    }
+    _createClient(vault) {
+        const clientOptions = {
+            vault: vault.vault,
+            ownerIdentity: this._options.ownerIdentity,
+            signer: this._options.signer,
+            clock: this._options.clock,
+            skipWarmup: this._options.skipWarmup,
+            passwordVerifier: vault.verifyPassword,
+            sensitiveActionVerifier: this._options.sensitiveActionVerifier,
+        };
+        return createVaultClient(clientOptions);
+    }
+}
+function resolveOwnerSessionStorage(storageOrOptions, maybeOptions) {
+    if (maybeOptions) {
+        return {
+            storage: typeof storageOrOptions === "string"
+                ? new FsStorageProvider(storageOrOptions)
+                : storageOrOptions,
+            options: maybeOptions,
+        };
+    }
+    return {
+        storage: createWorkspaceStorage(),
+        options: storageOrOptions,
+    };
+}
+export function createOwnerSession(storageOrOptions, maybeOptions) {
+    const { storage, options } = resolveOwnerSessionStorage(storageOrOptions, maybeOptions);
+    return new DefaultOwnerSession(storage, options);
+}
+//# sourceMappingURL=owner-session.js.map

package/dist/runtime/owner-session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"owner-session.js","sourceRoot":"","sources":["../../src/runtime/owner-session.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,YAAY,EAAiD,MAAM,gBAAgB,CAAC;AAC7F,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAyBhE,MAAM,mBAAmB;IAMZ;IACQ;IANX,YAAY,GAAG,KAAK,CAAC;IACrB,mBAAmB,CAAsC;IACzD,SAAS,CAAqB;IAEtC,YACW,OAAyB,EACjB,QAAmC;QAD3C,YAAO,GAAP,OAAO,CAAkB;QACjB,aAAQ,GAAR,QAAQ,CAA2B;IACnD,CAAC;IAEJ,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,OAAO;QACL,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC;IAC5B,CAAC;IAED,UAAU;QACR,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;QACrC,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC9B,IAAI,CAAC,mBAAmB,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;gBAClF,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC;gBAChC,OAAO,KAAK,CAAC;YACf,CAAC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC,mBAAmB,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACjC,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,UAAU,CAAI,QAAwE;QAC1F,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACjC,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;IACpD,CAAC;IAEO,YAAY;QAClB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,QAAQ,CAAC,OAAO,wBAAwB,CAAC,CAAC;QAC5F,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,KAAqB;QACzC,MAAM,aAAa,GAA6B;YAC9C,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,aAAa;YAC1C,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;YAC5B,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK;YAC1B,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU;YACpC,gBAAgB,EAAE,KAAK,CAAC,cAAc;YACtC,uBAAuB,EAAE,IAAI,CAAC,QAAQ,CAAC,uBAAuB;SAC/D,CAAC;QACF,OAAO,iBAAiB,CAAC,aAAa,CAAC,CAAC;IAC1C,CAAC;CACF;AAED,SAAS,0BAA0B,CACjC,gBAAuE,EACvE,YAAwC;IAExC,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,OAAO,gBAAgB,KAAK,QAAQ;gBAC3C,CAAC,CAAC,IAAI,iBAAiB,CAAC,gBAAgB,CAAC;gBACzC,CAAC,CAAC,gBAAoC;YACxC,OAAO,EAAE,YAAY;SACtB,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,sBAAsB,EAAE;QACjC,OAAO,EAAE,gBAA6C;KACvD,CAAC;AACJ,CAAC;AAOD,MAAM,UAAU,kBAAkB,CAChC,gBAAuE,EACvE,YAAwC;IAExC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,0BAA0B,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC;IACxF,OAAO,IAAI,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACnD,CAAC"}

package/dist/vault-core/core.d.ts

@@ -9,6 +9,7 @@ export declare class VaultCore {
     private readonly _pendingObservers;
     private readonly _pendingCapabilityObservers;
     constructor(_deps: VaultCoreDependencies);
+    private _assertOwnerPrincipal;
     get vaultId(): VaultId;
     private _appendAudit;
     private _appendDecisionAudit;

