@trenchwork/coder 1.4.0 → 1.5.0

package/dist/core/hostedAuth.js

@@ -1,219 +0,0 @@
-/**
- * Hosted-key access — the CLIENT side of "optional sign-in unlocks hosted keys,
- * or bring your own." Keys NEVER ship in this client (Project Glasswing); they
- * live only in the ero.solar AWS backend, exactly like the Tavily search proxy
- * already does (see src/tools/webTools.ts). Sign-in mints a short-lived token;
- * the proxies validate it and use the operator keys.
- *
- * ── CONTRACT (the ero.solar backend implements this; this file codes against it) ──
- *   Sign-in (loopback OAuth, increment 2):
- *     open  https://ero.solar/cli/login?port=<loopbackPort>&state=<csrf>
- *     → Google SSO → 302 http://127.0.0.1:<port>/cb?token=<jwt>&email=<e>&state=<csrf>
- *   DeepSeek (hosted): POST {HOSTED_DEEPSEEK_PROXY}  header `Authorization: Bearer <token>`
- *   Tavily   (hosted): the existing tavilySearch proxy, same Bearer token
- *   The token is short-lived and server-validated; if it 401s the CLI drops to
- *   "signed out" and asks the user to /login again or use their own key.
- *
- * THIS MODULE is state + resolution only (increment 1, fully testable). The live
- * sign-in flow and the provider→proxy wiring are increment 2 (backend-gated).
- */
-import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync, rmSync } from 'node:fs';
-import { createServer } from 'node:http';
-import { randomBytes } from 'node:crypto';
-import { homedir } from 'node:os';
-import { join, resolve } from 'node:path';
-import { getSecretValue } from './secretStore.js';
-// Contract endpoints (the backend the user is building must match these).
-export const HOSTED_LOGIN_URL = 'https://ero.solar/cli/login';
-export const HOSTED_DEEPSEEK_PROXY = 'https://ero.solar/api/deepseek';
-// Resolved per call (not captured at module load) so TRENCHWORK_HOME changes —
-// and tests pointing at a temp dir — take effect.
-function homeDir() {
-    return process.env['TRENCHWORK_HOME'] ? resolve(process.env['TRENCHWORK_HOME']) : join(homedir(), '.trenchwork');
-}
-function sessionFile() {
-    return join(homeDir(), 'session.json');
-}
-function readFile() {
-    // Read the on-disk session first (the future /login writes it; it also holds
-    // the own/hosted preference), then let env override the token+email — env
-    // lets tests/CI inject a session without touching disk, while still honouring
-    // a stored preference.
-    let data = {};
-    const file = sessionFile();
-    if (existsSync(file)) {
-        try {
-            const parsed = JSON.parse(readFileSync(file, 'utf8'));
-            if (parsed && typeof parsed === 'object')
-                data = parsed;
-        }
-        catch { /* corrupt → treat as empty */ }
-    }
-    const envToken = process.env['TRENCHWORK_HOSTED_TOKEN']?.trim();
-    if (envToken) {
-        data.token = envToken;
-        data.email = process.env['TRENCHWORK_HOSTED_EMAIL']?.trim() || 'you@hosted';
-    }
-    return data;
-}
-function writeFile(data) {
-    const file = sessionFile();
-    mkdirSync(homeDir(), { recursive: true, mode: 0o700 });
-    const tmp = `${file}.${process.pid}.tmp`;
-    writeFileSync(tmp, JSON.stringify(data, null, 2) + '\n', { mode: 0o600 });
-    renameSync(tmp, file);
-}
-/** The active hosted session (token + email), or null when signed out. */
-export function getHostedSession() {
-    const f = readFile();
-    return f.token ? { token: f.token, email: f.email || 'you@hosted' } : null;
-}
-/** Persist a hosted session (called by /login once the backend returns a token). */
-export function setHostedSession(session) {
-    const f = readFile();
-    writeFile({ ...f, token: session.token, email: session.email });
-}
-/** Sign out: drop the token but keep the own/hosted preference. */
-export function clearHostedSession() {
-    const f = readFile();
-    delete f.token;
-    delete f.email;
-    if (Object.keys(f).length === 0) {
-        try {
-            rmSync(sessionFile(), { force: true });
-        }
-        catch { /* ignore */ }
-        return;
-    }
-    writeFile(f);
-}
-export function prefersOwnKeys() {
-    return readFile().preferOwnKeys === true;
-}
-export function setPreferOwnKeys(value) {
-    writeFile({ ...readFile(), preferOwnKeys: value });
-}
-/**
- * Resolve which keys are in effect. Preference order: an explicit "use my own
- * keys" wins when the user actually has a DeepSeek key; otherwise a hosted
- * session is used; otherwise the user's own key; otherwise nothing is set up.
- */
-export function resolveKeyMode() {
-    const session = getHostedSession();
-    const ownDeepSeek = Boolean(getSecretValue('DEEPSEEK_API_KEY'));
-    const ownTavily = Boolean(getSecretValue('TAVILY_API_KEY'));
-    const preferOwnKeys = prefersOwnKeys();
-    let mode;
-    if (preferOwnKeys && ownDeepSeek)
-        mode = 'own';
-    else if (session)
-        mode = 'hosted';
-    else if (ownDeepSeek)
-        mode = 'own';
-    else
-        mode = 'none';
-    return { mode, email: session?.email ?? null, signedIn: Boolean(session), ownDeepSeek, ownTavily, preferOwnKeys };
-}
-/**
- * The dim welcome/banner line that makes the active key source unmistakable —
- * the user must be able to see at a glance whether they're on hosted keys or
- * their own. Returns null in 'none' mode (the welcome already shows key setup).
- */
-export function keyModeLine(status = resolveKeyMode()) {
-    switch (status.mode) {
-        case 'hosted':
-            return `Signed in as ${status.email} · using hosted keys` +
-                (status.ownDeepSeek ? ' · /account to use your own' : '');
-        case 'own': {
-            const tav = status.ownTavily ? 'Tavily ✓' : 'Tavily (shared proxy)';
-            const base = `Using your own keys · DeepSeek ✓ · ${tav}`;
-            return status.signedIn ? `${base} · /account to use hosted` : base;
-        }
-        default:
-            return null;
-    }
-}
-/**
- * Resolve the DeepSeek endpoint the provider should use. Hosted mode routes
- * through the ero.solar proxy authenticated by the short-lived sign-in token
- * (the real key lives only server-side, Glasswing); otherwise the user's own
- * key hits the API directly. `apiKey` is '' in 'none' mode (caller errors).
- */
-export function resolveDeepSeekEndpoint() {
-    const status = resolveKeyMode();
-    if (status.mode === 'hosted') {
-        const session = getHostedSession();
-        if (session)
-            return { apiKey: session.token, baseURL: HOSTED_DEEPSEEK_PROXY, mode: 'hosted' };
-    }
-    const userKey = (process.env['DEEPSEEK_API_KEY'] || '').trim();
-    if (userKey) {
-        return { apiKey: userKey, baseURL: process.env['DEEPSEEK_BASE_URL'] || 'https://api.deepseek.com', mode: 'own' };
-    }
-    return { apiKey: '', baseURL: '', mode: 'none' };
-}
-/**
- * Loopback-OAuth sign-in (the contract's increment 2). Starts a one-shot
- * 127.0.0.1 server on an ephemeral port, opens the browser to the ero.solar
- * Google-SSO login URL with that port + a CSRF state, and waits for the
- * redirect back to /cb?token=&email=&state=. On match it persists the hosted
- * session. The browser launch is injected (`open`) so the flow is testable
- * against the REAL loopback server without a real browser.
- *
- * Requires the ero.solar backend (SSO + token mint + redirect) to be live; with
- * no backend the browser opens to a not-yet-served endpoint and the wait times
- * out — the caller surfaces that honestly.
- */
-export function loginViaLoopback(opts) {
-    const state = randomBytes(16).toString('hex');
-    const loginUrl = opts.loginUrl ?? HOSTED_LOGIN_URL;
-    return new Promise((resolveP) => {
-        let settled = false;
-        const finish = (result) => {
-            if (settled)
-                return;
-            settled = true;
-            clearTimeout(timer);
-            try {
-                server.close();
-            }
-            catch { /* ignore */ }
-            resolveP(result);
-        };
-        const server = createServer((req, res) => {
-            const url = new URL(req.url ?? '/', 'http://127.0.0.1');
-            if (url.pathname !== '/cb') {
-                res.writeHead(404);
-                res.end('not found');
-                return;
-            }
-            const token = url.searchParams.get('token') ?? '';
-            const email = url.searchParams.get('email') ?? '';
-            const gotState = url.searchParams.get('state') ?? '';
-            const okPage = '<!doctype html><meta charset="utf-8"><body style="font:16px system-ui;padding:3rem">'
-                + 'Signed in to Trenchwork Coder. You can close this tab and return to the terminal.</body>';
-            res.writeHead(200, { 'content-type': 'text/html' });
-            res.end(okPage);
-            if (gotState !== state) {
-                finish({ ok: false, error: 'state mismatch — sign-in rejected (possible CSRF)' });
-                return;
-            }
-            if (!token) {
-                finish({ ok: false, error: 'sign-in returned no token' });
-                return;
-            }
-            const session = { token, email: email || 'you@hosted' };
-            setHostedSession(session);
-            finish({ ok: true, session });
-        });
-        const timer = setTimeout(() => finish({ ok: false, error: 'timed out waiting for sign-in' }), opts.timeoutMs ?? 120_000);
-        server.on('error', (e) => finish({ ok: false, error: `loopback server failed: ${e.message}` }));
-        server.listen(0, '127.0.0.1', () => {
-            const addr = server.address();
-            const port = addr && typeof addr === 'object' ? addr.port : 0;
-            const url = `${loginUrl}?port=${port}&state=${state}`;
-            Promise.resolve(opts.open(url)).catch(() => { });
-        });
-    });
-}
-//# sourceMappingURL=hostedAuth.js.map