package/dist/vault-core/core.js

@@ -2,6 +2,7 @@ import { AuditAction, AuditOutcome, DispatchStatus, } from "./contracts.js";
 import { VaultCoreError } from "./errors.js";
 import { verifySignature } from "../protocol/crypto.js";
 import { getAgentToolbox } from "./tool-metadata.js";
+const VAULT_MASTER_ID = "vault-master";
 function toAuditEntry(deps, actor, action, outcome, detail, options) {
     return {
         entryId: deps.ids.newAuditEntryId(),
@@ -35,11 +36,37 @@ function buildSecretRecord(deps, command) {
         updatedAt: now,
     };
 }
+function normalizeScopeTarget(targetUrl) {
+    try {
+        const parsed = new URL(targetUrl);
+        if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+            return null;
+        }
+        parsed.protocol = parsed.protocol.toLowerCase();
+        parsed.hostname = parsed.hostname.toLowerCase();
+        parsed.hash = "";
+        parsed.search = "";
+        if ((parsed.protocol === "https:" && parsed.port === "443") || (parsed.protocol === "http:" && parsed.port === "80")) {
+            parsed.port = "";
+        }
+        parsed.pathname = parsed.pathname || "/";
+        return parsed.toString();
+    }
+    catch {
+        return null;
+    }
+}
 function isScopeMatch(scope, targetUrl) {
+    const normalizedTarget = normalizeScopeTarget(targetUrl);
+    if (!normalizedTarget) {
+        return false;
+    }
     if (scope.endsWith("*")) {
-        return targetUrl.startsWith(scope.slice(0, -1));
+        const normalizedPrefix = normalizeScopeTarget(scope.slice(0, -1));
+        return normalizedPrefix ? normalizedTarget.startsWith(normalizedPrefix) : false;
     }
-    return scope === targetUrl;
+    const normalizedScope = normalizeScopeTarget(scope);
+    return normalizedScope === normalizedTarget;
 }
 function createAgentControlBinding(requestId, requestedAt, agentId, action, payload = {}) {
     return JSON.stringify({
@@ -61,6 +88,11 @@ export class VaultCore {
     constructor(_deps) {
         this._deps = _deps;
     }
+    _assertOwnerPrincipal(actor, code = "VAULT_AUDIT_DENIED") {
+        if (actor.kind !== "owner" || actor.id !== VAULT_MASTER_ID) {
+            throw new VaultCoreError("owner access denied", code);
+        }
+    }
     get vaultId() {
         return this._deps.vaultId;
     }
@@ -482,7 +514,11 @@ export class VaultCore {
             return { vaultId: this._deps.vaultId, decision: "deny", reason: "agent not found", secretId: null, executorTarget: null };
         }
         const capabilities = await this._deps.capabilities.list(this._deps.vaultId, request.agent.id);
-        const capability = capabilities.find(cap => this.isCapabilityMatch(cap, request));
+        const requestedCapabilityId = request.capability?.capabilityId;
+        const candidateCapabilities = requestedCapabilityId
+            ? capabilities.filter((cap) => cap.capabilityId === requestedCapabilityId)
+            : capabilities;
+        const capability = candidateCapabilities.find((cap) => this.isCapabilityMatch(cap, request, record?.secretId.value));
         const executorTarget = record
             ? record.targetBindings.find((binding) => binding.targetUrl === request.targetUrl)
                 ?? record.targetBindings.find((binding) => binding.targetId === request.targetUrl)
@@ -524,6 +560,26 @@ export class VaultCore {
                 executorTarget,
             };
         }
+        try {
+            await this._deps.policy.authorizeDispatch({
+                ...request,
+                capability,
+            }, record);
+        }
+        catch (error) {
+            const detail = error instanceof Error ? error.message : String(error);
+            await this._appendDecisionAudit(request, AuditOutcome.DENIED, detail, {
+                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretId: record?.secretId.value,
+            });
+            return {
+                vaultId: this._deps.vaultId,
+                decision: "deny",
+                reason: detail,
+                secretId: record?.secretId ?? null,
+                executorTarget,
+            };
+        }
         // Capability found, proceed
         if (!capability.skipAudit) {
             await this._appendDecisionAudit(request, AuditOutcome.ALLOWED, "dispatch authorized", {
@@ -585,11 +641,13 @@ export class VaultCore {
         };
     }
     async ownerReadAudit(actor, query, request) {
+        this._assertOwnerPrincipal(actor, "VAULT_AUDIT_DENIED");
         const entries = await this._deps.audit.query(query);
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.READ_AUDIT, AuditOutcome.ALLOWED, "audit queried"));
         return entries;
     }
     async ownerExportSecret(actor, alias, request) {
+        this._assertOwnerPrincipal(actor, "VAULT_AUDIT_DENIED");
         try {
             const record = await this._deps.secrets.getByAlias({ value: alias });
             if (!record) {
@@ -622,10 +680,14 @@ export class VaultCore {
             throw error;
         }
     }
-    isCapabilityMatch(capability, request) {
-        // Basic Iron Triangle match
-        if (request.secretAlias && !capability.secretAliases?.includes(request.secretAlias)) {
-            return false;
+    isCapabilityMatch(capability, request, secretId) {
+        // Match either alias- or id-based capability grants when a secret is specified.
+        if (request.secretAlias) {
+            const aliasMatched = capability.secretAliases?.includes(request.secretAlias) ?? false;
+            const idMatched = secretId ? (capability.secretIds?.includes(secretId) ?? false) : false;
+            if (!aliasMatched && !idMatched) {
+                return false;
+            }
         }
         if (request.method && capability.methods?.length > 0 && !capability.methods.includes(request.method)) {
             return false;