package/dist/core/hostedAuth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"hostedAuth.js","sourceRoot":"","sources":["../../src/core/hostedAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjG,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,0EAA0E;AAC1E,MAAM,CAAC,MAAM,gBAAgB,GAAG,6BAA6B,CAAC;AAC9D,MAAM,CAAC,MAAM,qBAAqB,GAAG,gCAAgC,CAAC;AAEtE,+EAA+E;AAC/E,kDAAkD;AAClD,SAAS,OAAO;IACd,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,aAAa,CAAC,CAAC;AACnH,CAAC;AACD,SAAS,WAAW;IAClB,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,cAAc,CAAC,CAAC;AACzC,CAAC;AAyBD,SAAS,QAAQ;IACf,6EAA6E;IAC7E,0EAA0E;IAC1E,8EAA8E;IAC9E,uBAAuB;IACvB,IAAI,IAAI,GAAgB,EAAE,CAAC;IAC3B,MAAM,IAAI,GAAG,WAAW,EAAE,CAAC;IAC3B,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;YACtD,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;gBAAE,IAAI,GAAG,MAAqB,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC,CAAC,8BAA8B,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,EAAE,IAAI,EAAE,CAAC;IAChE,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC;QACtB,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,EAAE,IAAI,EAAE,IAAI,YAAY,CAAC;IAC9E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,SAAS,CAAC,IAAiB;IAClC,MAAM,IAAI,GAAG,WAAW,EAAE,CAAC;IAC3B,SAAS,CAAC,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACvD,MAAM,GAAG,GAAG,GAAG,IAAI,IAAI,OAAO,CAAC,GAAG,MAAM,CAAC;IACzC,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1E,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AACxB,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,gBAAgB;IAC9B,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7E,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,gBAAgB,CAAC,OAAsB;IACrD,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,GAAG,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;AAClE,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,kBAAkB;IAChC,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,OAAO,CAAC,CAAC,KAAK,CAAC;IACf,OAAO,CAAC,CAAC,KAAK,CAAC;IACf,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,IAAI,CAAC;YAAC,MAAM,CAAC,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAAC,OAAO;IAAC,CAAC;IACnH,SAAS,CAAC,CAAC,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,QAAQ,EAAE,CAAC,aAAa,KAAK,IAAI,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAc;IAC7C,SAAS,CAAC,EAAE,GAAG,QAAQ,EAAE,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;AACrD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc;IAC5B,MAAM,OAAO,GAAG,gBAAgB,EAAE,CAAC;IACnC,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAChE,MAAM,SAAS,GAAG,OAAO,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC5D,MAAM,aAAa,GAAG,cAAc,EAAE,CAAC;IAEvC,IAAI,IAAa,CAAC;IAClB,IAAI,aAAa,IAAI,WAAW;QAAE,IAAI,GAAG,KAAK,CAAC;SAC1C,IAAI,OAAO;QAAE,IAAI,GAAG,QAAQ,CAAC;SAC7B,IAAI,WAAW;QAAE,IAAI,GAAG,KAAK,CAAC;;QAC9B,IAAI,GAAG,MAAM,CAAC;IAEnB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC;AACpH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,SAAwB,cAAc,EAAE;IAClE,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,QAAQ;YACX,OAAO,gBAAgB,MAAM,CAAC,KAAK,sBAAsB;gBACvD,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC9D,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,uBAAuB,CAAC;YACpE,MAAM,IAAI,GAAG,sCAAsC,GAAG,EAAE,CAAC;YACzD,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,2BAA2B,CAAC,CAAC,CAAC,IAAI,CAAC;QACrE,CAAC;QACD;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,gBAAgB,EAAE,CAAC;QACnC,IAAI,OAAO;YAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAChG,CAAC;IACD,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/D,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,0BAA0B,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACnH,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AACnD,CAAC;AAQD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAIhC;IACC,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,gBAAgB,CAAC;IACnD,OAAO,IAAI,OAAO,CAAc,CAAC,QAAQ,EAAE,EAAE;QAC3C,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,MAAM,GAAG,CAAC,MAAmB,EAAQ,EAAE;YAC3C,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,CAAC;gBAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC9C,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC,CAAC;QAEF,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACvC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC;YACxD,IAAI,GAAG,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YACjF,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACrD,MAAM,MAAM,GAAG,sFAAsF;kBACjG,0FAA0F,CAAC;YAC/F,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;gBAAC,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mDAAmD,EAAE,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YACtH,IAAI,CAAC,KAAK,EAAE,CAAC;gBAAC,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YAClF,MAAM,OAAO,GAAkB,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,IAAI,YAAY,EAAE,CAAC;YACvE,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC1B,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,EAAE,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC,CAAC;QACzH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA4B,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAC3G,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YACjC,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,MAAM,GAAG,GAAG,GAAG,QAAQ,SAAS,IAAI,UAAU,KAAK,EAAE,CAAC;YACtD,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAuC,CAAC,CAAC,CAAC;QACvF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}